Allied-telesis AT-FS970M Series Bedienungsanleitung

613-001916 Rev. AAT-FS970M SeriesFast Ethernet Switches AT-FS970M/8 AT-FS970M/8PS AT-FS970M/8PS-E AT-FS970M/24C AT-FS970M/24PS AT-FS970M/48 AT-

Contents10Chapter 17: Domain Name System (DNS) ...351Over

Chapter 4: Basic Command Line Management Commands100 SHOW SYSTEM  WRITEExamplesThis example performs the SHOW INTERFACE command for port 4 from the

Chapter 64: Private Port VLANs1000Displaying Private VLANsThe SHOW VLAN PRIVATE-VLAN command in the Privileged Exec mode displays the private VLANs cu

1001Chapter 65Private Port VLAN CommandsThe private port VLAN commands are summarized in Table 105 and described in detail within the chapter.Table 10

Chapter 65: Private Port VLAN Commands1002NO VLANSyntaxno vlan vidParametersvidSpecifies the VID of the VLAN you want to delete. You can specify just

AT-FS970M Switch Command Line User’s Guide1003PRIVATE-VLANSyntaxprivate-vlan vidParametersvidSpecifies a VLAN identifier. The range is 2 to 4094. The

Chapter 65: Private Port VLAN Commands1004SHOW VLAN PRIVATE-VLANSyntaxshow vlan private-vlanParametersNoneModePrivileged Exec modeDescriptionUse this

AT-FS970M Switch Command Line User’s Guide1005SWITCHPORT MODE PRIVATE-VLAN HOSTSyntaxswitchport mode private-vlan host vidParametersvidSpecifies the V

Chapter 65: Private Port VLAN Commands1006SWITCHPORT MODE PRIVATE-VLAN PROMISCUOUSSyntaxswitchport mode private-vlan promiscuous vidParametersvidSpeci

1007Chapter 66Voice VLAN CommandsThe voice VLAN commands are summarized in Table 106 and described in detail within the chapter.Table 106. Voice VLAN

Chapter 66: Voice VLAN Commands1008NO SWITCHPORT VOICE VLANSyntaxno switchport voice vlanParametersNoneModePort Interface modeDescriptionUse this comm

AT-FS970M Switch Command Line User’s Guide1009SWITCHPORT VOICE DSCPSyntaxswitchport voice dscp valueParametersvalueSpecifies a DSCP value of 0 to 63.M

AT-FS970M Switch Command Line User’s Guide101ENABLESyntaxenableParametersNoneModeUser Exec mode DescriptionUse this command to move from the User Exec

Chapter 66: Voice VLAN Commands1010SWITCHPORT VOICE VLANSyntaxswitchport voice vlan <vid>|priority <value>|dynamicParametersvidSpecifies t

AT-FS970M Switch Command Line User’s Guide1011 There is an LLDP-MED device connected to the port.To set the priority value to be advertised for tagge

Chapter 66: Voice VLAN Commands1012accept packet):awplus> enableawplus# configure terminalawplus(config)# interface port1.0.1awplus(config-if)# swi

1013Section IXPort SecurityThis section contains the following chapters: Chapter 67, “MAC Address-based Port Security” on page 1015 Chapter 68, “MAC

1014

1015Chapter 67MAC Address-based Port SecurityThis chapter contains the following topics: “Overview” on page 1016 “Configuring Ports” on page 1018 “

Chapter 67: MAC Address-based Port Security1016OverviewThis feature lets you control access to the ports on the switch based on the source MAC address

AT-FS970M Switch Command Line User’s Guide1017after learning three addresses. The switch also sends an SNMP trap.Guidelines Here are the guidelines to

Chapter 67: MAC Address-based Port Security1018Configuring PortsThere are three things you need to decide before you configure MAC address-based port

AT-FS970M Switch Command Line User’s Guide1019awplus> enableawplus# configure terminalawplus(config)# interface port1.0.4,port1.0.5awplus(config-if

Chapter 4: Basic Command Line Management Commands102ENDSyntaxendParametersNoneModeAll modes below the Global Configuration mode.DescriptionUse this co

Chapter 67: MAC Address-based Port Security1020Enabling MAC Address-based Security on PortsAfter you have configured a port for MAC address-based secu

AT-FS970M Switch Command Line User’s Guide1021Disabling MAC Address-based Security on PortsTo remove MAC address-based security from ports, use the NO

Chapter 67: MAC Address-based Port Security1022Displaying Port SettingsThere are two commands that display information about the MAC address-based por

AT-FS970M Switch Command Line User’s Guide1023Figure 180 is an example of the information.Figure 180. Example of SHOW PORT-SECURITY INTRUSION INTERFAC

Chapter 67: MAC Address-based Port Security1024

1025Chapter 68MAC Address-based Port Security CommandsThe MAC address-based port security commands are summarized in Table 108 and described in detail

Chapter 68: MAC Address-based Port Security Commands1026NO SWITCHPORT PORT-SECURITYSyntaxno switchport port-securityParametersNoneModePort Interface m

AT-FS970M Switch Command Line User’s Guide1027NO SWITCHPORT PORT-SECURITY AGINGSyntaxno switchport port-security agingParametersNoneModePort Interface

Chapter 68: MAC Address-based Port Security Commands1028SHOW PORT-SECURITY INTERFACESyntaxshow port-security interface portParametersportSpecifies the

AT-FS970M Switch Command Line User’s Guide1029Port Status The status of the port. The status can be Enabled or Disabled. A port that has a status of E

AT-FS970M Switch Command Line User’s Guide103EXITSyntaxexitParametersNoneModeAll modesDescriptionUse this command to move down one mode in the mode hi

Chapter 68: MAC Address-based Port Security Commands1030ExampleThis example displays the port security settings for ports 5 to 8:awplus# show port-sec

AT-FS970M Switch Command Line User’s Guide1031SHOW PORT-SECURITY INTRUSION INTERFACESyntaxshow port-security intrusion interface portParameterportSpec

Chapter 68: MAC Address-based Port Security Commands1032Figure 183. Example of SHOW PORT-SECURITY INTRUSION INTERFACE CommandPort Security Intrusion L

AT-FS970M Switch Command Line User’s Guide1033SWITCHPORT PORT-SECURITYSyntaxswitchport port-securityParametersNoneModePort Interface modeDescriptionUs

Chapter 68: MAC Address-based Port Security Commands1034SWITCHPORT PORT-SECURITY AGINGSyntaxswitchport port-security agingParametersNoneModePort Inter

AT-FS970M Switch Command Line User’s Guide1035SWITCHPORT PORT-SECURITY MAXIMUMSyntaxswitchport port-security maximum valueParametersvalueSpecifies the

Chapter 68: MAC Address-based Port Security Commands1036SWITCHPORT PORT-SECURITY VIOLATIONSyntaxswitchport port-security violation protect|restrict|sh

AT-FS970M Switch Command Line User’s Guide1037This example sets the intrusion action for ports 22 to 24 to restrict. After learning their maximum numb

Chapter 68: MAC Address-based Port Security Commands1038

1039Chapter 69802.1x Port-based Network Access ControlThis chapter contains the following topics: “Overview” on page 1040 “Authentication Process” o

Chapter 4: Basic Command Line Management Commands104LENGTHSyntaxlength valueParametersvalueSpecifies the maximum number of lines that the SHOW command

Chapter 69: 802.1x Port-based Network Access Control1040OverviewThis chapter explains 802.1x port-based network access control. This port security fea

AT-FS970M Switch Command Line User’s Guide1041Authentication ProcessBelow is a brief overview of the authentication process that occurs between a supp

Chapter 69: 802.1x Port-based Network Access Control1042Port RolesPart of the task to implementing this feature is specifying the roles of the ports o

AT-FS970M Switch Command Line User’s Guide1043Figure 184. Example of the Supplicant Role

Chapter 69: 802.1x Port-based Network Access Control1044Authentication Methods for Authenticator PortsAuthenticator ports support two authentication m

AT-FS970M Switch Command Line User’s Guide1045Operational Settings for Authenticator PortsAn authenticator port can have one of three possible operati

Chapter 69: 802.1x Port-based Network Access Control1046Operating Modes for Authenticator PortsAuthenticator ports have three modes: Single-host mode

AT-FS970M Switch Command Line User’s Guide1047Note, however, that should the supplicant who performed the initial logon fail to periodically reauthent

Chapter 69: 802.1x Port-based Network Access Control1048Multi-SupplicantModeThis mode authenticates all the supplicants on an authenticator port. This

AT-FS970M Switch Command Line User’s Guide1049Figure 187. Multi-Supplicant Mode

AT-FS970M Switch Command Line User’s Guide105This example returns the number of lines to the default setting for local management sessions:awplus>

Chapter 69: 802.1x Port-based Network Access Control1050Supplicant and VLAN AssociationsOne of the challenges to managing a network is accommodating e

AT-FS970M Switch Command Line User’s Guide1051Single-Host Mode Here are the operating characteristics for the switch when an authenticator port is set

Chapter 69: 802.1x Port-based Network Access Control1052Enabled for multi dynamic VLAN creation - AUTH DYNAMIC-VLAN-CREATION MULTIIf dynamic VLAN crea

AT-FS970M Switch Command Line User’s Guide1053Guest VLANAn authenticator port in the unauthorized state typically accepts and transmits only 802.1x pa

Chapter 69: 802.1x Port-based Network Access Control1054GuidelinesHere are the general guidelines to this feature: Ports operating under port-based a

AT-FS970M Switch Command Line User’s Guide1055 You cannot change the untagged VLAN assignment of a port after it has been designated as an authentica

Chapter 69: 802.1x Port-based Network Access Control1056Enabling 802.1x Port-Based Network Access Control on the SwitchTo activate 802.1x Port-based N

AT-FS970M Switch Command Line User’s Guide1057Configuring Authenticator PortsDesignatingAuthenticatorPortsYou have to designate ports as authenticator

Chapter 69: 802.1x Port-based Network Access Control1058awplus> enableawplus# configure terminalawplus(config)# interface port1.0.12awplus(config-i

AT-FS970M Switch Command Line User’s Guide1059This example configures port 1.0.8 to use the multi-host mode so that it forwards traffic from all suppl

Chapter 4: Basic Command Line Management Commands106LOGOUTSyntaxlogoutParametersNoneModeUser Exec and Privileged Exec modesDescriptionUse this command

Chapter 69: 802.1x Port-based Network Access Control1060Configuring ReauthenticationTable 110 lists the commands in the Port Interface mode for config

AT-FS970M Switch Command Line User’s Guide1061Removing Ports from the Authenticator RoleTo remove ports from the authenticator role so that they forwa

Chapter 69: 802.1x Port-based Network Access Control1062Configuring Supplicant PortsThis section reviews the commands for configuring supplicant ports

AT-FS970M Switch Command Line User’s Guide1063NotePorts have to be set to the supplicant mode with the DOT1X PORT-CONTROL SUPPLICANT command before yo

Chapter 69: 802.1x Port-based Network Access Control1064NoteThe management software does not have a separate SHOW command for displaying the settings

AT-FS970M Switch Command Line User’s Guide1065Disabling 802.1x Port-Based Network Access Control on the SwitchTo disable 802.1x port-based network acc

Chapter 69: 802.1x Port-based Network Access Control1066Displaying Authenticator PortsTo view the settings of authenticator ports on the switch, use t

AT-FS970M Switch Command Line User’s Guide1067Displaying EAP Packet StatisticsTo display EAP packet statistics of authenticator ports, use the SHOW DO

Chapter 69: 802.1x Port-based Network Access Control1068

1069Chapter 70802.1x Port-based Network Access Control CommandsThe 802.1x port-based network access control commands are summarized in Table 113 and d

AT-FS970M Switch Command Line User’s Guide107QUITSyntaxquitParametersNoneModeAll modes except the User Exec and Privileged Exec modes.DescriptionUse t

Chapter 70: 802.1x Port-based Network Access Control Commands1070“AUTH-MAC REAUTH-RELEARNING” on page 1085Port Interface Sets the MAC address learning

AT-FS970M Switch Command Line User’s Guide1071“DOT1X SUPPLICANT-PARAMS MAX-START” on page 1098Port Interface Specifies the maximum number of times a s

Chapter 70: 802.1x Port-based Network Access Control Commands1072“SHOW DOT1X” on page 1113 Privileged Exec Displays whether 802.1x port-based network

AT-FS970M Switch Command Line User’s Guide1073AAA AUTHENTICATION DOT1X DEFAULT GROUP RADIUSSyntaxaaa authentication dot1x default group radiusParamete

Chapter 70: 802.1x Port-based Network Access Control Commands1074AUTH DYNAMIC-VLAN-CREATIONSyntaxauth dynamic-vlan-creation single| multiParameterssin

AT-FS970M Switch Command Line User’s Guide1075This example activates multiple dynamic VLAN assignment on authenticator port 1.0.4.awplus> enableawp

Chapter 70: 802.1x Port-based Network Access Control Commands1076AUTH GUEST-VLANSyntaxauth guest-vlan vidParametersvidSpecifies the ID number of a VLA

AT-FS970M Switch Command Line User’s Guide1077AUTH HOST-MODESyntaxauth host-mode single-host| multi-host| multi-supplicantParameterssingle-hostSpecifi

Chapter 70: 802.1x Port-based Network Access Control Commands1078This example configures authenticator port 1.0.8 to the multi-host operating mode, so

AT-FS970M Switch Command Line User’s Guide1079AUTH REAUTHENTICATIONSyntaxauth reauthenticationParametersNoneModePort Interface modeDescriptionUse this

Chapter 4: Basic Command Line Management Commands108WRITESyntaxwriteParametersNoneModePrivileged Exec modeDescriptionUse this command to update the ac

Chapter 70: 802.1x Port-based Network Access Control Commands1080AUTH TIMEOUT QUIET-PERIODSyntaxauth timeout quiet-period valueParametersquiet-periodS

AT-FS970M Switch Command Line User’s Guide1081AUTH TIMEOUT REAUTH-PERIODSyntaxauth timeout reauth-period valueParametersreauth-periodSpecifies the tim

Chapter 70: 802.1x Port-based Network Access Control Commands1082AUTH TIMEOUT SERVER-TIMEOUTSyntaxauth timeout server-timeout valueParametersserver-ti

AT-FS970M Switch Command Line User’s Guide1083AUTH TIMEOUT SUPP-TIMEOUTSyntaxauth timeout supp-timeout valueParameterssupp-timeoutSets the switch-to-s

Chapter 70: 802.1x Port-based Network Access Control Commands1084AUTH-MAC ENABLESyntaxauth-mac enableParametersNoneModePort Interface modeDescriptionU

AT-FS970M Switch Command Line User’s Guide1085AUTH-MAC REAUTH-RELEARNINGSyntaxauth-mac reauth-relearningParametersNoneModePort Interface modeDescripti

Chapter 70: 802.1x Port-based Network Access Control Commands1086DOT1X CONTROL-DIRECTIONSyntaxdot1x control-direction in|bothParametersinDiscard recei

AT-FS970M Switch Command Line User’s Guide1087awplus> enableawplus# configure terminalawplus(config)# interface port1.0.2awplus(config-if)# dot1x c

Chapter 70: 802.1x Port-based Network Access Control Commands1088DOT1X EAPSyntaxdot1x eap discard|forward|forward-untagged-vlan|forward-vlanParameters

AT-FS970M Switch Command Line User’s Guide1089This example configures the switch to discard all EAP packets when 802.1x authentication is disabled:awp

109Chapter 5Temperature and Fan Control Overview “Overview” on page 110 “Displaying the System Environmental Status” on page 111 “Controlling Eco-M

Chapter 70: 802.1x Port-based Network Access Control Commands1090DOT1X INITIALIZE INTERFACESyntaxdot1x initialize interface portParametersportSpecifie

AT-FS970M Switch Command Line User’s Guide1091DOT1X MAX-REAUTH-REQSyntaxdot1x max-reauth-req valueParametersmax-reauth-reqSpecifies the maximum number

Chapter 70: 802.1x Port-based Network Access Control Commands1092DOT1X PORT-CONTROL AUTOSyntaxdot1x port-control autoParametersNoneModePort Interface

AT-FS970M Switch Command Line User’s Guide1093DOT1X PORT-CONTROL FORCE-AUTHORIZEDSyntaxdot1x port-control force-authorizedParametersNoneModePort Inter

Chapter 70: 802.1x Port-based Network Access Control Commands1094DOT1X PORT-CONTROL FORCE-UNAUTHORIZEDSyntaxdot1x port-control force-unauthorizedParam

AT-FS970M Switch Command Line User’s Guide1095DOT1X PORT-CONTROL SUPPLICANTSyntaxdot1x port-control supplicantParametersNoneModePort Interface modeDes

Chapter 70: 802.1x Port-based Network Access Control Commands1096DOT1X SUPPLICANT-PARAMS AUTH-PERIODSyntaxdot1x supplicant-params auth-period valuePar

AT-FS970M Switch Command Line User’s Guide1097DOT1X SUPPLICANT-PARAMS HELD-PERIODSyntaxdot1x supplicant-params held-period valueParametersvalueSpecifi

Chapter 70: 802.1x Port-based Network Access Control Commands1098DOT1X SUPPLICANT-PARAMS MAX-STARTSyntaxdot1x supplicant-params max-start valueParamet

AT-FS970M Switch Command Line User’s Guide1099DOT1X SUPPLICANT-PARAMS PASSWORDSyntaxdot1x supplicant-params password valueParametersvalueAssigns passw

AT-FS970M Switch Command Line User’s Guide11SHOW ESTACK...

Chapter 5: Temperature and Fan Control Overview110OverviewThe switch monitors the environmental status, such as temperature and voltage, and the statu

Chapter 70: 802.1x Port-based Network Access Control Commands1100DOT1X SUPPLICANT-PARAMS USERNAMESyntaxdot1x supplicant-params username usernameParame

AT-FS970M Switch Command Line User’s Guide1101DOT1X TIMEOUT TX-PERIODSyntaxdot1x timeout tx-period valueParametersvalueSets the number of seconds an a

Chapter 70: 802.1x Port-based Network Access Control Commands1102NO AAA AUTHENTICATION DOT1X DEFAULT GROUP RADIUSSyntaxno aaa authentication dot1x def

AT-FS970M Switch Command Line User’s Guide1103NO AUTH DYNAMIC-VLAN-CREATIONSyntaxno auth dynamic-vlan-creationParametersNoneModePort Interface modeDes

Chapter 70: 802.1x Port-based Network Access Control Commands1104NO AUTH GUEST-VLANSyntaxno auth guest-vlanParametersNoneModePort Interface modeDescri

AT-FS970M Switch Command Line User’s Guide1105NO AUTH REAUTHENTICATIONSyntaxno auth reauthenticationParametersNoneModePort Interface modeDescriptionUs

Chapter 70: 802.1x Port-based Network Access Control Commands1106NO AUTH-MAC ENABLESyntaxno auth-mac enableParametersNoneModePort Interface modeDescri

AT-FS970M Switch Command Line User’s Guide1107NO DOT1X PORT-CONTROLSyntaxno dot1x port-controlParametersNoneModePort Interface modeDescriptionUse this

Chapter 70: 802.1x Port-based Network Access Control Commands1108NO DOT1X PORT-CONTROL SUPPLICANTSyntaxno dot1x port-control supplicantParametersNoneM

AT-FS970M Switch Command Line User’s Guide1109SHOW AUTH-MAC INTERFACESyntaxshow auth-mac interface portParametersportSpecifies a port. You can display

AT-FS970M Switch Command Line User’s Guide111Displaying the System Environmental StatusThe switch monitors the environmental status of the switch and

Chapter 70: 802.1x Port-based Network Access Control Commands1110SHOW AUTH-MAC SESSIONSTATISTICS INTERFACESyntaxshow auth-mac sessionstatistics interf

AT-FS970M Switch Command Line User’s Guide1111SHOW AUTH-MAC STATISTICS INTERFACESyntaxshow auth-mac statistics interface portParametersportSpecifies a

Chapter 70: 802.1x Port-based Network Access Control Commands1112SHOW AUTH-MAC SUPPLICANT INTERFACESyntaxshow auth-mac supplicant interface portParame

AT-FS970M Switch Command Line User’s Guide1113SHOW DOT1XSyntaxshow dot1xParametersNoneModePrivileged Exec modeDescriptionUse this command to display w

Chapter 70: 802.1x Port-based Network Access Control Commands1114SHOW DOT1X INTERFACESyntaxshow dot1x interface portParametersportSpecifies a port. Yo

AT-FS970M Switch Command Line User’s Guide1115SHOW DOT1X STATISTICS INTERFACESyntaxshow dot1x statistics interface portParametersportSpecifies a port.

Chapter 70: 802.1x Port-based Network Access Control Commands1116SHOW DOT1X SUPPLICANT INTERFACESyntaxshow dot1x supplicant interface port [brief]Para

AT-FS970M Switch Command Line User’s Guide1117ExampleThis example displays the supplicant state of the authentication mode on ports 1.0.21 to 1.0.23:a

Chapter 70: 802.1x Port-based Network Access Control Commands1118

1119Section XSimple Network Management ProtocolsThis section contains the following chapters: Chapter 71, “SNMPv1 and SNMPv2c” on page 1121 Chapter

Chapter 5: Temperature and Fan Control Overview112Controlling Eco-Mode LEDAlliedWare Plus products provide an Eco-Mode LED control to conserve additio

1120

1121Chapter 71SNMPv1 and SNMPv2cThis chapter contains the following topics: “Overview” on page 1122 “Enabling SNMPv1 and SNMPv2c” on page 1124 “Cre

Chapter 71: SNMPv1 and SNMPv2c1122OverviewThe Simple Network Management Protocol (SNMP) is another way for you to monitor and configure the switch. Th

AT-FS970M Switch Command Line User’s Guide1123To configure the switch to send trap or inform messages, you have to add to one or more of the community

Chapter 71: SNMPv1 and SNMPv2c1124Enabling SNMPv1 and SNMPv2cTo enable SNMP on the switch, use the SNMP-SERVER command, found in the Global Configurat

AT-FS970M Switch Command Line User’s Guide1125Creating Community StringsTo create SNMPv1 and SNMPv2c community strings, use the SNMP-SERVER COMMUNITY

Chapter 71: SNMPv1 and SNMPv2c1126Adding or Removing IP Addresses of Trap or Inform ReceiversThe command to add IP addresses of trap or inform receive

AT-FS970M Switch Command Line User’s Guide1127This example assigns the IP address 143.154.76.17 as an inform message receiver to the community string

Chapter 71: SNMPv1 and SNMPv2c1128Deleting Community StringsTo delete community strings, use the NO SNMP-SERVER COMMUNITY command. Here is the format:

AT-FS970M Switch Command Line User’s Guide1129Disabling SNMPv1 and SNMPv2cTo disable SNMP on the switch, use the NO SNMP-SERVER command. You cannot re

113Chapter 6Temperature and Fan Control CommandsThe temperature and fan control commands are summarized in Table 6.Table 6. Temperature and Fan Contro

Chapter 71: SNMPv1 and SNMPv2c1130Displaying SNMPv1 and SNMPv2cTo learn whether SNMP is enabled or disabled on the switch, go to the Privileged Exec m

AT-FS970M Switch Command Line User’s Guide1131To view the trap and inform receivers assigned to the community strings, use the SHOW RUNNING-CONFIG SNM

Chapter 71: SNMPv1 and SNMPv2c1132

1133Chapter 72SNMPv1 and SNMPv2c CommandsThe SNMPv1 and SNMPv2c commands are summarized in Table 114 and described in detail within the chapter.Table

Chapter 72: SNMPv1 and SNMPv2c Commands1134“SHOW SNMP-SERVER VIEW” on page 1147Privileged Exec Displays the SNMP views.“SNMP-SERVER” on page 1148 Glob

AT-FS970M Switch Command Line User’s Guide1135NO SNMP-SERVERSyntaxno snmp-serverParametersNoneModeGlobal Configuration modeDescriptionUse this command

Chapter 72: SNMPv1 and SNMPv2c Commands1136NO SNMP-SERVER COMMUNITYSyntaxno snmp-server community communityParametercommunitySpecifies an SNMP communi

AT-FS970M Switch Command Line User’s Guide1137NO SNMP-SERVER ENABLE TRAPSyntaxno snmp-server enable trapParametersNoneModeGlobal Configuration modeDes

Chapter 72: SNMPv1 and SNMPv2c Commands1138NO SNMP-SERVER ENABLE TRAP AUTHSyntaxno snmp-server enable trap authParametersNoneModeGlobal Configuration

AT-FS970M Switch Command Line User’s Guide1139NO SNMP-SERVER HOSTSyntaxno snmp-server host ipaddress traps|informs version 1|2c community_stringParame

Chapter 6: Temperature and Fan Control Commands114ECOFRIENDLY LEDSyntaxecofriendly ledParametersNoneModeGlobal Configuration modeDescriptionUse this c

Chapter 72: SNMPv1 and SNMPv2c Commands1140ExamplesThis example removes the IPv4 address 115.124.187.4 of a trap receiver from the private community s

AT-FS970M Switch Command Line User’s Guide1141NO SNMP-SERVER VIEWSyntaxno snmp-server view viewname oidParametersviewnameSpecifies the name of the vie

Chapter 72: SNMPv1 and SNMPv2c Commands1142NO SNMP TRAP LINK-STATUSSyntaxno snmp trap link-statusParametersNoneModePort Interface modeDescriptionUse t

AT-FS970M Switch Command Line User’s Guide1143SHOW RUNNING-CONFIG SNMPSyntaxshow running-config snmpParametersNoneModePrivileged Exec modeDescriptionU

Chapter 72: SNMPv1 and SNMPv2c Commands1144SHOW SNMP-SERVERSyntaxshow snmp-serverParametersNoneModePrivileged Exec modeDescriptionUse this command to

AT-FS970M Switch Command Line User’s Guide1145SHOW SNMP-SERVER COMMUNITYSyntaxshow snmp-server communityParametersNoneModePrivileged Exec modeDescript

Chapter 72: SNMPv1 and SNMPv2c Commands1146ExampleThis example displays the SNMPv1 and SNMPv2c community strings:awplus# show snmp-server community

AT-FS970M Switch Command Line User’s Guide1147SHOW SNMP-SERVER VIEWSyntaxshow snmp-server viewParametersNoneModePrivileged Exec modeDescriptionUse thi

Chapter 72: SNMPv1 and SNMPv2c Commands1148SNMP-SERVERSyntaxsnmp-serverParametersNoneModeGlobal Configuration modeDescriptionUse this command to activ

AT-FS970M Switch Command Line User’s Guide1149SNMP-SERVER COMMUNITYSyntaxsnmp-server community community rw|roParameterscommunitySpecifies a new commu

AT-FS970M Switch Command Line User’s Guide115NO ECOFRIENDLY LEDSyntaxno ecofriendly ledParametersNoneModeGlobal Configuration modeDescriptionUse this

Chapter 72: SNMPv1 and SNMPv2c Commands1150SNMP-SERVER ENABLE TRAPSyntaxsnmp-server enable trapParametersNoneModeGlobal Configuration modeDescriptionU

AT-FS970M Switch Command Line User’s Guide1151SNMP-SERVER ENABLE TRAP AUTHSyntaxsnmp-server enable trap authParametersNoneModeGlobal Configuration mod

Chapter 72: SNMPv1 and SNMPv2c Commands1152SNMP-SERVER HOSTSyntaxsnmp-server host ipaddress traps|informs version 1|2c communityParametersipaddressSpe

AT-FS970M Switch Command Line User’s Guide1153ExamplesThis example assigns the IPv4 address 149.44.12.44 of a trap receiver to the private community s

Chapter 72: SNMPv1 and SNMPv2c Commands1154SNMP-SERVER VIEWSyntaxsnmp-server view viewname oid excluded|includedParametersviewnameSpecifies the name o

AT-FS970M Switch Command Line User’s Guide1155This example creates the new view “AlliedTelesis” that limits the available MIB objects to those in the

Chapter 72: SNMPv1 and SNMPv2c Commands1156SNMP TRAP LINK-STATUSSyntaxsnmp trap link-statusParametersNoneModePort Interface modeDescriptionUse this co

1157Chapter 73SNMPv3 CommandsThe SNMPv3 commands are summarized in Table 117 and described in detail within the chapter.Table 117. SNMPv3 CommandsComm

Chapter 73: SNMPv3 Commands1158“SNMP-SERVER GROUP” on page 1173Global ConfigurationCreates SNMPv3 groups.“SNMP-SERVER HOST” on page 1175Global Configu

AT-FS970M Switch Command Line User’s Guide1159NO SNMP-SERVERSyntaxno snmp-serverParametersNoneModeGlobal Configuration modeDescriptionUse this command

Chapter 6: Temperature and Fan Control Commands116SHOW ECOFRIENDLYSyntaxshow ecofriendlyParametersNoneModePrivileged Exec modeDescriptionUse this comm

Chapter 73: SNMPv3 Commands1160NO SNMP-SERVER ENGINEID LOCALSyntaxno snmp-server engineid localParametersNoneModeGlobal Configuration modeDescriptionU

AT-FS970M Switch Command Line User’s Guide1161NO SNMP-SERVER GROUPSyntaxno snmp-server group name noauth|auth|privParametersnameSpecifies the name of

Chapter 73: SNMPv3 Commands1162NO SNMP-SERVER HOSTSyntaxno snmp-server host ipaddress informs|traps v3 auth|noauth|priv usernameParametersipaddressSpe

AT-FS970M Switch Command Line User’s Guide1163ExampleThis example deletes the host entry with the IPv4 address 187.87.165.12. The user name associated

Chapter 73: SNMPv3 Commands1164NO SNMP-SERVER USERSyntaxno snmp-server user userParametersuserSpecifies the name of a user you want to delete from the

AT-FS970M Switch Command Line User’s Guide1165NO SNMP-SERVER VIEWSyntaxno snmp-server view view OIDParametersviewSpecifies the name of a view to be de

Chapter 73: SNMPv3 Commands1166SHOW SNMP-SERVERSyntaxshow snmp-serverParametersNoneModePrivileged Exec modeDescriptionUse this command to display the

AT-FS970M Switch Command Line User’s Guide1167SHOW SNMP-SERVER GROUPSyntaxshow snmp-server groupParametersNoneModePrivileged Exec modeDescriptionUse t

Chapter 73: SNMPv3 Commands1168SHOW SNMP-SERVER HOSTSyntaxshow snmp-server hostParametersNoneModePrivileged Exec modeDescriptionUse this command to di

AT-FS970M Switch Command Line User’s Guide1169SHOW SNMP-SERVER USERSyntaxshow snmp-server userParametersNoneModePrivileged Exec modeDescriptionUse thi

AT-FS970M Switch Command Line User’s Guide117SHOW SYSTEM ENVIRONMENTSyntaxshow system environmentParametersNoneModePrivileged Exec modeDescriptionUse

Chapter 73: SNMPv3 Commands1170SHOW SNMP-SERVER VIEWSyntaxshow snmp-server viewParameterNoneModePrivileged Exec modeDescriptionUse this command to dis

AT-FS970M Switch Command Line User’s Guide1171SNMP-SERVERSyntaxsnmp-serverParametersNoneModeGlobal Configuration modeDescriptionUse this command to ac

Chapter 73: SNMPv3 Commands1172SNMP-SERVER ENGINEID LOCALSyntaxsnmp-server engineid local engine-id|defaultParametersengine-idSpecifies the SNMPv3 eng

AT-FS970M Switch Command Line User’s Guide1173SNMP-SERVER GROUPSyntaxsnmp-server group name auth|noauth|priv read readview|write writeviewParametersna

Chapter 73: SNMPv3 Commands1174ExamplesThis example creates a group called “sta5west” with a minimum security level of privacy. The group has a read v

AT-FS970M Switch Command Line User’s Guide1175SNMP-SERVER HOSTSyntaxsnmp-server host ipaddress informs|traps version 3 auth|noauth|priv usernameParame

Chapter 73: SNMPv3 Commands1176ExampleThis example configures SNMPv3 to send trap messages to an end node with the IPv4 address 149.157.192.12. The us

AT-FS970M Switch Command Line User’s Guide1177SNMP-SERVER USERSyntaxsnmp-server user username groupname [auth sha|md5 auth_password] [priv des priv_pa

Chapter 73: SNMPv3 Commands1178 To create a user that has authentication but not privacy, include the AUTH keyword but not the PRIV keyword. To crea

AT-FS970M Switch Command Line User’s Guide1179SNMP-SERVER VIEWSyntaxsnmp-server view viewname oid excluded|includedParametersviewnameSpecifies the nam

Chapter 6: Temperature and Fan Control Commands118ExampleThe following example displays environmental information for the switch:awplus# show system e

Chapter 73: SNMPv3 Commands1180This example creates the new view “AlliedTelesis” that limits the available MIB objects to those in the OID 1.3.6.1.4.1

1181Section XINetwork ManagementThis section contains the following chapters: Chapter 74, “sFlow Agent” on page 1183 Chapter 75, “sFlow Agent Comman

1182

1183Chapter 74sFlow AgentThis chapter contains the following topics: “Overview” on page 1184 “Configuring the sFlow Agent” on page 1186 “Configurin

Chapter 74: sFlow Agent1184OverviewThe sFlow agent allows the switch to gather data about the traffic on the ports and to send the data to an sFlow co

AT-FS970M Switch Command Line User’s Guide1185 Number of ingress and egress packets with errors Number of ingress packets with unknown protocolsTo c

Chapter 74: sFlow Agent1186Configuring the sFlow AgentThe command for defining the IP address of the sFlow collector is the SFLOW COLLECTOR IP command

AT-FS970M Switch Command Line User’s Guide1187Configuring the PortsTo configure the ports so that their performance data is collected by the sFlow age

Chapter 74: sFlow Agent1188Configuring thePolling IntervalThe polling interval determines how frequently the agent queries the packet counters of the

AT-FS970M Switch Command Line User’s Guide1189Enabling the sFlow AgentUse the SFLOW ENABLE command in the Global Configuration mode to activate the sF

119Section IIBasic OperationsThis section contains the following chapters: Chapter 7, “Basic Switch Management” on page 121 Chapter 8, “Basic Switch

Chapter 74: sFlow Agent1190Disabling the sFlow AgentTo stop the sFlow agent from collecting performance data on the ports on the switch and from sendi

AT-FS970M Switch Command Line User’s Guide1191Displaying the sFlow AgentTo view the IP addresses and UDP port settings of the collectors as defined in

Chapter 74: sFlow Agent1192Configuration ExampleHere is an example of how to configure the sFlow agent. The IP address of the sFlow collector is 152.2

AT-FS970M Switch Command Line User’s Guide1193This last command activates the sFlow agent on the switch.Depending on the amount of traffic on the port

Chapter 74: sFlow Agent1194

1195Chapter 75sFlow Agent CommandsThe sFlow agent commands are summarized in Table 118 and described in detail within the chapter.Table 118. sFlow Age

Chapter 75: sFlow Agent Commands1196NO SFLOW COLLECTOR IPSyntaxno sflow collector ip ipaddressParametersipaddressSpecifies the IP address of an sFlow

AT-FS970M Switch Command Line User’s Guide1197NO SFLOW ENABLESyntaxno sflow enableParametersNoneModeGlobal Configuration modeDescriptionUse this comma

Chapter 75: sFlow Agent Commands1198SFLOW COLLECTOR IPSyntaxsflow collector ip ipaddress [port udp_port]ParametersipaddressSpecifies the IP address of

AT-FS970M Switch Command Line User’s Guide1199SFLOW ENABLESyntaxsflow enableParametersNoneModeGlobal Configuration modeDescriptionUse this command to

Contents12SERVICE DHCP-RELAY...

120

Chapter 75: sFlow Agent Commands1200SFLOW POLLING-INTERVALSyntaxsflow polling-interval polling-intervalParameterspolling-intervalSpecifies the maximum

AT-FS970M Switch Command Line User’s Guide1201This example removes sFlow monitoring on port 21 using the NO form of the command:awplus> enableawplu

Chapter 75: sFlow Agent Commands1202SFLOW SAMPLING-RATESyntaxsflow sampling-rate sampling-rateParameterssampling-rateSpecifies the sampling rate on a

AT-FS970M Switch Command Line User’s Guide1203This example disables packet sampling on port 7:awplus> enableawplus# configure terminalawplus(config

Chapter 75: sFlow Agent Commands1204SHOW SFLOWSyntaxshow sflow [database]ParametersNoneModePrivileged Exec modeDescriptionUse this command to display

AT-FS970M Switch Command Line User’s Guide1205The fields are described in Table 119.Table 119. SHOW SFLOW CommandParameter DescriptionNumber of Collec

Chapter 75: sFlow Agent Commands1206ExampleThis example displays the settings of the sFlow agent:awplus> enableawplus# show sflow

1207Chapter 76LLDP and LLDP-MEDThis chapter contains the following topics “Overview” on page 1208 “Enabling LLDP and LLDP-MED on the Switch” on page

Chapter 76: LLDP and LLDP-MED1208OverviewLink Layer Discovery Protocol (LLDP) and Link Layer Discovery Protocol for Media Endpoint Devices (LLDP-MED)

AT-FS970M Switch Command Line User’s Guide1209MandatoryLLDP TLVsMandatory LLDP TLVs are sent by default on ports that send TLVs. The TLVs are defined

121Chapter 7Basic Switch ManagementThis chapter contains the following: “Adding a Name to the Switch” on page 122 “Adding Contact and Location Infor

Chapter 76: LLDP and LLDP-MED1210System capabilities The device’s router and bridge functions, and whether or not these functions are currently enable

AT-FS970M Switch Command Line User’s Guide1211The switch does not verify whether a device connected to a port is LLDP-compatible prior to sending mand

Chapter 76: LLDP and LLDP-MED1212Location Location information configured for the port, in one or more of the following formats: Civic location Coor

AT-FS970M Switch Command Line User’s Guide1213Enabling LLDP and LLDP-MED on the SwitchTo enable LLDP and LLDP-MED on the switch, use the LLDP RUN comm

Chapter 76: LLDP and LLDP-MED1214Configuring Ports to Only Receive LLDP and LLDP-MED TLVsThis is the first in a series of examples that show how to co

AT-FS970M Switch Command Line User’s Guide1215Configuring Ports to Send Only Mandatory LLDP TLVsThis example illustrates how to configure the ports to

Chapter 76: LLDP and LLDP-MED1216Configuring Ports to Send Optional LLDP TLVsThis example illustrates how to configure the ports to send optional LLDP

AT-FS970M Switch Command Line User’s Guide1217Here are the commands to configure the ports to send the TLVs:awplus> enableEnter the Privileged Exec

Chapter 76: LLDP and LLDP-MED1218Configuring Ports to Send Optional LLDP-MED TLVsThis section explains how to configure the ports to send these option

AT-FS970M Switch Command Line User’s Guide1219awplus# show lldp interface port1.0.3,port1.0.4Use the SHOW LLDP INTERFACE command to confirm the config

Chapter 7: Basic Switch Management122Adding a Name to the SwitchThe switch will be easier to identify if you assign it a name. The switch displays its

Chapter 76: LLDP and LLDP-MED1220Configuring Ports to Send LLDP-MED Civic Location TLVsCivic location TLVs specify the physical addresses of network d

AT-FS970M Switch Command Line User’s Guide12213. Move to the Port Interface mode of the ports to which the entry is to be assigned. (A civic location

Chapter 76: LLDP and LLDP-MED1222This series of commands adds the new location entry to port 14 and configures the port to include the location TLV in

AT-FS970M Switch Command Line User’s Guide1223Configuring Ports to Send LLDP-MED Coordinate Location TLVsCoordinate location TLVs specify the location

Chapter 76: LLDP and LLDP-MED12243. Move to the Port Interface mode of the ports to which the entry is to be assigned. (A coordinate location entry ca

AT-FS970M Switch Command Line User’s Guide1225This series of commands adds the entry to port 15 and configures the port to include the TLV in its adve

Chapter 76: LLDP and LLDP-MED1226awplus# show location coord-location interface port1.0.15Use the SHOW LOCATION command to confirm the configuration.a

AT-FS970M Switch Command Line User’s Guide1227Configuring Ports to Send LLDP-MED ELIN Location TLVsThis type of TLV specifies the location of a networ

Chapter 76: LLDP and LLDP-MED1228This series of commands adds the entry to port 5 and configures the port to include the TLV in its advertisements:awp

AT-FS970M Switch Command Line User’s Guide1229Removing LLDP TLVs from PortsTo stop ports from sending optional LLDP TLVs, use this command:no lldp tlv

AT-FS970M Switch Command Line User’s Guide123Adding Contact and Location InformationThe commands for assigning the switch contact and location informa

Chapter 76: LLDP and LLDP-MED1230Removing LLDP-MED TLVs from PortsTo remove optional LLDP-MED TLVs from ports, use the NO LLDP MED-TLV-SELECT command:

AT-FS970M Switch Command Line User’s Guide1231Deleting LLDP-MED Location EntriesThe command for deleting LLDP-MED location entries from the switch is:

Chapter 76: LLDP and LLDP-MED1232Disabling LLDP and LLDP-MED on the SwitchTo disable LLDP and LLDP-MED on the switch, use the NO LLDP RUN command in t

AT-FS970M Switch Command Line User’s Guide1233Displaying General LLDP SettingsTo view the timers and other general LLDP and LLDP-MED settings, use the

Chapter 76: LLDP and LLDP-MED1234Displaying Port SettingsTo view the LLDP and LLDP-MED settings of the individual ports on the switch, use the SHOW LL

AT-FS970M Switch Command Line User’s Guide1235Displaying or Clearing Neighbor InformationThere are two commands for displaying the information the swi

Chapter 76: LLDP and LLDP-MED1236This example clears the information the switch has received from all the neighbors:awplus> enableawplus# clear lld

AT-FS970M Switch Command Line User’s Guide1237Displaying Port TLVsTo view the TLVs of the individual ports on the switch, use the SHOW LLDP LOCAL-INFO

Chapter 76: LLDP and LLDP-MED1238Displaying and Clearing StatisticsThe switch maintains LLDP and LLDP-MED performance statistics for the the individua

1239Chapter 77LLDP and LLDP-MED CommandsThe Link Layer Discovery Protocol commands are summarized in Table 126 and described in detail within the chap

Chapter 7: Basic Switch Management124Displaying Parameter SettingsTo display the current parameter settings on the switch, use the SHOW RUNNING-CONFIG

Chapter 77: LLDP and LLDP-MED Commands1240“LLDP NOTIFICATION-INTERVAL” on page 1254Global ConfigurationSets the notification interval, which is the mi

AT-FS970M Switch Command Line User’s Guide1241“NO LLDP MED-TLV-SELECT” on page 1271Port Interface Stops ports from transmitting specified LLDP-MED TLV

Chapter 77: LLDP and LLDP-MED Commands1242CLEAR LLDP STATISTICSSyntaxclear lldp statistics [interface port]ParametersportSpecifies a port. You can spe

AT-FS970M Switch Command Line User’s Guide1243CLEAR LLDP TABLESyntaxclear lldp table [interface port]ParametersportSpecifies a port. You can specify m

Chapter 77: LLDP and LLDP-MED Commands1244LLDP HOLDTIME-MULTIPLIERSyntaxlldp holdtime-multiplier holdtime-multiplierParametersholdtime-multiplierSpeci

AT-FS970M Switch Command Line User’s Guide1245LLDP LOCATIONSyntaxlldp location civic-location-id|coord-location-id|elin-location-id location_idParamet

Chapter 77: LLDP and LLDP-MED Commands1246This example adds the coordinate location ID 11 to port 2:awplus> enableawplus# configure terminalawplus(

AT-FS970M Switch Command Line User’s Guide1247LLDP MANAGEMENT-ADDRESSSyntaxlldp management-address ipaddressParametersipaddressSpecifies an IP address

Chapter 77: LLDP and LLDP-MED Commands1248ExamplesThis example configures port 2 to transmit the IP address 149.122.54.2 as its management IP address

AT-FS970M Switch Command Line User’s Guide1249LLDP MED-NOTIFICATIONSSyntaxlldp med-notificationsParametersNoneModePort Interface modeDescriptionUse th

AT-FS970M Switch Command Line User’s Guide125Manually Setting the Date and TimeTo manually set the date and time on the switch, use the CLOCK SET comm

Chapter 77: LLDP and LLDP-MED Commands1250LLDP MED-TLV-SELECTSyntaxlldp med-tlv-select capabilities|network-policy|location|power-management-ext|inven

AT-FS970M Switch Command Line User’s Guide1251ExamplesThis example configures ports 3 to 8 to send the inventory management TLV to their neighbors:awp

Chapter 77: LLDP and LLDP-MED Commands1252LLDP NON-STRICT-MED-TLV-ORDER-CHECKSyntaxlldp non-strict-med-tlv-order-checkParametersNoneModeGlobal Configu

AT-FS970M Switch Command Line User’s Guide1253LLDP NOTIFICATIONSSyntaxlldp notificationsParametersNoneModePort Interface modeDescriptionUse this comma

Chapter 77: LLDP and LLDP-MED Commands1254LLDP NOTIFICATION-INTERVALSyntaxlldp notification-interval intervalParametersintervalSpecifies the notificat

AT-FS970M Switch Command Line User’s Guide1255LLDP REINITSyntaxlldp reinit delayParametersdelaySpecifies the re-initialization delay value. The range

Chapter 77: LLDP and LLDP-MED Commands1256LLDP RUNSyntaxlldp runParametersNoneModeGlobal Configuration modeDescriptionUse this command to activate LLD

AT-FS970M Switch Command Line User’s Guide1257LLDP TIMERSyntaxlldp timer intervalParametersintervalSpecifies the transmit interval. The range is 5 to

Chapter 77: LLDP and LLDP-MED Commands1258LLDP TLV-SELECTSyntaxlldp tlv-select all|tlvParametersallConfigures a port to send all optional TLVs.tlvSpec

AT-FS970M Switch Command Line User’s Guide1259To remove optional TLVs from ports, refer to “NO LLDP TLV-SELECT” on page 1275.Confirmation Command“SHOW

Chapter 7: Basic Switch Management126Pinging Network DevicesIf the switch is unable to communicate with a network device, such as a syslog server or a

Chapter 77: LLDP and LLDP-MED Commands1260ExamplesThis example configures ports 3 to 5 to transmit all the optional LLDP TLVs:awplus> enableawplus#

AT-FS970M Switch Command Line User’s Guide1261LLDP TRANSMIT RECEIVESyntaxlldp transmit receive|transmitParameterstransmitConfigures ports to send LLDP

Chapter 77: LLDP and LLDP-MED Commands1262LLDP TX-DELAYSyntaxlldp tx-delay tx-delayParameterstx-delaySpecifies the transmission delay timer in seconds

AT-FS970M Switch Command Line User’s Guide1263LOCATION CIVIC-LOCATIONSyntaxlocation civic-location identifier id_numberParametersid_numberSpecifies an

Chapter 77: LLDP and LLDP-MED Commands1264Here are the guidelines to using the location parameters: The country parameter must be two uppercase chara

AT-FS970M Switch Command Line User’s Guide1265After you create a location entry, use “LLDP LOCATION” on page 1245 to assign the location entry to a po

Chapter 77: LLDP and LLDP-MED Commands1266LOCATION COORD-LOCATIONSyntaxlocation coordinate-location identifier id_numberParametersid_numberSpecifies a

AT-FS970M Switch Command Line User’s Guide1267This command is also used to remove parameter values from existing LLDP-MED coordinate location entries.

Chapter 77: LLDP and LLDP-MED Commands1268ExamplesThis example creates a new coordinate location entry with these specifications.ID number: 16Latitud

AT-FS970M Switch Command Line User’s Guide1269LOCATION ELIN-LOCATIONSyntaxlocation elin-location elin_id identifier id_numberParameterselin_idSpecifie

AT-FS970M Switch Command Line User’s Guide127Resetting the SwitchTo reset the switch, use either the REBOOT or RELOAD command in the Privileged Exec m

Chapter 77: LLDP and LLDP-MED Commands1270NO LLDP MED-NOTIFICATIONSSyntaxno lldp med-notificationsParametersNoneModePort Interface modeDescriptionUse

AT-FS970M Switch Command Line User’s Guide1271NO LLDP MED-TLV-SELECTSyntaxno lldp med-tlv-select capabilities|network-policy|location|power-management

Chapter 77: LLDP and LLDP-MED Commands1272ExamplesThis example stops port 8 from transmitting all LLDP-MED TLVs:awplus> enableawplus# configure ter

AT-FS970M Switch Command Line User’s Guide1273NO LLDP NOTIFICATIONSSyntaxno lldp notificationsParametersNoneModePort Interface modeDescriptionUse this

Chapter 77: LLDP and LLDP-MED Commands1274NO LLDP RUNSyntaxno lldp runParametersNoneModeGlobal Configuration modeDescriptionUse this command to disabl

AT-FS970M Switch Command Line User’s Guide1275NO LLDP TLV-SELECTSyntaxno lldp tlv-select all|tlvParametersallRemoves all optional LLDP TLVs from a por

Chapter 77: LLDP and LLDP-MED Commands1276NO LLDP TRANSMIT RECEIVESyntaxno lldp transmit|receiveParameterstransmitStops ports from sending LLDP and LL

AT-FS970M Switch Command Line User’s Guide1277NO LOCATIONSyntaxno location civic-location|coord-location|elin-location identifier id_numberParametersc

Chapter 77: LLDP and LLDP-MED Commands1278This example removes the ELIN location IDs 3 and 4:awplus> enableawplus# configure terminalawplus(config)

AT-FS970M Switch Command Line User’s Guide1279SHOW LLDPSyntaxshow lldpParametersNone.ModePrivileged Exec modeDescriptionUse this command to display ge

Chapter 7: Basic Switch Management128Restoring the Default Settings to the SwitchTo restore the default settings to the switch, delete or rename the a

Chapter 77: LLDP and LLDP-MED Commands1280ExampleThe following example displays general LLDP settings:awplus# show lldpHold-time Multiplier The holdti

AT-FS970M Switch Command Line User’s Guide1281SHOW LLDP INTERFACESyntaxshow lldp interface [port]ParametersportSpecifies a port, You can specify more

Chapter 77: LLDP and LLDP-MED Commands1282ExamplesThis example displays the LLDP settings for all the ports on the switch:awplus# show lldp interfaceT

AT-FS970M Switch Command Line User’s Guide1283SHOW LLDP LOCAL-INFO INTERFACESyntaxshow lldp local-info [interface port]ParametersportSpecifies a port,

Chapter 77: LLDP and LLDP-MED Commands1284Figure 214. SHOW LLDP LOCAL-INFO INTERFACE Command (continued)The fields are defined in Table 131 on page 12

AT-FS970M Switch Command Line User’s Guide1285SHOW LLDP NEIGHBORS DETAILSyntaxshow lldp neighbors detail [interface port]ParametersportSpecifies a por

Chapter 77: LLDP and LLDP-MED Commands1286Figure 216. SHOW LLDP NEIGHBORS DETAIL Command (continued)The information is explained in Table 131.LLDP-MED

AT-FS970M Switch Command Line User’s Guide1287System Capabilities (Enabled)The device’s functions, and whether or not these functions are currently en

Chapter 77: LLDP and LLDP-MED Commands1288Network Policy The network policy information configured on the port for connected media endpoint devices. T

AT-FS970M Switch Command Line User’s Guide1289ExamplesThis example displays the information from all of the neighbors on the switch:awplus# show lldp

AT-FS970M Switch Command Line User’s Guide129Another way to delete the file is with the ERASE STARTUP-CONFIG command, also in the Privileged Exec mode

Chapter 77: LLDP and LLDP-MED Commands1290SHOW LLDP NEIGHBORS INTERFACESyntaxshow lldp neighbors interface [port]ParametersportSpecifies a port. You c

AT-FS970M Switch Command Line User’s Guide1291ExamplesThis example displays a summary of the information from all the neighbors connected to the switc

Chapter 77: LLDP and LLDP-MED Commands1292SHOW LLDP STATISTICSSyntaxshow lldp statisticsParametersNoneModeUser Exec mode and Privileged Exec modeDescr

AT-FS970M Switch Command Line User’s Guide1293ExampleThe following example displays LLDP statistics for the switch:awplus# show lldp statisticsTLVs Un

Chapter 77: LLDP and LLDP-MED Commands1294SHOW LLDP STATISTICS INTERFACESyntaxshow lldp statistics interface [port]ParametersportSpecifies a port. You

AT-FS970M Switch Command Line User’s Guide1295ExamplesThis example displays the statistics for all the ports:awplus# show lldp statistics interfaceThi

Chapter 77: LLDP and LLDP-MED Commands1296SHOW LOCATIONSyntaxshow location civic-location|coord-location|elin-location [identifier id-number|interface

AT-FS970M Switch Command Line User’s Guide1297ExamplesThe following example displays all the civic location entries on the switch:awplus# show locatio

Chapter 77: LLDP and LLDP-MED Commands1298

1299Chapter 78Address Resolution Protocol (ARP)This chapter contains the following topics: “Overview” on page 1300 “Adding Static ARP Entries” on pa

AT-FS970M Switch Command Line User’s Guide13Chapter 36: File Transfer ...

Chapter 7: Basic Switch Management130Setting the Baud Rate of the Console PortThe Console port is used for local management of the switch. To set its

Chapter 78: Address Resolution Protocol (ARP)1300OverviewThe Address Resolution Protocol (ARP) is used to associate an IPv4 address with a MAC address

AT-FS970M Switch Command Line User’s Guide1301Adding Static ARP EntriesIn most cases, the ARP table can be populated dynamically; however, the switch

Chapter 78: Address Resolution Protocol (ARP)1302Deleting Static and Dynamic ARP EntriesThe ARP cache contains two types of ARP entries: dynamic and s

AT-FS970M Switch Command Line User’s Guide1303Displaying the ARP TableTo display the ARP table on the switch, use the SHOW ARP command in the User Exe

Chapter 78: Address Resolution Protocol (ARP)1304

1305Chapter 79Address Resolution Protocol (ARP) CommandsThe ARP commands are summarized in Table 137 and described in detail within the chapter.Table

Chapter 79: Address Resolution Protocol (ARP) Commands1306ARP Syntaxarp ipaddress macaddress port_numberParametersipaddressSpecifies the IP address of

AT-FS970M Switch Command Line User’s Guide1307ExampleThe following example creates an ARP entry for the IP address 192.168.1.3 and the MAC address 7a:

Chapter 79: Address Resolution Protocol (ARP) Commands1308CLEAR ARP-CACHESyntaxclear arp-cacheParametersNoneModesUser Exec mode and Privileged Exec mo

AT-FS970M Switch Command Line User’s Guide1309NO ARP (IP ADDRESS)Syntaxno arp ipaddressParametersipaddressSpecifies the IP address of a static ARP ent

AT-FS970M Switch Command Line User’s Guide131NoteThe baud rate is the only adjustable parameter on the Console port.For reference information, refer t

Chapter 79: Address Resolution Protocol (ARP) Commands1310SHOW ARPSyntaxshow arpParametersNoneModesUser Exec mode and Privileged Exec modeDescriptionU

AT-FS970M Switch Command Line User’s Guide1311ExampleThe following example displays the ARP entries in the ARP cache on the switch:awplus# show arpTyp

Chapter 79: Address Resolution Protocol (ARP) Commands1312

1313Chapter 80RMONThis chapter contains the following topics: “Overview” on page 1314 “RMON Port Statistics” on page 1315 “RMON Histories” on page

Chapter 80: RMON1314OverviewThe RMON (Remote MONitoring) MIB is used with SNMP applications to monitor the operations of network devices. The switch s

AT-FS970M Switch Command Line User’s Guide1315RMON Port StatisticsTo view port statistics using an SNMP program and the RMON section in the MIB, you m

Chapter 80: RMON1316awplus(config-if)# rmon collection stats 16awplus(config-if)# exitawplus(config)# interface port1.0.20awplus(config-if)# rmon coll

AT-FS970M Switch Command Line User’s Guide1317RMON HistoriesRMON histories are snapshots of port statistics. They are taken by the switch at predefine

Chapter 80: RMON1318snapshot every minute for five minutes on a port, you specify five buckets (one bucket for each minute) and an interval of sixty s

AT-FS970M Switch Command Line User’s Guide1319Here is an example of the information.Figure 224. SHOW RMON HISTORY CommandThe fields are defined in Tab

Chapter 7: Basic Switch Management132Configuring the Management Session TimersYou should always conclude a management session by logging off so that i

Chapter 80: RMON1320RMON AlarmsRMON alarms are used to generate alert messages when packet activity on designated ports rises above or falls below spe

AT-FS970M Switch Command Line User’s Guide1321The following sections explain how to create and manage the various elements of an alarm: “Creating RMO

Chapter 80: RMON1322The owner parameter is useful in situations where more than one person is managing the switch. You can use it to identify who crea

AT-FS970M Switch Command Line User’s Guide1323The range is 1 to 65535 seconds.The DELTA and ABSOLUTE parameters define the type of change that has to

Chapter 80: RMON1324The next series of steps creates the event, which enters a message in the event log whenever the thresholds are crossed:Here are t

AT-FS970M Switch Command Line User’s Guide1325Here are the steps to creating the alarm:Creating anAlarm - Example2This example creates an alarm that m

Chapter 80: RMON1326Phase 2: Adding the RMON Statistics Group to the PortThe steps here add a statistics group to port 20 so that the port statistics

AT-FS970M Switch Command Line User’s Guide1327Phase 3: Creating the EventThe event in this example is to send an SNMP trap and to log a message in the

Chapter 80: RMON1328awplus# show rmon alarmUse the SHOW RMON ALARM command to verify the new alarm.

1329Chapter 81RMON CommandsThe RMON commands are summarized in Table 140 and described in detail within the chapter.Table 140. RMON CommandsCommand Mo

AT-FS970M Switch Command Line User’s Guide133Both the first_line_id and the last_line_id parameters have value of 0 to 9. You can specify one VTY line

Chapter 81: RMON Commands1330“SHOW RMON HISTORY” on page 1350Privileged Exec Displays the RMON history groups that are assigned to the ports on the sw

AT-FS970M Switch Command Line User’s Guide1331NO RMON ALARMSyntaxno rmon alarm alarm_idParametersalarm_idSpecifies the ID number of the alarm you want

Chapter 81: RMON Commands1332NO RMON COLLECTION HISTORYSyntaxno rmon collection history collection_idParameterscollection_idSpecifies the ID number of

AT-FS970M Switch Command Line User’s Guide1333NO RMON COLLECTION STATSSyntaxno rmon collection stats stats_idParametersstats_idSpecifies the ID number

Chapter 81: RMON Commands1334NO RMON EVENTSyntaxno rmon event event_idParametersevent_idSpecifies the ID number of the event you want to delete from t

AT-FS970M Switch Command Line User’s Guide1335RMON ALARMSyntaxrmon alarm alarm_id oid.stats_id interval interval delta|absolute rising-threshold risin

Chapter 81: RMON Commands1336rising_event_idSpecifies the ID number of the event the switch is to perform when the falling threshold is crossed. The e

AT-FS970M Switch Command Line User’s Guide1337Confirmation Command“SHOW RMON ALARM” on page 1346ExampleThis example creates an RMON alarm that monitor

Chapter 81: RMON Commands1338RMON COLLECTION HISTORYSyntaxrmon collection history history_id [buckets buckets] [interval interval] [owner owner]Parame

AT-FS970M Switch Command Line User’s Guide1339RMON statistics histories are only viewable from an SNMP application program. There are no commands in t

Chapter 7: Basic Switch Management134Setting the Maximum Number of Manager SessionsThe switch supports up to three manager sessions simultaneously so

Chapter 81: RMON Commands1340RMON COLLECTION STATSSyntaxrmon collection stats stats_id [owner owner]Parametersstats_idSpecifies the ID number of a new

AT-FS970M Switch Command Line User’s Guide1341RMON EVENT LOGSyntaxrmon event event_id log description description [owner owner]Parametersevent_idSpeci

Chapter 81: RMON Commands1342RMON EVENT LOG TRAPSyntaxrmon event event_id log trap community_string [description description] [owner owner]Parameterse

AT-FS970M Switch Command Line User’s Guide1343ExampleThis example creates an event for RMON alarms with an ID of 2, a community string of “station43a,

Chapter 81: RMON Commands1344RMON EVENT TRAPSyntaxrmon event event_id trap community_string [description description] [owner owner]Parametersevent_idS

AT-FS970M Switch Command Line User’s Guide1345ExampleThe following example creates an event with an ID of 4, a community string of “st_west8,” and a d

Chapter 81: RMON Commands1346SHOW RMON ALARMSyntaxshow rmon alarmParametersNoneModePrivileged Exec modeDescriptionUse this command to display the RMON

AT-FS970M Switch Command Line User’s Guide1347The fields are described in Table 142.ExampleThe following example displays the RMON alarms on the switc

Chapter 81: RMON Commands1348SHOW RMON EVENTSyntaxshow rmon eventParametersNoneModePrivileged Exec modeDescriptionUse this command to display the RMON

AT-FS970M Switch Command Line User’s Guide1349ExampleThe following example displays the RMON events on the switch:awplus# show rmon eventEvent type (c

AT-FS970M Switch Command Line User’s Guide135Configuring the BannersThe switch has banner messages you may use to identify the switch or to display ot

Chapter 81: RMON Commands1350SHOW RMON HISTORYSyntaxshow rmon historyParametersNoneModePrivileged Exec modeDescriptionUse this command to display the

AT-FS970M Switch Command Line User’s Guide1351ExampleThe following example displays the history groups that are assigned to the ports on the switch:aw

Chapter 81: RMON Commands1352SHOW RMON STATISTICSSyntaxshow rmon statisticsParametersNoneModePrivileged Exec modeDescriptionUse this command to displa

1353Section XIIManagement SecurityThis section contains the following chapters: Chapter 82, “Local Manager Accounts” on page 1355 Chapter 83, “Local

1354

1355Chapter 82Local Manager AccountsThis chapter provides the following topics: “Overview” on page 1356 “Creating Local Manager Accounts” on page 13

Chapter 82: Local Manager Accounts1356OverviewEach AT-FS970M Series switch is pre-configured at the factory with one default manager account. The fact

AT-FS970M Switch Command Line User’s Guide1357Figure 229. Password Prompt for Command Mode RestrictionIf the manager enters the correct password, the

Chapter 82: Local Manager Accounts1358Password encryption is activated with the SERVICE PASSWORD-ENCRYPTION command and deactivated with the NO SERVIC

AT-FS970M Switch Command Line User’s Guide1359Creating Local Manager AccountsThe command for creating local manager accounts is the USERNAME command i

Chapter 7: Basic Switch Management136The commands for setting the banners are located in the Global Configuration mode with the exception of the SHOW

Chapter 82: Local Manager Accounts1360Passwords entered in encrypted form remain encrypted in the running configuration even if you disable password e

AT-FS970M Switch Command Line User’s Guide1361Deleting Local Manager AccountsTo delete local manager accounts from the switch, use the NO USERNAME com

Chapter 82: Local Manager Accounts1362Activating Command Mode Restriction and Creating the Special PasswordCommand mode restriction is a security feat

AT-FS970M Switch Command Line User’s Guide1363Deactivating Command Mode Restriction and Deleting the Special PasswordThe command for deactivating comm

Chapter 82: Local Manager Accounts1364Activating or Deactivating Password EncryptionPassword encryption controls the manner in which the switch stores

AT-FS970M Switch Command Line User’s Guide1365Displaying the Local Manager AccountsTo view the local accounts on the switch, use “SHOW RUNNING-CONFIG”

Chapter 82: Local Manager Accounts1366

1367Chapter 83Local Manager Account CommandsThe local manager account commands are summarized in Table 146 and described in detail within the chapter.

Chapter 83: Local Manager Account Commands1368ENABLE PASSWORDSyntaxenable password [8] passwordParameters8Specifies that the password is encrypted.pas

AT-FS970M Switch Command Line User’s Guide1369awplus> enableawplus# configure terminalawplus(config)# enable password 8 1255bbf963118fcf750aca356d3

AT-FS970M Switch Command Line User’s Guide137To remove messages without assigning new messages, use the NO versions of the commands. This example remo

Chapter 83: Local Manager Account Commands1370NO ENABLE PASSWORDSyntaxno enable passwordParametersNoneModeGlobal Configuration modeDescriptionUse this

AT-FS970M Switch Command Line User’s Guide1371NO SERVICE PASSWORD-ENCRYPTIONSyntaxno service password-encryptionParametersNoneModeGlobal Configuration

Chapter 83: Local Manager Account Commands1372NO USERNAMESyntaxno username nameParametersnameSpecifies the name of the manager account you want to del

AT-FS970M Switch Command Line User’s Guide1373SERVICE PASSWORD-ENCRYPTIONSyntaxservice password-encryptionParametersNoneModeGlobal Configuration modeD

Chapter 83: Local Manager Account Commands1374USERNAMESyntaxusername name privilege level password [8] passwordParametersnameSpecifies the name of a n

AT-FS970M Switch Command Line User’s Guide1375ExamplesThis example creates a manager account for the user, allen. The privilege level is 15 to give th

Chapter 83: Local Manager Account Commands1376

1377Chapter 84Telnet ServerThis chapter provides the following topics: “Overview” on page 1378 “Enabling the Telnet Server” on page 1379 “Disabling

Chapter 84: Telnet Server1378OverviewThe switch comes with a Telnet server so that you can remotely manage the device from Telnet clients on your netw

AT-FS970M Switch Command Line User’s Guide1379Enabling the Telnet ServerTo enable the server, go to the Global Configuration mode and issue the SERVIC

Chapter 7: Basic Switch Management138

Chapter 84: Telnet Server1380Disabling the Telnet ServerTo disable the Telnet server, use the NO SERVICE TELNET command in the Global Configuration mo

AT-FS970M Switch Command Line User’s Guide1381Displaying the Telnet ServerTo display the status of the Telnet server, use the SHOW TELNET command in t

Chapter 84: Telnet Server1382

1383Chapter 85Telnet Server CommandsThe Telnet server commands are summarized in Table 147 and described in detail within the chapter.Table 147. Telne

Chapter 85: Telnet Server Commands1384NO SERVICE TELNETSyntaxno service telnetParametersNoneModeGlobal Configuration modeDescriptionUse this command t

AT-FS970M Switch Command Line User’s Guide1385SERVICE TELNETSyntaxservice telnetParametersNoneModeGlobal Configuration modeDescriptionUse this command

Chapter 85: Telnet Server Commands1386SHOW TELNETSyntaxshow telnetParametersNoneModeUser Exec mode and Privileged Exec modeDescriptionUse this command

1387Chapter 86Telnet ClientThis chapter provides the following topics: “Overview” on page 1388 “Starting a Remote Management Session with the Telnet

Chapter 86: Telnet Client1388OverviewThe switch has a Telnet client. You may use the client to remotely manage other network devices from the switch.

AT-FS970M Switch Command Line User’s Guide1389Starting a Remote Management Session with the Telnet ClientHere are the steps to using the Telnet client

139Chapter 8Basic Switch Management CommandsThe basic switch management commands are summarized in Table 8.Table 8. Basic Switch Management CommandsCo

Chapter 86: Telnet Client1390

1391Chapter 87Telnet Client CommandsThe Telnet client commands are summarized in Table 148 and described in detail within the chapter.Table 148. Telne

Chapter 87: Telnet Client Commands1392TELNETSyntaxtelnet ipv4_address [port]Parametersipv4_addressSpecifies the IPv4 address of a remote device you wa

AT-FS970M Switch Command Line User’s Guide1393TELNET IPV6Syntaxtelnet ipv6 ipv6_address [port]Parametersipv6_addressSpecifies the IPv6 address of a re

Chapter 87: Telnet Client Commands1394

1395Chapter 88Secure Shell (SSH) ServerThis chapter provides the following topics: “Overview” on page 1396 “Support for SSH” on page 1397 “SSH and

Chapter 88: Secure Shell (SSH) Server1396OverviewThe Secure Shell (SSH) protocol is an alternative to the Telnet protocol for remote management of the

AT-FS970M Switch Command Line User’s Guide1397Support for SSHThe implementation of the SSH protocol on the switch is compliant with the SSH protocol v

Chapter 88: Secure Shell (SSH) Server1398 The SSH server uses protocol port 22. This parameter cannot be changed. If you are using the enhanced stac

AT-FS970M Switch Command Line User’s Guide1399SSH and Enhanced StackingThe switch allows for encrypted SSH management sessions between a management st

Contents14Chapter 42: DHCP Snooping Commands ...617ARP SE

Chapter 8: Basic Switch Management Commands140“REBOOT” on page 160 Privileged Exec Resets the switch.“RELOAD” on page 161 Privileged Exec Resets the s

Chapter 88: Secure Shell (SSH) Server1400Because enhanced stacking does not allow for SSH encrypted management sessions between a management station a

AT-FS970M Switch Command Line User’s Guide1401Creating the Encryption Key PairThe first step to using the SSH server on the switch for remote manageme

Chapter 88: Secure Shell (SSH) Server1402Enabling the SSH ServerThe switch does not allow you to enable the SSH server and begin remote management unt

AT-FS970M Switch Command Line User’s Guide1403Disabling the SSH ServerIf you decide that you want to disable the server because you do not want to rem

Chapter 88: Secure Shell (SSH) Server1404Deleting Encryption KeysTo delete encryption keys from the switch, use the CRYPTO KEY DESTROY HOSTKEY command

AT-FS970M Switch Command Line User’s Guide1405Displaying the SSH ServerTo display the current settings of the server, enter this command in the Privil

Chapter 88: Secure Shell (SSH) Server1406

1407Chapter 89SSH Server CommandsThe SSH server commands are summarized in Table 149 and described in detail within the chapter.Table 149. Secure Shel

Chapter 89: SSH Server Commands1408CRYPTO KEY DESTROY HOSTKEYSyntaxcrypto key destroy hostkey dsa|rsa|rsa1ParametersdsaDeletes the DSA key.rsaDeletes

AT-FS970M Switch Command Line User’s Guide1409This example deletes the RSA1 key:awplus> enableawplus# configure terminalawplus(config)# crypto key

AT-FS970M Switch Command Line User’s Guide141BANNER EXECSyntaxbanner execParametersNoneModeGlobal Configuration modeDescriptionUse this command to cre

Chapter 89: SSH Server Commands1410CRYPTO KEY GENERATE HOSTKEYSyntaxcrypto key generate hostkey dsa|rsa|rsa1 [value]ParametersdsaCreates a DSA key tha

AT-FS970M Switch Command Line User’s Guide1411NoteCreating a key is a very CPU intensive process for the switch. The switch does not stop forwarding n

Chapter 89: SSH Server Commands1412NO SERVICE SSHSyntaxno service sshParametersNoneModeGlobal Configuration modeDescriptionUse this command to disable

AT-FS970M Switch Command Line User’s Guide1413SERVICE SSHSyntaxservice sshParametersNoneModeGlobal Configuration modeDescriptionUse this command to en

Chapter 89: SSH Server Commands1414SHOW CRYPTO KEY HOSTKEYSyntaxshow crypto key hostkey [dsa|rsa|rsa1]ParametersdsaDisplays the DSA key.rsaDisplays th

AT-FS970M Switch Command Line User’s Guide1415SHOW SSH SERVERSyntaxshow ssh serverParametersNoneModesPrivileged Exec and Global Configuration modesDes

Chapter 89: SSH Server Commands1416

1417Chapter 90Non-secure HTTP Web Browser ServerThis chapter describes the following topics: “Overview” on page 1418 “Enabling the Web Browser Serve

Chapter 90: Non-secure HTTP Web Browser Server1418OverviewThe switch has a web browser server. The server is used to remotely manage the unit over the

AT-FS970M Switch Command Line User’s Guide1419Enabling the Web Browser ServerThe command to activate the web browser server for non-secure HTTP operat

Chapter 8: Basic Switch Management Commands142This example deletes the banner:awplus> enableawplus# configure terminalawplus(config)# no banner exe

Chapter 90: Non-secure HTTP Web Browser Server1420Setting the Protocol Port NumberThe default setting of port 80 for the protocol port of the HTTP web

AT-FS970M Switch Command Line User’s Guide1421Disabling the Web Browser ServerThe command to disable the HTTP server is the NO SERVICE HTTP command in

Chapter 90: Non-secure HTTP Web Browser Server1422Displaying the Web Browser ServerTo display whether the HTTP web server is enabled or disabled on th

1423Chapter 91Non-secure HTTP Web Browser Server CommandsThe non-secure HTTP web browser server commands are summarized in Table 150 and described in

Chapter 91: Non-secure HTTP Web Browser Server Commands1424SERVICE HTTPSyntaxservice httpParametersNoneModeGlobal Configuration modeDescriptionUse thi

AT-FS970M Switch Command Line User’s Guide1425IP HTTP PORTSyntaxip http port portParametersportSpecifies the TCP port number the HTTP web server liste

Chapter 91: Non-secure HTTP Web Browser Server Commands1426NO SERVICE HTTPSyntaxno http serverParametersNoneModeGlobal Configuration modeDescriptionUs

AT-FS970M Switch Command Line User’s Guide1427SHOW IP HTTPSyntaxshow ip httpParametersNoneModePrivileged Exec modeDescriptionUse this command to displ

Chapter 91: Non-secure HTTP Web Browser Server Commands1428

1429Chapter 92Secure HTTPS Web Browser ServerThis chapter describes the following topics: “Overview” on page 1430 “Creating a Self-signed Certificat

AT-FS970M Switch Command Line User’s Guide143BANNER LOGINSyntaxbanner loginParametersNoneModeGlobal Configuration modeDescriptionUse this command to c

Chapter 92: Secure HTTPS Web Browser Server1430OverviewThe switch has a web browser server for remote management of the unit with a web browser applic

AT-FS970M Switch Command Line User’s Guide1431Private CAs allow companies to keep track of the certificates and control access to various network devi

Chapter 92: Secure HTTPS Web Browser Server1432NoteIf the certificate will be issued by a private or public CA, you should check with the CA to see if

AT-FS970M Switch Command Line User’s Guide1433Creating a Self-signed CertificateHere are the main steps to configuring the switch for a self-signed ce

Chapter 92: Secure HTTPS Web Browser Server1434At this point, the switch, if it has a management IP address, is ready for remote management with a web

AT-FS970M Switch Command Line User’s Guide1435The switch is now ready for remote web browser management with HTTPS, provided that it has a management

Chapter 92: Secure HTTPS Web Browser Server1436Configuring the HTTPS Web Server for a Certificate Issued by a CAHere are the main steps to configuring

AT-FS970M Switch Command Line User’s Guide14377. Designate the new certificate from the CA as the active certificate on the switch with “IP HTTPS CERT

Chapter 92: Secure HTTPS Web Browser Server1438awplus(config)# crypto certificate 1 request 124.201.76.54 Production ABC_Industries San_Jose Californi

AT-FS970M Switch Command Line User’s Guide1439The switch, if it has a management IP address, is now ready for remote HTTPS web browser management. To

Chapter 8: Basic Switch Management Commands144This example removes the login banner:awplus> enableawplus# configure terminalawplus(config)# no bann

Chapter 92: Secure HTTPS Web Browser Server1440Enabling the Web Browser ServerThe command to activate the web browser server for secure HTTPS operatio

AT-FS970M Switch Command Line User’s Guide1441Disabling the Web Browser ServerThe command to disable the HTTPS mode is the NO SERVICE HTTPS command in

Chapter 92: Secure HTTPS Web Browser Server1442Displaying the Web Browser ServerTo display whether the HTTPS web server is enabled or disabled on the

1443Chapter 93Secure HTTPS Web Browser Server CommandsThe secure HTTPS web browser server commands are summarized in Table 151 and described in detail

Chapter 93: Secure HTTPS Web Browser Server Commands1444CRYPTO CERTIFICATE DESTROYSyntaxcrypto certificate id_number destroyParametersid_numberSpecifi

AT-FS970M Switch Command Line User’s Guide1445CRYPTO CERTIFICATE GENERATESyntaxcrypto certificate id_number generate length passphrase common_name org

Chapter 93: Secure HTTPS Web Browser Server Commands1446countrySpecifies the ISO 3166-1 initials of a country. This parameter must be two uppercase ch

AT-FS970M Switch Command Line User’s Guide1447 Organizational unit: Sales Organization: Jones_Industries Location: San_Jose State: California Cou

Chapter 93: Secure HTTPS Web Browser Server Commands1448CRYPTO CERTIFICATE IMPORTSyntaxcrypto certificate id_number importParametersid_numberSpecifies

AT-FS970M Switch Command Line User’s Guide1449CRYPTO CERTIFICATE REQUESTSyntaxcrypto certificate id_number request common_name organizational_unit org

AT-FS970M Switch Command Line User’s Guide145BANNER MOTDSyntaxbanner motdParametersNoneModeGlobal Configuration modeDescriptionUse this command to cre

Chapter 93: Secure HTTPS Web Browser Server Commands1450DescriptionUse this command to create certificate enrollment requests for submittal to public

AT-FS970M Switch Command Line User’s Guide1451SERVICE HTTPSSyntaxservice httpsParametersNoneModeGlobal Configuration modeDescriptionUse this command t

Chapter 93: Secure HTTPS Web Browser Server Commands1452IP HTTPS CERTIFICATESyntaxip https certificate id_numberParametersid_numberSpecifies a certifi

AT-FS970M Switch Command Line User’s Guide1453NO SERVICE HTTPSSyntaxno service httpsParametersNoneModeGlobal Configuration modeDescriptionUse this com

Chapter 93: Secure HTTPS Web Browser Server Commands1454SHOW CRYPTO CERTIFICATESyntaxshow crypto certificate id_numberParametersid_numberSpecifies a c

AT-FS970M Switch Command Line User’s Guide1455SHOW IP HTTPSSyntaxshow ip httpParametersNoneModePrivileged Exec modeDescriptionUse this command to disp

Chapter 93: Secure HTTPS Web Browser Server Commands1456ExampleThis example displays the status of the HTTPS server and basic information about the ce

1457Chapter 94RADIUS and TACACS+ ClientsThis chapter describes the following topics: “Overview” on page 1458 “Remote Manager Accounts” on page 1459

Chapter 94: RADIUS and TACACS+ Clients1458OverviewThe switch has RADIUS and TACACS+ clients for remote authentication. Here are the two features that

AT-FS970M Switch Command Line User’s Guide1459Remote Manager AccountsThe switch has one local manager account. The account is referred to as a local a

Chapter 8: Basic Switch Management Commands146This example removes the message-of-the-day banner:awplus> enableawplus# configure terminalawplus(con

Chapter 94: RADIUS and TACACS+ Clients1460the switch, the privilege level of an account is ignored and all accounts have access to the entire command

AT-FS970M Switch Command Line User’s Guide14614. Configure the RADIUS or TACACS+ client on the switch by entering the IP addresses of up to three auth

Chapter 94: RADIUS and TACACS+ Clients1462Managing the RADIUS ClientThe following subsections describe how to manage the RADIUS client: “Adding IP Ad

AT-FS970M Switch Command Line User’s Guide1463The AUTH-PORT parameter specifies the UDP destination port for RADIUS authentication requests. If 0 is s

Chapter 94: RADIUS and TACACS+ Clients1464This example sets the RADIUS timeout to 15 seconds:awplus> enableawplus# configure terminalawplus(config)

AT-FS970M Switch Command Line User’s Guide1465Deleting ServerIP AddressesTo delete the IP address of a RADIUS server from the list of servers on the s

Chapter 94: RADIUS and TACACS+ Clients1466Managing the TACACS+ ClientThe following subsections describe how to manage the TACACS+ client: “Adding IP

AT-FS970M Switch Command Line User’s Guide1467This example adds the IP address 115.16.172.54 as a TACACS+ authentication server at the bottom of the l

Chapter 94: RADIUS and TACACS+ Clients1468Deleting IPAddresses ofTACACS+ServersTo delete the IP address of a TACACS+ server from the client on the swi

AT-FS970M Switch Command Line User’s Guide1469Configuring Remote Authentication of Manager AccountsCheck that you performed the following steps before

AT-FS970M Switch Command Line User’s Guide147BAUD-RATE SETSyntaxbaud-rate set 1200|2400|4800|9600|19200|38400|57600|115200ParametersNoneModeGlobal Con

Chapter 94: RADIUS and TACACS+ Clients1470uses for remote Telnet and SSH sessions. (For background information, refer to “VTY Lines” on page 77.)Toggl

AT-FS970M Switch Command Line User’s Guide1471The LINE_ID parameter has a range of 0 to 9. The following example of the command toggles off remote aut

Chapter 94: RADIUS and TACACS+ Clients1472

1473Chapter 95RADIUS and TACACS+ Client CommandsThe commands for the RADIUS and TACACS+ clients are summarized in Table 153 and described in detail wi

Chapter 95: RADIUS and TACACS+ Client Commands1474“RADIUS-SERVER TIMEOUT” on page 1491Global ConfigurationSpecifies the maximum amount of time the RAD

AT-FS970M Switch Command Line User’s Guide1475AAA ACCOUNTING LOGINSyntaxaaa accounting login default start-stop|stop-only|none group radius|tacacs Par

Chapter 95: RADIUS and TACACS+ Client Commands1476Confirmation Commands“SHOW RADIUS” on page 1492“SHOW TACACS” on page 1494ExamplesTo configure RADIUS

AT-FS970M Switch Command Line User’s Guide1477AAA AUTHENTICATION ENABLE (TACACS+)Syntaxaaa authentication enable default group tacacs [local]Parameter

Chapter 95: RADIUS and TACACS+ Client Commands1478command is attempted if a TACACS+ server is not available, use the following commands:awplus> ena

AT-FS970M Switch Command Line User’s Guide1479AAA AUTHENTICATION LOGINSyntaxaaa authentication login default [group radius|tacacs] [local]Parametersde

Chapter 8: Basic Switch Management Commands148CLOCK SETSyntaxclock set hh:mm:ss dd mmm yyyyParametershh:mm:ssSpecifies the hour, minute, and second fo

Chapter 95: RADIUS and TACACS+ Client Commands1480Confirmation Commands“SHOW RADIUS” on page 1492“SHOW TACACS” on page 1494ExamplesTo enable RADIUS se

AT-FS970M Switch Command Line User’s Guide1481IP RADIUS SOURCE-INTERFACESyntaxip radius source-interface Ipv4 Address | VIDParametersIpv4 AddressIndic

Chapter 95: RADIUS and TACACS+ Client Commands1482This example removes the RADIUS source IP address from the RADIUS client:awplus> enableawplus# co

AT-FS970M Switch Command Line User’s Guide1483LOGIN AUTHENTICATIONSyntaxlogin authenticationParametersNoneModesConsole Line and Virtual Terminal Line

Chapter 95: RADIUS and TACACS+ Client Commands1484This example activates remote authentication for remote Telnet and SSH management sessions that use

AT-FS970M Switch Command Line User’s Guide1485NO LOGIN AUTHENTICATIONSyntaxno login authenticationParametersNoneModesConsole Line and Virtual Terminal

Chapter 95: RADIUS and TACACS+ Client Commands1486NO RADIUS-SERVER HOSTSyntaxno radius-server host ipaddressParameteripaddressSpecifies an IP address

AT-FS970M Switch Command Line User’s Guide1487NO TACACS-SERVER HOSTSyntaxno tacacs-server host ipaddressParameteripaddressSpecifies an IP address of a

Chapter 95: RADIUS and TACACS+ Client Commands1488RADIUS-SERVER HOSTSyntaxradius-server host ipaddress [acct-port value] [auth-port value] [key value]

AT-FS970M Switch Command Line User’s Guide1489ExamplesThis example adds a RADIUS server with the IP address 176.225.15.23. The UDP port is 1811, and t

AT-FS970M Switch Command Line User’s Guide149ERASE STARTUP-CONFIGSyntaxerase startup-configParametersNoneModePrivileged Exec modeDescriptionUse this c

Chapter 95: RADIUS and TACACS+ Client Commands1490RADIUS-SERVER KEYSyntaxradius-server key valueParameterskeySpecifies the global encryption key of th

AT-FS970M Switch Command Line User’s Guide1491RADIUS-SERVER TIMEOUTSyntaxradius-server timeout valueParameterstimeoutSpecifies the maximum amount of t

Chapter 95: RADIUS and TACACS+ Client Commands1492SHOW RADIUSSyntaxshow radiusParametersNoneModesPrivileged Exec modeDescriptionUse this command to di

AT-FS970M Switch Command Line User’s Guide1493ExampleThis example displays the configuration of the RADIUS client:awplus# show radiusAccounting Port T

Chapter 95: RADIUS and TACACS+ Client Commands1494SHOW TACACSSyntaxshow tacacsParametersNoneModePrivileged Exec modeDescriptionUse this command to dis

AT-FS970M Switch Command Line User’s Guide1495ExampleThis example displays the configuration of the TACACS+ client on the switch:awplus# show tacacsSe

Chapter 95: RADIUS and TACACS+ Client Commands1496TACACS-SERVER HOSTSyntaxtacacs-server host ipaddress [key value]ParametershostSpecifies an IP addres

AT-FS970M Switch Command Line User’s Guide1497TACACS-SERVER KEYSyntaxtacacs-server key valueParametersvalueSpecifies the global encryption key of the

Chapter 95: RADIUS and TACACS+ Client Commands1498TACACS-SERVER TIMEOUTSyntaxtacacs-server timeout valueParameterstimeoutSpecifies the maximum amount

1499Section XIIIQuality of ServiceThis section contains the following chapters: Chapter 96, “Advanced Access Control Lists (ACLs)” on page 1501 Chap

AT-FS970M Switch Command Line User’s Guide15Displaying the Syslog Server Definitions ...

Chapter 8: Basic Switch Management Commands150EXEC-TIMEOUTSyntaxexec-timeout valueParametersexec-timeoutSpecifies the session timer in minutes. The ra

1500

1501Chapter 96Advanced Access Control Lists (ACLs)This chapter describes the following topics: “Overview” on page 1502 “Creating ACLs” on page 1505

Chapter 96: Advanced Access Control Lists (ACLs)1502OverviewAccess Control Lists (ACLs) act as filters to control the ingress packets on ports. They a

AT-FS970M Switch Command Line User’s Guide1503Actions The action defines the response to packets that match the filtering criterion of the ACL. There

Chapter 96: Advanced Access Control Lists (ACLs)1504Guidelines Here are the ACL guidelines: An ACL can have a permit, deny, or copy-to-mirror action.

AT-FS970M Switch Command Line User’s Guide1505Creating ACLsThis section provides examples of how to create all of the ACL types. See the following: “

Chapter 96: Advanced Access Control Lists (ACLs)1506Numbered IPv4 ACL with IP Packets ExamplesThis is the command format for creating ACLs that filter

AT-FS970M Switch Command Line User’s Guide1507 host ipaddress— Matches packets with a specified IPv4 address and is an alternative to the IPADRESS/MA

Chapter 96: Advanced Access Control Lists (ACLs)1508deny ACL for the denied traffic flow. This is illustrated in the example in Table 160 in which por

AT-FS970M Switch Command Line User’s Guide1509NoteThe permit ACLS are added to the ports before the deny ACL to ensure that packets are compared again

AT-FS970M Switch Command Line User’s Guide151This example sets the session timer for the first (vty 0) Telnet or SSH session to 5 minutes:awplus> e

Chapter 96: Advanced Access Control Lists (ACLs)1510Here is an example of an ACL that filters tagged packets. See Table 162. It blocks all tagged pack

AT-FS970M Switch Command Line User’s Guide1511is only necessary when you want a port to forward a subset of packets that are otherwise discarded. den

Chapter 96: Advanced Access Control Lists (ACLs)1512Numbered IPv4 ACL with Protocol Packets ExampleThis is the command format for creating Numbered IP

AT-FS970M Switch Command Line User’s Guide1513The VLAN parameter determines if an ACL filters VLANs. You use the parameter to specify the VID. You can

Chapter 96: Advanced Access Control Lists (ACLs)1514The SRC_IPADDRESS and DST_IPADDRESS parameters specify the source and destination IPv4 addresses.

AT-FS970M Switch Command Line User’s Guide1515The following example configures two Numbered IPv4 ACLs. ACL 3017 permits packets from TCP port 67 to 87

Chapter 96: Advanced Access Control Lists (ACLs)1516together with the port mirror feature, explained in Chapter 25, “Port Mirror” on page 443.The SRC_

AT-FS970M Switch Command Line User’s Guide1517The VLAN parameter determines if an ACL filters VLANs. You use the parameter to specify the VID. You can

Chapter 96: Advanced Access Control Lists (ACLs)1518 copy-to-mirror— Copies all ingress packets that match the ACL to the destination port of the mir

AT-FS970M Switch Command Line User’s Guide1519The example in Table 167 configures port 19 to reject packets containing destination MAC addresses start

Chapter 8: Basic Switch Management Commands152HELPSyntaxhelpParametersNoneModeAll modesDescriptionUse this command to learn how to use on-line help. E

Chapter 96: Advanced Access Control Lists (ACLs)1520This example creates a Named IPv4 ICMP ACL, called “icmppermit,” that permits ICMP packets from an

AT-FS970M Switch Command Line User’s Guide1521Creating NamedIPv6 AddressACLsThe Named IPv6 address ACLs are created with the IPv6 ACCESS-LIST commands

Chapter 96: Advanced Access Control Lists (ACLs)1522This example creates a protocol ACL, called “protocopytomirror,” that copies RDP packets (protocol

AT-FS970M Switch Command Line User’s Guide1523Assigning ACLs to PortsBefore you can assign an ACL to a port, you must first create an ACL. The command

Chapter 96: Advanced Access Control Lists (ACLs)1524In this example, ports 12 and 13 are assigned an ACL, ID number 3075, that blocks all untagged ing

AT-FS970M Switch Command Line User’s Guide1525Assigning NamedIPv4 ACLsTo assign a Named IPv4 ACL to a port on the switch, use the ACCESS-GROUP command

Chapter 96: Advanced Access Control Lists (ACLs)1526Assigning NamedIPv6 ACLsTo assign a Named IPv6 ACL to a port on the switch, use the IPV6 TRAFFIC-F

AT-FS970M Switch Command Line User’s Guide1527Removing ACLs from PortsThe command that you use to remove an ACL from a port depends on which type of A

Chapter 96: Advanced Access Control Lists (ACLs)1528This example removes a MAC ACL with an ID number of 4037 from port 5:Removing NamedIPv4 ACLsTo rem

AT-FS970M Switch Command Line User’s Guide1529The following example removes a Named IPv6 ACL called “icmpdeny” from port 17:Table 180. Removing Named

AT-FS970M Switch Command Line User’s Guide153HOSTNAMESyntaxhostname nameParametersnameSpecifies a name of up to 39 alphanumeric characters for the swi

Chapter 96: Advanced Access Control Lists (ACLs)1530Deleting ACLs from the SwitchThe command that you use to delete an ACL from the switch depends on

AT-FS970M Switch Command Line User’s Guide1531The following example deletes a MAC ACL with ID number 4415 from the switch:Deleting NamedIPv4 AddressAC

Chapter 96: Advanced Access Control Lists (ACLs)1532This example deletes a Named IPv6 address ACL with the list name “denytcp” from the switch:Table 1

AT-FS970M Switch Command Line User’s Guide1533Setting ACL Time RangesBy default, an ACL filter is effective immediately. However, if you want to set a

Chapter 96: Advanced Access Control Lists (ACLs)1534The following example creates a time range setting that starts on Mondays through Fridays from 7 a

AT-FS970M Switch Command Line User’s Guide1535Displaying the ACLsThere are several ways of displaying information about ACLs on the switch. For exampl

Chapter 96: Advanced Access Control Lists (ACLs)1536The following example displays the ACLs assigned to ports 1 to 5:awplus# show interface port1.0.1-

AT-FS970M Switch Command Line User’s Guide1537.Figure 248. SHOW TIME-RANGE Commandawplus# show time-rangeTime-Range t1absolute start 09:00:00 2 Januar

Chapter 96: Advanced Access Control Lists (ACLs)1538

1539Chapter 97ACL CommandsThe Access Control List (ACL) commands are summarized in Table 188 and described in detail within the chapter.Table 188. Acc

Chapter 8: Basic Switch Management Commands154LINE CONSOLESyntaxline console 0ParametersNoneModeGlobal Configuration modeDescriptionUse this command t

Chapter 97: ACL Commands1540“IP ACCESS-LIST (IP)” on page 1575 IP ACL Defines an ACL that filters IP packets based on source and destination IP addres

AT-FS970M Switch Command Line User’s Guide1541“NO ACCESS-LIST” on page 1612 Global ConfigurationDeletes ACLs from the switch.“NO ACCESS-GROUP” on page

Chapter 97: ACL Commands1542ABSOLUTE STARTSyntaxabsolute start <hours:minutes:seconds DD MM YYYY> end <hours:minutes:seconds DD MM YYYY>Pa

AT-FS970M Switch Command Line User’s Guide1543ExamplesThis example uses a time range called “February2012” that enables the permit or deny statement t

Chapter 97: ACL Commands1544ACCESS-CLASSSyntaxaccess-class <3000 - 3699>|<4000 - 4699>access-class <3000 - 3699>|<4000 - 4699>

AT-FS970M Switch Command Line User’s Guide1545ExampleThis example assigns the switch an IP address of 10.0.0.20/24. It creates a Numbered ACL with an

Chapter 97: ACL Commands1546ACCESS-GROUPSyntaxaccess-group id_numberaccess-group id_number|list_nameParametersid_numberSpecifies the ID number of an a

AT-FS970M Switch Command Line User’s Guide1547ExamplesThis example adds an IP ACL with an ID of 3022 to port 15:awplus> enableawplus# configure ter

Chapter 97: ACL Commands1548ACCESS-LIST (MAC Address)Syntaxaccess-list id_number action src_mac_address|any src_mac_mask dst_mac_address|any dst_mac_m

AT-FS970M Switch Command Line User’s Guide1549dst_mac_addressSpecifies the destination MAC address of the ingress packets. Choose from the following o

AT-FS970M Switch Command Line User’s Guide155LINE VTYSyntaxline vty first_line_id [last_line_id]Parametersfirst_line_idSpecifies the number of a VTY l

Chapter 97: ACL Commands1550awplus(config_if)# mac access-group 4002awplus(config_if)# mac access-group 4003awplus(config_if)# mac access-group 4011aw

AT-FS970M Switch Command Line User’s Guide1551ACCESS-LIST ICMPSyntaxaccess-list id_number action icmp src_ipaddress dst_ipaddress [vlan vid]Parameters

Chapter 97: ACL Commands1552ipaddress/mask: Matches packets that have a destination IP address of a specific subnet or end node. host ipaddress: Match

AT-FS970M Switch Command Line User’s Guide1553This example adds a deny access list to ports 4 and 5 to discard all untagged ingress packets that are I

Chapter 97: ACL Commands1554ACCESS-LIST IPSyntaxaccess-list id_number action ip src_ipaddress dst_ipaddress [vlan vid]Parametersid_numberSpecifies the

AT-FS970M Switch Command Line User’s Guide1555dst_ipaddress: Specifies the destination IP address of the ingress packets the access list should filter

Chapter 97: ACL Commands1556This example creates a deny access list, ID number 3095, that discards all untagged ingress packets that have destination

AT-FS970M Switch Command Line User’s Guide1557This example configures ports 22 and 23 to accept only untagged ingress packets containing destination a

Chapter 97: ACL Commands1558ACCESS-LIST PROTOSyntaxaccess-list id_number action proto protocol_number src_ipaddress dst_ipaddress [vlan vid]Parameters

AT-FS970M Switch Command Line User’s Guide1559dst_ipaddressSpecifies the destination IP address of the ingress packets the access list should filter.

Chapter 8: Basic Switch Management Commands156NO HOSTNAMESyntaxno hostnameParametersNoneModeGlobal Configuration modeDescriptionUse this command to de

Chapter 97: ACL Commands15609 IGP (Interior Gateway Protocol) (IANA)11 Network Voice Protocol (RFC741)17 UDP (User Datagram Protocol) (RFC768)20 Host

AT-FS970M Switch Command Line User’s Guide1561Confirmation Commands“SHOW ACCESS-LIST” on page 1619 and “SHOW INTERFACE ACCESS-GROUP” on page 1621Examp

Chapter 97: ACL Commands1562awplus(config_if)# access-group 3011awplus(config_if)# endawplus# show access-listawplus# show interface port1.0.5,port1.0

AT-FS970M Switch Command Line User’s Guide1563ACCESS-LIST TCPSyntaxaccess-list id_number action tcp src_ipaddress eq|lt|gt|ne|range src_tcp_port dst_i

Chapter 97: ACL Commands1564ltMatches packets that are less than the TCP port number specified by the SRC_TCP_PORT or DST_TCP_PORT parameter.gtMatches

AT-FS970M Switch Command Line User’s Guide1565ModeGlobal Configuration modeDescriptionUse this command to create access control lists that filter ingr

Chapter 97: ACL Commands1566This example creates an ACL that causes port 14 to discard all tagged ingress TCP packets with the VID 27, regardless of t

AT-FS970M Switch Command Line User’s Guide1567ACCESS-LIST UDPSyntaxaccess-list id_number action udp src_ipaddress eq|lt|gt|ne|range src_udp_port dst_i

Chapter 97: ACL Commands1568ltMatches packets that are less than the UDP port number specified by the SRC_UDP_PORT or DST_UDP_PORT parameter.gtMatches

AT-FS970M Switch Command Line User’s Guide1569ModeGlobal Configuration modeDescriptionUse this command to create access control lists that filter ingr

AT-FS970M Switch Command Line User’s Guide157PINGSyntaxping ipaddress|hostnameParametersipaddressSpecifies the IP address of the network device to rec

Chapter 97: ACL Commands1570This example defines an ACL that causes port 18 to discard all untagged ingress packets that have source and destination U

AT-FS970M Switch Command Line User’s Guide1571IP ACCESS-LIST Syntaxip access-list nameParametersnameSpecifies the name of the IP ACL.ModeGlobal Config

Chapter 97: ACL Commands1572IP ACCESS-LIST (ICMP)Syntaxaction deny|permit|copy-to-mirror icmp scr_ipaddress any|host dest_ipaddress any|host time-rang

AT-FS970M Switch Command Line User’s Guide1573For example, the subnet address 149.11.11.0 would have a mask of “24” for the twenty-four bits of the ne

Chapter 97: ACL Commands1574This example creates a Named ICMP ACL, called “icmpdeny,” that denies ICMP packets from source IP source address 190.155.2

AT-FS970M Switch Command Line User’s Guide1575IP ACCESS-LIST (IP)Syntaxaction deny|permit|copy-to-mirror ip scr_ipaddress any|host dest_ipaddress any|

Chapter 97: ACL Commands1576For example, the subnet address 149.11.11.0 would have a mask of “24” for the twenty-four bits of the network section of t

AT-FS970M Switch Command Line User’s Guide1577This example creates a Named IP ACL, called “ipdeny,” that denies ICMP packets from source IP address 19

Chapter 97: ACL Commands1578IP ACCESS-LIST (MAC)Syntaxaction deny|permit|copy-to-mirror mac scr_mac_address any|host dest_mac_address any|host [vlan v

AT-FS970M Switch Command Line User’s Guide1579dst_mac_addressSpecifies the destination MAC address of the ingress packets. Choose from the following o

Chapter 8: Basic Switch Management Commands158NoteThe switch sends the ICMP Echo Requests from the ports of the VLAN assigned the management IP addres

Chapter 97: ACL Commands1580ExamplesThis example creates a Named IP ACL, called “permitmac,” that permits packets from source MAC address 12:a3:4b:89:

AT-FS970M Switch Command Line User’s Guide1581IP ACCESS-LIST (PROTO)Syntaxaction deny|permit|copy-to-mirror proto protocol_number scr_ip_address any|h

Chapter 97: ACL Commands1582dest_ipaddressMaskSpecifies the destination IP address of the ingress packets the access list should filter. Choose from t

AT-FS970M Switch Command Line User’s Guide1583ExamplesThis example creates a Named IP ACL, called “permitproto8,” that permits all EGP packets (protoc

Chapter 97: ACL Commands1584IP ACCESS-LIST (TCP)Syntaxaction deny|permit|copy-to-mirror tcp scr_ipaddress any|host gt|lt|ne|range|eq src_tcp_port dest

AT-FS970M Switch Command Line User’s Guide1585gtMatches packets that are greater than the TCP port number specified by the src_ipaddress parameter.neM

Chapter 97: ACL Commands1586eqMatches packets that are equal to the TCP port number specified by the dest_ipaddress parameter.dst_tcp_portSpecifies th

AT-FS970M Switch Command Line User’s Guide1587This example creates a deny access list called “denytcp” that discards all tagged ingress TCP packets fr

Chapter 97: ACL Commands1588IP ACCESS-LIST (UDP)Syntaxaction deny|permit|copy-to-mirror udp scr_ipaddress any|host gt|lt|ne|range|eq src_upd_port dest

AT-FS970M Switch Command Line User’s Guide1589gtMatches packets that are greater than the TCP port number specified by the src_ipaddress parameter.neM

AT-FS970M Switch Command Line User’s Guide159PING IPv6Syntaxping ipv6 <ipv6-address> repeat <1-99> size <36-18024> Parametersipv6-ad

Chapter 97: ACL Commands1590eqMatches packets that are equal to the TCP port number specified by the dest_ipaddress parameter.dst_udp_portSpecifies th

AT-FS970M Switch Command Line User’s Guide1591This example discards tagged packets from UDP ports 67 to 87 if they are from the 154.11.234.0 network a

Chapter 97: ACL Commands1592IPV6 ACCESS-LISTSyntaxipv6 access-list <ipv6 access-list>Parametersipv6 access-listSpecifies the name of an IPv6 ACL

AT-FS970M Switch Command Line User’s Guide1593IPV6 ACCESS-LIST (ICMP)Syntaxaction deny|permit|copy-to-mirror icmp scr_ip_address any|host dest_ipaddre

Chapter 97: ACL Commands1594ipaddress/mask: Matches packets that have a destination IPv6 address of a subnet or an end node in the X:X::X:X/mask forma

AT-FS970M Switch Command Line User’s Guide1595ExamplesThis example creates an ICMP ACL called “icmpdeny1” that denies ICMP packets from any IPv6 sourc

Chapter 97: ACL Commands1596IPV6 ACCESS-LIST (IP)Syntaxaction deny|permit|copy-to-mirror ip scr_ip_address any|ipaddress|host dest_ipaddress any|ipadd

AT-FS970M Switch Command Line User’s Guide1597number of bits in the address, from left to right, that constitute the network portion of the address. T

Chapter 97: ACL Commands1598This example creates an IP ACL, called “ipdeny2,” that denies IP packets from IPv6 source address fe80::202:b3ff:fele:8329

AT-FS970M Switch Command Line User’s Guide1599IPV6 ACCESS-LIST (PROTO)Syntaxaction deny|permit|copy-to-mirror proto proto_type scr_ip_address any|ipad

Contents16Forwarding Delay and Topology Changes ...758Hell

Chapter 8: Basic Switch Management Commands160REBOOTSyntaxrebootParametersNoneModePrivileged Exec modeDescriptionUse this command to reset the switch.

Chapter 97: ACL Commands1600ipaddress/mask: Matches packets that have a destination IPv6 address of a subnet or an end node in the X:X::X:X/mask forma

AT-FS970M Switch Command Line User’s Guide16012001:0db8::a2:1c50/64 any awplus(config-ipv6-acl)# exitawplus(config)# interface port1.0.9awplus(config_

Chapter 97: ACL Commands1602IPV6 ACCESS-LIST (TCP)Syntaxaction deny|permit|copy-to-mirror tcp scr_ip_address any|host eq|lt|gt|ne src_tcp_port dest_ip

AT-FS970M Switch Command Line User’s Guide1603gtMatches packets that are greater than the TCP port number specified by the src_ipaddress parameter.neM

Chapter 97: ACL Commands1604eqMatches packets that are equal to the TCP port number specified by the dest_ipaddress parameter.dst_tcp_portSpecifies th

AT-FS970M Switch Command Line User’s Guide1605This example creates an ACL that discards all untagged ingress packets that have the source and destinat

Chapter 97: ACL Commands1606IPV6 ACCESS-LIST (UDP)Syntaxaction deny|permit|copy-to-mirror udp scr_ip_address any|host eq|lt|gt|ne|range dest_ipaddress

AT-FS970M Switch Command Line User’s Guide1607gtMatches packets that are greater than the UDP port number specified by the src_ipaddress parameter.neM

Chapter 97: ACL Commands1608time-rangeSpecifies the name of a time range that is created with the TIME-RANGE command. You must create a time range bef

AT-FS970M Switch Command Line User’s Guide1609This example discards tagged packets from UDP ports 67 to 87 if they are from the 154.11.234.0/64 networ

AT-FS970M Switch Command Line User’s Guide161RELOADSyntaxreloadParametersNoneModePrivileged Exec modeDescriptionUse this command to reset the switch.

Chapter 97: ACL Commands1610IPV6 TRAFFIC-FILTERSyntaxipv6 traffic-filter <ipv6_access_list>Parameters<ipv6_access_list>Specifies the name

AT-FS970M Switch Command Line User’s Guide1611MAC ACCESS-GROUPSyntaxmac access-group id_numberParametersid_numberSpecifies the ID number of a MAC addr

Chapter 97: ACL Commands1612NO ACCESS-LISTSyntaxno access-list id_numberParametersid_numberSpecifies the ID number of an access list you want to delet

AT-FS970M Switch Command Line User’s Guide1613NO ACCESS-GROUPSyntaxno access-group id_numberParametersid_numberSpecifies the ID number of an access li

Chapter 97: ACL Commands1614NO MAC ACCESS-GROUPSyntaxno mac access-group id_numberParametersid_numberSpecifies the ID number of a MAC address access l

AT-FS970M Switch Command Line User’s Guide1615PERIODICSyntaxperiodic day days-of-the-week time (hh:mm:ss) to day days-of-the-week time (hh:mm:ss) Para

Chapter 97: ACL Commands1616ExamplesThis example sets the date and time range from Monday at 12:01 am to Thursday at 4:00 pm:awplus> enableawplus#

AT-FS970M Switch Command Line User’s Guide1617PERIODIC (DAILY)Syntaxperiodic day (daily|weekdays|weekend) time (hh:mm:ss) to time (hh:mm:ss) Parameter

Chapter 97: ACL Commands1618This example sets the date and time range from 9 am Monday morning to 5 pm Friday evening:awplus> enableawplus# configu

AT-FS970M Switch Command Line User’s Guide1619SHOW ACCESS-LISTSyntaxshow access-list [<3000-3699>|<4000-4699>|<list-name>]Parameters

Chapter 8: Basic Switch Management Commands162SERVICE MAXMANAGERSyntaxservice maxmanager valueParametersvalueSpecifies the maximum number of manager s

Chapter 97: ACL Commands1620ExampleThis example displays Numbered IP, MAC, and Named IP ACLs:awplus# show access-listFigure 249. SHOW ACCESS-LIST Comm

AT-FS970M Switch Command Line User’s Guide1621SHOW INTERFACE ACCESS-GROUPSyntaxshow interface port access-groupParametersportSpecifies a port number.

Chapter 97: ACL Commands1622SHOW IPV6 ACCESS-LISTSyntaxshow ipv6 access-list <list-name>Parameters<list-name>Specifies the name of an IPv6

AT-FS970M Switch Command Line User’s Guide1623SHOW TIME-RANGESyntaxshow time-range ParametersNoneModePrivileged Exec modeDescriptionUse this command t

Chapter 97: ACL Commands1624TIME-RANGE Syntaxtime-range <time-range-name>Parameterstime-range-nameSpecifies a name of a time range.ModeGlobal Co

1625Chapter 98Quality of Service (QoS)This chapter describes the following topics: “Overview” on page 1626 “Enabling QoS on the Switch” on page 1628

Chapter 98: Quality of Service (QoS)1626OverviewQuality of Service (QoS) refers to the latency, bandwidth, jitter, and loss settings that high-bandwid

AT-FS970M Switch Command Line User’s Guide1627A twin-rate policer allows you to determine the CIR and CBS as well as two additional values: Peak Info

Chapter 98: Quality of Service (QoS)1628Enabling QoS on the SwitchBy default, the QoS feature is disabled on the switch. You must enable the QoS featu

AT-FS970M Switch Command Line User’s Guide1629Creating a Class MapTo define filtering criteria, you need to create a class map. You create a class map

AT-FS970M Switch Command Line User’s Guide163SHOW BANNER LOGINSyntaxshow banner login ParametersNoneModePrivileged Exec modeDescriptionUse this comman

Chapter 98: Quality of Service (QoS)1630NoteIf a conflict occurs between the settings in two class maps assigned to the same policy map, priority is g

AT-FS970M Switch Command Line User’s Guide1631number parameter allows you to add an access group to a class map by specifying an ACL number. For more

Chapter 98: Quality of Service (QoS)1632Adding a CoS Value to a Class MapChoosing the CoS value allows you to add the user priority level to a class m

AT-FS970M Switch Command Line User’s Guide1633Adding a DSCP Value to a Class MapYou can specify a DSCP value level of 0, which is the lowest priority,

Chapter 98: Quality of Service (QoS)1634Adding MAC-Type to a Class MapTo add the destination MAC address type, or MAC-type, to a class map, use the MA

AT-FS970M Switch Command Line User’s Guide1635Adding a TCP Flag to a Class MapTo set TCP flags for a class map which are used as matching criteria, us

Chapter 98: Quality of Service (QoS)1636Creating a Policy MapAfter you have created one or more class maps, you need to create a policy map which allo

AT-FS970M Switch Command Line User’s Guide1637Associating aClass Map With aPolicy MapTo associate a class map to a policy map, use the CLASS command.

Chapter 98: Quality of Service (QoS)1638Configuring Default Class MapsEach time you create a new policy map, a new class map called default is created

AT-FS970M Switch Command Line User’s Guide1639Prioritizing CoS and DSCP By default, the DSCP field in Layer 3 packets and the CoS field in Layer 2 fra

Chapter 8: Basic Switch Management Commands164SHOW BAUD-RATESyntaxshow baud-rateParametersNoneModeUser Exec mode and Privileged Exec modeDescriptionUs

Chapter 98: Quality of Service (QoS)1640Allied Telesis recommends using the default mappings listed in Table 207 on page 1639 and Table 208, “DSCP Def

AT-FS970M Switch Command Line User’s Guide1641Creating Single-rate and Twin-rate PolicersA policer can be used to meter the traffic classified by a cl

Chapter 98: Quality of Service (QoS)1642Creating a Single-rate PolicerThe following example configures a single-rate policer requiring traffic to conf

AT-FS970M Switch Command Line User’s Guide1643awplus(config-pmap-c)# police twin-rate 10000 2000 30000 50000 action policed-dscp-transmitConfigures a

Chapter 98: Quality of Service (QoS)1644Creating an Aggregate PolicerAn aggregate policer is a named policer with an aggregate name that you can assig

AT-FS970M Switch Command Line User’s Guide1645awplus mls qos aggregate-police policyagg1 single-rate 125 30000 60000 action policed-dscp-transmitCreat

Chapter 98: Quality of Service (QoS)1646awplus(config-pmap-c)# police aggregate policyagg1Associates an aggregate name “policyagg1” with class map “cm

AT-FS970M Switch Command Line User’s Guide1647Configuring the Egress QueuesThis section discusses a port’s egress queues, including how incoming data

Chapter 98: Quality of Service (QoS)1648Determining theEgress QueuesThere are eight egress queues allocated to each egress port. The egress queue that

AT-FS970M Switch Command Line User’s Guide1649The following example sets ingress traffic with a CoS value of 5 to egress on queue 7 of port 8:Table 21

AT-FS970M Switch Command Line User’s Guide165SHOW CLOCKSyntaxshow clockParametersNoneModesUser Exec modeDescriptionUse this command to display the sys

Chapter 98: Quality of Service (QoS)1650The following example sets ingress traffic with a DSCP value of 5 to egress on queue 7 of port 5:Table 217. Se

AT-FS970M Switch Command Line User’s Guide1651awplus# show mls qos maps dscp-queue interface port 1.0.5Displays the DSCP mapping for port 5. See below

Chapter 98: Quality of Service (QoS)1652The following example uses the SET QUEUE command to set the traffic classified by class map “cmap4” to queue 6

AT-FS970M Switch Command Line User’s Guide1653There are two commands that allow you to set egress queue shaping on a port. See Table 219.Both of these

Chapter 98: Quality of Service (QoS)1654awplus(config-if)# wrr-queue weight 15,14,13,12,11,10,9,8Sets port 17 to the Weighted Round Robin scheduling m

AT-FS970M Switch Command Line User’s Guide1655Enabling Auto-QoS Support on the SwitchNoteQoS and LLDP must be manually enabled globally before the Aut

Chapter 98: Quality of Service (QoS)1656Auto-QoS MacroExamplesYou can use the AUTO-QOS command to support a voice VLAN and optionally specify to trust

AT-FS970M Switch Command Line User’s Guide1657awplus (config)# mls qos map cos-queue 0 to 1Maps CoS priority 0 to egress queue 1.awplus (config)# mls

Chapter 98: Quality of Service (QoS)1658Auto-QoS with Trust DSCP Functionality and Voice VLAN Support In the following example, VLAN 100 becomes the v

AT-FS970M Switch Command Line User’s Guide1659Auto-QoS Functionality In the following example, the CoS value of ingress traffic is trusted:awplus>

Chapter 8: Basic Switch Management Commands166SHOW RUNNING-CONFIGSyntaxshow running-configParametersNoneModesPrivileged Exec modeDescriptionUse this c

Chapter 98: Quality of Service (QoS)1660Auto-QoS with Trust DSCP Functionality In the following example, VLAN 100 becomes the voice VLAN, and trust DS

AT-FS970M Switch Command Line User’s Guide1661Auto-QoS-MEDMacro ExamplesNoteLLDP must be enabled globally before Auto-QoS-MED configuration. Link Laye

Chapter 98: Quality of Service (QoS)1662NoteUnlike the other procedures in this chapter, the Auto-QoS-MED examples provide a list of commands, but do

AT-FS970M Switch Command Line User’s Guide1663Auto-QoS-MED with Trust DSCP Functionality and Voice VLAN Support In the following example, VLAN 100 bec

Chapter 98: Quality of Service (QoS)1664Table 227. Auto-QoS MED with Trust DSCP Functionality & Voice VLAN Support ExampleCommand Descriptionawplu

AT-FS970M Switch Command Line User’s Guide1665Auto-QoS-MED Functionality ExampleIn the following example, the CoS value of ingress traffic is trusted:

Chapter 98: Quality of Service (QoS)1666Auto-QoS-MED with Trust DSCP Functionality In the following example, the DSCP value of ingress traffic is trus

AT-FS970M Switch Command Line User’s Guide1667awplus (config-pmap)# class trustdscpEnters the “trustdscp” class map.awplus (config-pmap-c)# trust dscp

Chapter 98: Quality of Service (QoS)1668Displaying QoS SettingsThere are eight commands that display the QoS settings. See Table 230 for a description

AT-FS970M Switch Command Line User’s Guide1669Displaying QoSStatusTo display the status of the QoS feature, use the SHOW MLS QOS command at the Global

AT-FS970M Switch Command Line User’s Guide167SHOW SWITCHSyntaxshow switchParametersNoneModesPrivileged Exec modeDescriptionUse this command to view th

Chapter 98: Quality of Service (QoS)1670Displaying aPolicy MapTo display the contents of a policy map, use the SHOW POLICY-MAP command in the Privileg

AT-FS970M Switch Command Line User’s Guide1671Figure 257. SHOW MLS QOS INTERFACE Command— Strict PriorityDisplaying CoS toQueue MappingsTo display the

Chapter 98: Quality of Service (QoS)1672The CoS values in the first line are matched with the egress queue assignments in the second line. For example

AT-FS970M Switch Command Line User’s Guide1673Figure 259. SHOW MLS QOS MAPS DSCP-QUEUE CommandDisplaying DSCPto Policed-DSCPValuesTo display the mappi

Chapter 98: Quality of Service (QoS)1674The syntax of the SHOW MLS QOS MAPS POLICED-DSCP command is: show mls qos maps policed-dscp <0-63>See Fi

1675Chapter 99Quality of Service (QoS) CommandsThe Quality of Service (QoS) commands are summarized in Table 231 and described in detail in this chapt

Chapter 99: Quality of Service (QoS) Commands1676“MATCH TCP-FLAGS” on page 1704 Class Map Sets one or more TCP flags for a class map.“MATCH VLAN” on p

AT-FS970M Switch Command Line User’s Guide1677“POLICE SINGLE-RATE ACTION” on page 1733Policy Map ClassConfigures a single-rate policer for a class map

Chapter 99: Quality of Service (QoS) Commands1678“WRR-QUEUE EGRESS-RATE-LIMIT QUEUES” on page 1760Interface ConfigurationSets a limit on the amount of

AT-FS970M Switch Command Line User’s Guide1679AUTO-QOS Syntaxauto-qos [voice <VLANID> |trust dscp]ParametersvoiceSpecifies a VLAN ID for voice V

Chapter 8: Basic Switch Management Commands168ExampleThe following example displays the switch information:awplus# show switchActive Spanning Tree ver

Chapter 99: Quality of Service (QoS) Commands1680In the following example, VLAN 50 becomes the voice VLAN on port 1.0.22, and DSCP is trusted on traff

AT-FS970M Switch Command Line User’s Guide1681AUTO-QOS-MEDSyntaxauto-qos-med [voice <VLANID> |trust dscp]ParametersvoiceSpecifies a VLAN ID for

Chapter 99: Quality of Service (QoS) Commands1682In the following example, VLAN 50 becomes the voice VLAN on port 1.0.14, and DSCP is trusted on traff

AT-FS970M Switch Command Line User’s Guide1683CLASSSyntaxclass name|defaultParametersnameIndicates the name of a class map.defaultIndicates the class-

Chapter 99: Quality of Service (QoS) Commands1684To delete an association between a class map called “cmap5” and policy map called “pmap1,” do the fol

AT-FS970M Switch Command Line User’s Guide1685CLASS-MAPSyntaxclass-map nameParametersnameSpecifies the name of a class map.ModeGlobal Configuration mo

Chapter 99: Quality of Service (QoS) Commands1686DEFAULT-ACTIONSyntaxdefault-action permit|deny|copy-to-mirrorParameterspermitSpecifies packets are pe

AT-FS970M Switch Command Line User’s Guide1687To reset the action for the default class-map to permit, do the following:awplus> enableawplus# confi

Chapter 99: Quality of Service (QoS) Commands1688DESCRIPTION (Policy Map)Syntaxdescription lineParameterslineSpecifies an 80-character description of

AT-FS970M Switch Command Line User’s Guide1689To remove a description from a policy map called “pmap1,” do the following:awplus> enableawplus# conf

AT-FS970M Switch Command Line User’s Guide169SHOW SYSTEMSyntaxshow systemParametersNoneModesUser Exec and Privileged Exec modesDescriptionUse this com

Chapter 99: Quality of Service (QoS) Commands1690MATCH ACCESS-GROUP Syntaxmatch access-group group-name|group-numberParametersgroup-nameIndicates a gr

AT-FS970M Switch Command Line User’s Guide1691 To create a numbered IPv4 ACL, see the commands listed in Table 232.Use the no form of this command, N

Chapter 99: Quality of Service (QoS) Commands1692The following example creates a numbered IPv4 MAC ACL access list, 4012 and matches it to a class map

AT-FS970M Switch Command Line User’s Guide1693MATCH COSSyntaxmatch cos <0-7>Parameters0-7Specifies the CoS value where 0 is the lowest value, an

Chapter 99: Quality of Service (QoS) Commands1694Confirmation Commands“SHOW CLASS-MAP” on page 1744“SHOW RUNNING-CONFIG” on page 166ExamplesThe follow

AT-FS970M Switch Command Line User’s Guide1695MATCH DSCPSyntaxmatch dscp <0-63>Parameters0-63Specifies the DSCP value with 0 as the lowest value

Chapter 99: Quality of Service (QoS) Commands1696MATCH IP-PRECEDENCESyntaxmatch ip-precedence <0-7>Parameters0-7Specifies the precedence number.

AT-FS970M Switch Command Line User’s Guide1697MATCH MAC-TYPESyntaxmatch mac-type <12bcast|12mcast|12ucast>Parametersl2bcastSpecifies the Layer 2

Chapter 99: Quality of Service (QoS) Commands1698The following example removes the MAC type from a class map:awplus> enableawplus# configure termin

AT-FS970M Switch Command Line User’s Guide1699MATCH PROTOCOLSyntaxmatch eth-format layer-two-format protocol layer-three-protocolParameterseth-formatI

AT-FS970M Switch Command Line User’s Guide17SPANNING-TREE ERRDISABLE-TIMEOUT ENABLE ...

Chapter 8: Basic Switch Management Commands170SHOW SYSTEM SERIALNUMBERSyntaxshow system serialnumberParametersNoneModeUser Exec and Privileged Exec mo

Chapter 99: Quality of Service (QoS) Commands1700snap-tagged Indicates Sub-network Access Protocol (SNAP) tagged packets.snap-untagged Indicates SNAP

AT-FS970M Switch Command Line User’s Guide1701dec-lavc Indicates protocol number 6007. Enter the parameter name or its number.dec-mod-dump-id Indicate

Chapter 99: Quality of Service (QoS) Commands1702Confirmation Commands“SHOW CLASS-MAP” on page 1744“SHOW RUNNING-CONFIG” on page 166ExamplesThe follow

AT-FS970M Switch Command Line User’s Guide1703The following example creates a class map called “cmap12” and assigns ARP to it:awplus> enableawplus#

Chapter 99: Quality of Service (QoS) Commands1704MATCH TCP-FLAGSSyntaxmatch tcp-flags ack|fin|rst|syn|urgParametersackIndicates the Acknowledge TCP fl

AT-FS970M Switch Command Line User’s Guide1705If you assign both of these commands to the same class map, such as “cmap1,” the output of the SHOW CLAS

Chapter 99: Quality of Service (QoS) Commands1706MATCH VLANSyntaxmatch vlan <1-4094>Parameters1-4094Specifies the VLAN ID number.ModeClass Map C

AT-FS970M Switch Command Line User’s Guide1707MLS QOS AGGREGATE-POLICE SINGLE-RATESyntaxmls qos aggregate-police <name> single-rate <CIR>

Chapter 99: Quality of Service (QoS) Commands1708This type of policer can meter the traffic classified by the class map, and as a result, is given a r

AT-FS970M Switch Command Line User’s Guide1709awplus(config-pmap)# police aggregate policeagg1awplus(config-pmap-c)# exitawplus(config-pmap)# class cm

AT-FS970M Switch Command Line User’s Guide171SHOW USERSSyntaxshow usersParametersNoneModesPrivileged Exec modeDescriptionUse this command to display t

Chapter 99: Quality of Service (QoS) Commands1710MLS QOS AGGREGATE-POLICE TWIN-RATESyntaxmls qos aggregate-police <name> twin-rate <cir> &

AT-FS970M Switch Command Line User’s Guide1711A twin-rate policier is based on four values:  minimum rate minimum burst size maximum rate maximum

Chapter 99: Quality of Service (QoS) Commands1712awplus(config-pmap-c)# exitawplus(config-pmap)# class cmaptwin2awplus(config-pmap)# police aggregate

AT-FS970M Switch Command Line User’s Guide1713MLS QOS COSSyntaxmls qos cos <0-7>Parameters0-7Specifies the Class of Service user-priority value.

Chapter 99: Quality of Service (QoS) Commands1714The following example sets the CoS priority value to 4 on port 22:awplus> enableawplus# configure

AT-FS970M Switch Command Line User’s Guide1715MLS QOS ENABLESyntaxmls qos enableParametersNoneModeGlobal Configuration modeDescriptionUse this command

Chapter 99: Quality of Service (QoS) Commands1716MLS QOS MAP COS-QUEUESyntaxmls qos map cos-queue cos_priority to egress_queueParameterscos_prioritySp

AT-FS970M Switch Command Line User’s Guide1717Confirmation Command“SHOW MLS QOS MAPS COS-QUEUE” on page 1753ExamplesThe following example sets an egre

Chapter 99: Quality of Service (QoS) Commands1718MLS QOS MAP DSCP-QUEUESyntaxmls qos map dscp-queue dscp_value to egress_queueParametersdscp_valueSpec

AT-FS970M Switch Command Line User’s Guide1719ExamplesThe following example maps a DSCP value of 46 to egress queue 7 on ingress port 1.0.24. The DSCP

Chapter 8: Basic Switch Management Commands172ExampleThis example displays the managers who are logged on to the switch:awplus# show usersIdle The num

Chapter 99: Quality of Service (QoS) Commands1720MLS QOS MAP POLICED-DSCPSyntaxmls qos map policed-dscp <existing-dscp> to <new-dscp> <

AT-FS970M Switch Command Line User’s Guide1721This example changes the DSCP value from 20 to 44:awplus> enableawplus# configure terminalawplus(conf

Chapter 99: Quality of Service (QoS) Commands1722NO AUTO-QOS VOICE | TRUST DSCPSyntaxno auto-qos [voice <VLANID> |trust dscp]ParametersvoiceSpec

AT-FS970M Switch Command Line User’s Guide1723In the following example, DSCP is removed as the type of trust:awplus> enableawplus# configure termin

Chapter 99: Quality of Service (QoS) Commands1724NO MATCH ACCESS-GROUPSyntaxmatch access-group group-name|group-numberParametersgroup-nameIndicates an

AT-FS970M Switch Command Line User’s Guide1725The following example removes group number 4000 from a class map, called “cmap41”:awplus> enableawplu

Chapter 99: Quality of Service (QoS) Commands1726NO MATCH PROTOCOLSyntaxno match eth-format layer-two-format protocol layer-three-protocolParameterset

AT-FS970M Switch Command Line User’s Guide1727The following example removes 802.2 tagged packets from a class map called “cmap8”:awplus> enableawpl

Chapter 99: Quality of Service (QoS) Commands1728NO MLS QOS AGGREGATE-POLICESyntaxno mls qos aggregate-police name ParametersnameIndicates the name of

AT-FS970M Switch Command Line User’s Guide1729NO MLS QOS ENABLESyntaxno mls qos enableParametersNoneModeGlobal Configuration modeDescriptionUse this c

AT-FS970M Switch Command Line User’s Guide173SHOW VERSIONSyntaxshow versionParametersNoneModeUser Exec and Privileged Exec modesDescriptionUse this co

Chapter 99: Quality of Service (QoS) Commands1730NO POLICE AGGREGATESyntaxno police aggregate nameParametersnameIndicates the name of a police aggrega

AT-FS970M Switch Command Line User’s Guide1731POLICE AGGREGATESyntaxpolice aggregate nameParametersnameIndicates the name of the police aggregator.Mod

Chapter 99: Quality of Service (QoS) Commands1732The following example removes the association between the aggregate name, “policyagg5,” and class map

AT-FS970M Switch Command Line User’s Guide1733POLICE SINGLE-RATE ACTIONSyntaxpolice single-rate <cir> <cbs> <ebs> action [drop-red|p

Chapter 99: Quality of Service (QoS) Commands1734POLICED-DSCP command. See “MLS QOS MAP POLICED-DSCP” on page 1720.Although data are metered per byte,

AT-FS970M Switch Command Line User’s Guide1735POLICE TWIN-RATE ACTIONSyntaxpolice twin-rate <cir> <cbs> <pir> <pbs> action [dr

Chapter 99: Quality of Service (QoS) Commands1736 minimum burst size maximum rate maximum burst sizeThe value of the action parameter greatly effec

AT-FS970M Switch Command Line User’s Guide1737POLICY-MAPSyntaxpolicy-map nameParametersnameSpecifies the name of a policy map.ModeGlobal Configuration

Chapter 99: Quality of Service (QoS) Commands1738SET COSSyntaxset cos <0-7>Parameters0-7Specifies the CoS value of the classified traffic.ModePo

AT-FS970M Switch Command Line User’s Guide1739The following example removes the policy-map action for class map “cmap25” by using the NO SET COS comma

Chapter 8: Basic Switch Management Commands174SNMP-SERVER CONTACTSyntaxsnmp-server contact contactParameterscontactSpecifies the name of the person re

Chapter 99: Quality of Service (QoS) Commands1740SET DSCPSyntaxset dscp <0-63>Parameters<0-63>Specifies the DSCP value of the classified t

AT-FS970M Switch Command Line User’s Guide1741SET QUEUESyntaxset queue <0-7>Parameters<0-7>Specifies the queue.ModePolicy Map Class modeDe

Chapter 99: Quality of Service (QoS) Commands1742The following example removes the previously configured egress queue from class map “cmap2:”awplus>

AT-FS970M Switch Command Line User’s Guide1743SERVICE-POLICY INPUTSyntaxservice-policy input <policy-map>Parameterspolicy-mapIndicates the name

Chapter 99: Quality of Service (QoS) Commands1744SHOW CLASS-MAPSyntaxshow class-map class-map-nameParametersclass-map-nameSpecifies the name of the cl

AT-FS970M Switch Command Line User’s Guide1745SHOW POLICY-MAPSyntaxshow policy-map policy-map-nameParameterspolicy-map-nameSpecifies the name of the p

Chapter 99: Quality of Service (QoS) Commands1746ExampleThis example displays the settings of a policy map called “pmap4:'awplus# show policy-map

AT-FS970M Switch Command Line User’s Guide1747SHOW MLS QOSSyntaxshow mls qos ParametersNoneModePrivileged Exec modeDescriptionUse this command to disp

Chapter 99: Quality of Service (QoS) Commands1748SHOW MLS QOS AGGREGRATE-POLICERSyntaxshow mls qos aggregate-policer nameParametersnameSpecifies the n

AT-FS970M Switch Command Line User’s Guide1749.ExampleThis example displays the contents of the aggregate policer, called “ap1:”awplus# show mls qos a

AT-FS970M Switch Command Line User’s Guide175SNMP-SERVER LOCATIONSyntaxsnmp-server location locationParameterslocationSpecifies the location of the sw

Chapter 99: Quality of Service (QoS) Commands1750SHOW MLS QOS INTERFACESyntaxshow mls qos interface portParametersportSpecifies the port to display. Y

AT-FS970M Switch Command Line User’s Guide1751Figure 268. SHOW MLS QOS INTERFACE Command - Strict Priority (continued)Figure 269 is an example of a po

Chapter 99: Quality of Service (QoS) Commands1752The fields in the display are described in Table 238.ExampleThis example displays the mappings of egr

AT-FS970M Switch Command Line User’s Guide1753SHOW MLS QOS MAPS COS-QUEUESyntaxshow mls qos maps cos-queueParametersportSpecifies the port to display.

Chapter 99: Quality of Service (QoS) Commands1754SHOW MLS QOS MAPS DSCP-QUEUESyntaxshow mls qos maps dscp-queueParametersportSpecifies the port. You c

AT-FS970M Switch Command Line User’s Guide1755Figure 271. SHOW MLS QOS MAPS DSCP-QUEUE CommandThe mappings of DSCP value and egress queues are set wit

Chapter 99: Quality of Service (QoS) Commands1756ExampleThe following example displays the DSCP mappings:awplus# show mls qos maps dscp-queue

AT-FS970M Switch Command Line User’s Guide1757SHOW MLS QOS MAPS POLICED-DSCPSyntaxshow mls qos maps policed-dscp <0-63>Parameters<0-63>Spe

Chapter 99: Quality of Service (QoS) Commands1758TRUST DSCPSyntaxtrust dscpParametersNoneModePolicy Map Class modeDescriptionUse this command to trust

AT-FS970M Switch Command Line User’s Guide1759awplus> enableawplus# configure terminalawplus(config)# policy-map pmap1awplus(config-pmap)# class cm

Chapter 8: Basic Switch Management Commands176SYSTEM TERRITORYSyntaxsystem territory territoryParametersterritorySpecifies the territory of the switch

Chapter 99: Quality of Service (QoS) Commands1760WRR-QUEUE EGRESS-RATE-LIMIT QUEUESSyntaxwrr-queue egress-rate-limit bandwidth queues [0|1|2|3|4|5|6|7

AT-FS970M Switch Command Line User’s Guide1761This example removes egress rate limiting from port 14:awplus> enableawplus# configure terminalawplus

Chapter 99: Quality of Service (QoS) Commands1762WRR-QUEUE WEIGHTSyntaxwrr-queue weight weightParametersweightSpecifies the weight (the number of pack

AT-FS970M Switch Command Line User’s Guide1763Figure 274. Mapping of WRR QueuesUse the no form of this command, NO WRR-QUEUE WEIGHT, to remove the WRR

Chapter 99: Quality of Service (QoS) Commands1764

1765Chapter 100QoS Storm Control ProtectionThis chapter describes the following topics: “Overview” on page 1766 “Enabling Policy-Based QSP” on page

Chapter 100: QoS Storm Control Protection1766OverviewThe QoS Storm Control Protection (QSP) feature uses QoS mechanisms to classify traffic that is li

AT-FS970M Switch Command Line User’s Guide1767The QSP feature is configured and displayed with six storm control commands. All of the commands that be

Chapter 100: QoS Storm Control Protection1768When the software detects a storm on a port, a message is automatically recorded in the Event log or Sysl

AT-FS970M Switch Command Line User’s Guide1769Enabling Policy-Based QSPTo enable QSP, use the STORM PROTECTION command. You enable storm protection on

AT-FS970M Switch Command Line User’s Guide177This example removes the current territory information:awplus> enableawplus# configure terminalawplus(

Chapter 100: QoS Storm Control Protection1770Setting the Storm Control ActionTo determine which action the switch takes when the configured limits are

AT-FS970M Switch Command Line User’s Guide1771Disabling a Port The following example sets the storm protection action to disable the port assigned to

Chapter 100: QoS Storm Control Protection1772Shutting Down aPortThe following example sets the storm protection action to shut down the port assigned

AT-FS970M Switch Command Line User’s Guide1773Setting Storm Control Down TimeAfter the storm control action has been triggered, the port assigned to t

Chapter 100: QoS Storm Control Protection1774Setting the Storm Control Speed and Sampling FrequencyYou want to set the data rate for triggering policy

AT-FS970M Switch Command Line User’s Guide1775Displaying Port Storm StatusTo display the storm status for the specified port, use the SHOW MLS QOS INT

Chapter 100: QoS Storm Control Protection1776

1777Chapter 101QSP CommandsThe QoS Storm Control Protection commands are summarized in Table 247 and described in detail in this chapter.Table 247. Qu

Chapter 101: QSP Commands1778SHOW MLS QOS INTERFACE STORM-STATUSSyntaxshow mls qos interface port storm-statusParametersportSpecifies the port to disp

AT-FS970M Switch Command Line User’s Guide1779Confirmation CommandNoneExampleThis example displays the storm status for port 5:awplus# show mls qos in

Chapter 8: Basic Switch Management Commands178

Chapter 101: QSP Commands1780STORM-ACTIONSyntaxstorm-action portdisable|vlandisable|linkdownParametersportdisableDisables the port in software.vlandis

AT-FS970M Switch Command Line User’s Guide1781awplus(config)# policy-map pmap2awplus(config-pmap)# class cmap1awplus(config-pmap-c)# storm-protectiona

Chapter 101: QSP Commands1782STORM-DOWNTIMESyntaxstorm-downtime <1 - 86400>Parameters<1 - 86400>Indicates the number of seconds.ModePolicy

AT-FS970M Switch Command Line User’s Guide1783STORM-PROTECTIONSyntaxstorm-protection ParametersNoneModePolicy Map ClassDescriptionUse this command to

Chapter 101: QSP Commands1784STORM-RATESyntaxstorm-rate <1 - 10000000>Parameters<1 - 10000000>Sets the data rate in kbps. ModePolicy Map C

AT-FS970M Switch Command Line User’s Guide1785The following example disables the storm-rate setting:awplus> enableawplus# configure terminalawplus(

Chapter 101: QSP Commands1786STORM-WINDOWSyntaxstorm-window <100 - 6000>Parameters<100 - 6000>Indicates the window size, measured in ms. E

AT-FS970M Switch Command Line User’s Guide1787The following example disables the storm-window setting on class map “cmap5:'awplus> enableawplu

Chapter 101: QSP Commands1788

1789Section XIVRoutingThis section contains the following chapters: Chapter 102, “Internet Protocol Version 4 Packet Routing” on page 1791 Chapter 1

179Chapter 9Port ParametersThis chapter contains the following: “Adding Descriptions” on page 180 “Setting the Speed and Duplex Mode” on page 181 “

1790

1791Chapter 102Internet Protocol Version 4 Packet RoutingThis chapter describes the following topics: “Overview” on page 1792 “Routing Interfaces” o

Chapter 102: Internet Protocol Version 4 Packet Routing1792OverviewThis section contains an overview of the IPv4 routing feature on the switch and beg

AT-FS970M Switch Command Line User’s Guide1793Routing InterfacesRouting interfaces are used to route IPv4 packets between the networks that are local

Chapter 102: Internet Protocol Version 4 Packet Routing1794Static RoutesStatic routes are used to route IPv4 packets to networks that are not directly

AT-FS970M Switch Command Line User’s Guide1795Routing Information Protocol (RIP)The switch supports Routing Information Protocol (RIP) versions 1 and

Chapter 102: Internet Protocol Version 4 Packet Routing1796The switch transmits its routing table every thirty seconds from those interfaces that have

AT-FS970M Switch Command Line User’s Guide1797Default RouteA default route is a “match all” destination entry in the routing table. The switch uses it

Chapter 102: Internet Protocol Version 4 Packet Routing1798Routing TableThe switch has a routing table of local and remote networks The local networks

AT-FS970M Switch Command Line User’s Guide1799Address Resolution Protocol (ARP) TableThe switch has an ARP table. The switch uses the table to store t

Contents18Section VIII: Virtual LANs ...

Chapter 9: Port Parameters180Adding DescriptionsThe ports will be easier to identify if you give them descriptions. The descriptions are viewed with t

Chapter 102: Internet Protocol Version 4 Packet Routing1800Internet Control Message Protocol (ICMP)ICMP allows routers to send error and control messa

AT-FS970M Switch Command Line User’s Guide1801Time to Live Exceeded (11) The switch sends a “Time to live exceeded” packet if the value in a packet’s

Chapter 102: Internet Protocol Version 4 Packet Routing1802Routing Interfaces and Management FeaturesRouting interfaces are primarily used to route IP

AT-FS970M Switch Command Line User’s Guide1803Example of the Routing CommandsThis section contains an example of the commands of the IPv4 routing feat

Chapter 102: Internet Protocol Version 4 Packet Routing1804Creating theRoutingInterfacesNow that the VLANs are created, you may use the IP ADDRESS com

AT-FS970M Switch Command Line User’s Guide1805IPv4 decimal masks 16 and 24 are equivalent to masks 255.255.0.0 and 255.255.255.0, respectively.There a

Chapter 102: Internet Protocol Version 4 Packet Routing1806Adding Static andDefault RoutesBuilding on our example, assume you decide to manually enter

AT-FS970M Switch Command Line User’s Guide1807Now assume you want to create a default route for packets that have a destination address to an unknown

Chapter 102: Internet Protocol Version 4 Packet Routing1808Activating RIP Rather than adding static routes to remote destinations, or perhaps to augme

AT-FS970M Switch Command Line User’s Guide1809You may specify the interfaces in the NETWORK command by their respective network addresses instead of t

AT-FS970M Switch Command Line User’s Guide181Setting the Speed and Duplex ModeThe twisted pair ports on the switch can operate at 10, 100, or 1000 Mbp

Chapter 102: Internet Protocol Version 4 Packet Routing1810

1811Chapter 103IPv4 Routing CommandsThe IPv4 routing commands are summarized in Table 251 and described in detail within the chapter.NoteThe commands

Chapter 103: IPv4 Routing Commands1812NoteThe switch does not support IPv6 packet routing, but it does support one IPv6 management address. For instru

AT-FS970M Switch Command Line User’s Guide1813IP ADDRESSSyntaxip address ipaddress/maskParametersipaddressSpecifies an IPv4 address for a new routing

Chapter 103: IPv4 Routing Commands1814ExamplesThis example adds a new routing interface to the Default VLAN, which has the VID 1.The interface is assi

AT-FS970M Switch Command Line User’s Guide1815IP ADDRESS DHCPSyntaxip address dhcpParametersNoneModeVLAN Interface modeDescriptionUse this command to

Chapter 103: IPv4 Routing Commands1816IP ROUTESyntaxip route ipaddress1 mask ipaddress2 [admin]Parametersipaddress1Specifies the IP address of a remot

AT-FS970M Switch Command Line User’s Guide1817The switch uses the default route to route packets to remote destination networks that are not listed in

Chapter 103: IPv4 Routing Commands1818This example assigns the switch the IPv4 default gateway address 143.87.132.45. The mask is specified in IP nota

AT-FS970M Switch Command Line User’s Guide1819NO IP ADDRESSSyntaxno ip addressParametersNoneModeVLAN Interface modeDescriptionUse this command to dele

Chapter 9: Port Parameters182This example sets the speeds of ports 11 and 17 to 100Mbps:awplus> enableawplus# configure terminalawplus(config)# int

Chapter 103: IPv4 Routing Commands1820ExampleThis example deletes the IPv4 routing interface from the VLAN with the VID 15:awplus> enableawplus# co

AT-FS970M Switch Command Line User’s Guide1821NO IP ADDRESS DHCPSyntaxno ip address dhcpParametersNoneModeVLAN Interface modeDescriptionUse this comma

Chapter 103: IPv4 Routing Commands1822ExampleThis example deletes the IPv4 routing interface with a dynamic IP address from the VLAN with the VID 3:aw

AT-FS970M Switch Command Line User’s Guide1823NO IP ROUTESyntaxno ip route ipaddress1/mask ipaddress2 [admin]Parametersipaddress1Specifies the IP addr

Chapter 103: IPv4 Routing Commands1824This example deletes the same static route, but the mask is entered in decimal notation:awplus> enableawplus#

AT-FS970M Switch Command Line User’s Guide1825SHOW IP INTERFACESyntaxshow ip interfaceParametersNoneModePrivileged Exec modeDescriptionUse this comman

Chapter 103: IPv4 Routing Commands1826ExampleThis example displays the routing interfaces on the switch:awplus# show ip interfaceProtocol The status o

AT-FS970M Switch Command Line User’s Guide1827SHOW IP ROUTESyntaxshow ip routeParametersNoneModePrivileged Exec modeDescriptionUse this command to dis

Chapter 103: IPv4 Routing Commands1828NoteRIP routes have an additional option which indicates the time lapsed in hours: minutes: seconds since the RI

1829Chapter 104Routing Information Protocol (RIP)This chapter describes the following topics: “Overview” on page 1830 “Enabling RIP” on page 1831 “

AT-FS970M Switch Command Line User’s Guide183Setting the MDI/MDI-X Wiring ConfigurationThe wiring configurations of twisted pair ports that operate at

Chapter 104: Routing Information Protocol (RIP)1830OverviewThe AT-FS970M Series switches provide Layer 3 routing functionality as well as Layer 2 swit

AT-FS970M Switch Command Line User’s Guide1831Enabling RIPTo connect remote networks dynamically, you must enable the RIP routing process on the switc

Chapter 104: Routing Information Protocol (RIP)1832The following example enables RIP on Switch S1 so that VLAN interfaces 10 and 50 receive and send R

AT-FS970M Switch Command Line User’s Guide1833Specifying a RIP VersionThe Management Software supports both RIP Version 1 and 2. The default RIP Versi

Chapter 104: Routing Information Protocol (RIP)1834Enabling AuthenticationSecurity is one of the primary requirements for corporate networks. RIP Vers

AT-FS970M Switch Command Line User’s Guide1835The following example configures Switch S1 to specify MD5 as the authentication mode and “axc222” as the

Chapter 104: Routing Information Protocol (RIP)1836Enabling and Disabling Automatic Route SummarizationAs a corporation grows, the corporate network n

AT-FS970M Switch Command Line User’s Guide1837The following example enables automatic summarization:S1> enableS1# configure terminalS1(config)# rou

Chapter 104: Routing Information Protocol (RIP)1838Enabling and Disabling Split HorizonRIP implements the split-horizon mechanism to prevent propagati

AT-FS970M Switch Command Line User’s Guide1839Advertising the Default RouteRIP has a built-in feature which allows you to advertise a default route to

Chapter 9: Port Parameters184Enabling or Disabling PortsDisabling ports turns off their receivers and transmitters so that they cannot forward traffic

Chapter 104: Routing Information Protocol (RIP)1840Displaying Routing Information with RIPTo confirm that routes are dynamically added by RIP, use the

AT-FS970M Switch Command Line User’s Guide1841Adjusting TimersRIP sends routing updates at regular intervals. By default, the Management Software tran

Chapter 104: Routing Information Protocol (RIP)1842Blocking Routing Updates on an InterfaceThe interfaces on the switch receive routing updates every

1843Chapter 105Routing Information Protocol (RIP) CommandsThe RIP commands are summarized in Table 256 and described in detail within the chapter.Tabl

Chapter 105: Routing Information Protocol (RIP) Commands1844“NO AUTO-SUMMARY” on page 1859 Routing ConfigurationDisables automatic route summarization

AT-FS970M Switch Command Line User’s Guide1845“ROUTER RIP” on page 1874 Global ConfigurationEnters the Routing Configuration mode to configure RIP.“SH

Chapter 105: Routing Information Protocol (RIP) Commands1846AUTO-SUMMARYSyntaxauto-summaryParametersNoneModeRouting Configuration modeDescriptionUse t

AT-FS970M Switch Command Line User’s Guide1847DEFAULT-INFORMATION ORIGINATESyntaxdefault-information originateParameterNoneModeRouter Configuration mo

Chapter 105: Routing Information Protocol (RIP) Commands1848IP RIP AUTHENTICATION STRINGSyntaxip rip authentication string auth-stringParametersauth-s

AT-FS970M Switch Command Line User’s Guide1849IP RIP AUTHENTICATION MODESyntaxip rip authentication mode md5|textParametersmd5Specifies the MD5 authen

AT-FS970M Switch Command Line User’s Guide185Enabling or Disabling BackpressurePorts use backpressure during periods of packet congestion, to prevent

Chapter 105: Routing Information Protocol (RIP) Commands1850IP RIP RECEIVE-PACKETSyntaxip rip receive-packetParametersNoneModeVLAN Interface modeDescr

AT-FS970M Switch Command Line User’s Guide1851IP RIP RECEIVE VERSIONSyntaxip rip receive version 1|2|1 2Parameters1Specifies RIP Version 1.2Specifies

Chapter 105: Routing Information Protocol (RIP) Commands1852The following example configures the routing interface in VLAN 3 to receive both RIP Versi

AT-FS970M Switch Command Line User’s Guide1853IP RIP SEND-PACKETSyntaxip rip send packetParametersNoneModeVLAN Interface modeDescriptionUse this comma

Chapter 105: Routing Information Protocol (RIP) Commands1854IP RIP SEND VERSIONSyntaxip rip send version 1|2Parameters1Specifies RIP Version 1.2Specif

AT-FS970M Switch Command Line User’s Guide1855IP RIP SPLIT-HORIZONSyntaxip rip split-horizon [poisoned]ParameterspoisonedAssigns a hop value of infini

Chapter 105: Routing Information Protocol (RIP) Commands1856ExamplesThe following example activates split horizon on the routing interface in VLAN 5.

AT-FS970M Switch Command Line User’s Guide1857NETWORKSyntaxnetwork network-address|subnet-mask|vlanidParametersnetwork-addressSpecifies the network ad

Chapter 105: Routing Information Protocol (RIP) Commands1858The following example allows VLAN 2 to send and accept routing updates:awplus> enableaw

AT-FS970M Switch Command Line User’s Guide1859NO AUTO-SUMMARYSyntaxno auto-summaryParametersNoneModeRouting Configuration modeDescriptionUse this comm

Chapter 9: Port Parameters186Enabling or Disabling Flow ControlWhen a port that is operating in full-duplex mode needs to temporarily stop its local o

Chapter 105: Routing Information Protocol (RIP) Commands1860NO DEFAULT-INFORMATION ORIGINATESyntaxno default-information originateParameterNoneModeRou

AT-FS970M Switch Command Line User’s Guide1861NO IP RIP AUTHENTICATION MODESyntaxno ip rip authentication modeParametersNoneModeVLAN Interface modeDes

Chapter 105: Routing Information Protocol (RIP) Commands1862NO IP RIP AUTHENTICATION STRINGSyntaxno ip rip authentication string auth-stringParameters

AT-FS970M Switch Command Line User’s Guide1863NO IP RIP RECEIVE-PACKETSyntaxno ip rip receive-packetParametersNoneModeVLAN Interface modeDescriptionUs

Chapter 105: Routing Information Protocol (RIP) Commands1864NO IP RIP RECEIVE VERSIONSyntaxno ip rip receive versionParametersNoneModeVLAN Interface m

AT-FS970M Switch Command Line User’s Guide1865NO IP RIP SEND-PACKETSyntaxno ip rip send packetParametersNoneModeVLAN Interface modeDescriptionUse this

Chapter 105: Routing Information Protocol (RIP) Commands1866NO IP RIP SEND VERSIONSyntaxno ip rip send versionParametersNoneModeVLAN Interface modeDes

AT-FS970M Switch Command Line User’s Guide1867NO IP RIP SPLIT-HORIZONSyntaxno ip rip split-horizonParametersNoneModeVLAN Interface modeDescriptionUse

Chapter 105: Routing Information Protocol (RIP) Commands1868NO NETWORKSyntaxno network network-address|subnet-mask|vlanidParametersnetwork-addressSpec

AT-FS970M Switch Command Line User’s Guide1869NO PASSIVE-INTERFACESyntaxno passive-interface vlanidParametersvlanidSpecifies the ID number of a VLAN.M

AT-FS970M Switch Command Line User’s Guide187This example configures port 21 not to send pause packets during periods of packet congestion:awplus>

Chapter 105: Routing Information Protocol (RIP) Commands1870NO ROUTER RIPSyntaxno router ripParametersNoneModeGlobal Configuration modeDescriptionUse

AT-FS970M Switch Command Line User’s Guide1871NO TIMERS BASICSyntaxno timers basicParametersNoneModeRouting Configuration modeDescriptionUse this comm

Chapter 105: Routing Information Protocol (RIP) Commands1872NO VERSIONSyntaxno versionParametersNoneModeRouter Configuration modeDescriptionUse this c

AT-FS970M Switch Command Line User’s Guide1873PASSIVE-INTERFACESyntaxpassive-interface vlanidParametersvlanidSpecifies the ID number of a VLAN.ModeRou

Chapter 105: Routing Information Protocol (RIP) Commands1874ROUTER RIPSyntaxrouter ripParametersNoneModeGlobal Configuration modeDescriptionUse this c

AT-FS970M Switch Command Line User’s Guide1875SHOW IP RIPSyntaxshow ip ripParametersNoneModeUser Exec and Privileged Exec modesDescriptionUse this com

Chapter 105: Routing Information Protocol (RIP) Commands1876The fields are described in Table 257.ExampleThe following example displays routing inform

AT-FS970M Switch Command Line User’s Guide1877SHOW IP RIP COUNTERSyntaxshow ip rip counterParametersNoneModeUser Exec and Privileged Exec modesDescrip

Chapter 105: Routing Information Protocol (RIP) Commands1878ExampleThe following example displays counters for RIP packets on the switch:awplus# show

AT-FS970M Switch Command Line User’s Guide1879SHOW IP RIP INTERFACESyntaxshow ip rip interface interfaceParametersinterfaceSpecifies a VLAN interface.

Chapter 9: Port Parameters188If flow control is not configured on a port, this message is displayed:Flow control is not set on interface port1.0.2

Chapter 105: Routing Information Protocol (RIP) Commands1880ExamplesThe following example displays RIP information about VLAN 5:awplus# show ip route

AT-FS970M Switch Command Line User’s Guide1881TIMERS BASICSyntaxtimers basic update update timeout timeout garbage garbageParametersupdateSpecifies th

Chapter 105: Routing Information Protocol (RIP) Commands1882ExampleThe following example sets the switch to transmit routing updates every 20 seconds,

AT-FS970M Switch Command Line User’s Guide1883VERSIONSyntaxversion 1|2Parameters1Specifies RIP Version 1.2Specifies RIP Version 2.ModeRouter Configura

Chapter 105: Routing Information Protocol (RIP) Commands1884

1885Appendix ASystem Monitoring CommandsThe system monitoring commands are summarized in Table 260 and described in detail within the chapter.Table 26

Chapter : System Monitoring Commands1886SHOW CPUSyntaxshow cpu [sort pri|runtime|sleep|thrds]ParameterspriSorts the list by process priorities.runtime

AT-FS970M Switch Command Line User’s Guide1887SHOW CPU HISTORYSyntaxshow cpu historyParametersNoneModePrivileged Exec modeDescriptionUse this command

Chapter : System Monitoring Commands1888SHOW CPU USER-THREADSSyntaxshow cpu user-threadsParametersNoneModePrivileged Exec modeDescriptionUse this comm

AT-FS970M Switch Command Line User’s Guide1889SHOW MEMORYSyntaxshow memory [sort peak|size|stk]ParameterspeakSorts the list by the peak amounts of mem

AT-FS970M Switch Command Line User’s Guide189Resetting PortsIf a port is experiencing a problem, you may be able to correct it with the RESET command

Chapter : System Monitoring Commands1890SHOW MEMORY ALLOCATIONSyntaxshow memory allocation processParameterprocessSpecifies a system process.ModePrivi

AT-FS970M Switch Command Line User’s Guide1891SHOW MEMORY HISTORYSyntaxshow memory historyParametersNoneModePrivileged Exec modeDescriptionUse this co

Chapter : System Monitoring Commands1892SHOW MEMORY POOLSSyntaxshow memory poolsParametersNoneModePrivileged Exec modeDescriptionUse this command to d

AT-FS970M Switch Command Line User’s Guide1893SHOW PROCESSSyntaxshow memory process [sort cpu|mem]ParameterscpuSorts the list by percentage of CPU uti

Chapter : System Monitoring Commands1894SHOW SYSTEM SERIALNUMBERSyntaxshow system serialnumberParametersNoneModesUser Exec mode and Privileged Exec mo

AT-FS970M Switch Command Line User’s Guide1895SHOW SYSTEM INTERRUPTSSyntaxshow system interruptsParametersNoneModePrivileged Exec modeDescriptionUse t

Chapter : System Monitoring Commands1896SHOW TECH-SUPPORTSyntaxshow tech-support [all]ParametersallPerforms the full set of technical support commands

AT-FS970M Switch Command Line User’s Guide1897With the ALL option, the command performs the previous commands and these additional commands: SHOW ARP

Chapter : System Monitoring Commands1898

1899Appendix BManagement Software Default SettingsThis appendix lists the factory default settings of the switch. The features are listed in alphabeti

AT-FS970M Switch Command Line User’s Guide19Chapter 61: GARP VLAN Registration Protocol Commands ...

Chapter 9: Port Parameters190Configuring Threshold Limits for Ingress PacketsYou can set threshold limits for the ingress packets on the ports. The th

Appendix B: Management Software Default Settings1900 “Web Server” on page 1930

AT-FS970M Switch Command Line User’s Guide1901Boot Configuration FileThe following table lists the name of the default configuration file.Boot Configu

Appendix B: Management Software Default Settings1902Class of ServiceThe following table lists the default mappings of the IEEE 802.1p priority levels

AT-FS970M Switch Command Line User’s Guide1903Console PortThe following table lists the default settings for the Console port.NoteThe baud rate is the

Appendix B: Management Software Default Settings1904DHCP RelayThe following table lists the default settings for the DHCP relay feature.DHCP Relay Set

AT-FS970M Switch Command Line User’s Guide1905802.1x Port-Based Network Access ControlThe following table describes the 802.1x Port-based Network Acce

Appendix B: Management Software Default Settings1906The following table lists the default settings for RADIUS accounting.The following table lists the

AT-FS970M Switch Command Line User’s Guide1907Enhanced StackingThe following table lists the enhanced stacking default setting.Enhanced Stacking Setti

Appendix B: Management Software Default Settings1908GVRPThis section provides the default settings for GVRP.GVRP Setting DefaultStatus DisabledGIP Sta

AT-FS970M Switch Command Line User’s Guide1909IGMP SnoopingThe following table lists the IGMP Snooping default settings.IGMP Snooping Setting DefaultI

AT-FS970M Switch Command Line User’s Guide191To remove threshold limits from the ports, use the NO STORM-CONTROL command, also in the Port Interface m

Appendix B: Management Software Default Settings1910IGMP Snooping QuerierThe following table lists the IGMP snooping querier default settings.IGMP Sno

AT-FS970M Switch Command Line User’s Guide1911Link Layer Discovery Protocol (LLDP and LLDP-MED)The following table lists the default settings for LLDP

Appendix B: Management Software Default Settings1912MAC Address-based Port SecurityThe following table lists the MAC address-based port security defau

AT-FS970M Switch Command Line User’s Guide1913MAC Address TableThe following table lists the default setting for the MAC address table.MAC Address Tab

Appendix B: Management Software Default Settings1914Management IP AddressThe following table lists the default settings for the management IP address.

AT-FS970M Switch Command Line User’s Guide1915Manager AccountThe following table lists the manager account default settings.NoteLogin names and passwo

Appendix B: Management Software Default Settings1916Port SettingsThe following table lists the port configuration default settings.Port Configuration

AT-FS970M Switch Command Line User’s Guide1917RADIUS ClientThe following table lists the RADIUS configuration default settings.RADIUS Configuration Se

Appendix B: Management Software Default Settings1918Remote Manager Account AuthenticationThe following table describes the remote manager account auth

AT-FS970M Switch Command Line User’s Guide1919RMONThe following table lists the default settings for RMON collection histories. There are no default s

Chapter 9: Port Parameters192Displaying Threshold Limit Settings on PortsTo display the threshold settings for the ingress packets on the ports, use t

Appendix B: Management Software Default Settings1920Secure Shell ServerThe following table lists the SSH default settings.NoteThe SSH port number is n

AT-FS970M Switch Command Line User’s Guide1921sFlow AgentThe default settings for the sFlow agent are listed in this table.sFlow Agent Setting Default

Appendix B: Management Software Default Settings1922Simple Network Management Protocol (SNMPv1, SNMPv2c and SNMPv3)The following table describes the d

AT-FS970M Switch Command Line User’s Guide1923Simple Network Time ProtocolThe following table lists the SNTP default settings.SNTP Setting DefaultSyst

Appendix B: Management Software Default Settings1924Spanning Tree Protocols (STP, RSTP and MSTP)This section provides the default settings for STP and

AT-FS970M Switch Command Line User’s Guide1925MultipleSpanning TreeProtocolThe following table describes the RSTP default settings.Loop Guard Disabled

Appendix B: Management Software Default Settings1926System NameThe default setting for the system name is listed in this table.System Name Setting Def

AT-FS970M Switch Command Line User’s Guide1927TACACS+ Client The following table lists the TACACS+ client configuration default settings.TACACS+ Clien

Appendix B: Management Software Default Settings1928Telnet ServerThe default settings for the Telnet server are listed in this table.NoteThe Telnet po

AT-FS970M Switch Command Line User’s Guide1929VLANsThis section provides the VLAN default settings.VLAN Setting DefaultDefault VLAN Name Default_VLAN

AT-FS970M Switch Command Line User’s Guide193Reinitializing Auto-NegotiationIf you believe that a port set to Auto-Negotiation is not using the highes

Appendix B: Management Software Default Settings1930Web ServerThe following table lists the web server default settings.Web Server Configuration Setti

1931Command IndexAAAA ACCOUNTING LOGIN command 1475AAA ACCOUNTING LOGIN TACACS command 1475AAA AUTHENTICATION DOT1X DEFAULT GROUP command 1056AAA AUTH

Index1932DOT1X CONTROL-DIRECTION command 1086DOT1X EAP command 1088DOT1X INITIALIZE INTERFACE command 1090DOT1X MAX-REAUTH-REQ command 1091DOT1X PORT-

AT-FS970M Switch Command Line User’s Guide1933IP RIP SEND-PACKET command 1853IP RIP SPLIT-HORIZON command 1855IP ROUTE command 299, 314, 1816IP SOURCE

Index1934NO GROUP-LINK-CONTROL UPSTREAM command 499, 510NO GVRP ENABLE command 937, 951NO HOSTNAME command 156NO HTTPS SERVER command 1441NO INSTANCE

AT-FS970M Switch Command Line User’s Guide1935NO SET COS command 1738NO SET DSCP command 1740NO SET QUEUE command 1741NO SFLOW COLLECTOR IP command 11

Index1936RELOAD command 127, 161RENEGOTIATE command 193, 225RESET command 189, 226, 1840REVISION command 876RMON ALARM command 1322, 1335RMON COLLECTI

AT-FS970M Switch Command Line User’s Guide1937SHOW LOCATION command 1222, 1225, 1226, 1228, 1296SHOW LOG command 111, 665, 682SHOW LOG CONFIG command

Index1938827, 872SPANNING-TREE PORTFAST BPDU-GUARD command 829, 874SPANNING-TREE PORTFAST command 803, 828, 873SPANNING-TREE PRIORITY (Bridge Priority

Chapter 9: Port Parameters194Restoring the Default SettingsTo restore the default settings on a port, use the PURGE command in the Port Interface mode

AT-FS970M Switch Command Line User’s Guide195Displaying Port SettingsThere are several ways to display port settings. See the following: “Displaying

Chapter 9: Port Parameters196Figure 49. SHOW INTERFACE CommandThe fields are described in Table 13 on page 230. For a description of the command, see

AT-FS970M Switch Command Line User’s Guide197Displaying or Clearing Port StatisticsTo view packet statistics for the individual ports, use the SHOW PL

Chapter 9: Port Parameters198Displaying SFP Information To view information on a plugged SFP on the switch, use the SHOW SYSTEM PLUGGABLE command in t

199Chapter 10Port Parameter CommandsThe port parameter commands are summarized in Table 11.Table 11. Port Parameter CommandsCommand Mode Description“B

CopyrightCopyright © 2014, Allied Telesis, Inc.All rights reserved.This product includes software licensed under the BSD License. As such, the followi

Contents20PRIVATE-VLAN...

Chapter 10: Port Parameter Commands200“NO STORM-CONTROL” on page 221Port Interface Removes threshold limits for broadcast, multicast, or unknown unica

201“STORM-CONTROL” on page 249 Port Interface Sets a maximum limit of the number of broadcast, multicast, or unknown unicast packets forwarded by a po

Chapter 10: Port Parameter Commands202BACKPRESSURESyntaxbackpressure on|offParametersonActivates backpressure on the ports.offDeactivates backpressure

AT-FS970M Switch Command Line User’s Guide203This example configures ports 8 and 21 to 100 Mbps, half-duplex mode, with backpressure disabled:awplus&g

Chapter 10: Port Parameter Commands204BPLIMITSyntaxbplimit bplimitParametersbplimitSpecifies the number of cells for backpressure. A cell represents 1

AT-FS970M Switch Command Line User’s Guide205CLEAR PORT COUNTERSyntaxclear port counter portParametersportSpecifies the port whose packet counters you

Chapter 10: Port Parameter Commands206DESCRIPTIONSyntaxdescription descriptionParametersdescriptionSpecifies a description of 1 to 240 alphanumeric ch

AT-FS970M Switch Command Line User’s Guide207This example removes the current name from port 11 without assigning a new name:awplus> enableawplus#

Chapter 10: Port Parameter Commands208DUPLEXSyntaxduplex auto|half|fullParametersautoActivates Auto-Negotiation for the duplex mode, so that the duple

AT-FS970M Switch Command Line User’s Guide209ExamplesThis example sets the duplex mode on port 11 half-duplex:awplus> enableawplus# configure termi

AT-FS970M Switch Command Line User’s Guide21Designating the Authentication Methods ...

Chapter 10: Port Parameter Commands210EGRESS-RATE-LIMITSyntaxegress-rate-limit valueParametersvalueSpecifies the maximum amount of traffic that can be

AT-FS970M Switch Command Line User’s Guide211FCTRLLIMITSyntaxfctrllimit fctrllimitParametersfctrllimitSpecifies the number of cells for flow control.

Chapter 10: Port Parameter Commands212FLOWCONTROLSyntaxflowcontrol send|receive|both on|offParametersendControls whether a port sends pause packets du

AT-FS970M Switch Command Line User’s Guide213partner. If it is off, a port does not respond to pause packets and continues to transmit packets. At the

Chapter 10: Port Parameter Commands214This example configures port 1 and 2 to 10 Mbps, full-duplex mode. The send portion of flow control is disabled

AT-FS970M Switch Command Line User’s Guide215HOLBPLIMITSyntaxholbplimit holbplimitParameterholbplimitSpecifies the threshold at which a port signals a

Chapter 10: Port Parameter Commands216Figure 51. Head of Line BlockingThe HOL Limit parameter can help prevent this problem from occurring. It sets a

AT-FS970M Switch Command Line User’s Guide217NO EGRESS-RATE-LIMITSyntaxno egress-rate-limitParametersNoneModePort Interface modeDescriptionUse this co

Chapter 10: Port Parameter Commands218NO FLOWCONTROLSyntaxno flowcontrolParameterNoneModePort Interface modeDescriptionUse this command to disable flo

AT-FS970M Switch Command Line User’s Guide219NO SHUTDOWNSyntaxno shutdownParametersNoneModePort Interface modeDescriptionUse this command to enable po

Contents22Section X: Simple Network Management Protocols ...1119Chapter 71: SN

Chapter 10: Port Parameter Commands220NO SNMP TRAP LINK-STATUSSyntaxno snmp trap link-statusParameterNoneModePort Interface modeDescriptionUse this co

AT-FS970M Switch Command Line User’s Guide221NO STORM-CONTROLSyntaxno storm-control broadcast|multicast|dlfParametersbroadcastSpecifies broadcast pack

Chapter 10: Port Parameter Commands222POLARITYSyntaxpolarity auto|mdi|mdixParametersautoActivates auto-MDI/MDIX.mdiSets a port’s wiring configuration

AT-FS970M Switch Command Line User’s Guide223This example sets ports 4 and 18 to the MDI-X wiring configuration:awplus> enableawplus# configure ter

Chapter 10: Port Parameter Commands224PURGESyntaxpurgeParametersNoneModePort Interface modeDescriptionUse this command to restore the default settings

AT-FS970M Switch Command Line User’s Guide225RENEGOTIATESyntaxrenegotiateParametersNoneModePort Interface modeDescriptionUse this command to prompt a

Chapter 10: Port Parameter Commands226RESETSyntaxresetParametersNoneModePort Interface modeDescriptionUse this command to perform a hardware reset on

AT-FS970M Switch Command Line User’s Guide227SHOW FLOWCONTROL INTERFACESyntaxshow flowcontrol interface portParameterportSpecifies the port whose flow

Chapter 10: Port Parameter Commands228ExampleThis command displays the flow control settings for port 2:awplus# show flowcontrol interface port1.0.2Rx

AT-FS970M Switch Command Line User’s Guide229SHOW INTERFACESyntaxshow interface [port]ParameterportSpecifies the port whose current status you want to

AT-FS970M Switch Command Line User’s Guide23Packet Counters ...

Chapter 10: Port Parameter Commands230Figure 53. SHOW INTERFACE CommandThe fields are described in Table 13.Interface port1.0.1Link is UP, administrat

AT-FS970M Switch Command Line User’s Guide231Link is The status of the link on the port. This field is UP when the port has a link with a network devi

Chapter 10: Port Parameter Commands232ExamplesThis command displays the current operational state of all the ports:awplus# show interfaceThis command

AT-FS970M Switch Command Line User’s Guide233SHOW INTERFACE BRIEFSyntaxshow interface briefParameterNoneModesPrivileged Exec modeDescriptionUse this c

Chapter 10: Port Parameter Commands234ExampleThe following example displays the administrative and link statuses of all of the ports on the switch:awp

AT-FS970M Switch Command Line User’s Guide235SHOW INTERFACE STATUSSyntaxshow interface [port] statusParameterportSpecifies the port whose parameter se

Chapter 10: Port Parameter Commands236ExamplesThis command displays the settings of all the ports:awplus# show interface statusThis command displays t

AT-FS970M Switch Command Line User’s Guide237SHOW PLATFORM TABLE PORT COUNTERSSyntaxshow platform table port [port] countersParameterportSpecifies the

Chapter 10: Port Parameter Commands238MulticastPkts Number of received and transmitted multicast packets.BroadcastPkts Number of received and transmit

AT-FS970M Switch Command Line User’s Guide239ExamplesThis command displays the statistics for ports 21 and 23:awplus# show platform table port port1.0

Contents24LLDP TIMER ...

Chapter 10: Port Parameter Commands240SHOW RUNNING-CONFIG INTERFACESyntaxshow running-config interface portParametersportSpecifies a port, multiple po

AT-FS970M Switch Command Line User’s Guide241SHOW STORM-CONTROLSyntaxshow storm-control [port]ParametersportSpecifies the port whose storm-control, th

Chapter 10: Port Parameter Commands242ExamplesThis command displays the settings of all the ports:awplus# show storm-controlThis command displays the

AT-FS970M Switch Command Line User’s Guide243SHOW SYSTEM PLUGGABLESyntaxshow system pluggableParametersNoneModePrivileged Exec modeDescriptionUse this

Chapter 10: Port Parameter Commands244SHOW SYSTEM PLUGGABLE DETAILSyntaxshow system pluggable detailParametersNoneModePrivileged Exec modeDescriptionU

AT-FS970M Switch Command Line User’s Guide245SHUTDOWNSyntaxshutdownParameterNoneModePort Interface modeDescriptionUse this command to disable ports. P

Chapter 10: Port Parameter Commands246SNMP TRAP LINK-STATUSSyntaxsnmp trap link-statusParameterNoneModePort Interface modeDescriptionUse this command

AT-FS970M Switch Command Line User’s Guide247SPEEDSyntaxspeed auto|10|100|1000ParametersautoActivates Auto-Negotiation so that the speed is configured

Chapter 10: Port Parameter Commands248This example activates Auto-Negotiation on port 15:awplus> enableawplus# configure terminalawplus(config)# in

AT-FS970M Switch Command Line User’s Guide249STORM-CONTROLSyntaxstorm-control broadcast|multicast|dlf level valueParametersbroadcastSpecifies broadcas

AT-FS970M Switch Command Line User’s Guide25Chapter 81: RMON Commands ...

Chapter 10: Port Parameter Commands250ExamplesThis example sets the maximum threshold level of 5,000 packets per second for ingress broadcast packets

251Chapter 11Power Over Ethernet “Overview” on page 252 “Enabling and Disabling PoE” on page 254  “Adding PD Descriptions to Ports” on page 256  “

Chapter 11: Power Over Ethernet252OverviewThe AT-FS970M/8PS, AT-FS970M/8PS-E, AT-FS970M/24PS, and AT-FS970M/48PS switches feature Power over Ethernet

AT-FS970M Switch Command Line User’s Guide253power supplies and can be operated using either one power supply or both power supplies. One power supply

Chapter 11: Power Over Ethernet254Enabling and Disabling PoEEnabling PoE on ports allows the switch to supply power to PDs connected to the ports. In

AT-FS970M Switch Command Line User’s Guide255This example disables PoE individually on port 5 to port 8:awplus> enableawplus# configure terminalawp

Chapter 11: Power Over Ethernet256Adding PD Descriptions to PortsPDs connected to the ports are easier to identify if you give them descriptions. To a

AT-FS970M Switch Command Line User’s Guide257Prioritizing PortsWhen the total power requirements of the PDs exceed the total available power of the sw

Chapter 11: Power Over Ethernet258Managing the Maximum Power Limit on PortsTo manage the switch’s power and optimize its power distribution, the switc

AT-FS970M Switch Command Line User’s Guide259Managing Legacy PDsThe PoE switch automatically detects whether or not a device plugged into the PoE-enab

Contents26TELNET IPV6 ...

Chapter 11: Power Over Ethernet260Monitoring Power ConsumptionYou can monitor the power consumption of the switch and PDs by configuring the unit to t

AT-FS970M Switch Command Line User’s Guide261Displaying PoE InformationThe switch allows you to display PoE information using three commands. Each com

Chapter 11: Power Over Ethernet262This example displays the PoE information of port 1 through port 4:awplus# show power inline interface port1.0.1-por

263Chapter 12Power Over Ethernet CommandsThe Power over Ethernet (PoE) commands are summarized in Table 23. These commands are only supported on the P

Chapter 12: Power Over Ethernet Commands264“POWER-INLINE PRIORITY” on page 278Port Interface Assigns a PoE priority level to a port.“POWER-INLINE USAG

AT-FS970M Switch Command Line User’s Guide265CLEAR POWER-INLINE COUNTERS INTERFACESyntaxclear power-inline counters interface [port]ParameterportSpeci

Chapter 12: Power Over Ethernet Commands266NO POWER-INLINE ALLOW-LEGACYSyntaxno power-inline allow-legacyParametersNoneModePort Interface modeDescript

AT-FS970M Switch Command Line User’s Guide267NO POWER-INLINE DESCRIPTIONSyntaxno power-inline descriptionParametersNoneModePort Interface modeDescript

Chapter 12: Power Over Ethernet Commands268NO POWER-INLINE ENABLESyntaxno power-inline enableParametersNoneModePort Interface modeDescriptionUse this

AT-FS970M Switch Command Line User’s Guide269NO POWER-INLINE MAXSyntaxno power-inline maxParametersNoneModePort Interface modeDescriptionUse this comm

AT-FS970M Switch Command Line User’s Guide27Chapter 94: RADIUS and TACACS+ Clients ...

Chapter 12: Power Over Ethernet Commands270NO POWER-INLINE PRIORITYSyntaxno power-inline priorityParametersNoneModePort Interface modeDescriptionUse t

AT-FS970M Switch Command Line User’s Guide271NO POWER-INLINE USAGE-THRESHOLDSyntaxno power-inline usage-thresholdParametersNoneModeGlobal Configuratio

Chapter 12: Power Over Ethernet Commands272NO SERVICE POWER-INLINESyntaxno service power-inlineParametersNoneModeGlobal Configuration modeDescriptionU

AT-FS970M Switch Command Line User’s Guide273NO SNMP-SERVER ENABLE TRAP POWER-INLINESyntaxno snmp-server enable trap power-inlineParametersNoneModeGlo

Chapter 12: Power Over Ethernet Commands274POWER-INLINE ALLOW-LEGACYSyntaxpower-inline allow-legacyParametersNoneModePort Interface modeDescriptionUse

AT-FS970M Switch Command Line User’s Guide275POWER-INLINE DESCRIPTIONSyntaxpower-inline description descriptionParametersdescriptionSpecifies a PD des

Chapter 12: Power Over Ethernet Commands276POWER-INLINE ENABLESyntaxpower-inline enableParametersNoneModePort Interface modeDescriptionUse this comman

AT-FS970M Switch Command Line User’s Guide277POWER-INLINE MAXSyntaxpower-inline max max_powerParametersmax_powerSpecifies the maximum power limit of t

Chapter 12: Power Over Ethernet Commands278POWER-INLINE PRIORITYSyntaxpower-inline priority critical|high|lowParameterscriticalSets ports to the Criti

AT-FS970M Switch Command Line User’s Guide279ExampleThis example assigns the Critical priority level to port 5:awplus> enableawplus# configure term

Contents28Assigning Named IPv4 ACLs ...1525Ass

Chapter 12: Power Over Ethernet Commands280POWER-INLINE USAGE-THRESHOLDSyntaxpower-inline usage-threshold thresholdParametersthresholdSpecifies the po

AT-FS970M Switch Command Line User’s Guide281SERVICE POWER-INLINESyntaxservice power-inlineParametersNoneModeGlobal Configuration modeDescriptionUse t

Chapter 12: Power Over Ethernet Commands282SHOW POWER-INLINESyntaxshow power-inlineParameterNoneModePrivileged Exec modeDescriptionUse this command to

AT-FS970M Switch Command Line User’s Guide283Table 24. SHOW POWER-INLINE CommandField DescriptionNominal Power The switch’s total available power in w

Chapter 12: Power Over Ethernet Commands284ExampleThis example displays PoE information about the switch and ports:awplus# show power-inlineOper The P

AT-FS970M Switch Command Line User’s Guide285SHOW POWER-INLINE COUNTERS INTERFACESyntaxshow power-inline counters interface portParameterportSpecifies

Chapter 12: Power Over Ethernet Commands286ExampleThis command displays the PoE event counters for ports 4 to 6:awplus# show power-inline counters int

AT-FS970M Switch Command Line User’s Guide287SHOW POWER-INLINE INTERFACESyntaxshow power-inline interface portParameterportSpecifies a port. You can d

Chapter 12: Power Over Ethernet Commands288SHOW POWER-INLINE INTERFACE DETAILSyntaxshow power-inline interface port detailParameterportSpecifies a por

AT-FS970M Switch Command Line User’s Guide289PoE admin The status of PoE on the port. The status can be one of the following: Enabled: PoE is enabled

AT-FS970M Switch Command Line User’s Guide29Single-rate and Twin-rate Policer ...

Chapter 12: Power Over Ethernet Commands290ExamplesThis example displays PoE information for port 1:awplus# show power-inline interface port1.0.1 deta

AT-FS970M Switch Command Line User’s Guide291SNMP-SERVER ENABLE TRAP POWER-INLINESyntaxsnmp-server enable trap power-inlineParametersNoneModeGlobal Co

Chapter 12: Power Over Ethernet Commands292

293Chapter 13IPv4 and IPv6 Management AddressesThis chapter contains the following information: “Overview” on page 294 “Assigning an IPv4 Management

Chapter 13: IPv4 and IPv6 Management Addresses294OverviewThis chapter explains how to assign the switch an IP address. The switch must have an IP addr

AT-FS970M Switch Command Line User’s Guide295RMON Used with the RMON portion of the MIB tree on an SNMP workstation to remotely monitor the switch.yes

Chapter 13: IPv4 and IPv6 Management Addresses296Here are the guidelines to assigning the switch management IPv4 and IPv6 addresses: You may assign t

AT-FS970M Switch Command Line User’s Guide297Assigning an IPv4 Management Address and Default GatewayThis section covers the following topics: “Addin

Chapter 13: IPv4 and IPv6 Management Addresses298Here are several examples of the command. The first example assigns the switch the management IPv4 ad

AT-FS970M Switch Command Line User’s Guide299The next series of commands assigns the management address 143.24.55.67 and subnet mask 255.255.255.0 to

Allied Telesis is committed to meeting the requirements of the open source licenses including the GNU General Public License (GPL) and will make all r

Contents30NO MATCH PROTOCOL ...172

Chapter 13: IPv4 and IPv6 Management Addresses300NoteIf an IPv4 default gateway is already assigned to the switch, you must delete it prior to enterin

AT-FS970M Switch Command Line User’s Guide301awplus> enableawplus# configure terminalawplus(config)# no ip route 0.0.0.0/0 149.121.43.23Displaying

Chapter 13: IPv4 and IPv6 Management Addresses302Assigning an IPv6 Management Address and Default GatewayThis section covers the following topics: “A

AT-FS970M Switch Command Line User’s Guide303NoteIf there is a management IPv6 address already assigned to the switch, you must delete it prior to ent

Chapter 13: IPv4 and IPv6 Management Addresses304The IPADDDRESS parameter is the default gateway to be assigned the switch. The address must be an IPv

AT-FS970M Switch Command Line User’s Guide305Displaying anIPv6ManagementAddress andDefault GatewayThere are two commands for displaying a management I

Chapter 13: IPv4 and IPv6 Management Addresses306

307Chapter 14IPv4 and IPv6 Management Address CommandsThe IPv4 and IPv6 management address commands are summarized in Table 28.Table 28. Management IP

Chapter 14: IPv4 and IPv6 Management Address Commands308“SHOW IPV6 INTERFACE” on page 329Privileged Exec Displays the IPv4 management address.“SHOW IP

AT-FS970M Switch Command Line User’s Guide309CLEAR IPV6 NEIGHBORSSyntaxclear ipv6 neighborsParametersNoneModePrivileged Exec modeDescriptionUse this c

AT-FS970M Switch Command Line User’s Guide31Internet Control Message Protocol (ICMP) ...

Chapter 14: IPv4 and IPv6 Management Address Commands310IP ADDRESSSyntaxip address ipaddress/maskParametersipaddressSpecifies a management IPv4 addres

AT-FS970M Switch Command Line User’s Guide311ExamplesThis example assigns the switch the IPv4 management address 142.35.78.21 and subnet mask 255.255.

Chapter 14: IPv4 and IPv6 Management Address Commands312IP ADDRESS DHCPSyntaxip address dhcpParametersNoneModeVLAN Interface modeDescriptionUse this c

AT-FS970M Switch Command Line User’s Guide313ExampleThis example activates the DHCP client so that the switch obtains its IPv4 management address from

Chapter 14: IPv4 and IPv6 Management Address Commands314IP ROUTESyntaxip route 0.0.0.0/0 ipaddressParametersipaddressSpecifies an IPv4 default gateway

AT-FS970M Switch Command Line User’s Guide315ExampleThis example assigns the switch the IPv4 default gateway address 143.87.132.45:awplus> enableaw

Chapter 14: IPv4 and IPv6 Management Address Commands316IPV6 ADDRESSSyntaxipv6 address ipaddress/maskParametersipaddressSpecifies an IPv6 management a

AT-FS970M Switch Command Line User’s Guide317and syslog servers). The VLAN must already exist on the switch before you use this command.Confirmation C

Chapter 14: IPv4 and IPv6 Management Address Commands318IPV6 ROUTESyntaxipv6 route ::/0 ipaddressParametersipaddressSpecifies an IPv6 address of a def

AT-FS970M Switch Command Line User’s Guide319ExampleThis example assigns the switch the IPv6 default gateway address 45ab:672:934c::78:17cb:awplus>

Contents32ROUTER RIP ...

Chapter 14: IPv4 and IPv6 Management Address Commands320NO IP ADDRESSSyntaxno ip addressParametersNoneModeVLAN Interface modeDescriptionUse this comma

AT-FS970M Switch Command Line User’s Guide321NO IP ADDRESS DHCPSyntaxno ip address dhcpParametersNoneModeVLAN Interface modeDescriptionUse this comman

Chapter 14: IPv4 and IPv6 Management Address Commands322NO IP ROUTESyntaxno ip route 0.0.0.0/0 ipaddressParametersipaddressSpecifies the current defau

AT-FS970M Switch Command Line User’s Guide323NO IPV6 ADDRESSSyntaxno ipv6 addressParametersNoneModeVLAN Interface modeDescriptionUse this command to d

Chapter 14: IPv4 and IPv6 Management Address Commands324NO IPV6 ROUTESyntaxno ipv6 route ::/0 ipaddressParametersipaddressSpecifies the current IPv6 d

AT-FS970M Switch Command Line User’s Guide325SHOW IP INTERFACESyntaxshow ip interfaceParametersNoneModePrivileged Exec modeDescriptionUse this command

Chapter 14: IPv4 and IPv6 Management Address Commands326SHOW IP ROUTESyntaxshow ip routeParametersNoneModePrivileged Exec modeDescriptionUse this comm

AT-FS970M Switch Command Line User’s Guide327The field “Gateway of last resort is” states the default gateway, which, if defined on the switch, is als

Chapter 14: IPv4 and IPv6 Management Address Commands328ExampleThe following example displays the routes on the switch:awplus# show ip route

AT-FS970M Switch Command Line User’s Guide329SHOW IPV6 INTERFACESyntaxshow ipv6 interfaceParametersNoneModePrivileged Exec modeDescriptionUse this com

33FiguresFigure 1. Command Modes ...

Chapter 14: IPv4 and IPv6 Management Address Commands330SHOW IPV6 ROUTESyntaxshow ipv6 routeParametersNoneModePrivileged Exec modeDescriptionUse this

331Chapter 15Simple Network Time Protocol (SNTP) ClientThis chapter contains the following information: “Overview” on page 332 “Activating the SNTP

Chapter 15: Simple Network Time Protocol (SNTP) Client332OverviewThe switch has a Simple Network Time Protocol (SNTP) client for setting its date and

AT-FS970M Switch Command Line User’s Guide333Activating the SNTP Client and Specifying the IP Address of an NTP or SNTP ServerTo activate the SNTP cli

Chapter 15: Simple Network Time Protocol (SNTP) Client334Configuring Daylight Savings Time and UTC OffsetIf the time that the NTP or SNTP server provi

AT-FS970M Switch Command Line User’s Guide335In this example, the client is configured for ST and a UTC offset of +2 hours and 45 minutes:awplus> e

Chapter 15: Simple Network Time Protocol (SNTP) Client336Disabling the SNTP ClientTo disable the SNTP client so that the switch does not obtain its da

AT-FS970M Switch Command Line User’s Guide337Displaying the SNTP ClientTo display the settings of the SNTP client on the switch, use the SHOW NTP ASSO

Chapter 15: Simple Network Time Protocol (SNTP) Client338Displaying the Date and TimeTo display the date and time, use the SHOW CLOCK command in the U

339Chapter 16SNTP Client CommandsThe SNTP commands are summarized in Table 33.Table 33. Simple Network Time Protocol CommandsCommand Mode Description“

Figures34Figure 51. Head of Line Blocking...

Chapter 16: SNTP Client Commands340CLOCK SUMMER-TIMESyntaxclock summer-timeParametersNoneModeGlobal Configuration modeDescriptionUse this command to e

AT-FS970M Switch Command Line User’s Guide341CLOCK TIMEZONESyntaxclock timezone +hh:mm|-hh:mmParametershh:mmSpecifies the number of hours and minutes

Chapter 16: SNTP Client Commands342NO CLOCK SUMMER-TIMESyntaxno clock summer-timeParametersNoneModeGlobal Configuration modeDescriptionUse this comman

AT-FS970M Switch Command Line User’s Guide343NO NTP PEERSyntaxno ntp serverParameterNoneModeGlobal Configuration modeDescriptionUse this command to de

Chapter 16: SNTP Client Commands344NTP PEERSyntaxntp peer ipaddressParameteripaddressSpecifies an IP address of an SNTP or NTP server.ModeGlobal Confi

AT-FS970M Switch Command Line User’s Guide345PURGE NTPSyntaxpurge ntpParameterNoneModeGlobal Configuration modeDescriptionUse this command to disable

Chapter 16: SNTP Client Commands346SHOW CLOCKSyntaxshow clockParametersNoneModesUser Exec mode and Privileged Exec modeDescriptionUse this command to

AT-FS970M Switch Command Line User’s Guide347SHOW NTP ASSOCIATIONSSyntaxshow ntp associationsParametersNoneModePrivileged Exec modeDescriptionUse this

Chapter 16: SNTP Client Commands348ExampleThe following example displays the settings of the SNTP client:awplus# show ntp associationsUTC Offset The t

AT-FS970M Switch Command Line User’s Guide349SHOW NTP STATUSSyntaxshow ntp statusParametersNoneModePrivileged Exec modeDescriptionUse this command to

AT-FS970M Switch Command Line User’s Guide35Figure 111. SHOW FILE SYSTEMS Command...

Chapter 16: SNTP Client Commands350

351Chapter 17Domain Name System (DNS) “Overview” on page 352 “Adding a DNS Server to the Switch” on page 354 “Enabling or Disabling the DNS Client”

Chapter 17: Domain Name System (DNS)352OverviewThe Domain Name System (DNS) is a naming system that allows you to access remote systems using host nam

AT-FS970M Switch Command Line User’s Guide353DNS Sever List The DNS server list is a set of DNS servers that a DNS client on the switch sends a reques

Chapter 17: Domain Name System (DNS)354Adding a DNS Server to the SwitchThe switch has a DNS client. When you add a DNS server to the switch, the DNS

AT-FS970M Switch Command Line User’s Guide355Enabling or Disabling the DNS ClientThe DNS client on the switch allows you to use domain names instead o

Chapter 17: Domain Name System (DNS)356Adding a Domain to the DNS ListThe switch allows you to create a list of domains to save typing the portion of

AT-FS970M Switch Command Line User’s Guide357Setting a Default Domain Name for the DNSThe switch allows you to save typing of the portion of a domain

Chapter 17: Domain Name System (DNS)358

359Chapter 18Domain Name System (DNS) CommandsThe DNS commands are summarized in Table 35.Table 35. DNS CommandsCommand Mode Description“IP NAME-SERVE

Figures36Figure 171. SHOW VLAN Command...

Chapter 18: Domain Name System (DNS) Commands360IP NAME-SERVERSyntaxip name-server <ip-address>Parametersip-addressSpecifies the IP address of a

AT-FS970M Switch Command Line User’s Guide361To delete a DNS server with an IP address of 10.10.10.5 from the DNS server list, use the command:awplus&

Chapter 18: Domain Name System (DNS) Commands362IP DOMAIN-NAMESyntaxip domain-name <domain-name>Parametersdomain-nameSpecifies a domain string,

AT-FS970M Switch Command Line User’s Guide363IP DOMAIN-LISTSyntaxip domain-list <domain-name>Parametersdomain-nameSpecifies a domain string, for

Chapter 18: Domain Name System (DNS) Commands364ExamplesTo add the domains “com” and “net” to the DNS list, use the following commands:awplus> enab

AT-FS970M Switch Command Line User’s Guide365IP DOMAIN-LOOKUPSyntaxip domain-lookupParametersNoneModeGlobal Configuration modeDescriptionUse this comm

Chapter 18: Domain Name System (DNS) Commands366SHOW IP NAME-SERVERSyntaxshow ip name-serverParametersNoneModePrivileged Exec modeDescriptionUse this

AT-FS970M Switch Command Line User’s Guide367SHOW IP DOMAIN-NAMESyntaxshow ip domain-nameParametersNoneModePrivileged Exec modeDescriptionUse this com

Chapter 18: Domain Name System (DNS) Commands368SHOW HOSTSSyntaxshow hostsParametersNoneModePrivileged Exec modeDescriptionUse this command to display

369Chapter 19MAC Address TableThis chapter discusses the following topics: “Overview” on page 370 “Adding Static MAC Addresses” on page 372 “Deleti

AT-FS970M Switch Command Line User’s Guide37Figure 231. Displaying the Local Manager Accounts in the Running Configuration...

Chapter 19: MAC Address Table370OverviewThe MAC address table stores the MAC addresses of all the network devices that are connected to the switch’s p

AT-FS970M Switch Command Line User’s Guide371The period of time the switch waits before purging inactive dynamic MAC addresses is called the aging tim

Chapter 19: MAC Address Table372Adding Static MAC AddressesThe command for adding static unicast MAC addresses to the switch is MAC ADDRESS-TABLE STAT

AT-FS970M Switch Command Line User’s Guide373awplus> enableawplus# configure terminalawplus(config)# mac address-table static 00:a0:d2:18:1a:11 dis

Chapter 19: MAC Address Table374Deleting MAC AddressesTo delete MAC addresses from the switch, use the CLEAR MAC ADDRESS-TABLE command in the Privileg

AT-FS970M Switch Command Line User’s Guide375This example deletes all of the dynamic addresses learned on port 20: awplus> enableawplus# clear mac

Chapter 19: MAC Address Table376Setting the Aging TimerThe aging timer defines the length of time that inactive dynamic MAC addresses remain in the ta

AT-FS970M Switch Command Line User’s Guide377Displaying the MAC Address TableTo view the aging time or the MAC address table, use the SHOW MAC ADDRESS

Chapter 19: MAC Address Table378This example displays the addresses learned on the ports in a VLAN with the VID 8:awplus# show mac address-table vlan

379Chapter 20MAC Address Table CommandsThe MAC address table commands are summarized in Table 36.Table 36. MAC Address Table CommandsCommand Mode Desc

Figures38

Chapter 20: MAC Address Table Commands380CLEAR MAC ADDRESS-TABLESyntaxclear mac address-table dynamic|static [address macaddress]|[interface port]|[vl

AT-FS970M Switch Command Line User’s Guide381ExamplesThis example deletes all of the dynamic addresses from the table:awplus> enableawplus# clear m

Chapter 20: MAC Address Table Commands382MAC ADDRESS-TABLE AGEING-TIMESyntaxmac address-table ageing-time value|noneParameterageing-timeSpecifies the

AT-FS970M Switch Command Line User’s Guide383This example disables the aging timer so that the switch does not delete inactive dynamic MAC addresses f

Chapter 20: MAC Address Table Commands384MAC ADDRESS-TABLE STATICSyntaxmac address-table static macaddress forward|discard interface port [vlan vlan-n

AT-FS970M Switch Command Line User’s Guide385Confirmation Command“SHOW MAC ADDRESS-TABLE” on page 388ExamplesThis example adds the static MAC address

Chapter 20: MAC Address Table Commands386NO MAC ADDRESS-TABLE STATICSyntaxno mac address-table static macaddress forward|discard interface port [vlan

AT-FS970M Switch Command Line User’s Guide387Confirmation Command“SHOW MAC ADDRESS-TABLE” on page 388ExamplesThis example deletes the MAC address 00:A

Chapter 20: MAC Address Table Commands388SHOW MAC ADDRESS-TABLESyntaxshow mac address-table begin|exclude|include [interface port]|[vlan vid]Parameter

AT-FS970M Switch Command Line User’s Guide389An example of the table is shown in Figure 90.Figure 90. SHOW MAC ADDRESS-TABLE CommandThe Aging Interval

39Table 1. Remote Software Tool Settings ...

Chapter 20: MAC Address Table Commands390The Multicast Switch Forwarding Database contains the multicast addresses. The columns are defined in this ta

391Chapter 21Enhanced StackingThis chapter discusses the following topics: “Overview” on page 392 “Configuring the Command Switch” on page 395 “Con

Chapter 21: Enhanced Stacking392OverviewEnhanced stacking is a management tool that allows you to manage different AT-FS970M Switches from one managem

AT-FS970M Switch Command Line User’s Guide393 A member switch can be any distance from the command switch, so long as the distance adheres to Etherne

Chapter 21: Enhanced Stacking3942. On the switch chosen to be the command switch, activate enhanced stacking and change its stacking status to command

AT-FS970M Switch Command Line User’s Guide395Configuring the Command SwitchHere is an example on how to configure the switch as the command switch of

Chapter 21: Enhanced Stacking3962. After creating the common VLAN on the switch, assign it the management IP address and default gateway:3. Use the ES

AT-FS970M Switch Command Line User’s Guide397awplus# writeSave the configuration.

Chapter 21: Enhanced Stacking398Configuring a Member SwitchThis example shows you how to configure the switch as a member switch of an enhanced stack.

AT-FS970M Switch Command Line User’s Guide3993. To save the configuration, enter the WRITE command in the Privileged Executive mode.4. Connect the swi

Tables40Table 50. Group Link Control Commands ...

Chapter 21: Enhanced Stacking400Managing the Member Switches of an Enhanced StackHere are the steps on how to manage the member switches of an enhance

AT-FS970M Switch Command Line User’s Guide4016. When you are finished managing the member switch, enter the EXIT command from the User Exec mode or Pr

Chapter 21: Enhanced Stacking402Changing the Enhanced Stacking ModeIf you want to change the enhanced stacking mode of a switch from command to member

AT-FS970M Switch Command Line User’s Guide4032. On the member switch, change its mode from member to command with the ESTACK COMMAND-SWITCH command.3.

Chapter 21: Enhanced Stacking404Uploading Boot Configuration Files from the Command Switch to Member SwitchesYou may use the enhanced stacking feature

AT-FS970M Switch Command Line User’s Guide405The second prompt is shown here:Enter the list of switches ->At the prompt, enter the enhanced stack n

Chapter 21: Enhanced Stacking406Here are the steps to perform on the command switch to upload the configuration file from its file system to the membe

AT-FS970M Switch Command Line User’s Guide407Here is another example of the feature. This example uploads a configuration file to a new switch in an e

Chapter 21: Enhanced Stacking4083. Use the ESTACK RUN command in the Global Configuration mode to activate enhanced stacking on the switch. It is not

AT-FS970M Switch Command Line User’s Guide4093. If the new member switch is to use BOOT.CFG as the name of its active boot configuration file, you com

AT-FS970M Switch Command Line User’s Guide41Table 110. Reauthentication Commands ...

Chapter 21: Enhanced Stacking410awplus# show estack remotelistReconfirm the enhanced stacking ID number of the replacement member switch.awplus# confi

AT-FS970M Switch Command Line User’s Guide411Uploading the Management Software from the Command Switch to Member SwitchesYou may use enhanced stacking

Chapter 21: Enhanced Stacking412CautionA member switch stops forwarding network traffic after it receives the management software from the command swi

AT-FS970M Switch Command Line User’s Guide413Disabling Enhanced StackingThe command that disables enhanced stacking on a switch is the NO ESTACK RUN c

Chapter 21: Enhanced Stacking414

415Chapter 22Enhanced Stacking CommandsThe enhanced stacking commands are summarized in Table 39.Table 39. Enhanced Stacking CommandsCommand Mode Desc

Chapter 22: Enhanced Stacking Commands416“UPLOAD IMAGE REMOTELIST” on page 430Global ConfigurationUploads the management software on the command switc