3Com 4500 50-PORT manual

3Com ® Switch 4500 Family Command Refer ence Guide Switch 4500 26-Port Switch 4500 50-Port Switch 4500 PWR 26-Port Switch 4500 PWR 50-Port www.3Com.com Part No. 10015 729, Rev. AA Published: January 2007[...]

3Com Corporation 350 Campus Drive Marlbor ough, MA USA 01752-3064 Copyright © 2007, 3Com Corporati on. All rights reserved. No part of this documentation may be repro duced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corpo ration. 3Com Cor[...]

C ONTENTS A BOUT T HIS G UIDE About This So ftware V ersion 13 How This Guide is Organized 13 Intended Readership 14 Conventions 14 Related Docum entation 15 1 U SING S YSTEM A CCESS C OMMANDS Logging in Commands 18 2 U SING P ORT C OMMANDS Ethernet Port Configuration Command s 43 Ethernet Port Link Aggr egation Commands 64 3 U SING VLAN C OMMANDS [...]

7 U SING M ULTICAST P ROT O C O L C OMMANDS IGMP Snooping Configuratio n Commands 176 8 U SING Q O S/ACL C OMMANDS ACL Commands List 184 QoS Config uration Commands L ist 190 Logon User’ s ACL Contr ol Command 201 9 U SING S TACK C OMMANDS Stack Comma nds 207 10 U SING RSTP C OMMANDS RSTP Configuration Commands 216 11 U SING AAA AND RADIUS C OMMA[...]

13 C ONFIGURING P ASSWORD C ONTR OL A B OOTR OM I NTERFACE Accessing the Bootr om Interface 455 Boot Menu 456[...]

[...]

A LPHABETICAL L ISTING OF C OMMANDS display poe interface 88 display poe power 89 poe power-management 93 poe update 95 access-limit 254 accounting optional 270 acl 184 acl 201 am enable 114 am ip-pool 114 am trap enable 115 apply cost 166 arp check enable 101 arp static 102 arp static 103 ascii 320 attribute 254 authentication-mode 18 auto-execute[...]

copy configuration 43 copy 299 cut connection 255 databits 20 data-flow-format 270 debugging arp packet 104 debugging dhcp client 108 debugging dhcp xrn xha 108 debugging dhcp-relay 110 debugging lacp packet 64 debugging lacp state 65 debugging link-aggregation error 64 debugging link-aggregation event 64 debugging mac-authentication event 247 debu[...]

display dhcp-server 112 display dhcp-server in terface vlan-interface 113 display diagnostic-information 352 display domain 258 display dot1x 236 display fan 340 display fib 121 display fib 123 display fib acl 122 display fib ip_address 122 display fib ip-prefix 123 display fib statistics 124 display ftm 209 display ftp-server 315 display ftp-user [...]

display memory 341 display mirror 190 display ntp-service sessions 404 display ntp-service status 405 display ntp-service trace 406 display password-control 445 display password-control super 446 display poe powersupply 90 display port 48 display power 341 display qos cos-local-precedence- map 191 display qos-interface all 191 display qos-interface[...]

display this 311 display udp statistics 129 display udp-helper server 119 display unit 48 display user-interface 21 display users 23 display version 350 display vlan 77 display voice vlan oui 81 display voice vlan status 82 display xrn-fabric 209 domain 260 dot1x authentication-method 238 dot1x dhcp-launch 239 dot1x max-user 239 dot1x port-control [...]

idle-cut 261 idle-timeout 27 if-match cost 168 if-match interface 169 if-match ip next-hop 170 igmp-snooping 178 igmp-snooping host-aging-time 178 igmp-snooping max-response-time 179 igmp-snooping router-aging-time 180 import-route 153 info-center channel name 362 info-center enable 363 info-center logbuffer 364 info-center loghost source 366 info-[...]

loopback-detection per-vlan enable 54 ls 440 ls 327 mac-address max-mac-count 336 mac-address timer 337 mac-address 335 mac-authentication 249 mac-authentication authmode 250 mac-authentication authpassword 251 mac-authentication authusername 252 mac-authentication domain 252 mac-authentication timer 253 mdi 54 messenger 264 mirrored-to 194 mirrori[...]

peer-public-key end 421 peer-public-key end 428 peer 155 ping 353 poe enable 91 poe legacy enable 91 poe max-power 92 poe mode 93 poe priority 94 port 79 port access vlan 56 port hybrid pvid vlan 56 port hybrid vlan 57 port isolate 117 port link-aggregation group 72 port link-type 58 port trunk permit vlan 59 port trunk pvid vlan 59 preference 156 [...]

remove 442 rename 442 rename 305 reset 156 reset acl counter 187 reset arp 107 reset counters interface 60 reset dot1x statistics 246 reset igmp-snoopi ng statistics 180 reset ip statistic s 130 reset lacp statistics 73 reset logbuffer 373 reset password-control blacklist 452 reset password-control history-record 451 reset password-control history-[...]

rsa peer-public-key 431 rule 187 save 313 schedule reboot at 343 schedule reboot delay 344 scheme 266 screen-length 31 secondary accounting 284 secondary authentication 285 Select Application File to Boot 456 self-service-url 267 send 32 server-type 285 service-type 319 service-type 268 service-type 32 set authentication password 33 Set Bootrom Pas[...]

ssh user assign rsa-key 426 ssh user authentication-type 427 ssh user service-type 435 ssh2 433 startup bootrom-access enable 314 state 269 state 286 stop-accounting-buffer enable 287 stopbits 35 stp 218 stp bpdu-protection 219 stp cost 220 stp edged-port 220 stp loop-protection 221 stp mcheck 222 stp mode 222 stp pathcost-standard 223 stp point-to[...]

timers 164 timer 288 tracert 359 traffic-limit 199 udp-helper enable 119 udp-helper port 119 udp-helper server 120 undelete 307 undo snmp-agent 393 unicast-suppression 62 user privilege level 40 user 331 user-interface 39 user-name-format 291 verbose 332 View 32 vlan 81 voice vlan 84 voice vlan aging 83 voice vlan enable 83 voice vlan mac_address 8[...]

A BOUT T HIS G UIDE This guide pr ovides all the informati on you need to use the configuration commands supported by ver sion 3.0.x software on the 3Com ® Switch 4500. About This Software Ve r s i o n The software in the Switch 4500 is a subset of that used in some other 3Com products. Depending on the capabilities of your har dware platform, som[...]

14 A BOUT T HIS G UIDE ■ Using System Management Commands — Intr oduces the commands used for system management and maintenance. Intended Readership The guide is intended fo r the following readers: ■ Network administrators ■ Network engineers ■ Users who are familiar with the basics of networking Conventions This guide uses the following[...]

Related Documentation 15 Related Documentation The 3Com Switch 4500 Getting Started Guide provides information about installation. The 3Com Switch 4500 Con figuration Guide p rovides information about configuring your network using the commands described in this guide. [ ] Items shown in square br ackets [ ] are optional. Example 1: in the command [...]

16 A BOUT T HIS G UIDE[...]

1 U SING S YSTEM A CCESS C OMMANDS This chapter describes how to use th e following commands: Logging in Commands ■ authentication-mode ■ auto-execute command ■ command-privilege level ■ databits ■ display history-command ■ display user -interface ■ display users ■ flow-control ■ free user -interface ■ header ■ h istory-comman[...]

18 C HAPTER 1: U SING S YSTEM A C CESS C OMMANDS ■ system-view ■ telnet ■ user -interface ■ user privilege level Logging in Commands This section describes the commands that you can use to configure system access and system security . authentication-mode Syntax authentication-mode { password | s cheme | none } View User interface view Param[...]

Logging in Commands 19 auto-execute command Syntax auto-execute command text undo auto-execute command Vie w User Interface V iew Parameter text: Specifies the command to be run automatically . Description Enter auto-execute command text to co nfigure the Switch to automatically run a specified command. When the user logs in, the command will be ex[...]

20 C HAPTER 1: U SING S YSTEM A C CESS C OMMANDS Description Use the command-privilege level command to configure the priority level assigned to any comman d within a select ed view . The command levels ar e, from lowest to highest: ■ 0 – Visit ■ 1 – Monitoring ■ 2 – System ■ 3 – Management When the user logs into the Switch, the co[...]

Logging in Commands 21 8 – Sets the data bits to 8. Description Use the databits command to configure the data bits for the AUX (Console) port to either 7 or 8 . By default, the value is 8 . Use the undo databits command to restor e the default value (8). This command can only be performed in the AUX user interface view . Example T o configure th[...]

22 C HAPTER 1: U SING S YSTEM A C CESS C OMMANDS summary: Display the summary of a user interface. Description Use the display user-interface command to view informat ion on a user interface. Y ou can choose to access this information by user interf ace type and type nu mber , or by user interface ind ex number . The information displayed is the sa[...]

Logging in Commands 23 1 character mode users. (U) 1 total UIs in use. UI's name: aux0 display us ers Syntax display users [ all ] Vie w All views Parameter all: Enter to display information on all user interfaces. Description Use the display users command to view information on the current user interface. Use the display users all command to [...]

24 C HAPTER 1: U SING S YSTEM A C CESS C OMMANDS flow-control Syntax flow-control { hardware | none | s oftware } undo flow-con trol View User interface view Parameter hardware: Enter to set har dware flow control. none: Enter to set no flow control. software: Enter to set software flow contr ol. Description Use the flow-control command to configur[...]

Logging in Commands 25 Example T o reset user interface AUX 1 from anothe r user interface on the Switch, enter the following: <4500> free user-interface aux 1 After the command is executed, use r interface AUX 1 is disconnected. When you next log in using user inter face AUX 1, it opens using the default settings. header Syntax header { shel[...]

26 C HAPTER 1: U SING S YSTEM A C CESS C OMMANDS If you press <En ter> after typing any of the three keywords shell, login an d incoming in the command, then what you type af ter the word header is the contents of the login information, instead of identifying header type. Y o u can judge whether the initial characte r can be used as the heade[...]

Logging in Commands 27 When you log on the Switch again, the terminal displays the configured session establishme nt title. [4500]quit <4500>quit Please press ENTER %SHELL: The initial character "%" is the header cont ents. Hello! Welcome <4500> history-command max-size Syntax history-command max-size value undo history-comman[...]

28 C HAPTER 1: U SING S YSTEM A C CESS C OMMANDS Parameter minutes: Enter the number of minutes you want to allow a user interface to remain idle before it is disconnected. This can be in the range 0 to 35791. seconds: Enter the number of seconds in addition to the number of minutes. Optional. Description Use the idle-timeout command to configure t[...]

Logging in Commands 29 Parameter None Description Use the lock command to lock the current user interface and prevent unauthorized users f rom accessing it. An authorized user must enter a valid password to access the interface. Example T o lock the current user in terface, enter the following: <4500> lock Password: xxxx Again: xxxx parity Sy[...]

30 C HAPTER 1: U SING S YSTEM A C CESS C OMMANDS View VTY user int erface view Parameter all: Supports both T elnet and SSH protocols. ssh: Supports only SSH protocol. telnet: Supports only T eln et protocol. Description Use the protocol inbound command to configure the pr otocols support ed by a designated user interface. By default, the user inte[...]

Logging in Commands 31 ret u r n Syntax return Vie w System view or higher Parameter None Description Use the return command to return to user view from any other view . Ctrl+Z performs the same function as the return command. T o ret urn to the next highest level of view , use quit . Example T o return to user view from any other view (the example[...]

32 C HAPTER 1: U SING S YSTEM A C CESS C OMMANDS send Syntax send { all | number | type } View User view Parameter all: Sends a message to all user interfaces. type: Enter the type and type n umber of the user interface that you want to send a message to. number: Enter the absolute/relative nu mber of the interface tha t you want to send a message [...]

Logging in Commands 33 Description Use the command service -type to configure which level of command a user can access after login. Use the command undo service-type to r estore the default level of command (level 1). Commands are cla ssified into four levels, as follows: ■ 0 - V isit level . Users at this level have access to network diagnosis t[...]

34 C HAPTER 1: U SING S YSTEM A C CESS C OMMANDS Parameter cipher: Configur e to display the password in encrypted text. simple: Configur e to display the password in plain text. password: If the authentication is in the simple mode, the passwor d must b e in plain text. If the authentication is in t he cipher mode, the password can be either in en[...]

Logging in Commands 35 When using the undo shell command, note th e follo wing points. ■ For reasons of security , the undo shell command can only be used on user interfaces other than the AUX user in terface. ■ Y ou cannot use this command on the current user interface. ■ Y ou are asked to confirm the command. Example T o disable the termina[...]

36 C HAPTER 1: U SING S YSTEM A C CESS C OMMANDS Parameter 1: Sets the stop bits to 1. 1.5: Sets the stop bits to 1.5. 2: Sets the stop bits to 2. Description Use the stopbits command to co nfigure the stop bits on the AUX (Console) port. Use the undo stopbits command to restore the default stop bits (the default is 1). This command can only be per[...]

Logging in Commands 37 super passwor d Syntax super password [ level level ]{ simple | cipher } password undo super password [ level level ] Vie w System View Parameter level: Enter a user level in the range 1 to 3. The default is 3. The password you enter is set for the specified level. cipher: Configure to display the password in encrypted text. [...]

38 C HAPTER 1: U SING S YSTEM A C CESS C OMMANDS Parameter text: Enter the host name of the Sw itch. The hos t name must be no more than 30 characters long. The d efault is 4500. Description Use the sysname command to configure the host name of the Switch. Use the undo sysname command to r estore the host name to the default of 4500. Changing the h[...]

Logging in Commands 39 ip_address: Enter the IP address or the host name o f the remote Switch. If you enter the host name, the Switch must be set to static resolution. service_port: Designates the management port on the remote Switch, in the range 0 to 65535. Optional. Description Use the telnet command to log in to another Ethernet switch from th[...]

40 C HAPTER 1: U SING S YSTEM A C CESS C OMMANDS <SW4500> system-view System View: return to User View w ith Ctrl+Z. [SW4500] user-interface 0 9 [SW4500-ui0-9] This example c ommand selects two AUX (C onsole) port user interfaces and two VTY user interfaces (VTY 0, VTY 1). Y ou can now assign access levels to these interfaces using the u ser [...]

2 U SING P ORT C OMMANDS This chapter describes how to use th e following commands: Ethernet Port Configu ration Commands ■ copy configuration ■ broadcast-suppression ■ d escription ■ d isplay interface ■ display loopback-detection ■ d isplay po rt ■ display unit ■ d uplex ■ flow-control ■ interface ■ loopback ■ loopback-det[...]

42 C HAPTER 2: U SING P ORT C OMMAND S ■ debugging link-aggregation event ■ debugging lacp packet ■ debugging lacp state ■ display link-aggregation summary ■ display link-aggregation verbose ■ d isplay link-aggregation interface ■ d isplay lacp system-id ■ lacp enable ■ l acp port-priority ■ l acp system-priority ■ l ink-aggre[...]

Ethernet Port Configuration Commands 43 Ether net Port Configuration Commands This section describes the commands y ou can use to configure and manage the ports on your Switch 4500. copy configuration Syntax copy configuration source { interface-t ype interface_number | interface_name | aggregation-group agg-id } destination { interface_list [ aggr[...]

44 C HAPTER 2: U SING P ORT C OMMAND S undo broadcast-suppression View Ether net Port V iew Parameter ratio : Specifies the bandwidth ratio of br oa dcast traffic allowed on an Ether net port. The ratio value ranges from 1 to 100. The incremental step is 1. By default, the ratio is 100 meaning all br oadcast traffic is accepted. The smaller the rat[...]

Ethernet Port Configuration Commands 45 Parameter text: Enter a description of the Ethernet port. This can be a maximum of 80 characters. Description Use the description command to enter a description of an Ether net port. Use the undo description command to cancel the description. By default, an Ethernet po rt does not have a description. Example [...]

46 C HAPTER 2: U SING P ORT C OMMAND S The information displays in the following format : Ethernet1/0/1 current state : UP IP Sending Frames' Format is PKTFM T_ETHNT_2, Hardware address is 00e0-fc00-0010 The Maximum Transmit Unit is 1500 Media type is twisted pair, loopba ck not set Port hardware type is 100_BASE_TX 100Mbps-speed mode, full-du[...]

Ethernet Port Configuration Commands 47 display loopback-detection Syntax display loopback-detection Vie w All views Parameter None Description Use the display loopback-detection command to view whether the por t loopback detection has been enabled. If it has been enabled, then the time interval of the detection and the current port loopback inform[...]

48 C HAPTER 2: U SING P ORT C OMMAND S The detail s display in the followin g format: Port Ethernet1/0/1 loopback-detect ion is running system Loopback-detection is runni ng Detection interval time is 30 seco nds There is no port existing loopback link display port Syntax display port { hybrid | trunk } View All views Parameter hybrid: Enter to dis[...]

Ethernet Port Configuration Commands 49 Description Using display unit unit-id interface command, you can view all port interfaces for t he specified unit. Example Display the port information for all ports on Unit 1. <4500> display unit 1 interface Aux1/0/0 current state :DOWN Line protocol current state :DOWN Internet protocol processing : [...]

50 C HAPTER 2: U SING P ORT C OMMAND S [4500-Ethernet1/0/1] duplex auto flow-control Syntax flow-control undo flow-control View Ether net Port V iew Parameters None Description Use the flow-control command to enable flow control on an Ether net port. This avoids discarding data packets due to congestion. Use the undo flow-control command to disable[...]

Ethernet Port Configuration Commands 51 Description Use the command interface interface_type interface_number to enter the interface of the specified port. I f you want to configure the parameters of an Ether net port, you must first use this command to enter the Ether net port view . Example T o enter the interface for port “Ether net1/0 /1”, [...]

52 C HAPTER 2: U SING P ORT C OMMAND S Loop internal succeeded. [4500-Ethernet1/0/1] [4500-Ethernet1/0/1] loopback inter nal loopback-detection control enable Syntax loopback-detection control enable undo loopback-detection control en able View Ether net Port V iew Parameter None Description Use the loopback-detection control enable command to enab[...]

Ethernet Port Configuration Commands 53 Parameter None Description Use the loopback-detection enable command to enable port loopback detection. If there is a loopback port found, the switch w ill put it under con trol. Use the undo loopback-detection enable command to disable port loopback detection. Loopback detection of a specified port only func[...]

54 C HAPTER 2: U SING P ORT C OMMAND S [4500] loopback-detection per -vlan enable Syntax loopback-detection per-vlan enable undo loopback-detection per-vlan e nable View Ether net Port V iew Parameter None Description Use the loopback-detection per-vlan enable command to configure the system to perform loopback detection on all VLANs on T runk and [...]

Ethernet Port Configuration Commands 55 Description ■ Use the mdi command to configure the network cable type fo r an Ether net port. ■ Use the undo mdi command to restor e the defa ult type. By default, the network ca ble type is r ecognized a utomatically (the mdi auto command). Note that this command only has effect on 10/100BASE-T and 10/10[...]

56 C HAPTER 2: U SING P ORT C OMMAND S [4500-Ethernet1/0/1] multicast-supp ression 20 [4500-Ethernet1/0/1] Specify the maximum packets per second of the multicast traffic on an Ethern et1/0/1 as 1000 Mpps. < 4500 > system-view System View: return to User View w ith Ctrl+Z. [4500] interface ethernet 1/0/1 [4500-Ethernet1/0/1] multicast-supp re[...]

Ethernet Port Configuration Commands 57 Description Use the port hybrid pvid vlan command to configur e the default VLAN ID of the hybrid port. Use the undo port hybrid pvid command to restor e the default VLAN ID of the hybrid port. Hybrid port can be configured together with the isolate-user -vlan. But if the default VLAN has set mappin g in the [...]

58 C HAPTER 2: U SING P ORT C OMMAND S A hybrid port can belong to multiple VL ANs. A port can only be added to a VLAN if the VLAN has already bee n created. See the vlan vlan-vid command. Related comma nd: port link-type . Example T o add the port Ethernet1/0/1 to VLAN 2, VLAN 4 and all VLANs in the range 50 to 100 as a tagged port, enter the foll[...]

Ethernet Port Configuration Commands 59 [4500] interface ethernet 1/0/1 [4500-Ethernet1/0/1]port link-type trun k [4500-Ethernet1/0/1] port trunk permit vlan Syntax port trunk permit vlan { vlan_id _list | all} undo port trunk permit vlan { vlan_id _li st | all} Vie w Ethernet port view Parameter vlan_id: Enter a VLAN ID, or mor e than one VLAN ID,[...]

60 C HAPTER 2: U SING P ORT C OMMAND S View Ether net Port V iew Parameter vlan_id: Enter a VLAN ID in the range 2 to 409 4, as defined in IEEE802.1 Q. This is the VLAN that you want to be the default VLAN for a trunk port. The default is 1. Description Use the port trunk pvid vlan command to configure the default VLAN ID for a trunk port. Use the [...]

Ethernet Port Configuration Commands 61 number ar e specified, the information on th e specified port will be cleare d. After 802.1x is enabled, the port information cannot be reset. Example T o reset statistical informat ion on Ether net1/0/1, enter the following: <4500> reset counters interface ethernet1/0/1 <4500> shutdown Syntax shu[...]

62 C HAPTER 2: U SING P ORT C OMMAND S 1000 : Enter to set the port speed to 1000 M bps. (Only available on Gigabit ports). auto: Enter to set the port speed to auto-nego tiation. Description Use the speed command to configure the port speed. Use the undo speed command to restor e the default sp eed. By default, the speed is auto . Related comma nd[...]

Ethernet Port Configuration Commands 63 [4500-Ethernet1/0/1] unicast-suppression 20 [4500-Ethernet1/0/1] Specify the maximum packets per sec ond of the unicast traffic on an Ethernet1/0/1 as 1000 Mpps. <4500> system-view System View: return to User View with C trl+Z. [4500] interface ethernet 1/0/1 [4500-Ethernet1/0/1] unicast-suppression pps[...]

64 C HAPTER 2: U SING P ORT C OMMAND S Ethernet Port Link Aggregation Commands This section describes the commands you can use to configure Ethernet Port LInk Aggregation on the Switch. debugging link-aggregation err or Syntax debugging link-aggregation error undo debugging link-aggregation er ror View User View Parameter None Description Use the d[...]

Ethernet Port Link Aggregation Commands 65 undo debugging lacp packet [ interface { interface_type interface_number | interface_name } [ t o { interface_type interface_num | interface_name } ] ] Vie w User View Parameter interface { interface_type interface_ num | interface_name } [ to { interface_type interface_ num | interface_name } ] : Specifie[...]

66 C HAPTER 2: U SING P ORT C OMMAND S interface_name: Specifies port name, in the format of interface_name = interface_type interface_num. interface_type: Specifies port type and interfa ce_num port number . For more information, see the parameter item for the int erface command. actor-churn: Debugging actor - churn state machine. mux: Debugging M[...]

Ethernet Port Link Aggregation Commands 67 AL AL Partner ID Select Standby Share Master ID Type Ports Ports Type Port --------------------------------------- ---------------------------- 1 D 0x8000,00e0-fcff-ff01 1 0 NonS Ethernet4/0/1 10 M none 1 0 NonS Ethernet4/0/2 20 S 0x8000,00e0-fcff-ff01 1 0 NonS Ethernet4/0/3 display link-aggregation verbos[...]

68 C HAPTER 2: U SING P ORT C OMMAND S display link-aggregation interface Syntax display link-aggregation interface { interface_type interface_number | interface_name } [ to { interface_type interface-num | interface_name } ] View Any view Parameter interface { interface_type inter face_ num | interface_name } [ to { interface_type interface_ num |[...]

Ethernet Port Link Aggregation Commands 69 Local: Port-Priority: 32768, Oper key: 2, Flag: 0x3d Remote: System ID: 0x8000, 000e-84a6-fb00 Port Number: 2, Port-Priority: 327 68 , Oper-key: 10, Flag: 0x3d Received LACP Packets: 8 packet(s), Illegal: 0 packet(s) Sent LACP Packets: 9 packet(s) Related co mmand: display link-aggregation ver bose . displ[...]

70 C HAPTER 2: U SING P ORT C OMMAND S Example T o enable LACP at Ether net 1/0/1, enter the following: <4500> system-view System View: return to User View w ith Ctrl+Z. [4500] interface ethernet 1/0/1 [4500-Ethernet1/0/1] lacp enable [4500-Ethernet1/0/1] lacp port-priority Syntax lacp port-priority port-priority-v alue undo lacp port-priorit[...]

Ethernet Port Link Aggregation Commands 71 Use the undo lacp system-priority command to r estore the default value. Related co mmand: display lacp system-id . Example T o set system priority as 64, enter the following: <4500> system-view System View: return to User View with C trl+Z. [4500] lacp system-priority 64 [4500] link-aggregation gr o[...]

72 C HAPTER 2: U SING P ORT C OMMAND S manual: Manual aggregation group. static: Static aggregation gr oup. Description Use the link-aggregation group agg_id mode command to create a manual or static aggregation group. Use the undo link-aggregation group command to delete an aggre gation group. The Switch will select th e lowest port number as the [...]

Ethernet Port Link Aggregation Commands 73 System View: return to User View with C trl+Z. [4500] link-aggregation group 22 mode manual [4500] interface ethernet 1/0/1 [4500-Ethernet1/0/1] port link-aggregati on group 22 #Apr 2 03:29:48:954 2000 4500 LAGG/2/A ggPortInactive:- 1 -Trap 1.3.6.1.4.1.2 011.5.25.25.2.2: TrapIndex 31465473 Agg regation Gro[...]

74 C HAPTER 2: U SING P ORT C OMMAND S[...]

3 U SING VLAN C OMMANDS This chapter describes how to use th e following commands: VLAN Configuration Commands ■ d escription ■ d isplay interface VLAN-in terface ■ d isplay vlan ■ i nterface VLAN-interface ■ s hutdown ■ v lan V oice VLAN Commands ■ display voice vlan oui ■ display voice vlan status ■ voice vlan aging ■ voice vl[...]

76 C HAPTER 3: U SING VLAN C OMMANDS VLAN Configuration Commands This section describes the commands you can use to configure and manage the VLANs and VLAN interfa ces on your system. description Syntax description string undo description View VLAN view Parameter string: Enter a description of the current VLAN, up to a maximum of 32 characters. For[...]

VLAN Configuration Commands 77 ■ VLAN interface description ■ Maximum T ransmit Unit (MTU) ■ IP address and subnet mask ■ Format of the IP frames ■ MA C ha rd w are a d dre s s. Use display interface vlan-interface to display information on all VLAN interfaces. Use display interface vlan-interface vlan_id to display information on a speci[...]

78 C HAPTER 3: U SING VLAN C OMMANDS command display vlan vlan_id to display information on a specific VLAN. Use the command display vlan all to display information on all the VLANs. Use the command display vlan dynamic to display information on VLANs created dynamically by the system. Use the command display vlan static to display information of V[...]

VLAN Configuration Commands 79 Vie w System View Parameter vlan_id: Enter the ID of the VLAN interface yo u want to configure, in the range 1 to 4094. Note that VLAN1 is the default VLAN and cannot be deleted. Description Use the interface vlan-interface command to enter a VLAN interface view and use the related configuration commands. Use the undo[...]

80 C HAPTER 3: U SING VLAN C OMMANDS Example Add Ether net1/0/2 through Ether net1/0/4 t o VLAN 2. <4500> system-view System View: return to User View w ith Ctrl+Z. [4500] vlan 2 [4500-vlan2] port ethernet1/0/2 to ethernet1/0/4 shutdown Syntax shutdown undo shutdown View VLAN Interface View Parameter None Description Use the shutdown command [...]

Voice VLAN Configuration Comman ds 81 %Apr 2 00:05:28:213 2000 4500 STP/2/SP EED:- 1 -Ethernet1/0/1's speed changed ! %Apr 2 00:05:28:319 2000 4500 STP/2/PF WD:- 1 -Ethernet1/0/1 is forwarding! [4500-Vlan-interface2] vlan Syntax vlan vlan_id undo vlan vlan_id { [to vlan_id ] | all } Vie w System View Parameter vlan_id: Enter the ID of the VLAN[...]

82 C HAPTER 3: U SING VLAN C OMMANDS Description Use the display voice vlan oui command to display the OUI address supported by the current system and its relative featur es. Related comma nds: voice vlan vlan_id enable , voice vlan enable . Example T o display the OUI addr ess of V oice VLAN, enter the following: <4500> system-view System Vi[...]

Voice VLAN Configuration Comman ds 83 voice vlan aging Syntax voice vlan aging minutes undo voice vlan aging Vie w System View Parameter minutes: The aging time of V oice VLAN, in minutes, ranging fr om 5 to 43200. The default value is 1440 minutes. Description Use the voice vlan aging command t o set the aging time of V oice VLAN. Use the undo voi[...]

84 C HAPTER 3: U SING VLAN C OMMANDS [4500-Ethernet1/0/2] voice vlan ena ble [4500-Ethernet1/0/2] voice vlan Syntax voice vlan vlan_id enable undo voice vlan enable View System View Parameter vlan_id: The VLAN ID for the V oice VLAN to be enabled, in the range of 2 to 4094. Description Use the voice vlan command to globally enable the V oice VLAN f[...]

Voice VLAN Configuration Comman ds 85 Description Use the voice vlan mac_address command to set the MAC address that the V oice VLAN can contr ol. Use the undo voice vlan mac_address command to cancel this MAC addr ess. Here the OUI addr ess refers to a vendor and you need only input the first three-byte va lues of the MAC address. The OUI address [...]

86 C HAPTER 3: U SING VLAN C OMMANDS <4500> system-view System View: return to User View w ith Ctrl+Z. [4500] undo voice vlan mode auto Can't change voice vlan configurat ion when voice vlan is running [4500] undo voice vlan enable [4500] undo voice vlan mode auto [4500] voice vlan security enable Syntax voice vlan security enable undo v[...]

4 U SING P OWER OVER E THER NET (P O E) C OMMANDS This chapter describes how to use th e following commands: PoE Configuration Commands ■ display poe interface ■ display poe power ■ display poe power supply ■ poe enable ■ poe legacy enable ■ poe max-power ■ poe mode ■ poe power -management ■ poe priority ■ poe update[...]

88 C HAPTER 4: U SING P OWER OV ER E THERNET (P O E) C OMMANDS PoE Configuration Commands This section describes the commands you can use to configure and manage the PoE on your Switch 4500 PWR. display poe interface Syntax display poe interface [ interface- name | interface-type interface-num ] View Any view Parameter interface-name | interface-ty[...]

PoE Configuration Commands 89 Ethernet1/0/15 off enable signal lo w Detection Ethernet1/0/16 off enable signal lo w Detection Ethernet1/0/17 off enable signal lo w Detection Ethernet1/0/18 off enable signal lo w Detection Ethernet1/0/19 off enable signal lo w Detection Ethernet1/0/20 off enable signal lo w Detection Ethernet1/0/21 off enable signal[...]

90 C HAPTER 4: U SING P OWER OV ER E THERNET (P O E) C OMMANDS Port power :1240 0 mW Display the power information of all ports. [4500] display poe power PORT INDEX POWER (mW) PORT INDEXPOWER (mW) Ethernet1/0/1 0 Ethernet1/0/2 100 Ethernet1/0/3 200 Ethernet1/0/4 300 Ethernet1/0/5 400 Ethernet1/0/6 500 Ethernet1/0/7 600 Ethernet1/0/8 700 Ethernet1/0[...]

PoE Configuration Commands 91 Description Use the display poe powersupply command to view the parameters of the power sourcing equipment (PSE). Example Display the PSE parame ters. [4500] display poe powersupply PSE ID :1 PSE Legacy Detection :disable PSE Total Power Consumption :12000 mW PSE Available Power :268000 mW PSE Peak Value :12000 mW PSE [...]

92 C HAPTER 4: U SING P OWER OV ER E THERNET (P O E) C OMMANDS View System View Parameter None Description Use the poe legacy enable command to enable the nonstandard-PD detect function. Use the undo poe legacy enable command to disable the nonstandard-PD detect function. PDs compliant with 802.3 af standards are called standard PDs. By default, th[...]

PoE Configuration Commands 93 The unit of power is mW . Y ou can set the power in the granularit y of 100 mW . The actual maximum power will be 5% larg er than what you have set allowing for the effect of transient peak power . Example Set the maximum power supplied by cu rrent port. [4500-Ethernet1/0/3] poe max-power 15000 Set Port max power succe[...]

94 C HAPTER 4: U SING P OWER OV ER E THERNET (P O E) C OMMANDS View System View Parameter auto: Adopt the auto mode, a PoE management mode based on port priority . manual: Adopt the manual mode. Description Use the poe power-management command to configure the PoE mana gement mode of port used in the case of power overloading. Use the undo poe powe[...]

PoE Configuration Commands 95 If there are too many ports with critical priority , the total power these ports need might exceed the maximum power supplied by the equipment, i.e., 300W . In this case, no new PD can be added to the switch. When the remaining power of the whole equipment is below 18.8 W , no new PD can be added to th e Switch. Exampl[...]

96 C HAPTER 4: U SING P OWER OV ER E THERNET (P O E) C OMMANDS Example Update the PSE pr ocessing software online. [4500] poe update refresh 0290_021.s19 .................................. ................................. .................................. .................................. .................................. ......................[...]

5 U SING N ETWORK P RO T O C O L C OMMANDS This chapter describes how to use th e following commands: IP Address Configuration Commands ■ d isplay ip ho st ■ d isplay ip interface vlan ■ ip address ■ i p host ARP Configuration Commands ■ a rp check enable ■ a rp static ■ arp static ■ d ebugging arp packet ■ d isplay arp ■ d ispl[...]

98 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS ■ d isplay isolate port ■ p ort isolate UDP Helper Configuration Commands ■ d ebugging udp-helper ■ d isplay udp-helper server ■ u dp-helper enable ■ u dp-helper port ■ u dp-helper server IP Performance Configuration Commands ■ d isplay fib ■ d isplay fib ip_address ■ d isplay f[...]

IP Address Configuration Commands 99 IP Address Configuration Commands This section describes the commands y ou can use to config ure and manage IP Addressing on your Switch 4500. display ip host Syntax display ip host Vie w All views Parameter None Description Use the display ip host command to display all host names and their corresponding IP add[...]

100 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS Line protocol current state : DOWN Internet Address is 1.1.1.1/8 Primary Broadcast address : 1.255.255.255 The Maximum Transmit Unit : 1500 b ytes input packets : 0, bytes : 0, mult icasts : 0 output packets : 0, bytes : 0, mul ticasts : 0 TTL invalid packet number: 0 ICMP packet input number: 0 E[...]

ARP Configuration Commands 101 ip host Syntax ip host hostname ip_address undo ip host hostname [ ip_address ] Vie w System view Parameters hostname Enter the host name of the connecti ng de vice. This is a character string of up to 20 characters. ip_address Enter the host’ s IP address. Description Use the ip host command to configure the host n[...]

102 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS MAC addr ess. Use the undo arp check enable command to disable the checking of ARP entry s o the device le arns th e ARP entry wher e the MAC addr ess is a multicast MAC addr ess. By default, the checking of ARP entry is enabled an d the device does not lear n the ARP entry where the MAC address i[...]

ARP Configuration Commands 103 By default, the ARP mapping tab le is empty , and the Switch uses dynamic ARP to maintain its address mapping. Related co mmands: reset arp , display arp , debugging arp . Example T o associate the IP address 202.38.10.2 with the MAC address 00e0-fc01-0000, and the ARP mapping entry to Ether net 1/0/1 on VLAN1, enter [...]

104 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS Example T o establish a mapping between IP address 129.102.0.1 and MAC address 00e0-fc01-0000, and to send frames to this address thr ough VLAN 1, Ethern et port 1/0/ 1, enter the following : <4500> system-view System View: return to User View w ith Ctrl+Z. [4500] arp static 202.38.0.10 00e0[...]

ARP Configuration Commands 105 Description Use the debugging arp command to enable ARP debugging. Use the undo debugging arp command to disable the corresponding ARP debugging. By default, undo ARP debugging is enabled. For the related commands, see arp static and display arp . Example T o enable ARP packet debugging, en ter the following: <4500[...]

106 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS include: Enter to display only the ARP entries that contain the specified characte r string "text". exclude : Enter to display only the ARP entries that do not contain the specified characte r string "text" . text Enter a character string. The ARP entries that contain this char[...]

ARP Configuration Commands 107 System View: return to User View with C trl+Z. [4500] display arp timer aging The information displays in the following format: Current ARP aging time is 20 minute(s) (default) [4500] res e t a rp Syntax reset arp [ dynamic | static | interfac e { interface_type interface_num | interface_name } ] Vie w User view Param[...]

108 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS DHCP Client Configuration Commands This section describes the commands you can use to configure and manage the Dynamic Host Configuratio n Protocol (DHC P) Client operations on your Switch 4500. debugging dhcp client Syntax debugging dhcp client { all | erro r | event | packet } undo debugging dhc[...]

DHCP Client Con figuration Commands 109 Use the undo debugging dhcp xrn xha command to disable DHCP client hot backup debugging . By defaul t, DHCP client ho t backup debugging is disabled. Example T o enable DHCP client hot backup debuggin g, enter the following: <4500> debugging dhcp xrn xha display dhcp client Syntax display dhcp client [ [...]

110 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS Parameter None Description Use the ip address dhcp-alloc command to configur e VLAN interface to obtain IP address using DHCP . Use the undo ip address dhcp-alloc command to remove the configuration. By default, the VLAN in terface d oes not obtain an IP address using DHCP . Example T o configure [...]

DHCP Relay Configuration Commands 111 Type: dhcp-request ClientHardAddress: 0010-dc19-695d ServerIpAddress: 192.168.1.2 *0.7200230-DHCP-8-dhcp_debug: From server to client: Interface: VLAN-Interface 1 ServerGroupNo: 0 Type: dhcp-ack ClientHardAddress: 0010-dc19-695d AllocatedIpAddress: 10.1.1.1 *0.7200580-DHCP-8-largehop: Discard DHCP request packe[...]

112 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS dhcp-server ip Syntax dhcp-server groupNo ip ipaddress1 [ ipaddress2 ] undo dhcp-server groupNo View System View Parameters groupNo Enter the DHCP server gr oup num ber , in the range 0 to 19. ip_address1 Enter the IP addr ess of the primary Server in the group. ip_address2 Enter the IP address of[...]

DHCP Relay Configuration Commands 113 Related co mmands: dhcp-server ip , dhcp-server , display dhcp-server interface vlan-interface , debugging dhcp-relay . Example T o view information on DHCP Server group 0, enter the following: <4500> display dhcp-server 0 The information displays in the following format: The first IP address of DHCP Serv[...]

114 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS The information shown above indicates that vlan-interface 2 is configured with a DHCP Server group whose ID is 0. Access Management Configuration Commands This section describes the commands you can use to configure and manage the Access Management Configuration operations on your Switch 4500. am [...]

Access Manageme nt Configuration Commands 115 address-list Enter IP addr ess list in the start_ip_address [ ip_address_num ] & < 1-10 > format. start_ip_address Is the start addr ess of an IP address range in the pool. ip_address_num: Specifies how many IP addr esses following start_ip_address in the range. &< 1-10 > means you c[...]

116 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS By default, the access mana gement trap is disabled. Example T o enable the access management tr ap, enter the following: <4500> system-view System View: return to User View w ith Ctrl+Z. [4500] am trap enable display am Syntax display am [ interface-list ] View Any view Parameters interface[...]

Access Manageme nt Configuration Commands 117 T o display the access management configurations on Ether net1/0/1: <4500> display am ethernet1/0/1 Ethernet1/0/1 Status : disabled IP Pools : (NULL) display isolate port Syntax display isolate port Vie w Any view Parameter none Description Use the display isolate port command to view port isolat [...]

118 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS other ports of this group, that is, Layer 2 forwarding between the isolated ports is not available. Use the undo port isolate command to remove a port from an isolation gr oup. By default, a port is not in an isolat ion g roup, namely Layer 2 forwarding is achievable between this port and other po[...]

UDP Helper Configuration Commands 119 display udp-helper server Syntax display udp-helper server [ interface v lan-interface vlan_id ] Vie w Any view Parameter vlan_id VLAN interface ID. Description Use the display udp-helper server command to view the information of destination Helper server corresponding to the VLAN interface. Example T o display[...]

120 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS View System view Parameters port Enter the ID of the UDP port with rela y function to be enabled, in the range of 1 to 65535. dns Domain name s ervice, corresponding to UDP port 53. netbios-ds NetBios datagram service, corresponding to UDP port 138. netbios-ns NetBios name service, corr esponding [...]

IP Performance Configuration Commands 121 Related co mmand: display udp-helper server . Example T o configure the relay destination server with IP address 192.1.1.2, enter the following: <4500> system-view System View: return to User View with C trl+Z. [4500] interface vlan-interface 1 [4500-Vlan-interface1] udp-helper server 192.1.1.2 IP Per[...]

122 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS display fib ip_address Syntax display fib ip_address1 [ { mask1 | mask-length1 } [ ip_address2 { mask2 | mask-length2 } | longer ] | longer ] View Any view Parameters ip_address1, ip_address2 Enter destination IP address, in dotted decimal format. ip_address1 and ip_address2 jointly define the a d[...]

IP Performance Configuration Commands 123 Description Use the display fib acl command to view the FIB entries matching a specific ACL. Example T o display the FIB entries matching ACL 2000, enter the following : <4500> display fib acl 2000 Route entry matched by access-list 2000 : Summary counts: 1 Destination/Mask Nexthop Flag TimeStamp Inte[...]

124 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS Description Use the display fib ip-prefix command to view the FIB entries matching the specific prefi x list. Example T o display the FIB entries matching prefix list abc0, enter the following: <4500> display fib ip-prefix abc0 Route Entry matched by prefix-list abc0: Summary count: 3 Destin[...]

IP Performance Configuration Commands 125 Description Use the display icmp statistics command to view the statistics information about ICMP packets. Related co mmands: display ip interface vlan-in terface , reset ip statistics . Example T o view statistics about ICMP packets, enter the following: <4500> display icmp statistics Input: bad form[...]

126 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS task-id Enter the ID of a task, with the value ranging from 1 to 100. socket-id Enter the ID of a socket, with the value ranging fr om 0 to 3072. Description Use the display ip socket command to display the informat ion about the sockets in the current system. Example T o display the information a[...]

IP Performance Configuration Commands 127 Vie w Any view Parameter none Description Use the display ip statistics command to view the statistics information about IP packets. Related co mmands: display ip interface , re set ip statistics . Example T o view statistics about IP packets, en ter the following: <4500> display ip statistics Input: [...]

128 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS display tcp statistics Syntax display tcp statistics View Any view Parameter none Description Use the display tcp statistics command to view the statistics information about TCP packets. The statistics information about TCP packets are divided in to two major kinds which ar e Received packets and [...]

IP Performance Configuration Commands 129 Closed connections: 0 (dropped: 0, init iated dropped: 0) Packets dropped with MD5 authentication : 0 Packets permitted with MD5 authenticati on: 0 display tcp status Syntax display tcp status Vie w Any view Parameter none Description Use the display tcp status command to view the TCP connection s tate. Exa[...]

130 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS Received packet: Total:0 checksum error:0 shorter than header:0, data length larger than packet:0 no socket on port:0 broadcast:0 not delivered, input socket full:0 input packets missing pcb cache:0 Sent packet: Total:0 reset i p statistics Syntax reset ip statistics View User view Parameter none [...]

IP Performance Configuration Commands 131 reset udp statistics Syntax reset udp statistics Vie w User view Parameter None Description Use the reset udp statistics command to clear the UDP statistics information. Example T o clear the UDP traf fic statistics info rmation, enter the following: <4500> reset udp statistics tcp timer fin-timeout S[...]

132 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS undo tcp timer syn-timeout View System View Parameter time-value Enter the TCP synwait timer value measured in second, whose value ranges from 2 to 600. The default time-value is 75 seconds. Description Use the tcp timer syn-timeout command to configure the TCP synwait timer . Use the undo tcp tim[...]

IP Performance Configuration Commands 133 <4500> system-view System View: return to User View with C trl+Z. [4500] tcp window 3[...]

134 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS[...]

6 U SING R OUTING P R OTOCOL C OMMANDS This chapter describes how to use th e following commands: Routing T able Display Commands ■ display ip r outing-table ■ d isplay ip routing-table acl ■ d isplay ip routing-table ip_address ■ d isplay ip routing-table ip_address1 ip_addr ess2 ■ d isplay ip routing-table ip-prefix ■ d isplay ip rout[...]

136 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS ■ r ip metricin ■ r ip metricout ■ ri p output ■ rip split-horizon ■ r ip version ■ r ip work ■ s ummary ■ t imers IP Routing Policy Commands ■ a pply cost ■ d isplay ip ip-pr efix ■ d isplay route-policy ■ i f-match { acl | ip-prefix } ■ i f-match cost ■ i f-match int[...]

Routing Table Display Commands 137 Only the currently used route, that is the best r oute, is displayed. Example T o view a summary of routing table information, enter the following: <4500> display ip routing-table The information displays in the following format: Routing Table: public net Destination/Mask Proto Pre Cost Nexthop Interface 1.1[...]

138 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS Example T o display a summary of the active routes filter ed through basic ACL 2000, enter the following: <4500> system-view System View: return to User View w ith Ctrl+Z. [4500] acl number 2000 [4500-acl-basic-2000] rule permit s ource 10.1.1.1 0.0.0.255 [4500-acl-basic-2000] rule deny sou[...]

Routing Table Display Commands 139 display ip r outing-table ip_address Syntax display ip routing-table ip_address [ m ask ] [ longer-match ] [ verbose ] Interface Output interface, through which th e data packet destined for the destination network is sent Vlinkindex Virtual link index State Route state description: ActiveU — The route is select[...]

140 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS View All views Parameters ip_address Enter the destination IP address. mask Enter either the IP subnet mask (in x. x.x.x format), or the su bnet mask length (in the range 0 to 32). Optio nal. longer-match Enter to display an address route that matches the destination IP address in natural mask ra[...]

Routing Table Display Commands 141 Protocol: #Static Preference: 60 *NextHop: 2.1.1.1 Interface: 2.1.1.1(LoopBack1) Vlinkindex: 0 State: <Int ActiveU Static Unicast> Age: 4:479 Cost: 0/0 Tag: 0 For detailed description of ou tput information, refer to Ta b l e 18 . display ip r outing-table ip_address1 ip_address2 Syntax display ip routing-ta[...]

142 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS View All views Parameter ip_prefix_name Enter the ip pr efix list name. verbose Enter to display verbose information about both the active and in active routes that passed filtering rules. Without this paramet er , this command displays the summary of active routes that passed filtering rules. De[...]

Routing Table Display Commands 143 For detailed information of the output information, refer to Ta b l e 18 . display ip r outing-table protocol Syntax display ip routing-table protocol proto col [ inactive | verbose ] Vie w All views Parameters protocol Enter one of the following: ■ direct Displays the dir ect connection route information ■ st[...]

144 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS The information displays in the following format : STATIC Routing tables: Summary count: 1 STATIC Routing tables status:<acti ve>: Summary count: 0 STATIC Routing tables status:<inac tive>: Summary count: 1 Destination/Mask Protocol Pre Cost Nextho p Interface 1.2.3.0/24 STATIC 60 0 1[...]

Routing Table Display Commands 145 Vie w All views Parameter None Description Use the display ip routing-table statistics command to display the routing information for all protocols. The inform ation includes the n umber of r outes per pro tocol, the numb er of active routes per pr otocol, the number of rout es added and deleted per pr otocol, and[...]

146 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS The information displayed includes the route state, the ve rbose description of each route and the statistics of the entir e routing table. All current r outes, includ ing inactive ro utes and invalid r outes, are di splayed. Example T o display the verbose r outin g table information, enter the [...]

Static Route Configuratio n Command 14 7 delete static-routes all Syntax delete static-routes all Vie w System View Parameter None Description Use the delete static-routes all command to delete all the static routes. The system requests your confirmation befo re it deletes all the configured static rou t e s. Related co mmands: ip route-static and [...]

148 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS preference_value Enter the pr eference level of the r oute in the range 1 to 255. The default prefer ence is 60. reject Enter to indicate an unreachable r oute. blackhole Enter to indicate a blackhole r oute. Description Use the ip route-static command to configure a static route. Use the undo ip[...]

RIP Configuration Commands 149 Example T o configure the next hop of the default route as 129.102.0.2, enter the following: <4500> system-view System View: return to User View with C trl+Z. [4500] ip route-static 0.0.0.0 0.0.0.0 1 29.102.0.2 RIP Configuration Commands This section describes the commands you can use to configure the Routing In[...]

150 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS undo default cost View RIP view Parameter value Enter the default routing cost, in the range 1 to 16. The default is 1. Description Use the default cost command to set the default routing cost of an imported route. Use the undo default cost command to restore the default value. If you do not spec[...]

RIP Configuration Commands 151 Garbage-collection timer : 120 No peer router Network : 202.38.168.0 filter -policy export Syntax filter-policy { acl_number | gateway ga teway-ip | ip-prefix ip_prefix_name } export [ routing_proces s ] filter-policy route-policy route-policy -name export undo filter-policy { acl_number | gatew ay gateway-ip | ip-pre[...]

152 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS Description Use the filter-policy ex port command to configure RIP to filter the advertised routing information. Use the undo filter-policy export command to configure RIP not to filter the advertised routing information. This is the default. Related comma nds: acl , filter-policy import , ip ip-[...]

RIP Configuration Commands 153 Use the filter-policy import command to config ure the switch to filter global routing information. Use the undo filter-policy import command to disable filtering of received global r outing in formation. By default, RIP does not filter the received routing information. Related co mmands: acl, filter-policy export, i [...]

154 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS Parameters protocol Enter the r outing pr otocol to be imported. This can be on e of the following: direct or static . value Enter the cost value of the route to be importe d. route-policy route_policy_name E nter a route-policy name. Only r outes that match the conditions of the specified policy[...]

RIP Configuration Commands 155 Use the undo network command t o disable RIP o n the interface . By default, R IP is disabled on an interface. After you have enabled RIP , you must also enable RIP for a specif ied interface using this command. RIP only opera tes on the interf ace of specified ne twork segments. The undo network command is similar to[...]

156 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS System View: return to User View w ith Ctrl+Z. [4500] rip [4500-rip] peer 202.38.165.1 prefer ence Syntax preference value undo preference View RIP view Parameter value Enter the prefer ence level, in the ra nge 1 to 255. By def ault, the value is 100. Description Use the preference command to co[...]

RIP Configuration Commands 157 [4500] rip [4500-rip] reset rip Syntax rip undo rip Vie w System view Parameter None Description Use the rip command to enable RIP and enter the RIP command view . From he re, you can configure RIP using the other commands described in t his section. Use the undo rip command to disable RIP . By default, RIP is disable[...]

158 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS current-configuration command is executed. Inputtin g the MD5 key in cipher text form with 24 characters long is also supported. nonstandard: Enter to set the MD5 cipher text authentication packet to use a packet format (as described in RFC2082). key-id Enter an MD5 cipher text authentication id [...]

RIP Configuration Commands 159 T o set MD5 authentication on Vlan-interfa ce 1 with the key string set to “aaa” and the packet type set to usual , enter the following: [4500] interface Vlan-interface 1 [4500-Vlan-interface1] rip version 2 [4500-Vlan-interface1] rip authenticatio n-mode md5 usual aaa rip input Syntax rip input undo rip input Vie[...]

160 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS Description Use the rip metricin command to con figure a n additional r oute metric to be added to the route when an interface receives RIP packets. Use the undo rip metricin command to restore the default value of this additional route metric. Related comma nd: rip metricout . Example T o set th[...]

RIP Configuration Commands 161 Vie w Interface View Parameter None Description Use the rip output command to allow an interface to tr ansmit RIP packets. Use the undo rip output command to disable an inte rface fr om transmitting RIP packets. By default, all interfaces except loopback interfaces are able to transmit RIP packets. This command is use[...]

162 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS Example T o set the interface Vlan-interface 1 not to use split horizo n when processing RIP packets, enter the following: <4500> system-view System View: return to User View w ith Ctrl+Z. [4500] interface Vlan-interface 1 [4500-Vlan-interface1] undo rip spl it-horizon rip version Syntax ri[...]

RIP Configuration Commands 163 [4500-Vlan-interface1] rip version 2 bro adcast rip work Syntax rip work undo rip work Vie w Interface View Parameter None Description Use the rip work command to enable the RIP on an interface. This is the default. Use the undo rip work command to disable RIP on an interface. This command is used in conjunction with [...]

164 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS summarization all the time. If RIP-2 is used, route summarization function can be disabled with the undo summary command, when it is necessary to br oadcast the subnet route. Related comma nd: rip version Example T o set the RIP version on the interface Vlan -interface 1 to RIP- 2, and then disab[...]

RIP Configuration Commands 165 Example Set the values of the Period Update ti mer and the T imeout timer of RIP to 10 seconds and 30 seconds respectively . <4500> system-view System View: return to User View with C trl+Z. [4500] rip [4500-rip] timers update 10 timeout 30[...]

166 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS IP Routing Policy Configuration Commands This section describes the commands you can use to configure IP Routing Policy . These commands operate across all r outing protocols. When the Switch 450 0 runs a routing proto col, it is able to perform the functions of a router . The term rout er in thi[...]

IP Routing Policy Configuration Commands 167 Example Display the information of th e address prefix list named to p1 . <4500> display ip ip-prefix p1 name index conditions ip-prefix / mask GE LE p1 10 permit 10.1.0.0/16 17 18 display route-policy Syntax display route-policy [ route _ policy _ nam e ] Vie w All views Parameter route_policy_nam[...]

168 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS if-match { acl | ip-p refix } Syntax if-match { acl acl _ number | ip-prefix ip _ prefix _ name } undo if-match [ acl | ip-prefix ] View Route policy view Parameter acl_number Enter the number of the access control list used for filtration ip_prefix_name Enter the pr efix address list used for fi[...]

IP Routing Policy Configuration Commands 169 By default, no match su b-statement is defined. Related co mmands: i f-match interface , if-match acl , if- match ip-prefix , if-match ip next-hop , if-match tag , route-policy , apply ip next-hop, apply local-preference, apply cost, app ly origin and apply tag . Example A match sub-statement is de fined[...]

170 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS if-match ip next-hop Syntax if-match ip next-hop { acl acl_num ber | ip-prefix ip_prefix_name } undo if-match ip next-hop [ ip-pre fix ] View Route policy view Parameter acl_number Ente r the number of the access contr ol list use d for filtrati on. The range is 1 to 99. ip_prefix_name Enter the [...]

IP Routing Policy Configuration Commands 171 index_number Identify an item in the prefix addr ess list. The item with smalle r index-number will be tested first. permit Enter to specify the match mode of the d efined address prefix list items as permit mode. deny Enter to specify the matc h mode of the defined address prefix list items as deny mode[...]

172 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS route-policy Syntax route-policy route_policy_name { permit | deny } nod e { node_number } undo route-policy route_policy_nam e [ permit | deny | node node_number ] View System view Parameter route_policy_name Enter the Route-policy name to identify one Route-p olicy uniquely . permit Enter to sp[...]

IP Routing Policy Configuration Commands 173 [4500-route-policy][...]

174 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS[...]

7 U SING M ULTICAST P ROT O C O L C OMMANDS This chapter describes how to use th e following commands: IGMP Snooping Configuration Commands ■ d isplay igmp-snoo ping configuration ■ display igmp-snooping group ■ display igmp-snooping statistics ■ igmp-snooping ■ igmp-snooping host-aging-time ■ igmp-snooping max-response-time ■ igmp-sn[...]

176 C HAPTER 7: U SING M ULTICAST P R OTOCOL C OMMANDS IGMP Snooping Configuration Commands This section describes how to use the Internet Group Management Protocol (IGMP) configuratio n comma nds on your Switch 4500. display igmp-snooping configuration Syntax display igmp-snooping configuratio n View All views Parameter None Description Use the di[...]

IGMP Snooping Configuration Commands 17 7 This command displays the IP mult icast group and MAC multicast group information of a VLAN or all the VLAN wh er e the Ether net Switch is located. It displays the information such as VLAN ID, router port, IP multicast group addr ess, member ports in the IP multicast gr oup, MAC multic ast group, MAC multi[...]

178 C HAPTER 7: U SING M ULTICAST P R OTOCOL C OMMANDS <4500> display igmp-snooping statis tics Received IGMP general query packet (s) number:0. Received IGMP specific query packe t(s) number:0. Received IGMP V1 report packet(s) number:0. Received IGMP V2 report packet(s) number:0. Received IGMP leave packet(s) numb er:0. Received error IGMP [...]

IGMP Snooping Configuration Commands 17 9 Parameter seconds: Specifies the port aging time of the multicast g roup member , ranging from 200 to 1000 and measured in seconds. The default is 260. Description Use the igmp-snooping host-aging- time command to co nfigure the port aging time of the multicast group members. Use the undo igmp-snooping host[...]

180 C HAPTER 7: U SING M ULTICAST P R OTOCOL C OMMANDS [4500] igmp-snooping max-response-t ime 20 igmp-snooping router -aging-time Syntax igmp-snooping router-aging-time se conds undo igmp-snooping router-aging-ti me View System View Parameter seconds: Specifies the r outer port aging time, ranging from 1 to 1000 measured in seconds. The default is[...]

IGMP Snooping Configuration Commands 18 1 <4500> reset igmp-snooping statistics[...]

182 C HAPTER 7: U SING M ULTICAST P R OTOCOL C OMMANDS[...]

8 U SING Q O S/ACL C OMMANDS This chapter describes how to use th e following commands: ACL Commands List ■ acl ■ d isplay ac l ■ d isplay pa cket-filter ■ p acket-filter ■ r eset ac l counter ■ rule QoS Configuration Commands List ■ display mirr or ■ d isplay qos cos-local-precedence- ma p ■ d isplay qos-interface all ■ d ispla[...]

184 C HAPTER 8: U SING Q O S/ACL C OMMANDS ACL Commands List This section describes how to use the ACL configuration commands on your Switch 4500. acl Syntax acl acl-number1 { inbound | outbou nd } undo acl acl-number1 { inbound | o utbound } acl acl-number2 inbound undo acl acl-number2 inbound View User interface view Parameter acl-number1: Number[...]

ACL Commands List 185 [4500] user-interface vty 0 4 [4500-user-interface-vty0-4] acl 2000 i nbound display acl Syntax display acl { all | acl-number } Vie w All views Parameter all: Displays all ACLs. acl-number: Specifies the sequen ce number of th e ACL to be displayed. It can be a number chosen from 2000 to 5999. Description Use the display acl [...]

186 C HAPTER 8: U SING Q O S/ACL C OMMANDS Example T o display the information of the acti vated ACL of all interfaces, enter the following: <4500> display packet-filter unitid 1 packet-filter Syntax packet-filter { inbound | outbound } { user-group acl-number [ rule rule ] | ip-group acl-number [ r ule rule [ link-group acl-number rule rule [...]

ACL Commands List 187 reset acl counter Syntax reset acl counter { all | acl-number } Vie w User View Parameter all: All ACLs. acl-number : Specifies the sequence number of an ACL. Description Use the reset acl counters command to reset the ACL statistics information to zero. Example Clear the statistics information of ACL 2000. <4500> reset [...]

188 C HAPTER 8: U SING Q O S/ACL C OMMANDS undo rule rule-id View Corresponding ACL View Parameter rule-id: Specifies the subitems of an ACL, ranging from 0 to 65534. permit: Permits pack ets that meet the requir ements. deny: Denies packets that meet the requirements. The following parameters are various prope rty parameters carried by packets. Th[...]

ACL Commands List 189 a number which ranges from 0 to 255; code r epresents ICMP code, which appears when the protocol is “icmp” and the type of packet is not notated by a character , ranging from 0 to 255. established : Means that it is only effective to the first SYN packet established by TCP , appears when protocol is TCP . precedence preced[...]

190 C HAPTER 8: U SING Q O S/ACL C OMMANDS Y ou can define several subrules for an AC L. If you include parameters when using the undo rule command, the system only delete s the corresponding content of the subrule. For related configurations, refer to command acl . Example Add a subrule to an advanc ed ACL: <4500> system-view System View: re[...]

QoS Configuration Commands List 191 Related co mmands: mirroring-port , monitor-port . Example T o display the po rt mirroring configuration, enter the follo wing: <4500> system-view System View: return to User View with C trl+Z [4500] display mirror display qos cos-local-precedence- map Syntax display qos cos-local-precedence-map Vie w All v[...]

192 C HAPTER 8: U SING Q O S/ACL C OMMANDS QoS setting information of the specified in terfaces, including tr affic policing, rate limit at interfaces, and so on. Example Display all the configurations of Qo S parameters for unit 1. <4500> display qos-interface 1 all display qos-interface line-rate Syntax display qos-interface { interface- na[...]

QoS Configuration Commands List 193 Description Use the display qos-interface mirrored- to command to view the settings of the traffic mirr or . This command is used for displaying the set tings of traffic mirror . The information displayed includes the ACL of traffic to be mirr ored and the observing port. Related co mmand: mirrored-to . Example T[...]

194 C HAPTER 8: U SING Q O S/ACL C OMMANDS View Ether net Port V iew Parameter target-rate : The total limited rate of the pack ets sent by interfaces. Unit in Kbps. The number input must be a multip le of 64. For 100 Mbps port, the rang e is from 64 to 99968; for 1000 Mbps port, the range is from 64 to 1000000. Description Use the line-rate comman[...]

QoS Configuration Commands List 195 rule rule : Specifies the subitem of an active ACL, ranging fr om 0 to 65534; if not specified, all subitems of the ACL will be activated. If only IP ACL or Layer 2 ACL is activated, this para meter can be omitted. If both IP and Layer 2 ACL are activated at the same time, the rule parameter cannot be omitted. cp[...]

196 C HAPTER 8: U SING Q O S/ACL C OMMANDS the Fabric. Y ou need to configure the monitor por t before configuring the monitored port. Related comma nd: display mirror . Example T o configure Ethernet 1/0/1 as a monito red port, and monitor packets in both directions, enter the following: <4500> system-view System View: return to User View w [...]

QoS Configuration Commands List 197 Parameter priority-level: Specifies the priority level of the port, ranging from 0 to 7. Description Use the priority command to configure the priority of Ethernet po rt. Use the undo priority command to restor e the default port priority . By default, the priority level of the port is 0. The Switch replaces the [...]

198 C HAPTER 8: U SING Q O S/ACL C OMMANDS System View: return to User View w ith Ctrl+Z [4500] interface Ethernet 1/0/1 [4500-Ethernet1/0/1] priority trust [4500-Ethernet1/0/1] qos cos-local-pr ecedence -map Syntax qos cos-local-precedence-map cos0-map-local-prec cos1-map-local-prec cos2-map-local-prec cos3-map-local -prec cos4-map-local-prec cos5[...]

QoS Configuration Commands List 199 Example Configure CoS and Local Pr ecedence table. <4500> system-view System View: return to User View with C trl+Z [4500] qos cos-local-precedence-map 0 1 2 3 4 5 6 7 [4500] The following is the configured "CoS Local-precedence” mapping table. Ta b l e 26 D efault configure CoS and Local-precedence [...]

200 C HAPTER 8: U SING Q O S/ACL C OMMANDS link-group acl-number : Activ ates Layer 2 ACLs. acl-number: Sequence number of ACL, ranging from 4000 to 4999. rule rule : Specifies the subitem of an active ACL, ranging from 0 to 65534; if not specified, all subitems of th e ACL will be activated. If only an IP ACL or a Layer 2 ACL is activated, this pa[...]

Logon User’s ACL Control Command 201 qstart : Start random di scarding queue length, if the queue is shorter than the value, no packet will be dr opped. Ranging from 1 to 128. The value must be a multiple of 16 KBytes. probability: discar ding probability . Description Use the wred command to configure WRED parameters. WRED (W eighted Random Earl[...]

202 C HAPTER 8: U SING Q O S/ACL C OMMANDS Example Perform ACL control to the users who access the local Switch using TELNET (basic ACL 2000 has been defined). <4500> system-view System View: return to User View with Ctrl+Z [4500] user-interface vty 0 4 [4500-ui-vty0-4] acl 2000 inbound [4500-ui-vty0-4] ip http acl Syntax ip http acl acl-numb[...]

Logon User’s ACL Control Command 203 write : Indicates that this community name has the read-write right within the specified view . community-name : Character string of the community name. mib-view : Set the MIB view name which ca n be accessed by the community name. view-name : MIB view name. acl acl-number : The number identifier of basic numb[...]

204 C HAPTER 8: U SING Q O S/ACL C OMMANDS groupname: Gr oup name, ranging from 1 to 32 bytes. authentication: If this parameter is added to configuration command, the system will authenticate but no t encrypt SNMP data packets. privacy: Authenticates and encryp ts the packets. read-view: Sets r ead-only view . read-view: Read-only view name, rangi[...]

Logon User’s ACL Control Command 205 Parameter v1 : V 1 security mode. v2c : V 2 security mode. v3 : V 3 security mode. user-name : The user name, ranging fr om 1 to 32 bytes. group-name : The corresponding group name of the user , ranging from 1 to 32 bytes. authentication-mode : Specifies the security leve l to "to be auth enticated" [...]

206 C HAPTER 8: U SING Q O S/ACL C OMMANDS [4500] snmp-agent usm-user v3 John Mygroup authentication-mode md5 hello acl 2002[...]

9 U SING S TACK C OMMANDS This chapter describes how to use th e following commands: Stack Configu ration Commands ■ c hange self-unit ■ c hange unit-id ■ display ftm ■ display xrn-fabric ■ fabric save-unit-id ■ f abric-port enable ■ f tm stacking-vlan ■ xrn-fabric auth entication-mode ■ s et unit name ■ s ysname Stack Commands [...]

208 C HAPTER 9: U SING S TACK C OMMANDS change unit-id Syntax change unit-id to < 1-8 >{ < 1-8 > | auto-numbering } View System View Parameter < 1-8 >: Unit ID of the unit in a stack. auto-numbering: Change the unit ID automatically . Description Use the change unit-id command to change the unit ID of a Switch in the stack. By def[...]

Stack Commands 209 2 00e0-fc03-5502 10 UP/DOWN 2 2/3 3 A 3 00e0-fc04-5502 10 UP/DOWN 2 4/5 3 A 6 00e0-fc05-5502 10 UP/DOWN 2 10/11 3 A 5 00e0-fc06-5502 10 UP/DOWN 2 8/9 3 A 4 00e0-fc07-5502 5 UP/DOWN 2 6/7 3 M 7 00e0-fc04-6502 10 UP/DOWN 2 12/13 3 A 8 00e0-fc01-5502 10 UP/DOWN 2 14/15 5 A display ftm Syntax display ftm { information | route | top o[...]

210 C HAPTER 9: U SING S TACK C OMMANDS displayed on the console port of a device, an asterisk (*) next to the unit ID indicates the current device. Example T o display fabric information on the console port of unit 1, en ter the following: [4500] display xrn-fabric Fabric name is 4500 , system mode is L3. Fabric authentication: no authenti cation,[...]

Stack Commands 211 Unit 3 saved unit ID successfully. Unit 4 saved unit ID successfully. Unit 5 saved unit ID successfully. Unit 6 saved unit ID successfully. Unit 7 saved unit ID successfully. Unit 8 saved unit ID successfully. <4500> display ftm topology-database Total number of UNITs in fabric : 8, My CPU ID : 4 UID CPU-Mac Prio stacking-p[...]

212 C HAPTER 9: U SING S TACK C OMMANDS Description Use the ftm stacking-vlan command to specify the stacking VLAN of the Switch. Use the undo ftm stacking-vlan command to set the stacking VLAN of the Switch to its default value. Y ou should specify the stacking VLAN before the stack is established. Example Set VLAN 2 as st acking VLAN: [4500] ftm [...]

Stack Commands 213 Description Y ou can use this comm and to set a name for a device. Example T o set the name “hello” for the device with unit ID 1, enter the following: <4500> display xrn-fabric Fabric name(HostName): 4500 Fabric authentication: md5, Fabric mode : L3, number of units in stack: 2 Unit Name Unit ID Hello 1 Second 2(*) sys[...]

214 C HAPTER 9: U SING S TACK C OMMANDS Unit Name Unit ID First 1 Second 2 (*)[...]

10 U SING RSTP C OMMANDS This chapter describes how to use th e following commands: RSTP Configurat ion Commands ■ display stp ■ r eset stp ■ stp ■ stp bpdu-protection ■ stp cost ■ stp edged-port ■ stp loop-protection ■ stp mcheck ■ stp mode ■ stp pathcost- standar d ■ stp point-to-point ■ stp port priority ■ stp priority [...]

216 C HAPTER 10: U SING RSTP C OMMANDS RSTP Configuration Commands This section describes how to use the Rapid Spanning T ree Protocol (RSTP) configuration co mmands on your Switch. display stp Syntax display stp [ interface interface_ list ] display stp brief View All views Parameter interface interface_list : Specifies the Ethernet port list, inc[...]

RSTP Configuration Commands 217 Times: Hello Time 2 sec, Max Age 20 sec Forward Delay 15 sec, Message Age 0 BPDU sent: 0 TCN: 0, RST: 0, Config BPDU: 0 BPDU received: 0 TCN: 0, RST: 0, Config BPDU: 0 res e t s tp Syntax reset stp [ interface interface_list ] Vie w User view Ta b l e 27 Display information Field Description Protocol mode Current Swi[...]

218 C HAPTER 10: U SING RSTP C OMMANDS Parameter interface interface_list : Specifies the Ethernet port list, including multiple Ethern et ports. Expressed as interface _list = { { interface_type interface_num | interface_name } [ to { interface_type interface_num | interface_name } ] }&<1-10> . For details about interface_type , interfac[...]

RSTP Configuration Commands 219 for the device and ports. This command en ables/disables RSTP on a device in system view and enables/disables RSTP on a port in Ether net Port View . Related co mmand: stp mode . Example T o enable RSTP on a Switch, enter the following: <4500> system-view System View: return to User View with C trl+Z. [4500] st[...]

220 C HAPTER 10: U SING RSTP C OMMANDS [4500]stp bpdu-protection stp cost Syntax stp cost cost undo stp cost View Ether net Port V iew Parameter cost : Specifies the path cost, ranging from 1 to 2000000. Description Use the stp cost command to configure the path cost on a spanning t ree for the current Ether net port. Use the undo stp cost command [...]

RSTP Configuration Commands 221 Parameter enable: Sets the current Ethernet port as an edge port. disable: Sets the current Ethernet port as a non-edge port. Description Use the stp edged-port enable command to configur e the current port as an edge port. Use the stp edged-port disable command to configure the curr ent port as a non-edge port. Use [...]

222 C HAPTER 10: U SING RSTP C OMMANDS Example T o enable loop pr otection func tion in Ethernet1/ 0/1, enter th e following: <4500> system-view System View: return to User View w ith Ctrl+Z. [4500] interface Ethernet1/0/1 [4500-Ethernet1/0/1] stp loop-prote ction stp mcheck Syntax stp mcheck View System View Parameter None Description If the[...]

RSTP Configuration Commands 223 Parameter stp: Specifies to run Spanning T r ee in STP compatible mode. rstp: Specifies to run Spanning T ree in RSTP mode. Description Use the stp mode command to configure Spanning T ree’ s running mode. Use the undo stp mode command to restor e the default Spanning T ree’ s running mode. By default, the value [...]

224 C HAPTER 10: U SING RSTP C OMMANDS <4500> system-view System View: return to User View w ith Ctrl+Z. [4500] stp pathcost-standard dot1d- 1998 T o configure the Switch to calculate the default Path Cost of a port by the IEEE 802.1t standard, enter t he following: [4500] stp pathcost-standard dot1t stp point-to-point Syntax stp point-to-poi[...]

RSTP Configuration Commands 225 Parameter port-priority : Specifies the priority of the port, ranging fr om 0 to 240. The values are not consecutive integers. Step le ngth is 16. By default, the value is 128. Description Use the stp port priority command to configure the priority of the current Ethernet port. Use the undo stp port priority command [...]

226 C HAPTER 10: U SING RSTP C OMMANDS stp root primary Syntax stp root primary undo stp root View System View Parameter None Description Use the stp root primary command to configure the current Switch as the primary root of a spanning tr ee. Use the undo stp root command to can cel the current Switch for primary root of a spanning tree. By defaul[...]

RSTP Configuration Commands 227 Description Use the stp root secondary command to configure the current Switch as a secondary root of a specified spanning tree. Use the undo stp root command to cancel the designation of th e current Switch for a secondary root of a specified spanning tree. By default, a Switch is not a secondary root. Y ou can desi[...]

228 C HAPTER 10: U SING RSTP C OMMANDS not forward any packets (as if the link to it is disconnected). It will r esume normal status if it receives no BPDU with higher -pr iority for a period of time. Example T o enable Root protection function on Ethernet1 /0/1 of the Switch , enter the following: <4500> system-view System View: return to Us[...]

RSTP Configuration Commands 229 undo stp timer forward-delay Vie w System View Parameter centiseconds : Specifies the time of forwar d delay in centiseconds, ranging from 400 to 3000. By default, the value is 1500 centiseconds. Description Use the stp timer forward-delay command to configure the time of forwar d delay for the Switch. Use the undo s[...]

230 C HAPTER 10: U SING RSTP C OMMANDS Related comma nds: stp timer forward-delay , stp timer max-age , stp transmit-limit . Example T o set the hello time of the Swit ch to 300 centiseconds, enter the fo llowing: <4500> system-view System View: return to User View w ith Ctrl+Z. [4500] stp timer hello 300 stp timer max-age Syntax stp timer ma[...]

RSTP Configuration Commands 231 Parameter packetnum : The maximum number of STP pac kets a port can send within one hello time. It ranges from 1 to 255 and defaults to 3. Description Use the stp transmit-limit command to set the m aximum numb er of STP packets the curr ent port can send within one hello time. Use the undo stp transmit-limit command[...]

232 C HAPTER 10: U SING RSTP C OMMANDS[...]

11 U SING AAA AND RADIUS C OMMANDS This chapter describes how to use th e following commands: 802.1x Configuration Commands ■ display dot1 x ■ dot1x ■ dot1x authentication-met hod ■ dot1x dhcp-launch ■ dot1x max-user ■ dot1x port-control ■ dot1x port-method ■ dot1x quiet-period ■ dot1x r etry ■ dot1x supp-proxy-check ■ dot1x t[...]

234 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS ■ domain ■ idle-cut ■ level ■ local-use r ■ local-user password-display-mode ■ messenger ■ password ■ radius-s cheme ■ scheme ■ self-service-url ■ s ervice-type ■ state RADIUS Protocol Configuration Commands ■ accounting optio nal ■ data-flow-format ■ display local-serve[...]

235 ■ timer realtime-accounting ■ timer response-timeout ■ user -name-format[...]

236 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS 802.1x Configuration Commands This section describes how to use the 802.1x configuration commands on your Switch 4500. display dot1x Syntax display dot1x [ sessions | statist ics [ interface interface-list ]] View All views Parameter interface: Displays the 802.1x informat ion on the specified interf[...]

802.1x Configuration Commands 237 Configuration: Transmit Period 30 s, Handshake Period 15 s Quiet Period 60 s, Quiet Period Timer i s disabled Supp Timeout 30 s, Server Timeout 100 s The Max-Req 3 Total maximum 802.1x user resource num ber is 1024 Total current used 802.1x resource num ber is 0 Ethernet1/0/1 is link-up 802.1X protocol is disabled [...]

238 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS enabled global ly , if the parameters ar e not configur ed globally or for a specified port, they will maintain the default values. After the global 802.1x perfor mance is enabled, only when port 80 2.1x performance is enabled will the configurat ion of 802.1x become effective on the port. Related co[...]

802.1x Configuration Commands 239 forwarding to the RADIUS server . Y ou can use EAP authenticatio n in one of th e four sub-methods: PEAP , EAP-TLS, EAP-TT LS and EAP-MD5. T o use P AP , CHAP or EAP authentication, RADIUS server should support P A P , CHAP or EAP authentication resp ectively . Related co mmand: display dot1x . Example Configure 80[...]

240 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS Parameter user-number: Specifies the limit to the amount of supplicants on the port, ranging from 1 to 1024. By default, the maximum user number is 1024. interface interface-list: Ethernet interface list in cluding several Ethernet interfaces, expressed in the fo rmat interface-list = { interface-num[...]

802.1x Configuration Commands 241 authorized-force: For ced authorized mod e, confi guring the interface to always stay in authorized state and the user is allowed to access the network resources without authentication/autho rization. unauthorized-force: For ced unauthorized mode, configuring the interface to always stay in non-authorized mode and [...]

242 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS portbased: Configures the 802 .1x authentication system to perform authenti cation on the supplic ant based on interfac e number . interface interface-list: Ethernet interface list in cluding several Ethernet interfaces, expressed in the fo rmat interface-list = { interface-num [ to interface-num ] }[...]

802.1x Configuration Commands 243 Parameter None Description Use the dot1x quiet-period comma nd to enable the qui et-period timer . Use the undo dot1x quiet-period comman d to disable this timer . If an 802.1x user has not been authentica ted, the Authenticato r will keep quiet for a while (which is specified by quiet-period timer) before launchin[...]

244 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS Related comma nds: display dot1x . Example T o configure the current device to transmi t an authentication request frame to the user for no more than 9 times, enter t he followin g: <4500> system-view System View: return to User View w ith Ctrl-Z [4500] dot1x retry 9 dot1x supp-proxy-check Synt[...]

802.1x Configuration Commands 245 Example T o configure the Switch to cut the netwo rk connection to a u ser upon detecting the use of proxy on Ethernet 1/0/1 ~ Ether net 1/0/8, enter the following: <4500> system-view System View: return to User View with C trl+Z. [4500] dot1x supp-proxy-check logoff [4500] dot1x supp-proxy-check logoff int e[...]

246 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS server-timeout-value: Specify how long the duration of a timeout timer of an Authentication Server is. The value ranges from 100 to 300 seconds and defaults to 100 seconds. supp-timeout: Specify the authentication timeou t timer of a Supplican t. After the Authenticator sends Request/Challenge reques[...]

Centralized MAC Address Authentic ation Configuration Commands 247 interface-type interface-num | interfac e-name } , where interface-type specifies the port type, interface-num specifies the port number an d interface-name specifies the port name. For the r espective meanings and value ranges, read the Parameter of the Port Configuration section. [...]

248 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS Description Use the debugging mac-authentication event command to enable centralized MAC address authentication event debugging. Us e the undo debugging mac-authentication event command to disable event debugging. Example T o enable central ized MAC addr ess au thentication event debugging, ent er th[...]

Centralized MAC Address Authentic ation Configuration Commands 249 MAC ADDR Authenticate state AuthIndex mac-authentication Syntax mac-authentication [ interface interfac e-list ] undo mac-authentication [ interface int erface-list ] Vie w Ethernet Port View Ta b l e 29 Description of MAC address authen tication configuration information Field Desc[...]

250 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS Parameter interface interface-list: Ethernet interface list in cluding several Ethernet interfaces, expressed in the fo rmat interface-list = { interface-num [ to interface-num ] } & < 1-10 > . interface-num specifies a single Ether net interface in the format interface-num = { interf ace-t[...]

Centralized MAC Address Authentic ation Configuration Commands 251 Parameter usernamemacaddress : Specify the MAC addr ess mode for aut hentication. usernamefixed: Specify the fixed mode for authentication. Description Use the mac-authentication authmode command to set the MAC addr ess authentication mode. Use the undo mac-authentication authmode c[...]

252 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS <4500> system-view System View: return to User View w ith Ctrl+Z. [4500] mac-authentication authpassword mac mac-authentication authusername Syntax mac-authentication authusername te xt undo mac-authentication authuserna me View System View Parameter text : User name for authentication , a stri[...]

Centralized MAC Address Authentic ation Configuration Commands 253 By default, the domain used by centraliz ed MAC addr ess authentication user is null, that is, not configured. Example T o configure the domain used by the MAC addr ess to Cams, enter the following: <4500> system-view System View: return to User View with C trl+Z. [4500] mac-a[...]

254 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS AAA and RADIUS Configuration Commands This section describes how to use the AAA and RADIUS configuration commands on your Switch 4500. access-limit Syntax access-limit { disable | enable ma x-user-number } View ISP Domain View Parameter disable: No limit to the supplicant number in the curr ent ISP d[...]

AAA and RADIUS Configuration Commands 255 mac mac-address: Specifies the MAC address of a user . Where, mac-address takes on the hexadecimal format of HHHH-HHHH-HHHH-HHHH . idle-cut second: Allows/disallows the local us ers to enable the idle-cut function. (The specific data for this fu nction depen ds on the config uration of the ISP domain where [...]

256 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS Parameter all: Configures to disconnect all connection. access-type { dot1x | mac authenti cation }: Configures to cut a category of connections according to logon type. dot1x means the 802.1x users. mac authentication means the centralized M AC address authentication users. domain domain-name: Confi[...]

AAA and RADIUS Configuration Commands 257 ip-address | mac mac-address | radius-s cheme radius-scheme-name | vlan vlanid | ucibindex ucib-index | us er-name user-name ] Vie w All views Parameter access-type { dot1x | mac-authenticatio n }: Configures to display the supplicants according to their logon type. dot1x means the 802.1x users. mac-authent[...]

258 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS display domain Syntax display domain [ isp-name ] View All views Parameter isp-name: Specifies the ISP domain nam e, wi th a character string not exceeding 24 characters. The specifi ed ISP domain shall have been cr eated. Description Use the display domain command to view the configuration of a spec[...]

AAA and RADIUS Configuration Commands 259 idle-cut: Configur es to display the local user s accor ding to the state of idle-cut function. disable means that the user disables the idle-cut function an d enable means the user enables the func tion. This parameter only takes effect on the users configured as lan-access type. For other types of user s,[...]

260 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS Ta b l e 30 Output description of the display local-user command domain Syntax domain { isp-name | default { disa ble | enable isp-name }} undo domain isp-name View System View Parameter isp-name: Specifies an ISP domain name. The name is expressed with a character string not exceeding 24 characters,[...]

AAA and RADIUS Configuration Commands 261 For a Switch, each supplicant belongs to an ISP domain. The system supports up to 16 ISP domains. If a user has not reported its ISP domain name, the system will put it into the default domain. When this command is used, if the spe cif ied ISP domain does not exist, the system will create a new ISP domain. [...]

262 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS Related comma nd: domain Example T o enable the user in the current ISP domain, 3Com163.net, to use the idle-cut attribute specified in the use r template (that is, enabling the user to use the idle-cut function). The maximum idle time is 50 minutes and the minimum data traffic is 500 bytes. <4500[...]

AAA and RADIUS Configuration Commands 263 Vie w System View Parameter user-name: Specifies a local username with a character string not exceeding 80 characters, excluding “/”, “:”, “*”, “?”, “<” and “> ”. The @ charac ter can only be used once in one username. The pure username (the part before @, namely the user ID) c[...]

264 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS auto: The auto mode specifies that a us er is allowed to use the password command to set a password display mode. Description Use the local-user password-display-mode command, you can configure the password display mode of all the accessing user . Use the undo local-user password-display-mode command[...]

AAA and RADIUS Configuration Commands 265 ■ The client keeps the user informed of the remaining online time through a message aler t dialog box. Example T o configure to start the sending of al ert messages when the user's remaining online time is 30 minutes and send the messages a t an interval of f ive minutes, enter the following: <450[...]

266 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS Parameter radius-scheme-name: Specifies a RADIUS scheme, with a character string not exceeding 32 characters. Description Use the radius-scheme command to conf igure the R ADIUS scheme used by the current ISP domain. This command is used to specify the RADIUS scheme for the current ISP domain. The sp[...]

AAA and RADIUS Configuration Commands 267 ■ If the local or none scheme applies, no RADIUS scheme can be ad opted. ■ If you want to specify the ISP domain to adopt RADIUS scheme, then the RADIUS scheme must have already been configur ed. Y ou can use either scheme or radius -scheme command to spec ify the RADIUS scheme for an ISP domain. If bot[...]

268 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS The "Change user password" option is available only after the user passed the authentication; oth erwise, this o p tion is in grey and unavailable. Example In the ISP domain "marlboro.net", configure the URL addr ess of the page u sed to change the user password on the self-servic[...]

AAA and RADIUS Configuration Commands 269 Y ou can use either level or service-type commands to specify the level for a local user . If both of these commands are used , the latest configuration takes effect. Example T o set to provide the lan-access service for the user JohnQ , enter the following: <4500> system-view System View: return to U[...]

270 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS [4500] domain marlboro.net [4500-isp-marlboro.net] state block [4500-isp-marlboro.net] quit T o set the user 3Com1 to be in the block state, enter the following: [4500-user-3Com1] state block RADIUS Protocol Configuration Commands This section describes how to use the RA DIUS Pr otocol configurat ion[...]

RADIUS Protocol Configuration Comman ds 27 1 undo data-flow format Vie w RADIUS Sch eme View Parameter data: Set data unit. byte: Set 'byte' as the unit of data flow . giga-byte: Set 'giga-byte' as the unit of data flow . kilo-byte: Set 'kilo-byte' as th e unit of data flow . mega-byte: Set 'mega-byte' as the[...]

272 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS Parameter None Description Use the display local-server statistics command to v iew the statistics of local RADIUS authentication server . Related comma nd: local-server . Example T o display the statistics of local RADIUS authenticati on server , enter the following <4500> display local-server[...]

RADIUS Protocol Configuration Comman ds 27 3 TimeOutValue(in second)=3 RetryTimes=3 RealtimeACCT(in minute)=12 Permitted send realtime PKT failed coun ts =5 Retry sending times of noresponse acct- stop-PKT =500 Quiet-interval(min) =5 Username format =without-domain Data flow unit =Byte Packet unit =1 --------------------------------------- --------[...]

274 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS PKT auth timeout ,N um=0 ,Err=0 ,Succ=0 display stop-accounting-buffer Syntax display stop-accounting-buffer { r adius-scheme radius-scheme-name | session-id session-id | time-range start-time stop-time | user-name user-name } View All views Parameter radius-scheme radius-scheme-name: Configur es to [...]

RADIUS Protocol Configuration Comman ds 27 5 <4500> display stop-accounting-buffer time-range 0:0:0-2003/08/31 23:59:59-2003/08/31 Total find 0 record key Syntax key { accounting | authentication } str ing undo key { accounting | authentication } Vie w RADIUS Sch eme View Parameter accounting: Configures to set/delete the au thentication key [...]

276 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS Example 2: T o set the accounting packet key of the RADIUS scheme to “ok”, enter the following: [4500-radius] key accounting ok local-server Syntax local-server nas-ip ip-address key string undo local-server nas-ip ip-address View System View Parameter nas-ip ip-address: set NAS-IP address of acc[...]

RADIUS Protocol Configuration Comman ds 27 7 undo nas-ip Vie w RADIUS Sch eme View Parameter ip-address : IP addr ess in dotte d decimal format. Description Use the nas-ip command to set the source IP addr ess of the network access server (NAS, the Switch in this guide), so that all pa ckets destined for the RADIUS server carry the same source IP a[...]

278 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS By default, as for the newly created RADI US scheme, the IP a ddress of the primary accounting server is 0.0.0.0, and the UDP port nu mber of this server is 1813; as for the "system" RADIUS scheme created by the system, the IP addr ess of the primary accounting server is 127.0.0.1, and the [...]

RADIUS Protocol Configuration Comman ds 27 9 After creating a RADIUS serv er group, you ar e supposed to set IP addresses and UDP port numbers for the RADIUS se rvers, including primary/seco nd authentication/authorization servers and accounting servers. In real networking environments, the above parameters sha ll be set accor ding to the specific [...]

280 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS radius scheme Syntax radius scheme radius-scheme-name undo radius scheme radius-scheme-n ame View System View Parameter radius-scheme-name: Specifie s the Radius server name with a charac ter string not exceeding 32 characters. Description Use the radius scheme command to configure a RADIUS scheme gr[...]

RADIUS Protocol Configuration Comman ds 28 1 Vie w User View Parameter None Description Use the r eset radius sta tistics command to clear the statisti c information r elated to the RADIUS protoc ol. Related co mmand: display radius . Example T o clear the RADIUS protocol statist ics, enter the following: <4500> reset radius statistics res e [...]

282 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS retransmit it for several time s, which is set through the retry realtime-accounting command. This command is used to delete the stopping accountin g requests fr om the Switch buffer . Y o u can select to delet e the pa ckets transmitted to a specified RADIUS server , or accor ding to th e session-id[...]

RADIUS Protocol Configuration Comman ds 28 3 <4500> system-view System View: return to User View with C trl+Z. [4500] radius scheme 3Com [4500-radius-3Com] retry 5 retry realtime-accounting Syntax retry realtime-accounting retry-times undo retry realtime-accounting Vie w RADIUS Schem e View Parameter retry-times: Specifies the maximum times o[...]

284 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS View RADIUS Scheme View Parameter retry-times: Specifies the maximal r etra nsmission times after stopping accounting request,. ranging from 10 to 65535. By default, the value is 500. Description Use the retry stop-accounting command to configure the maximal retransmission times after stop ping accou[...]

RADIUS Protocol Configuration Comman ds 28 5 For detailed information, read the Description of the primary accounting command. Related co mmands: key , radius scheme , state . Example T o set the IP address of the second ac coun ting server of RADIUS scheme, 3Com, to 10.110.1.1 and t he UDP port 1813 t o prov ide RADIUS accounting service, enter th[...]

286 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS undo server-type View RADIUS Scheme View Parameter 3Com: Configures the Switch to support the extended RADIUS server type, which requir es the RADIUS client end (Switch) and RADIUS server to interact according RADIUS extensions. standard: Configures the Switch to support the RADIUS server of Stan dar[...]

RADIUS Protocol Configuration Comman ds 28 7 authentication: Configures to set th e state of RADIUS authentication/authorization. block: Configures the RADIUS server to be in the state of block . active: Configures the RADIUS server to be active , namely the normal operation state . Description Use the state command to configure the state of RADIUS[...]

288 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS Description Use the stop-accounting-buffer enable command to configure to save the stopping accounting requests without response in the Switch buffer . Use the undo stop-accounting-buffer enable command to cancel the function of savin g the stopping accounting requests without response in the Switch [...]

RADIUS Protocol Configuration Comman ds 28 9 Related co mmands: radius scheme , retry . Example T o set the response timeout timer of RA DIUS scheme, 3Com, to 5 seconds, enter the following: <4500> system-view System View: return to User View with C trl+Z. [4500] radius scheme 3Com [4500-radius-3Com] timer 5 timer quiet Syntax time quiet minu[...]

290 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS Parameter minutes: Real-time accounting in terval, rangin g from 3 to 60, measur ed in minutes in multiples of 3. By default, the value is 12. Description Use the timer realtime-accounting command to configure the real-time accounting in terval. Use the undo timer realtime-accounting command to re st[...]

RADIUS Protocol Configuration Comman ds 29 1 Description Use the timer response-timeout command to configur e the RADIUS server response timer . Use the undo timer command to restor e the default. If the NAS receives no r esponse from the RADIUS server after sending a RADIUS request (authentication/authorization or accounting request) for a period [...]

292 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS domains. Otherw ise, the RADIUS se rver will regard t wo users in different IS P domains as the same user b y mistake, if they have the same username (excluding their respective domain names.) Related comma nd: radius scheme . Example T o specify to send the username without domain name to RADIUS ser[...]

12 U SING S YSTEM M ANAGEMENT C OMMANDS This chapter describes how to use th e following commands: File System Management Commands ■ cd ■ copy ■ delete ■ dir ■ execute ■ file prompt ■ format ■ mkdir ■ more ■ move ■ pwd ■ ren a me ■ res e t rec y c le - bi n ■ rmdir ■ undelete Configuration File Management Commands ■ [...]

294 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS ■ ftp timeout ■ local-use r ■ password ■ service-type F TP Client Commands ■ ascii ■ binary ■ bye ■ cd ■ cdup ■ close ■ delete ■ dir ■ disconnect ■ ftp ■ get ■ lcd ■ ls ■ mkdir ■ passive ■ put ■ pwd ■ quit ■ rem o te h e lp ■ rmdir ■ user ■ ver[...]

295 Device Management Commands ■ boot boot-loader ■ boot bootrom ■ display boot-loader ■ display cpu ■ display devic e ■ display fan ■ display memory ■ display power ■ display schedule reboot ■ reboot ■ schedule reboot at ■ schedule reboot delay Basic System Conf iguration and Manag ement Commands ■ clock datetime ■ cloc[...]

296 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS ■ info-center channel name ■ info-center console channel ■ info-center enable ■ info-center logbuffer ■ info-center loghost ■ info-center loghost source ■ info-center monitor channel ■ info-center snmp channel ■ info-center source ■ info-center switch-on ■ info-center times[...]

297 ■ snmp-agent trap source ■ snmp-agen t usm-user ■ undo snmp-agent RMON Configuration Co mmands ■ display rmon alarm ■ display rmon event ■ display rmon eventlog ■ display rmon hist ory ■ display rmon prialarm ■ display rmon sta tistics ■ rmon alarm ■ rmon event ■ rmon history ■ rmon prialar m ■ rmon statist ics NTP C[...]

298 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS ■ peer - public-key end ■ protocol inbound ■ public-key-code begin ■ public-key-code end ■ rsa local-key-pair create ■ rsa local-key-pair destroy ■ rsa peer -public-key ■ ssh server authentication-retries ■ ssh server timeout ■ ssh user assign rsa-key ■ ssh user authenticat[...]

File System Managem ent Commands 299 ■ quit ■ rem o v e ■ ren a me ■ rmdir ■ sftp File System Management Commands This section describes the commands you can use to manage the file system on your Switch 4500. In switches supporting the XRN feature, the file path must start with "unit[No.]>flash:/:", the [No.] is the unit ID .[...]

300 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS When the destination filename is the same as that of an existing file, the system will ask whether to overwrite it. Example Display current dir e ctory information. <4500> dir Directory of unit1>flash:/ 0 -rw- 595 Jul 12 2001 19 :41:50 test.txt 16125952 bytes total (13975552 byt es free[...]

File System Managem ent Commands 301 <4500> dir Syntax dir [ /all ] [ file-path ] Vie w User view Parameter /all: Display all the files (inc luding the deleted ones). file-path : File or dir ectory name to be displayed. The file-path parameter supports “*” matching. For example, using dir *.txt will display all the files with the extensio[...]

302 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS 1 -rw- 248 Aug 29 2000 17:49:36 text.txt 20578304 bytes total (3104544 byte s free) execute Syntax execute filename View System view Parameter filename : Name of the batch file, which is a string up to 256 characters in lengt h, with a suffix of “.bat”. Description Use the execute command to[...]

File System Managem ent Commands 303 [4500] file prompt quiet [4500] format Syntax format filesystem Vie w User view Parameter filesystem: Device name. Description Use the format command to format the storage device. All of the files on the storage device will be lost and non-r ecov erable. Specially , configuration files will be lost after formatt[...]

304 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS View User view Parameter file-path: File name. Description Use the more command to display the contents f of the specified file formatted as text. Example Display contents of file test.txt. <4500> more test.txt AppWizard has created this test ap plication for you. This file contains a summ[...]

File System Managem ent Commands 305 Move flash:/test/sample.txt to flash:/sample.txt. <4500> move flash:/test/sample.txt flash :/sample.txt Move unit1>flash:/test/sample.txt to un it1>flash:/sample.txt ?[confirm]: y % Moved file unit1>flash:/test/sample.t xt unit1>flash:/sample.txt Display the directory after moving a file. <4[...]

306 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS If the destination file name is the same as an existing dire ctory name, the rename operation will fail. If the dest ination file name is the same as an existing file name, a prompt will be displayed asking whet her to overwrite th e existing file. Example Display the current dir ectory informat[...]

File System Managem ent Commands 307 Vie w User view Parameter directory: Directory name. Description Use the rmdir command to delete a directory . Th e directo ry to be deleted must be empty . Example Delete the directory test . <4500> rmdir test Rmdir unit1>flash:/test?[Y/N]:y Removed directory unit1>flash:/test undelete Syntax undele[...]

308 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Display the information for all of the files in the current directory , including the deleted files . <4500> dir /all Directory of unit1>flash:/ 0 -rw- 50 Jul 12 2001 20 :34:19 sample.bak 1 -rw- 595 Jul 12 2001 20 :13:19 test.txt 16125952 bytes total (13972480 byt es free) Configuration[...]

Configurati on File Management Comma nds 309 By default, if some running configuration parameters are the same with the default operational parameters, they will not be displayed. If a user needs to authent icate whether the co nfigurations are correct after finishing a set of configurat ion, the display current-configuration command can be used to[...]

310 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS interface Ethernet1/0/6 interface Ethernet1/0/7 interface Ethernet1/0/8 interface Ethernet1/0/9 interface Ethernet1/0/10 interface Ethernet1/0/11 interface Ethernet1/0/12 ---- More ---- T o view configuration information beginning with “user”, enter the following: <4500> display curren[...]

Configurati on File Management Comma nds 311 <4500> display saved-configuration local-server nas-ip 127.0.0.1 key 3com domain default enable system queue-scheduler wrr 1 2 3 4 5 9 13 15 ip http acl 2000 radius scheme system domain system acl number 2000 match-order auto rule 0 permit acl number 3000 acl number 4000 rule 0 permit qos-profile s[...]

312 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS display startup Syntax display startup View All views Parameter None Description Use the display startup command, to display the related system softwar e and configuration filenames used for th e current and the next start-ups. This command is used to display the following information: ■ Filen[...]

Configurati on File Management Comma nds 313 Generally , this command is used in the following situations: ■ After upgrade of software, configuration files in flash memory may not match the new version's software. Perform reset saved-configuration command to erase the old configuration files. ■ When a Switch 4500 is reused on a network but[...]

314 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Related comma nds: reset saved-configuration, display current-configuration, display sav ed-configuration. Example Get the current configuration files stored in flash memory . <4500> save The configuration will be written to the device. Are you sure?[Y/N] y Please input the file name(*.cfg[...]

FTP Server Configuration Commands 315 Parameter cfgfile : The name of the configuration file. It is a string with a leng th of 5 to 56 characters. Description Use the startup saved-configuration command to configure the configuration file used for enabling the system for the next time. The configuration file must have ".cfg" as its extens[...]

316 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS View All views Parameter None Description Use the display ftp-user command to display the parameters of current F TP user . Y ou can perform this command to examine the configuration after setting F TP parameter s. Example Show the config uration of F TP user parameters. <4500> display ftp[...]

FTP Server Configuration Commands 317 Vie w System view Parameter minute: Connection timeouts (measured in minutes), ranging fr om 1 to 35791; The default connection time out time is 30 minutes. Description ■ Use the ftp timeout command to configure connection timeout interval. ■ Use the undo ftp timeout command to restor e the default connecti[...]

318 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS terminal : Specifies tha t the user type is te rminal which refers to users who use the terminal service (login fr om the Console, AUX or Asyn port). Description Use the local-user command to configure a local user and enter the local user view . Use the undo local-user command to cancel a speci[...]

FTP Server Configuration Commands 319 [4500] local-user 3Com1 New local user added [4500-luser-3Com1] password simple 20030 422 service-type Syntax service-type { ftp [ ftp-directory directory ] | lan-access | { ssh | telnet | terminal }* [ level level ] } undo service-type { ftp [ ftp-directory ] | lan-access | { ssh | telnet | terminal }* [ level[...]

320 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS <4500> sys System View: return to User View w ith Ctrl+Z. [4500] local-user-3Com1 New local user added. [4500-luser-3Com1] service-type lan -access F TP Client Commands This section describes the File T ransfer Protocol (F TP) Client commands on your Switch 4500. ascii Syntax ascii View F [...]

FTP Client Command s 321 Description Use the binary command to configure file tran smission type a s binary mode. Example Configure to transmit data in the binary mode. <4500> ftp 1.1.1.1 Trying ... Press CTRL+K to abort Connected. 220 FTP service ready. User(none):hello 331 Password required for hello. Password: 230 User logged in. [ftp] bin[...]

322 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS View F TP Client view Parameter pathname: Path na me. Description Use the cd comman d to change the working path on the remote F TP Server . This command is used to access another directory on F TP Server . Note that the user can only access the dir ectories authorized by the F TP server . Examp[...]

FTP Client Command s 323 230 User logged in. [ftp] cdup 501 Change to no authenticated director y. [ftp] close Syntax close Vie w F TP Client view Parameter None Description Use the close command to disconnect F TP client s ide from F TP server side without exiting F TP client side view so that y ou terminate the control connection and data connect[...]

324 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Trying ... Press CTRL+K to abort Connected. 220 FTP service ready. User(none):hello 331 Password required for hello. Password: 230 User logged in. [ftp] delete temp.c 250 DELE command successful [ftp] dir Syntax dir [ filename [ localfile ]] View F TP Client view Parameter filename : File name t[...]

FTP Client Command s 325 Parameter None Description Using the disconnect command, subscri bers can disconnect F TP client side fr om F TP server sid e without exiting F TP client side view . This command terminates the contr ol co nnection and data connection with the remote F TP Server at the same time. Example T erminate connection with th e remo[...]

326 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS [ftp] get Syntax get remotefile [ localfile ] View F TP Client view Parameter localfile: Local file name. remotefile: Name of a file on the r emote F TP Server . Description Use the get command to download a r emote file and save it locall y . If no local file name is specified, it w ill be cons[...]

FTP Client Command s 327 <SW4500> ftp 1.1.1.1 Trying ... Press CTRL+K to abort Connected. 220 FTP service ready. User(none):hello 331 Password required for hello. Password: 230 User logged in [ftp] lcd % Local directory now flash:/temp [ftp] ls Syntax ls [ remotefile [ localfile ]] Vie w F TP Client view Parameter remotefile: Remote file to b[...]

328 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Parameter pathname: Dir ectory name. Description Use the mkdir command to create a dir ectory on the remote F TP Server . User can perform this operation as long as the remote F TP server has authorized the operation. Example Cr eate the dire ctory flash:/lanswitch on the r emote F TP Server . &[...]

FTP Client Command s 329 230 User logged in [ftp] passive % Passive is on [ftp] put Syntax put localfile [ remotefile ] Vie w F TP Client view Parameter localfile: Local file nam e. remotefile: File name on the r emote F TP Server . Description Use the put command to upload a local file to the remote F TP Server . If the user does not specify the f[...]

330 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Example Show the current dir ectory on the remote F TP Server . <SW4500> ftp 1.1.1.1 Trying ... Press CTRL+K to abort Connected. 220 FTP service ready. User(none):hello 331 Password required for hello. Password: 230 User logged in [ftp] pwd 257 "flash:/temp" is current direc tory[...]

FTP Client Command s 331 Description Use the remotehelp command to display help information about the F TP protocol command. Example Show the syntax of the protocol command user . <SW5500> ftp 1.1.1.1 Trying ... Press CTRL+K to abort Connected. 220 FTP service ready. User(none):hello 331 Password required for hello. Password: 230 User logged [...]

332 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Parameter username: Logon username. password: Logon password. Description Use the user command to r egister an F TP user . Example Log in the F TP S erver with user name tom an d password hello . <SW4500> ftp 1.1.1.1 Trying ... Press CTRL+K to abort Connected. 220 FTP service ready. User(n[...]

TFTP Configuration Commands 333 % Verbose is on [ftp] TF TP Configuration Commands This section describes the T rivial File T r ansfer Protocol (TF TP) Commands on your Switch 4500. tftp get Syntax tftp tftpserver get source-file [ dest- file ] Vie w User view Parameter tftp-server: IP address or host name of the TF T P server . The name of the TF [...]

334 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Description Use the tftp put co mmand to upload a f ile from the switch to the specif ied directory on the TF TP server and save it with a new name. Related comma nds: tftp get . Example < SW5500> tftp 1.1.3.214 put sw5500c fg.txt temp.txt MAC Address T able Management Commands This sectio[...]

MAC Address Table M anagement Commands 335 When manag ing the Layer -2 addr esses of the switch, the administr ator can perform this command to view such info rmation as the Layer -2 address table, address status (static or dy namic), Ethernet port of the MAC address, VLAN of the address, and system address aging time. For the related commands, see[...]

336 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS undo mac-address [ { static | dyna mic | blackhole } mac-address interface { interface-name | inter face-type interface-num ] vlan vlan-id ] View System view Parameter static: Static table entry , lost after resetting switch. dynamic: Dynamic table entry , which will be aged. blackhole : Blackho[...]

MAC Address Table M anagement Commands 337 undo mac-address max-mac-count Vie w Ethernet port view Parameter count: Enter a value in the range 0 to 32768 to specify how many MAC addresses a port can learn. 0 means that the port is not allowed to lea r n MAC addresses. Description Use the mac-address max-mac-count command to configur e the maximum n[...]

338 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Description Use the mac-address timer command to configure the aging time of the Layer -2 dynamic addr ess table ent ry . Use the undo mac-address timer command to restor e the defau lt value. Setting the aging time on the switch to be too long or too short will cause the switch to br oadcast da[...]

Device Managem ent Commands 339 Vie w User view Parameter file-path: File path and file name of Bootr om. Description Use the boot bootrom command to upgrade bootro m. Example Upgrade bootrom of the switch. <SW4500> boot bootrom PLATV100R002B09D00 2.btm display boot-loader Syntax display boot-loader [unit unit-id ] Vie w All views Parameter u[...]

340 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS The information displays in the following format : Unit 1 Board 0 CPU busy status: 11% in last 5 seconds 12% in last 1 minute 14% in last 5 minutes display device Syntax display device [ unit unit-id ] View All views Parameter unit unit-id : Specify the Unit ID of the switch. Description Use the[...]

Device Managem ent Commands 341 Parameter unit unit-id : Specify the Unit ID of the switch Description Use the display fan command to display the working state of the built-in fans. Example Display the working state of the fans. <SW4500> display fan Unit 1 Fan 1 State: Normal The above information indicate s that the fan works normally . disp[...]

342 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Parameter unit unit-id : Specify the Unit ID of the switch power-ID: Power ID. Description Use the display power command to display the working state of th e built-in power supply . Example Show power s tate. <SW4500> display power 1 Unit1 power 1 State: Normal display schedule r eboot Syn[...]

Device Managem ent Commands 343 Example Reboots the Switch. <SW4500> reboot This will reboot device. Continue? [Y/N ] schedule reboot at Syntax schedule reboot at hh:mm [ yyyy/mm/dd ] undo schedule reboot Vie w User view Parameter hh:mm : Reboot time of th e switch, in the format of "hour: min ute" The hh ranges from 0 to 23, and th[...]

344 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Example Set the switch to be restarted at 22:00 that night (the curr ent time is 15:50). <SW4500> schedule reboot at 22:00 Reboot system at 22:00:00 2000/04/ 02 (in 19 hours and 47 minutes) confirm? [Y/N]: y %Apr 2 02:12:20:72 2000 3Com CMD/ 5/REBOOT:- 1 - aux0: schedule reboot parameters [...]

Device Managem ent Commands 345 Confirm? [Y/N]: y %Apr 2 02:13:10:09 2000 3Com CMD/5/REB OOT:- 1 - aux0: schedule reboot parameters at 02: 13:10 2000/04/02. And system will reboot at 03:41 2000/04/02. <SW5500>[...]

346 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Basic System Configuration and Management Commands This section describes the basic system configuration and system management commands available on your Switch 4500. clock datetime Syntax clock datetime time date View User view Parameters time : Enter the current time in HH:MM:SS forma t . HH c[...]

Basic System Confi guration and Management Comma nds 347 end_time : Enter the end time of summer time, in the format HH:MM:SS. end_date : Enter the end date of summer time, in the format YYYY/MM/DD. offset_time : Enter the of fset time, that is th e amount o f time added, in the format HH:MM:SS. Description Use the clock summer-time command to set [...]

348 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Use the undo clock timezone command to return t o the default, which is Universal T ime Coordinated (UTC). Use the display clock command to check the summer time settings. Related comma nd: clock summer-time Example T o set the local time zone as zone 5, a nd configure the local time to be 5 hou[...]

System Status and System Information Display Comma nds 349 Vie w All views Parameter None Description Use the display clock command to obtain informat ion about system data and time from the terminal display .. For the related commands, see clock . Example View the curr ent system date and clock. <SW4500> display clock 15:50:45 UTC Mon 01/01/[...]

350 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Config message send: 0 0 Notification message recv: 0 0 Notification message send: 0 0 Information message recv: 0 0 Information message send: 0 0 display debugging Syntax display debugging [ interface { in terface-name | interface-type interface-num } ] [ module-name ] View All views Parameter [...]

System Debug Commands 351 System Debug Commands This section describes the system debug ging options, and the system diagnostics information that can be displayed on your Switch 4500. debugging Syntax debugging module-name [ debugging-option ] undo debugging { all | module-name [ de bugging-option ] } Vie w User view Parameter all : Disable all the[...]

352 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS after the synchronization information statis tics and detection, you must execut e the undo info-center switch-on command to disable the switch in time. For the related commands, see display debugging . Example Enable IP Packet debugging. <SW4500> debugging ip packet IP packet debugging sw[...]

Network Connection Test Commands 353 Use the undo end-station polling ip-address command to delete the IP address r equiring periodic testing. The switch can ping an IP ad dress every one minute to tes t if it is reachable. Three PING packets can be sent at most for ever y IP address in every testing with a time interval of five seconds. If the swi[...]

354 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS -q : Configure not to display any other detailed information except stat istics. -r: Record route. -s packetsize: Specify the l ength of ECHO-REQUEST (excluding IP and ICMP packet header) in bytes. -t timeout: Maximum waiting time after sending the ECHO-REQUEST (measu red in ms) . -tos tos: Spec[...]

Network Connection Test Commands 355 ■ The final statistics, inclu ding number of sent packets, nu mber of response packets received, per centage of non-response packets and minimal/maximum/average value of response time. If the network transmission rat e is too low to increase the r esponse message timeout. For the related commands, see tracert [...]

356 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS View This command can be used in the following views: ■ System view Description Remote-ping is a network d iagnostic tool used to test the performance of protocols (only ICMP by far) operatin g on ne twork. It is an enhanced alternative to the ping c ommand. Remote-ping test group is a set of [...]

Network Connection Test Commands 357 Destination ip address:10.10.10.1 0 Send operation times: 10 Receive response times: 10 Min/Max/Average Round Trip Time: 1/2/1 Square-Sum of Round Trip Time: 13 Last complete test time: 2004-11- 25 16:28:55.0 Extend result: SD Maximal delay: 0 DS Maximal delay: 0 Packet lost in test: 0% Disconnect operation numb[...]

358 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS 9 1 1 0 2004-11-25 16:28:55.9 10 1 1 0 2004-11-25 16:28:55.9 View This command can be used in the following views: ■ Any view Description If a test group is specified by using the administrator -name and test-tag arguments, the system displays the test results of the specified test gr oup. Oth[...]

Network Connection Test Commands 359 Syntax remote-ping-agent enable undo remote-ping-agent enable Parameters None Example Enable remote-ping client. [S5500] remote-ping-agent enable Vie w This command can be used in the following views: ■ System view Description Y ou can perform a tes t only after the re mote-ping client f unction is enabled. tr[...]

360 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Description Use the tracert command to check the reachab ility of network connection and troubleshoot the network. User can te st gateways passed by the packets transmitted from the host to th e destination. By default, when the para meters are not specified, first-TTL is 1, max-TTL is 30, port [...]

Log Commands 361 Log Commands This section displays the logg ing opt ions available on your Switch 4500. display channel Syntax display channel [ channel-number | chan nel-name ] Vie w All views Parameter channel-number: Channel number , ranging from 0 to 9, that is, the system has ten channels. channel-name: Specify the channel na me, the name can[...]

362 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS For the related commands, see info-center enable , info-center loghos t , info-center logbuffer , info-center console channel , info-center monitor channel . Example Show the system log informatio n. <SW4500> display info-center Information Center: enabled Log host: 173.168.1.10, channel n[...]

Log Commands 363 Example Rename channel 0 as execconsole. <SW4500>system-view System View: return to User View with C trl+Z. [SW4500] info-center channel 0 name exec console [SW4500] info-center console channel Syntax info-center console channel { channel-n umber | channel-name } undo info-center console channel Vie w System view Parameter ch[...]

364 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Parameter None Description Use the info-center enable command to enable the system log function. Use the undo info-center enable command to disable system log function. By default, system lo g function is enabled. Only after the system log function is enabled can the system output the log inform[...]

Log Commands 365 This command takes ef fect only after the system logging is enabled. For the related commands, see info-center e nable , display info-center . Example Send log information to bu ffer and sets the size of buffer as 50. <SW4500> system-view System View: return to User View with C trl+Z. [SW4500] info-center logbuffer 50 [SW4500[...]

366 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Example Configure to send log information to the UNIX workstation at 202.38.160.1. <SW4500> system-view System View: return to User View w ith Ctrl+Z. [SW4500] info-center loghost 202.38 .160.1 [SW4500] info-center loghost source syntax info-center loghost source interfa ce-name undo info-[...]

Log Commands 367 channel-name: Specify the channel name. The name can be channel6, channel7, channel8, channel9, console, logbuffer, loghost, monitor, snmpagent, trapbuffer. Description Use the info-center monitor channel command to set the channel to output the log information to the user terminal. Use undo info-center monitor channel command to r[...]

368 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS System View: return to User View w ith Ctrl+Z. [SW4500] info-center snmp channel 6 [SW4500] info-center source Syntax info-center source { modu-name | default } channel { channel-nu mber | channel-name } [ debug { level sev erity | state state }* | log { level severity | state state }* | trap { [...]

Log Commands 369 channel-name: Channel name to be set. The name can be cha nnel6, channel7, channel8, channel9, console, logbu ffer, loghost, monitor, snmpagent, trapbuffer. state: Set the state of the information. state: Specify the state as on or off . Ta b l e 36 Module names in logging information Module name Description 8021X 802.1X modul e AC[...]

370 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Description Use the info-center source command to add/delete a record to the information channel. Use th e undo info-center source command to delete the contents of the information channel. For example, for the filter of IP module log output, you can configure to output the logs at a level highe[...]

Log Commands 371 In addition, each informati on channel has a default reco rd with the module name “a l l ” a n d m o du l e n u m be r as 0 xffff 0 0 0 0. H ow e ve r , f o r d i ffe re n t i n fo r ma t i on channel, the default log, trap and debugging settin gs in the recor ds may be differ ent with one anoth er . Use default configuration r[...]

372 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS After the forming of a Fabr ic by switches which support the XRN, th e log, debugging and trap informat ion among the switches is synchronous. The synchronization pr ocess is as follows: each switch send s its own information to other switches in the Fabric and meantime receives the information [...]

Log Commands 373 Example Configure the debugging informat ion timestamp format as boot. <SW4500> system-view System View: return to User View with C trl+Z. [SW4500] info-center timestamp debugging boot [SW4500] info-center trapbuffer Syntax info-center trapbuffer [ size buff ersize ] [ channel { channel-number | channel-name } ] undo info-cen[...]

374 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS View User view Parameter None Description Use the reset logbuffer command to clear information in log buf fer . Example Clear information in log buffer . <SW4500> reset logbuffer reset trapbuf fer Syntax reset trapbuffer View User view Parameter None Description Use the reset trapbuffer co[...]

Log Commands 375 Example Enable the terminal display debugging . <SW4500> terminal debugging % Current terminal debugging is on <SW4500> terminal logging Syntax terminal logging undo terminal logging Vie w User view Parameter None Description Use the terminal logging command to start logging the information displayed on the terminal. Us[...]

376 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS This command only takes effect on the current terminal where the commands ar e input. The debugg ing/log/trap information can be output to the current terminal, beginning in user view . When the terminal monitor is shut down, no debugging/log/trap info rmation will be displayed in local terminal[...]

SNMP Configuration Commands 377 Parameter local-engineid: local engine ID. remote-engineid: r emote en gine ID. Description Use the display snmp-agent engineid com mand to view the engine ID of current device. SNMP engine is the core of SNMP entity . It performs the functio n of sending, receiving and authenticating SNMP message, extr acting PDU, p[...]

378 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Parameter groupname: Gr oup name, ranging from 1 to 32 bytes. Description Use the display snmp-agent group command to display g roup name, safe mode, state of various views and storage modes. Example Display SNMP group name and safe mode. <SW4500> display snmp-agent group groupname: public[...]

SNMP Configuration Commands 379 <SW4500> display snmp-agent mib-view View name:ViewDefault MIB Subtree:snmpUsmMIB Subtree mask: Storage-type: nonVolatile View Type:excluded View status:active View name:ViewDefault MIB Subtree:snmpVacmMIB Subtree mask: Storage-type: nonVolatile View Type:excluded View status:active View name:ViewDefault MIB Su[...]

380 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS 3 Messages passed from the SNMP en tity 0 SNMP PDUs which had a tooBig err or (Maximum packet size 1500) 0 SNMP PDUs which had a noSuchName error 0 SNMP PDUs which had a badValue e rror 0 SNMP PDUs which had a general er ror 0 Response PDUs accepted and proce ssed 3 Trap PDUs accepted and proces[...]

SNMP Configuration Commands 381 display snmp-agent sys-info Syntax display snmp-agent sys-info [ contact | location | version ]* Vie w All views Parameter None Description Use the display snmp-agent sys-info command to view th e system information of SNMP configuration. The information includes the character string sysContact (system contact), the [...]

382 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS <SW4500> display snmp-agent usm-use r User name: hello Group name: hellogroup Engine ID: 800007DB00E0FC00 39006877 Storage-type: nonVolatile UserStatus: active Acl:2000 display snmp-proxy unit Syntax display snmp-proxy unit unit-id View Any view Parameter unit-id :Unit ID of the switch. De[...]

SNMP Configuration Commands 383 Parameter None. Description Use the enable snmp trap updown command to enable the current port to transmit the LINK UP and LI NK DOWN trap information. Use the undo enable snmp trap updown command to disable the current port to transmit the LINK UP and LI NK DOWN trap information. Example Enable the current port Ethe[...]

384 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Configur e communit y name as mgr and read-write access permission. <SW4500> system-view System View: return to User View w ith Ctrl+Z. [SW4500] snmp-agent community write mgr [SW4500] Delete the community name comaccess . [SW4500] undo snmp-agent community comaccess snmp-agent group Synta[...]

SNMP Configuration Commands 385 3Com recommends that you do not use the notify-view parameter when configuring an SNMP group, for the following reasons: ■ The snmp-agent target-host command automatically generates a notify-view for a user , and adds it to the corresponding group. ■ Any change of the SNMP group notify-view will affect all the us[...]

386 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS View System view Parameter included: Include this MIB subtr ee. excluded: Exclude this MIB subtr ee. view-name: Specify the view name, with a character string, ranging from 1 to 32 characters . oid-tree: MIB object subtree. It can be a character string of the variable OID, or a variable name, ra[...]

SNMP Configuration Commands 387 Example Set the size of SNMP packet to 1042 bytes. <SW4500> system-view System View: return to User View with C trl+Z. [SW4500] snmp-agent packet max-size 1042 [SW4500] snmp-agent sys-info Syntax snmp-agent sys-info { contact sysContac t | location sysLocation | version { { v1 | v2c | v3 } * | all } } undo snmp[...]

388 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS undo snmp-agent target-host host-a ddr securityname community-string View System view Parameter trap: Specifies the host to receive traps or notifications address: Specifies the transport address to be used in the generation of SNMP messages. udp-domain: Specifies the transport domain over UDP f[...]

SNMP Configuration Commands 389 [SW4500] snmp-agent target-host trap add ress udp-domain 2.2.2.2 params securityname comaccess [SW4500] T o enable T rap messa ges to be sent to 2.2.2.2 with a commun ity name of public , enter the following: <SW4500> system-view System View: return to User View with C trl+Z. [SW4500] snmp-agent trap enable [SW[...]

390 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Description Use the snmp-agent trap enable command to enable the device to send T rap message. Use the undo snmp-agent trap enable command to d isable T rap message sending. By default, T rap messag e sending is disabled. The snmp-agent trap enable command an d the snmp-agent target-host command[...]

SNMP Configuration Commands 391 snmp-agent trap queue-siz e Syntax snmp-agent trap queue-size length undo snmp-agent trap queue-size Vie w System view Parameter length: Length of queue, ranging from 1 to 1000; the default length is 100. Description Use the snmp-agent trap queue-size command to configure the information queue length of T rap packet [...]

392 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS snmp-agent usm-user Syntax snmp-agent usm-user { v1 | v2c } u sername groupname [ acl acl-list ] undo snmp-agent usm-user { v1 | v2 c } username groupname snmp-agent usm-user v3 username gr oupname [ authentication-mode { md5 | sha } authpassstring [ privacy-mode { des56 privpassstring }]] [ acl[...]

SNMP Configuration Commands 393 Use the undo snmp-agent usm-user command to delete a user from an SNMP group. SNMP engineID (for authen tication) is required when configuring remote users. This command will not be effectiv e if engineID is not configured. For v1 and v2C, this command will add a new community name. For v3, it will add a new user for[...]

394 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS RMON Configuration Commands This section describes the Remote Mon itoring (RMON) configuration command s available on your Switch 4500 . display rmon alarm Syntax display rmon alarm [ alarm-table-e ntry ] View All views Parameter alarm-table-entry: Alarm table entry index. Description Use the di[...]

RMON Configuration Commands 395 Vie w All views Parameter event-table-entry: Entry index of event table. Description Use the display rmon event command to vi ew RMON events. The display includes even t index in event ta ble, owner of the event , description to the event, action caused by event (log or a larm information), and occurrence time of the[...]

396 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS <SW4500> display rmon eventlog 1 Event table 1 owned by 3Com is VAL ID. Generates eventLog 1.1 at 0days 00 h:01m:39s. Description: The 1.3.6.1.2.1.16.1. 1.1.4.1 defined in alarm table 1, less than(or =) 100 with alarm val ue 0. Alarm sample type is absolute. Generates eventLog 1.2 at 0days[...]

RMON Configuration Commands 397 display rmon prialarm Syntax display rmon prialarm [ prialarm-table- entry ] Vie w All views Parameter prialarm-table-entry: entry of ex tended alarm table. Description Use the display rmon prialarm command to display information about extended al arm table. Related co mmand: rmon prialarm . Example Display alarm inf[...]

398 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Ta b l e 44 Output description of the display rmon prialarm command display rmon statistics Syntax display rmon statistics [ port-num ] View All views Parameter port-num: Ethernet port number . Description Use the display rmon statistics command to displa y RMON statistics. The displayed informa[...]

RMON Configuration Commands 399 rmon alarm Syntax rmon alarm entry-number alarm-variable sampling-time { delta | absolute } rising-threshold threshold-v alue1 event-entry1 falling-threshold threshold-value2 even t-entry2 [ owner text ] undo rmon alarm entry-number Vie w System view Parameter entry-number: Number of the entry to be added/deleted, ra[...]

400 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS falling-threshold threshold-value2 : Falling threshold, ranging from 0 to 2147483647. event-entry2: Event number corresponding to the falling th reshold, ranging from 0 to 65535. owner text : Specifies the cr eator of th e alarm. Length of the character string ranges from 1 to 127. Description U[...]

RMON Configuration Commands 401 owner rmon-station: Name of the network management station that cr eates this entry . The length of the character strin g ranges from 1 to 127. Description Use the rmon event command to add an entry to the event table. Use the undo rmon event command to delete an entry from this table. Event management of RMON define[...]

402 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS [SW4500] interface Ethernet1/0/1 [SW4500-Ethernet1/0/1] undo rmon hi story 15 [SW4500-Ethernet1/0/1] rmon prialarm Syntax rmon prialarm entry-number alarm-v ar [ alarm-des ] sampling-timer { delta | absolute | changeratio } r ising-threshold threshold-value1 event-entry1 falling-threshold thr es[...]

NTP Configuration Commands 403 The number of instances can be created in the table depends on the hardware resour ce of the p roduct. Example Delete line 10 from the extended RMON alarm table. <SW4500> system-view System View: return to User View with C trl+Z. [SW4500] undo rmon prialarm 10 [SW4500] rmon statistics Syntax rmon statistics entr[...]

404 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS ■ Execute either ntp-service unicast-server , ntp-service unicast-peer , ntp-service broadcast-client , ntp-service broadcast-server , ntp-service multicast-client , and ntp-service mu lticast-server commands to enable the NTP feature and open UDP port 123 at the same time. ■ Use the undo fo[...]

NTP Configuration Commands 405 display ntp-service status Syntax display ntp-service status Vie w Any view Parameter None Description Use the display ntp-service status command to display the status of NTP services. Example # View the status of the local NTP serv ice. <SW4500> display ntp-service status Clock status: unsynchronized Clock stra[...]

406 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS display ntp-service trace Syntax display ntp-service trace View Any view Parameter None Description Use the display ntp-service trace command to display the brief information of each NTP time server along the t ime sy nchronization chain fr om the local device to the refer ence clock source. Exa[...]

NTP Configuration Commands 407 server : Allows time request and query on the local NTP server . The loca l clock cannot be synch ronized to the remote server . synchronization : Allows only time r equest on the local NTP server . query: Allows only query on the local NTP server . acl-number : Basic access contr ol list (ACL) number , in the range o[...]

408 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Description Use the ntp-service authentication enable command to enable the NTP authentication. Use the undo ntp-service authentication enable command t o disable the NTP authenticatio n. By default, the NTP authentication is disabled. Example Enable the NTP authe ntication. <SW4500> syste[...]

NTP Configuration Commands 409 ntp-service broadcast-client Syntax ntp-service broadcast-client undo ntp-service broadcast-client Vie w VLAN interface view Parameter None Description Use the ntp-service broadcast-client comma nd to configur e an Ethernet switch to operate in the NTP broadcast client mode and receive NTP br oadcast messages through [...]

410 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Description Use the ntp-service broadcast-server command to configure an Etherne t switch to operate in the NTP br oadcas t server mode and send NTP broadcast messages through the curr ent interface. Use the undo ntp-service broadcast-server command to remove the configuratio n. By default, no E[...]

NTP Configuration Commands 411 undo ntp-service max-dynamic-sessions Vie w System view Parameter number : Maximum number of the NTP se ssions th at can be established locally . This argument ranges from 0 to 100. Description Use the ntp-service max-dynamic-sessions command to set the maximum number of NTP sessions that can be established locally . [...]

412 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Example Configure the switch to receive NTP mult icast messages thr ough Vlan-interface1, with the multicast IP address being 224.0.1.1. <SW4500> system-view System View: return to User View w ith Ctrl+Z. [SW4500] interface Vlan-interface 1 [SW4500-Vlan-interface1] ntp-servi ce multicast-c[...]

NTP Configuration Commands 413 ntp-service reliable authentication-keyid Syntax ntp-service reliable authentication-key id key-id undo ntp-service reliable authenticatio n-keyid key-id Vie w System view Parameter key-id : Authentication key ID, in the range of 1 to 429496729 5. Description Use the ntp-service reliable authentication-key id command [...]

414 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Use the undo ntp-service source-interface command to r emove the configuratio n. If you do not want the IP addresses of th e other interfaces on the local device to be the destination ad dresses of r esponse messages, you can use this command to specify a specific interface to send all NTP packe[...]

NTP Configuration Commands 415 By default, the local Ether net switch is not configured as an active NTP peer . If you use remote-ip to specify a remote server as the peer of the local Ether net switch, the local switch operate s in the active pe er mode. In this case, the local Ethernet switch and the remote server can be synchronized to each othe[...]

416 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Use the undo ntp-service unicast-server command to r emove the configuratio n. By default, no Ether net switch op erates in the NTP client mod e. The remote server specified by remote-ip serves as the NTP server and the local Ethern et switch serves as the NTP client. The clien t can be synchron[...]

SSH Terminal Service Configuration Comma nds 417 SSH T erminal Service Configuration Commands This section describes the SSH configur ation command s available on you r Switch 4500. debugging ssh server Syntax debugging ssh server { VTY vty-num | al l} undo debugging ssh server {VTY vty-num | all} Vie w User View Parameter vty-num: SSH channel to b[...]

418 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS *0.1481894 SW4500 SSH/8/debugging_msg_send:- 1 -SSH2_MSG_USERAUTH_SUCCESS message sent on VTY 3 *0.1481995 SW4500 SSH/8/msg_rcv_vty:- 1 -SSH_MSG_REQUEST_PTY message received on VTY 3 *0.1482095 SW4500 SSH/8/msg_rcv_vty:- 1 -SSH_MSG_START_SHELL message received on VTY 3 %Apr 2 00:19:42:212 2000 S[...]

SSH Terminal Service Configuration Comma nds 419 Key name: SW4500_Host Key type: RSA encryption Key ======================================= ============== Key code: 308188 028180 A768F212 CDF98303 7D641E14 89BC50AC 6B0B1B82 9EA5E2A1 66164625 A092CA18 7CCBF3BC 74BA2A6F 9A5783F9 D2DD4BE7 F65296BE E8D3AC9C EE35A380 0F626AFA E1B6B9B4 84F25041 EEE8B407 [...]

420 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Example T o display all of the RSA public keys currently configur ed, enter the command display rsa peer-public-key . <SW4500> display rsa peer-public-ke y Address Bits Name 1023 abcd 1024 hq T o display information about the public ke y of the client named candy2, enter the following: [SW[...]

SSH Terminal Service Configuration Comma nds 421 [SW4500] display ssh server status SSH version : 2.0 SSH connection timeout : 60 seconds SSH server key generating interval : 0 hours SSH Authentication retries : 3 times SFTP Server: Disable T o display SSH sessions: [SW4500] display ssh server session Conn Ver Encry State Retry Username VTY 3 2.0 A[...]

422 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Description Use the peer-public-key end command to exit from the public key view and return to the system view . Related comma nds: rsa peer-public-key , public-key-code begin . Example T o quit public key view , enter the follo wing: <SW4500> system-view System View: return to User View w[...]

SSH Terminal Service Configuration Comma nds 423 [SW4500-ui-vty0-4] protocol inbound ssh T o disable the T elnet function of VTY 0 and make it support SSH only: [SW4500] user-interface vty 0 [SW4500-ui-vty0] protocol inbound ssh public-key-code begin Syntax public-key-code begin Vie w Public key edit view Parameter None Description Use the public-k[...]

424 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS After this command is performed to end th e public key edit procedur e, the system will check the validity of the key before saving the input public key . If the public key string contains any illegal character , the system will prom pt the failure of the configuration and the configured key wil[...]

SSH Terminal Service Configuration Comma nds 425 rsa local-key-pair destroy Syntax rsa local-key-pair destroy Vie w System view Parameter None Description Use the rsa local-key-pair destroy command to destr oy all the RSA key pairs of the server , in cluding the host keys and server keys. Related co mmand: rsa local-key-pair create . Example T o de[...]

426 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS View System view Parameter times : Specifies authentication retry times, in th e range of 1~5. Description Use the ssh server authentication-retries command to define SSH authentication retry times value, wh ich takes ef fect at next logon. Use the undo ssh server authentication-retries command [...]

SSH Terminal Service Configuration Comma nds 427 Vie w System view Parameter username : A valid SSH username, which is a string consisting of 1 to 80 characters. keyname : A name of the client public key which is a string consisting of 1 to 54 characters. Description Use the ssh user username assign rsa-key command to assign an existing public key [...]

428 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Use the undo ssh user username authentication-type command to r estore the default mode in which logon fails. By default, user cannot logon to the Sw itch through SSH or TELNET , you need to specify the authenticat ion type for a ne w user . The new configu ration takes effects at the next logon[...]

SSH Client Configu ration Commands 429 Parameter None Description Use the peer - public-key end command to exit from the public key view and r etur n to the system view . Related co mmands: rsa peer-public-key, public-key-code begin . Example T o exit the public key view , enter the follow ing: [SW4500] rsa peer-public-key SW4500003 [SW4500-rsa-pub[...]

430 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS [SW4500-key-code] BB2FC1ACF3EC8F828D55A36F1 CDDC4BB45504F020125 [SW4500-key-code] public-key-code end [SW4500-rsa-public-key] public-key-code end Syntax public-key-code end View Public key edit view Parameter None Description Use the public-key-code end command to r eturn fro m the public key ed[...]

SSH Client Configu ration Commands 431 <SW4500> quit rsa peer -public-key Syntax rsa peer-public-key key-name Vie w System View Parameter key-name: The name of the public key o f the server , wh ich is a string consisting of 1 to 64 charac ters. Description Use the rsa peer-public-key command to enter the public key view . Performing this com[...]

432 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Description Use the ssh client assign rsa-key command to specify the public key of the server to connect with on the client, so that the client authenticates if the server is trustworthy . Use the undo ssh client assign rsa-key command to cancel the specified re lationship with the public key of[...]

SSH Client Configu ration Commands 433 [SW4500] ssh client first-time enable ssh2 Syntax ssh2 { host-ip | host-name } [ port-num ] [ prefer_kex { dh_group1 | dh_exchange_group } ] [ prefer_ctos_cipher { des | 3des | aes128 } ] [ prefer_stoc_cipher { des | 3des | aes 128 } ] [ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ] [ prefer_stoc_hmac {[...]

434 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS md5_96: HMAC algorithm hmac-md5-96. Description Use the ssh2 command to en able the connect ion between the SSH client and the server , and specify the preferred key ex change algorithm, encryption algorithm and HMAC algorithm of the client and the server . Example T o log in to the remote SSH2 [...]

SFTP Server Configuration Commands 435 SF TP Se rver Configuration Commands This section describes the SF TP server configur ation commands available on your Switch 4500. sftp server enable Syntax sftp server enable undo sftp server Vie w System View Parameter None Description Use the sftp server enable command to start the SF TP server . Use the u[...]

436 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Description Use the ssh user service-type command to specify the service type for a particular user . Use the undo ssh user service-type command to restor e the default service type. By default, the service type is stelnet . Related comma nd: display ssh user-information Example T o specify the [...]

SFTP Client Configuration Commands 437 Parameter remote-path: The name of a path on the server . Description Use the cd command to change the current pa th on the SF TP server . If you do not specify the remote-path argument, the current path will be displayed . Example T o change the current path to d:/temp, enter the following: sftp-client> cd[...]

438 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Example T o delete the file temp.c from the server , enter the following: sftp-client> delete temp.c dir Syntax dir[ remote-path ] View SF TP client view Parameter remote-path :The n ame of the di rectory t o view . Description Use the dir command to view the files in the specified directory [...]

SFTP Client Configuration Commands 439 Example T o terminate the connection with the re mote SF TP server , en ter the following: sftp-client> exit [SW4500] get Syntax get remote-file [ local-file ] Vie w SF TP client view Parameter remote-file: The name of a file on the r emote SF TP server . local-file: The name of a local file. Description Us[...]

440 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS sftp-client> help get get remote-path [local-path] Down load file Default local-path is the same wit h remote-path ls Syntax ls [ remote-path ] View SF TP client view Parameter remote-path: The name of the directory to view . Description Use the ls command to view the files in the speci fied [...]

SFTP Client Configuration Commands 441 put Syntax put local-file [ remote-file ] Vie w SF TP client view Parameter local-file: The name of a local file. remote-file: The name of a file on the r emote SF TP server . Description Use the put command to upload a local file to the remote SF TP server . By defaul t, if the name of the file on th e remote[...]

442 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS View SF TP client view Parameter None Description Use the quit command to terminate th e connection with the r emote SF TP server and return to the System view . This command has the same functionality as the bye and exit commands. Example T o terminate the connection with the remote SF TP serve[...]

SFTP Client Configuration Commands 443 newname: New file name. Description Use the rename command to change the name of the specified file on the SF TP server . Example T o change the name of the file temp1 on the SF TP server to temp2, enter the following: sftp-client> rename temp1 temp2 rmdir Syntax rmdir remote-path Vie w SF TP client view Pa[...]

444 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS prefer_kex: Pr eferred key e xchange algorithm, which can be either diffie-hellman-gr oup1- sha1 or diffie-hellman-group-exchange-sha1. dh_group1: Key exchange algorithm diffie-hellman-group1-sha1, which is default algorithm. dh_exchange_group: Key exchange algorithm dif fie-hellman-gr oup-excha[...]

13 C ONFIGURING P ASSWOR D C ONTR OL This chapter describes how to use th e following password contr ol commands: ■ display passwor d-contr ol ■ display passwor d-contr ol blacklist ■ display passwor d-contr ol super ■ passwor d ■ password-control ■ password-contr ol enable ■ password-contr ol super ■ res e t pa s s wo rd -c o n tro[...]

446 C HAPTER 13: C ONFIGU RING P ASSWORD C ONTROL Ta b l e 48 describes the output fields of the display passwor d-control command. display password-contr ol blacklist Syntax display password-control blacklist [ username username | ipaddress ip-address ] View Any view Parameter ■ username : Name of a user who has been added to the blacklist. ■ [...]

447 Description Use the display password-control super command to display the in formation about the password control for super passwords, including the passw ord aging time and the minimum passwor d length. Example # Display the information about the password contr ol for super passwords. <4500>display password-control super Super's pas[...]

448 C HAPTER 13: C ONFIGU RING P ASSWORD C ONTROL View System view Parameter ■ aging-time : Password aging time. It ranges fr om 1 day to 365 days and defaults to 90 days. ■ length : Minimum password length. It ranges fr om 4 characters to 32 characters and defaults to 10 characters. ■ login-times : Login attempt times allo wed for each user [...]

449 Use the password-control authentication-timeout authentication-timeout command to configure the timeout time for user passwor d authenticat ion. Use the password-control exceed command to configur e the procession mode used after password att empt failur e. Example # Configure the password aging time of the system login passwords to 100 d ays. [...]

450 C HAPTER 13: C ONFIGU RING P ASSWORD C ONTROL Description Use the following password-contr ol enable commands to enable the various password control functions of the system: ■ Use the password-control aging enable command t o enable passwor d aging. ■ Use the password-control leng th enable command to enable the limitation of the minimum pa[...]

451 Vie w System view Parameter ■ aging-time : Aging time for super passwords. It ran ges from 1 day to 365 days and defaults to 90 days. ■ min-length : Minimum length for super pas swords. It ranges fr om 4 characters to 16 character s and de faults to 10 characters. Description Use the password-control super command to configure the parameter[...]

452 C HAPTER 13: C ONFIGU RING P ASSWORD C ONTROL # Delete the history password recor ds of user t est <4500> reset password-control hist ory-record username test Are you sure to delete all the his tory record of user test ?[Y/N] If you input "Y", th e system deletes a ll t he h is t o ry p as s w ord re co rd s of t he specified us[...]

453 Use the reset password-control blac klist username username command to delete one specific user entry in the blacklist. Example # Check the use r information in the blacklis t; as you can see, the blacklist cont ains three users: test, tes, and test2. <4500>display password-control blacklis t USERNAME IP test 192.168 .30.25 tes 192.168 .3[...]

454 C HAPTER 13: C ONFIGU RING P ASSWORD C ONTROL[...]

A B OOTR OM I NTERFACE Accessing the Bootrom Interface During the initial boot phase of the Switch the following prompt is displayed with a five second countdown timer a llowing access to the bootrom: Starting...... ******************************************************* * * SuperStack 4 Switch 4500 5 0 -Port BOOTROM, Version 1.0 * ****************[...]

456 A PPENDIX A: B OO TROM I NTERFACE BOOT MENU 1. Download application file to flash 2. Select application file to boot 3. Display all files in flash 4. Delete file from flash 5. Modify bootrom password 6. Enter bootrom upgrade menu 7. Skip current configuration file 8. Set bootrom password recovery 9. Set switch startup mode 0. Reboot Enter your [...]

Boot Menu 45 7 Enter Option 1 at the prompt to display the following: Free Space: 10491904 bytes (*)-with main attribute;(b)-with backup attribute (*b)-with both main and backup attribute Please input the file number to be change: An asterisk (*) indicates the current main boot file. A similar scr een will be displayed for th e configuration files [...]

458 A PPENDIX A: B OO TROM I NTERFACE Free Space: 10460160 bytes The current application file is s4b03_01_04s168.app (*)-with main attribute;(b)-with backup attribute (*b)-with both main and backup attribute Please input the file number to de lete: The current appl ication file is name a nd an * indicates the file in the list. If the filename is in[...]

Boot Menu 45 9 Are you sure to disable bootrom password recovery? Yes or No(Y/N) n If the bootrom super password is disabled and the bootrom password (set at Boot Menu Option 5) is lost, bootrom access is no longer possible. If access to the bootrom menu is r equired, the Switch will need to be returned to 3Com for repair . The super p assword is a[...]

460 A PPENDIX A: B OO TROM I NTERFACE Selecting a F TP download 1. Set TFTP protocol parameter 2. Set FTP protocol parameter 3. Set XMODEM protocol parameter 0. Return to boot menu Enter your choice(0-3): 2 Load File name:s4b03_01_04s168.app Switch IP address:10.1.1.200 Server IP address:10.1.1.177 FTP User Name :anonymous FTP User Password :pass A[...]