Allied-telesis AT-9000 Series Bedienungsanleitung

613-001823 Rev. AAT-9000 SeriesGigabit Ethernet Switches AT-9000/12PoE AT-9000/28 AT-9000/28PoE AT-9000/28SP AT-9000/52Management Software Comman

Contents10Adding Static MAC Addresses ...

Chapter 4: Basic Command Line Management Commands72

Chapter 64: SNMPv3 Commands972NO SNMP-SERVER ENGINEID LOCALSyntaxno snmp-server engineid localParametersNoneModeGlobal Configuration modeDescriptionUs

AT-9000 Switch Command Line User’s Guide973NO SNMP-SERVER GROUPSyntaxno snmp-server group name noauth|auth|privParametersnameSpecifies the name of a g

Chapter 64: SNMPv3 Commands974NO SNMP-SERVER HOSTSyntaxno snmp-server host ipaddress informs|traps v3 auth|noauth|priv usernameParametersipaddressSpec

AT-9000 Switch Command Line User’s Guide975ExampleThis example deletes the host entry with the IPv4 address 187.87.165.12. The user name associated wi

Chapter 64: SNMPv3 Commands976NO SNMP-SERVER USERSyntaxno snmp-server user userParametersuserSpecifies the name of a user you want to delete from the

AT-9000 Switch Command Line User’s Guide977NO SNMP-SERVER VIEWSyntaxno snmp-server view view OIDParametersviewSpecifies the name of a view to be delet

Chapter 64: SNMPv3 Commands978SHOW SNMP-SERVERSyntaxshow snmp-serverParametersNoneModePrivileged Exec modeDescriptionUse this command to display the c

AT-9000 Switch Command Line User’s Guide979SHOW SNMP-SERVER GROUPSyntaxshow snmp-server groupParametersNoneModePrivileged Exec modeDescriptionUse this

Chapter 64: SNMPv3 Commands980SHOW SNMP-SERVER HOSTSyntaxshow snmp-server hostParametersNoneModePrivileged Exec modeDescriptionUse this command to dis

AT-9000 Switch Command Line User’s Guide981SHOW SNMP-SERVER USERSyntaxshow snmp-server userParametersNoneModePrivileged Exec modeDescriptionUse this c

73Chapter 5Temperature and Fan Control Overview “Overview” on page 74 “Displaying the System Environmental Status” on page 75 “Controlling Eco-Mode

Chapter 64: SNMPv3 Commands982SHOW SNMP-SERVER VIEWSyntaxshow snmp-server viewParameterNoneModePrivileged Exec modeDescriptionUse this command to disp

AT-9000 Switch Command Line User’s Guide983SNMP-SERVERSyntaxsnmp-serverParametersNoneModeGlobal Configuration modeDescriptionUse this command to activ

Chapter 64: SNMPv3 Commands984SNMP-SERVER ENGINEID LOCALSyntaxsnmp-server engineid local engine-id|defaultParametersengine-idSpecifies the SNMPv3 engi

AT-9000 Switch Command Line User’s Guide985SNMP-SERVER GROUPSyntaxsnmp-server group name auth|noauth|priv read readview|write writeviewParametersnameS

Chapter 64: SNMPv3 Commands986ExamplesThis example creates a group called “sta5west” with a minimum security level of privacy. The group has a read vi

AT-9000 Switch Command Line User’s Guide987SNMP-SERVER HOSTSyntaxsnmp-server host ipaddress informs|traps version 3 auth|noauth|priv usernameParameter

Chapter 64: SNMPv3 Commands988ExampleThis example configures SNMPv3 to send trap messages to an end node with the IPv4 address 149.157.192.12. The use

AT-9000 Switch Command Line User’s Guide989SNMP-SERVER USERSyntaxsnmp-server user username groupname [auth sha|md5 auth_password] [priv des priv_passw

Chapter 64: SNMPv3 Commands990 To create a user that has authentication but not privacy, include the AUTH keyword but not the PRIV keyword. To creat

AT-9000 Switch Command Line User’s Guide991SNMP-SERVER VIEWSyntaxsnmp-server view viewname oid excluded|includedParametersviewnameSpecifies the name o

Chapter 5: Temperature and Fan Control Overview74OverviewThe switch monitors the environmental status, such as temperature and voltage, and the status

Chapter 64: SNMPv3 Commands992This example creates the new view “AlliedTelesis” that limits the available MIB objects to those in the OID 1.3.6.1.4.1.

993Section XNetwork ManagementThis section contains the following chapters: Chapter 65, “sFlow Agent” on page 995 Chapter 66, “sFlow Agent Commands”

994

995Chapter 65sFlow AgentThis chapter contains the following topics: “Overview” on page 996 “Configuring the sFlow Agent” on page 998 “Configuring t

Chapter 65: sFlow Agent996OverviewThe sFlow agent allows the switch to gather data about the traffic on the ports and to send the data to an sFlow col

AT-9000 Switch Command Line User’s Guide997 Number of ingress and egress packets with errors Number of ingress packets with unknown protocolsTo conf

Chapter 65: sFlow Agent998Configuring the sFlow AgentThe command for defining the IP address of the sFlow collector is the SFLOW COLLECTOR IP command.

AT-9000 Switch Command Line User’s Guide999Configuring the PortsTo configure the ports so that their performance data is collected by the sFlow agent,

Chapter 65: sFlow Agent1000Configuring thePolling IntervalThe polling interval determines how frequently the agent queries the packet counters of the

AT-9000 Switch Command Line User’s Guide1001Enabling the sFlow AgentUse the SFLOW ENABLE command in the Global Configuration mode to activate the sFlo

AT-9000 Switch Command Line User’s Guide75Displaying the System Environmental StatusThe switch monitors the environmental status of the switch and any

Chapter 65: sFlow Agent1002Disabling the sFlow AgentTo stop the sFlow agent from collecting performance data on the ports on the switch and from sendi

AT-9000 Switch Command Line User’s Guide1003Displaying the sFlow AgentTo view the IP addresses and UDP port settings of the collectors as defined in t

Chapter 65: sFlow Agent1004Configuration ExampleHere is an example of how to configure the sFlow agent. The IP address of the sFlow collector is 152.2

AT-9000 Switch Command Line User’s Guide1005This last command activates the sFlow agent on the switch.Depending on the amount of traffic on the ports

Chapter 65: sFlow Agent1006

1007Chapter 66sFlow Agent CommandsThe sFlow agent commands are summarized in Table 92 and described in detail within the chapter.Table 92. sFlow Agent

Chapter 66: sFlow Agent Commands1008NO SFLOW COLLECTOR IPSyntaxno sflow collector ip ipaddressParametersipaddressSpecifies the IP address of an sFlow

AT-9000 Switch Command Line User’s Guide1009NO SFLOW ENABLESyntaxno sflow enableParametersNoneModeGlobal Configuration modeDescriptionUse this command

Chapter 66: sFlow Agent Commands1010SFLOW COLLECTOR IPSyntaxsflow collector ip ipaddress [port udp_port]ParametersipaddressSpecifies the IP address of

AT-9000 Switch Command Line User’s Guide1011SFLOW ENABLESyntaxsflow enableParametersNoneModeGlobal Configuration modeDescriptionUse this command to ac

Chapter 5: Temperature and Fan Control Overview76Controlling Eco-Mode LEDAlliedWare Plus products provide an Eco-Mode LED control to conserve addition

Chapter 66: sFlow Agent Commands1012SFLOW POLLING-INTERVALSyntaxsflow polling-interval polling-intervalParameterspolling-intervalSpecifies the maximum

AT-9000 Switch Command Line User’s Guide1013This example removes sFlow monitoring on port 21 using the NO form of the command:awplus> enableawplus#

Chapter 66: sFlow Agent Commands1014SFLOW SAMPLING-RATESyntaxsflow sampling-rate sampling-rateParameterssampling-rateSpecifies the sampling rate on a

AT-9000 Switch Command Line User’s Guide1015This example disables packet sampling on port 7:awplus> enableawplus# configure terminalawplus(config)#

Chapter 66: sFlow Agent Commands1016SHOW SFLOWSyntaxshow sflow [database]ParametersNoneModePrivileged Exec modeDescriptionUse this command to display

AT-9000 Switch Command Line User’s Guide1017The fields are described in Table 93.Table 93. SHOW SFLOW CommandParameter DescriptionNumber of Collectors

Chapter 66: sFlow Agent Commands1018ExampleThis example displays the settings of the sFlow agent:awplus> enableawplus# show sflow

1019Chapter 67LLDP and LLDP-MEDThis chapter contains the following topics “Overview” on page 1020 “Enabling LLDP and LLDP-MED on the Switch” on page

Chapter 67: LLDP and LLDP-MED1020OverviewLink Layer Discovery Protocol (LLDP) and Link Layer Discovery Protocol for Media Endpoint Devices (LLDP-MED)

AT-9000 Switch Command Line User’s Guide1021MandatoryLLDP TLVsMandatory LLDP TLVs are sent by default on ports that send TLVs. The TLVs are defined in

77Chapter 6Temperature and Fan Control CommandsThe temperature and fan control commands are summarized in Table 6.Table 6. Temperature and Fan Control

Chapter 67: LLDP and LLDP-MED1022System capabilities The device’s router and bridge functions, and whether or not these functions are currently enable

AT-9000 Switch Command Line User’s Guide1023The switch does not verify whether a device connected to a port is LLDP-compatible prior to sending mandat

Chapter 67: LLDP and LLDP-MED1024Extended power managementThe following PoE information: Power Type field: Power Sourcing Entity (PSE). Power Source

AT-9000 Switch Command Line User’s Guide1025Enabling LLDP and LLDP-MED on the SwitchTo enable LLDP and LLDP-MED on the switch, use the LLDP RUN comman

Chapter 67: LLDP and LLDP-MED1026Configuring Ports to Only Receive LLDP and LLDP-MED TLVsThis is the first in a series of examples that show how to co

AT-9000 Switch Command Line User’s Guide1027Configuring Ports to Send Only Mandatory LLDP TLVsThis example illustrates how to configure the ports to r

Chapter 67: LLDP and LLDP-MED1028Configuring Ports to Send Optional LLDP TLVsThis example illustrates how to configure the ports to send optional LLDP

AT-9000 Switch Command Line User’s Guide1029Here are the commands to configure the ports to send the TLVs:awplus> enableEnter the Privileged Execut

Chapter 67: LLDP and LLDP-MED1030Configuring Ports to Send Optional LLDP-MED TLVsThis section explains how to configure the ports to send these option

AT-9000 Switch Command Line User’s Guide1031awplus# show lldp interface port1.0.3,port1.0.4Use the SHOW LLDP INTERFACE command to confirm the configur

Chapter 6: Temperature and Fan Control Commands78ECOFRIENDLY LEDSyntaxecofriendly ledParametersNoneModeGlobal Configuration modeDescriptionUse this co

Chapter 67: LLDP and LLDP-MED1032Configuring Ports to Send LLDP-MED Civic Location TLVsCivic location TLVs specify the physical addresses of network d

AT-9000 Switch Command Line User’s Guide10333. Move to the Port Interface mode of the ports to which the entry is to be assigned. (A civic location en

Chapter 67: LLDP and LLDP-MED1034This series of commands adds the new location entry to port 14 and configures the port to include the location TLV in

AT-9000 Switch Command Line User’s Guide1035Configuring Ports to Send LLDP-MED Coordinate Location TLVsCoordinate location TLVs specify the locations

Chapter 67: LLDP and LLDP-MED10363. Move to the Port Interface mode of the ports to which the entry is to be assigned. (A coordinate location entry ca

AT-9000 Switch Command Line User’s Guide1037This series of commands adds the entry to port 15 and configures the port to include the TLV in its advert

Chapter 67: LLDP and LLDP-MED1038awplus# show location coord-location interface port1.0.15Use the SHOW LOCATION command to confirm the configuration.a

AT-9000 Switch Command Line User’s Guide1039Configuring Ports to Send LLDP-MED ELIN Location TLVsThis type of TLV specifies the location of a network

Chapter 67: LLDP and LLDP-MED1040This series of commands adds the entry to port 5 and configures the port to include the TLV in its advertisements:awp

AT-9000 Switch Command Line User’s Guide1041Removing LLDP TLVs from PortsTo stop ports from sending optional LLDP TLVs, use this command:no lldp tlv-s

AT-9000 Switch Command Line User’s Guide79NO ECOFRIENDLY LEDSyntaxno ecofriendly ledParametersNoneModeGlobal Configuration modeDescriptionUse this com

Chapter 67: LLDP and LLDP-MED1042Removing LLDP-MED TLVs from PortsTo remove optional LLDP-MED TLVs from ports, use the NO LLDP MED-TLV-SELECT command:

AT-9000 Switch Command Line User’s Guide1043Deleting LLDP-MED Location EntriesThe command for deleting LLDP-MED location entries from the switch is:no

Chapter 67: LLDP and LLDP-MED1044Disabling LLDP and LLDP-MED on the SwitchTo disable LLDP and LLDP-MED on the switch, use the NO LLDP RUN command in t

AT-9000 Switch Command Line User’s Guide1045Displaying General LLDP SettingsTo view the timers and other general LLDP and LLDP-MED settings, use the S

Chapter 67: LLDP and LLDP-MED1046Displaying Port SettingsTo view the LLDP and LLDP-MED settings of the individual ports on the switch, use the SHOW LL

AT-9000 Switch Command Line User’s Guide1047Displaying or Clearing Neighbor InformationThere are two commands for displaying the information the switc

Chapter 67: LLDP and LLDP-MED1048This example clears the information the switch has received from all the neighbors:awplus> enableawplus# clear lld

AT-9000 Switch Command Line User’s Guide1049Displaying Port TLVsTo view the TLVs of the individual ports on the switch, use the SHOW LLDP LOCAL-INFO I

Chapter 67: LLDP and LLDP-MED1050Displaying and Clearing StatisticsThe switch maintains LLDP and LLDP-MED performance statistics for the the individua

1051Chapter 68LLDP and LLDP-MED CommandsThe Link Layer Discovery Protocol commands are summarized in Table 100 and described in detail within the chap

Chapter 6: Temperature and Fan Control Commands80SHOW ECOFRIENDLYSyntaxshow ecofriendlyParametersNoneModePrivileged Exec modeDescriptionUse this comma

Chapter 68: LLDP and LLDP-MED Commands1052“LLDP NOTIFICATION-INTERVAL” on page 1066Global ConfigurationSets the notification interval, which is the mi

AT-9000 Switch Command Line User’s Guide1053“NO LLDP MED-TLV-SELECT” on page 1083Port Interface Stops ports from transmitting specified LLDP-MED TLVs.

Chapter 68: LLDP and LLDP-MED Commands1054CLEAR LLDP STATISTICSSyntaxclear lldp statistics [interface port]ParametersportSpecifies a port. You can spe

AT-9000 Switch Command Line User’s Guide1055CLEAR LLDP TABLESyntaxclear lldp table [interface port]ParametersportSpecifies a port. You can specify mor

Chapter 68: LLDP and LLDP-MED Commands1056LLDP HOLDTIME-MULTIPLIERSyntaxlldp holdtime-multiplier holdtime-multiplierParametersholdtime-multiplierSpeci

AT-9000 Switch Command Line User’s Guide1057LLDP LOCATIONSyntaxlldp location civic-location-id|coord-location-id|elin-location-id location_idParameter

Chapter 68: LLDP and LLDP-MED Commands1058This example adds the coordinate location ID 11 to port 2:awplus> enableawplus# configure terminalawplus(

AT-9000 Switch Command Line User’s Guide1059LLDP MANAGEMENT-ADDRESSSyntaxlldp management-address ipaddressParametersipaddressSpecifies an IP address.M

Chapter 68: LLDP and LLDP-MED Commands1060ExamplesThis example configures port 2 to transmit the IP address 149.122.54.2 as its management IP address

AT-9000 Switch Command Line User’s Guide1061LLDP MED-NOTIFICATIONSSyntaxlldp med-notificationsParametersNoneModePort Interface modeDescriptionUse this

AT-9000 Switch Command Line User’s Guide81SHOW SYSTEM ENVIRONMENTSyntaxshow system environmentParametersNoneModePrivileged Exec modeDescriptionUse thi

Chapter 68: LLDP and LLDP-MED Commands1062LLDP MED-TLV-SELECTSyntaxlldp med-tlv-select capabilities|network-policy|location|power-management-ext|inven

AT-9000 Switch Command Line User’s Guide1063ExamplesThis example configures ports 3 to 8 to send the inventory management TLV to their neighbors:awplu

Chapter 68: LLDP and LLDP-MED Commands1064LLDP NON-STRICT-MED-TLV-ORDER-CHECKSyntaxlldp non-strict-med-tlv-order-checkParametersNoneModeGlobal Configu

AT-9000 Switch Command Line User’s Guide1065LLDP NOTIFICATIONSSyntaxlldp notificationsParametersNoneModePort Interface modeDescriptionUse this command

Chapter 68: LLDP and LLDP-MED Commands1066LLDP NOTIFICATION-INTERVALSyntaxlldp notification-interval intervalParametersintervalSpecifies the notificat

AT-9000 Switch Command Line User’s Guide1067LLDP REINITSyntaxlldp reinit delayParametersdelaySpecifies the re-initialization delay value. The range is

Chapter 68: LLDP and LLDP-MED Commands1068LLDP RUNSyntaxlldp runParametersNoneModeGlobal Configuration modeDescriptionUse this command to activate LLD

AT-9000 Switch Command Line User’s Guide1069LLDP TIMERSyntaxlldp timer intervalParametersintervalSpecifies the transmit interval. The range is 5 to 32

Chapter 68: LLDP and LLDP-MED Commands1070LLDP TLV-SELECTSyntaxlldp tlv-select all|tlvParametersallConfigures a port to send all optional TLVs.tlvSpec

AT-9000 Switch Command Line User’s Guide1071To remove optional TLVs from ports, refer to “NO LLDP TLV-SELECT” on page 1087.Confirmation Command“SHOW L

AT-9000 Switch Command Line User’s Guide11Host Node Topology ...

Chapter 6: Temperature and Fan Control Commands82ExampleThe following example displays environmental information for the switch:awplus# show system en

Chapter 68: LLDP and LLDP-MED Commands1072ExamplesThis example configures ports 3 to 5 to transmit all the optional LLDP TLVs:awplus> enableawplus#

AT-9000 Switch Command Line User’s Guide1073LLDP TRANSMIT RECEIVESyntaxlldp transmit receive|transmitParameterstransmitConfigures ports to send LLDP a

Chapter 68: LLDP and LLDP-MED Commands1074LLDP TX-DELAYSyntaxlldp tx-delay tx-delayParameterstx-delaySpecifies the transmission delay timer in seconds

AT-9000 Switch Command Line User’s Guide1075LOCATION CIVIC-LOCATIONSyntaxlocation civic-location identifier id_numberParametersid_numberSpecifies an I

Chapter 68: LLDP and LLDP-MED Commands1076Here are the guidelines to using the location parameters: The country parameter must be two uppercase chara

AT-9000 Switch Command Line User’s Guide1077After you create a location entry, use “LLDP LOCATION” on page 1057 to assign the location entry to a port

Chapter 68: LLDP and LLDP-MED Commands1078LOCATION COORD-LOCATIONSyntaxlocation coordinate-location identifier id_numberParametersid_numberSpecifies a

AT-9000 Switch Command Line User’s Guide1079This command is also used to remove parameter values from existing LLDP-MED coordinate location entries. T

Chapter 68: LLDP and LLDP-MED Commands1080ExamplesThis example creates a new coordinate location entry with these specifications.ID number: 16Latitud

AT-9000 Switch Command Line User’s Guide1081LOCATION ELIN-LOCATIONSyntaxlocation elin-location elin_id identifier id_numberParameterselin_idSpecifies

83Section IIBasic OperationsThis section contains the following chapters: Chapter 7, “Basic Switch Management” on page 85 Chapter 8, “Basic Switch M

Chapter 68: LLDP and LLDP-MED Commands1082NO LLDP MED-NOTIFICATIONSSyntaxno lldp med-notificationsParametersNoneModePort Interface modeDescriptionUse

AT-9000 Switch Command Line User’s Guide1083NO LLDP MED-TLV-SELECTSyntaxno lldp med-tlv-select capabilities|network-policy|location|power-management-e

Chapter 68: LLDP and LLDP-MED Commands1084ExamplesThis example stops port 8 from transmitting all LLDP-MED TLVs:awplus> enableawplus# configure ter

AT-9000 Switch Command Line User’s Guide1085NO LLDP NOTIFICATIONSSyntaxno lldp notificationsParametersNoneModePort Interface modeDescriptionUse this c

Chapter 68: LLDP and LLDP-MED Commands1086NO LLDP RUNSyntaxno lldp runParametersNoneModeGlobal Configuration modeDescriptionUse this command to disabl

AT-9000 Switch Command Line User’s Guide1087NO LLDP TLV-SELECTSyntaxno lldp tlv-select all|tlvParametersallRemoves all optional LLDP TLVs from a port.

Chapter 68: LLDP and LLDP-MED Commands1088NO LLDP TRANSMIT RECEIVESyntaxno lldp transmit|receiveParameterstransmitStops ports from sending LLDP and LL

AT-9000 Switch Command Line User’s Guide1089NO LOCATIONSyntaxno location civic-location|coord-location|elin-location identifier id_numberParametersciv

Chapter 68: LLDP and LLDP-MED Commands1090This example removes the ELIN location IDs 3 and 4:awplus> enableawplus# configure terminalawplus(config)

AT-9000 Switch Command Line User’s Guide1091SHOW LLDPSyntaxshow lldpParametersNone.ModePrivileged Exec modeDescriptionUse this command to display gene

84

Chapter 68: LLDP and LLDP-MED Commands1092ExampleThe following example displays general LLDP settings:awplus# show lldpHold-time Multiplier The holdti

AT-9000 Switch Command Line User’s Guide1093SHOW LLDP INTERFACESyntaxshow lldp interface [port]ParametersportSpecifies a port, You can specify more th

Chapter 68: LLDP and LLDP-MED Commands1094ExamplesThis example displays the LLDP settings for all the ports on the switch:awplus# show lldp interfaceT

AT-9000 Switch Command Line User’s Guide1095SHOW LLDP LOCAL-INFO INTERFACESyntaxshow lldp local-info [interface port]ParametersportSpecifies a port, Y

Chapter 68: LLDP and LLDP-MED Commands1096Figure 181. SHOW LLDP LOCAL-INFO INTERFACE CommandFigure 182. SHOW LLDP LOCAL-INFO INTERFACE Command (contin

AT-9000 Switch Command Line User’s Guide1097SHOW LLDP NEIGHBORS DETAILSyntaxshow lldp neighbors detail [interface port]ParametersportSpecifies a port.

Chapter 68: LLDP and LLDP-MED Commands1098Figure 183. SHOW LLDP NEIGHBORS DETAIL CommandFigure 184. SHOW LLDP NEIGHBORS DETAIL Command (continued)The

AT-9000 Switch Command Line User’s Guide1099System Capabilities (Supported)The device’s functions supported by the switch. System Capabilities (Enable

Chapter 68: LLDP and LLDP-MED Commands1100LLDP-MED Capabilities The LLDP-MED TLVs that are supported and enabled on the switch, and the device type, w

AT-9000 Switch Command Line User’s Guide1101ExamplesThis example displays the information from all of the neighbors on the switch:awplus# show lldp ne

85Chapter 7Basic Switch ManagementThis chapter contains the following: “Adding a Name to the Switch” on page 86 “Adding Contact and Location Informa

Chapter 68: LLDP and LLDP-MED Commands1102SHOW LLDP NEIGHBORS INTERFACESyntaxshow lldp neighbors interface [port]ParametersportSpecifies a port. You c

AT-9000 Switch Command Line User’s Guide1103ExamplesThis example displays a summary of the information from all the neighbors connected to the switch:

Chapter 68: LLDP and LLDP-MED Commands1104SHOW LLDP STATISTICSSyntaxshow lldp statisticsParametersNoneModeUser Exec mode and Privileged Exec modeDescr

AT-9000 Switch Command Line User’s Guide1105ExampleThe following example displays LLDP statistics for the switch:awplus# show lldp statisticsTLVs Unre

Chapter 68: LLDP and LLDP-MED Commands1106SHOW LLDP STATISTICS INTERFACESyntaxshow lldp statistics interface [port]ParametersportSpecifies a port. You

AT-9000 Switch Command Line User’s Guide1107ExamplesThis example displays the statistics for all the ports:awplus# show lldp statistics interfaceThis

Chapter 68: LLDP and LLDP-MED Commands1108SHOW LOCATIONSyntaxshow location civic-location|coord-location|elin-location [identifier id-number|interface

AT-9000 Switch Command Line User’s Guide1109ExamplesThe following example displays all the civic location entries on the switch:awplus# show location

Chapter 68: LLDP and LLDP-MED Commands1110

1111Chapter 69Address Resolution Protocol (ARP)This chapter contains the following topics: “Overview” on page 1112 “Adding Static ARP Entries” on pa

Chapter 7: Basic Switch Management86Adding a Name to the SwitchThe switch will be easier to identify if you assign it a name. The switch displays its

Chapter 69: Address Resolution Protocol (ARP)1112OverviewThe Address Resolution Protocol (ARP) is used to associate an IPv4 address with a MAC address

AT-9000 Switch Command Line User’s Guide1113Adding Static ARP EntriesIn most cases, the ARP table can be populated dynamically; however, the switch al

Chapter 69: Address Resolution Protocol (ARP)1114Deleting Static and Dynamic ARP EntriesThe ARP cache contains two types of ARP entries: dynamic and s

AT-9000 Switch Command Line User’s Guide1115Displaying the ARP TableTo display the ARP table on the switch, use the SHOW ARP command in the User Exec

Chapter 69: Address Resolution Protocol (ARP)1116

1117Chapter 70Address Resolution Protocol (ARP) CommandsThe ARP commands are summarized in Table 111 and described in detail within the chapter.Table

Chapter 70: Address Resolution Protocol (ARP) Commands1118ARP Syntaxarp ipaddress macaddress port_numberParametersipaddressSpecifies the IP address of

AT-9000 Switch Command Line User’s Guide1119ExampleThe following example creates an ARP entry for the IP address 192.168.1.3 and the MAC address 7a:54

Chapter 70: Address Resolution Protocol (ARP) Commands1120CLEAR ARP-CACHESyntaxclear arp-cacheParametersNoneModesUser Exec mode and Privileged Exec mo

AT-9000 Switch Command Line User’s Guide1121NO ARP (IP ADDRESS)Syntaxno arp ipaddressParametersipaddressSpecifies the IP address of a static ARP entry

AT-9000 Switch Command Line User’s Guide87Adding Contact and Location InformationThe commands for assigning the switch contact and location informatio

Chapter 70: Address Resolution Protocol (ARP) Commands1122SHOW ARPSyntaxshow arpParametersNoneModesUser Exec mode and Privileged Exec modeDescriptionU

AT-9000 Switch Command Line User’s Guide1123ExampleThe following example displays the ARP entries in the ARP cache on the switch:awplus# show arpType

Chapter 70: Address Resolution Protocol (ARP) Commands1124

1125Chapter 71RMONThis chapter contains the following topics: “Overview” on page 1126 “RMON Port Statistics” on page 1127 “RMON Histories” on page

Chapter 71: RMON1126OverviewThe RMON (Remote MONitoring) MIB is used with SNMP applications to monitor the operations of network devices. The switch s

AT-9000 Switch Command Line User’s Guide1127RMON Port StatisticsTo view port statistics using an SNMP program and the RMON section in the MIB, you mus

Chapter 71: RMON1128awplus(config-if)# rmon collection stats 16awplus(config-if)# exitawplus(config)# interface port1.0.20awplus(config-if)# rmon coll

AT-9000 Switch Command Line User’s Guide1129RMON HistoriesRMON histories are snapshots of port statistics. They are taken by the switch at predefined

Chapter 71: RMON1130snapshot every minute for five minutes on a port, you specify five buckets (one bucket for each minute) and an interval of sixty s

AT-9000 Switch Command Line User’s Guide1131Here is an example of the information.Figure 192. SHOW RMON HISTORY CommandThe fields are defined in Table

Chapter 7: Basic Switch Management88Displaying Parameter SettingsTo display the current parameter settings on the switch, use the SHOW RUNNING-CONFIG

Chapter 71: RMON1132RMON AlarmsRMON alarms are used to generate alert messages when packet activity on designated ports rises above or falls below spe

AT-9000 Switch Command Line User’s Guide1133The following sections explain how to create and manage the various elements of an alarm: “Creating RMON

Chapter 71: RMON1134The owner parameter is useful in situations where more than one person is managing the switch. You can use it to identify who crea

AT-9000 Switch Command Line User’s Guide1135The range is 1 to 65535 seconds.The DELTA and ABSOLUTE parameters define the type of change that has to oc

Chapter 71: RMON1136The next series of steps creates the event, which enters a message in the event log whenever the thresholds are crossed:Here are t

AT-9000 Switch Command Line User’s Guide1137Here are the steps to creating the alarm:Creating anAlarm - Example2This example creates an alarm that mon

Chapter 71: RMON1138Phase 2: Adding the RMON Statistics Group to the PortThe steps here add a statistics group to port 20 so that the port statistics

AT-9000 Switch Command Line User’s Guide1139Phase 3: Creating the EventThe event in this example is to send an SNMP trap and to log a message in the e

Chapter 71: RMON1140awplus# show rmon alarmUse the SHOW RMON ALARM command to verify the new alarm.

1141Chapter 72RMON CommandsThe RMON commands are summarized in Table 114 and described in detail within the chapter.Table 114. RMON CommandsCommand Mo

AT-9000 Switch Command Line User’s Guide89Manually Setting the Date and TimeTo manually set the date and time on the switch, use the CLOCK SET command

Chapter 72: RMON Commands1142“SHOW RMON HISTORY” on page 1162Privileged Exec Displays the RMON history groups that are assigned to the ports on the sw

AT-9000 Switch Command Line User’s Guide1143NO RMON ALARMSyntaxno rmon alarm alarm_idParametersalarm_idSpecifies the ID number of the alarm you want t

Chapter 72: RMON Commands1144NO RMON COLLECTION HISTORYSyntaxno rmon collection history collection_idParameterscollection_idSpecifies the ID number of

AT-9000 Switch Command Line User’s Guide1145NO RMON COLLECTION STATSSyntaxno rmon collection stats stats_idParametersstats_idSpecifies the ID number o

Chapter 72: RMON Commands1146NO RMON EVENTSyntaxno rmon event event_idParametersevent_idSpecifies the ID number of the event you want to delete from t

AT-9000 Switch Command Line User’s Guide1147RMON ALARMSyntaxrmon alarm alarm_id oid.stats_id interval interval delta|absolute rising-threshold rising-

Chapter 72: RMON Commands1148rising_event_idSpecifies the ID number of the event the switch is to perform when the falling threshold is crossed. The e

AT-9000 Switch Command Line User’s Guide1149Confirmation Command“SHOW RMON ALARM” on page 1158ExampleThis example creates an RMON alarm that monitors

Chapter 72: RMON Commands1150RMON COLLECTION HISTORYSyntaxrmon collection history history_id [buckets buckets] [interval interval] [owner owner]Parame

AT-9000 Switch Command Line User’s Guide1151RMON statistics histories are only viewable from an SNMP application program. There are no commands in the

Chapter 7: Basic Switch Management90Pinging Network DevicesIf the switch is unable to communicate with a network device, such as a syslog server or a

Chapter 72: RMON Commands1152RMON COLLECTION STATSSyntaxrmon collection stats stats_id [owner owner]Parametersstats_idSpecifies the ID number of a new

AT-9000 Switch Command Line User’s Guide1153RMON EVENT LOGSyntaxrmon event event_id log description description [owner owner]Parametersevent_idSpecifi

Chapter 72: RMON Commands1154RMON EVENT LOG TRAPSyntaxrmon event event_id log trap community_string [description description] [owner owner]Parameterse

AT-9000 Switch Command Line User’s Guide1155ExampleThis example creates an event for RMON alarms with an ID of 2, a community string of “station43a,”

Chapter 72: RMON Commands1156RMON EVENT TRAPSyntaxrmon event event_id trap community_string [description description] [owner owner]Parametersevent_idS

AT-9000 Switch Command Line User’s Guide1157ExampleThe following example creates an event with an ID of 4, a community string of “st_west8,” and a des

Chapter 72: RMON Commands1158SHOW RMON ALARMSyntaxshow rmon alarmParametersNoneModePrivileged Exec modeDescriptionUse this command to display the RMON

AT-9000 Switch Command Line User’s Guide1159The fields are described in Table 116.ExampleThe following example displays the RMON alarms on the switch:

Chapter 72: RMON Commands1160SHOW RMON EVENTSyntaxshow rmon eventParametersNoneModePrivileged Exec modeDescriptionUse this command to display the RMON

AT-9000 Switch Command Line User’s Guide1161ExampleThe following example displays the RMON events on the switch:awplus# show rmon eventEvent type (con

AT-9000 Switch Command Line User’s Guide91Resetting the SwitchTo reset the switch, use either the REBOOT or RELOAD command in the Privileged Exec mode

Chapter 72: RMON Commands1162SHOW RMON HISTORYSyntaxshow rmon historyParametersNoneModePrivileged Exec modeDescriptionUse this command to display the

AT-9000 Switch Command Line User’s Guide1163ExampleThe following example displays the history groups that are assigned to the ports on the switch:awpl

Chapter 72: RMON Commands1164SHOW RMON STATISTICSSyntaxshow rmon statisticsParametersNoneModePrivileged Exec modeDescriptionUse this command to displa

1165Chapter 73Advanced Access Control Lists (ACLs)This chapter describes the following topics: “Overview” on page 1166 “Creating ACLs” on page 1169

Chapter 73: Advanced Access Control Lists (ACLs)1166OverviewAccess Control Lists (ACLs) act as filters to control the ingress packets on ports. They a

AT-9000 Switch Command Line User’s Guide1167Actions The action defines the response to packets that match the filtering criterion of the ACL. There ar

Chapter 73: Advanced Access Control Lists (ACLs)1168Guidelines Here are the ACL guidelines: An ACL can have a permit, deny, or copy-to-mirror action.

AT-9000 Switch Command Line User’s Guide1169Creating ACLsThis section provides examples of how to create all of the ACL types. See the following: “Cr

Chapter 73: Advanced Access Control Lists (ACLs)1170Numbered IPv4 ACL with IP Packets ExamplesThis is the command format for creating ACLs that filter

AT-9000 Switch Command Line User’s Guide1171 host ipaddress— Matches packets with a specified IPv4 address and is an alternative to the IPADRESS/MASK

Contents12NO BOOT CONFIG-FILE ...

Chapter 7: Basic Switch Management92Restoring the Default Settings to the SwitchTo restore the default settings to the switch, delete or rename the ac

Chapter 73: Advanced Access Control Lists (ACLs)1172deny ACL for the denied traffic flow. This is illustrated in the example in Table 124 on page 1172

AT-9000 Switch Command Line User’s Guide1173NoteThe permit ACLS are added to the ports before the deny ACL to ensure that packets are compared against

Chapter 73: Advanced Access Control Lists (ACLs)1174Here is an example of an ACL that filters tagged packets. See Table 126. It blocks all tagged pack

AT-9000 Switch Command Line User’s Guide1175is only necessary when you want a port to forward a subset of packets that are otherwise discarded. deny—

Chapter 73: Advanced Access Control Lists (ACLs)1176Numbered IPv4 ACL with Protocol Packets ExampleThis is the command format for creating Numbered IP

AT-9000 Switch Command Line User’s Guide1177The VLAN parameter determines if an ACL filters VLANs. You use the parameter to specify the VID. You can s

Chapter 73: Advanced Access Control Lists (ACLs)1178The SRC_IPADDRESS and DST_IPADDRESS parameters specify the source and destination IPv4 addresses.

AT-9000 Switch Command Line User’s Guide1179The following example configures two Numbered IPv4 ACLs. ACL 3017 permits packets from TCP port 67 to 87 o

Chapter 73: Advanced Access Control Lists (ACLs)1180together with the port mirror feature, explained in Chapter 21, “Port Mirror” on page 379.The SRC_

AT-9000 Switch Command Line User’s Guide1181The VLAN parameter determines if an ACL filters VLANs. You use the parameter to specify the VID. You can s

AT-9000 Switch Command Line User’s Guide93Another way to delete the file is with the ERASE STARTUP-CONFIG command, also in the Privileged Exec mode. T

Chapter 73: Advanced Access Control Lists (ACLs)1182 copy-to-mirror— Copies all ingress packets that match the ACL to the destination port of the mir

AT-9000 Switch Command Line User’s Guide1183The example in Table 131 configures port 19 to reject packets containing destination MAC addresses startin

Chapter 73: Advanced Access Control Lists (ACLs)1184Assigning ACLs to PortsBefore you can assign an ACL to a port, you must first create an ACL. The c

AT-9000 Switch Command Line User’s Guide1185In this example, ports 12 and 13 are assigned an ACL, ID number 3075, that blocks all untagged ingress pac

Chapter 73: Advanced Access Control Lists (ACLs)1186awplus(config)# interface port1.0.7Move to the Port Interface mode for port 7.awplus(config_if)# m

AT-9000 Switch Command Line User’s Guide1187Removing ACLs from PortsThe command that you use to remove an ACL from a port depends on which type of ACL

Chapter 73: Advanced Access Control Lists (ACLs)1188This example removes a MAC ACL with an ID number of 4037 from port 5:Table 135. Removing MAC Addre

AT-9000 Switch Command Line User’s Guide1189Restricting Remote AccessYou can access the switch remotely through the VTY lines. Unrestricted remote acc

Chapter 73: Advanced Access Control Lists (ACLs)1190Assigning MACACLs to VTYLinesThis example creates two MAC ACLs. The first MAC ACL created, with an

AT-9000 Switch Command Line User’s Guide1191Assigning NamedIPv4 and IPv6ACLs to VTYLinesWhen you create a named IPv4 or IPv6 ACL, you enter the comman

Chapter 7: Basic Switch Management94Setting the Baud Rate of the Console PortThe Console port is used for local management of the switch. To set its b

Chapter 73: Advanced Access Control Lists (ACLs)1192Assigning Named IPv6 ACLs to VTY LinesThis example creates a Named IPv6 ACL, called “deny-all-but-

AT-9000 Switch Command Line User’s Guide1193awplus(config)# ipv6 access-list deny-all-but-oneCreates a Named IPv6 ACL call “deny-all-but-one-ipv6” and

Chapter 73: Advanced Access Control Lists (ACLs)1194Unrestricting Remote Access To restore unrestricted remove access to VTY lines through the Telnet

AT-9000 Switch Command Line User’s Guide1195Deleting Numbered IP and MAC Address ACLsThe NO ACCESS-LIST command in the Global Configuration mode is th

Chapter 73: Advanced Access Control Lists (ACLs)1196Displaying the ACLsThere are several ways of displaying information about ACLs on the switch. You

AT-9000 Switch Command Line User’s Guide1197awplus# show interface port1.0.1-port1.0.5 access-groupFigure 198. SHOW INTERFACE ACCESS-GROUP CommandDisp

Chapter 73: Advanced Access Control Lists (ACLs)1198

1199Chapter 74ACL CommandsThe Access Control List (ACL) commands are summarized in Table 143 and described in detail within the chapter.Table 143. Acc

Chapter 74: ACL Commands1200“NO MAC ACCESS-GROUP” on page 1231Port Interface Removes MAC address ACLs from ports on the switch.“SHOW ACCESS-LIST” on p

AT-9000 Switch Command Line User’s Guide1201ACCESS-CLASSSyntaxaccess-class <3000 - 3699>|<4000 - 4699>Parameters3000 - 3699Specifies the I

AT-9000 Switch Command Line User’s Guide95NoteThe baud rate is the only adjustable parameter on the Console port.For reference information, refer to “

Chapter 74: ACL Commands1202ExampleThis example assigns the switch an IP address of 10.0.0.20/24. It creates a Numbered ACL with an ID of 3022 that al

AT-9000 Switch Command Line User’s Guide1203ACCESS-GROUPSyntaxaccess-group id_numberParametersid_numberSpecifies the ID number of an access control li

Chapter 74: ACL Commands1204ExamplesThis example adds an IP ACL with an ID of 3022 to port 15:awplus> enableawplus# configure terminalawplus(config

AT-9000 Switch Command Line User’s Guide1205ACCESS-LIST (MAC Address)Syntaxaccess-list id_number action src_mac_address|any src_mac_mask dst_mac_addre

Chapter 74: ACL Commands1206dst_mac_addressSpecifies the destination MAC address of the ingress packets. Choose from the following options:dst_mac_add

AT-9000 Switch Command Line User’s Guide1207awplus(config_if)# mac access-group 4002awplus(config_if)# mac access-group 4003awplus(config_if)# mac acc

Chapter 74: ACL Commands1208ACCESS-LIST ICMPSyntaxaccess-list id_number action icmp src_ipaddress dst_ipaddress [vlan vid]Parametersid_numberSpecifies

AT-9000 Switch Command Line User’s Guide1209ipaddress/mask: Matches packets that have a destination IP address of a specific subnet or end node. host

Chapter 74: ACL Commands1210This example adds a deny access list to ports 4 and 5 to discard all untagged ingress packets that are ICMP, from the 152.

AT-9000 Switch Command Line User’s Guide1211ACCESS-LIST IPSyntaxaccess-list id_number action ip src_ipaddress dst_ipaddress [vlan vid]Parametersid_num

Chapter 7: Basic Switch Management96Configuring the Management Session TimersYou should always conclude a management session by logging off so that if

Chapter 74: ACL Commands1212dst_ipaddress: Specifies the destination IP address of the ingress packets the access list should filter. Here are the pos

AT-9000 Switch Command Line User’s Guide1213This example creates a deny access list, ID number 3095, that discards all untagged ingress packets that h

Chapter 74: ACL Commands1214This example configures ports 22 and 23 to accept only untagged ingress packets containing destination addresses in the 14

AT-9000 Switch Command Line User’s Guide1215ACCESS-LIST PROTOSyntaxaccess-list id_number action proto protocol_number src_ipaddress dst_ipaddress [vla

Chapter 74: ACL Commands1216dst_ipaddressSpecifies the destination IP address of the ingress packets the access list should filter. Choose one of the

AT-9000 Switch Command Line User’s Guide12179 IGP (Interior Gateway Protocol) (IANA)11 Network Voice Protocol (RFC741)17 UDP (User Datagram Protocol)

Chapter 74: ACL Commands1218Confirmation Commands“SHOW ACCESS-LIST” on page 1232 and “SHOW INTERFACE ACCESS-GROUP” on page 1234ExamplesThis example ad

AT-9000 Switch Command Line User’s Guide1219awplus(config_if)# access-group 3011awplus(config_if)# endawplus# show access-listawplus# show interface p

Chapter 74: ACL Commands1220ACCESS-LIST TCPSyntaxaccess-list id_number action tcp src_ipaddress eq|lt|gt|ne|range src_tcp_port dst_ipaddress eq|lt|gt|

AT-9000 Switch Command Line User’s Guide1221ltMatches packets that are less than the TCP port number specified by the SRC_TCP_PORT or DST_TCP_PORT par

AT-9000 Switch Command Line User’s Guide97Both the first_line_id and the last_line_id parameters have value of 0 to 9. You can specify one VTY line or

Chapter 74: ACL Commands1222ModeGlobal Configuration modeDescriptionUse this command to create access control lists that filter ingress packets based

AT-9000 Switch Command Line User’s Guide1223This example creates an ACL that causes port 14 to discard all tagged ingress TCP packets with the VID 27,

Chapter 74: ACL Commands1224ACCESS-LIST UDPSyntaxaccess-list id_number action udp src_ipaddress eq|lt|gt|ne|range src_udp_port dst_ipaddress eq|lt|gt|

AT-9000 Switch Command Line User’s Guide1225ltMatches packets that are less than the UDP port number specified by the SRC_UDP_PORT or DST_UDP_PORT par

Chapter 74: ACL Commands1226ModeGlobal Configuration modeDescriptionUse this command to create access control lists that filter ingress packets based

AT-9000 Switch Command Line User’s Guide1227This example defines an ACL that causes port 18 to discard all untagged ingress packets that have source a

Chapter 74: ACL Commands1228MAC ACCESS-GROUPSyntaxmac access-group id_numberParametersid_numberSpecifies the ID number of a MAC address access control

AT-9000 Switch Command Line User’s Guide1229NO ACCESS-LISTSyntaxno access-list id_numberParametersid_numberSpecifies the ID number of an access list y

Chapter 74: ACL Commands1230NO ACCESS-GROUPSyntaxno access-group id_numberParametersid_numberSpecifies the ID number of an access list. The range is 3

AT-9000 Switch Command Line User’s Guide1231NO MAC ACCESS-GROUPSyntaxno mac access-group id_numberParametersid_numberSpecifies the ID number of a MAC

Chapter 7: Basic Switch Management98Setting the Maximum Number of Manager SessionsThe switch supports up to three manager sessions simultaneously so t

Chapter 74: ACL Commands1232SHOW ACCESS-LISTSyntaxshow access-list [<3000-3699>|<4000-4699>|<list-name>]Parameters<3000-3699>I

AT-9000 Switch Command Line User’s Guide1233ExampleThis example displays Numbered IP, MAC, and Named IP ACLs:awplus# show access-listFigure 200. SHOW

Chapter 74: ACL Commands1234SHOW INTERFACE ACCESS-GROUPSyntaxshow interface port access-groupParametersportSpecifies a port number. You can specify mo

1235Chapter 75Quality of Service (QOS) CommandsThe Quality of Service (QoS) commands are summarized in Table 145.Table 145. Quality of Service Command

Chapter 75: Quality of Service (QOS) Commands1236 Section X: Network Management“SHOW MLS QOS MAPS COS-QUEUE” on page 1252Privileged Exec Displays the

AT-9000 Switch Command Line User’s GuideSection X: Network Management 1237MLS QOS ENABLESyntaxmls qos enableParametersNone.ModeGlobal Configuration mo

Chapter 75: Quality of Service (QOS) Commands1238 Section X: Network ManagementMLS QOS MAP COS-QUEUESyntaxmls qos map cos-queue cos_priority to egress

AT-9000 Switch Command Line User’s GuideSection X: Network Management 1239awplus(config-if)# mls qos trust cosawplus(config-if)# mls qos map cos-queue

Chapter 75: Quality of Service (QOS) Commands1240 Section X: Network ManagementMLS QOS MAP DSCP-QUEUESyntaxmls qos map dscp-queue dscp_priority to egr

AT-9000 Switch Command Line User’s GuideSection X: Network Management 1241awplus(config-if)# mls qos map dscp-queue 11 to 7awplus(config-if)# mls qos

AT-9000 Switch Command Line User’s Guide99Configuring the BannersThe switch has banner messages you may use to identify the switch or to display other

Chapter 75: Quality of Service (QOS) Commands1242 Section X: Network ManagementMLS QOS QUEUESyntaxmls qos queue priorityParameterspriority Specifies a

AT-9000 Switch Command Line User’s GuideSection X: Network Management 1243MLS QOS SET COSSyntaxmls qos set cos priorityParameterspriority Specifies a

Chapter 75: Quality of Service (QOS) Commands1244 Section X: Network ManagementMLS QOS SET DSCPSyntaxmls qos set dscp priorityParameterspriority Speci

AT-9000 Switch Command Line User’s GuideSection X: Network Management 1245MLS QOS TRUST COSSyntaxmls qos trust cosParametersNone.ModePort Interface mo

Chapter 75: Quality of Service (QOS) Commands1246 Section X: Network ManagementMLS QOS TRUST DSCPSyntaxmls qos trust dscpParametersNone.ModePort Inter

AT-9000 Switch Command Line User’s GuideSection X: Network Management 1247NO MLS QOS ENABLESyntaxno mls qos enableParametersNone.ModeGlobal Configurat

Chapter 75: Quality of Service (QOS) Commands1248 Section X: Network ManagementNO WRR-QUEUE WEIGHTSyntaxno wrr-queue weightParametersNone.ModePort Int

AT-9000 Switch Command Line User’s GuideSection X: Network Management 1249SHOW MLS QOS INTERFACESyntaxshow mls qos interface portParametersport Specif

Chapter 75: Quality of Service (QOS) Commands1250 Section X: Network ManagementFigure 203. SHOW MLS QOS INTERFACE Command - Strict Priority (continued

AT-9000 Switch Command Line User’s GuideSection X: Network Management 1251The fields in the display are described in Table 146.ExampleThis example dis

Chapter 7: Basic Switch Management100The commands for setting the banners are located in the Global Configuration mode with the exception of the SHOW

Chapter 75: Quality of Service (QOS) Commands1252 Section X: Network ManagementSHOW MLS QOS MAPS COS-QUEUESyntaxshow mls qos maps cos-queue interface

AT-9000 Switch Command Line User’s GuideSection X: Network Management 1253SHOW MLS QOS MAPS DSCP-QUEUESyntaxshow mls qos maps dscp-queue interface por

Chapter 75: Quality of Service (QOS) Commands1254 Section X: Network ManagementFigure 206. SHOW MLS QOS MAPS DSCP-QUEUE CommandThe mappings of DSCP pr

AT-9000 Switch Command Line User’s GuideSection X: Network Management 1255WRR-QUEUE WEIGHTSyntaxwrr-queue weight weightsParametersweights Specifies th

Chapter 75: Quality of Service (QOS) Commands1256 Section X: Network Managementawplus(config)# interface port1.0.3awplus(config-if)# wrr-queue weight

1257Section XIManagement SecurityThis section contains the following chapters: Chapter 76, “Local Manager Accounts” on page 1259 Chapter 77, “Local

1258

1259Chapter 76Local Manager AccountsThis chapter provides the following topics: “Overview” on page 1260 “Creating Local Manager Accounts” on page 12

Chapter 76: Local Manager Accounts1260OverviewEach AT-9000 Series switch is pre-configured at the factory with one default manager account. The factor

AT-9000 Switch Command Line User’s Guide1261Figure 207. Password Prompt for Command Mode RestrictionIf the manager enters the correct password, the Pr

AT-9000 Switch Command Line User’s Guide101To remove messages without assigning new messages, use the NO versions of the commands. This example remove

Chapter 76: Local Manager Accounts1262Password encryption is activated with the SERVICE PASSWORD-ENCRYPTION command and deactivated with the NO SERVIC

AT-9000 Switch Command Line User’s Guide1263Creating Local Manager AccountsThe command for creating local manager accounts is the USERNAME command in

Chapter 76: Local Manager Accounts1264Passwords entered in encrypted form remain encrypted in the running configuration even if you disable password e

AT-9000 Switch Command Line User’s Guide1265Deleting Local Manager AccountsTo delete local manager accounts from the switch, use the NO USERNAME comma

Chapter 76: Local Manager Accounts1266Activating Command Mode Restriction and Creating the Special PasswordCommand mode restriction is a security feat

AT-9000 Switch Command Line User’s Guide1267Deactivating Command Mode Restriction and Deleting the Special PasswordThe command for deactivating comman

Chapter 76: Local Manager Accounts1268Activating or Deactivating Password EncryptionPassword encryption controls the manner in which the switch stores

AT-9000 Switch Command Line User’s Guide1269Displaying the Local Manager AccountsTo view the local accounts on the switch, use “SHOW RUNNING-CONFIG” o

Chapter 76: Local Manager Accounts1270

1271Chapter 77Local Manager Account CommandsThe local manager account commands are summarized in Table 147 and described in detail within the chapter.

AT-9000 Switch Command Line User’s Guide13Guidelines...

Chapter 7: Basic Switch Management102

Chapter 77: Local Manager Account Commands1272ENABLE PASSWORDSyntaxenable password [8] passwordParameters8Specifies that the password is encrypted.pas

AT-9000 Switch Command Line User’s Guide1273awplus> enableawplus# configure terminalawplus(config)# enable password 8 1255bbf963118fcf750aca356d35f

Chapter 77: Local Manager Account Commands1274NO ENABLE PASSWORDSyntaxno enable passwordParametersNoneModeGlobal Configuration modeDescriptionUse this

AT-9000 Switch Command Line User’s Guide1275NO SERVICE PASSWORD-ENCRYPTIONSyntaxno service password-encryptionParametersNoneModeGlobal Configuration m

Chapter 77: Local Manager Account Commands1276NO USERNAMESyntaxno username nameParametersnameSpecifies the name of the manager account you want to del

AT-9000 Switch Command Line User’s Guide1277SERVICE PASSWORD-ENCRYPTIONSyntaxservice password-encryptionParametersNoneModeGlobal Configuration modeDes

Chapter 77: Local Manager Account Commands1278USERNAMESyntaxusername name privilege level password [8] passwordParametersnameSpecifies the name of a n

AT-9000 Switch Command Line User’s Guide1279ExamplesThis example creates a manager account for the user, allen. The privilege level is 15 to give the

Chapter 77: Local Manager Account Commands1280

1281Chapter 78Telnet ServerThis chapter provides the following topics: “Overview” on page 1282 “Enabling the Telnet Server” on page 1283 “Disabling

103Chapter 8Basic Switch Management CommandsThe basic switch management commands are summarized in Table 8.Table 8. Basic Switch Management CommandsCo

Chapter 78: Telnet Server1282OverviewThe switch comes with a Telnet server so that you can remotely manage the device from Telnet clients on your netw

AT-9000 Switch Command Line User’s Guide1283Enabling the Telnet ServerTo enable the server, go to the Global Configuration mode and issue the SERVICE

Chapter 78: Telnet Server1284Disabling the Telnet ServerTo disable the Telnet server, use the NO SERVICE TELNET command in the Global Configuration mo

AT-9000 Switch Command Line User’s Guide1285Displaying the Telnet ServerTo display the status of the Telnet server, use the SHOW TELNET command in the

Chapter 78: Telnet Server1286

1287Chapter 79Telnet Server CommandsThe Telnet server commands are summarized in Table 148 and described in detail within the chapter.Table 148. Telne

Chapter 79: Telnet Server Commands1288NO SERVICE TELNETSyntaxno service telnetParametersNoneModeGlobal Configuration modeDescriptionUse this command t

AT-9000 Switch Command Line User’s Guide1289SERVICE TELNETSyntaxservice telnetParametersNoneModeGlobal Configuration modeDescriptionUse this command t

Chapter 79: Telnet Server Commands1290SHOW TELNETSyntaxshow telnetParametersNoneModeUser Exec mode and Privileged Exec modeDescriptionUse this command

1291Chapter 80Telnet ClientThis chapter provides the following topics: “Overview” on page 1292 “Starting a Remote Management Session with the Telnet

Chapter 8: Basic Switch Management Commands104“REBOOT” on page 124 Privileged Exec Resets the switch.“RELOAD” on page 125 Privileged Exec Resets the s

Chapter 80: Telnet Client1292OverviewThe switch has a Telnet client. You may use the client to remotely manage other network devices from the switch.

AT-9000 Switch Command Line User’s Guide1293Starting a Remote Management Session with the Telnet ClientHere are the steps to using the Telnet client o

Chapter 80: Telnet Client1294

1295Chapter 81Telnet Client CommandsThe Telnet client commands are summarized in Table 149 and described in detail within the chapter.Table 149. Telne

Chapter 81: Telnet Client Commands1296TELNETSyntaxtelnet ipv4_address [port]Parametersipv4_addressSpecifies the IPv4 address of a remote device you wa

AT-9000 Switch Command Line User’s Guide1297TELNET IPV6Syntaxtelnet ipv6 ipv6_address [port]Parametersipv6_addressSpecifies the IPv6 address of a remo

Chapter 81: Telnet Client Commands1298

1299Chapter 82Secure Shell (SSH) ServerThis chapter provides the following topics: “Overview” on page 1300 “Support for SSH” on page 1301 “SSH and

Chapter 82: Secure Shell (SSH) Server1300OverviewThe Secure Shell (SSH) protocol is an alternative to the Telnet protocol for remote management of the

AT-9000 Switch Command Line User’s Guide1301Support for SSHThe implementation of the SSH protocol on the switch is compliant with the SSH protocol ver

AT-9000 Switch Command Line User’s Guide105BANNER EXECSyntaxbanner execParametersNoneModeGlobal Configuration modeDescriptionUse this command to creat

Chapter 82: Secure Shell (SSH) Server1302 The SSH server uses protocol port 22. This parameter cannot be changed. If you are using the enhanced stac

AT-9000 Switch Command Line User’s Guide1303SSH and Enhanced StackingThe switch allows for encrypted SSH management sessions between a management stat

Chapter 82: Secure Shell (SSH) Server1304Because enhanced stacking does not allow for SSH encrypted management sessions between a management station a

AT-9000 Switch Command Line User’s Guide1305Creating the Encryption Key PairThe first step to using the SSH server on the switch for remote management

Chapter 82: Secure Shell (SSH) Server1306Enabling the SSH ServerThe switch does not allow you to enable the SSH server and begin remote management unt

AT-9000 Switch Command Line User’s Guide1307Disabling the SSH ServerIf you decide that you want to disable the server because you do not want to remot

Chapter 82: Secure Shell (SSH) Server1308Deleting Encryption KeysTo delete encryption keys from the switch, use the CRYPTO KEY DESTROY HOSTKEY command

AT-9000 Switch Command Line User’s Guide1309Displaying the SSH ServerTo display the current settings of the server, enter this command in the Privileg

Chapter 82: Secure Shell (SSH) Server1310

1311Chapter 83SSH Server CommandsThe SSH server commands are summarized in Table 150 and described in detail within the chapter.Table 150. Secure Shel

Chapter 8: Basic Switch Management Commands106This example deletes the banner:awplus> enableawplus# configure terminalawplus(config)# no banner exe

Chapter 83: SSH Server Commands1312CRYPTO KEY DESTROY HOSTKEYSyntaxcrypto key destroy hostkey dsa|rsa|rsa1ParametersdsaDeletes the DSA key.rsaDeletes

AT-9000 Switch Command Line User’s Guide1313This example deletes the RSA1 key:awplus> enableawplus# configure terminalawplus(config)# crypto key de

Chapter 83: SSH Server Commands1314CRYPTO KEY GENERATE HOSTKEYSyntaxcrypto key generate hostkey dsa|rsa|rsa1 [value]ParametersdsaCreates a DSA key tha

AT-9000 Switch Command Line User’s Guide1315NoteCreating a key is a very CPU intensive process for the switch. The switch does not stop forwarding net

Chapter 83: SSH Server Commands1316NO SERVICE SSHSyntaxno service sshParametersNoneModeGlobal Configuration modeDescriptionUse this command to disable

AT-9000 Switch Command Line User’s Guide1317SERVICE SSHSyntaxservice sshParametersNoneModeGlobal Configuration modeDescriptionUse this command to enab

Chapter 83: SSH Server Commands1318SHOW CRYPTO KEY HOSTKEYSyntaxshow crypto key hostkey [dsa|rsa|rsa1]ParametersdsaDisplays the DSA key.rsaDisplays th

AT-9000 Switch Command Line User’s Guide1319SHOW SSH SERVERSyntaxshow ssh serverParametersNoneModesPrivileged Exec and Global Configuration modesDescr

Chapter 83: SSH Server Commands1320

1321Chapter 84Non-secure HTTP Web Browser ServerThis chapter describes the following topics: “Overview” on page 1322 “Enabling the Web Browser Serve

AT-9000 Switch Command Line User’s Guide107BANNER LOGINSyntaxbanner loginParametersNoneModeGlobal Configuration modeDescriptionUse this command to con

Chapter 84: Non-secure HTTP Web Browser Server1322OverviewThe switch has a web browser server. The server is used to remotely manage the unit over the

AT-9000 Switch Command Line User’s Guide1323Enabling the Web Browser ServerThe command to activate the web browser server for non-secure HTTP operatio

Chapter 84: Non-secure HTTP Web Browser Server1324Setting the Protocol Port NumberThe default setting of port 80 for the protocol port of the HTTP web

AT-9000 Switch Command Line User’s Guide1325Disabling the Web Browser ServerThe command to disable the HTTP server is the NO SERVICE HTTP command in t

Chapter 84: Non-secure HTTP Web Browser Server1326Displaying the Web Browser ServerTo display whether the HTTP web server is enabled or disabled on th

1327Chapter 85Non-secure HTTP Web Browser Server CommandsThe non-secure HTTP web browser server commands are summarized in Table 151 and described in

Chapter 85: Non-secure HTTP Web Browser Server Commands1328SERVICE HTTPSyntaxservice httpParametersNoneModeGlobal Configuration modeDescriptionUse thi

AT-9000 Switch Command Line User’s Guide1329IP HTTP PORTSyntaxip http port portParametersportSpecifies the TCP port number the HTTP web server listens

Chapter 85: Non-secure HTTP Web Browser Server Commands1330NO SERVICE HTTPSyntaxno http serverParametersNoneModeGlobal Configuration modeDescriptionUs

AT-9000 Switch Command Line User’s Guide1331SHOW IP HTTPSyntaxshow ip httpParametersNoneModePrivileged Exec modeDescriptionUse this command to display

Chapter 8: Basic Switch Management Commands108This example removes the login banner:awplus> enableawplus# configure terminalawplus(config)# no bann

Chapter 85: Non-secure HTTP Web Browser Server Commands1332

1333Chapter 86Secure HTTPS Web Browser ServerThis chapter describes the following topics: “Overview” on page 1334 “Creating a Self-signed Certificat

Chapter 86: Secure HTTPS Web Browser Server1334OverviewThe switch has a web browser server for remote management of the unit with a web browser applic

AT-9000 Switch Command Line User’s Guide1335Private CAs allow companies to keep track of the certificates and control access to various network device

Chapter 86: Secure HTTPS Web Browser Server1336NoteIf the certificate will be issued by a private or public CA, you should check with the CA to see if

AT-9000 Switch Command Line User’s Guide1337Creating a Self-signed CertificateHere are the main steps to configuring the switch for a self-signed cert

Chapter 86: Secure HTTPS Web Browser Server1338At this point, the switch, if it has a management IP address, is ready for remote management with a web

AT-9000 Switch Command Line User’s Guide1339The switch is now ready for remote web browser management with HTTPS, provided that it has a management IP

Chapter 86: Secure HTTPS Web Browser Server1340Configuring the HTTPS Web Server for a Certificate Issued by a CAHere are the main steps to configuring

AT-9000 Switch Command Line User’s Guide13417. Designate the new certificate from the CA as the active certificate on the switch with “IP HTTPS CERTIF

AT-9000 Switch Command Line User’s Guide109BANNER MOTDSyntaxbanner motdParametersNoneModeGlobal Configuration modeDescriptionUse this command to creat

Chapter 86: Secure HTTPS Web Browser Server1342awplus(config)# crypto certificate 1 request 124.201.76.54 Production ABC_Industries San_Jose Californi

AT-9000 Switch Command Line User’s Guide1343The switch, if it has a management IP address, is now ready for remote HTTPS web browser management. To st

Chapter 86: Secure HTTPS Web Browser Server1344Enabling the Web Browser ServerThe command to activate the web browser server for secure HTTPS operatio

AT-9000 Switch Command Line User’s Guide1345Disabling the Web Browser ServerThe command to disable the HTTPS mode is the NO SERVICE HTTPS command in t

Chapter 86: Secure HTTPS Web Browser Server1346Displaying the Web Browser ServerTo display whether the HTTPS web server is enabled or disabled on the

1347Chapter 87Secure HTTPS Web Browser Server CommandsThe secure HTTPS web browser server commands are summarized in Table 152 and described in detail

Chapter 87: Secure HTTPS Web Browser Server Commands1348CRYPTO CERTIFICATE DESTROYSyntaxcrypto certificate id_number destroyParametersid_numberSpecifi

AT-9000 Switch Command Line User’s Guide1349CRYPTO CERTIFICATE GENERATESyntaxcrypto certificate id_number generate length passphrase common_name organ

Chapter 87: Secure HTTPS Web Browser Server Commands1350countrySpecifies the ISO 3166-1 initials of a country. This parameter must be two uppercase ch

AT-9000 Switch Command Line User’s Guide1351 Organizational unit: Sales Organization: Jones_Industries Location: San_Jose State: California Count

Chapter 8: Basic Switch Management Commands110This example removes the message-of-the-day banner:awplus> enableawplus# configure terminalawplus(con

Chapter 87: Secure HTTPS Web Browser Server Commands1352CRYPTO CERTIFICATE IMPORTSyntaxcrypto certificate id_number importParametersid_numberSpecifies

AT-9000 Switch Command Line User’s Guide1353CRYPTO CERTIFICATE REQUESTSyntaxcrypto certificate id_number request common_name organizational_unit organ

Chapter 87: Secure HTTPS Web Browser Server Commands1354DescriptionUse this command to create certificate enrollment requests for submittal to public

AT-9000 Switch Command Line User’s Guide1355SERVICE HTTPSSyntaxservice httpsParametersNoneModeGlobal Configuration modeDescriptionUse this command to

Chapter 87: Secure HTTPS Web Browser Server Commands1356IP HTTPS CERTIFICATESyntaxip https certificate id_numberParametersid_numberSpecifies a certifi

AT-9000 Switch Command Line User’s Guide1357NO SERVICE HTTPSSyntaxno service httpsParametersNoneModeGlobal Configuration modeDescriptionUse this comma

Chapter 87: Secure HTTPS Web Browser Server Commands1358SHOW CRYPTO CERTIFICATESyntaxshow crypto certificate id_numberParametersid_numberSpecifies a c

AT-9000 Switch Command Line User’s Guide1359SHOW IP HTTPSSyntaxshow ip httpParametersNoneModePrivileged Exec modeDescriptionUse this command to displa

Chapter 87: Secure HTTPS Web Browser Server Commands1360ExampleThis example displays the status of the HTTPS server and basic information about the ce

1361Chapter 88RADIUS and TACACS+ ClientsThis chapter describes the following topics: “Overview” on page 1362 “Remote Manager Accounts” on page 1363

AT-9000 Switch Command Line User’s Guide111BAUD-RATE SETSyntaxbaud-rate set 1200|2400|4800|9600|19200|38400|57600|115200ParametersNoneModeGlobal Confi

Chapter 88: RADIUS and TACACS+ Clients1362OverviewThe switch has RADIUS and TACACS+ clients for remote authentication. Here are the two features that

AT-9000 Switch Command Line User’s Guide1363Remote Manager AccountsThe switch has one local manager account. The account is referred to as a local acc

Chapter 88: RADIUS and TACACS+ Clients1364the switch, the privilege level of an account is ignored and all accounts have access to the entire command

AT-9000 Switch Command Line User’s Guide13654. Configure the RADIUS or TACACS+ client on the switch by entering the IP addresses of up to three authen

Chapter 88: RADIUS and TACACS+ Clients1366Managing the RADIUS ClientThe following subsections describe how to manage the RADIUS client: “Adding IP Ad

AT-9000 Switch Command Line User’s Guide1367The AUTH-PORT parameter specifies the UDP destination port for RADIUS authentication requests. If 0 is spe

Chapter 88: RADIUS and TACACS+ Clients1368This example sets the RADIUS timeout to 15 seconds:awplus> enableawplus# configure terminalawplus(config)

AT-9000 Switch Command Line User’s Guide1369Deleting ServerIP AddressesTo delete the IP address of a RADIUS server from the list of servers on the swi

Chapter 88: RADIUS and TACACS+ Clients1370Managing the TACACS+ ClientThe following subsections describe how to manage the TACACS+ client: “Adding IP

AT-9000 Switch Command Line User’s Guide1371This example adds the IP address 115.16.172.54 as a TACACS+ authentication server at the bottom of the lis

Contents14Disabling the Spanning Tree Protocol ...5

Chapter 8: Basic Switch Management Commands112CLOCK SETSyntaxclock set hh:mm:ss dd mmm yyyyParametershh:mm:ssSpecifies the hour, minute, and second fo

Chapter 88: RADIUS and TACACS+ Clients1372Deleting IPAddresses ofTACACS+ServersTo delete the IP address of a TACACS+ server from the client on the swi

AT-9000 Switch Command Line User’s Guide1373Configuring Remote Authentication of Manager AccountsCheck that you performed the following steps before a

Chapter 88: RADIUS and TACACS+ Clients1374uses for remote Telnet and SSH sessions. (For background information, refer to “VTY Lines” on page 41.)Toggl

AT-9000 Switch Command Line User’s Guide1375The LINE_ID parameter has a range of 0 to 9. The following example of the command toggles off remote authe

Chapter 88: RADIUS and TACACS+ Clients1376

1377Chapter 89RADIUS and TACACS+ Client CommandsThe commands for the RADIUS and TACACS+ clients are summarized in Table 154 and described in detail wi

Chapter 89: RADIUS and TACACS+ Client Commands1378“RADIUS-SERVER TIMEOUT” on page 1395Global ConfigurationSpecifies the maximum amount of time the RAD

AT-9000 Switch Command Line User’s Guide1379AAA ACCOUNTING LOGINSyntaxaaa accounting login default start-stop|stop-only|none group radius|tacacs Param

Chapter 89: RADIUS and TACACS+ Client Commands1380Confirmation Commands“SHOW RADIUS” on page 1396“SHOW TACACS” on page 1398ExamplesTo configure RADIUS

AT-9000 Switch Command Line User’s Guide1381AAA AUTHENTICATION ENABLE (TACACS+)Syntaxaaa authentication enable default group tacacs [local]Parametersd

AT-9000 Switch Command Line User’s Guide113ERASE STARTUP-CONFIGSyntaxerase startup-configParametersNoneModePrivileged Exec modeDescriptionUse this com

Chapter 89: RADIUS and TACACS+ Client Commands1382command is attempted if a TACACS+ server is not available, use the following commands:awplus> ena

AT-9000 Switch Command Line User’s Guide1383AAA AUTHENTICATION LOGINSyntaxaaa authentication login default [group radius|tacacs] [local]Parametersdefa

Chapter 89: RADIUS and TACACS+ Client Commands1384Confirmation Commands“SHOW RADIUS” on page 1396“SHOW TACACS” on page 1398ExamplesTo enable RADIUS se

AT-9000 Switch Command Line User’s Guide1385IP RADIUS SOURCE-INTERFACESyntaxip radius source-interface Ipv4 Address | VIDParametersIpv4 AddressIndicat

Chapter 89: RADIUS and TACACS+ Client Commands1386This example removes the RADIUS source IP address from the RADIUS client:awplus> enableawplus# co

AT-9000 Switch Command Line User’s Guide1387LOGIN AUTHENTICATIONSyntaxlogin authenticationParametersNoneModesConsole Line and Virtual Terminal Line mo

Chapter 89: RADIUS and TACACS+ Client Commands1388This example activates remote authentication for remote Telnet and SSH management sessions that use

AT-9000 Switch Command Line User’s Guide1389NO LOGIN AUTHENTICATIONSyntaxno login authenticationParametersNoneModesConsole Line and Virtual Terminal L

Chapter 89: RADIUS and TACACS+ Client Commands1390NO RADIUS-SERVER HOSTSyntaxno radius-server host ipaddressParameteripaddressSpecifies an IP address

AT-9000 Switch Command Line User’s Guide1391NO TACACS-SERVER HOSTSyntaxno tacacs-server host ipaddressParameteripaddressSpecifies an IP address of a T

Chapter 8: Basic Switch Management Commands114EXEC-TIMEOUTSyntaxexec-timeout valueParametersexec-timeoutSpecifies the session timer in minutes. The ra

Chapter 89: RADIUS and TACACS+ Client Commands1392RADIUS-SERVER HOSTSyntaxradius-server host ipaddress [acct-port value] [auth-port value] [key value]

AT-9000 Switch Command Line User’s Guide1393ExamplesThis example adds a RADIUS server with the IP address 176.225.15.23. The UDP port is 1811, and the

Chapter 89: RADIUS and TACACS+ Client Commands1394RADIUS-SERVER KEYSyntaxradius-server key valueParameterskeySpecifies the global encryption key of th

AT-9000 Switch Command Line User’s Guide1395RADIUS-SERVER TIMEOUTSyntaxradius-server timeout valueParameterstimeoutSpecifies the maximum amount of tim

Chapter 89: RADIUS and TACACS+ Client Commands1396SHOW RADIUSSyntaxshow radiusParametersNoneModesPrivileged Exec modeDescriptionUse this command to di

AT-9000 Switch Command Line User’s Guide1397ExampleThis example displays the configuration of the RADIUS client:awplus# show radiusAccounting Port The

Chapter 89: RADIUS and TACACS+ Client Commands1398SHOW TACACSSyntaxshow tacacsParametersNoneModePrivileged Exec modeDescriptionUse this command to dis

AT-9000 Switch Command Line User’s Guide1399ExampleThis example displays the configuration of the TACACS+ client on the switch:awplus# show tacacsServ

Chapter 89: RADIUS and TACACS+ Client Commands1400TACACS-SERVER HOSTSyntaxtacacs-server host ipaddress [key value]ParametershostSpecifies an IP addres

AT-9000 Switch Command Line User’s Guide1401TACACS-SERVER KEYSyntaxtacacs-server key valueParametersvalueSpecifies the global encryption key of the TA

AT-9000 Switch Command Line User’s Guide115This example sets the session timer for the first (vty 0) Telnet or SSH session to 5 minutes:awplus> ena

Chapter 89: RADIUS and TACACS+ Client Commands1402TACACS-SERVER TIMEOUTSyntaxtacacs-server timeout valueParameterstimeoutSpecifies the maximum amount

1403Appendix ASystem Monitoring CommandsThe system monitoring commands are summarized in Table 157 and described in detail within the chapter.Table 15

Chapter : System Monitoring Commands1404SHOW CPUSyntaxshow cpu [sort pri|runtime|sleep|thrds]ParameterspriSorts the list by process priorities.runtime

AT-9000 Switch Command Line User’s Guide1405SHOW CPU HISTORYSyntaxshow cpu historyParametersNoneModePrivileged Exec modeDescriptionUse this command to

Chapter : System Monitoring Commands1406SHOW CPU USER-THREADSSyntaxshow cpu user-threadsParametersNoneModePrivileged Exec modeDescriptionUse this comm

AT-9000 Switch Command Line User’s Guide1407SHOW MEMORYSyntaxshow memory [sort peak|size|stk]ParameterspeakSorts the list by the peak amounts of memor

Chapter : System Monitoring Commands1408SHOW MEMORY ALLOCATIONSyntaxshow memory allocation processParameterprocessSpecifies a system process.ModePrivi

AT-9000 Switch Command Line User’s Guide1409SHOW MEMORY HISTORYSyntaxshow memory historyParametersNoneModePrivileged Exec modeDescriptionUse this comm

Chapter : System Monitoring Commands1410SHOW MEMORY POOLSSyntaxshow memory poolsParametersNoneModePrivileged Exec modeDescriptionUse this command to d

AT-9000 Switch Command Line User’s Guide1411SHOW PROCESSSyntaxshow memory process [sort cpu|mem]ParameterscpuSorts the list by percentage of CPU utili

Chapter 8: Basic Switch Management Commands116HELPSyntaxhelpParametersNoneModeAll modesDescriptionUse this command to learn how to use on-line help. E

Chapter : System Monitoring Commands1412SHOW SYSTEM SERIALNUMBERSyntaxshow system serialnumberParametersNoneModesUser Exec mode and Privileged Exec mo

AT-9000 Switch Command Line User’s Guide1413SHOW SYSTEM INTERRUPTSSyntaxshow system interruptsParametersNoneModePrivileged Exec modeDescriptionUse thi

Chapter : System Monitoring Commands1414SHOW TECH-SUPPORTSyntaxshow tech-support [all]ParametersallPerforms the full set of technical support commands

AT-9000 Switch Command Line User’s Guide1415With the ALL option, the command performs the previous commands and these additional commands: SHOW ARP

Chapter : System Monitoring Commands1416

1417Appendix BManagement Software Default SettingsThis appendix lists the factory default settings of the switch. The features are listed in alphabeti

Appendix B: Management Software Default Settings1418Boot Configuration FileThe following table lists the name of the default configuration file.Boot C

AT-9000 Switch Command Line User’s Guide1419Class of ServiceThe following table lists the default mappings of the IEEE 802.1p priority levels to the e

Appendix B: Management Software Default Settings1420Console PortThe following table lists the default settings for the Console port.NoteThe baud rate

AT-9000 Switch Command Line User’s Guide1421802.1x Port-Based Network Access ControlThe following table describes the 802.1x Port-based Network Access

AT-9000 Switch Command Line User’s Guide117HOSTNAMESyntaxhostname nameParametersnameSpecifies a name of up to 39 alphanumeric characters for the switc

Appendix B: Management Software Default Settings1422The following table lists the default settings for RADIUS accounting.RADIUS Accounting Settings De

AT-9000 Switch Command Line User’s Guide1423Enhanced StackingThe following table lists the enhanced stacking default setting.Enhanced Stacking Setting

Appendix B: Management Software Default Settings1424GVRPThis section provides the default settings for GVRP.GVRP Setting DefaultStatus DisabledGIP Sta

AT-9000 Switch Command Line User’s Guide1425IGMP SnoopingThe following table lists the IGMP Snooping default settings.IGMP Snooping Setting DefaultIGM

Appendix B: Management Software Default Settings1426Link Layer Discovery Protocol (LLDP and LLDP-MED)The following table lists the default settings fo

AT-9000 Switch Command Line User’s Guide1427MAC Address-based Port SecurityThe following table lists the MAC address-based port security default setti

Appendix B: Management Software Default Settings1428MAC Address TableThe following table lists the default setting for the MAC address table.MAC Addre

AT-9000 Switch Command Line User’s Guide1429Management IP AddressThe following table lists the default settings for the management IP address.Manageme

Appendix B: Management Software Default Settings1430Manager AccountThe following table lists the manager account default settings.NoteLogin names and

AT-9000 Switch Command Line User’s Guide1431Port SettingsThe following table lists the port configuration default settings.Port Configuration Setting

Chapter 8: Basic Switch Management Commands118LINE CONSOLESyntaxline console 0ParametersNoneModeGlobal Configuration modeDescriptionUse this command t

Appendix B: Management Software Default Settings1432RADIUS ClientThe following table lists the RADIUS configuration default settings.RADIUS Configurat

AT-9000 Switch Command Line User’s Guide1433Remote Manager Account AuthenticationThe following table describes the remote manager account authenticati

Appendix B: Management Software Default Settings1434RMONThe following table lists the default settings for RMON collection histories. There are no def

AT-9000 Switch Command Line User’s Guide1435Secure Shell ServerThe following table lists the SSH default settings.NoteThe SSH port number is not adjus

Appendix B: Management Software Default Settings1436sFlow AgentThe default settings for the sFlow agent are listed in this table.sFlow Agent Setting D

AT-9000 Switch Command Line User’s Guide1437Simple Network Management Protocol (SNMPv1, SNMPv2c and SNMPv3)The following table describes the default s

Appendix B: Management Software Default Settings1438Simple Network Time ProtocolThe following table lists the SNTP default settings.SNTP Setting Defau

AT-9000 Switch Command Line User’s Guide1439Spanning Tree Protocols (STP, RSTP and MSTP)This section provides the default settings for STP and RSTP.Sp

Appendix B: Management Software Default Settings1440MultipleSpanning TreeProtocolThe following table describes the RSTP default settings.Loop Guard Di

AT-9000 Switch Command Line User’s Guide1441System NameThe default setting for the system name is listed in this table.System Name Setting DefaultSyst

AT-9000 Switch Command Line User’s Guide119LINE VTYSyntaxline vty first_line_id [last_line_id]Parametersfirst_line_idSpecifies the number of a VTY lin

Appendix B: Management Software Default Settings1442TACACS+ Client The following table lists the TACACS+ client configuration default settings.TACACS+

AT-9000 Switch Command Line User’s Guide1443Telnet ServerThe default settings for the Telnet server are listed in this table.NoteThe Telnet port numbe

Appendix B: Management Software Default Settings1444VLANsThis section provides the VLAN default settings.VLAN Setting DefaultDefault VLAN Name Default

AT-9000 Switch Command Line User’s Guide1445Web ServerThe following table lists the web server default settings.Web Server Configuration Setting Defau

Appendix B: Management Software Default Settings1446

1447Command IndexAAAA ACCOUNTING LOGIN command 1379AAA ACCOUNTING LOGIN TACACS command 1379AAA AUTHENTICATION DOT1X DEFAULT GROUP command 881AAA AUTHE

Index1448ENABLE command 24, 64ENABLE PASSWORD command 1266, 1272END command 28, 65ERASE STARTUP-CONFIG command 92, 113, 454ESTACK COMMAND-SWITCH comma

AT-9000 Switch Command Line User’s Guide1449NO ECOFRIENDLY LED command 79NO EGRESS-RATE-LIMIT command 181NO ENABLE PASSWORD command 1267, 1274NO ESTAC

Index1450NO SWITCHPORT VLAN-STACKING command 832NO TACACS-SERVER HOST command 1372, 1391NO TACACS-SERVER KEY command 1401NO TACACS-SERVER TIMEOUT comm

AT-9000 Switch Command Line User’s Guide1451SHOW IP INTERFACE command 265, 289SHOW IP ROUTE command 263, 265, 290SHOW IPV6 INTERFACE command 269, 292S

Chapter 8: Basic Switch Management Commands120NO HOSTNAMESyntaxno hostnameParametersNoneModeGlobal Configuration modeDescriptionUse this command to de

Index1452SPANNING-TREE MODE MSTP command 676SPANNING-TREE MODE RSTP command 606, 634SPANNING-TREE MODE STP command 582, 598SPANNING-TREE MST CONFIGURA

AT-9000 Switch Command Line User’s Guide121PINGSyntaxping ipaddress|hostnameParametersipaddressSpecifies the IP address of the network device to recei

AT-9000 Switch Command Line User’s Guide15SPANNING-TREE RSTP ENABLE...

Chapter 8: Basic Switch Management Commands122NoteThe switch sends the ICMP Echo Requests from the ports of the VLAN assigned the management IP addres

AT-9000 Switch Command Line User’s Guide123PING IPv6Syntaxping ipv6 <ipv6-address> repeat <1-99> size <36-18024> Parametersipv6-addr

Chapter 8: Basic Switch Management Commands124REBOOTSyntaxrebootParametersNoneModePrivileged Exec modeDescriptionUse this command to reset the switch.

AT-9000 Switch Command Line User’s Guide125RELOADSyntaxreloadParametersNoneModePrivileged Exec modeDescriptionUse this command to reset the switch. Yo

Chapter 8: Basic Switch Management Commands126SERVICE MAXMANAGERSyntaxservice maxmanager valueParametersvalueSpecifies the maximum number of manager s

AT-9000 Switch Command Line User’s Guide127SHOW BANNER LOGINSyntaxshow banner login ParametersNoneModePrivileged Exec modeDescriptionUse this command

Chapter 8: Basic Switch Management Commands128SHOW BAUD-RATESyntaxshow baud-rateParametersNoneModeUser Exec mode and Privileged Exec modeDescriptionUs

AT-9000 Switch Command Line User’s Guide129SHOW CLOCKSyntaxshow clockParametersNoneModesUser Exec modeDescriptionUse this command to display the syste

Chapter 8: Basic Switch Management Commands130SHOW RUNNING-CONFIGSyntaxshow running-configParametersNoneModesPrivileged Exec modeDescriptionUse this c

AT-9000 Switch Command Line User’s Guide131SHOW SWITCHSyntaxshow switchParametersNoneModesPrivileged Exec modeDescriptionUse this command to view the

Contents16Port VLAN Identifier ...

Chapter 8: Basic Switch Management Commands132ExampleThe following example displays the switch information:awplus# show switchActive Spanning Tree ver

AT-9000 Switch Command Line User’s Guide133SHOW SYSTEMSyntaxshow systemParametersNoneModesUser Exec and Privileged Exec modesDescriptionUse this comma

Chapter 8: Basic Switch Management Commands134SHOW SYSTEM SERIALNUMBERSyntaxshow system serialnumberParametersNoneModeUser Exec and Privileged Exec mo

AT-9000 Switch Command Line User’s Guide135SHOW USERSSyntaxshow usersParametersNoneModesPrivileged Exec modeDescriptionUse this command to display the

Chapter 8: Basic Switch Management Commands136ExampleThis example displays the managers who are logged on to the switch:awplus# show usersIdle The num

AT-9000 Switch Command Line User’s Guide137SHOW VERSIONSyntaxshow versionParametersNoneModeUser Exec and Privileged Exec modesDescriptionUse this comm

Chapter 8: Basic Switch Management Commands138SNMP-SERVER CONTACTSyntaxsnmp-server contact contactParameterscontactSpecifies the name of the person re

AT-9000 Switch Command Line User’s Guide139SNMP-SERVER LOCATIONSyntaxsnmp-server location locationParameterslocationSpecifies the location of the swit

Chapter 8: Basic Switch Management Commands140SYSTEM TERRITORYSyntaxsystem territory territoryParametersterritorySpecifies the territory of the switch

AT-9000 Switch Command Line User’s Guide141This example removes the current territory information:awplus> enableawplus# configure terminalawplus(co

AT-9000 Switch Command Line User’s Guide17SHOW GVRP MACHINE ...

Chapter 8: Basic Switch Management Commands142

143Chapter 9Port ParametersThis chapter contains the following: “Adding Descriptions” on page 144 “Setting the Speed and Duplex Mode” on page 145 “

Chapter 9: Port Parameters144Adding DescriptionsThe ports will be easier to identify if you give them descriptions. The descriptions are viewed with t

AT-9000 Switch Command Line User’s Guide145Setting the Speed and Duplex ModeThe twisted pair ports on the switch can operate at 10, 100, or 1000 Mbps,

Chapter 9: Port Parameters146This example sets the speeds of ports 11 and 17 to 100Mbps:awplus> enableawplus# configure terminalawplus(config)# int

AT-9000 Switch Command Line User’s Guide147Setting the MDI/MDI-X Wiring ConfigurationThe wiring configurations of twisted pair ports that operate at 1

Chapter 9: Port Parameters148Enabling or Disabling PortsDisabling ports turns off their receivers and transmitters so that they cannot forward traffic

AT-9000 Switch Command Line User’s Guide149Enabling or Disabling BackpressurePorts use backpressure during periods of packet congestion, to prevent pa

Chapter 9: Port Parameters150Enabling or Disabling Flow ControlWhen a port that is operating in full-duplex mode needs to temporarily stop its local o

AT-9000 Switch Command Line User’s Guide151This example configures port 21 not to send pause packets during periods of packet congestion:awplus> en

Contents18Provider Ports ...

Chapter 9: Port Parameters152If flow control is not configured on a port, this message is displayed:Flow control is not set on interface port1.0.2

AT-9000 Switch Command Line User’s Guide153Resetting PortsIf a port is experiencing a problem, you may be able to correct it with the RESET command in

Chapter 9: Port Parameters154Configuring Threshold Limits for Ingress PacketsYou can set threshold limits for the ingress packets on the ports. The th

AT-9000 Switch Command Line User’s Guide155To remove threshold limits from the ports, use the NO STORM-CONTROL command, also in the Port Interface mod

Chapter 9: Port Parameters156Displaying Threshold Limit Settings on PortsTo display the threshold settings for the ingress packets on the ports, use t

AT-9000 Switch Command Line User’s Guide157Reinitializing Auto-NegotiationIf you believe that a port set to Auto-Negotiation is not using the highest

Chapter 9: Port Parameters158Restoring the Default SettingsTo restore the default settings on a port, use the PURGE command in the Port Interface mode

AT-9000 Switch Command Line User’s Guide159Displaying Port SettingsThere are several ways to display port settings. See the following: “Displaying Sp

Chapter 9: Port Parameters160Figure 46. SHOW INTERFACE CommandThe fields are described in Table 13 on page 194. For a description of the command, see

AT-9000 Switch Command Line User’s Guide161Displaying or Clearing Port StatisticsTo view packet statistics for the individual ports, use the SHOW PLAT

AT-9000 Switch Command Line User’s Guide19Configuring Authenticator Ports ...

Chapter 9: Port Parameters162Displaying SFP Information To view information on a plugged SFP on the switch, use the SHOW SYSTEM PLUGGABLE command in t

163Chapter 10Port Parameter CommandsThe port parameter commands are summarized in Table 11.Table 11. Port Parameter CommandsCommand Mode Description“B

Chapter 10: Port Parameter Commands164“NO STORM-CONTROL” on page 185Port Interface Removes threshold limits for broadcast, multicast, or unknown unica

165“STORM-CONTROL” on page 213 Port Interface Sets a maximum limit of the number of broadcast, multicast, or unknown unicast packets forwarded by a po

Chapter 10: Port Parameter Commands166BACKPRESSURESyntaxbackpressure on|offParametersonActivates backpressure on the ports.offDeactivates backpressure

AT-9000 Switch Command Line User’s Guide167This example configures ports 8 and 21 to 100 Mbps, half-duplex mode, with backpressure disabled:awplus>

Chapter 10: Port Parameter Commands168BPLIMITSyntaxbplimit bplimitParametersbplimitSpecifies the number of cells for backpressure. A cell represents 1

AT-9000 Switch Command Line User’s Guide169CLEAR PORT COUNTERSyntaxclear port counter portParametersportSpecifies the port whose packet counters you w

Chapter 10: Port Parameter Commands170DESCRIPTIONSyntaxdescription descriptionParametersdescriptionSpecifies a description of 1 to 240 alphanumeric ch

AT-9000 Switch Command Line User’s Guide171This example removes the current name from port 11 without assigning a new name:awplus> enableawplus# co

CopyrightCopyright © 2014, Allied Telesis, Inc.All rights reserved.This product includes software licensed under the BSD License. As such, the followi

Contents20Chapter 63: SNMPv1 and SNMPv2c Commands ...945NO SNMP-SE

Chapter 10: Port Parameter Commands172DUPLEXSyntaxduplex auto|half|fullParametersautoActivates Auto-Negotiation for the duplex mode, so that the duple

AT-9000 Switch Command Line User’s Guide173ExamplesThis example sets the duplex mode on port 11 half-duplex:awplus> enableawplus# configure termina

Chapter 10: Port Parameter Commands174EGRESS-RATE-LIMITSyntaxegress-rate-limit valueParametersvalueSpecifies the maximum amount of traffic that can be

AT-9000 Switch Command Line User’s Guide175FCTRLLIMITSyntaxfctrllimit fctrllimitParametersfctrllimitSpecifies the number of cells for flow control. A

Chapter 10: Port Parameter Commands176FLOWCONTROLSyntaxflowcontrol send|receive|both on|offParametersendControls whether a port sends pause packets du

AT-9000 Switch Command Line User’s Guide177partner. If it is off, a port does not respond to pause packets and continues to transmit packets. At the d

Chapter 10: Port Parameter Commands178This example configures port 1 and 2 to 10 Mbps, full-duplex mode. The send portion of flow control is disabled

AT-9000 Switch Command Line User’s Guide179HOLBPLIMITSyntaxholbplimit holbplimitParameterholbplimitSpecifies the threshold at which a port signals a h

Chapter 10: Port Parameter Commands180Figure 48. Head of Line BlockingThe HOL Limit parameter can help prevent this problem from occurring. It sets a

AT-9000 Switch Command Line User’s Guide181NO EGRESS-RATE-LIMITSyntaxno egress-rate-limitParametersNoneModePort Interface modeDescriptionUse this comm

AT-9000 Switch Command Line User’s Guide21Chapter 66: sFlow Agent Commands ...

Chapter 10: Port Parameter Commands182NO FLOWCONTROLSyntaxno flowcontrolParameterNoneModePort Interface modeDescriptionUse this command to disable flo

AT-9000 Switch Command Line User’s Guide183NO SHUTDOWNSyntaxno shutdownParametersNoneModePort Interface modeDescriptionUse this command to enable port

Chapter 10: Port Parameter Commands184NO SNMP TRAP LINK-STATUSSyntaxno snmp trap link-statusParameterNoneModePort Interface modeDescriptionUse this co

AT-9000 Switch Command Line User’s Guide185NO STORM-CONTROLSyntaxno storm-control broadcast|multicast|dlfParametersbroadcastSpecifies broadcast packet

Chapter 10: Port Parameter Commands186POLARITYSyntaxpolarity auto|mdi|mdixParametersautoActivates auto-MDI/MDIX.mdiSets a port’s wiring configuration

AT-9000 Switch Command Line User’s Guide187This example sets ports 4 and 18 to the MDI-X wiring configuration:awplus> enableawplus# configure termi

Chapter 10: Port Parameter Commands188PURGESyntaxpurgeParametersNoneModePort Interface modeDescriptionUse this command to restore the default settings

AT-9000 Switch Command Line User’s Guide189RENEGOTIATESyntaxrenegotiateParametersNoneModePort Interface modeDescriptionUse this command to prompt a po

Chapter 10: Port Parameter Commands190RESETSyntaxresetParametersNoneModePort Interface modeDescriptionUse this command to perform a hardware reset on

AT-9000 Switch Command Line User’s Guide191SHOW FLOWCONTROL INTERFACESyntaxshow flowcontrol interface portParameterportSpecifies the port whose flow c

Contents22NO LLDP TLV-SELECT ...

Chapter 10: Port Parameter Commands192ExampleThis command displays the flow control settings for port 2:awplus# show flowcontrol interface port1.0.2Rx

AT-9000 Switch Command Line User’s Guide193SHOW INTERFACESyntaxshow interface [port]ParameterportSpecifies the port whose current status you want to v

Chapter 10: Port Parameter Commands194Figure 50. SHOW INTERFACE CommandThe fields are described in Table 13.Interface port1.0.1Link is UP, administrat

AT-9000 Switch Command Line User’s Guide195Link is The status of the link on the port. This field is UP when the port has a link with a network device

Chapter 10: Port Parameter Commands196ExamplesThis command displays the current operational state of all the ports:awplus# show interfaceThis command

AT-9000 Switch Command Line User’s Guide197SHOW INTERFACE BRIEFSyntaxshow interface briefParameterNoneModesPrivileged Exec modeDescriptionUse this com

Chapter 10: Port Parameter Commands198ExampleThe following example displays the administrative and link statuses of all of the ports on the switch:awp

AT-9000 Switch Command Line User’s Guide199SHOW INTERFACE STATUSSyntaxshow interface [port] statusParameterportSpecifies the port whose parameter sett

Chapter 10: Port Parameter Commands200ExamplesThis command displays the settings of all the ports:awplus# show interface statusThis command displays t

AT-9000 Switch Command Line User’s Guide201SHOW PLATFORM TABLE PORT COUNTERSSyntaxshow platform table port [port] countersParameterportSpecifies the p

AT-9000 Switch Command Line User’s Guide23SHOW RMON EVENT ...

Chapter 10: Port Parameter Commands202MulticastPkts Number of received and transmitted multicast packets.BroadcastPkts Number of received and transmit

AT-9000 Switch Command Line User’s Guide203ExamplesThis command displays the statistics for ports 21 and 23:awplus# show platform table port port1.0.2

Chapter 10: Port Parameter Commands204SHOW RUNNING-CONFIG INTERFACESyntaxshow running-config interface portParametersportSpecifies a port, multiple po

AT-9000 Switch Command Line User’s Guide205SHOW STORM-CONTROLSyntaxshow storm-control [port]ParametersportSpecifies the port whose storm-control, thre

Chapter 10: Port Parameter Commands206ExamplesThis command displays the settings of all the ports:awplus# show storm-controlThis command displays the

AT-9000 Switch Command Line User’s Guide207SHOW SYSTEM PLUGGABLESyntaxshow system pluggableParametersNoneModePrivileged Exec modeDescriptionUse this c

Chapter 10: Port Parameter Commands208SHOW SYSTEM PLUGGABLE DETAILSyntaxshow system pluggable detailParametersNoneModePrivileged Exec modeDescriptionU

AT-9000 Switch Command Line User’s Guide209SHUTDOWNSyntaxshutdownParameterNoneModePort Interface modeDescriptionUse this command to disable ports. Por

Chapter 10: Port Parameter Commands210SNMP TRAP LINK-STATUSSyntaxsnmp trap link-statusParameterNoneModePort Interface modeDescriptionUse this command

AT-9000 Switch Command Line User’s Guide211SPEEDSyntaxspeed auto|10|100|1000ParametersautoActivates Auto-Negotiation so that the speed is configured a

Contents24NO MLS QOS ENABLE...

Chapter 10: Port Parameter Commands212This example activates Auto-Negotiation on port 15:awplus> enableawplus# configure terminalawplus(config)# in

AT-9000 Switch Command Line User’s Guide213STORM-CONTROLSyntaxstorm-control broadcast|multicast|dlf level valueParametersbroadcastSpecifies broadcast

Chapter 10: Port Parameter Commands214ExamplesThis example sets the maximum threshold level of 5,000 packets per second for ingress broadcast packets

215Chapter 11Power Over Ethernet “Overview” on page 216 “Enabling and Disabling PoE” on page 218  “Adding PD Descriptions to Ports” on page 220  “

Chapter 11: Power Over Ethernet216OverviewThe AT-9000/12PoE and AT-9000/28PoE switches feature Power over Ethernet (PoE) on the 10/100Base-Tx ports. P

AT-9000 Switch Command Line User’s Guide217The AT-9000/12POE switch has a power budget of 125 watts. The AT-9000/28POE switch has a power budget of 37

Chapter 11: Power Over Ethernet218Enabling and Disabling PoEEnabling PoE on ports allows the switch to supply power to PDs connected to the ports. In

AT-9000 Switch Command Line User’s Guide219This example disables PoE individually on port 5 to port 8:awplus> enableawplus# configure terminalawplu

Chapter 11: Power Over Ethernet220Adding PD Descriptions to PortsPDs connected to the ports are easier to identify if you give them descriptions. To a

AT-9000 Switch Command Line User’s Guide221Prioritizing PortsWhen the total power requirements of the PDs exceed the total available power of the swit

AT-9000 Switch Command Line User’s Guide25Disabling the SSH Server ...

Chapter 11: Power Over Ethernet222Managing the Maximum Power Limit on PortsTo manage the switch’s power and optimize its power distribution, the switc

AT-9000 Switch Command Line User’s Guide223Managing Legacy PDsThe PoE switch automatically detects whether or not a device plugged into the PoE-enable

Chapter 11: Power Over Ethernet224Monitoring Power ConsumptionYou can monitor the power consumption of the switch and PDs by configuring the unit to t

AT-9000 Switch Command Line User’s Guide225Displaying PoE InformationThe switch allows you to display PoE information using three commands. Each comma

Chapter 11: Power Over Ethernet226This example displays the PoE information of port 1 through port 4:awplus# show power inline interface port1.0.1-por

227Chapter 12Power Over Ethernet CommandsThe Power over Ethernet (PoE) commands are summarized in Table 22. These commands are only supported on the P

Chapter 12: Power Over Ethernet Commands228“POWER-INLINE PRIORITY” on page 242Port Interface Assigns a PoE priority level to a port.“POWER-INLINE USAG

AT-9000 Switch Command Line User’s Guide229CLEAR POWER-INLINE COUNTERS INTERFACESyntaxclear power-inline counters interface [port]ParameterportSpecifi

Chapter 12: Power Over Ethernet Commands230NO POWER-INLINE ALLOW-LEGACYSyntaxno power-inline allow-legacyParametersNoneModePort Interface modeDescript

AT-9000 Switch Command Line User’s Guide231NO POWER-INLINE DESCRIPTIONSyntaxno power-inline descriptionParametersNoneModePort Interface modeDescriptio

Contents26Removing the Accounting Method List...1368Deleting

Chapter 12: Power Over Ethernet Commands232NO POWER-INLINE ENABLESyntaxno power-inline enableParametersNoneModePort Interface modeDescriptionUse this

AT-9000 Switch Command Line User’s Guide233NO POWER-INLINE MAXSyntaxno power-inline maxParametersNoneModePort Interface modeDescriptionUse this comman

Chapter 12: Power Over Ethernet Commands234NO POWER-INLINE PRIORITYSyntaxno power-inline priorityParametersNoneModePort Interface modeDescriptionUse t

AT-9000 Switch Command Line User’s Guide235NO POWER-INLINE USAGE-THRESHOLDSyntaxno power-inline usage-thresholdParametersNoneModeGlobal Configuration

Chapter 12: Power Over Ethernet Commands236NO SERVICE POWER-INLINESyntaxno service power-inlineParametersNoneModeGlobal Configuration modeDescriptionU

AT-9000 Switch Command Line User’s Guide237NO SNMP-SERVER ENABLE TRAP POWER-INLINESyntaxno snmp-server enable trap power-inlineParametersNoneModeGloba

Chapter 12: Power Over Ethernet Commands238POWER-INLINE ALLOW-LEGACYSyntaxpower-inline allow-legacyParametersNoneModePort Interface modeDescriptionUse

AT-9000 Switch Command Line User’s Guide239POWER-INLINE DESCRIPTIONSyntaxpower-inline description descriptionParametersdescriptionSpecifies a PD descr

Chapter 12: Power Over Ethernet Commands240POWER-INLINE ENABLESyntaxpower-inline enableParametersNoneModePort Interface modeDescriptionUse this comman

AT-9000 Switch Command Line User’s Guide241POWER-INLINE MAXSyntaxpower-inline max max_powerParametersmax_powerSpecifies the maximum power limit of the

AT-9000 Switch Command Line User’s Guide27RADIUS Client ...

Chapter 12: Power Over Ethernet Commands242POWER-INLINE PRIORITYSyntaxpower-inline priority critical|high|lowParameterscriticalSets ports to the Criti

AT-9000 Switch Command Line User’s Guide243ExampleThis example assigns the Critical priority level to port 5:awplus> enableawplus# configure termin

Chapter 12: Power Over Ethernet Commands244POWER-INLINE USAGE-THRESHOLDSyntaxpower-inline usage-threshold thresholdParametersthresholdSpecifies the po

AT-9000 Switch Command Line User’s Guide245SERVICE POWER-INLINESyntaxservice power-inlineParametersNoneModeGlobal Configuration modeDescriptionUse thi

Chapter 12: Power Over Ethernet Commands246SHOW POWER-INLINESyntaxshow power-inlineParameterNoneModePrivileged Exec modeDescriptionUse this command to

AT-9000 Switch Command Line User’s Guide247Table 23. SHOW POWER-INLINE CommandField DescriptionNominal Power The switch’s total available power in wat

Chapter 12: Power Over Ethernet Commands248ExampleThis example displays PoE information about the switch and ports:awplus# show power-inlineOper The P

AT-9000 Switch Command Line User’s Guide249SHOW POWER-INLINE COUNTERS INTERFACESyntaxshow power-inline counters interface portParameterportSpecifies a

Chapter 12: Power Over Ethernet Commands250ExampleThis command displays the PoE event counters for ports 4 to 6:awplus# show power-inline counters int

AT-9000 Switch Command Line User’s Guide251SHOW POWER-INLINE INTERFACESyntaxshow power-inline interface portParameterportSpecifies a port. You can dis

Contents28

Chapter 12: Power Over Ethernet Commands252SHOW POWER-INLINE INTERFACE DETAILSyntaxshow power-inline interface port detailParameterportSpecifies a por

AT-9000 Switch Command Line User’s Guide253PoE admin The status of PoE on the port. The status can be one of the following: Enabled: PoE is enabled.

Chapter 12: Power Over Ethernet Commands254ExamplesThis example displays PoE information for port 1:awplus# show power-inline interface port1.0.1 deta

AT-9000 Switch Command Line User’s Guide255SNMP-SERVER ENABLE TRAP POWER-INLINESyntaxsnmp-server enable trap power-inlineParametersNoneModeGlobal Conf

Chapter 12: Power Over Ethernet Commands256

257Chapter 13IPv4 and IPv6 Management AddressesThis chapter contains the following information: “Overview” on page 258 “Assigning an IPv4 Management

Chapter 13: IPv4 and IPv6 Management Addresses258OverviewThis chapter explains how to assign the switch an IP address. The switch must have an IP addr

AT-9000 Switch Command Line User’s Guide259Here are the guidelines to assigning the switch management IPv4 and IPv6 addresses: The switch supports on

Chapter 13: IPv4 and IPv6 Management Addresses260 If you assign both IPv4 and IPv6 addresses to the switch, they must be assigned to the same VLAN.

AT-9000 Switch Command Line User’s Guide261Assigning an IPv4 Management Address and Default GatewayThis section covers the following topics: “Adding

1FiguresFigure 1: Command Modes ...

Chapter 13: IPv4 and IPv6 Management Addresses262Here are several examples of the command. The first example assigns the switch the management IPv4 ad

AT-9000 Switch Command Line User’s Guide263The next series of commands assigns the management address 143.24.55.67 and subnet mask 255.255.255.0 to th

Chapter 13: IPv4 and IPv6 Management Addresses264NoteIf an IPv4 default gateway is already assigned to the switch, you must delete it prior to enterin

AT-9000 Switch Command Line User’s Guide265awplus> enableawplus# configure terminalawplus(config)# no ip route 0.0.0.0/0 149.121.43.23Displaying an

Chapter 13: IPv4 and IPv6 Management Addresses266Assigning an IPv6 Management Address and Default GatewayThis section covers the following topics: “A

AT-9000 Switch Command Line User’s Guide267NoteIf there is a management IPv6 address already assigned to the switch, you must delete it prior to enter

Chapter 13: IPv4 and IPv6 Management Addresses268The IPADDDRESS parameter is the default gateway to be assigned the switch. The address must be an IPv

AT-9000 Switch Command Line User’s Guide269Displaying anIPv6ManagementAddress andDefault GatewayThere are two commands for displaying a management IPv

Chapter 13: IPv4 and IPv6 Management Addresses270

271Chapter 14IPv4 and IPv6 Management Address CommandsThe IPv4 and IPv6 management address commands are summarized in Table 27.Table 27. Management IP

Allied Telesis is committed to meeting the requirements of the open source licenses including the GNU General Public License (GPL) and will make all r

List of Figures2Figure 50: SHOW INTERFACE Command...

Chapter 14: IPv4 and IPv6 Management Address Commands272“SHOW IPV6 INTERFACE” on page 292Privileged Exec Displays the IPv4 management address.“SHOW IP

AT-9000 Switch Command Line User’s Guide273CLEAR IPV6 NEIGHBORSSyntaxclear ipv6 neighborsParametersNoneModePrivileged Exec modeDescriptionUse this com

Chapter 14: IPv4 and IPv6 Management Address Commands274IP ADDRESSSyntaxip address ipaddress/maskParametersipaddressSpecifies a management IPv4 addres

AT-9000 Switch Command Line User’s Guide275ExamplesThis example assigns the switch the IPv4 management address 142.35.78.21 and subnet mask 255.255.25

Chapter 14: IPv4 and IPv6 Management Address Commands276IP ADDRESS DHCPSyntaxip address dhcpParametersNoneModeVLAN Interface modeDescriptionUse this c

AT-9000 Switch Command Line User’s Guide277ExampleThis example activates the DHCP client so that the switch obtains its IPv4 management address from a

Chapter 14: IPv4 and IPv6 Management Address Commands278IP ROUTESyntaxip route 0.0.0.0/0 ipaddressParametersipaddressSpecifies an IPv4 default gateway

AT-9000 Switch Command Line User’s Guide279ExampleThis example assigns the switch the IPv4 default gateway address 143.87.132.45:awplus> enableawpl

Chapter 14: IPv4 and IPv6 Management Address Commands280IPV6 ADDRESSSyntaxipv6 address ipaddress/maskParametersipaddressSpecifies an IPv6 management a

AT-9000 Switch Command Line User’s Guide281and syslog servers). The VLAN must already exist on the switch before you use this command.Confirmation Com

AT-9000 Switch Command Line User’s Guide3Figure 110: Edge Port ...

Chapter 14: IPv4 and IPv6 Management Address Commands282IPV6 ROUTESyntaxipv6 route ::/0 ipaddressParametersipaddressSpecifies an IPv6 address of a def

AT-9000 Switch Command Line User’s Guide283ExampleThis example assigns the switch the IPv6 default gateway address 45ab:672:934c::78:17cb:awplus> e

Chapter 14: IPv4 and IPv6 Management Address Commands284NO IP ADDRESSSyntaxno ip addressParametersNoneModeVLAN Interface modeDescriptionUse this comma

AT-9000 Switch Command Line User’s Guide285NO IP ADDRESS DHCPSyntaxno ip address dhcpParametersNoneModeVLAN Interface modeDescriptionUse this command

Chapter 14: IPv4 and IPv6 Management Address Commands286NO IP ROUTESyntaxno ip route 0.0.0.0/0 ipaddressParametersipaddressSpecifies the current defau

AT-9000 Switch Command Line User’s Guide287NO IPV6 ADDRESSSyntaxno ipv6 addressParametersNoneModeVLAN Interface modeDescriptionUse this command to del

Chapter 14: IPv4 and IPv6 Management Address Commands288NO IPV6 ROUTESyntaxno ipv6 route ::/0 ipaddressParametersipaddressSpecifies the current IPv6 d

AT-9000 Switch Command Line User’s Guide289SHOW IP INTERFACESyntaxshow ip interfaceParametersNoneModePrivileged Exec modeDescriptionUse this command t

Chapter 14: IPv4 and IPv6 Management Address Commands290SHOW IP ROUTESyntaxshow ip routeParametersNoneModePrivileged Exec modeDescriptionUse this comm

AT-9000 Switch Command Line User’s Guide291ExampleThe following example displays the routes on the switch:awplus# show ip route

List of Figures4Figure 170: SHOW SNMP-SERVER Command...

Chapter 14: IPv4 and IPv6 Management Address Commands292SHOW IPV6 INTERFACESyntaxshow ipv6 interfaceParametersNoneModePrivileged Exec modeDescriptionU

AT-9000 Switch Command Line User’s Guide293SHOW IPV6 ROUTESyntaxshow ipv6 routeParametersNoneModePrivileged Exec modeDescriptionUse this command to di

Chapter 14: IPv4 and IPv6 Management Address Commands294

295Chapter 15Simple Network Time Protocol (SNTP) ClientThis chapter contains the following information: “Overview” on page 296 “Activating the SNTP

Chapter 15: Simple Network Time Protocol (SNTP) Client296OverviewThe switch has a Simple Network Time Protocol (SNTP) client for setting its date and

AT-9000 Switch Command Line User’s Guide297Activating the SNTP Client and Specifying the IP Address of an NTP or SNTP ServerTo activate the SNTP clien

Chapter 15: Simple Network Time Protocol (SNTP) Client298Configuring Daylight Savings Time and UTC OffsetIf the time that the NTP or SNTP server provi

AT-9000 Switch Command Line User’s Guide299In this example, the client is configured for ST and a UTC offset of +2 hours and 45 minutes:awplus> ena

Chapter 15: Simple Network Time Protocol (SNTP) Client300Disabling the SNTP ClientTo disable the SNTP client so that the switch does not obtain its da

AT-9000 Switch Command Line User’s Guide301Displaying the SNTP ClientTo display the settings of the SNTP client on the switch, use the SHOW NTP ASSOCI

5Table 1. Remote Software Tool Settings ...

Chapter 15: Simple Network Time Protocol (SNTP) Client302Displaying the Date and TimeTo display the date and time, use the SHOW CLOCK command in the U

303Chapter 16SNTP Client CommandsThe SNTP commands are summarized in Table 31.Table 31. Simple Network Time Protocol CommandsCommand Mode Description“

Chapter 16: SNTP Client Commands304CLOCK SUMMER-TIMESyntaxclock summer-timeParametersNoneModeGlobal Configuration modeDescriptionUse this command to e

AT-9000 Switch Command Line User’s Guide305CLOCK TIMEZONESyntaxclock timezone +hh:mm|-hh:mmParametershh:mmSpecifies the number of hours and minutes di

Chapter 16: SNTP Client Commands306NO CLOCK SUMMER-TIMESyntaxno clock summer-timeParametersNoneModeGlobal Configuration modeDescriptionUse this comman

AT-9000 Switch Command Line User’s Guide307NO NTP PEERSyntaxno ntp serverParameterNoneModeGlobal Configuration modeDescriptionUse this command to deac

Chapter 16: SNTP Client Commands308NTP PEERSyntaxntp peer ipaddressParameteripaddressSpecifies an IP address of an SNTP or NTP server.ModeGlobal Confi

AT-9000 Switch Command Line User’s Guide309PURGE NTPSyntaxpurge ntpParameterNoneModeGlobal Configuration modeDescriptionUse this command to disable th

Chapter 16: SNTP Client Commands310SHOW CLOCKSyntaxshow clockParametersNoneModesUser Exec mode and Privileged Exec modeDescriptionUse this command to

AT-9000 Switch Command Line User’s Guide311SHOW NTP ASSOCIATIONSSyntaxshow ntp associationsParametersNoneModePrivileged Exec modeDescriptionUse this c

Tables6Table 50. Event Log Commands ...

Chapter 16: SNTP Client Commands312ExampleThe following example displays the settings of the SNTP client:awplus# show ntp associationsUTC Offset The t

AT-9000 Switch Command Line User’s Guide313SHOW NTP STATUSSyntaxshow ntp statusParametersNoneModePrivileged Exec modeDescriptionUse this command to di

Chapter 16: SNTP Client Commands314

315Chapter 17MAC Address TableThis chapter discusses the following topics: “Overview” on page 316 “Adding Static MAC Addresses” on page 318 “Deleti

Chapter 17: MAC Address Table316OverviewThe MAC address table stores the MAC addresses of all the network devices that are connected to the switch’s p

AT-9000 Switch Command Line User’s Guide317The period of time the switch waits before purging inactive dynamic MAC addresses is called the aging time.

Chapter 17: MAC Address Table318Adding Static MAC AddressesThe command for adding static unicast MAC addresses to the switch is MAC ADDRESS-TABLE STAT

AT-9000 Switch Command Line User’s Guide319awplus> enableawplus# configure terminalawplus(config)# mac address-table static 00:a0:d2:18:1a:11 disca

Chapter 17: MAC Address Table320Deleting MAC AddressesTo delete MAC addresses from the switch, use the CLEAR MAC ADDRESS-TABLE command in the Privileg

AT-9000 Switch Command Line User’s Guide321This example deletes all of the dynamic addresses learned on port 20: awplus> enableawplus# clear mac ad

AT-9000 Switch Command Line User’s Guide7Table 110. Deleting ARP Entries ...

Chapter 17: MAC Address Table322Setting the Aging TimerThe aging timer defines the length of time that inactive dynamic MAC addresses remain in the ta

AT-9000 Switch Command Line User’s Guide323Displaying the MAC Address TableTo view the aging time or the MAC address table, use the SHOW MAC ADDRESS-T

Chapter 17: MAC Address Table324This example displays the addresses learned on the ports in a VLAN with the VID 8:awplus# show mac address-table vlan

325Chapter 18MAC Address Table CommandsThe MAC address table commands are summarized in Table 33.Table 33. MAC Address Table CommandsCommand Mode Desc

Chapter 18: MAC Address Table Commands326CLEAR MAC ADDRESS-TABLESyntaxclear mac address-table dynamic|static [address macaddress]|[interface port]|[vl

AT-9000 Switch Command Line User’s Guide327ExamplesThis example deletes all of the dynamic addresses from the table:awplus> enableawplus# clear mac

Chapter 18: MAC Address Table Commands328MAC ADDRESS-TABLE AGEING-TIMESyntaxmac address-table ageing-time value|noneParameterageing-timeSpecifies the

AT-9000 Switch Command Line User’s Guide329This example disables the aging timer so that the switch does not delete inactive dynamic MAC addresses fro

Chapter 18: MAC Address Table Commands330MAC ADDRESS-TABLE STATICSyntaxmac address-table static macaddress forward|discard interface port [vlan vlan-n

AT-9000 Switch Command Line User’s Guide331Confirmation Command“SHOW MAC ADDRESS-TABLE” on page 334ExamplesThis example adds the static MAC address 44

Tables8

Chapter 18: MAC Address Table Commands332NO MAC ADDRESS-TABLE STATICSyntaxno mac address-table static macaddress forward|discard interface port [vlan

AT-9000 Switch Command Line User’s Guide333Confirmation Command“SHOW MAC ADDRESS-TABLE” on page 334ExamplesThis example deletes the MAC address 00:A0:

Chapter 18: MAC Address Table Commands334SHOW MAC ADDRESS-TABLESyntaxshow mac address-table begin|exclude|include [interface port]|[vlan vid]Parameter

AT-9000 Switch Command Line User’s Guide335An example of the table is shown in Figure 77.Figure 77. SHOW MAC ADDRESS-TABLE CommandThe Aging Interval f

Chapter 18: MAC Address Table Commands336The Multicast Switch Forwarding Database contains the multicast addresses. The columns are defined in this ta

337Chapter 19Enhanced StackingThis chapter discusses the following topics: “Overview” on page 338 “Configuring the Command Switch” on page 341 “Con

Chapter 19: Enhanced Stacking338OverviewEnhanced stacking is a management tool that allows you to manage different AT-9000 Switches from one managemen

AT-9000 Switch Command Line User’s Guide339 A member switch can be any distance from the command switch, so long as the distance adheres to Ethernet

Chapter 19: Enhanced Stacking3402. On the switch chosen to be the command switch, activate enhanced stacking and change its stacking status to command

AT-9000 Switch Command Line User’s Guide341Configuring the Command SwitchHere is an example on how to configure the switch as the command switch of th

9PrefaceThis is the command line management guide for the AT-9000/12POE, AT-9000/28, AT-9000/28POE, AT-9000/28SP, and AT-9000/52 Managed Layer 2-4 Gig

Chapter 19: Enhanced Stacking3422. After creating the common VLAN on the switch, assign it the management IP address and default gateway:3. Use the ES

AT-9000 Switch Command Line User’s Guide343awplus# writeSave the configuration.

Chapter 19: Enhanced Stacking344Configuring a Member SwitchThis example shows you how to configure the switch as a member switch of an enhanced stack.

AT-9000 Switch Command Line User’s Guide3453. To save the configuration, enter the WRITE command in the Privileged Executive mode.4. Connect the switc

Chapter 19: Enhanced Stacking346Managing the Member Switches of an Enhanced StackHere are the steps on how to manage the member switches of an enhance

AT-9000 Switch Command Line User’s Guide3476. When you are finished managing the member switch, enter the EXIT command from the User Exec mode or Priv

Chapter 19: Enhanced Stacking348Changing the Enhanced Stacking ModeIf you want to change the enhanced stacking mode of a switch from command to member

AT-9000 Switch Command Line User’s Guide3492. On the member switch, change its mode from member to command with the ESTACK COMMAND-SWITCH command.3. O

Chapter 19: Enhanced Stacking350Uploading Boot Configuration Files from the Command Switch to Member SwitchesYou may use the enhanced stacking feature

AT-9000 Switch Command Line User’s Guide351The second prompt is shown here:Enter the list of switches ->At the prompt, enter the enhanced stack num

10Document ConventionsThis document uses the following conventions:NoteNotes provide additional information.CautionCautions inform you that performing

Chapter 19: Enhanced Stacking352Here are the steps to perform on the command switch to upload the configuration file from its file system to the membe

AT-9000 Switch Command Line User’s Guide353Here is another example of the feature. This example uploads a configuration file to a new switch in an enh

Chapter 19: Enhanced Stacking3543. Use the ESTACK RUN command in the Global Configuration mode to activate enhanced stacking on the switch. It is not

AT-9000 Switch Command Line User’s Guide3553. If the new member switch is to use BOOT.CFG as the name of its active boot configuration file, you compl

Chapter 19: Enhanced Stacking356awplus# show estack remotelistReconfirm the enhanced stacking ID number of the replacement member switch.awplus# confi

AT-9000 Switch Command Line User’s Guide357Uploading the Management Software from the Command Switch to Member SwitchesYou may use enhanced stacking t

Chapter 19: Enhanced Stacking358CautionA member switch stops forwarding network traffic after it receives the management software from the command swi

AT-9000 Switch Command Line User’s Guide359Disabling Enhanced StackingThe command that disables enhanced stacking on a switch is the NO ESTACK RUN com

Chapter 19: Enhanced Stacking360

361Chapter 20Enhanced Stacking CommandsThe enhanced stacking commands are summarized in Table 36.Table 36. Enhanced Stacking CommandsCommand Mode Desc

AT-9000 Switch Command Line User’s Guide11Where to Find Web-based GuidesThe installation and user guides for all of the Allied Telesis products are av

Chapter 20: Enhanced Stacking Commands362“UPLOAD IMAGE REMOTELIST” on page 376Global ConfigurationUploads the management software on the command switc

AT-9000 Switch Command Line User’s Guide363ESTACK COMMAND-SWITCHSyntaxestack command-switchParameterNoneModeGlobal Configuration modeDescription Use

Chapter 20: Enhanced Stacking Commands364ESTACK RUNSyntaxestack runParameterNoneModeGlobal Configuration modeDescriptionUse this command to activate e

AT-9000 Switch Command Line User’s Guide365NO ESTACK COMMAND-SWITCHSyntaxno estack command-switchParameterNoneModeGlobal Configuration modeDescription

Chapter 20: Enhanced Stacking Commands366NO ESTACK RUNSyntaxno estack runParameterNoneModeGlobal Configuration modeDescriptionUse this command to disa

AT-9000 Switch Command Line User’s Guide367RCOMMANDSyntaxrcommand switch_idParametersswitch_idSpecifies the ID number of a member switch you want to m

Chapter 20: Enhanced Stacking Commands368REBOOT ESTACK MEMBERSyntaxreboot estack member id_number | allParametersid_numberSpecifies the enhanced stack

AT-9000 Switch Command Line User’s Guide369ExamplesThis example reboots a member switch that has the ID number 3:awplus> enableawplus# configure te

Chapter 20: Enhanced Stacking Commands370SHOW ESTACKSyntaxshow estackParametersNoneModePrivileged Exec modeDescriptionUse this command to display whet

AT-9000 Switch Command Line User’s Guide371ExampleThe following example displays whether enhanced stacking is enabled or disabled on the switch and wh

12Contacting Allied TelesisIf you need assistance with this product, you may contact Allied Telesis technical support by going to the Support & Se

Chapter 20: Enhanced Stacking Commands372SHOW ESTACK COMMAND-SWITCHSyntaxshow estack command-switchParametersNoneModePrivileged Exec modeDescriptionUs

AT-9000 Switch Command Line User’s Guide373SHOW ESTACK REMOTELISTSyntaxshow estack remotelist [name] [series]ParametersnameSorts the list of switches

Chapter 20: Enhanced Stacking Commands374This example sorts the switches by host name:awplus> enableawplus# configure terminalawplus(config)# show

AT-9000 Switch Command Line User’s Guide375UPLOAD CONFIG REMOTELISTSyntaxupload config remotelistParametersNoneModeGlobal Configuration modeDescriptio

Chapter 20: Enhanced Stacking Commands376UPLOAD IMAGE REMOTELISTSyntaxupload image remotelistParametersNoneModeGlobal Configuration modeDescriptionUse

AT-9000 Switch Command Line User’s Guide377CautionThe member switches stop forwarding network traffic after they receive the management software from

Chapter 20: Enhanced Stacking Commands378

379Chapter 21Port MirrorThis chapter discusses the following topics: “Overview” on page 380 “Creating the Port Mirror or Adding New Source Ports” on

Chapter 21: Port Mirror380OverviewThe port mirror is a management tool that allows you to monitor the traffic on one or more ports on the switch. It w

AT-9000 Switch Command Line User’s Guide381Creating the Port Mirror or Adding New Source PortsThe command to create the port mirror is the MIRROR INTE

13Section IGetting StartedThis section contains the following chapters: Chapter 1, “AlliedWare Plus Command Line Interface” on page 15 Chapter 2, “S

Chapter 21: Port Mirror382Removing Source Ports or Deleting the Port MirrorTo remove source ports from the port mirror, enter the Port Interface mode

AT-9000 Switch Command Line User’s Guide383Combining the Port Mirror with Access Control ListsYou may combine the port mirror with an access control l

Chapter 21: Port Mirror384awplus(config)# interface port1.0.14,port1.0.15Enter the Port Interface modes for ports 14 and 15.awplus(config-if)# access-

AT-9000 Switch Command Line User’s Guide385Displaying the Port MirrorTo display the port mirror, go to the Privileged Exec mode and enter the SHOW MIR

Chapter 21: Port Mirror386

387Chapter 22Port Mirror CommandsThe port mirror commands are summarized in Table 38.Table 38. Port Mirror CommandsCommand Mode Description“MIRROR” on

Chapter 22: Port Mirror Commands388MIRRORSyntaxmirrorParametersNoneModePort Interface modeDescriptionUse this command to designate the destination por

AT-9000 Switch Command Line User’s Guide389MIRROR INTERFACESyntaxmirror interface source_ports direction receive|transmit|bothParameterssource_portsSp

Chapter 22: Port Mirror Commands390ExampleThis example configures the port mirror to copy the ingress traffic on ports 3 and 4, the source ports, to p

AT-9000 Switch Command Line User’s Guide391NO MIRROR INTERFACESyntaxno mirror interface source_portsParameterssource_portsSpecifies a source port of t

14

Chapter 22: Port Mirror Commands392SHOW MIRRORSyntaxshow mirrorParametersNoneModesPrivileged Exec modeDescriptionUse this command to display the sourc

AT-9000 Switch Command Line User’s Guide393If you are using the port mirror with access control lists to copy subsets of ingress packets on source por

Chapter 22: Port Mirror Commands394

395Chapter 23Internet Group Management Protocol (IGMP) SnoopingThis chapter discusses the following topics: “Overview” on page 396 “Host Node Topolo

Chapter 23: Internet Group Management Protocol (IGMP) Snooping396OverviewIGMP snooping allows the switch to control the flow of multicast packets from

AT-9000 Switch Command Line User’s Guide397improves switch performance and network security by restricting the flow of multicast packets to only those

Chapter 23: Internet Group Management Protocol (IGMP) Snooping398Host Node TopologyThe switch has a host node topology setting. You use this setting t

AT-9000 Switch Command Line User’s Guide399Enabling IGMP SnoopingThe command to enable IGMP Snooping on the switch is the IP IGMP SNOOPING command in

Chapter 23: Internet Group Management Protocol (IGMP) Snooping400Configuring the IGMP Snooping CommandsThis table lists the IGMP Snooping commands wit

AT-9000 Switch Command Line User’s Guide401This example limits the switch to two multicast groups and specifies that there is only one host node per p

15Chapter 1AlliedWare Plus Command Line InterfaceThis chapter has the following sections: “Management Sessions” on page 16 “Management Interfaces” o

Chapter 23: Internet Group Management Protocol (IGMP) Snooping402Disabling IGMP SnoopingThe command to disable IGMP Snooping on the switch is the NO I

AT-9000 Switch Command Line User’s Guide403Displaying IGMP SnoopingTo display the settings of IGMP Snooping and its status, use the SHOW IP IGMP SNOOP

Chapter 23: Internet Group Management Protocol (IGMP) Snooping404

405Chapter 24IGMP Snooping CommandsThe IGMP snooping commands are summarized in Table 41 and are described in detail within the chapter.Table 41. Inte

Chapter 24: IGMP Snooping Commands406CLEAR IP IGMPSyntaxclear ip igmpParametersNoneModePrivileged Exec modeDescriptionUse this command to clear all IG

AT-9000 Switch Command Line User’s Guide407IP IGMP LIMITSyntaxip igmp limit multicastgroupsParametermulticastgroupsSpecifies the maximum number of mul

Chapter 24: IGMP Snooping Commands408IP IGMP QUERIER-TIMEOUTSyntaxip igmp querier-timeout timeoutParameterstimeoutSpecifies the time period in seconds

AT-9000 Switch Command Line User’s Guide409IP IGMP SNOOPINGSyntaxip igmp snoopingParametersNoneModeGlobal Configuration modeDescriptionUse this comman

Chapter 24: IGMP Snooping Commands410IP IGMP SNOOPING FLOOD-UNKNOWN-MCASTSyntaxip igmp snooping flood-unknown-mcastParameterNoneModeGlobal Configurati

AT-9000 Switch Command Line User’s Guide411awplus> enableawplus# configure terminalawplus(config)# ip igmp snoopingawplus(config)# ip igmp snooping

Chapter 1: AlliedWare Plus Command Line Interface16Management SessionsYou can manage the switch locally or remotely. Local management is conducted thr

Chapter 24: IGMP Snooping Commands412IP IGMP SNOOPING MROUTERSyntaxip igmp snooping mrouter interface portParameterportSpecifies a port connected to a

AT-9000 Switch Command Line User’s Guide413IP IGMP STATUSSyntaxip igmp status single | multipleParameterssingleActivates the single-host per port sett

Chapter 24: IGMP Snooping Commands414NO IP IGMP SNOOPINGSyntaxno ip igmp snoopingParametersNoneModeGlobal Configuration modeDescriptionUse this comman

AT-9000 Switch Command Line User’s Guide415NO IP IGMP SNOOPING MROUTERSyntaxno ip igmp snooping mrouter interface portParameterportSpecifies a multica

Chapter 24: IGMP Snooping Commands416SHOW IP IGMP SNOOPINGSyntaxshow ip igmp snoopingParametersNoneModePrivileged Exec modeDescriptionUse this command

AT-9000 Switch Command Line User’s Guide417The information the command displays is explained in Table 42.Table 42. SHOW IP IGMP SNOOPING CommandParame

Chapter 24: IGMP Snooping Commands418ExampleThe following example displays the IGMP snooping parameters:awplus# show ip igmp snoopingPort/Trunk ID The

419Chapter 25Multicast CommandsThe multicast commands are summarized in Table 43.Table 43. Multicast CommandsCommand Mode Description“NO SWITCHPORT BL

Chapter 25: Multicast Commands420NO SWITCHPORT BLOCK EGRESS-MULTICASTSyntaxno switchport block egress-multicastParametersNoneModePort Interface modeDe

AT-9000 Switch Command Line User’s Guide421NO SWITCHPORT BLOCK INGRESS-MULTICASTSyntaxno switchport block ingress-multicastParametersNoneModePort Inte

AT-9000 Switch Command Line User’s Guide17To support remote management, the switch must have a management IP address. For instructions on how to assig

Chapter 25: Multicast Commands422SWITCHPORT BLOCK EGRESS-MULTICASTSyntaxswitchport block egress-multicastParametersNoneModePort Interface modeDescript

AT-9000 Switch Command Line User’s Guide423SWITCHPORT BLOCK INGRESS-MULTICASTSyntaxswitchport block ingress-multicastParametersNoneModePort Interface

Chapter 25: Multicast Commands424

425Section IIIFile SystemThis section contains the following chapters: Chapter 26, “File System” on page 427 Chapter 27, “File System Commands” on p

426

427Chapter 26File SystemThis chapter discusses the following topics: “Overview” on page 428 “Copying Boot Configuration Files” on page 429 “Renamin

Chapter 26: File System428OverviewThe file system in the switch stores the following types of files: Boot configuration files Encryption key pairsTh

AT-9000 Switch Command Line User’s Guide429Copying Boot Configuration FilesMaintaining a history of the configuration settings of the switch can prove

Chapter 26: File System430Renaming Boot Configuration FilesTo rename boot configuration files in the file system, use the MOVE command, found in the P

AT-9000 Switch Command Line User’s Guide431Deleting Boot Configuration FilesIf the file system becomes cluttered with unnecessary configuration files,

Chapter 1: AlliedWare Plus Command Line Interface18The switch supports the following MIBs for SNMP management: atistackinfo.mib atiEdgeSwtich.mib R

Chapter 26: File System432Displaying the Specifications of the File SystemThe User Exec mode and the Privileged Exec mode have a command that lets you

AT-9000 Switch Command Line User’s Guide433Listing the Files in the File SystemTo view the names of the files in the file system of the switch, use th

Chapter 26: File System434

435Chapter 27File System CommandsThe file system commands are summarized in Table 45.Table 45. File System CommandsCommand Mode Description“COPY” on p

Chapter 27: File System Commands436COPYSyntaxcopy sourcefile.cfg destinationfile.cfgParameterssourcefile.cfgSpecifies the name of the boot configurati

AT-9000 Switch Command Line User’s Guide437DELETESyntaxdelete filename.cfgParameterfilename.cfgSpecifies the name of the boot configuration file to be

Chapter 27: File System Commands438DELETE FORCESyntaxdelete force filename.extParameterfilename.extSpecifies the name of the boot configuration file t

AT-9000 Switch Command Line User’s Guide439DIRSyntaxdirParameterNoneModePrivileged Exec modeDescriptionUse this command to list the names of the files

Chapter 27: File System Commands440MOVESyntaxmove filename1.cfg filename2.cfgParametersfilename1.cfgSpecifies the name of the boot configuration file

AT-9000 Switch Command Line User’s Guide441SHOW FILE SYSTEMSSyntaxshow file systemsParameterNoneModePrivileged Exec modeDescriptionUse this command to

AT-9000 Switch Command Line User’s Guide19Management InterfacesThe switch has two management interfaces: AlliedWare Plus command line Web browser wi

Chapter 27: File System Commands442ExampleThe following example displays the specifications of the file system:awplus# show file systemsS/D/V The memo

443Chapter 28Boot Configuration FilesThis chapter discusses the following topics: “Overview” on page 444 “Specifying the Active Boot Configuration F

Chapter 28: Boot Configuration Files444OverviewThe changes that you make to the parameters settings of the switch are saved as a series of commands in

AT-9000 Switch Command Line User’s Guide445Specifying the Active Boot Configuration FileTo create or designate a new active boot configuration file fo

Chapter 28: Boot Configuration Files446Here are a couple examples of the command. The first example creates a new active boot configuration file calle

AT-9000 Switch Command Line User’s Guide447Creating a New Boot Configuration FileIt is a good idea to periodically make copies of the current configur

Chapter 28: Boot Configuration Files448Displaying the Active Boot Configuration FileTo display the name of the active boot configuration file on the s

449Chapter 29Boot Configuration File CommandsThe boot configuration file commands are summarized in Table 47 and described in detail within the chapte

Chapter 29: Boot Configuration File Commands450BOOT CONFIG-FILESyntaxboot config-file filename.cfgParameterfilenameSpecifies the name of a boot config

AT-9000 Switch Command Line User’s Guide451Confirmation Command“SHOW BOOT” on page 456.ExamplesThis example designates a file called “region2asw.cfg”

Chapter 1: AlliedWare Plus Command Line Interface20Local Manager AccountYou must log on to manage the switch. This requires a valid user name and pass

Chapter 29: Boot Configuration File Commands452COPY RUNNING-CONFIGSyntaxcopy running-config filename.cfgParameterfilenameSpecifies a name for a new bo

AT-9000 Switch Command Line User’s Guide453COPY RUNNING-CONFIG STARTUP-CONFIGSyntaxcopy running-config startup-configParametersNoneModePrivileged Exec

Chapter 29: Boot Configuration File Commands454ERASE STARTUP-CONFIGSyntaxerase startup-configParametersNoneModePrivileged Exec modeDescriptionUse this

AT-9000 Switch Command Line User’s Guide455NO BOOT CONFIG-FILESyntaxno boot config-fileParameterNoneModeGlobal Configuration modeDescriptionUse this c

Chapter 29: Boot Configuration File Commands456SHOW BOOTSyntaxshow bootParameterNoneModePrivileged Exec modeDescriptionUse this command to display the

AT-9000 Switch Command Line User’s Guide457ExampleThis command displays the name of the active boot configuration file and the version numbers of the

Chapter 29: Boot Configuration File Commands458SHOW STARTUP-CONFIGSyntaxshow startup-configParametersNoneModePrivileged Exec modeDescriptionUse this c

AT-9000 Switch Command Line User’s Guide459WRITESyntaxwriteParametersNoneModePrivileged Exec modeDescriptionUse this command to update the active boot

Chapter 29: Boot Configuration File Commands460

461Chapter 30File TransferThis chapter discusses the following topics: “Overview” on page 462 “Uploading or Downloading Files with TFTP” on page 463

AT-9000 Switch Command Line User’s Guide21AlliedWare Plus Command ModesThe AlliedWare Plus command line interface consists of a series of modes that a

Chapter 30: File Transfer462OverviewThis chapter discusses how to download files onto the switch and upload files onto the switch. You can download th

AT-9000 Switch Command Line User’s Guide463Uploading or Downloading Files with TFTP “Downloading New Management Software with TFTP” next “Downloadin

Chapter 30: File Transfer464The IPADDRESS parameter is the IP address of the TFTP server, and the FILENAME parameter is the name of the new management

AT-9000 Switch Command Line User’s Guide465In this example of the command, the IP address of the TFTP server is 152.34.67.8, and the filename of the b

Chapter 30: File Transfer466To upload a file from the file system of the switch using TFTP:1. Start a local or remote management session on the switch

AT-9000 Switch Command Line User’s Guide467Uploading or Downloading Files with Zmodem “Downloading Files to the Switch with Zmodem” next “Uploading

Chapter 30: File Transfer4687. At this point, do one of the following: To configure the switch using the settings in the newly designated active boot

AT-9000 Switch Command Line User’s Guide469After you enter the command, the switch displays this message:Waiting to send ...4. Use your terminal or te

Chapter 30: File Transfer470Downloading Files with Enhanced StackingIf you are using the enhanced stacking feature, you can automate the process of up

AT-9000 Switch Command Line User’s Guide4714. Enter the ID numbers of the switches to receive the management software from the command switch. The ID

5Preface ... 9Document Conventi

Chapter 1: AlliedWare Plus Command Line Interface22NoteBy default, the mode prompts are prefixed with the “awplus” string. To change this string, use

Chapter 30: File Transfer472

473Chapter 31File Transfer CommandsThe file transfer commands are summarized in Table 49 and described in detail within the chapter.Table 49. File Tra

Chapter 31: File Transfer Commands474COPY FILENAME ZMODEMSyntax:copy filename.cfg zmodemParametersfilenameSpecifies the filename of a configuration fi

AT-9000 Switch Command Line User’s Guide475COPY FLASH TFTPSyntaxcopy flash tftp ipaddress filenameParametersipaddressSpecifies the IP address of a TFT

Chapter 31: File Transfer Commands476COPY TFTP FLASHSyntaxcopy tftp flash ipaddress filenameParametersipaddressSpecifies the IP address of a TFTP serv

AT-9000 Switch Command Line User’s Guide477ExamplesThis example downloads the new management software file “at9000_app.img” to the switch from a TFTP

Chapter 31: File Transfer Commands478COPY ZMODEMSyntaxcopy zmodemParametersNoneModePrivileged Exec modeDescriptionUse this command together with a Zmo

AT-9000 Switch Command Line User’s Guide479UPLOAD IMAGE REMOTELISTSyntaxupload image remotelistParametersNoneModeGlobal Configuration modeDescriptionU

Chapter 31: File Transfer Commands480

481Section IVEvent MessagesThis section contains the following chapters: Chapter 32, “Event Log” on page 483 Chapter 33, “Event Log Commands” on pag

AT-9000 Switch Command Line User’s Guide23Console Line mode awplus (config-line)#  Sets the session timer for local management sessions. Activates a

482

483Chapter 32Event LogThis chapter covers the following topics: “Overview” on page 484 “Displaying the Event Log” on page 485 “Clearing the Event L

Chapter 32: Event Log484OverviewA managed switch is a complex piece of computer equipment that includes both hardware and software components. Multipl

AT-9000 Switch Command Line User’s Guide485Displaying the Event LogThere are two commands to display the messages stored in the event log. Both displa

Chapter 32: Event Log486Clearing the Event LogTo clear all the messages from the event log, use the CLEAR LOG BUFFERED command in the Privileged Exec

487Chapter 33Event Log CommandsThe event log commands are summarized in Table 50 and described in detail within this chapter.Table 50. Event Log Comma

Chapter 33: Event Log Commands488CLEAR LOG BUFFEREDSyntaxclear log bufferedParametersNone.ModePrivileged Exec modeDescriptionUse this command to delet

AT-9000 Switch Command Line User’s Guide489LOG BUFFEREDSyntaxlog buffered level level program programParameterslevel Specifies the minimum severity le

Chapter 33: Event Log Commands490Confirmation Command“SHOW LOG CONFIG” on page 496ExamplesThis example configures the log to save event messages that

AT-9000 Switch Command Line User’s Guide491NO LOG BUFFEREDSyntaxno log buffered [level level]|[program program]|[msgtext msgtext]ParameterslevelSpecif

Chapter 1: AlliedWare Plus Command Line Interface24Moving Down the HierarchyTo move down the mode hierarchy, you have to step through each mode in seq

Chapter 33: Event Log Commands492awplus# configure terminalawplus(config)# no log buffered Program macOUtputID Type Status Details--------------------

AT-9000 Switch Command Line User’s Guide493SHOW LOGSyntaxshow logParametersNoneModePrivileged Exec modeDescriptionUse this command to display the mess

Chapter 33: Event Log Commands494Table 53 lists the modules and their abbreviations.Severity (continued) Warning: The issue reported by the message m

AT-9000 Switch Command Line User’s Guide495ExampleThe following command displays the messages in the event log:awplus# show logPKI Public Key Infrastr

Chapter 33: Event Log Commands496SHOW LOG CONFIGSyntaxshow log configParametersNoneModesPrivileged Exec modeDescriptionUse this command to display the

AT-9000 Switch Command Line User’s Guide497SHOW LOG REVERSESyntaxshow log reverseParametersNoneModePrivileged Exec modeDescriptionUse this command to

Chapter 33: Event Log Commands498SHOW LOG TAILSyntaxshow log tail [number]ParameternumberSpecifies the number of event messages to display. The range

499Chapter 34Syslog ClientThis chapter covers the following topics: “Overview” on page 500 “Creating Syslog Server Definitions” on page 501 “Deleti

Chapter 34: Syslog Client500OverviewThe switch has a syslog client. The client enables the switch to send its event messages to syslog servers on your

AT-9000 Switch Command Line User’s Guide501Creating Syslog Server DefinitionsTo configure the switch to send event messages to a syslog server, create

AT-9000 Switch Command Line User’s Guide25LINE VTYCommandYou use this command to move from the Global Configuration mode to the Virtual Terminal Line

Chapter 34: Syslog Client502ENCO Encryption keysESTACK Enhanced stackingEVTLOG Event logFILE File systemGARP GARP GVRPHTTP Web serverIGMPSNOOP IGMP sn

AT-9000 Switch Command Line User’s Guide503This example of the command creates a new syslog definition for a syslog server that has the IP address 149

Chapter 34: Syslog Client504Deleting Syslog Server DefinitionsTo delete syslog server definitions from the switch, use the NO LOG HOST command in the

AT-9000 Switch Command Line User’s Guide505Displaying the Syslog Server DefinitionsTo view the IP addresses of the syslog servers use the SHOW LOG CON

Chapter 34: Syslog Client506

507Chapter 35Syslog Client CommandsThe syslog client commands are summarized in Table 57 and described in detail within the chapter.Table 57. Syslog C

Chapter 35: Syslog Client Commands508LOG HOSTSyntaxlog host ipaddress [level level] [program program]ParametersipaddressSpecifies the IP address of a

AT-9000 Switch Command Line User’s Guide509This example creates a new syslog definition for a syslog server that has the IP address 149.152.122.143. T

Chapter 35: Syslog Client Commands510NO LOG HOSTSyntaxno log host ipaddressParametersipaddressSpecifies an IP address of a syslog server.ModeGlobal Co

AT-9000 Switch Command Line User’s Guide511SHOW LOG CONFIGSyntaxshow log configParametersNoneModesPrivileged Exec modeDescriptionUse this command to d

Chapter 1: AlliedWare Plus Command Line Interface26Figure 8. INTERFACE PORT Command - Multiple PortsThe INTERFACE PORT command is also located in the

Chapter 35: Syslog Client Commands512ExampleThis example displays the configurations of the syslog server entries:awplus# show log config

513Section VPort TrunksThis section contains the following chapters: Chapter 36, “Static Port Trunks” on page 515 Chapter 37, “Static Port Trunk Com

514

515Chapter 36Static Port TrunksThis chapter covers the following topics: “Overview” on page 516 “Creating New Static Port Trunks or Adding Ports To

Chapter 36: Static Port Trunks516OverviewStatic port trunks are groups of two to eight ports that act as single virtual links between the switch and o

AT-9000 Switch Command Line User’s Guide517 Source MAC Address / Destination MAC Address (Layer 2) Source IP Address (Layer 3) Destination IP Addre

Chapter 36: Static Port Trunks518For example, assume you selected source and destination MAC addresses for the load distribution method in our previou

AT-9000 Switch Command Line User’s Guide519are compatible with the device to which the trunk will be connected. When you create a static port trunk, t

Chapter 36: Static Port Trunks520Creating New Static Port Trunks or Adding Ports To Existing TrunksThe command to create new static port trunks or to

AT-9000 Switch Command Line User’s Guide521Specifying the Load Distribution MethodThe load distribution method defines how the switch distributes the

AT-9000 Switch Command Line User’s Guide27NoteA VLAN must be identified in this command by its VID and not by its name.VLANDATABASECommandYou use this

Chapter 36: Static Port Trunks522Removing Ports from Static Port Trunks or Deleting TrunksTo remove ports from a static port trunk, enter the Port Int

AT-9000 Switch Command Line User’s Guide523Displaying Static Port TrunksTo display the member ports of static port trunks, use the SHOW STATIC-CHANNEL

Chapter 36: Static Port Trunks524

525Chapter 37Static Port Trunk CommandsThe static port trunk commands are summarized in Table 58 and described in detail within the chapter..Table 58.

Chapter 37: Static Port Trunk Commands526NO STATIC-CHANNEL-GROUPSyntaxno static-channel-groupParametersNoneModePort Interface modeDescriptionUse this

AT-9000 Switch Command Line User’s Guide527PORT-CHANNEL LOAD-BALANCESyntaxport-channel load-balance src-mac|dst-mac|src-dst-mac|src-ip|dst-ip|src-dst-

Chapter 37: Static Port Trunk Commands528ExampleThis example sets the load distribution method to destination MAC address for a trunk with an ID numbe

AT-9000 Switch Command Line User’s Guide529SHOW STATIC-CHANNEL-GROUPSyntaxshow static-channel-groupParametersNoneModesUser Exec mode and Privileged Ex

Chapter 37: Static Port Trunk Commands530STATIC-CHANNEL-GROUPSyntaxstatic-channel-group id_numberParametersid_numberSpecifies an ID number of a static

AT-9000 Switch Command Line User’s Guide531 Ports can be members of just one static port trunk at a time. A port that is already a member of a trunk

Chapter 1: AlliedWare Plus Command Line Interface28Moving Up the HierarchyThere are four commands for moving up the mode hierarchy. They are the EXIT,

Chapter 37: Static Port Trunk Commands532

533Chapter 38Link Aggregation Control Protocol (LACP)This chapter covers the following topics: “Overview” on page 534 “Creating New Aggregators” on

Chapter 38: Link Aggregation Control Protocol (LACP)534OverviewThe Link Aggregation Control Protocol (LACP) is used to increase the bandwidth between

AT-9000 Switch Command Line User’s Guide535Base Port The lowest numbered port in an aggregator is referred to as the base port. You cannot change the

Chapter 38: Link Aggregation Control Protocol (LACP)536 The lowest numbered port in an aggregator is called the base port. You cannot add ports that

AT-9000 Switch Command Line User’s Guide537Creating New AggregatorsTo create a new aggregator, move to the Port Interface mode of the aggregator’s mem

Chapter 38: Link Aggregation Control Protocol (LACP)538Setting the Load Distribution MethodThe load distribution method determines the manner in which

AT-9000 Switch Command Line User’s Guide539Adding Ports to AggregatorsThe command to add ports to existing aggregators is the same command to create n

Chapter 38: Link Aggregation Control Protocol (LACP)540Removing Ports from AggregatorsTo remove ports from an aggregator, use the NO CHANNEL-GROUP com

AT-9000 Switch Command Line User’s Guide541Deleting AggregatorsTo delete an aggregator, remove all its ports with the NO CHANNEL-GROUP command, in the

AT-9000 Switch Command Line User’s Guide29Figure 16. Returning to the Privileged Exec Mode with the END CommandDISABLECommandTo return to the User Exe

Chapter 38: Link Aggregation Control Protocol (LACP)542Displaying AggregatorsThere are five SHOW commands for LACP. Two of them are mentioned here. Fo

AT-9000 Switch Command Line User’s Guide543Here is an example of the information.Figure 103. SHOW LACP SYS-ID CommandIt should be mentioned that while

Chapter 38: Link Aggregation Control Protocol (LACP)544

545Chapter 39LACP CommandsThe LACP port trunk commands are summarized in Table 59 and described in detail within the chapter.Table 59. LACP Port Trunk

Chapter 39: LACP Commands546CHANNEL-GROUPSyntaxchannel-group id_numberParametersid_numberSpecifies the ID number of a new or an existing aggregator. T

AT-9000 Switch Command Line User’s Guide547ExamplesThese commands create a new aggregator consisting of ports 11 to 16. The ID number of the aggregato

Chapter 39: LACP Commands548LACP SYSTEM-PRIORITYSyntaxlacp system-priority priorityParametersprioritySpecifies the LACP system priority value for the

AT-9000 Switch Command Line User’s Guide549NO CHANNEL-GROUPSyntaxno channel-groupParametersNoneModePort Interface modeDescriptionUse this command to r

Chapter 39: LACP Commands550PORT-CHANNEL LOAD-BALANCESyntaxport-channel load-balance src-mac|dst-mac|src-dst-mac|src-ip|dst-ip|src-dst-ipParameterssrc

AT-9000 Switch Command Line User’s Guide551Confirmation Command“SHOW ETHERCHANNEL DETAIL” on page 553ExampleThis example sets the load distribution me

Chapter 1: AlliedWare Plus Command Line Interface30Port Numbers in CommandsThe ports on the switch are identified in the commands with the PORT parame

Chapter 39: LACP Commands552SHOW ETHERCHANNELSyntaxshow etherchannel id_numberParametersid_numberSpecifies the ID number of the aggregator.ModePrivile

AT-9000 Switch Command Line User’s Guide553SHOW ETHERCHANNEL DETAILSyntaxshow etherchannel detailParametersNoneModePrivileged Exec modeDescriptionUse

Chapter 39: LACP Commands554ExampleThis example displays detailed information about aggregators:awplus# show etherchannel detail

AT-9000 Switch Command Line User’s Guide555SHOW ETHERCHANNEL SUMMARYSyntaxshow etherchannel summaryParametersNoneModePrivileged Exec modeDescriptionUs

Chapter 39: LACP Commands556SHOW LACP SYS-IDSyntaxshow lacp sys-idParametersNoneModePrivileged Exec modeDescriptionUse this command to display the LAC

AT-9000 Switch Command Line User’s Guide557SHOW PORT ETHERCHANNELSyntaxshow port etherchannel [interface port]ParametersportSpecifies the port of an a

Chapter 39: LACP Commands558

559Section VISpanning Tree ProtocolsThis section contains the following chapters: Chapter 40, “STP, RSTP and MSTP Protocols” on page 561 Chapter 41,

560

561Chapter 40STP, RSTP and MSTP ProtocolsThis chapter covers the following topics: “Overview” on page 562 “Bridge Priority and the Root Bridge” on p

AT-9000 Switch Command Line User’s Guide31You can also combine individual ports and port ranges in the same command, as illustrated in these commands,

Chapter 40: STP, RSTP and MSTP Protocols562OverviewThe Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Pr

AT-9000 Switch Command Line User’s Guide563Bridge Priority and the Root BridgeThe first task that bridges perform when a spanning tree protocol is act

Chapter 40: STP, RSTP and MSTP Protocols564Path Costs and Port CostsAfter the root bridge has been selected, the bridges determine if the network cont

AT-9000 Switch Command Line User’s Guide565Port PriorityIf two paths have the same port cost, the bridges must select a preferred path. In some instan

Chapter 40: STP, RSTP and MSTP Protocols566Forwarding Delay and Topology ChangesIf there is a change in the network topology due to a failure, removal

AT-9000 Switch Command Line User’s Guide567Hello Time and Bridge Protocol Data Units (BPDU)The bridges that are part of a spanning tree domain communi

Chapter 40: STP, RSTP and MSTP Protocols568Point-to-Point and Edge PortsPart of the task of configuring RSTP or MSTP is defining the port types on the

AT-9000 Switch Command Line User’s Guide569Figure 110. Edge PortA port can be both a point-to-point and an edge port at the same time. It operates in

Chapter 40: STP, RSTP and MSTP Protocols570Mixed STP and RSTP NetworksRSTP IEEE 802.1w is fully compliant with STP IEEE 802.1d. A network can have bot

AT-9000 Switch Command Line User’s Guide571Spanning Tree and VLANsSTP and RSTP support a single-instance spanning tree that encompasses all the ports

Contents6Saving Your Changes ...

Chapter 1: AlliedWare Plus Command Line Interface32Combo Ports 25 to 28Ports 25 to 28 on the AT-9000/28, AT-9000/28POE, and AT-9000/28SP Managed Layer

Chapter 40: STP, RSTP and MSTP Protocols572RSTP and MSTP BPDU GuardThis feature monitors the RSTP or MSTP edge ports on the switch for BPDU packets. E

AT-9000 Switch Command Line User’s Guide573Here are the guidelines to this feature: BPDU guard is configured for each port and has only two possible

Chapter 40: STP, RSTP and MSTP Protocols574STP, RSTP, MSTP Loop GuardAlthough spanning tree is designed to detect and prevent the formation of loops i

AT-9000 Switch Command Line User’s Guide575If you configured the SNMP community strings on the switch, an SNMP trap is sent to your management worksta

Chapter 40: STP, RSTP and MSTP Protocols576Figure 114. Loop Guard Example 2But if loop guard is enabled on port 14 on switch 3, the port, instead of c

AT-9000 Switch Command Line User’s Guide577In the first example, the root bridge stops transmitting BPDUs. If switch 3 is not using loop guard, it con

Chapter 40: STP, RSTP and MSTP Protocols578Figure 117. Loop Guard Example 5Switch 3Switch 1Old root bridgeRSTP stops operatingPort 4Loop guard changes

AT-9000 Switch Command Line User’s Guide579STP and RSTP Root GuardThe Root Guard feature enforces the root bridge placement in a network. It ensures t

Chapter 40: STP, RSTP and MSTP Protocols580

581Chapter 41Spanning Tree Protocol (STP) ProceduresThis chapter provides the following procedures: “Designating STP as the Active Spanning Tree Prot

AT-9000 Switch Command Line User’s Guide33Command FormatThe following sections describe the command line interface features and the command syntax con

Chapter 41: Spanning Tree Protocol (STP) Procedures582Designating STP as the Active Spanning Tree ProtocolBefore you can configure the STP parameters

AT-9000 Switch Command Line User’s Guide583Enabling the Spanning Tree ProtocolTo enable STP on the switch, use the SPANNING-TREE STP ENABLE command in

Chapter 41: Spanning Tree Protocol (STP) Procedures584Setting the Switch ParametersThis table lists the STP functions that are controlled at the switc

AT-9000 Switch Command Line User’s Guide585This example of the command sets the switch’s priority value to 8,192: awplus> enableawplus# configure t

Chapter 41: Spanning Tree Protocol (STP) Procedures586Setting the Port ParametersThis table lists the STP functions that are controlled at the port le

AT-9000 Switch Command Line User’s Guide587Disabling the Spanning Tree ProtocolTo disable STP on the switch, use the NO SPANNING-TREE STP ENABLE comma

Chapter 41: Spanning Tree Protocol (STP) Procedures588Displaying STP SettingsTo view the STP settings on the switch, use the SHOW SPANNING-TREE in the

589Chapter 42STP CommandsThe STP commands are summarized in Table 62 and described in detail within the chapter.Table 62. Spanning Tree Protocol Comma

Chapter 42: STP Commands590“SPANNING-TREE PORTFAST BPDU-GUARD” on page 601Port Interface Enables the BPDU guard feature on a port so that the switch m

AT-9000 Switch Command Line User’s Guide591NO SPANNING-TREE STP ENABLESyntaxno spanning-tree stp enableParametersNoneModeGlobal Configuration modeDesc

Chapter 1: AlliedWare Plus Command Line Interface34Startup MessagesThe switch generates the following series of status messages whenever it is powered

Chapter 42: STP Commands592SHOW SPANNING-TREESyntaxshow spanning-tree [interface port]ParametersportSpecifies a port. You can specify more than one po

AT-9000 Switch Command Line User’s Guide593ExamplesThis command displays the STP settings for all the ports:awplus# show spanning-treeThis command dis

Chapter 42: STP Commands594SPANNING-TREE FORWARD-TIMESyntaxspanning-tree forward-time forwardtimeParametersforwardtimeSpecifies the forward time. The

AT-9000 Switch Command Line User’s Guide595SPANNING-TREE GUARD ROOTSyntaxspanning-tree guard root ParametersNoneModePort Interface modeDescriptionUse

Chapter 42: STP Commands596SPANNING-TREE HELLO-TIMESyntaxspanning-tree hello-time hellotimeParametershellotimeSpecifies the hello time. The range is 1

AT-9000 Switch Command Line User’s Guide597SPANNING-TREE MAX-AGESyntaxspanning-tree max-age maxageParametersmaxageSpecifies the max-age parameter. The

Chapter 42: STP Commands598SPANNING-TREE MODE STPSyntaxspanning-tree mode stpParametersNoneModeGlobal Configuration modeDescriptionUse this command to

AT-9000 Switch Command Line User’s Guide599SPANNING-TREE PATH-COSTSyntaxspanning-tree path-cost path-costParameterspath-costSpecifies the cost of a po

Chapter 42: STP Commands600SPANNING-TREE PORTFASTSyntaxspanning-tree portfastParametersNoneModePort Interface modeDescriptionUse this command to desig

AT-9000 Switch Command Line User’s Guide601SPANNING-TREE PORTFAST BPDU-GUARDSyntaxspanning-tree portfast bpdu-guardParametersNoneModePort Interface mo

AT-9000 Switch Command Line User’s Guide35Figure 20. Startup Messages (continued)Initializing System ... done!Initializi

Chapter 42: STP Commands602SPANNING-TREE PRIORITY (Bridge Priority)Syntaxspanning-tree priority priorityParametersprioritySpecifies a priority number

AT-9000 Switch Command Line User’s Guide603SPANNING-TREE Priority (Port Priority)Syntaxspanning-tree priority priorityParametersprioritySpecifies the

Chapter 42: STP Commands604SPANNING-TREE STP ENABLESyntaxspanning-tree stp enableParametersNoneModeGlobal Configuration modeDescriptionUse this comman

605Chapter 43Rapid Spanning Tree Protocol (RSTP) ProceduresThis chapter provides the following procedures: “Designating RSTP as the Active Spanning T

Chapter 43: Rapid Spanning Tree Protocol (RSTP) Procedures606Designating RSTP as the Active Spanning Tree ProtocolThe first step to using RSTP on the

AT-9000 Switch Command Line User’s Guide607Enabling the Rapid Spanning Tree ProtocolTo enable RSTP on the switch, use the SPANNING-TREE RSTP ENABLE co

Chapter 43: Rapid Spanning Tree Protocol (RSTP) Procedures608Configuring the Switch ParametersThis table lists the RSTP parameters that are set in the

AT-9000 Switch Command Line User’s Guide609This example increases the forward time to 25 seconds and the hello time to 8 seconds. The forward time con

Chapter 43: Rapid Spanning Tree Protocol (RSTP) Procedures610To disable the BPDU guard feature on the switch, use the NO SPANNING-TREE BPDU-GUARD comm

AT-9000 Switch Command Line User’s Guide611Configuring the Port ParametersThis table lists the RSTP port parameters. These parameters are set on the i

Chapter 1: AlliedWare Plus Command Line Interface36Figure 21. Startup Messages (continued)Initializing FTAB ... done!I

Chapter 43: Rapid Spanning Tree Protocol (RSTP) Procedures612Configuring PortPrioritiesIf RSTP discovers a loop in the topology, but the two paths tha

AT-9000 Switch Command Line User’s Guide613This example uses the NO SPANNING-TREE command to remove port 21 as an edge port:awplus> enableawplus# c

Chapter 43: Rapid Spanning Tree Protocol (RSTP) Procedures614Edge ports that are disabled by the feature remain disabled until you manually enable the

AT-9000 Switch Command Line User’s Guide615Disabling the Rapid Spanning Tree ProtocolTo disable RSTP on the switch, use the NO SPANNING-TREE RSTP ENAB

Chapter 43: Rapid Spanning Tree Protocol (RSTP) Procedures616Displaying RSTP SettingsTo view the RSTP settings on the switch, use the SHOW SPANNING-TR

617Chapter 44RSTP CommandsThe RSTP commands are summarized in Table 65 and described in detail within the chapter.Table 65. Rapid Spanning Tree Protoc

Chapter 44: RSTP Commands618“SPANNING-TREE LINK-TYPE” on page 631Port Interface Designates point-to-point ports and shared ports.“SPANNING-TREE LOOP-G

AT-9000 Switch Command Line User’s Guide619NO SPANNING-TREE PORTFASTSyntaxno spanning-tree portfastParametersNoneModePort Interface modeDescriptionUse

Chapter 44: RSTP Commands620NO SPANNING-TREE ERRDISABLE-TIMEOUT ENABLESyntaxno spanning-tree errdisable-timeout enableParametersNoneModeGlobal Configu

AT-9000 Switch Command Line User’s Guide621NO SPANNING-TREE LOOP-GUARDSyntaxno spanning-tree loop-guardParametersNoneModePort Interface modeDescriptio

37Chapter 2Starting a Management SessionThis chapter has the following sections: “Starting a Local Management Session” on page 38 “Starting a Remote

Chapter 44: RSTP Commands622NO SPANNING-TREE PORTFAST BPDU-GUARDSyntaxno spanning-tree portfast bpdu-guardParametersNoneModePort Interface modeDescrip

AT-9000 Switch Command Line User’s Guide623NO SPANNING-TREE RSTP ENABLESyntaxno spanning-tree rstp enableParametersNoneModeGlobal Configuration modeDe

Chapter 44: RSTP Commands624SHOW SPANNING-TREESyntaxshow spanning-treeParametersNoneModesPrivileged Exec modeDescriptionUse this command to display th

AT-9000 Switch Command Line User’s Guide625ExampleThis example displays the RSTP settings on the switch:awplus# show spanning-tree

Chapter 44: RSTP Commands626SPANNING-TREE ERRDISABLE-TIMEOUT ENABLESyntaxspanning-tree errdisable-timeout enableParametersNoneModeGlobal Configuration

AT-9000 Switch Command Line User’s Guide627SPANNING-TREE ERRDISABLE-TIMEOUT INTERVALSyntaxspanning-tree errdisable-timeout interval intervalParameters

Chapter 44: RSTP Commands628SPANNING-TREE FORWARD-TIMESyntaxspanning-tree forward-time forwardtimeParametersforwardtimeSpecifies the forward time. The

AT-9000 Switch Command Line User’s Guide629SPANNING-TREE GUARD ROOTSyntaxspanning-tree guard root ParametersNoneModePort Interface modeDescriptionUse

Chapter 44: RSTP Commands630SPANNING-TREE HELLO-TIMESyntaxspanning-tree hello-time hellotimeParametershellotimeSpecifies the hello time. The range is

AT-9000 Switch Command Line User’s Guide631SPANNING-TREE LINK-TYPESyntaxspanning-tree link-type point-to-point|sharedParameterspoint-to-pointAllows fo

Chapter 2: Starting a Management Session38Starting a Local Management SessionTo start a local management session on the switch, perform the following

Chapter 44: RSTP Commands632SPANNING-TREE LOOP-GUARDSyntaxspanning-tree loop-guardParametersNoneModePort Interface modeDescriptionUse this command to

AT-9000 Switch Command Line User’s Guide633SPANNING-TREE MAX-AGESyntaxspanning-tree max-age maxageParametersmaxageSpecifies the maximum age parameter.

Chapter 44: RSTP Commands634SPANNING-TREE MODE RSTPSyntaxspanning-tree mode rstpParametersNoneModeGlobal Configuration modeDescriptionUse this command

AT-9000 Switch Command Line User’s Guide635SPANNING-TREE PATH-COSTSyntaxspanning-tree path-cost path-costParameterspath-costSpecifies the cost of a po

Chapter 44: RSTP Commands636SPANNING-TREE PORTFASTSyntaxspanning-tree portfastParametersNoneModePort Interface modeDescriptionUse this command to desi

AT-9000 Switch Command Line User’s Guide637SPANNING-TREE PORTFAST BPDU-GUARDSyntaxspanning-tree portfast bpdu-guardParametersNoneModePort Interface mo

Chapter 44: RSTP Commands638SPANNING-TREE PRIORITY (Bridge Priority)Syntaxspanning-tree priority priorityParametersprioritySpecifies a priority number

AT-9000 Switch Command Line User’s Guide639SPANNING-TREE PRIORITY (Port Priority)Syntaxspanning-tree priority priorityParametersprioritySpecifies the

Chapter 44: RSTP Commands640SPANNING-TREE RSTP ENABLESyntaxspanning-tree rstp enableParametersNoneModeGlobal Configuration modeDescriptionUse this com

641Chapter 45Multiple Spanning Tree ProtocolThis chapter provides background information about the Multiple Spanning Tree Protocol (MSTP). It covers t

AT-9000 Switch Command Line User’s Guide395. Enter a user name and password. If this is the initial management session of the switch, enter “manager”

Chapter 45: Multiple Spanning Tree Protocol642OverviewAs mentioned in Chapter 40, “STP, RSTP and MSTP Protocols” on page 561, STP and RSTP are referre

AT-9000 Switch Command Line User’s Guide643Multiple Spanning Tree Instance (MSTI)The individual spanning trees in MSTP are referred to as Multiple Spa

Chapter 45: Multiple Spanning Tree Protocol644Figure 123. MSTP Example of Two Spanning Tree InstancesAn MSTI can contain more than one VLAN. This is i

AT-9000 Switch Command Line User’s Guide645MSTI GuidelinesFollowing are several guidelines to keep in mind about MSTIs: The AT-9000 Switch can suppor

Chapter 45: Multiple Spanning Tree Protocol646VLAN and MSTI AssociationsPart of the task to configuring MSTP involves assigning VLANs to spanning tree

AT-9000 Switch Command Line User’s Guide647Ports in Multiple MSTIsA port can be a member of more than one MSTI at a time if it is a tagged member of o

Chapter 45: Multiple Spanning Tree Protocol648Multiple Spanning Tree RegionsAnother important concept of MSTP is regions. An MSTP region is defined as

AT-9000 Switch Command Line User’s Guide649Table 66 illustrates the concept of regions. It shows one MSTP region consisting of two AT-9000 Switches. E

Chapter 45: Multiple Spanning Tree Protocol650RegionGuidelinesFollowing are several points to remember about regions. A network can contain any numbe

AT-9000 Switch Command Line User’s Guide651Common andInternalSpanning Tree(CIST)MSTP has a default spanning tree instance called the Common and Intern

Chapter 2: Starting a Management Session40Starting a Remote Telnet or SSH Management SessionHere are the requirements for remote management of the swi

Chapter 45: Multiple Spanning Tree Protocol652An MSTP region can be considered as a virtual bridge. The implication is that other MSTP regions and STP

AT-9000 Switch Command Line User’s Guide653Summary of GuidelinesCareful planning is essential for the successful implementation of MSTP. This section

Chapter 45: Multiple Spanning Tree Protocol654NoteThe AlliedWare Plus MSTP implementation complies fully with the new IEEE 802.1s standard. Any other

AT-9000 Switch Command Line User’s Guide655Associating VLANs to MSTIsAllied Telesis recommends that you assign all VLANs on a switch to an MSTI. You s

Chapter 45: Multiple Spanning Tree Protocol656Figure 126. CIST and VLAN Guideline - Example 2 When port 4 on switch B receives a BPDU, the switch note

AT-9000 Switch Command Line User’s Guide657Connecting VLANs Across Different RegionsSpecial consideration needs to be taken into account when you conn

Chapter 45: Multiple Spanning Tree Protocol658There are several ways to address this issue. The first is to have only one MSTP region for each subnet

AT-9000 Switch Command Line User’s Guide659MSTP Root GuardThe Root Guard feature enforces the root bridge placement in a network. It ensures the port

Chapter 45: Multiple Spanning Tree Protocol660

661Chapter 46MSTP CommandsThe MSTP commands are summarized in Table 68 and described in detail within the chapter.Table 68. Multiple Spanning Tree Pro

AT-9000 Switch Command Line User’s Guide41VTY Lines The switch has ten VTY (virtual teletypewriter) lines. Each line supports one remote Telnet or SSH

Chapter 46: MSTP Commands662“SPANNING-TREE MSTP ENABLE” on page 677Global ConfigurationDesignates the MSTP mode on the switch.“SPANNING-TREE MST CONFI

AT-9000 Switch Command Line User’s Guide663INSTANCE MSTI-ID PRIORITYSyntaxinstance msti-id priority priorityParametersprioritySpecifies a port priorit

Chapter 46: MSTP Commands664Use the no command, NO INSTANCE MSTI-ID PRIORITY, to restore the default priority value of 32768.Confirmation Command“SHOW

AT-9000 Switch Command Line User’s Guide665INSTANCE MSTI-ID VLANSyntaxinstance msti-id vlan vid|vidlistParametersvidSpecifies a VLAN ID.vidlistSpecifi

Chapter 46: MSTP Commands666NO SPANNING-TREE ERRDISABLE-TIMEOUT ENABLESyntaxspanning-tree errdisable-timeout enableParametersNoneModeGlobal Configurat

AT-9000 Switch Command Line User’s Guide667NO SPANNING-TREE PORTFASTSyntaxno spanning-tree portfastParametersNoneModePort Interface modeDescriptionUse

Chapter 46: MSTP Commands668NO SPANNING-TREE MSTP ENABLESyntaxno spanning-tree mstp enableParametersNoneModeGlobal Configuration modeDescriptionUse th

AT-9000 Switch Command Line User’s Guide669SHOW SPANNING-TREESyntaxshow spanning-treeParametersNoneModesPrivileged Exec modeDescriptionUse this comman

Chapter 46: MSTP Commands670SHOW SPANNING-TREE MST CONFIGSyntaxshow spanning-tree mst configParametersNoneModePrivileged Executive ModeDescriptionUse

AT-9000 Switch Command Line User’s Guide671SHOW SPANNING-TREE MST Syntaxshow spanning-tree mst ParametersNoneModePrivileged Executive ModeDescriptionU

AT-9000 Switch Command Line User’s Guide7CLOCK SET...

Chapter 2: Starting a Management Session42What to Configure FirstHere are a few suggestions on what to configure during your initial management sessio

Chapter 46: MSTP Commands672SHOW SPANNING-TREE MST INSTANCESyntaxshow spanning-tree mst instance <msti-id>Parametersinstance Specifies an instan

AT-9000 Switch Command Line User’s Guide673SPANNING-TREE ERRDISABLE-TIMEOUT ENABLESyntaxspanning-tree errdisable-timeout enableParametersNoneModeGloba

Chapter 46: MSTP Commands674SPANNING-TREE ERRDISABLE-TIMEOUT INTERVALSyntaxspanning-tree errdisable-timeout interval intervalParametersintervalSpecifi

AT-9000 Switch Command Line User’s Guide675SPANNING-TREE GUARD ROOTSyntaxspanning-tree guard root ParametersNoneModePort Interface modeDescriptionUse

Chapter 46: MSTP Commands676SPANNING-TREE MODE MSTPSyntaxspanning-tree mode mstpParametersNoneModeGlobal Configuration modeDescriptionUse this command

AT-9000 Switch Command Line User’s Guide677SPANNING-TREE MSTP ENABLESyntaxspanning-tree mstp enableParametersNoneModeGlobal Configuration modeDescript

Chapter 46: MSTP Commands678SPANNING-TREE MST CONFIGURATIONSyntaxspanning-tree mst configurationParametersNoneModeGlobal Configuration modeDescription

AT-9000 Switch Command Line User’s Guide679SPANNING-TREE MST INSTANCESyntaxspanning-tree mst instance <1-15> Parametersinstance Specifies an ins

Chapter 46: MSTP Commands680SPANNING-TREE PATH-COSTSyntaxspanning-tree path-cost path-costParameterspath-costSpecifies the cost of a port to the root

AT-9000 Switch Command Line User’s Guide681SPANNING-TREE PORTFASTSyntaxspanning-tree portfastParametersNoneModePort Interface modeDescriptionUse this

AT-9000 Switch Command Line User’s Guide43Figure 24. SHOW BOOT CommandThe name of your new active boot configuration file is displayed in the “Current

Chapter 46: MSTP Commands682SPANNING-TREE PORTFAST BPDU-GUARDSyntaxspanning-tree portfast bpdu-guardParametersNoneModeGlobal Configuration modeDescrip

AT-9000 Switch Command Line User’s Guide683REGIONSyntaxregion <region-name>Parametersregion-nameSpecifies the name of an MST region. Up to 32 ch

Chapter 46: MSTP Commands684REVISIONSyntaxrevision <revision-number>Parametersrevision-numberSpecifies the revision number. The range is 0 to 25

685Section VIIVirtual LANsThis section contains the following chapters: Chapter 47, “Port-based and Tagged VLANs” on page 687 Chapter 48, “Port-base

686

687Chapter 47Port-based and Tagged VLANsThis chapter covers the following topics: “Overview” on page 688 “Port-based VLAN Overview” on page 690 “Ta

Chapter 47: Port-based and Tagged VLANs688OverviewA VLAN is a group of ports that form a logical Ethernet segment on an Ethernet switch. The ports of

AT-9000 Switch Command Line User’s Guide689Virtual LANs can also span more than one switch. This makes it possible to create VLANs of end nodes that a

Chapter 47: Port-based and Tagged VLANs690Port-based VLAN OverviewAs the “Overview” on page 688 explains, a VLAN consists of a group of ports that for

AT-9000 Switch Command Line User’s Guide691For example, if you had a port-based VLAN named Marketing that spanned three switches, assign the Marketing

Chapter 2: Starting a Management Session44This example assigns the name “Engineering_sw2” to the switch:awplus> enableawplus# configure terminalawp

Chapter 47: Port-based and Tagged VLANs692Guidelines toCreating a Port-based VLANBelow are the guidelines to creating a port-based VLAN. Each port-ba

AT-9000 Switch Command Line User’s Guide693Port-basedExample 1Figure 132 illustrates an example of one AT-9000 switch with three port-based VLANs. (Th

Chapter 47: Port-based and Tagged VLANs694Port-basedExample 2Figure 133 illustrates more port-based VLANs. In this example, two VLANs, Sales and Engin

AT-9000 Switch Command Line User’s Guide695The table below lists the port assignments for the Sales, Engineering, and Production VLANs on the switches

Chapter 47: Port-based and Tagged VLANs696Tagged VLAN OverviewThe second type of VLAN is the tagged VLAN. VLAN membership in a tagged VLAN is determin

AT-9000 Switch Command Line User’s Guide697NoteFor explanations of VLAN name and VLAN identifier, refer back to “VLAN Name” on page 690 and “VLAN Iden

Chapter 47: Port-based and Tagged VLANs698Tagged VLANExampleFigure 134 illustrates how tagged ports can be used to interconnect IEEE 802.1q based prod

AT-9000 Switch Command Line User’s Guide699The port assignments for the VLANs are described in Table 70.Table 70. VLAN Port AssignmentsSwitchSales VLA

Chapter 47: Port-based and Tagged VLANs700This example is nearly identical to the “Port-based Example 2” on page 694. Tagged ports have been added to

AT-9000 Switch Command Line User’s Guide701Creating VLANsTo create VLANs, use the VLAN command in the VLAN Configuration mode. You must specify a name

AT-9000 Switch Command Line User’s Guide45This example assigns the management IPv4 address to a new VLAN called Tech_Support, with the VID 5. The VLAN

Chapter 47: Port-based and Tagged VLANs702Adding Untagged Ports to VLANsTo add a port to a VLAN as an untagged port, it may be necessary to first set

AT-9000 Switch Command Line User’s Guide703This example designates ports 11 to 18 as untagged ports of a VLAN with the VID 4. The SWITCHPORT MODE ACCE

Chapter 47: Port-based and Tagged VLANs704Adding Tagged Ports to VLANsThere are three steps to adding ports as tagged ports to VLANs:1. Set the mode o

AT-9000 Switch Command Line User’s Guide705This example adds ports 18 to 21 as tagged members to VLANs with the VIDs 7 and 13:awplus> enableawplus#

Chapter 47: Port-based and Tagged VLANs706Removing Untagged Ports from VLANsTo remove untagged ports from their current VLAN assignments and return th

AT-9000 Switch Command Line User’s Guide707Removing Tagged Ports from VLANsUse the SWITCHPORT TRUNK ALLOWED VLAN command to remove ports as tagged mem

Chapter 47: Port-based and Tagged VLANs708Deleting VLANsTo delete VLANs from the switch, use the NO VLAN command in the VLAN Configuration mode. You c

AT-9000 Switch Command Line User’s Guide709Displaying the VLANsTo display the VLANs on the switch, use the SHOW VLAN ALL command in the User Exec mode

Chapter 47: Port-based and Tagged VLANs710

711Chapter 48Port-based and Tagged VLAN CommandsThe VLAN commands are summarized in Table 71 and described in detail within the chapter.Table 71. Port

Chapter 2: Starting a Management Session46Saving YourChangesTo permanently save your changes in the active boot configuration file, use the WRITE comm

Chapter 48: Port-based and Tagged VLAN Commands712NO SWITCHPORT ACCESS VLANSyntaxno switchport access vlanParametersNoneModePort Interface modeDescrip

AT-9000 Switch Command Line User’s Guide713NO SWITCHPORT TRUNKSyntaxno switchport trunkParametersNoneModePort Interface modeDescriptionUse this comman

Chapter 48: Port-based and Tagged VLAN Commands714NO SWITCHPORT TRUNK NATIVE VLANSyntaxno switchport trunk native vlanParametersNoneModePort Interface

AT-9000 Switch Command Line User’s Guide715NO VLANSyntaxno vlan vidParametersvidSpecifies the VID of the VLAN you want to delete.ModeVLAN Configuratio

Chapter 48: Port-based and Tagged VLAN Commands716SHOW VLANSyntaxshow vlan vid |allParametersvidSpecifies the VID of the VLAN you want to display.allS

AT-9000 Switch Command Line User’s Guide717ExampleThe following example displays the tagged and untagged VLANs on the switch:awplus# show vlanState Th

Chapter 48: Port-based and Tagged VLAN Commands718SWITCHPORT ACCESS VLANSyntaxswitchport access vlan vidParametersvidSpecifies the ID number of the VL

AT-9000 Switch Command Line User’s Guide719ExamplesThis example adds ports 5 and 7 as untagged ports to a VLAN with the VID 12:awplus> enableawplus

Chapter 48: Port-based and Tagged VLAN Commands720SWITCHPORT MODE ACCESSSyntaxswitchport mode access [ingress-filter enable|disable]ParametersenableAc

AT-9000 Switch Command Line User’s Guide721SWITCHPORT MODE TRUNKSyntaxswitchport mode trunk [ingress-filter enable|disable]ParametersenableActivates i

AT-9000 Switch Command Line User’s Guide47Ending a Management SessionTo end a management session, go to either the Privileged Exec mode or the User Ex

Chapter 48: Port-based and Tagged VLAN Commands722This example designates port 18 as a tagged port and disables ingress filtering so that it accepts a

AT-9000 Switch Command Line User’s Guide723SWITCHPORT TRUNK ALLOWED VLANSyntaxes for Adding Tagged Ports to VLANsswitchport trunk allowed vlan allswit

Chapter 48: Port-based and Tagged VLAN Commands724 Ports can be tagged members of more than one VLAN at a time. The specified VLANs must already exi

AT-9000 Switch Command Line User’s Guide725This example adds ports 22 to 24 as tagged ports to all the VLANs, except for the VLAN with a VID of 11. Th

Chapter 48: Port-based and Tagged VLAN Commands726SWITCHPORT TRUNK NATIVE VLANSyntaxswitchport trunk native vlan vid|noneParametersvidSpecifies the VI

AT-9000 Switch Command Line User’s Guide727This example reestablishes the Default_VLAN as the native VLAN for tagged ports 18 and 20:awplus> enable

Chapter 48: Port-based and Tagged VLAN Commands728VLANSyntaxvlan vid [name name]ParametersvidSpecifies a VLAN identifier. The range is 2 to 4094. The

AT-9000 Switch Command Line User’s Guide729DescriptionUse this command to create port-based and tagged VLANs. You can create just one VLAN at a time.C

Chapter 48: Port-based and Tagged VLAN Commands730

731Chapter 49GARP VLAN Registration ProtocolThis chapter covers the following topics: “Overview” on page 732 “Guidelines” on page 735 “GVRP and Net

Chapter 2: Starting a Management Session48

Chapter 49: GARP VLAN Registration Protocol732OverviewThe GARP VLAN Registration Protocol (GVRP) allows network devices to share VLAN information and

AT-9000 Switch Command Line User’s Guide733Figure 137 provides an example of how GVRP works.Figure 137. GVRP ExampleThe example consists of three swit

Chapter 49: GARP VLAN Registration Protocol734Without GVRP, you would have to manually add the Sales VLAN to switch #2. But with GVRP, the VLAN is add

AT-9000 Switch Command Line User’s Guide735GuidelinesHere are the guidelines to GVRP: GVRP is supported with STP, RSTP, MSTP or without spanning tree

Chapter 49: GARP VLAN Registration Protocol736GVRP and Network SecurityGVRP should be used with caution because it can expose your network to unauthor

AT-9000 Switch Command Line User’s Guide737GVRP-inactive Intermediate SwitchesIf two GVRP-active devices are separated by a GVRP-inactive switch, the

Chapter 49: GARP VLAN Registration Protocol738Enabling GVRP on the SwitchThe command for enabling GVRP on the switch is found in the Global Configurat

AT-9000 Switch Command Line User’s Guide739Enabling GIP on the SwitchThe GARP Information Propagation (GIP) component can be enabled separately from G

Chapter 49: GARP VLAN Registration Protocol740Enabling GVRP on the PortsTo activate GVRP on the ports so that they transmit GVRP PDUs, use the GVRP RE

AT-9000 Switch Command Line User’s Guide741Setting the GVRP TimersThe switch has a Join Timer, a Leave Timer, and a Leave All Timer. You should not ch

49Chapter 3Basic Command Line ManagementThis chapter contains the following sections: “Clearing the Screen” on page 50 “Displaying the On-line Help”

Chapter 49: GARP VLAN Registration Protocol742Disabling GVRP Timers on the SwitchTo disable GVRP timer configurations, use the NO GVRP TIMER commands

AT-9000 Switch Command Line User’s Guide743Disabling GVRP on the PortsTo disable GVRP on the ports, use the GVRP REGISTRATION NONE command in the Port

Chapter 49: GARP VLAN Registration Protocol744Disabling GIP on the SwitchYou can disable the GARP Information Propagation (GIP) component separately f

AT-9000 Switch Command Line User’s Guide745Disabling GVRP on the SwitchTo disable GVRP to stop the switch from learning any further dynamic VLANs or G

Chapter 49: GARP VLAN Registration Protocol746Restoring the GVRP Default SettingsTo disable GVRP and to return the timers to their default settings, u

AT-9000 Switch Command Line User’s Guide747Displaying GVRPAlthough there are five commands that display GVRP information, you will probably only need

Chapter 49: GARP VLAN Registration Protocol748

749Chapter 50GARP VLAN Registration Protocol CommandsThe GARP VLAN registration protocol commands are summarized in Table 73 and described in detail w

Chapter 50: GARP VLAN Registration Protocol Commands750“SHOW GVRP APPLICANT” on page 764User Exec and Privileged ExecDisplays parameters for the GIP-c

AT-9000 Switch Command Line User’s Guide751CONVERT DYNAMIC VLANSyntaxconvert dynamic vlanParametersNoneModeVLAN Configuration modeDescriptionUse this

Chapter 3: Basic Command Line Management50Clearing the ScreenIf your screen becomes cluttered with commands, you can start fresh by entering the CLEAR

Chapter 50: GARP VLAN Registration Protocol Commands752GVRP APPLICANT STATE ACTIVESyntaxgvrp applicant state activeParametersNoneModeGlobal Configurat

AT-9000 Switch Command Line User’s Guide753GVRP APPLICANT STATE NORMALSyntaxgvrp applicant state normalParametersNoneModeGlobal Configuration modeDesc

Chapter 50: GARP VLAN Registration Protocol Commands754GVRP ENABLESyntaxgvrp enableParametersNoneModeGlobal Configuration modeDescriptionUse this comm

AT-9000 Switch Command Line User’s Guide755GVRP REGISTRATIONSyntaxgvrp registration normal|noneParametersnormalEnables GVRP on a port. This is the def

Chapter 50: GARP VLAN Registration Protocol Commands756GVRP TIMER JOINSyntaxgvrp timer join valueParametersvalueSpecifies the Join Timer in centisecon

AT-9000 Switch Command Line User’s Guide757GVRP TIMER LEAVESyntaxgvrp timer leave valueParametersvalueSpecifies the Leave Timer in centiseconds, which

Chapter 50: GARP VLAN Registration Protocol Commands758GVRP TIMER LEAVEALLSyntaxgvrp timer leaveall valueParametersvalueSpecifies the Leave All Timer

AT-9000 Switch Command Line User’s Guide759NO GVRP ENABLESyntaxno gvrp enableParametersNoneModeGlobal Configuration modeDescriptionUse this command to

Chapter 50: GARP VLAN Registration Protocol Commands760NO GVRP TIMER JOIN Syntaxno gvrp timer joinParametersNoneModeGlobal Configuration modeDescripti

AT-9000 Switch Command Line User’s Guide761NO GVRP TIMER LEAVESyntaxno gvrp timer leave valueParametersNoneModeGlobal Configuration modeDescriptionUse

AT-9000 Switch Command Line User’s Guide51Displaying the On-line HelpThe command line interface has an on-line help system to assist you with the comm

Chapter 50: GARP VLAN Registration Protocol Commands762NO GVRP TIMER LEAVEALLSyntaxno gvrp timer leaveallParametersNoneModeGlobal Configuration modeDe

AT-9000 Switch Command Line User’s Guide763PURGE GVRPSyntaxpurge gvrpParametersNoneModeGlobal Configuration modeDescriptionUse this command to disable

Chapter 50: GARP VLAN Registration Protocol Commands764SHOW GVRP APPLICANTSyntaxshow gvrp applicantParameterNoneModePrivileged Exec modeDescriptionUse

AT-9000 Switch Command Line User’s Guide765SHOW GVRP CONFIGURATIONSyntaxshow gvrp configurationParametersNoneModePrivileged Exec modeDescriptionUse th

Chapter 50: GARP VLAN Registration Protocol Commands766SHOW GVRP MACHINESyntaxshow gvrp machineParameterNoneModePrivileged Exec modeDescriptionUse thi

AT-9000 Switch Command Line User’s Guide767SHOW GVRP STATISTICSSyntaxshow gvrp statisticsParameterNoneModePrivileged Exec modeDescriptionUse this comm

Chapter 50: GARP VLAN Registration Protocol Commands768 Receive GARP Messages: Empty Transmit GARP Messages: Empty Receive GARP Messages: Bad Messa

AT-9000 Switch Command Line User’s Guide769SHOW GVRP TIMERSyntaxshow gvrp timerParameterNoneModePrivileged Exec modeDescriptionUse this command to dis

Chapter 50: GARP VLAN Registration Protocol Commands770

771Chapter 51MAC Address-based VLANsThis chapter contains the following topics: “Overview” on page 772 “Guidelines” on page 777 “General Steps” on

Contents8NO FLOWCONTROL ...

Chapter 3: Basic Command Line Management52Figure 27. Displaying the Class of a Parameterawplus> enableawplus# configure terminalawplus(config)# hos

Chapter 51: MAC Address-based VLANs772OverviewAs explained in Chapter 47, “Port-based and Tagged VLANs” on page 687, VLANs are used to create independ

AT-9000 Switch Command Line User’s Guide773Obviously, mapping source MAC addresses to egress ports can become cumbersome if you are dealing with a MAC

Chapter 51: MAC Address-based VLANs774The switch can support more than one MAC-address VLAN at a time, and ports can be egress members of more than on

AT-9000 Switch Command Line User’s Guide775 If the packet’s destination MAC address is in the MAC address table, but the port where the address was l

Chapter 51: MAC Address-based VLANs776VLAN Hierarchy The switch employs a VLAN hierarchy when handling untagged packets that arrive on a port that is

AT-9000 Switch Command Line User’s Guide777GuidelinesHere are the guidelines to MAC address-based VLANs: The switch can support up to a total of 4094

Chapter 51: MAC Address-based VLANs778General StepsThere are three main steps to creating a MAC address-based VLAN:1. Use the VLAN MACADDRESS command

AT-9000 Switch Command Line User’s Guide779Creating MAC Address-based VLANsThe VLAN MACADDRESS command in the VLAN Configuration mode is the first com

Chapter 51: MAC Address-based VLANs780Adding MAC Addresses to VLANs and Designating Egress PortsThe MAC addresses and egress ports are specified with

AT-9000 Switch Command Line User’s Guide781Removing MAC AddressesTo remove MAC addresses from egress ports in a MAC address-based VLAN, use the NO VLA

AT-9000 Switch Command Line User’s Guide53Saving Your Configuration ChangesTo permanently save your changes to the parameter settings on the switch, y

Chapter 51: MAC Address-based VLANs782Deleting VLANsTo delete MAC address-based VLANs from the switch, use the NO VLAN command in the VLAN Configurati

AT-9000 Switch Command Line User’s Guide783Displaying VLANsTo display the MAC address-based VLANS on the switch, use the SHOW VLAN MACADDRESS command

Chapter 51: MAC Address-based VLANs784Example of Creating a MAC Address-based VLANHere is an example of how to create this type of VLAN. This example

AT-9000 Switch Command Line User’s Guide785Use the VLAN SET MACADDRESS command in the Port Interface mode to designate port 1 as an egress port of all

Chapter 51: MAC Address-based VLANs786

787Chapter 52MAC Address-based VLAN CommandsThe MAC address-based VLAN commands are summarized in Table 77 and described in detail within the chapter.

Chapter 52: MAC Address-based VLAN Commands788NO VLANSyntaxno vlan vidParametersvidSpecifies the VID of the VLAN you want to delete. You can specify j

AT-9000 Switch Command Line User’s Guide789NO VLAN MACADDRESS (Global Configuration Mode)Syntaxno vlan vid macaddress|destaddress mac-addressParameter

Chapter 52: MAC Address-based VLAN Commands790NO VLAN MACADDRESS (Port Interface Mode)Syntaxno vlan vid macaddress|destaddress mac-addressParametersvi

AT-9000 Switch Command Line User’s Guide791This example removes the MAC address 00:30:84:75:11:B2 from the egress port 11 to 14 in a VLAN with the VID

Chapter 3: Basic Command Line Management54Ending a Management SessionTo end a management session, go to either the Privileged Exec mode or the User Ex

Chapter 52: MAC Address-based VLAN Commands792SHOW VLAN MACADDRESSSyntaxshow vlan macaddressParametersNoneModePrivileged Exec modeDescriptionUse this

AT-9000 Switch Command Line User’s Guide793The information is described here.ExampleThe following example displays the MAC addresses and egress ports

Chapter 52: MAC Address-based VLAN Commands794VLAN MACADDRESSSyntaxvlan vid name name type macaddressParametersvidSpecifies a VLAN identifier in the r

AT-9000 Switch Command Line User’s Guide795ExampleThis example creates a MAC address-based VLAN that has the name Sales and the VID 3:awplus> enabl

Chapter 52: MAC Address-based VLAN Commands796VLAN SET MACADDRESS (Global Configuration Mode)Syntaxvlan set vid macaddress|destaddress mac-addressPara

AT-9000 Switch Command Line User’s Guide797This example adds the MAC address 00:30:84:32:76:1A to a MAC address-based VLAN with the VID 12:awplus>

Chapter 52: MAC Address-based VLAN Commands798VLAN SET MACADDRESS (Port Interface Mode)Syntaxvlan set vid macaddress|destaddress mac-addressParameters

AT-9000 Switch Command Line User’s Guide799This example assigns the MAC address 00:30:84:75:11:B2 to ports 11 to 14 in a VLAN that has the VID 24:awpl

Chapter 52: MAC Address-based VLAN Commands800

801Chapter 53 Private Port VLANsThis chapter provides the following topics: “Overview” on page 802 “Guidelines” on page 804 “Creating Private VLANs

55Chapter 4Basic Command Line Management CommandsThe basic command line commands are summarized in Table 5.Table 5. Basic Command Line CommandsCommand

Chapter 53: Private Port VLANs802OverviewPrivate VLANs (also called private port VLANs) create special broadcast domains in which the traffic of the m

AT-9000 Switch Command Line User’s Guide803Private VLANFunctionalityThe following describes host and uplink port functionality in a private VLAN, and

Chapter 53: Private Port VLANs804GuidelinesHere are the guidelines to private VLANs: A private VLAN can have any number of host ports, up to all the

AT-9000 Switch Command Line User’s Guide805Creating Private VLANsThe command to initially create private VLANs is the PRIVATE-VLAN command in the VLAN

Chapter 53: Private Port VLANs806Adding Host and Uplink PortsPrivate VLANs have host ports and uplink ports. A private VLAN can have more than one upl

AT-9000 Switch Command Line User’s Guide807Deleting VLANsTo delete private VLANs from the switch, use the NO VLAN command in the VLAN Configuration mo

Chapter 53: Private Port VLANs808Displaying Private VLANsThe SHOW VLAN PRIVATE-VLAN command in the Privileged Exec mode displays the private VLANs cur

809Chapter 54Private Port VLAN CommandsThe private port VLAN commands are summarized in Table 79 and described in detail within the chapter.Table 79.

Chapter 54: Private Port VLAN Commands810NO VLANSyntaxno vlan vidParametersvidSpecifies the VID of the VLAN you want to delete. You can specify just o

AT-9000 Switch Command Line User’s Guide811PRIVATE-VLANSyntaxprivate-vlan vidParametersvidSpecifies a VLAN identifier. The range is 2 to 4094. The VID

Chapter 4: Basic Command Line Management Commands56“QUIT” on page 70 All modes except the User Exec and Privileged ExecMoves you up one mode.“WRITE” o

Chapter 54: Private Port VLAN Commands812SHOW VLAN PRIVATE-VLANSyntaxshow vlan private-vlanParametersNoneModePrivileged Exec modeDescriptionUse this c

AT-9000 Switch Command Line User’s Guide813SWITCHPORT MODE PRIVATE-VLAN HOSTSyntaxswitchport mode private-vlan host vidParametersvidSpecifies the VID

Chapter 54: Private Port VLAN Commands814SWITCHPORT MODE PRIVATE-VLAN PROMISCUOUSSyntaxswitchport mode private-vlan promiscuous vidParametersvidSpecif

815Chapter 55Voice VLAN CommandsThe voice VLAN commands are summarized in Table 80 and described in detail within the chapter.Table 80. Voice VLAN Com

Chapter 55: Voice VLAN Commands816NO SWITCHPORT VOICE VLANSyntaxno switchport voice vlanParametersNoneModePort Interface modeDescriptionUse this comma

AT-9000 Switch Command Line User’s Guide817SWITCHPORT VOICE DSCPSyntaxswitchport voice dscp valueParametersvalueSpecifies a DSCP value of 0 to 63. You

Chapter 55: Voice VLAN Commands818SWITCHPORT VOICE VLANSyntaxswitchport voice vlan vidParametersvidSpecifies the ID number (VID) of the VLAN that func

AT-9000 Switch Command Line User’s Guide819ExampleThis example adds ports 5 through 16 to a voice VLAN that has a VID of 12:awplus> enableawplus# c

Chapter 55: Voice VLAN Commands820SWITCHPORT VOICE VLAN PRIORITYSyntaxswitchport voice vlan priority valueParametersvalueSpecifies a Class of Service

821Chapter 56VLAN StackingThis chapter provides the following topics: “Overview” on page 822 “Components” on page 824 “VLAN Stacking Process” on pa

AT-9000 Switch Command Line User’s Guide57? (Question Mark Key)Syntax?ParametersNoneModesAll modesDescriptionUse the question mark key to display on-l

Chapter 56: VLAN Stacking822 Section III: File SystemOverviewVLAN stacking is a way to label tagged and untagged packets with new 802.1Q headers. In t

AT-9000 Switch Command Line User’s GuideSection III: File System 823when they exit the network. The inner VID is native to the packets, but is ignored

Chapter 56: VLAN Stacking824 Section III: File SystemComponentsThere are four components to VLAN stacking: VLAN Customer ports Provider port Ether

AT-9000 Switch Command Line User’s GuideSection III: File System 825VLAN Stacking ProcessFigure 146 illustrates the VLAN stacking process.Figure 146.

Chapter 56: VLAN Stacking826 Section III: File SystemExample of VLAN StackingHere is an example of how to configure VLAN stacking. In the example, the

AT-9000 Switch Command Line User’s GuideSection III: File System 827The next steps add the customer ports to the VLAN.This series of steps adds the pr

Chapter 56: VLAN Stacking828 Section III: File SystemThe final series of steps changes the EtherType/Length value to 0x8100.awplus(config-if)# switchp

AT-9000 Switch Command Line User’s GuideSection III: File System 829awplus(config)# platform vlan-stacking-tpid 8100Change the EtherType/Length value

Chapter 56: VLAN Stacking830 Section III: File System

831Chapter 57VLAN Stacking CommandsThe VLAN stacking commands are summarized in Table 82.Table 82. VLAN Stacking CommandsCommand Mode Description“NO

Chapter 4: Basic Command Line Management Commands58This example displays the class of the value for the SPANNING-TREE HELLO-TIME command in the Global

Chapter 57: VLAN Stacking Commands832 Section III: File SystemNO SWITCHPORT VLAN-STACKINGSyntaxno switchport vlan-stackingParametersNone.ModePort Inte

AT-9000 Switch Command Line User’s GuideSection III: File System 833PLATFORM VLAN-STACKING-TPIDSyntaxplatform vlan-stacking-tpid tpidParameterstpid Sp

Chapter 57: VLAN Stacking Commands834 Section III: File SystemSHOW VLAN VLAN-STACKINGSyntaxshow vlan vlan-stackingParametersNone.ModePort Interface mo

AT-9000 Switch Command Line User’s GuideSection III: File System 835SWITCHPORT VLAN-STACKINGSyntaxswitchport vlan-stacking customer-edge-port|provider

Chapter 57: VLAN Stacking Commands836 Section III: File System

837Section VIIIPort SecurityThis section contains the following chapters: Chapter 58, “MAC Address-based Port Security” on page 839 Chapter 59, “MAC

838

839Chapter 58MAC Address-based Port SecurityThis chapter contains the following topics: “Overview” on page 840 “Configuring Ports” on page 842 “Ena

Chapter 58: MAC Address-based Port Security840OverviewThis feature lets you control access to the ports on the switch based on the source MAC addresse

AT-9000 Switch Command Line User’s Guide841after learning three addresses. The switch also sends an SNMP trap.Guidelines Here are the guidelines to MA

AT-9000 Switch Command Line User’s Guide59CLEAR SCREENSyntaxclear screenParametersNoneModesUser Exec and Privileged Exec modesDescriptionUse this comm

Chapter 58: MAC Address-based Port Security842Configuring PortsThere are three things you need to decide before you configure MAC address-based port s

AT-9000 Switch Command Line User’s Guide843awplus> enableawplus# configure terminalawplus(config)# interface port1.0.4,port1.0.5awplus(config-if)#

Chapter 58: MAC Address-based Port Security844Enabling MAC Address-based Security on PortsAfter you have configured a port for MAC address-based secur

AT-9000 Switch Command Line User’s Guide845Disabling MAC Address-based Security on PortsTo remove MAC address-based security from ports, use the NO SW

Chapter 58: MAC Address-based Port Security846Displaying Port SettingsThere are two commands that display information about the MAC address-based port

AT-9000 Switch Command Line User’s Guide847Figure 149 on page 847 is an example of the information.Figure 149. Example of SHOW PORT-SECURITY INTRUSION

Chapter 58: MAC Address-based Port Security848

849Chapter 59MAC Address-based Port Security CommandsThe MAC address-based port security commands are summarized in Table 84 and described in detail w

Chapter 59: MAC Address-based Port Security Commands850NO SWITCHPORT PORT-SECURITYSyntaxno switchport port-securityParametersNoneModePort Interface mo

AT-9000 Switch Command Line User’s Guide851NO SWITCHPORT PORT-SECURITY AGINGSyntaxno switchport port-security agingParametersNoneModePort Interface mo

Chapter 4: Basic Command Line Management Commands60CONFIGURE TERMINALSyntaxconfigure terminalParametersNoneModePrivileged Exec modeDescriptionUse this

Chapter 59: MAC Address-based Port Security Commands852SHOW PORT-SECURITY INTERFACESyntaxshow port-security interface portParametersportSpecifies the

AT-9000 Switch Command Line User’s Guide853Port Status The status of the port. The status can be Enabled or Disabled. A port that has a status of Enab

Chapter 59: MAC Address-based Port Security Commands854ExampleThis example displays the port security settings for ports 5 to 8:awplus# show port-secu

AT-9000 Switch Command Line User’s Guide855SHOW PORT-SECURITY INTRUSION INTERFACESyntaxshow port-security intrusion interface portParameterportSpecifi

Chapter 59: MAC Address-based Port Security Commands856Figure 152. Example of SHOW PORT-SECURITY INTRUSION INTERFACE CommandPort Security Intrusion Li

AT-9000 Switch Command Line User’s Guide857SWITCHPORT PORT-SECURITYSyntaxswitchport port-securityParametersNoneModePort Interface modeDescriptionUse t

Chapter 59: MAC Address-based Port Security Commands858SWITCHPORT PORT-SECURITY AGINGSyntaxswitchport port-security agingParametersNoneModePort Interf

AT-9000 Switch Command Line User’s Guide859SWITCHPORT PORT-SECURITY MAXIMUMSyntaxswitchport port-security maximum valueParametersvalueSpecifies the ma

Chapter 59: MAC Address-based Port Security Commands860SWITCHPORT PORT-SECURITY VIOLATIONSyntaxswitchport port-security violation protect|restrict|shu

AT-9000 Switch Command Line User’s Guide861This example sets the intrusion action for ports 22 to 24 to restrict. After learning their maximum numbers

AT-9000 Switch Command Line User’s Guide61COPY RUNNING-CONFIG STARTUP-CONFIGSyntaxcopy running-config startup-configParametersNoneModePrivileged Exec

Chapter 59: MAC Address-based Port Security Commands862

863Chapter 60802.1x Port-based Network Access ControlThis chapter contains the following topics: “Overview” on page 864 “Authentication Process” on

Chapter 60: 802.1x Port-based Network Access Control864OverviewThis chapter explains 802.1x port-based network access control. This port security feat

AT-9000 Switch Command Line User’s Guide865Authentication ProcessBelow is a brief overview of the authentication process that occurs between a supplic

Chapter 60: 802.1x Port-based Network Access Control866Port RolesPart of the task to implementing this feature is specifying the roles of the ports on

AT-9000 Switch Command Line User’s Guide867Authentication Methods for Authenticator PortsAuthenticator ports support two authentication methods: 802.

Chapter 60: 802.1x Port-based Network Access Control868Operational Settings for Authenticator PortsAn authenticator port can have one of three possibl

AT-9000 Switch Command Line User’s Guide869Operating Modes for Authenticator PortsAuthenticator ports have three modes: Single host mode Multi host

Chapter 60: 802.1x Port-based Network Access Control870Note, however, that should the client who performed the initial log on fail to periodically rea

AT-9000 Switch Command Line User’s Guide871As mentioned earlier, should the client who performed the initial logon fail to reauthenticate when necessa

AT-9000 Switch Command Line User’s Guide9SHOW POWER-INLINE COUNTERS INTERFACE ...

Chapter 4: Basic Command Line Management Commands62DISABLESyntaxdisableParametersNoneModePrivileged Exec modeDescriptionUse this command to return to

Chapter 60: 802.1x Port-based Network Access Control872Figure 155. Multi Supplicant ModeRADIUSAuthenticationServerPort 6Role: AuthenticatorOperating M

AT-9000 Switch Command Line User’s Guide873Supplicant and VLAN AssociationsOne of the challenges to managing a network is accommodating end users who

Chapter 60: 802.1x Port-based Network Access Control874Single Host Mode Here are the operating characteristics for the switch when an authenticator po

AT-9000 Switch Command Line User’s Guide875Supplicant VLANAttributes on theRADIUS ServerThe following information must be entered as part of a supplic

Chapter 60: 802.1x Port-based Network Access Control876Guest VLANAn authenticator port in the unauthorized state typically accepts and transmits only

AT-9000 Switch Command Line User’s Guide877RADIUS AccountingThe switch supports RADIUS accounting on authenticator ports. This feature sends informati

Chapter 60: 802.1x Port-based Network Access Control878General StepsHere are the general steps to implementing 802.1x Port-based Network Access Contro

AT-9000 Switch Command Line User’s Guide879GuidelinesHere are the general guidelines to this feature: Ports operating under port-based access control

Chapter 60: 802.1x Port-based Network Access Control880 Authenticator and supplicant ports must be untagged ports. They cannot be tagged ports. Auth

AT-9000 Switch Command Line User’s Guide881Enabling 802.1x Port-Based Network Access Control on the SwitchTo activate 802.1x Port-based Network Access

AT-9000 Switch Command Line User’s Guide63DOSyntaxdo commandParametercommandSpecifies the Privileged Exec mode command to perform. ModeGlobal Configur

Chapter 60: 802.1x Port-based Network Access Control882Configuring Authenticator PortsDesignatingAuthenticatorPortsYou have to designate ports as auth

AT-9000 Switch Command Line User’s Guide883awplus> enableawplus# configure terminalawplus(config)# interface port1.0.16awplus(config-if)# auth-mac

Chapter 60: 802.1x Port-based Network Access Control884This example configures port 8 to use the multi host mode so that it forwards traffic from all

AT-9000 Switch Command Line User’s Guide885Configuring ReauthenticationTable 86 lists the commands in the Port Interface mode for configuring reauthen

Chapter 60: 802.1x Port-based Network Access Control886Removing Ports from the Authenticator RoleTo remove ports from the authenticator role so that t

AT-9000 Switch Command Line User’s Guide887Disabling 802.1x Port-Based Network Access Control on the SwitchTo disable 802.1x port-based network access

Chapter 60: 802.1x Port-based Network Access Control888Displaying Authenticator PortsTo view the settings of authenticator ports on the switch, use th

AT-9000 Switch Command Line User’s Guide889Displaying EAP Packet StatisticsTo display EAP packet statistics of authenticator ports, use the SHOW DOT1X

Chapter 60: 802.1x Port-based Network Access Control890

891Chapter 61802.1x Port-based Network Access Control CommandsThe 802.1x port-based network access control commands are summarized in Table 87 and des

Chapter 4: Basic Command Line Management Commands64ENABLESyntaxenableParametersNoneModeUser Exec mode DescriptionUse this command to move from the Use

Chapter 61: 802.1x Port-based Network Access Control Commands892“AUTH-MAC REAUTH-RELEARNING” on page 906Port Interface Forces ports that are using MAC

AT-9000 Switch Command Line User’s Guide893“NO AUTH-MAC ENABLE” on page 921Port Interface Deactivates MAC address-based authentication on authenticato

Chapter 61: 802.1x Port-based Network Access Control Commands894AAA AUTHENTICATION DOT1X DEFAULT GROUP RADIUSSyntaxaaa authentication dot1x default gr

AT-9000 Switch Command Line User’s Guide895AUTH DYNAMIC-VLAN-CREATIONSyntaxauth dynamic-vlan-creation single| multiParameterssingleSpecifies that an a

Chapter 61: 802.1x Port-based Network Access Control Commands896This example activates dynamic VLAN assignment on authenticator port 4. When the initi

AT-9000 Switch Command Line User’s Guide897AUTH GUEST-VLANSyntaxauth guest-vlan vidParametersvidSpecifies the ID number of a VLAN that is the guest VL

Chapter 61: 802.1x Port-based Network Access Control Commands898AUTH HOST-MODESyntaxauth host-mode single-host| multi-host| multi-supplicantParameters

AT-9000 Switch Command Line User’s Guide899This example configures authenticator port 8 to the multi host operating mode, so that networks users can u

Chapter 61: 802.1x Port-based Network Access Control Commands900AUTH REAUTHENTICATIONSyntaxauth reauthenticationParametersNoneModePort Interface modeD

AT-9000 Switch Command Line User’s Guide901AUTH TIMEOUT QUIET-PERIODSyntaxauth timeout quiet-period valueParametersquiet-periodSets the number of seco

AT-9000 Switch Command Line User’s Guide65ENDSyntaxendParametersNoneModeAll modes below the Global Configuration mode.DescriptionUse this command to r

Chapter 61: 802.1x Port-based Network Access Control Commands902AUTH TIMEOUT REAUTH-PERIODSyntaxauth timeout reauth-period valueParametersreauth-perio

AT-9000 Switch Command Line User’s Guide903AUTH TIMEOUT SERVER-TIMEOUTSyntaxauth timeout server-timeout valueParametersserver-timeoutSets the timer us

Chapter 61: 802.1x Port-based Network Access Control Commands904AUTH TIMEOUT SUPP-TIMEOUTSyntaxauth timeout supp-timeout valueParameterssupp-timeoutSe

AT-9000 Switch Command Line User’s Guide905AUTH-MAC ENABLESyntaxauth-mac enableParametersNoneModePort Interface modeDescriptionUse this command to act

Chapter 61: 802.1x Port-based Network Access Control Commands906AUTH-MAC REAUTH-RELEARNINGSyntaxauth-mac reauth-relearningParametersNoneModePrivileged

AT-9000 Switch Command Line User’s Guide907DOT1X CONTROL-DIRECTIONSyntaxdot1x control-direction in|bothParametersdirSpecifies whether authenticator po

Chapter 61: 802.1x Port-based Network Access Control Commands908broadcast and multicast packets while discarding ingress broadcast and multicast traff

AT-9000 Switch Command Line User’s Guide909DOT1X EAPSyntaxdot1x eap discard|forward|forward-untagged-vlan|forward-vlanParametersdiscardDiscards all in

Chapter 61: 802.1x Port-based Network Access Control Commands910This example configures the switch to discard all EAP packets when 802.1x authenticati

AT-9000 Switch Command Line User’s Guide911DOT1X INITIALIZE INTERFACESyntaxdot1x initialize interface portParametersportSpecifies a port. You can ente

Chapter 4: Basic Command Line Management Commands66EXITSyntaxexitParametersNoneModeAll modesDescriptionUse this command to move down one mode in the m

Chapter 61: 802.1x Port-based Network Access Control Commands912DOT1X MAX-REAUTH-REQSyntaxdot1x max-reauth-req valueParametersmax-reauth-reqSpecifies

AT-9000 Switch Command Line User’s Guide913DOT1X PORT-CONTROL AUTOSyntaxdot1x port-control autoParametersNoneModePort Interface modeDescriptionUse thi

Chapter 61: 802.1x Port-based Network Access Control Commands914DOT1X PORT-CONTROL FORCE-AUTHORIZEDSyntaxdot1x port-control force-authorizedParameters

AT-9000 Switch Command Line User’s Guide915DOT1X PORT-CONTROL FORCE-UNAUTHORIZEDSyntaxdot1x port-control force-unauthorizedParametersNoneModePort Inte

Chapter 61: 802.1x Port-based Network Access Control Commands916DOT1X TIMEOUT TX-PERIODSyntaxdot1x timeout tx-period valueParametersvalueSets the numb

AT-9000 Switch Command Line User’s Guide917NO AAA AUTHENTICATION DOT1X DEFAULT GROUP RADIUSSyntaxno aaa authentication dot1x default group radiusParam

Chapter 61: 802.1x Port-based Network Access Control Commands918NO AUTH DYNAMIC-VLAN-CREATIONSyntaxno auth dynamic-vlan-creationParametersNoneModePort

AT-9000 Switch Command Line User’s Guide919NO AUTH GUEST-VLANSyntaxno auth guest-vlanParametersNoneModePort Interface modeDescriptionUse this command

Chapter 61: 802.1x Port-based Network Access Control Commands920NO AUTH REAUTHENTICATIONSyntaxno auth reauthenticationParametersNoneModePort Interface

AT-9000 Switch Command Line User’s Guide921NO AUTH-MAC ENABLESyntaxno auth-mac enableParametersNoneModePort Interface modeDescriptionUse this command

AT-9000 Switch Command Line User’s Guide67LENGTHSyntaxlength valueParametersvalueSpecifies the maximum number of lines that the SHOW commands display

Chapter 61: 802.1x Port-based Network Access Control Commands922NO DOT1X PORT-CONTROLSyntaxno dot1x port-controlParametersNoneModePort Interface modeD

AT-9000 Switch Command Line User’s Guide923SHOW AUTH-MAC INTERFACESyntaxshow auth-mac interface portParametersportSpecifies a port. You can display mo

Chapter 61: 802.1x Port-based Network Access Control Commands924SHOW AUTH-MAC SESSIONSTATISTICS INTERFACESyntaxshow auth-mac sessionstatistics interfa

AT-9000 Switch Command Line User’s Guide925SHOW AUTH-MAC STATISTICS INTERFACESyntaxshow auth-mac statistics interface portParametersportSpecifies a po

Chapter 61: 802.1x Port-based Network Access Control Commands926SHOW AUTH-MAC SUPPLICANT INTERFACESyntaxshow auth-mac supplicant interface portParamet

AT-9000 Switch Command Line User’s Guide927SHOW DOT1XSyntaxshow dot1xParametersNoneModePrivileged Exec modeDescriptionUse this command to display whet

Chapter 61: 802.1x Port-based Network Access Control Commands928SHOW DOT1X INTERFACESyntaxshow dot1x interface portParametersportSpecifies a port. You

AT-9000 Switch Command Line User’s Guide929SHOW DOT1X STATISTICS INTERFACESyntaxshow dot1x statistics interface portParametersportSpecifies a port. Yo

Chapter 61: 802.1x Port-based Network Access Control Commands930SHOW DOT1X SUPPLICANT INTERFACESyntaxshow dot1x supplicant interface port [brief]Param

931Section IXSimple Network Management ProtocolsThis section contains the following chapters: Chapter 62, “SNMPv1 and SNMPv2c” on page 933 Chapter 6

Chapter 4: Basic Command Line Management Commands68This example returns the number of lines to the default setting for local management sessions:awplu

932

933Chapter 62SNMPv1 and SNMPv2cThis chapter contains the following topics: “Overview” on page 934 “Enabling SNMPv1 and SNMPv2c” on page 936 “Creati

Chapter 62: SNMPv1 and SNMPv2c934OverviewThe Simple Network Management Protocol (SNMP) is another way for you to monitor and configure the switch. Thi

AT-9000 Switch Command Line User’s Guide935To configure the switch to send trap or inform messages, you have to add to one or more of the community st

Chapter 62: SNMPv1 and SNMPv2c936Enabling SNMPv1 and SNMPv2cTo enable SNMP on the switch, use the SNMP-SERVER command, found in the Global Configurati

AT-9000 Switch Command Line User’s Guide937Creating Community StringsTo create SNMPv1 and SNMPv2c community strings, use the SNMP-SERVER COMMUNITY com

Chapter 62: SNMPv1 and SNMPv2c938Adding or Removing IP Addresses of Trap or Inform ReceiversThe command to add IP addresses of trap or inform receiver

AT-9000 Switch Command Line User’s Guide939This example assigns the IP address 143.154.76.17 as an inform message receiver to the community string “st

Chapter 62: SNMPv1 and SNMPv2c940Deleting Community StringsTo delete community strings, use the NO SNMP-SERVER COMMUNITY command. Here is the format:n

AT-9000 Switch Command Line User’s Guide941Disabling SNMPv1 and SNMPv2cTo disable SNMP on the switch, use the NO SNMP-SERVER command. You cannot remot

AT-9000 Switch Command Line User’s Guide69LOGOUTSyntaxlogoutParametersNoneModeUser Exec and Privileged Exec modesDescriptionUse this command to end a

Chapter 62: SNMPv1 and SNMPv2c942Displaying SNMPv1 and SNMPv2cTo learn whether SNMP is enabled or disabled on the switch, go to the Privileged Exec mo

AT-9000 Switch Command Line User’s Guide943To view the trap and inform receivers assigned to the community strings, use the SHOW RUNNING-CONFIG SNMP c

Chapter 62: SNMPv1 and SNMPv2c944

945Chapter 63SNMPv1 and SNMPv2c CommandsThe SNMPv1 and SNMPv2c commands are summarized in Table 88 and described in detail within the chapter.Table 88

Chapter 63: SNMPv1 and SNMPv2c Commands946“SHOW SNMP-SERVER VIEW” on page 959Privileged Exec Displays the SNMP views.“SNMP-SERVER” on page 960 Global

AT-9000 Switch Command Line User’s Guide947NO SNMP-SERVERSyntaxno snmp-serverParametersNoneModeGlobal Configuration modeDescriptionUse this command to

Chapter 63: SNMPv1 and SNMPv2c Commands948NO SNMP-SERVER COMMUNITYSyntaxno snmp-server community communityParametercommunitySpecifies an SNMP communit

AT-9000 Switch Command Line User’s Guide949NO SNMP-SERVER ENABLE TRAPSyntaxno snmp-server enable trapParametersNoneModeGlobal Configuration modeDescri

Chapter 63: SNMPv1 and SNMPv2c Commands950NO SNMP-SERVER ENABLE TRAP AUTHSyntaxno snmp-server enable trap authParametersNoneModeGlobal Configuration m

AT-9000 Switch Command Line User’s Guide951NO SNMP-SERVER HOSTSyntaxno snmp-server host ipaddress traps|informs version 1|2c community_stringParameter

Chapter 4: Basic Command Line Management Commands70QUITSyntaxquitParametersNoneModeAll modes except the User Exec and Privileged Exec modes.Descriptio

Chapter 63: SNMPv1 and SNMPv2c Commands952ExamplesThis example removes the IPv4 address 115.124.187.4 of a trap receiver from the private community st

AT-9000 Switch Command Line User’s Guide953NO SNMP-SERVER VIEWSyntaxno snmp-server view viewname oidParametersviewnameSpecifies the name of the view t

Chapter 63: SNMPv1 and SNMPv2c Commands954NO SNMP TRAP LINK-STATUSSyntaxno snmp trap link-statusParametersNoneModePort Interface modeDescriptionUse th

AT-9000 Switch Command Line User’s Guide955SHOW RUNNING-CONFIG SNMPSyntaxshow running-config snmpParametersNoneModePrivileged Exec modeDescriptionUse

Chapter 63: SNMPv1 and SNMPv2c Commands956SHOW SNMP-SERVERSyntaxshow snmp-serverParametersNoneModePrivileged Exec modeDescriptionUse this command to d

AT-9000 Switch Command Line User’s Guide957SHOW SNMP-SERVER COMMUNITYSyntaxshow snmp-server communityParametersNoneModePrivileged Exec modeDescription

Chapter 63: SNMPv1 and SNMPv2c Commands958ExampleThis example displays the SNMPv1 and SNMPv2c community strings:awplus# show snmp-server community

AT-9000 Switch Command Line User’s Guide959SHOW SNMP-SERVER VIEWSyntaxshow snmp-server viewParametersNoneModePrivileged Exec modeDescriptionUse this c

Chapter 63: SNMPv1 and SNMPv2c Commands960SNMP-SERVERSyntaxsnmp-serverParametersNoneModeGlobal Configuration modeDescriptionUse this command to activa

AT-9000 Switch Command Line User’s Guide961SNMP-SERVER COMMUNITYSyntaxsnmp-server community community rw|roParameterscommunitySpecifies a new communit

AT-9000 Switch Command Line User’s Guide71WRITESyntaxwriteParametersNoneModePrivileged Exec modeDescriptionUse this command to update the active boot

Chapter 63: SNMPv1 and SNMPv2c Commands962SNMP-SERVER ENABLE TRAPSyntaxsnmp-server enable trapParametersNoneModeGlobal Configuration modeDescriptionUs

AT-9000 Switch Command Line User’s Guide963SNMP-SERVER ENABLE TRAP AUTHSyntaxsnmp-server enable trap authParametersNoneModeGlobal Configuration modeDe

Chapter 63: SNMPv1 and SNMPv2c Commands964SNMP-SERVER HOSTSyntaxsnmp-server host ipaddress traps|informs version 1|2c communityParametersipaddressSpec

AT-9000 Switch Command Line User’s Guide965ExamplesThis example assigns the IPv4 address 149.44.12.44 of a trap receiver to the private community stri

Chapter 63: SNMPv1 and SNMPv2c Commands966SNMP-SERVER VIEWSyntaxsnmp-server view viewname oid excluded|includedParametersviewnameSpecifies the name of

AT-9000 Switch Command Line User’s Guide967This example creates the new view “AlliedTelesis” that limits the available MIB objects to those in the OID

Chapter 63: SNMPv1 and SNMPv2c Commands968SNMP TRAP LINK-STATUSSyntaxsnmp trap link-statusParametersNoneModePort Interface modeDescriptionUse this com

969Chapter 64SNMPv3 CommandsThe SNMPv3 commands are summarized in Table 91 and described in detail within the chapter.Table 91. SNMPv3 CommandsCommand

Chapter 64: SNMPv3 Commands970“SNMP-SERVER GROUP” on page 985Global ConfigurationCreates SNMPv3 groups.“SNMP-SERVER HOST” on page 987 Global Configura

AT-9000 Switch Command Line User’s Guide971NO SNMP-SERVERSyntaxno snmp-serverParametersNoneModeGlobal Configuration modeDescriptionUse this command to