GWN78xx(P) - CLI Guide

INTRODUCTION

The GWN78xx series switches can be managed locally or remotely, through Web access or via Command Line, offering more flexibility along with secured login sessions. The various features and operations on the GWN78xx switches can now be managed either through Web GUI offering a friendly user interface, or via Command Line through SSH/Telnet access.

SSH is a secure protocol used for the connection to a remote host, through command lines and text-based interface. Once authenticated and connected, all typed commands on the terminal are sent to the remote device and executed there.

This guide will describe the usage of Command Line to manage the GWN78xx switches, and will be illustrated using Putty tool, as SSH client Console.

CONNECTING TO THE SWITCH

Connect using SSH

Secure Shell (SSH) provides both secure authentication and secure communications to the CLI. First step to do is to run the SSH client application (PuTTY in our case) and set the following:

• Host Name or IP Address: GWN78xx’s IP Address, (ex: 192.168.5.152).
• Port: 22, this is the by default port for SSH protocol.
• Connection type: Set this to SSH

The settings should be similar to the following figure:

Once done, you can press Open to start the SSH session and open the console.

Once pressing Open to start the session, the login prompt will appear on the CLI, enter the Username and the Password to login.

After clicking “Enter”, the user should now have access to the switch.

Connect using Console port

First, connect the GWN switch with the computer using the console port on the switch, then in device manager (ex: windows) under ports check what Serial line (ex: COM3, COM7 …) has been used. Please refer to the figure below:

Then, left click on the port used (USB Serial Device (COM3)) → Properties → Port Settings and make sure to match the port settings as shown below:

We can use PuTTY again to connect to the GWN switch, please use the following configuration below:

• Serial line: use the same serial line previously checked on the device manager.
• Connection type: select Serial
• Speed: 115200

Once finished, click on “Open” button at the bottom to open the CLI.

OVERVIEW

Configure

Command: configure

Mode: Privileged Exec Mode

Parameter: none

Description: Enter global configuration mode

Example:

Switch # configure
Switch(config)#

Interface

Command:

1. interface IF_PORTS

2. interface range IF_PORTS

Mode: interface configuration mode

Parameter:

Parameter	Description
IF_PORTS	Interfaces, including Ethernet ports , optical ports, and aggregation interfaces

Description: Enter interface configuration mode

Example:

Enter the configuration of port 1
Switch # configure
Switch(config)# interface Ethernet 1/0/1
Switch(config-if)#

Enter the configuration of ports 1-5
Switch # configure
Switch(config)# interface range Ethernet 1/0/1-1/0/5
Switch(config-if-range)#

End

Command: end

Mode: none

Parameter: none

Description: Return directly to privileged EXEC mode in other configuration modes except user mode

Example:

Switch # configure
Switch(config)# interface Ethernet 1/0/1
Switch(config-if)# end
Switch#

Exit

Command: exit

Mode: none

Parameter: none

Description: return to parent schema In user mode, the current CLI session will be closed directly

Example:

Switch # configure
Switch(config)# exit
Switch#

System messages

Check the basic information of the switch

Command: show info

Mode: Privileged Exec Mode

Parameter:

Parameter	Description
System Name	device name
System Location	device location
System Contact	Equipment contact information
MAC Address	MAC address
IP Address	IP address
Subnet Mask	subnet mask
Loader Version	bootloader version
Loader Date	bootstrap date
Firmware Version	Software version/system version
Firmware Date	software date
Hardware Version	hardware version
PN Series number	PN serial number
SN Series number	SN serial number
System Object ID	System OIDs
System Up Time	run time

Description: Check the basic information of the switch

Example:

View basic switch information
Switch # show info

System Name : Switch
System Location : Default
System Contact : Default
MAC Address : C0:74:AD:B9:3B:44
IP Address : 192.168.80.202
Subnet Mask : 255.255.255.0
Loader Version: 3.6.9.55156
Loader Date : Sep 09 2022 - 16:06:39
Firmware Version: 1.0.1.11
Firmware Date : Nov 01 2022 - 05:07:20
Hardware Version : V1.2A
PN Series number : 9640004612A
SN Series number : 20VXU28N90B93B44
System Object ID : 1.3.6.1.4.1.27282.3.2.10
System Up Time: 1 days, 22 hours, 43 mins, 38 secs

Configure basic switch information

• Configure switch name

Command:

1. system name NAME

2. show info

Mode: global configuration mode

Parameter:

Parameter	Description
name	Character range: 1-32 If the string is empty, use “” to quote it.

Description: Modify the switch name

Example:

Set the switch name to MySwitch and check
Switch# configure
Switch (config) #system name MySwitch
MySw itch (config) # do show info

System Name : MySwitch
System Location : Default
System Contact : Default
MAC Address : C0:74:AD:B9:3B:44
IP Address : 192.168.80.202
Subnet Mask : 255.255.255.0
Loader Version: 3.6.9.55156
Loader Date : Sep 09 2022 - 16:06:39
Firmware Version: 1.0.1.11
Firmware Date : Nov 01 2022 - 05:07:20
Hardware Version : V1.2A
PN Series number : 9640004612A
SN Series number : 20VXU28N90B93B44
System Object ID : 1.3.6.1.4.1.27282.3.2.10
System Up Time: 1 days, 22 hours, 45 mins, 6 secs

• Configure switch location

Command: system location LOCATION

Mode: global configuration mode

Parameter:

Parameter	Description
LOCATION	switch location If the string is empty, use “” to quote it

Description: Modify switch location

Example:

Modify the location of the switch to shenzhen and check
Switch # configure
Switch(config)#system location shenzhen
Switch(config)#do show info

System Name : MySwitch
System Location: shenzhen
System Contact : Default
MAC Address : C0:74:AD:B9:3B:44
IP Address : 192.168.80.202
Subnet Mask : 255.255.255.0
Loader Version: 3.6.9.55156
Loader Date : Sep 09 2022 - 16:06:39
Firmware Version: 1.0.1.11
Firmware Date : Nov 01 2022 - 05:07:20
Hardware Version : V1.2A
PN Series number : 9640004612A
SN Series number : 20VXU28N90B93B44
System Object ID : 1.3.6.1.4.1.27282.3.2.10
System Up Time: 1 days, 22 hours, 47 mins, 55 secs

• Configure switch contact information

Command: system contact CONTACT

Mode: global configuration mode

Parameter:

Parameter	Description
CONTACT	switch contact If the string is empty, use “” to quote it.

Description: Modify the switch contact information

Example:

Modify the switch contact information to 13546879513 and check
Switch # configure
Switch(config)#system contact 13546879513
Switch(config)#do show info

System Name : MySwitch
System Location: shenzhen
System Contact : 13546879513
MAC Address : C0:74:AD:B9:3B:44
IP Address : 192.168.80.202
Subnet Mask : 255.255.255.0
Loader Version: 3.6.9.55156
Loader Date : Sep 09 2022 - 16:06:39
Firmware Version: 1.0.1.11
Firmware Date : Nov 01 2022 - 05:07:20
Hardware Version : V1.2A
PN Series number : 9640004612A
SN Series number : 20VXU28N90B93B44
System Object ID : 1.3.6.1.4.1.27282.3.2.10
System Up Time: 1 days, 22 hours, 48 mins, 1 secs

View the switch CPU information

• View the input frame rate of the CPU

Command: show cpu input rate

Mode: Privileged Exec Mode

Parameter: none

Description: View the rate of CPU input frames

Example:

Switch# show cpu input rate
Input Rate to CPU is 1 pps

• View CPU usage

Command: show cpu utilization

Mode: Privileged Exec Mode

Parameter: none

Description: Show CPU usage

Example:

Switch# show cpu utilization

CPU utilization
---------------
Current: 0%

View memory information

Command: show memory statistics

Mode: Privileged Exec Mode

Parameter:

Parameter	description
total	total memory
used	used memory
free	free memory
shared	Shared memory
buffer	cache
cache	cache

Description: Display memory statistics, including total, used, free, shared, buffer, cache, unit KB

Example:

Switch# show memory statistics

total(KB) used(KB) free(KB) shared(KB) buffer(KB) cache(KB)
--------------------+-----------+----------+------ ----+------------+------------
Mem: 126028 78792 47236 0 0 0
-/+ buffers/cache: 78792 47236
Swap: 0 0 0

View switch version information

Command: show version

Mode: Privileged Exec Mode

Parameter:

Parameter	description
Loader Version	bootloader version
Loader Date	bootstrap date
Firmware Version	Software version/system version
Firmware Date	software date

Description: Displays version information, including bootloader version, date and software version, date

Example:

Switch # show version

Loader Version: 3.6.9.55156
Loader Date : Sep 09 2022 - 16:06:39
Firmware Version: 1.0.1.11
Firmware Date : Nov 01 2022 - 05:07:20

Viewing the Running Status of the Switch Fans

Command: show fans

Mode: Privileged Exec Mode

Parameter: none

Description: Viewing the Running Status of the Switch Fans.

Example:

Viewing the Running Status of the GWN7803P Fan
Switch # show fan

FanId Status Speed
1 NORMAL LOW
2 NORMAL LOW

ETHERNET SERVICE

Basic port configuration

Open/close port

Command:

1. no shutdown
2. shutdown

Mode: interface configuration mode

Parameter: none

Description: Open/close port

Example:

close port 1
Switch#config
Switch (config) # interface Ethernet 1/0/1
Switch (config-if) #shutdown

open port 1
Switch (config-if) #no shutdown

Configure port description

Command: description DESCRIPTION

Mode: interface configuration mode

Parameter:

Parameter	Description
DESCRIPTION	Character range: 1-128, used to describe the port, “\?/, characters are not supported.

Description: Configure the description information of the interface

Example:

Configure the description of port 2 as port-2
Switch # configure
Switch(config)# interface Ethernet 1/0/2
Switch(config-if)# description port-2

Modify port description

Command: description WORD<1-128>

Mode: interface configuration mode

Parameter:

Parameter	Description
WORD<1-128>	Character range: 1-128, used to describe the port. “\?/, characters are not supported.

Description: Modify port description

Example:

Modify the description of port 1 to 111111
Switch#config
Switch (config) # interface Ethernet 1/0/1
Switch (config-if) # description 111111

Clear port description

Command: no description

Mode: interface configuration mode

Parameter: none

Description: clear port description

Example:

Switch#config
Switch (config) # interface Ethernet 1/0/1
Switch (config-if) #no description

Configuring Combo port working mode

Command:

• media-type (auto-select|rj45|sfp)
• no media-type

Mode: interface configuration mode

Parameter:

Parameter	Description
auto-select	The auto-negotiation working mode will determine whether to use the electrical port or the optical port based on the actual access. If both have access, the optical port mode will be given priority.
rj45	Electrical port working mode
sfp	Optical port working mode

Description: Configure the working mode of the Combo port.

Example:

Turn on the working mode of port 1 as optical port
Switch# config
Switch (config) # interface Ethernet 1/0/1
Switch (config-if) # media-type sfp

Configure port automatic detection

Command:

1. auto-detect
2. no auto-detect

Mode: interface configuration mode

Parameter: none

Description: Configure whether to enable automatic detection of the SFP+ port. Automatically adjust the port rate according to the connected optical module.

Example:

Enable auto- detection of port 50
Switch#config
Switch (config) # interface Ethernet 1/0/50
Switch (config-if) # auto-detect

Disable auto-detection of port 50
Switch (config-if) # no auto-detect

Configure port rate

Command:

1. speed [ 10|100|1000|10000 ]
2. speed auto [(10|100|1000|10/100)]

Mode: interface configuration mode

Parameter:

Parameter	Description
10	Force 10 Mbps operation , force the port rate of 10 Mbps
100	Force 100 Mbps operation , force the port rate of 100 Mbps
1000	Force 1000 Mbps operation , force the port rate of 1000 Mbps
10000	Force 10Gbps operation , force the port rate of 10 Gbps Note : Supported only on GWN78xx(P) switches with SFP+ port.
auto	The auto-negotiation rate has the following four situations: • 10: Include 10 Mbps in auto-negotiation advertisement • 10/100 ： Include 10 Mbps and 100Mbps in auto-negotiation advertisement • 100 ： Include 100 Mbps in auto-negotiation advertisement • 1000 ： Include 1000 Mbps in auto-negotiation advertisement

Description: Configure port speed

1. Gigabit Ethernet port supports Auto, 10 Mbps, 100 Mbps, 1000 Mbps
2. Gigabit optical port supports Auto, 10 Mbps, 100 Mbps, 1000 Mbps
3. 10 Gigabit optical port supports 100 Mbps, 1000 Mps, 10000 Mbps

Example:

Configure port 1 to 1000 Mbps
Switch#config
Switch (config) # interface Ethernet 1/0/1
Switch (config-if) #speed 1000

Configure port DAC line

Command: dac [(0.5m|1m|3m|5m|none)]

Mode: interface configuration mode

Parameter:

Parameter	Description
0.5m	0.5 meters long
1m	1 meter long
3m	3 meters long
5m	5 meters long
none	Disabled

Description:

1. Configuring the DAC cable length of the SFP+ port.
2. The configuration is supported only if the SFP+ port auto-detection function is disabled and the rate is set to 10 Gbps.

Example:

Set the DAC cable of port 50 to 3m
Switch#config
Switch (config) # interface Ethernet 1/0/50
Switch (config-if) # no auto-detect
Switch(config-if)#speed 10000
Switch(confgi-if)#dac 3m

Configure port duplex mode

Command: duplex auto|full|half

Mode: interface configuration mode

Parameter:

Parameter	Description
auto	Enable AUTO duplex configuration , automatic configuration mode
full _	Force full duplex operation , full duplex mode
half	Force half-duplex operation , half-duplex mode

Description: Configure port duplex mode

Example:

Configure the duplex mode of port 1 to auto
Switch#config
Switch (config) # interface Ethernet 1/0/1
Switch (config-if) # duplex auto

Configure port flow control

Command: flowcontrol auto|off|on

Mode: interface configuration mode

Parameter:

Parameter	Description
auto	Enable AUTO flow-control configuration , automatic configuration
off	Force flow-control as disabled , close
on	Force flow-control as enabled , open

Description: Configure port flow control

Example:

Configure the flow control of port 1 to auto
Switch#config
Switch (config) # interface Ethernet 1/0/1
Switch (config-if) # flowcontrol auto

Turn off port flow control

Command: no flow control

Mode: interface configuration mode

Parameter: none

Description: Turn off port flow control

Example:

Turn off flow control on port 1
Switch#config
Switch (config) # interface Ethernet 1/0/1
Switch (config-if) #no flowcontrol

View port information or status

Command:

1. show interfaces IF_PORTS
2. show interfaces IF_PORTS status

Mode: Privileged Exec Mode

Parameter:

Parameter	Description
IF_PORTS	port number
status	Display port information as follows: • Port: port number • Name: port name • Status : port status • Vlan: the Vlan where the port is located • Duplex: port duplex mode • Speed: port speed • Type: port type

Description: View port information or status

Example:

Check port 1 information
Switch# show interface Ethernet 1/0/1
Ethernet1/0/1 is down
Hardware is Gigabit Ethernet
Auto-duplex, Auto-speed, media type is Copper
flow-control is off
back-pressure is enabled
0 packets input, 0 bytes, 0 throttles
Received 0 broadcasts (0 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frames
0 multicast, 0 pause input
0 input packets with dribble condition detected
0 packets output, 0 bytes, 0 underrun
0 output errors, 0 collisions
0 babbles, 0 late collision, 0 deferred
0 PAUSE output

Check the status of port 1
Switch# show interface Ethernet 1/0/1 status
Port Name Status Vlan Duplex Speed Type
eth1/0/1 notconnect 1 auto auto Copper

Clear port statistics counters

Command: clear interfaces IF_PORTS counters

Mode: privileged EXEC mode

Parameter:

Parameter	Description
IF_PORTS	port number

Description: Clear the statistical counters of the specified port

Example:

Clear statistics counters for port 1
Switch# clear interfaces interfaces Ethernet 1/0/1 counters

Traffic statistics

View interface statistics

Command: show interfaces IF_PORTS

Mode: privileged EXEC mode

Parameter:

Parameter	Description
IF_PORTS	The port number

Description: the statistics of the specified interface

Example:

View statistics on port 1
Switch# show interfaces Ethernet 1/0/1

View interface traffic information

Command: show tech-support mib-counters

Mode: privileged EXEC mode

Parameter: none

Description: View interface traffic information

Example:

Switch# show tech-support mib-counters

Port auto recovery

Configure port recovery

Command:

1. errdisable recovery interval seconds
2. errdisable recovery cause {all | acl | arp-inspection|bpduguard| dhcp-rate-limit| selfloop|udld |psecure-violation |broadcast-flood |unicast-flood|unknown-multicast-flood}

Mode: global configuration mode

Parameter:

Parameter	Description
seconds	Port recovery time , the value range is 30 -86400 seconds
cause {all | acl | arp-inspection|bpduguard|dhcp-rate-limit| selfloop|udld |psecure-violation |broadcast-flood |unicast-flood|unknown-multicast-flood}	Mechanism of port recovery triggering

Description: Configure port recovery

Example:

Configure the port recovery trigger mechanism as unicast flooding, and the recovery time is 30 seconds
Switch # configure
Switch(config)# errdisable recovery cause unicast-flood
Switch(config)# errdisable recovery interval 30s

View the port restoration table

Command: show errdisable recovery

Mode: privileged EXEC mode

Parameter: none

Description: View port recovery entries

Example:

Switch# show errdisable recovery

Link aggregation

Add/delete Link Aggregation Group

Command:

1. lag <1-8> mode (static | active | passive)
2. no lag

Mode: interface configuration mode

Parameter:

Parameter	Description
<1-8>	Aggregation group ID , range <1-8>
static	static mode
active	Active mode of LACP
passive	Passive mode of LACP

Description: Use no lag configuration command to remove port aggregation

Example:

Port 1 and port 2 join static lag 1
Switch # configure
Switch(config)# interface Ethernet 1/0/1
Switch(config-if)# lag 1 mode static
Switch(config)# interface Ethernet 1/0/2
Switch(config-if)# lag 1 mode static
Switch # show lag

Load balancing

Command: lag load-balance { src-dst-mac | src-dst-mac-ip }

Mode: global configuration mode

Parameter:

Parameter	Description
src-dst-mac	Load sharing based on src-mac|dst-mac
src-dst-mac-ip	Load sharing based on src-mac|dst-mac|src-ip|dst-ip

Description: Setting Link Aggregation Load Balancing Mode

Example:

Switch # configure
Switch(config)# lag load-balance src-dst-mac

LACP Configuration

• LACP system priority

Command: lacp system-priority <1-65535>

Mode: global configuration mode

Parameter:

Parameter	Description
<1-65535>	LACP system priority range, the value range is an integer from 1 to 65535 , and the default is 32768

Description: Set the system priority of LACP

Example:

Set the global LACP system priority to 1
Switch(config-if)# lacp system-priority 1

• LACP port priority

Command: lacp port-priority <1-65535>

Mode: interface configuration mode

Parameter:

Parameter	Description
<1-65535>	The range of LACP port priority, the value range is an integer from 1 to 65535 , the default is 1

Description: Configure LACP port priority, the default value is 1, the smaller the port priority value, the higher the LACP priority

Example:

Set the LACP priority of port 1 to 2
Switch# configure
Switch(config)# interface Ethernet 1/0/1
Switch(config-if)# lacp port-priority 2

• LACP port timeout mechanism

Command: lacp timeout {long|short}

Mode: interface configuration mode

Parameter:

Parameter	Description
short	The timeout period for receiving LACP protocol packets is 3 seconds
long	The timeout period for receiving LACP protocol packets is 90 seconds

Description: Set the timeout time for receiving LACP packets, the default is short

Example:

Set the timeout period for receiving LACP packets on port 1 to long
Switch # configure
Switch(config)# interface Ethernet 1/0/1
Switch(config-if)# lacp timeout long

• Show LACP

Command:

1. show lacp { <1-8> | counters |internal|neighbor|sys-id}
2. show lag

Mode: privileged EXEC mode

Parameter:

Parameter	Description
<1-8>	Aggregation group ID , range <1-8>

Description: View LAG/LACP entries

Example:

Switch # show lag
Switch# show lacp sys-id
Switch# show lacp counters
Switch # show lacp internal
Switch# show lacp neighbor

MAC address table

Set MAC Aging Time

Command: mac address-table aging-time

Mode: global configuration mode

Parameter:

Parameter	Description
aging-time	Dynamic address aging time, the value range is 0 or an integer from 60 to 1000000, 0 means no aging . Default 300 seconds

Description: Set the aging time of dynamic MAC

Example:

Switch#conf
Switch(config)# mac address-table aging-time 60

Set MAC static address

Command:

1. mac address-table static MAC-address vlan vlan-id interface interface-id
2. no mac address-table static MAC-address vlan vlan-id interface interface-id

Mode: global configuration mode

Parameter:

Parameter	Description
MAC-address	MAC address: format A:B:C:D:E:F, such as 00:00:00:00:00:01
vlan vlan-id	vlan id value range <1-4094>
interface interface-id	There are 2 interface modes {Ethernet|LAG }

Description:

1. mac address-table static command sets a static MAC address and binds the user device to an interface, thereby preventing illegal users from fraudulently obtaining data
2. The no mac address-table static command deletes the specified static MAC address

Example:

Switch # configure
Switch(config)# mac address-table static 00:00:00:00:00:01 vlan 1 interfaces Ethernet 1/0/1
Switch(config)#mac address-table static 00:00:00:00:00:02 vlan 2 interfaces LAG 1
Switch(config)# no mac address-table static 00:00:00:00:00:01 vlan 1

Set black hole MAC address

Command:

1. mac address-table static MAC-address vlan vlan-id drop
2. no mac address-table static MAC-address vlan vlan-id drop

Mode: global configuration mode

Parameter:

Parameter	Description
MAC-address	mac address: format A:B:C:D:E:F, such as 00:00:00:00:00:01
vlan-id	vlan id value range <1-4094>

Description:

1. mac address-table static command sets a blackhole MAC address. When the device receives a packet with a destination or source MAC address that is a blackhole MAC address, it discards it directly
2. The no mac address-table static command deletes the specified blackhole MAC address

Example:

Switch# configure
Switch(config)# mac address-table static 00:00:00:00:00:01 vlan 3 drop
Switch(config)# no mac address-table static 00:00:00:00:00:01 vlan 3

Clearing dynamic MAC address entries

Command:

1. clear mac address-table dynamic
2. clear mac address-table dynamic interface interface-id
3. clear mac address-table dynamic vlan vlan-id

Mode: privileged EXEC mode

Parameter:

Parameter	Description
vlan-id	vlan id value range <1-4094>
interface-id	There are 2 interface modes {Ethernet|LAG}

Description: Clear dynamic address entries

Example:

Switch# clear mac address-table dynamic
Switch# clear mac address-table dynamic interfaces Ethernet 1/0/1
Switch# clear mac address-table dynamic vlan 1

View MAC address entries

Command:

1. show mac address-table aging-time
2. show mac address-table counters
3. show mac address-table
4. show mac address-table mac-address
5. show mac address-table interfaces interface-id
6. show mac address-table vlan vlan-id
7. Switch# show mac address-table dynamic
8. show mac address-table dynamic interfaces interface-id
9. show mac address-table dynamic vlan vlan-id
10. show mac address-table static interfaces interface-id
11. show mac address-table static vlan vlan-id

Mode: privileged EXEC mode

Parameter:

Parameter	Description
mac-address	mac address: format A:B:C:D:E:F, such as 00:00:00:00:00:01
vlan-id	vlan id value range <1-4094>
interface-id	There are 2 interface modes {Ethernet|LAG }

Description:

1. show mac address-table aging-time : Check the aging time of dynamic mac address entries
2. show mac address-table counters : Check the number of all MAC entries of the switch
3. show mac address-table : Check the MAC address table entries
4. show mac address-table mac-address : Check the entry of the specified MAC address
5. show mac address-table interfaces interface-id : Check the interface entry of the mac address table entry
6. show mac address-table vlan vlan-id : Check the MAC address entry of the vlan in the mac address entry
7. Switch# show mac address-table dynamic : Check dynamic MAC address table entries
8. show mac address-table dynamic interfaces interface-id : Check the interface entries of the dynamic mac address table entries
9. show mac address-table dynamic vlan vlan-id : Check the M AC address entry of the vlan of the dynamic mac address entry
10. show mac address-table static interfaces interface-id : Check the interface entries of the static mac address table entries
11. show mac address-table static vlan vlan-id : Check the MAC address entry of the vlan of the static mac address entry

Example:

Switch# show mac address-table aging-time
Switch# show mac address-table counters
Switch# show mac address-table
Switch# show mac address-table 00:00:00:00:00:01
Switch# show mac address-table vlan 1
Switch# show mac address-table static
Switch# show mac address-table dynamic
Switch# show mac address-table interfaces Ethernet 1/0/1

VLAN

Configure access mode VLAN

Command:

1. switchport mode { access/ hybrid/ trunk }
2. switchport access vlan <1-4094>

Mode: interface configuration mode

Parameter:

Parameter	Description
access/ hybrid/ trunk	Configure the link type access/hybrid/trunk of the port
<1-4094>	Configure the port to join a vlan, the effective VLAN ID is 1-4094

Description: Set the port link type to Access, and add the port to the specified VLAN

Example:

Set the port link type to Access, and add port GE1 to VLAN 1
Switch#
Switch # configure
Switch(config)# vlan 2
Switch(config-vlan)# exit
Switch(config)# interface Ethernet 1/0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 1
Switch(config-if)# exit
Switch(config)# exit
Switch# copy running-config startup-config
Success
Switch#

Configure hybrid mode VLAN

Command:

1. switchport mode { access/ hybrid/ trunk }
2. switchport hybrid allowed vlan {add/ remove} VLAN-LIST {untagged/tagged}
3. switchport hybrid pvid <1-4094>
4. switchport hybrid acceptable-frame-type {all/tagged-only/untagged-only}
5. switchport hybrid ingress-filtering

Mode: interface configuration mode

Parameter:

Parameter	Description
access/ hybrid/ trunk	Configure the link type access/hybrid/trunk of the port
add/remove	Configure the port link type as hybrid to add /remove vlan
VLAN-LIST	The range of the vlan list is 1-4094
untagged/tagged	Configure the port to receive this VLAN frame as untagged/tagged
<1-4094>	Configure the PVID of the port
all/tagged-only/untagged-only	Configure the type of frame received by the port as all/only tagged/only untagged

Description:

1. The switchport mode command configures the port link type as hybrid
2. switchport hybrid allowed vlan command configures the VLAN added /removed by the hybrid port, and the received frame type of this vlan is tagged/untagged
3. switchport hybrid pvid command configures the PVID of the hybrid port
4. switchport hybrid acceptable-frame-type command configures the frame type received by the hybrid port to be all
5. switchport hybrid ingress-filtering command to enable inbound filtering

Example:

Switch#
Switch # configure
Switch(config)# vlan 3
Switch(config-vlan)# exit
Switch(config)# interface Ethernet 1/0/1
Switch(config-if)# switchport mode hybrid
Switch(config-if)# switchport hybrid allowed vlan add 2 tagged
Switch(config-if)# switchport hybrid allowed vlan add 3 untagged
Switch(config-if)# switchport hybrid allowed vlan remove 1
Switch(config-if)# switchport hybrid pvid 3
Switch(config-if)# switchport hybrid acceptable-frame-type all
Switch(config-if)# switchport hybrid ingress-filtering
Switch(config-if)# exit
Switch(config)# exit
Switch# copy running-config startup-config
Success

Configure Trunk mode VLAN

Command:

1. switchport mode { access/ hybrid/ / trunk}
2. switchport trunk allowed vlan {add/ remove} { VLAN-LIST/all }
3. switchport trunk native vlan <1-4094>

Mode: interface configuration mode

Parameter:

Parameter	Description
access/ hybrid/ trunk	Configure the link type access/hybrid/trunk of the port
add/remove	Configure the port link type as Trunk to add /remove vlan
VLAN-LIST/all	The range of the VLAN list is 1-4094 or all VLANs
<1-4094>	Configure the PVID range of the port to be 1-4094

Description:

1. The switchport mode command configures the port link type as trunk
2. switchport trunk allowed vlan command configures the VLAN added /removed by the trunk port
3. switchport trunk native vlan command configures the PVID of the trunk port

Example:

Switch#
Switch # configure
Switch(config)# vlan 2-4
Switch(config-vlan)# exit
Switch(config)# interface Ethernet 1/0/1
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan add 3-4
Switch(config-if)# switchport trunk allowed vlan remove 1
Switch(config-if)# switchport trunk native vlan 4
Switch(config-if)# exit
Switch(config)# exit
Switch#

Display and maintain VLANs

Command:

1. show vlan
2. show vlan VLAN-LIST
3. show interfaces switchport {Ethernet/ LAG} <interface-id>/<1-8>

Mode: none

Parameter:

Parameter	Description
VLAN-LIST	The range of VLAN list is 1-4094
Ethernet/ LAG	Select Ethernet Port or Aggregated Port
<interface-id>	Take GWN 7803P as an example, Ethernet port 1-28
<1-8>	Take GWN7803P as an example, aggregation port 1-8

Description:

1. show vlan command displays all VLAN information
2. show vlan VLAN-LIST command displays a certain VLAN information
3. show interfaces switchport command displays port VLAN information

Example:

Switch# show vlan
VID | VLAN Name | Untagged Ports | Tagged Ports |
-----+-------------+-------------------+---------- ------+---------
1 | default | eth1/0/1-1/0/10, lag1-8 | --- | Default

Voice VLAN

• Configure Global Voice VLAN

Command:

1. voice-vlan
2. no voice-vlan
3. voice-vlan [ state (oui-mode | auto-mode | untagged-oui-mode) ]
4. voice-vlan vlan <2-4094>
5. voice-vlan aging-time <30-65536>
6. voice-vlan cos <0-7> [remark]
7. voice-vlan dscp <0-63>
8. voice-vlan oui-table A:B:CA:B:C

Mode: global configuration mode

Parameter:

Parameter	Description
oui-mode	Tagged OUI mode, the port is added to the voice VLAN in tagged form.
auto-mode	Automatic voice VLAN mode
untagged-oui-mode	Untagged OUI mode, the port is added to the voice VLAN in untagged form.
<2-4094>	Specify voice vlan range 2-4094
<30-65536>	The specified aging time range is 30-65536 minutes
<0-7>	Specify voice VLAN service class as 0-7
[ remark ]	Whether to remark the CoS
<0-63>	Specifies the DSCP priority of the automatic voice VLAN , the default is 46
A:B:C	Configure OUI address
A:B:C	Configure OUI mask

Description:

1. voice-vlan: enable voice VLAN function.
2. no voice-vlan : turn off the voice VLAN function.
3. voice-vlan [ state (oui-mode | auto-mode | untagged-oui-mode) ] : select voice VLAN mode.
4. The voice-vlan vlan command configures voice VLAN.
5. The voice-vlan aging-time command enables the voice VLAN aging time.
6. The voice-vlan cos command configures the cos priority.
7. The voice-vlan cos <0-7> remark command configures CoS remark.
8. voice-vlan dscp <0-63> command configures the DSCP priority of automatic voice VLAN.
9. The voice-vlan oui-table command configures the OUI address and mask.

Example:

Switch#
Switch # configure
Switch(config)# voice-vlan
Switch(config)# voice-vlan state oui-mode
Switch(config)# voice-vlan vlan 4
Switch(config)# voice-vlan aging-time 30
Switch(config)# voice-vlan cos 5
Switch(config)# voice-vlan oui-table c0:74:ad ff:ff:ff
Switch(config)# exit
Switch#

• Configure port voice VLAN

Command:

1. voice-vlan
2. no voice-vlan
3. voice-vlan mode {auto/manual}

Mode: interface configuration mode

Parameter:

Parameter	Description
auto	Specify port voice VLAN as automatic mode
manual	Specify port voice VLAN as manual mode

Description:

1. The voice-vlan command configures the port to enable the voice VLAN
2. The no voice-vlan command configures and disables the port voice VLAN function
3. The voice-vlan mode command configures the port voice as vlan in automatic /manual mode

Example:

Switch#
Switch # configure
Switch(config)# interface Ethernet 1/0/1
Switch(config-if)# voice-vlan
Switch(config-if)# voice-vlan mode auto
Switch(config-if)# voice-vlan mode manual
Switch(config-if)# exit
Switch(config)# exit
Switch#

• Display voice VLAN information

Command:

1. show voice-vlan
2. show voice-vlan interfaces {Ethernet/ LAG} <interface-id>/<1-8>

Mode: none

Parameter:

Parameter	Description
Ethernet/ LAG	Select Ethernet Port or Aggregated Port
<interface-id>	Take GWN 7803P as an example, Ethernet port 1-28
<1-8>	Take GWN7803P as an example, aggregation port 1-8

Description:

1. show voice-vlan command displays voice VLAN information
2. show voice-vlan interfaces command displays port voice VLAN information

Example:

Switch# show voice-vlan
Administrate Voice VLAN state : disabled
Voice VLAN ID: none (disable)
Voice VLAN Aging : 1440 minutes
Voice VLAN CoS : 6
Voice VLAN 1p Remark: disabled

Switch# show voice-vlan interface Ethernet 1/0/1
Voice VLAN Aging : 1440 minutes
Voice VLAN CoS : 6
Voice VLAN 1p Remark: disabled

OUI table
OUI MAC | OUI MASK | Description
-----------+-------------+-----------------
00:0B:82 | FF:FF:FF | Grandstream
C0:74:AD | FF:FF:FF | Grandstream
EC:74:D7 | FF:FF:FF | Grandstream
00:E0:BB | FF:FF:FF | 3COM
00:03:6B | FF:FF:FF | Cisco
00:E0:75 | FF:FF:FF | Veritel
00:D0:1E | FF:FF:FF | Pingtel
00:01:E3 | FF:FF:FF | Siemens
00:60:B9 | FF:FF:FF | NEC/Philips
00:0F:E2 | FF:FF:FF | H3C
00:09:6E | FF:FF:FF | Avaya

Port | State | Port Mode | Cos Mode
-----+---------+-------------+-----------
eth1/0/1 | Disabled | Manual | Src

Spanning tree

Global Settings

• Turn on/off spanning tree

Command:

1. spanning-tree
2. no spanning-tree

Mode: global configuration mode

Parameter: none

Description: Enable/ disable spanning tree function

Example:

Switch(config)# no spanning-tree
Switch(config)# spanning-tree

• BPDU processing method

Command: spanning-tree bpdu {filtering|flooding}

Mode: global configuration mode

Parameter:

Parameter	Description
filtering	When spanning tree is disabled, filter DU packets
flooding	Flood BPDU packets when spanning tree is disabled

Description: Set the processing mode of BPDU packets when the spanning tree is disabled

Example:

Switch(config)# no spanning-tree
Switch(config)# spanning-tree bpdu filtering

• Spanning tree mode

Command: spanning-tree mode {stp|rstp|mstp|pvst}

Mode: global configuration mode

Parameter:

Parameter	Description
stp	spanning tree protocol
rstp	Rapid Spanning Tree Protocol
mstp	Multiple Spanning Tree Protocol
pvst	VLAN – based Spanning Tree Protocol

Description: Set spanning tree mode , default RSTP

Example:

Switch(config)# spanning-tree mode rstp

• Path cost

Command: spanning-tree pathcost method {long|short}

Mode: global configuration mode

Parameter:

Parameter	Description
long	Specify the global path cost as long, ranging from 1 to 200000000
short	Specify the global path cost as short, the range is between 1-65535

Description: Set the global spanning tree path cost, the default is long

Example:

Switch(config)# spanning-tree mode rstp

• Bridge priority

Command: spanning-tree priority PRIORITY

Mode: global configuration mode

Parameter:

Parameter	Description
priority	Global bridge priority, an integer ranging from 0 to 61440 , and a multiple of 4096

Description: Set global bridge priority

Example:

Switch(config)# spanning-tree priority 0

• BPDU contact time

Command: spanning-tree hello-time SECONDS

Mode: global configuration mode

Parameter:

Parameter	Description
seconds	BPDU contact time setting, the value range is an integer from 1 to 10, and it needs to satisfy (Hello Time+1)*2≤Max Age≤(Forward Delay-1)*2

Description: Set BPDU contact time

Example:

Switch(config)# spanning-tree hello-time 2

• Aging time

Command: spanning-tree maximum-age SECONDS

Mode: global configuration mode

Parameter:

Parameter	Description
seconds	maximum aging time setting, the value range is an integer from 6 to 40 , and it needs to satisfy (Hello Time+1)*2≤Max Age≤(Forward Delay-1)*2

Description: Set the maximum aging time

Example:

Switch(config)# spanning-tree maximum-age 20

• Forwarding delay time

Command: spanning-tree forward-delay SECONDS

Mode: global configuration mode

Parameter:

Parameter	Description
seconds	Forwarding delay time, an integer ranging from 4 to 30 , and must satisfy (Hello Time+1)*2≤Max Age≤(Forward Delay-1)*2

Description: Set forwarding delay time

Example:

Switch(config)# spanning-tree forward-delay 15

• Send retain count

Command: spanning-tree tx-hold-count COUNT

Mode: global configuration mode

Parameter:

Parameter	Description
count	an integer ranging from 1 to 10

Description: Set send hold count

Example:

Switch(config)# spanning-tree tx-hold-count 6

• Maximum hop count

Command: spanning-tree max-hops HOP

Mode: global configuration mode

Parameter:

Parameter	Description
hop	The maximum number of hops, an integer ranging from 1 to 40

Description: Set the maximum number of hops

Example:

Switch(config)# spanning-tree max-hops 20

• Show spanning tree

Command: show spanning tree

Mode: privileged EXEC mode

Parameter: none

Description: View spanning tree information

Example:

Switch # show spanning tree

Port settings

• Port selection

Command:

1. interface Ethernet id/LAG id
2. interface range Ethernet/LAG <nm>

Mode: privileged EXEC mode

Parameter:

Parameter	Description
Ethernet id/LAG id	Select switch ports, including common interfaces and aggregated interfaces.
Ethernet/LAG <nm>	Select the switch port range , including common interfaces and aggregated interfaces.

Description: Select ports for spanning tree related configuration

Example:

Switch(config)# interface range Ethernet 1/0/2-1/0/10

• Port path cost

Command: spanning-tree cost COST

Mode: global configuration mode

Parameter:

Parameter	Description
cost	When the global path cost is set to long, the range is an integer between 0 and 200000000; when the global path cost is set to short, the range is an integer between 0 and 65535; when it is set to 0, it automatically matches the global setting

Description: Set port path cost

Example:

Switch(config-if-range)# spanning-tree cost 100

• Port priority

Command: spanning-tree port-priority PRIORITY

Mode: global configuration mode

Parameter:

Parameter	Description
priority	Port priority, the value is an integer between 0 and 240, and it is a multiple of 16

Description: Set port priority

Example:

Switch(config-if-range)# spanning-tree port-priority 0

• Configure edge ports

Command: spanning-tree-edge {auto|true|false}

Mode: global configuration mode

Parameter:

Parameter	Description
auto|true|false	port edge setting

Description: Set the edge port function of the port

Example:

Switch(config-if-range)# spanning-tree edge auto

• Enable/disable BPDU filtering

Command:

1. spanning-tree bpdu-filter
2. no spanning-tree bpdu-filter

Mode: global configuration mode

Parameter: none

Description: Set the BPDU filtering function of the port

Example:

Switch(config-if-range)# spanning-tree bpdu-filter

• Enable/disable BPDU protection

Command:

1. spanning-tree bpdu-guard
2. no spanning-tree bpdu-guard

Mode: global configuration mode

Parameter: none

Description: Set the BPDU protection function of the port

Example:

Switch(config-if-range)# spanning-tree bpdu-guard

• Point-to-point link

Command:

1. spanning-tree link-type (point-to-point|shared)
2. no spanning-tree link-type

Mode: interface configuration mode

Parameter:

Parameter	Description
point-to-point	Start a point-to-point link
shared	Disable point-to-point link

Description:

Set the point-to-point link function of the port

no spanning-tree link-type : restore the port as an automatic identification link

Example:

Switch(config-if-range)# no spanning-tree link-type shared

• Show port

Command: show spanning-tree interfaces IF_PORTS [statistic]

Mode: privileged EXEC mode

Parameter:

parameter	describe
interfaces IF_PORTS	Port ID or range of port IDs
statistic	Display the spanning tree data information of the port

Description: View port spanning tree information

Example:

Switch# show spanning-tree interfaces Ethernet 1/0/2

Port eth1/0/2 enabled
State: forwarding
Role: root
Port id: 12 8.2
Port cost: 4
Type: P2P (STP)
Edge Port: No
Designated bridge Priority : 32767
Address: c0:74:ad:98:d5:10
Designated port id: 128.2
Designated path cost: 0
BPDU Filter: Disabled
BPDU guard: Disabled
BPDU: sent 6, received 692

MST instance

• Enter MST configuration

Command: spanning-tree mst configuration

Mode: global configuration mode

Parameter: none

Description: MST configuration to enter MSTP mode

Example:

Switch(config)# spanning-tree mst configuration

• Domain name

Command: name NAME

Mode: MST configuration mode

Parameter:

Parameter	Description
name	MST domain name , up to 32 characters

Description: Set MST domain name

Example:

Switch(config-mst)# name 123

• Revision

Command: revision REVISION

Mode: MST configuration mode

Parameter:

Parameter	Description
revision	MSTP revision, an integer ranging from 0 to 65535

Description: Set MSTP revision

Example:

Switch(config-mst)# revision 123

• Instances and VLANs

Command: instance instance-id vlan vlan-list

Mode: MST configuration mode

Parameter:

Parameter	Description
instance-id	Instance ID (0-15)
vlan-list	instance mapping, you can only fill in one VLAN , or take a range, if not filled, the default is 1-4094

Description: Set the mapping relationship between instances and VLANs

Example:

Switch(config-mst)# instance 2 vlan 50-100

• Instance priority

Command: spanning-tree mst instance-id priority priority

Mode: MST configuration mode

Parameter:

Parameter	Description
instance-id	Instance ID (0-15)
priority	Instance priority, an integer ranging from 0 to 61440 and a multiple of 4096

Description: Set instance priority

Example:

Switch(config-mst)# instance 2 priority 0

• Show MST configuration

Command: show spanning-tree mst configuration

Mode: privileged EXEC mode

Parameter: none

Description: View MST configuration

Example:

Switch# show spanning-tree mst configuration

MST port settings

• Port selection

Command:

1. interface Ethernet id/LAG id
2. interface range Ethernet/LAG <nm>

Mode: global configuration mode

Parameter:

Parameter	Description
Ethernet id/LAG id	Select switch ports, including common interfaces and aggregated interfaces
Ethernet/LAG <nm>	Select the switch port range , including common interfaces and aggregated interfaces

Description: Select port for MST port configuration

Example:

Switch(config)# interface range Ethernet 1/0/2-1/0/10

• Port path cost

Command: spanning-tree mst instance-id cost cost

Mode: interface configuration mode

Parameter:

Parameter	Description
instance-id	Instance ID
cost	Path cost , an integer ranging from 0 to 200000000

Description: Set the path cost of the specified port in the MST instance

Example:

Switch(config-if-range)# spanning-tree mst 2 cost 100

• Port priority

Command: spanning-tree mst instance-id port-priority priority

Mode: interface configuration mode

Parameter:

Parameter	Description
instance-id	Instance ID
priority	Port priority , an integer ranging from 0 to 240 , and a multiple of 16

Description: Set the priority of the specified port in the MST instance

Example:

Switch(config-if-range)# spanning-tree mst 2 port-priority 0

• Show MST instance configuration

Command: show spanning-tree mst instance-id interface IF_PORTS

Mode: privileged EXEC mode

Parameter:

Parameter	Description
instance-id	Instance ID (0-15)
IF_PORTS	port or port range

Description: View the configuration of the MST instance on the specified port

Example:

Switch# show spanning-tree mst 2

VLAN settings (PVST)

• Create a VLAN instance

Command: spanning-tree pvst vlan VLAN-LIST

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN ID, enter an integer from 1 to 4094 , multiple choices

Description: Create a VLAN instance

Example:

Switch(config)# spanning-tree pvst vlan 1

• Delete a VLAN instance

Command: no spanning-tree pvst vlan VLAN-LIST

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN ID, enter an integer from 1 to 4094 , multiple choices

Description: Delete a VLAN instance

Example:

Switch(config)# no spanning-tree pvst vlan 1

• Contact time

Command: spanning-tree pvst vlan VLAN-LIST hello-time <1-10>

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN ID, enter an integer from 1 to 4094 , multiple choices
<1-10>	Contact time , an integer ranging from 1 to 10 , the default is 2 , and it needs to satisfy (Hello Time+1)*2≤Max Age≤(Forward Delay-1)*2

Description: Set contact time for VLAN instance

Example:

Switch(config)# spanning-tree pvst vlan 1 hello-time 2

• Reset Contact Hours

Command: no spanning-tree pvst vlan VLAN-LIST hello-time

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN ID, enter an integer from 1 to 4094 , multiple choices

Description: Reset the contact time of the VLAN instance to the default value of 2 seconds

Example:

Switch(config)# no spanning-tree pvst vlan 1 hello-time

• Forwarding delay time

Command: spanning-tree pvst vlan VLAN-LIST forward-delay <4-30>

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN ID, the input range is an integer from 1 to 4094 , multiple choices are possible
<4-30>	Forwarding delay time , the value range is an integer from 4 to 30 , the default is 15 seconds , and it needs to satisfy (Hello Time+1)*2≤Max Age≤(Forward Delay-1)*2

Description: Set the forwarding delay time of the VLAN instance

Example:

Switch(config)# spanning-tree pvst vlan 1 forward-delay 15

• Reset forwarding delay time

Command: no spanning-tree pvst vlan VLAN-LIST forward-delay

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN ID, the input range is an integer from 1 to 4094 , multiple choices are possible

Description: Reset the forwarding delay time of the VLAN instance to the default value of 15 seconds

Example:

Switch(config)# no spanning-tree pvst vlan 1 forward-delay

• Aging time

Command: spanning-tree pvst vlan VLAN-LIST maximum-age <6-40>

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN ID, the input range is an integer from 1 to 4094 , multiple choices are possible
<6-40>	The maximum presbyopia time , an integer ranging from 6 to 40 , the default is 20 seconds , and it needs to satisfy (Hello Time+1)*2≤Max Age≤(Forward Delay-1)*2.

Description: Set the maximum aging time of a VLAN instance

Example:

Switch(config)# spanning-tree pvst vlan 1 maximum-age 20

• Reset max aging time

Command: no spanning-tree pvst vlan VLAN-LIST forward-delay

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN ID, the input range is an integer from 1 to 4094 , multiple choices are possible

Description: time of VLAN instances to the default value of 20 seconds

Example:

Switch(config)# no spanning-tree pvst vlan 1 maximum-age

• Priority

Command: spanning-tree pvst vlan VLAN-LIST priority <0-61440>

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN ID, the input range is an integer from 1 to 4094 , multiple choices are possible
<0-61440>	Priority , the value range is an integer from 0 to 61440 , and it is a multiple of 4096 , the default is 32768

Description:

1. set priority
2. Note: In PVST mode, the actual priority of each instance is the sum of priority and VLAN ID

Example:

Switch(config)# spanning-tree pvst vlan 1 priority 32768

• Reset priority

Command: no spanning-tree pvst vlan VLAN-LIST priority

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN ID, the input range is an integer from 1 to 4094 , multiple choices are possible

Description: Reset priority to default 32768

Example:

Switch(config)# no spanning-tree pvst vlan 1 priority

• View VLAN instance

Command: show spanning-tree pvst VLAN-LIST

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN ID, enter an integer from 1 to 4094 , multiple choices

Description: View VLAN instance

Example:

Switch(config)# show spanning-tree pvst 1

PVST port settings

• Port selection

Command:

1. interface Ethernet id/LAG id
2. interface range Ethernet/LAG <nm>

Mode: global configuration mode

Parameter:

Parameter	Description
Ethernet id/LAG id	Select switch ports, including common interfaces and aggregated interfaces
Ethernet/LAG <nm>	Select the switch port range , including common interfaces and aggregated interfaces

Description: Select port for PVST port configuration

Example:

Switch(config)# interface range Ethernet 1/0/2-1/0/10

• Port priority

Command: spanning-tree pvst vlan <1-4094> port- priority <0-240>

Mode: interface configuration mode

Parameter:

Parameter	Description
<1-4094>	VLAN ID, the input range is an integer from 1 to 4094 , multiple choices are possible.
<0-240>	Port priority , the value range is an integer from 0 to 240 , and it is a multiple of 16 , and the default is 128.

Description: Set port priority

Example:

Switch(config-if-range)# spanning-tree pvst vlan 1 port-priority 128

• Reset port priority

Command: no spanning-tree pvst vlan <1-4094> port- priority

Mode: interface configuration mode

Parameter:

Parameter	Description
<1-4094>	VLAN ID, the input range is an integer from 1 to 4094 , multiple choices are possible

Description: Reset port priority to default 128

Example:

Switch(config-if-range)# no spanning-tree pvst vlan 1 port-priority

• Port path cost

Command: spanning-tree pvst vlan <1-4094> port-cost cost

Mode: interface configuration mode

Parameter:

Parameter	Description
<1-4094>	VLAN ID, the input range is an integer from 1 to 4094 , multiple choices are possible
cost	Port path overhead. The value range is determined according to the setting of the global path cost. If the global path cost is “long”, the value range is an integer from 0 to 200000000 ; if the global path cost is “short”, the value range is an integer from 0 to 65535 . 0 indicates that the path cost calculation is performed automatically.

Description: Set the path cost of the port

Example:

Switch(config-if-range)# spanning-tree pvst vlan 1 port-cost 4096

• Reset port path cost

Command: no spanning-tree pvst vlan <1-4094> port-cost

Mode: interface configuration mode

Parameter:

Parameter	Description
<1-4094>	VLAN ID, the input range is an integer from 1 to 4094 , multiple choices are possible.

Description: Reset the path cost of the port

Example:

Switch(config-if-range)# no spanning-tree pvst vlan 1 port-cost

IP

View switch gateway

Command: show ip

Mode: privileged EXEC mode

Parameter: none

Description: View switch gateway

Example:

Switch # show ip

VLAN IPv4 interface

View all VLAN IPv4 interfaces

Command: show ip interface

Mode: privileged EXEC mode

Parameter:

Parameter	Description
IP Address	IPv4 address
I/F	VLAN IDs
I/F Status	Interface status (up/down)
Type	Interface type (Default/Static/DHCP)
Status	Interface status (Valid/Not Received)

Description: View all IPv4 interfaces

Example:

Switch# show ip interface

View the specified VLAN IPv4 interface

Command:

1. show ip interface loopback1
2. show ip interface vlanxxx

Mode: privileged EXEC mode

Parameter:

Parameter	Description
vlanxxx	VLAN ID, the value range is 1-4094
IP Address	IPv4 address
I/F	VLAN IDs
I/F Status	Interface status (up/down)
type	Interface type (Default/Static/DHCP)
Status	Interface status (Valid/Not Received)

Description: View the specified VLAN IPv4 interface

Example:

View the IPv4 interfaces of loopback1 , VLAN 1 and VLAN 1000
Switch# show ip interface Loopback1
Switch# show ip interface vlan1
Switch# show ip interface vlan1000

Configure static type VLAN IPv4 interface

Command:

1. ip address ip/masklength
2. ip address ip netmask

Mode: interface configuration mode

Parameter:

Parameter	Description
ip	IPv4 address
mask length	mask length
netmask	subnet mask

Description: Configure static type VLAN IPv4 interface

Example:

Configure the static IPv4 address of VLAN 100 as 192.168.70.111 and the subnet mask as 255.255.255.0
Switch#config
Switch(config)#interface vlan 100
Switch(config-if)#ip address 192.168.70.111/24
Switch(config-if)#ip address 192.168.70.111 255.255.255.0

Configure DHCP type VLAN IPv4 interface

Command: ip dhcp client

Mode: interface configuration mode

Parameter: none

Description: Configure DHCP-type VLAN IPv4 interface

Example:

Configure a dynamic IPv4 interface address for VLAN 101
Switch#config
Switch(config)#interface vlan 101
Switch(config-if)#ip dhcp client

Configure the DHCP gateway priority of IPv4 interface

Command: ip dhcp gateway priority <2-255>

Mode: interface configuration mode

Parameter:

Parameter	Description
<2-255>	Gateway priority, the value range is 2-255 , the default is 2. The smaller the value , the higher the priority.

Description: Configuring the DHCP Gateway Priority of an IPv4 Interface.

Example:

Configure the DHCP gateway priority of VLAN 101 as 10
Switch#config
Switch(config)#interface vlan 101
Switch(config-if)#ip dhcp client
Switch(config-if)#ip dhcp gateway priority 10

Clear the static address configuration of the VLAN IPv4 interface

Command:

1. no ip address
2. no ip address ABCD

Mode: interface configuration mode

Parameter:

Parameter	Description
ABCD	IPv4 address

Description: Clear the static address configuration of the VLAN IPv4 interface

Example:

Switch#config
Switch(config)#interface vlan 101
Switch(config-if)#no ip address
Switch(config-if)#no ip address 192.168.10.10

Clear the DHCP address configuration of the VLAN IPv4 interface

Command: no ip dhcp client

Mode: interface configuration mode

Parameter: none

Description: Clear the DHCP address configuration of the VLAN IPv4 interface

Example:

Clear the IPv4 DHCP address configuration of VLAN 101
Switch#config
Switch(config)#interface vlan 101
Switch(config-if)#no ip dhcp client

Set the VLAN interface as the management VLAN interface

Command: management-vlan

Mode: interface configuration mode

Parameter: none

Description: Set the interface as the management VLAN interface

Example:

Set the VLAN 101 interface as the management VLAN interface
Switch#config
Switch(config)#interface vlan 101
Switch(config-if)#management-vlan

Restore the management VLAN interface to the default VLAN 1 interface

Command: no management-vlan

Mode: interface configuration mode

Parameter: none

Description: Restore the management VLAN interface to the default VLAN 1 interface

Example:

Switch#config
Switch(config)#interface vlan 101
Switch(config-if)#no management-vlan

VLAN IPv6 interface

View all VLAN IPv6 interfaces

Command: show ip v6 interface

Mode: privileged EXEC mode

Parameter: none

Description: View all IPv6 interfaces

Example:

Switch# show ip v6 interface

View the specified VLAN IPv6 interface

Command:

1. show ip v6 interface loopback1
2. Show ip v6 interface vlanxxx

Mode: privileged EXEC mode

Parameter:

Parameter	Description
vlanxxx	VLAN ID , the value range is 1-4094

Description: View the specified VLAN IPv6 interface

Example:

View the IPv6 interfaces of loopback1 , VLAN 1 and VLAN 1000
Switch# show ipv6 interface Loopback1
Switch# show ipv6 interface vlan1
Switch# show ipv6 interface vlan1000

Enabling the IPv6 function on a VLAN interface

Command: ip v6 enable

Mode: interface configuration mode

Parameter: none

Description: Enabling the IPv6 function on a VLAN interface it is enabled , the link-local address automatic generation function is enabled by default.

Example:

Enable the IPv6 function on VLAN 100 interface
Switch#config
Switch(config)#interface vlan 100
Switch(config-if)#ipv6 enable

Disable the IPv6 function of the VLAN interface

Command: no ip v6 enable

Mode: interface configuration mode

Parameter: none

Description: Disable the IPv6 function of the VLAN interface

Example:

Disable the IPv6 function of VLAN 100 interface
Switch#config
Switch(config)#interface vlan 100
Switch(config-if)#no ipv6 enable

Statically configuring the IPv6 link-local address of a VLAN interface

Command: ip v6 address X:X::X:X link-local

Mode: interface configuration mode

Parameter:

Parameter	Description
X:X::X:X	link local address

Description: Statically configuring the IPv6 link-local address of a VLAN interface.

Example:

Configure the IPv6 link-local address of VLAN 101 interface as fe80::1111
Switch#config
Switch(config)#interface vlan 101
Switch(config-if)#ipv6 enable
Switch(config-if)#ipv6 address fe80::1111 link-local

Statically configuring the IPv6 global unicast address of a VLAN interface

Command: ip v6 address X:X::X:X/<1-128>

Mode: interface configuration mode

Parameter:

Parameter	Description
X:X::X:X/<1-128>	global unicast address

Description: Configuring an IPv6 global unicast address for a VLAN interface

Example:

Configure the IPv6 global unicast address of VLAN 101 interface as 2002: : 1111/64
Switch#config
Switch(config)#interface vlan 101
Switch(config-if)#ipv6 enable
Switch(config-if)#ipv6 address 2002::1111/64

Configure the IPv6 global unicast address of the VLAN interface as stateful DHCPv6

Command: ip v6 dhcp client

Mode: interface configuration mode

Parameter: none

Description: Configure the IPv6 global unicast address of the VLAN interface as stateful DHCPv6

Example:

Configure the IPv6 global unicast address of VLAN 1 0 1 interface as stateful DHCPv6
Switch#config
Switch(config)#interface vlan 101
Switch(config-if)#ipv6 enable
Switch(config-if)#ipv6 dhcp client

Configure the IPv6 global unicast address of the VLAN interface as stateless DHCPv6

Command: ip v6 dhcp client stateless

Mode: interface configuration mode

Parameter: none

Description: Configure the IPv6 global unicast address of the VLAN interface as stateless DHCPv6

Example:

Configure the IPv6 global unicast address of VLAN 101 interface as stateless DHCPv6
Switch#config
Switch(config)#interface vlan 101
Switch(config-if)#ipv6 enable
Switch(config-if)#ipv6 dhcp client stateless

Configure the IPv6 global unicast address of the VLAN interface as stateless auto-configuration

Command: ip v6 address autoconfig

Mode: interface configuration mode

Parameter: none

Description: Configure the IPv6 global unicast address of the VLAN interface as stateless auto-configuration

Example:

Configure the IPv6 global unicast address of VLAN 101 interface as stateless automatic configuration
Switch#config
Switch(config)#interface vlan 101
Switch(config-if)#ipv6 enable
Switch(config-if)#ipv6 address autoconfig

Configure the automatic configuration gateway priority of the IPv6 interface global unicast address

Command: ipv6 dhcp gateway priority <2-255>

Mode: interface configuration mode

Parameter:

Parameter	Description
<2-255>	Gateway priority, the value range is 2-255 , the default is 2. The smaller the value , the higher the priority

Description: Configure the gateway priority for stateful DHCPv6, stateless DHCPv6, or stateless auto-configuration of the IPv6 interface global unicast address.

Example:

Configure the IPv6 global unicast address of VLAN 101 with a stateful DHCPv6 gateway priority of 10
Switch#config
Switch(config)#interface vlan 101
Switch(config)#ipv6 enable
Switch(config-if)#ip v6 dhcp client
Switch(config-if)#ip v6 dhcp gateway priority 10

Clear the address configuration of the VLAN IPv6 interface

Command:

1. no ip v6 address
2. no ipv6 address X:X::X:X/<1-128>
3. no ipv6 address autoconfig
4. no ipv6 dhcp client
5. no ipv6 dhcp client stateless

Mode: interface configuration mode

Parameter:

Parameter	Description
X:X::X:X/<1-128>	global unicast address

Description:

1. no ip v6 address : Clear the IPv6 manually configured address of the VLAN interface, including link- local addresses and global unicast addresses.
2. no ipv6 address X:X::X:X/<1-128> : Clear the specified IPv6 manually configured address , link-local address or global unicast address of the VLAN interface.
3. no ipv6 address autoconfig : Clear the IPv6 global unicast stateless autoconfig address of the VLAN interface.
4. no ipv6 dhcp client : Clear the IPv6 global unicast stateful DHCPv6 address of the VLAN interface.
5. no ipv6 dhcp client stateless : Clear the IPv6 global unicast stateless DHCPv6 address of the VLAN interface.

Example:

Switch#config
Switch(config)#interface vlan 101
Switch(config-if)#no ipv6 address
Switch(config-if)#no ipv6 address 2002 ::1111 /64
Switch(config-if)#no ipv6 address autoconfig
Switch(config-if)#no ipv6 dhcp client
Switch(config-if)#no ipv6 dhcp client stateless

Disable VLAN interface

Command: shutdown

Mode: interface configuration mode

Parameter: none

Description: Disable VLAN interface

Example:

Disable VLAN 101 interface
Switch#config
Switch(config)#interface vlan 101
Switch(config-if)#shutdown

Undisable vlan interface

Command: no shutdown

Mode: interface configuration mode

Parameter: none

Description: undisable vlan interface

Example:

Undisable VLAN 101 interface
Switch#config
Switch(config)#interface vlan 101
Switch(config-if)#no shutdown

VLAN IPv6 interface route advertisement

Enable the VLAN interface route advertisement function

Command: Ipv6 nd ra enable

Mode: Interface VLAN configuration mode

Parameter: none

Description: Enable the VLAN interface route advertisement function

Example:

Enable the route advertisement function of VLAN 101
Switch # config
Switch(config)# interface vlan101
Switch(config-if ) # ipv6 enable
Switch(config-if)# ipv6 nd ra enable

Disable the VLAN interface route advertisement function

Command: no ipv 6 nd ra enable

Mode: Interface VLAN configuration mode

Parameter: none

Description: Disable interface route advertisement function

Example:

Switch(config-if)# no ipv6 nd ra enable

Turn on option information

Command: ipv6 nd ra adv-interval-option

Mode: Interface VLAN configuration mode

Parameter: none

Description: Open option information

Example:

Enable route advertisement option information for VLAN 101
Switch # config
Switch(config)# interface vlan101
Switch(config-if)# ipv6 enable
Switch(config-if)# ipv6 nd ra enable
Switch(config-if)# ipv6 nd ra adv-interval-option

Close option information

Command: no ipv6 nd ra adv-interval-option

Mode: Interface VLAN configuration mode

Parameter: none

Description: Close option information

Example:

Switch(config-if)# no ipv6 nd ra adv-interval-option

Route Advertisement Interval

Command: ipv6 nd ra interval <1-1800>

Mode: Interface VLAN configuration mode

Parameter:

Parameter	Description
<1-1800>	Route advertisement interval time, an integer ranging from 1 to 1800 , the default is 600 seconds.

Description: Set the route advertisement interval.

Example:

Set the route advertisement interval of VLAN 101 to 900 seconds
Switch # config
Switch (config)# interface vlan101
Switch(config-if)# ipv6 enable
Switch(config-if)# ipv6 nd ra enable
Switch(config-if)# ipv6 nd ra interval 900

Survival time

Command: ipv6 nd ra lifetime <0-9000>

Mode: Interface VLAN configuration mode

Parameter:

Parameter	Description
<0-9000>	Set the life time of IP v6 routing advertisement, the value range is an integer from 0 to 9000, and the default is 1800 seconds.

Description: Set the VLAN interface route advertisement lifetime.

Example:

Set the route advertisement lifetime of VLAN 101 to 1200 seconds
Switch # config
Switch(config)# interface vlan101
Switch(config-if)# ipv6 enable
Switch(config-if)# ipv6 nd ra enable
Switch(config-if)# ipv6 nd ra lifetime 1200

Turn on the flag bit M Flag

Command: ipv6 nd ra managed-config-flag

Mode: Interface VLAN configuration mode

Parameter: none

Description: Turn on the flag bit M Flag

Example:

Switch # config
Switch(config)# interface vlan101
Switch(config-if)# ipv6 enable
Switch(config-if)# ipv6 nd ra enable
Switch (config-if)# ipv6 nd ra managed-config-flag

Close the flag bit M Flag

Command: no ipv6 ra managed-config-flag

Mode: Interface VLAN configuration mode

Parameter: none

Description: Close the flag bit M Flag

Example:

Switch (config-if)# no ipv6 nd ra managed-config-flag

Turn on the flag O Flag

Command: ipv6 nd ra other-config-flag

Mode: Interface VLAN configuration mode

Parameter: none

Description: Turn on the flag O Flag

Example:

Switch # config
Switch(config)# interface vlan101
Switch(config-if)# ipv6 enable
Switch(config-if)# ipv6 nd ra enable
Switch(config-if)# ipv6 nd ra other-config-flag

Close the flag O Flag

Command: no ipv6 nd ra other-config-flag

Mode: Interface VLAN configuration mode

Parameter: none

Description: Close the flag O Flag

Example:

Switch(config-if)# no ipv6 nd ra other-config-flag

Default route priority

Command: ipv6 nd ra router-preference { high / low / medium }

Mode: Interface VLAN configuration mode

Parameter:

Parameter	Description
high / low / medium	Set the default route priority to high/low/medium

Description: Set default route priority

Example:

Set the default route priority of VLAN 101 to high
Switch # config
Switch(config)# interface vlan101
Switch(config-if)# ipv6 enable
Switch(config-if)# ipv6 nd ra enable
Switch (config-if)# no ipv6 nd ra router-preference high

IPv6 addresses and prefixes

Command: ipv6 nd ra prefix X:X::X:X/<1-127>

Mode: Interface VLAN configuration mode

Parameter:

Parameter	Description
X:X::X:X/<1-127>	Set IPv6 address/prefix

Description: Set IPv6 address /prefix

Example:

Switch # config
Switch(config)# interface vlan101
Switch(config-if)# ipv6 enable
Switch(config-if)# ipv6 nd ra enable
Switch(config-if)# ipv6 nd ra prefix 2001::1/64

Survival time

Command: ipv6 nd ra prefix X:X::X:X/<1-127> <0-4294967295> <0-4294967295>

Mode: Interface VLAN configuration mode

Parameter:

Parameter	Description
X:X::X:X/<1-127>	Set IPv6 address/prefix
<0-4294967295>	Set the effective survival time and preferred survival time, the value range is an integer from 0 to 4294967295 , the default effective survival time is 2592000 seconds , and the preferred survival time is 604800 seconds

Description: the effective lifetime and preferred lifetime for IPv6 addresses /prefixes

Example:

Set the effective lifetime and preferred lifetime of the 2001::1/64 address of the VLAN 101 interface to 3000 seconds and 1200 seconds respectively
Switch # config
Switch(config)# interface vlan101
Switch(config-if)# ipv6 enable
Switch(config-if)# ipv6 nd ra enable
Switch(config-if)# ipv6 nd ra prefix 2001::1/64
Switch(config-if)# ipv6 nd ra prefix 2001::1/64 3000 1200

Enable/disable flag A Flag, O Flag, R Flag

Command:

1. ipv6 nd ra prefix X:X::X:X/<1-127>
2. ipv6 nd ra prefix X:X::X:X/<1-127> router-address
3. ipv6 nd ra prefix X:X::X:X/<1-127> no-autoconfig
4. ipv6 nd ra prefix X:X::X:X/<1-127> off-link

Mode: Interface VLAN configuration mode

Parameter:

Parameter	Description
X:X::X:X/<1-127>	Set IPv6 address/prefix
router-address	Enable A Flag , O Flag and R Flag
no-autoconfig	Turn off A Flag and R Flag
off-link	Close O Flag

Description: Enable/disable flag A Flag, O Flag and R Flag

Example:

Switch # config
Switch(config)# interface vlan101
Switch(config-if)# ipv6 enable
Switch(config-if)# ipv6 nd ra enable
Switch(config-if)# ipv6 nd ra prefix 2001::1/64
Switch(config-if)# ipv6 nd ra prefix 2001::1/64 router-address
Switch(config-if)# ipv6 nd ra prefix 2001::1/64 no-autoconfig
Switch(config-if)# ipv6 nd ra prefix 2001::1/64 off-link

DHCP Server

Enable/disable DHCP Server

Command:

1. ip dhcp server
2. no ip dhcp server

Mode: global configuration mode

Parameter: none

Description: Enable/ disable DHCP server

Example:

Switch(config)# ip dhcp server
Switch(config)# no ip dhcp server

Add global address pool

Command: ip dhcp server global pool LISTNAME ABCD a .bcd lease <60-2880>

Mode: global configuration mode

Parameter:

Parameter	Description
LISTNAME	Address pool name, the length is limited to 1-64 bytes
ABCD	Subnet IP
abcd	subnet mask
<60-2880>	Lease time, in minutes, an integer ranging from 60 to 2880

Description: Configure the global address pool

Example:

Switch # config
Switch(config)# ip dhcp server global pool 1 192.168.3.0 255.255.255.0 lease 60

Delete the global address pool

Command: no ip dhcp server global pool LISTNAME

Mode: global configuration mode

Parameter:

Parameter	Description
LISTNAME	Address pool name, the length is limited to 1-64 bytes, “\?/, characters are not supported.

Description: Delete the global address pool

Example:

Switch # config
Switch(config)# no ip dhcp server global pool 1

Add interface address pool

Command: ip dhcp server interface pool LISTNAME ABCD a .bcd lease <60-2880>

Mode: global configuration mode

Parameter:

Parameter	Description
LISTNAME	Address pool name, the length is limited to 1-64 bytes
ABCD	start ip
abcd	end IP
<60-2880>	Lease time, in minutes, an integer ranging from 60 to 2880

Description: Configure an interface address pool

Example:

Switch(config)# ip dhcp server interface pool 1 192.168.4.2 192.168.4.254 lease 90

Delete interface address pool

Command: no ip dhcp server interface pool LISTNAME

Mode: global configuration mode

Parameter:

Parameter	Description
LISTNAME	Address pool name, the length is limited to 1-64 bytes

Description: Delete interface address pool

Example:

Switch(config)# ip dhcp server interface pool 1

Configure address pool lease

Command: ip dhcp server pool LISTNAME lease <60-2880>

Mode: global configuration mode

Parameter:

Parameter	Description
LISTNAME	Address pool name, the length is limited to 1-64 bytes
<60-2880>	Lease time, in minutes, an integer ranging from 60 to 2880

Description: Configure address pool lease

Example:

Switch(config)# ip dhcp server pool 1 lease 120

Add/Delete Address Pool DNS

Command: [no] ip dhcp server pool LISTNAME dns A.B.C.D [A.B.C.D] [A.B.C.D] [A.B.C.D] [A.B.C.D] [A.B.C.D] [A.B.C.D] [A.B.C.D]

Mode: global configuration mode

Parameter:

Parameter	Description
LISTNAME	Address pool name, the length is limited to 1-64 bytes
A.B.C.D	DNS server, configure up to 8

Description: Add/Delete Address Pool DNS

Example:

Add DNS server address 8.8.8.8 of address pool 1
Switch(config)# ip dhcp server pool 1 dns 8.8.8.8

Delete the DNS server address 8.8.8.8 of address pool 1
Switch(config)# no ip dhcp server pool 1 dns 8.8.8.8

Add address pool Netbios node type

Command: ip dhcp server pool LISTNAME netbios {b/h/m/p}

Mode: global configuration mode

Parameter:

Parameter	Description
LISTNAME	Address pool name, the length is limited to 1-64 bytes
b/h/m/p	Netbios node type

Description: Configure Netbios node type

Example:

Switch(config)# ip dhcp server pool 1 netbios b

Delete the address pool Netbios node type

Command: no ip dhcp server pool LISTNAME netbios

Mode: global configuration mode

Parameter:

Parameter	Description
LISTNAME	Address pool name, the length is limited to 1-64 bytes

Description: Delete Netbios node type

Example:

Switch(config)# no ip dhcp server pool 1 netbios

Add DHCP Options

Command: ip dhcp server pool LISTNAME option <2-254> type { ascii /ip/hex} WORD

Mode: global configuration mode

Parameter:

Parameter	Description
LISTNAME	Address pool name, the length is limited to 1-64 bytes
<2-254>	DHCP options , integers ranging from 2 to 254 , excluding 50 to 54 , 56, 58, 59, 61 and 82
{ ascii /ip/hex}	DHCP option type, including ASCII, IP and Hex
WORD	DHCP option content, according to the option type, enter the content that conforms to the format. ASCII : string of 0-255 _ IP : IPv4 address format , up to 8 H ex: 0-256 characters , the number of digits must be even

Description: Add DHCP Option

Example:

Switch(config)# ip dhcp server pool 1 option 3 type ip 192.168.1.1

Delete DHCP Option

Command: ip dhcp server pool LISTNAME option <2-254>

Mode: global configuration mode

Parameter:

Parameter	Description
LISTNAME	Address pool name, the length is limited to 1-64 bytes
<2-254>	DHCP options , integers ranging from 2 to 254 , excluding 50 to 54 , 56, 58, 59, 61 and 82

Description: Delete DHCP Option

Example:

Switch(config)# no ip dhcp server pool 1 option 3

Add/Remove WINS Servers

Command: [no] ip dhcp server pool LISTNAME wins A.B.C.D [A.B.C.D] [A.B.C.D] [A.B.C.D] [A.B.C.D] [A.B.C.D] [A.B.C.D] [A.B.C.D]

Mode: global configuration mode

Parameter:

Parameter	Description
LISTNAME	Address pool name, the length is limited to 1-64 bytes
A.B.C.D	WINS server, configure up to 8

Description: Add/remove WINS server addresses

Example:

Add WINS server 192.168.3.2 of address pool 1
Switch(config)# ip dhcp server pool 1 wins 192.168.3.2

Delete the WINS server 192.168.3.2 of address pool 1
Switch(config)# no ip dhcp server pool 1 wins 192.168.3.2

Delete address pool

Command: no ip dhcp server pool LISTNAME

Mode: global configuration mode

Parameter:

Parameter	Description
LISTNAME	Address pool name, the length is limited to 1-64 bytes

Description: delete address pool

Example:

Switch(config)# no ip dhcp server pool 1

Add static binding table

Command:

1. ip dhcp server pool LISTNAME bind A.B.C.D A:B:C:D:E:F (ethnet|ieee802)
2. ip dhcp server pool LISTNAME bind A.B.C.D A:B:C:D:E:F (ethnet|ieee802) cName NAME
3. ip dhcp server pool LISTNAME bind A.B.C.D A:B:C:D:E:F (ethnet|ieee802) cId Id
4. ip dhcp server pool LISTNAME bind A.B.C.D A:B:C:D:E:F (ethnet|ieee802) cName NAME cId Id

Mode: global configuration mode

Parameter:

Parameter	Description
LISTNAME	Address pool name, the length is limited to 1-64 bytes
A.B.C.D	IPv4 address to which the client is bound
A:B:C:D:E:F	Client MAC address
ethnet|ieee802	Client hardware address type
name	Client name, up to 64 characters, “\?/, characters are not supported.
ID	Client ID

Description: Add static binding table

Example:

Switch(config)# ip dhcp server pool 1 bind 192.168.1.2 00:0b:82:90:78:02 ethnet cName 2222 cId 4444

Delete static binding table

Command: no ip dhcp server pool LISTNAME bind ABCD A:B:C:D:E:F

Mode: global configuration mode

Parameter:

Parameter	Description
LISTNAME	Address pool name, the length is limited to 1-64 bytes
ABCD	IPv4 address to which the client is bound
A:B:C:D:E:F	Client MAC address

Description: delete static binding table

Example:

Switch(config)# no ip dhcp server pool 1 bind 192.168.1.2 00:0b:82:90:78:02

DHCP Relay

Enable/disable DHCP relay

Command: [no] ip dhcp relay enable

Mode: global configuration mode

Parameter: none

Description: Enable/disable DHCP relay

Example:

Switch # config
Switch(config)# ip dhcp relay enable
Switch(config)# no ip dhcp relay enable

Enable/disable DHCP polling

Command: [no] ip dhcp relay loop

Mode: global configuration mode

Parameter: none

Description: Enable/disable DHCP polling

Example:

Switch(config)# ip dhcp relay loop
Switch(config)# no ip dhcp relay loop

Configure TTL

Command: ip dhcp relay ttl <1-16>

Mode: global configuration mode

Parameter:

Parameter	Description
1-16	TTL, an integer ranging from 1 to 16

Description: Configure TTL

Example:

Switch(config)# ip dhcp relay ttl 6

Add DHCP server

Command: ip dhcp relay nexthop A.B.C.D [A.B.C.D] [A.B.C.D] [A.B.C.D] [A.B.C.D] [A.B.C.D] [A.B.C.D] [A.B.C.D] [A.B.C.D] [A.B.C.D]

Mode: global configuration mode

Parameter:

Parameter	Description
ABCD	next hop IP address

Description: Configure DHCP server

Example:

Switch(config)# ip dhcp relay nexthop 192.168.3.1

Delete DHCP server

Command: no ip dhcp relay nexthop

Mode: Interface VLAN configuration mode

Parameter: none

Description: Delete DHCP server

Example:

Switch(config)# no ip dhcp relay nexthop

ARP

Set the ARP aging time

Command: arp timeout seconds

Mode: global configuration mode

Parameter:

Parameter	Description
seconds	ARP address aging time, the value range is 30-21600 seconds, the default is 1200 seconds.

Description: Set the ARP aging time

Example:

Set the ARP aging time to 600 seconds
Switch # configure
Switch(config)# arp timeout 600

Add static ARP address

Command:

1. arp ABCD A:B:C:D:E:F
2. arp ABCD A:B:C:D:E:F vlan vlan-id

Mode: global configuration mode

Parameter:

Parameter	Description
ABCD	IP address , the format is ABCD such as 192.168.1.100
A:B:C:D:E:F	MAC address, the format is A:B:C:D:E:F, such as 00:00:00:00:00:00
vlan-id	VLAN ID, an integer ranging from 1 to 4094

Description:

1. arp ABCD A:B:C:D:E:F : Add A RP address, no VLAN specified , default added to VLAN 1
2. arp ABCD A:B:C:D:E:F vlan vlan-id : add A RP address to the specified VLAN

Example:

Switch # configure
Switch(config)# arp 192.168.60.100 00:00:00:00:00:18
Switch(config)# arp 10.1.1.10 00:00:00:00:00:10 vlan 10

Delete static ARP address

Command:

1. no arp A.B.C.D
2. no arp A.B.C.D vlan vlan-id

Mode: global configuration mode

Parameter:

Parameter	Description
ABCD	IP address, the format is A.B.C.D , such as 192.168.1.100
vlan-id	VLAN ID, an integer ranging from 1 to 4094

Description:

1. no arp A.B.C.D : Delete the specified ARP address
2. no arp A.B.C.D vlan vlan-id : delete the ARP address of the specified VLAN

Example:

Switch # configure
Switch(config)# no arp 192.168.60.10
Switch(config)# no arp 10.1.1.10 vlan 10

Set the ARP address capacity

Command: arp cache capacity

Mode: global configuration mode

Parameter:

Parameter	Description
Capacity	ARP table capacity, the value range is 79 -512 Note : Different models have different specifications , for example, the maximum capacity of GWN7801 is 512

Description: Specify ARP capacity

Example:

Set the ARP capacity to 79
Switch # configure
Switch(config)# arp cache 79

Unset the ARP address capacity

Command: no arp cache

Mode: global configuration mode

Parameter: none

Description: Unset the ARP address capacity

Example:

Switch # configure
Switch(config)# no arp cache

View ARP entries

Command:

1. show arp
2. show arp configuration
3. show arp ip-address A.B.C.D
4. show arp mac-address A:B:C:D:E:F
5. show arp vlan vlan-id

Mode: privileged EXEC mode

Parameter:

Parameter	Description
A.B.C.D	ARP address aging time, the value range is 15-21600 seconds, the default is 1200 seconds
A:B:C:D:E:F	MAC address
vlan-id	VLAN ID, an integer ranging from 1 to 4094

Description: View ARP entries

Example:

Switch # show arp

Neighbor found

View neighbor table

Command: show ipv6 neighbors

Mode: privileged EXEC mode

Parameter: none

Description: view neighbor table

Example:

Switch # show ipv6 neighbors
VLAN Interface IPv6 address HW address Status Router State Aging time Interface
-------------------------------------------------- ------- ------------------ ---------- ------ --------- - ----------- ----------
VLAN 1 11::3 00:00:00:00:00:25 Static No NULL
VLAN 1 fe80::c274:adff:fe23:adb0 c0:74:ad:23:ad:b0 Static No 1/0/7
VLAN 1 11::5 00:00:00:00:00:09 Static No NULL

Total number of entries: 3

Add a static neighbor entry

Command: ipv6 neighbor ipv6-addr vlan [vlan interface number] [mac address]

Mode: global configuration mode

Parameter:

Parameter	Description
ipv6-addr	Neighbor IPv6 address
vlan interface number	VLAN interface ID
mac address	neighbor MAC address

Description: Add a static neighbor entry

Example:

Add a neighbor entry with IPv6 address 11::2, VLAN 1 , and MAC address 00 : 00: 00:00:00:02
Switch #config
Switch(config)# ipv6 neighbor 11::2 vlan 1 00:00:00:00:00:02

Delete static neighbor entries

Command: no ipv6 neighbor ipv6-addr vlan [vlan interface number] [mac address]

Mode: global configuration mode

Parameter:

Parameter	Description
ipv6-addr	Neighbor IPv6 address
vlan interface number	VLAN interface ID
mac address	neighbor MAC address

Description: Delete static neighbor entries

Example:

Delete the neighbor entry with IPv6 address 11::2, VLAN 1 , and MAC address 00 : 00: 00:00:00:02
Switch(config)# no ipv6 neighbor 11::2 vlan 1 00:00:00:00:00:02

DNS

Enable the DNS function

Command: ip domain lookup

Mode: global configuration mode

Parameter: none

Description: Enable the DNS function

Example:

Switch # config
Switch (config)# ip domain lookup

Turn off the DNS function

Command: no ip domain lookup

Mode: global configuration mode

Parameter: none

Description: Turn off the DNS function

Example:

Switch # config
Switch(config)# no ip domain lookup

Add domain extension

Command: ip domain suffix suffix_name

Mode: global configuration mode

Parameter:

Parameter	Description
suffix_name	Domain name suffix , 1-64 characters , support numbers, letters and special characters._ –

Description: Add domain extension

Example:

Add the domain name suffix of com
Switch # config
Switch(config)# ip domain suffix com

Delete domain extension

Command: no ip domain suffix suffix_name

Mode: global configuration mode

Parameter:

Parameter	Description
suffix_name	Domain name suffix , 1-64 characters , support numbers, letters and special characters._ –

Description: delete domain extension

Example:

Remove com domain name suffix
Switch # config
Switch ( config)# no ip domain suffic com

Add DNS server

Command: ip name-server A.B.C.D/ X:X::X:X

Mode: global configuration mode

Parameter:

Parameter	Description
A.B.C.D	IPv4 DNS server
X:X::X:X	IPv6 DNS server

Description: Add DNS server

Example:

Add DNS server of 114.114.114.114
Switch # config
Switch(confgi)# ip name-server 114.114.114.114

Delete DNS server

Command: no ip name-server A.B.C.D/ X:X::X:X

Mode: global configuration mode

Parameter:

Parameter	Description
A.B.C.D	IPv4 DNS server
X:X::X:X	IPv6 DNS server

Description: delete DNS server

Example:

the DNS server for 114.114.114.114
Switch # config
Switch(config)# no ip name-server 114.114.114.114

Add a static domain name

Command: ip host HOSTNAME A.B.C.D/X:X::X:X

Mode: global configuration mode

Parameter:

Parameter	Description
HOSTNAME	Host name , 1-191 characters , support numbers, letters and special characters._ –
ABCD	IPv4 address
X:X::X:X	IPv6 address

Description: Add a static domain name

Example:

Add a static domain name with host name www.test.com and IP address 192.168.1.1
Switch # config
Switch (config)# ip host www.test.com 192.168.1.1

Delete static domain name

Command: no ip host HOSTNAM

Mode: global configuration mode

Parameter:

Parameter	Description
HOSTNAME	Host name , 1-191 characters , support numbers, letters and special characters._ –

Description: delete static domain name

Example:

Delete the static domain name with hostname www.test.com
Switch # config
Switch(config)# no ip host www.test.com

View DNS configuration

Command: show hosts

Mode: privileged EXEC mode

Parameter: none

Description: View DNS configuration

Example:

Switch# show host

View static domain name mapping table

Command: show dns static-map

Mode: privileged EXEC mode

Parameter: none

Description: View static domain name mapping table

Example:

Switch# show dns static-map 

View dynamic domain name mapping table

Command: show dns dynamic-map

Mode: privileged EXEC mode

Parameter: none

Description: View dynamic domain name mapping table

Example:

Switch# show dns dynamic-map

MULTICAST

IGMP Snooping

IGMP Snooping global configuration

• Enable/disable IGMP Snooping

Command:

1. ip igmp snooping
2. no ip igmp snooping

Mode: global configuration mode

Parameter: none

Description: Enable/disable the global IGMP Snooping function

Example:

Switch(config)# ip igmp snooping

• Multicast Forwarding Mode

Command: ip igmp snooping forward-method ( dip|mac )

Mode: global configuration mode

Parameter:

Parameter	Description
dip	IP -based multicast forwarding mode
mac	based multicast forwarding mode

Description: Set the multicast forwarding mode, the default is based on MAC

Example:

Switch(config)# ip igmp snooping forward-method mac

• Enable/disable packet suppression

Command:

1. ip igmp snooping report-suppression
2. no ip igmp snooping report-suppression

Mode: global configuration mode

Parameter: none

Description: Enable/disable message suppression function

Example:

Switch(config)# ip igmp snooping report-suppression

• IGMP version

Command: ip igmp snooping version (2|3)

Mode: global configuration mode

Parameter:

Parameter	Description
version (2|3)	Global IGMP running version, including IGMPv2 and IGMPv3

Description: running version of IGMP

Example:

Switch(config)# ip igmp snooping version 2

• Unknown multicast packet

Command: ip igmp snooping unknown-multicast action (drop|flood|router-port)

Mode: global configuration mode

Parameter:

Parameter	Description
(drop|flood|router-port)	method of unknown multicast packets

Description: Set the processing method for unknown multicast packets

Example:

Switch(config)# ip igmp snooping unknown-multicast action drop

• View IGMP Snooping

Command: show ip igmp snooping

Mode: privileged EXEC mode

Parameter: none

Description: View Global IGMP Snooping Settings

Example:

Switch# show ip igmp snooping

Configure IGMP Snooping in a specified VLAN

• VLAN selection

Command:

1. ip igmp snooping vlan <VLAN-LIST>
2. no ip igmp snooping vlan VLAN-LIST

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN, the value range is 1-4094 , it can be a single VLAN or multiple VLANs

Description: Select VLAN to enable IGMP Snooping function

Example:

Switch(config)# ip igmp snooping vlan 1

• Port fast leave

Command:

1. ip igmp snooping vlan VLAN-LIST immediate-leave
2. no ip igmp snooping vlan VLAN-LIST immediate-leave

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN, the value range is 1-4094 , it can be a single VLAN or multiple VLANs

Description: Set the port fast leave function in the specified VLAN

Example:

Switch(config)# ip igmp snooping vlan 1 immediate-leave

• Last Member Query Counter

Command: ip igmp snooping vlan VLAN-LIST last-member-query-count count

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN, the value range is 1-4094 , it can be a single VLAN or multiple VLANs
count	number of last member queries , an integer ranging from 1 to 7 , the default is 2

Description: Set the last member query count

Example:

Switch(config)# ip igmp snooping vlan 1 last-member-query-count 3

• Last member query interval

Command: ip igmp snooping vlan VLAN-LIST last-member-query-interval interval

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN, the value range is 1-4094 , it can be a single VLAN or multiple VLANs
interval	The last member query interval, an integer ranging from 1 to 25 , the default is 1

Description: Set the last member query interval

Example:

Switch(config)# ip igmp snooping vlan 1 last-member-query-interval 20

• Query interval

Command: ip igmp snooping vlan VLAN-LIST query-interval interval

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN, the value range is 1-4094 , it can be a single VLAN or multiple VLANs
interval	Query interval , an integer ranging from 30 to 18000 , the default is 125

Description: Set query interval

Example:

Switch(config)# ip igmp snooping vlan 1 query-interval 111

• Query maximum response time

Command: ip igmp snooping vlan VLAN-LIST response-time time

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN, the value range is 1-4094 , it can be a single VLAN or multiple VLANs
time	Query the maximum response time, an integer ranging from 5 to 20 , the default is 10

Description: Set query maximum response time

Example:

Switch(config)# ip igmp snooping vlan 1 response-time 15

• Query Robustness

Command: ip igmp snooping vlan VLAN-LIST robustness-variable robustness

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN, the value range is 1-4094 , it can be a single VLAN or multiple VLANs
robustness	Query robustness , an integer ranging from 1 to 7 , default 2

Description: Set query robustness

Example:

Switch(config)# ip igmp snooping vlan 1 robustness-variable 5

• Routing port automatic learning

Command:

1. ip igmp snooping vlan VLAN-LIST router learnpim-dvmrp
2. no ip igmp snooping vlan VLAN-LIST router learnpim-dvmrp

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN, the value range is 1-4094 , it can be a single VLAN or multiple VLANs

Description: Enable/disable the automatic learning function of the routing port on the specified VLAN

Example:

Switch(config)# ip igmp snooping vlan 1 router learn pim-dvmrp

• View VLAN IGMP Snooping configuration

Command: show ip igmp snooping vlan VLAN-LIST

Mode: privileged EXEC mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN, the value range is 1-4094 , it can be a single VLAN or multiple VLANs

Description:

View the IGMP Snooping configuration information of a specified VLAN. If not specified , the IGMP Snooping configuration information of all VLANs will be viewed by default.

Example:

Switch(config)# do show ip igmp snooping vlan 1

• View IGMP Snooping querier information

Command: show ip igmp snooping querier

Mode: privileged EXEC mode

Parameter: none

Description: Display IGMP Snooping querier information for all VLANs

Example:

Switch# show ip igmp snooping querier

VID | State | Status | Version | Querier IP
------+----------+------------+---------+--------- ---
1 | Disabled | Non-Querier | No | -----------

Total Entry 1

IGMP Snooping querier related configuration

• IGMP Snooping querier running version

Command:

1. ip igmp snooping vlan VLAN-LIST query version (2|3)
2. no ip igmp snooping vlan VLAN-LIST queryer

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	range is 1-4094 , it can be a single VLAN or multiple VLANs
version (2|3)	of the IGMP Snooping querier, including IGMPv2 and IGMPv3

Description: Set the IGMP Snooping querier switch and running version of the specified VLAN

Example:

Switch(config)# ip igmp snooping vlan 1 querier version 2

• IGMP Snooping querier IP address

Command: ip igmp snooping vlan VLAN-LIST query version (2|3) ip ip-addr

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	range is 1-4094 , it can be a single VLAN or multiple VLANs
version (2|3)	of the IGMP Snooping querier, including IGMPv2 and IGMPv3
ip-addr	Querier IP address , if not set, the VLAN interface IPv4 address will be used

Description: Set the IGMP Snooping querier switch , running version , and IP address of the specified VLAN

Example:

Switch(config)# ip igmp snooping vlan 1 querier version 2 ip 192.168.0.254

• View IGMP Snooping querier information

Command: show ip igmp snooping querier

Mode: privileged EXEC mode

Parameter: none

Description: Display IGMP Snooping querier information for all VLANs

Example:

Switch# show ip igmp snooping querier

VID | State | Status | Version | Querier IP
------+----------+------------+---------+--------- ---
1 | Disabled | Non-Querier | No | -----------

Total Entry 1

IGMP Routing port configuration

• Disable routed ports

Command: ip igmp snooping vlan VLAN-LIST forbidden-router-port (Ethernet|LAG) <1-10>

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN, the value range is 1-4094 , it can be a single VLAN or multiple VLANs
(Ethernet|LAG) <1-10>	Switch ports, including Ethernet ports , optical ports, and aggregation ports

Description: Set the disabled routing port on the specified VLAN, which will not forward the received query message.

Example:

Switch(config)# ip igmp snooping vlan 1 forbidden-router-port Ethernet 1/0/3-1/0/4

• Static route port

Command: ip igmp snooping vlan VLAN-LIST static-router-port (Ethernet|LAG) <1-10>

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN, the value range is 1-4094 , it can be a single VLAN or multiple VLANs
(Ethernet|LAG) <1-10>	Switch ports, including Ethernet ports , optical ports, and aggregation ports

Description: Set the static routing port on the specified VLAN , and all query packets will be forwarded to this port

Example:

Switch(config)# ip igmp snooping vlan 1 static-router-port Ethernet 1/0/5-1/0/6

• Show routing port

Command: do show ip igmp snooping router [(dynamic | forbidden |static)]

Mode: global configuration mode

Parameter:

Parameter	Description
(dynamic | forbidden |static)	Routing port type, including dynamic routing port, disabled routing port and static routing port

Description: View routing ports, you can specify to view dynamic, disabled or static. If not specified , all types of routing ports will be viewed by default

Example:

Switch(config)# do show ip igmp snooping router

Multicast group address configuration

• Static multicast address

Command:

1. ip igmp snooping vlan VLAN-LIST static-group [<ip-add>] interfaces (Ethernet|LAG) <1-10>
2. no ip igmp snooping vlan VLAN-LIST static-group [<ip-add>] interfaces (Ethernet|LAG) <1-10>

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN, the value range is 1-4094 , it can be a single VLAN or multiple VLANs
ip-add	IPv4 multicast address , expressed in dotted decimal notation
(Ethernet|LAG) <1-10>	Switch ports, including Ethernet ports , optical ports, and aggregation ports

Description: /delete static multicast group address on specified VLAN

Example:

Switch(config)# ip igmp snooping vlan 1 static-group 224.1.1.1 interfaces Ethernet 1/0/3

• Set the multicast entry of the specified multicast source address

Command: ip igmp snooping group [multicast ipv4-address] filter [ipv4-address]

Mode: global configuration mode

Parameter:

Parameter	Description
multicast ipv4-address	Multicast IPv4 address
ipv4-address	Specifies the IPv4 address of the multicast source

Description:

Set the multicast entry of the specified multicast source address

Prerequisite : The global IGMP version must be enabled as IGMPv3

Example:

Switch(config)# ip igmp snooping group 225.1.1.2 filter 192.168.70.1

• Show multicast group address

Command: show ip igmp snooping groups [(dynamic |static)]

Mode: privileged EXEC mode

Parameter:

Parameter	Description
(dynamic | static)	Multicast group address type, including dynamic multicast group address and static multicast group address

Description: View multicast group address, you can specify to view dynamic or static multicast group address. If not specified , all types of multicast group addresses will be viewed by default

Example:

Switch(config)# show ip igmp snooping groups

• Show multicast forwarding information

Command: show ip igmp snooping forward-all [vlan VLAN-LIST]

Mode: privileged EXEC mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN, the value range is 1-4094 , it can be a single VLAN or multiple VLANs

Description: View the multicast forwarding information of the specified VLAN . If not specified , the multicast forwarding information of all VLANs will be displayed by default

Example:

Switch# show ip igmp snooping forward-all

IGMP Snooping VLAN : 1
IGMP Snooping static port : None
IGMP Snooping forbidden port : None

Multicast policy configuration

• Add/Remove Multicast Policy

Command:

1. ip igmp profile <1-128>
2. no ip igmp profile <1-128>

Mode: global configuration mode

Parameter:

Parameter	Description
<1-128>	Multicast Policy ID

Description: Add/Remove Multicast Policy

Example:

Switch(config)# ip igmp profile 1

• Edit Multicast Policy

Command: profile range ip <ip-addr> [ip-addr] action (permit|deny)

Mode: IGMP policy configuration mode

Parameter:

Parameter	Description
<ip-addr>	IP v4 multicast start address
[ip-addr]	IPv4 multicast end address
(permit|deny)	multicast policy on the specified packet includes allow and deny

Description: Configure Multicast Policy

Example:

Switch(config-igmp-profile)# profile range ip 224.1.1.1 224.1.1.8 action permit

• Show multicast policy

Command: show ip igmp profile

Mode: IGMP policy configuration mode

Parameter: none

Description: View multicast policy

Example:

Switch(config-igmp-profile)# show ip igmp profile

• Bind/unbind multicast policy

Command:

1. ip igmp filter <1-128>
2. no ip igmp filter

Mode: interface configuration mode

Parameter:

Parameter	Description
<1-128>	Multicast Policy ID

Description: Interface binding/unbinding multicast policy

Example:

Switch(config)# interface Ethernet 1/0/1
Switch(config-if)# ip igmp filter 1

• Show the existing port multicast policy configuration

Command: do show ip igmp filter [interfaces IF_PORTS]

Mode: interface configuration mode

Parameter:

Parameter	Description
interfaces IF_PORTS	Designated interfaces , including Ethernet interfaces, optical interfaces, and aggregation interfaces

Description: Check the existing port multicast policy configuration . If no port is specified , the multicast policy configuration of all ports will be displayed by default

Example:

Switch(config-if)# do show ip igmp filter
Switch(config-if)# do show ip igmp filter interfaces Ethernet 1/0/1

Maximum Multicast Group Configuration

• Maximum number of multicast groups

Command: ip igmp max-groups <0-256>

Mode: interface configuration mode

Parameter:

Parameter	Description
<0-256>	maximum number of multicast groups , the value range is an integer from 0 to 256 , and the default is 256 Set to 0, which means no limit

Description: Set the maximum number of multicast groups on the port

Example:

Switch(config-if)# ip igmp max-groups 10

• Operation exceeded

Command: ip igmp max-groups action (deny|replace)

Mode: interface configuration mode

Parameter:

Parameter	Description
(deny|replace)	The operation after the maximum number of multicast groups is exceeded , supports rejection and replacement

Description: Set the operation after the maximum number of multicast groups is exceeded, which is rejected by default

Example:

Switch(config-if)# ip igmp max-groups action replace

• Show the maximum number of multicast groups

Command: do show ip igmp max-group [interfaces IF_PORTS]

Mode: interface configuration mode

Parameter:

Parameter	Description
interfaces IF_PORTS	Designated interfaces , including Ethernet interfaces, optical interfaces, and aggregation interfaces

Description: Check the maximum number of multicast groups on the specified interface. If not specified , the maximum number of multicast groups of all interfaces will be displayed by default

Example:

Switch(config-if)# do show ip igmp max-group
Switch(config-if)# do show ip igmp max-group interfaces Ethernet 1/0/1

• View Exceeded Maximum Group Operations

Command: do show ip igmp max-group action [interfaces IF_PORTS]

Mode: interface configuration mode

Parameter:

Parameter	Description
interfaces IF_PORTS	Designated interfaces , including Ethernet interfaces, optical interfaces, and aggregation interfaces

Description: Check the operation of the specified interface exceeding the maximum multicast number . If not specified , the operation of all interfaces exceeding the maximum multicast number will be displayed by default

Example:

Switch(config-if)# do show ip igmp max-group action
Switch(config-if)# do show ip igmp max-group action interfaces Ethernet 1/0/1

Clear operation

• Clear multicast group address

Command: clear ip igmp snooping groups [(dynamic |static)]

Mode: privileged EXEC mode

Parameter:

Parameter	Description
(dynamic|static)	Multicast group address type, including dynamic multicast address and static multicast address

Description: Specify the type of multicast group address to be cleared, including dynamic multicast address and static multicast address. If not specified , all multicast group addresses will be cleared by default

Example:

Switch# clear ip igmp snooping groups
Switch# show ip igmp snooping groups

VLAN | Group IP Address | Type | Life(Sec) |
-----+------------------+------+-----------+-----

Total Number of Entry = 0

• Clear all statistics

Command: clear ip igmp snooping statistics

Mode: privileged EXEC mode

Parameter: none

Description: Clear IGMP statistics information

Example:

Switch# clear ip igmp snooping statistics
Switch# show ip igmp snooping

IGMP Snooping Status
--------------------

Snooping : Enabled
Report Suppression : Disabled
Operation Version: v2
Forward Method : mac
Unknown IP Multicast Action : Flood


Packet Statistics
Total RX : 0
Valid RX : 0
Invalid RX : 0
Other RX : 0
Leave RX : 0
Report RX : 0
General Query RX : 0
Specail Group Query RX : 0
Specail Group & Source Query RX : 0
Leave TX : 0
Report TX : 0
General Query TX : 0
Specail Group Query TX : 0
Specail Group & Source Query TX : 0

MLD Snooping

MLD snooping global configuration

• Enable/disable MLD Snooping

Command:

1. ipv6 mld snooping
2. no ipv6 mld snooping

Mode: global configuration mode

Parameter: none

Description: Enable/disable the global MLD snooping function

Example:

Switch(config)# ipv6 mld snooping

• Multicast forwarding mode

Command: Ipv6 mld snooping forward-method ( dip|mac )

Mode: global configuration mode

Parameter:

Parameter	Description
dip	IP -based multicast forwarding mode
mac	based multicast forwarding mode

Description: Set the multicast forwarding mode, the default is based on MAC

Example:

Switch(config)# ipv6 mld snooping forward-method mac

• Enable/disable packet suppression

Command:

1. ipv6 mld snooping report-suppression
2. no ipv6 mld snooping report-suppression

Mode: global configuration mode

Parameter: none

Description: Enable/disable message suppression function

Example:

Switch(config)# ipv6 mld snooping report-suppression

• MLD version

Command: Ipv6 mld snooping version (1|2)

Mode: global configuration mode

Parameter:

Parameter	Description
version (1|2)	Global MLD running version, including MLDv1 and MLD v2

Description: Set the MLD running version

Example:

Switch(config)# ipv6 mld snooping version 2

• Unknown multicast packet

Command: Ipv6 mld snooping unknown-multicast action (drop|flood|router-port)

Mode: global configuration mode

Parameter:

Parameter	Description
(drop|flood|router-port)	method of unknown multicast packets

Description: Set the processing method for unknown multicast packets

Example:

Switch(config)# ipv6 mld snooping unknown-multicast action drop

• View MLD Snooping

Command: show ipv6 mld snooping

Mode: privileged EXEC mode

Parameter: none

Description: View global MLD snooping settings

Example:

Switch(config)# show ip v6 mld snooping

Configure MLD snooping in a specified VLAN

• VLAN selection

Command:

1. ipv6 mld snooping vlan VLAN-LIST
2. no ipv6 mld snooping vlan VLAN-LIST

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN, the value range is 1-4094 , it can be a single VLAN or multiple VLANs

Description: Select VLAN to enable MLD Snooping function

Example:

Switch(config)# ipv6 mld snooping vlan 1

• Port fast leave

Command:

1. ipv6 mld snooping vlan VLAN-LIST immediate-leave
2. no ipv6 mld snooping vlan VLAN-LIST immediate-leave

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN, the value range is 1-4094 , it can be a single VLAN or multiple VLANs

Description: Set the port fast leave function in the specified VLAN

Example:

Switch(config)# ipv6 mld snooping vlan 1 immediate-leave

• Last Member Query Counter

Command: Ipv6 mld snooping vlan VLAN-LIST last-member-query-count count

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN, the value range is 1-4094 , it can be a single VLAN or multiple VLANs
count	number of last member queries , an integer ranging from 1 to 7 , the default is 2

Description: Set the last member query count

Example:

Switch(config)# ipv6 mld snooping vlan 1 last-member-query-count 3

• Last Member query interval

Command: Ipv6 mld snooping vlan VLAN-LIST last-member-query-interval interval

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN, the value range is 1-4094 , it can be a single VLAN or multiple VLANs
interval	The last member query interval, an integer ranging from 1 to 25 , the default is 1

Description: Set the last member query interval

Example:

Switch(config)# ipv6 mld snooping vlan 1 last-member-query-interval 20

• Query interval

Command: Ipv6 mld snooping vlan VLAN-LIST query-interval interval

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN, the value range is 1-4094 , it can be a single VLAN or multiple VLANs
interval	Query interval , an integer ranging from 30 to 18000 , the default is 125

Description: Set query interval

Example:

Switch(config)# ipv6 mld snooping vlan 1 query-interval 111

• Query maximum response time

Command: Ipv6 mld snooping vlan VLAN-LIST response-time time

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN, the value range is 1-4094 , it can be a single VLAN or multiple VLANs
time	Query the maximum response time, an integer ranging from 5 to 20 , the default is 10

Description: Set query maximum response time

Example:

Switch(config)# ipv6 mld snooping vlan 1 response-time 15

• Query Robustness

Command: Ipv6 mld snooping vlan VLAN-LIST robustness-variable robustness

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN, the value range is 1-4094 , it can be a single VLAN or multiple VLANs
robustness	Query robustness , an integer ranging from 1 to 7 , default 2

Description: Set query robustness

Example:

Switch(config)# ipv6 mld snooping vlan 1 robustness-variable 5

• Routing port automatic learning

Command:

1. ipv6 mld snooping vlan VLAN-LIST router learnpim-dvmrp
2. no ipv6 mld snooping vlan VLAN-LIST router learnpim-dvmrp

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN, the value range is 1-4094 , it can be a single VLAN or multiple VLANs

Description: Enable/disable the automatic learning function of the routing port on the specified VLAN

Example:

Switch(config)# ipv6 mld snooping vlan 1 router learn pim-dvmrp

• Show the MLD Snooping configuration of a VLAN

Command: show ipv6 mld snooping vlan VLAN-LIST

Mode: privileged EXEC mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN, the value range is 1-4094 , it can be a single VLAN or multiple VLANs

Description: View the MLD snooping configuration information of a specified VLAN. If not specified , the MLD Snooping configuration information of all VLANs will be viewed by default.

Example:

Switch(config)# do show ipv6 mld snooping vlan 1

MLD Snooping querier related configuration

• MLD Snooping querier running version

Command:

1. ipv6 mld snooping vlan VLAN-LIST querier version (1|2)
2. no ipv6 mld snooping vlan VLAN-LIST querier

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	range is 1-4094 , it can be a single VLAN or multiple VLANs
version (1|2)	MLD Snooping querier running version, including MLD v 1 and MLDv2

Description: Set the MLD Snooping querier switch and running version of the specified VLAN

Example:

Switch(config)# ipv6 mld snooping vlan 1 querier version 1

• MLD Snooping querier IP address

Command: ipv6 mld snooping vlan VLAN-LIST query version (1|2) ip ipv6-addr

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	range is 1-4094 , it can be a single VLAN or multiple VLANs
version (1|2)	MLD Snooping querier running version, including MLDv 1 and MLDv2
Ipv6-addr	Querier IPv6 address , if not set, the VLAN interface IPv6 address will be used

Description: Set the MLD Snooping querier switch , running version , and IPv6 address of the specified VLAN

Example:

Switch(config)# ipv6 mld snooping vlan 1 querier version 2 ipv6 c0a8:fe:0:18::

• View MLD Snooping Querier Information

Command: show ipv6 mld snooping querier

Mode: privileged EXEC mode

Parameter: none

Description: Display MLD snooping querier information for all VLANs

Example:

Switch# show ipv6 mld snooping querier

VID | State | Status | Version | Querier IP
------+----------+------------+---------+--------- ---
1 | Disabled | Non-Querier | No | -----------

Total Entry 1

MLD Routing port configuration

• Disable routed ports

Command: ipv6 mld snooping vlan VLAN-LIST forbidden-router-port (Ethernet|LAG) <1-10>

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN, the value range is 1-4094 , it can be a single VLAN or multiple VLANs
(Ethernet|LAG) <1-10>	Switch ports, including Ethernet ports , optical ports, and aggregation ports

Description: Set the disabled routing port on the specified VLAN , which will not forward the received query message

Example:

Switch(config)# ipv6 mld snooping vlan 1 forbidden-router-port Ethernet 1/0/3-1/0/4

• Static router port

Command: Ipv6 mld snooping vlan VLAN-LIST static-router-port (Ethernet|LAG) <1-10>

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN, the value range is 1-4094 , it can be a single VLAN or multiple VLANs
(Ethernet|LAG) <1-10>	Switch ports, including Ethernet ports , optical ports, and aggregation ports

Description: Set the static routing port on the specified VLAN , and all query packets will be forwarded to this port

Example:

Switch(config)# ipv6 mld snooping vlan 1 static-router-port Ethernet 1/0/5-1/0/6

• Show routing port

Command: do show ipv6 mld snooping router [(dynamic | forbidden |static)]

Mode: global configuration mode

Parameter:

Parameter	Description
(dynamic | forbidden |static)	Routing port type, including dynamic routing port, disabled routing port and static routing port

Description: View routing ports, you can specify to view dynamic, disabled or static. If not specified , all types of routing ports will be viewed by default.

Example:

Switch(config)# do show ipv6 mld snooping router

MLD Multicast group address

• Static multicast address

Command:

1. ipv6 mld snooping vlan VLAN-LIST static-group [<ipv6-add>] interfaces (Ethernet|LAG) <1-10>
2. no ipv6 mld snooping vlan VLAN-LIST static-group [<ipv6-add>] interfaces (Ethernet|LAG) <1-10>

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN, the value range is 1-4094 , it can be a single VLAN or multiple VLANs
ipv6-add	IPv6 multicast address _
(Ethernet|LAG) <1-10>	Switch ports, including Ethernet ports , optical ports, and aggregation ports

Description: /delete static multicast group address on specified VLAN

Example:

Switch(config)# ipv6 mld snooping vlan 1 static-group ff13::1 interfaces Ethernet 1/0/3

• Show multicast group address

Command: do show ipv6 mld snooping groups [(dynamic |static)]

Mode: privileged EXEC mode

Parameter:

Parameter	Description
(dynamic | static)	Multicast group address type, including dynamic multicast group address and static multicast group address

Description: View multicast group address, you can specify to view dynamic or static multicast group address. If not specified , all types of multicast group addresses will be viewed by default

Example:

Switch(config)# do show ipv6 mld snooping groups

• Show multicast forwarding information

Command: show ipv6 mld snooping forward-all [vlan VLAN-LIST]

Mode: privileged EXEC mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN, the value range is 1-4094 , it can be a single VLAN or multiple VLANs

Description: View the multicast forwarding information of the specified VLAN . If not specified , the multicast forwarding information of all VLANs will be displayed by default

Example:

Switch# show ipv6 mld snooping forward-all

MLD Snooping VLAN : 1
MLD Snooping static port : None
MLD Snooping forbidden port : None

MLD Multicast policy configuration

• Add/Remove multicast policy

Command:

1. ipv6 mld profile <1-128>
2. no ipv6 mld profile <1-128>

Mode: global configuration mode

Parameter:

Parameter	Description
<1-128>	Multicast Policy ID

Description: Add/Remove Multicast Policy

Example:

Switch(config)# ipv6 mld profile 1

• Edit Multicast policy

Command: profile range ipv6 [ipv6-addr] action (permit|deny)

Mode: MLD policy configuration mode

Parameter:

Parameter	Description
<ipv6-addr>	IP v6 multicast start address
[ip v6-addr]	IPv6 multicast end address
(permit|deny)	multicast policy on the specified packet includes allow and deny

Description: Configure Multicast Policy

Example:

Switch(config-igmp-profile)# profile range ipv6 ff13::1 ff13::10 action permit

• Show multicast policy

Command: show ipv6 mld profile

Mode: MLD policy configuration mode

Parameter: none

Description: View multicast policy

Example:

Switch(config-igmp-profile)# show ip igmp profile

• Bind/unbind multicast policies

Command:

1. ip igmp filter <1-128>
2. no ip igmp filter

Mode: interface configuration mode

Parameter:

Parameter	Description
<1-128>	Multicast Policy ID

Description: Interface binding/unbinding multicast policy

Example:

Switch(config)# interface Ethernet 1/0/1
Switch(config-if)# ipv6 mld filter 1

• View the existing port multicast policy configuration

Command: do show ipv6 mld filter [interfaces IF_PORTS]

Mode: interface configuration mode

Parameter:

Parameter	Description
interfaces IF_PORTS	Designated interfaces , including Ethernet interfaces, optical interfaces, and aggregation interfaces

Description: Check the existing port multicast policy configuration . If no port is specified , the multicast policy configuration of all ports will be displayed by default

Example:

Switch(config-if)# do show ipv6 mld filter
Switch(config-if)# do show ipv6 mld filter interfaces Ethernet 1/0/1

MLD Maximum multicast group configuration

• Maximum number of multicast groups

Command: ipv6 mld max-groups <0-256>

Mode: interface configuration mode

Parameter:

Parameter	Description
<0-256>	maximum number of multicast groups , the value range is an integer from 0 to 256 , and the default is 256 Set to 0, which means no limit

Description: Set the maximum number of multicast groups on the port

Example:

Switch(config-if)# ipv6 mld max-groups 10

• Operation exceeded

Command: ipv6 mld max-groups action (deny|replace)

Mode: interface configuration mode

Parameter:

Parameter	Description
(deny|replace)	The operation after the maximum number of multicast groups is exceeded , supports rejection and replacement

Description: Set the operation after the maximum number of multicast groups is exceeded, which is rejected by default

Example:

Switch(config-if)# ipv6 mld max-groups action replace

• Show the maximum number of multicast groups

Command: do show ipv6 mld max-group [interfaces IF_PORTS]

Mode: interface configuration mode

Parameter:

Parameter	Description
interfaces IF_PORTS	Designated interfaces , including Ethernet interfaces, optical interfaces, and aggregation interfaces

Description: Check the maximum number of multicast groups on the specified interface. If not specified , the maximum number of multicast groups of all interfaces will be displayed by default

Example:

Switch(config-if)# do show ipv6 mld max-group
Switch(config-if)# do show ipv6 mld max-group interfaces Ethernet 1/0/1

• Show Exceeding maximum group operations

Command: do show ipv6 mld max-group action [interfaces IF_PORTS]

Mode: interface configuration mode

Parameter:

Parameter	Description
interfaces IF_PORTS	Designated interfaces , including Ethernet interfaces, optical interfaces, and aggregation interfaces

Description: Check the operation of the specified interface exceeding the maximum multicast number . If not specified , the operation of all interfaces exceeding the maximum multicast number will be displayed by default

Example:

Switch(config-if)# do show ipv6 mld max-group action
Switch(config-if)# do show ipv6 mld max-group action interfaces Ethernet 1/0/1

MLD Clear operation

• Clear multicast group address

Command: clear ipv6 mld snooping groups [(dynamic |static)]

Mode: privileged EXEC mode

Parameter:

Parameter	Description
(dynamic|static)	Multicast group address type, including dynamic multicast address and static multicast address

Description: Specify the type of multicast group address to be cleared, including dynamic multicast address and static multicast address. If not specified , all multicast group addresses will be cleared by default

Example:

Switch# clear ipv6 mld snooping groups
Switch# show ip v6 mld snooping groups

VLAN | Group IP Address | Type | Life(Sec) |
-----+------------------+------+-----------+-----

Total Number of Entry = 0

• Clear all statistics

Command: clear ipv6 mld snooping statistics

Mode: privileged EXEC mode

Parameter: none

Description: Clear MLD statistics information

Example:

Switch# clear ipv6 mld snooping statistics
Switch# show ipv6 mld snooping

MLD Snooping Status
--------------------

Snooping : Disabled
Report Suppression : Disabled
Operation Version: v1
Forward Method : mac
Unknown IPv6 Multicast Action : Flood


Packet Statistics
Total RX : 0
Valid RX : 0
Invalid RX : 0
Other RX : 0
Leave RX : 0
Report RX : 0
General Query RX : 0
Specail Group Query RX : 0
Specail Group & Source Query RX : 0
Leave TX : 0
Report TX : 0
General Query TX : 0
Specail Group Query TX : 0
Specail Group & Source Query TX : 0

ROUTING

Routing table

Check the IPv4 routing table

Command:

1. show ip route
2. show ip route { connected/detail/static}

Mode: privileged EXEC mode

Parameter:

Parameter	Description
{ connected/detail/ static }	Select the route type to view, including direct route, route and static route

Description: View IPv4 routing table

Example:

Switch # show ip route

Check the IPv6 routing table

Command:

1. show ipv6 route
2. show ipv6 route { connected/detail/static}

Mode: privileged EXEC mode

Parameter:

Parameter	Description
{ connected/detail/ static }	Select the route type to view, including direct route, route and static route

Description: View IPv6 routing table

Example:

Switch# show ipv6 route

Static route

IPv4 static routing

• Add IPv4 static route

Command: ip route { Destination prefix [Destination prefix mask]/ Destination prefix and length} { Forwarding router’s address/ interface [vlan <1-4094>] / loopback [<1-1>] / null0 } { preference/ description}

Mode: global configuration mode

Parameter:

Parameter	Description
Destination prefix	Specify the destination address in dotted decimal format
Destination prefix mask	Specify the mask of the destination address, in dotted decimal format
Destination prefix and length	Specify the destination address + mask, the destination address uses dotted decimal format, and the mask length is an integer ranging from 0 to 32
Forwarding router’s address	Specify the next hop address in dotted decimal format
interface [vlan <1-4094>]	Specifies that the outbound interface of the router forwarding packets is a VLAN interface
loopback [<1-1>]	Specify the outbound interface of the router to forward packets as loopback
null0	the specified route forwarding packets is null0
preference	Specify the priority of the route, the value range is an integer from 1 to 255 , the default is 1
description	Used to describe the route, the length ranges from 0 to 31 characters

Description: Add IPv4 static route

Example:

IPv4 static route with destination address 192.168.30.0, mask 24 bits, next hop 192.168.20.1 priority 60
Switch(config)# ip route 192.168.30.0/24 192.168.20.1 preference 60

• Delete IP v4 static route

Command: no ip route { Destination prefix [ Destination prefix mask ]/ Destination prefix and length } { Forwarding router’s address / interface [vlan <1-4094>] / loopback [<1-1>] / null0 }

Mode: global configuration mode

Parameter:

Parameter	Description
Destination prefix	Specify the destination address in dotted decimal format
Destination prefix mask	Specify the mask of the destination address, in dotted decimal format
Destination prefix and length	Specify the destination address + mask, the destination address uses dotted decimal format, and the mask length is an integer ranging from 0 to 32
Forwarding router’s address	Specify the next hop address in dotted decimal format
interface [vlan <1-4094>]	Specifies that the outbound interface of the router forwarding packets is a VLAN interface
loopback [<1-1>]	Specify the outbound interface of the router to forward packets as loopback
null0	the specified route forwarding packets is null0

Description: Delete IPv4 static route

Example:

teIPv4 static route with a destination address of 192.168.30.0, a mask of 24 bits, and a next hop of 192.168.20.1
Switch(config)# no ip route 192.168.30.0/24 192.168.20.1

IPv6 static routing

• Add IPv6 static route

Command: ipv6 route { Destination prefix and length}{ Forwarding router’s address/ interface [vlan <1-4094>] / loopback [<1-1>] / null0 } { preference/ description}

Mode: global configuration mode

Parameter:

Parameter	Description
Destination prefix and length	Specify the destination IPv6 address + mask, the destination address uses hexadecimal format, the mask length is an integer ranging from 1-128
Forwarding router’s address	Specifies the next hop address, in hexadecimal format
interface [vlan <1-4094>]	Specifies that the outbound interface of the router forwarding packets is a VLAN interface
loopback [<1-1>]	Specify the outbound interface of the router to forward packets as loopback
null0	the specified route forwarding packets is null0
preference	Specify the priority of the route, the value range is an integer from 1 to 255 , the default is 1
description	Used to describe the route, the length ranges from 0 to 31 characters

Description: Add IPv6 static route

Example:

IPv6 static route with an destination address of 2023::, a prefix of 64 bits, a next hop of 2001::1, and a priority of 60.
Switch(config)# ipv6 route 2023::/64 2001::1 preference 60

• Delete IP v6 static route

Command: no ip v6 route { Destination prefix and length} { Forwarding router’s address / interface [vlan <1-4094>] / loopback [<1-1>] / null0 }

Mode: global configuration mode

Parameter:

Parameter	Description
Destination prefix and length	Specify the destination IPv6 address + mask, the destination address uses hexadecimal format, and the mask length is an integer ranging from 0 to 32
Forwarding router’s address	Specifies the next hop address, in hexadecimal format
interface [vlan <1-4094>]	Specifies that the outbound interface of the router forwarding packets is a VLAN interface
loopback [<1-1>]	Specify the outbound interface of the router to forward packets as loopback
null0	the specified route forwarding packets is null0

Description: Delete IPv6 static route

Example:

Delete the IPv6 static route whose destination address is 2023::, prefix 64 bits, next hop 2001::1
Switch(config)# no ipv6 route 2023::/64 2001::1

RIP

Global RIP configuration

• Enable/disable global RIP

Command:

1. router rip
2. no router rip

Mode: global configuration mode

Parameter: none

Description: Enable/disable global RIP function

Example:

Enable global RIP function
Switch(config)# router rip

• Configure the RIP version

Command:

1. version (1|2)
2. no version (1|2)

Mode: Global RIP configuration mode

Parameter:

Parameter	Description
1	RIP version 1
2	RIP version 2

Description: Configure the RIP version

Example:

Configure RIP version 2
Switch(config-rip-router)# version 2

• Configure the RIP administrative distance

Command:

1. distance [<1-255>]
2. no distance [<1-255>]

Mode: Global RIP configuration mode

Parameter:

Parameter	Description
<1-255>	Specify the RIP management distance, the default is 120

Description: Configure the RIP administrative distance

Example:

Configure the RIP management distance to 100
Switch(config-rip-router)# distance 100

• Import external routes

Command:

1. import-route (connected|static|ospf) [metric <0-16>]
2. no import-route (connected|static|ospf) [metric <0-16>]

Mode: Global RIP configuration mode

Parameter:

Parameter	Description
connected	Import direct route
ospf	Import OSPF routes
static	import static route
<0-16>	Metrics of imported routes

Description: Import external routes

Example:

Import direct routes with a metric of 10
Switch(config-rip-router)# import-route connected metric 10

• Configure/Cancel Timer

Command:

1. timers <5-2147483647> <5-2147483647> <5-2147483647>
2. no timers <5-2147483647> <5-2147483647> <5-2147483647>
3. no timers

Mode: Global RIP configuration mode

Parameter:

Parameter	Description
<5-2147483647>	Routing table update time ( in seconds) , default 30 seconds
<5-2147483647>	Routing timeout ( in seconds) , default 180 seconds
<5-2147483647>	Garbage route collection time ( in seconds ) , default 120 seconds

Description: Configure/Cancel Timer

Example:

The configuration update time is 30 seconds , the timeout time is 180 seconds , and the garbage route collection time is 120 seconds
Switch(config-rip-router)# no timers 30 180 120

• View RIP global information

Command: show ip rip [status]

Mode: privileged EXEC mode

Parameter: none

Description: View RIP global information

Example:

View global RIP information
Switch # show ip rip status

• View RIP Neighbor Information

Command: show ip rip neighbor

Mode: privileged EXEC mode

Parameter: none

Description: View RIP Neighbor Information

Example:

Switch # show ip rip neighbor

Interface RIP configuration

• Enable/disable VLAN interface RIP

Command:

1. ip rip enable
2. no ip rip enable

Mode: VLAN interface configuration mode

Parameter: none

Description: Enabling /disabling the RIP function of the VLAN interface

Example:

Enable the RIP function of VLAN 1 interface
Switch(config)# interface vlan 1
Switch(config-if)# ip rip enable

• Configure RIP send/receive version

Command:

1. ip rip (send|receive) version (1 | 2 | 1 2)
2. no ip rip (send|receive) version (1 | 2 | 1 2)

Mode: VLAN interface configuration mode

Parameter:

Parameter	Description
send	Specifies to configure the RIP sending version
receive	Specifies to configure the RIP receiving version
1 | 2 | 1 2	Specifies the sending /receiving version number of RIP

Description: Configure RIP send /receive version

Example:

the RIP sending version of VLAN 1 interface as 2
Switch(config-if)# ip rip send version 2

• Enable/disable RIPv2 broadcast

Command:

1. ip rip v2-broadcast
2. no ip rip v2-broadcast

Mode: VLAN interface configuration mode

Parameter: none

Description: Enable/disable the broadcast function of RIPv2

Example:

Enable the RIPv2 broadcast function on the VLAN 1 interface
Switch(config-if)# ip rip v2-broadcast

• Enable/disable interface suppression

Command:

1. ip rip suppress
2. no ip rip suppress

Mode: VLAN interface configuration mode

Parameter: none

Description: Enable/disable interface suppression function

Example:

Enable the suppression function of VLAN 1 interface
Switch(config-if)# ip rip suppress

• Configuring split horizon and poison reverse

Command:

1. ip rip split-horizon [poisoned-reverse]
2. no ip rip split-horizon [poisoned-reverse]

Mode: VLAN interface configuration mode

Parameter: none

Description: Configuring split horizon and poison reverse

Example:

Enable split horizon
Switch(config-if)# ip rip split-horizon

• Configure authentication and keys

Command:

1. ip rip authentication mode (simple|md5)
2. no ip rip authentication mode (simple|md5)
3. ip rip authentication string [AUTH_KEY]
4. no ip rip authentication string [AUTH_KEY]

Mode: VLAN interface configuration mode

Parameter:

Parameter	Description
Simple	Specify the authentication mode as simple authentication
md5	Specify the authentication mode as MD5 authentication
AUTH_KEY	Specify the authentication key , limited to 1-16 characters

Description: Configure authentication and keys

Example:

Set simple authentication for VLAN 1 interface with key 123456
Switch(config-if)# ip rip authentication simple
Switch(config-if)# ip rip authentication string 123456

RIPng

Global RIPng configuration

• Enable/disable global RIPng

Command:

1. router ripng
2. no router ripng

Mode: global configuration mode

Parameter: none

Description: Enable/disable global RIPng function

Example:

Enable global RIPng function
Switch(config)# router ripng

• Configure/Cancel Timer

Command:

1. timers <0-65535> <0-65535> <0-65535>
2. no timers <0-65535> <0-65535> <0-65535>

Mode: Global RIPng configuration mode

Parameter:

Parameter	Description
<0-65535>	Routing table update time (in seconds ), the value range is an integer from 0 to 65535 , and the default is 30 seconds.
<0-65535>	Routing timeout (in seconds ), the value range is an integer from 0 to 65535 , and the default is 180 seconds.
<0-65535>	Garbage route collection time (in seconds ), the value range is an integer from 0 to 65535 , and the default is 120 seconds.

Description: Configure/Unconfigure Timers

Example:

Set the timer , the routing table update time is 300 seconds , the routing timeout time is 1800 seconds, and the garbage routing collection time is 1200 seconds
Switch(config-ripng-router)# timers 300 1800 1200

• Import route

Command:

1. import-route connected (connected|static|ospfv3) [metric <0-16>]
2. no import-route connected (connected|static|ospfv3)[metric <0-16>]

Mode: Global RIPng configuration mode

Parameter:

Parameter	Description
connected|static|ospfv3	Import direct route /static route/OSPFv3
metric <0-16>	The metric value of the imported route, the value range is an integer from 0 to 16

Description: Configure the imported route and set the metric value of the imported route

cancel imported route

Example:

Import the direct route and set the metric value to 3
Switch (config-ripng-router)# import-route connected metric 3

Import OSPFv3 routes and set the metric to 5
Switch(config-ripng-router)# import-route ospfv3 metric 5

Import static routes and set the metric to 6
Switch(config-ripng-router)# import-route static metric 6

• Announce route

Command:

1. router X:X::X:X/<1-128>
2. no router X:X::X:X/<1-128>

Mode: Global RIPng configuration mode

Parameter:

Parameter	Description
X:X::X:X/<1-128>	IPv6 address and prefix length

Description: Declare/delete routes

Example:

advertise route 2001:1011::3126:2003/64
Switch(config-ripng-router)# route 2001:1011::3126:2003/64

• View RIPng Global Information

Command: show ipv6 ripng [status]

Mode: privileged EXEC mode

Parameter: none

Description: View RIPng Global Information

Example:

Switch# show ipv6 ripng status

• Viewing RIPng Neighbor Information

Command: show ipv6 ripng neighbor

Mode: privileged EXEC mode

Parameter: none

Description: Viewing RIPng Neighbor Information

Example:

Switch# show ipv6 ripng neighbor

Interface RIPng Neighbor Information

• Enable/disable VLAN interface RIPng

Command:

1. ipv6 ripng enable
2. no ipv6 ripng enable

Mode: VLAN interface configuration mode

Parameter: none

Description: Enable/disable the RIPng function of the VLAN interface

Example:

Enable the RIPng function on the VLAN 1 interface (prerequisite : first enable the interface IPv6 function and configure an IPv6 global unicast address )
Switch#config
Switch(config)#interface vlan 101
Switch(config-if)#ipv6 enable
Switch(config-if)#ipv6 address 2002::1111/64
Switch(config-if)# ipv6 ripng enable

• Configuring split horizon and poison reverse

Command:

1. ipv6 ripng split-horizon [poisoned-reverse]
2. no ipv6 ripng split-horizon [poisoned-reverse]

Mode: VLAN interface configuration mode

Parameter: none

Description: Configuring split horizon and poison reverse

Example:

Enable split horizon
Switch(config-if)# ipv6 ripng split-horizon

• Enable/disable route suppression

Command:

1. ipv6 ripng suppress
2. no ipv6 ripng suppress

Mode: VLAN interface configuration mode

Parameter: none

Description: Enable/disable route suppression

Example:

Enable route suppression
Switch(config-if)# ipv6 ripng suppress

OSPF

Global OSPF configuration

• Enable/disable global OSPF

Command:

1. router ospf
2. no router ospf

Mode: global configuration mode

Parameter: none

Description: Enabling/disabling the global OSPF function

Example:

Enable the global OSPF function
Switch(config)# router ospf

• Restart the OSPF process

Command: restart router ospf

Mode: global configuration mode

Parameter: none

Description: Restart the OSPF process

Example:

Switch(config)# restart router ospf

• Configure Router ID

Command:

1. router-id ABCD
2. no router-id ABCD
3. no router-id

Mode: Global OSPF configuration mode

Parameter:

Parameter	Description
ABCD	Set the Router ID of the switch, configured in IPv4 address format

Description: Configure Router ID

Example:

Set Router ID to 1.1.1.1
Switch(config)# router ospf
Switch(config-ospf-router)# router-id 1.1.1.1

• Compatible with RFC1583

Command:

1. ospf rfc1583 compatibility
2. no ospf rfc1583 compatibility

Mode: Global OSPF configuration mode

Parameter: none

Description: Compatible with RFC1583

Example:

Switch(config-ospf-router)# ospf rfc1583compatibility

• Opaque LSA

Command:

1. ospf capability opaque
2. no ospf capability opaque

Mode: Global OSPF configuration mode

Parameter: none

Description: Enable the Opaque LSA function

Example:

Switch(config-ospf-router)# ospf capability opaque

• Configuring SPF timers

Command:

1. spf-schedule-interval [<0-600000> <0-600000> <0-600000>]
2. no spf-schedule-interval [<0-600000> <0-600000> <0-600000>]

Mode: Global OSPF configuration mode

Parameter:

Parameter	Description
<0-600000>	Set the waiting time of the SPF timer (in milliseconds ) , the value range is an integer from 0 to 600000 , and the default is 0
<0-600000>	Set the minimum time interval between two S PF timers (in milliseconds ) , the value range is an integer from 0 to 600000 , and the default is 5 0
<0-600000>	Set the maximum time interval between two S PF timers (in milliseconds ) , the value range is an integer from 0 to 600000, and the default is 5 000

Description: Configuring SPF timers

Example:

Set the SPF timer , the waiting time is 50 milliseconds , the minimum time interval is 500 milliseconds , and the maximum time interval is 5000 milliseconds
Switch(config-ospf-router)# spf-schedule-interval 50 500 5000

• Configure LSA transmission delay

Command:

1. timers lsa all [<0-5000>]
2. no timers lsa all [<0-5000>]

Mode: Global OSPF configuration mode

Parameter:

Parameter	Description
<0-5000>	Set the minimum delay time for receiving a new LSA (in milliseconds ) , the value range is an integer from 0 to 5000 , and the default is 5 000

Description: Configure LSA transmission delay time

Example:

Configure the LSA transmission delay time to 50 milliseconds
Switch(config-ospf-router)# timers lsa all 50

• Configure LSA arrival time

Command:

1. timers lsa arrival [<0-600000>]
2. no timers lsa arrival [<0-600000>]

Mode: Global OSPF configuration mode

Parameter:

Parameter	Description
<0-600000>	Set the minimum receiving interval of LSA (in milliseconds ) , the value range is an integer from 0 to 600000 , and the default is 1 000

Description: Configure LSA arrival time

Example:

Set the LSA arrival interval to 2000 milliseconds
Switch(config-ospf-router)# timers lsa arrival 2000

• Turn on/off advertise max metric

Command:

1. max-metric router-lsa administrative
2. no max-metric router-lsa administrative

Mode: Global OSPF configuration mode

Parameter: none

Description: Turn on/off advertise max metric

Example:

Enable Advertise Max Metrics
Switch(config-ospf-router)# max-metric router-lsa administrative

• configure/unset route metric

Command:

1. distance ospf intra-area <1-255> inter-area <1-255> external <1-255>
2. no distance ospf

Mode: Global OSPF configuration mode

Parameter:

Parameter	Description
intra-area <1-255>	Set the route metric value in the area, the default is 110
inter-area <1-255>	Set the routing metric between areas, the default is 110
external <1-255>	Set external routing metric, default 110

Description: configure/unset route metric

Example:

Configure the route metric value. The intra-area route metric value is 10, the inter-area route metric value is 20, and the external route metric value is 30.
Switch(config -ospf-router)# distance ospf intra-area 10 inter-area 20 external 30

• Configure/un-always advertise the default route

Command:

1. default-route-advertise always metric <0-16777214> metric-type (1|2)
2. no default-route-advertise

Mode: Global OSPF configuration mode

Parameter:

Parameter	Description
metric <0-16777214>	Specify the default route metric, default 1
metric-type (1|2)	Specifies the default routing metric type, default type 2

Description: Configure/un -always advertise the default route

Example:

Enable always advertise default route, metric value 10, metric type 1
Switch(config-ospf-router)# default-route-advertise always metric 10 metric-type 1

• Import external routes

Command:

1. import-route (connected|static|rip) [metric <0-16777214> metric-type (1|2)]
2. no import-route (connected|static|rip)

Mode: Global OSPF configuration mode

Parameter:

Parameter	Description
connected|static|rip	Set the imported external route type
metric <0-16777214>	Set the redistributed metric value when importing external routes , default 1
metric-type (1|2)	Set the imported external route metric type, the default type is 2

Description: Import external routes

Example:

Import direct route, metric value 10, metric type 1
Switch(config-ospf-router)# import-route connected metric 10 metric-type 1

Regional settings

• Stub area

Command:

1. area {<0-4292967295>/ABCD} stub [no-summary]
2. no area {<0-4292967295>/ABCD} stub [no-summary]

Mode: global configuration mode

Parameter:

Parameter	Description
{<0-4294967295> / ABCD}	Zone ID, integer from 0-4294967295 or IPv4 address format
no-summary	Set whether to prohibit the ABR from sending LSA type 3 to the Stub area, that is, configure the area as a Totally Stub area

Description: set/unset locale as stub/totally stub

Example:

Set area 1 as stub area
Switch(config)# area 1 stub

• NSSA area

Command:

1. area {<0-4294967295> / ABCD} nssa [(translate-candidate|translate-never|translate-always)] [no-summary]
2. no area {<0-4294967295> / ABCD} nssa [(translate-candidate|translate-never|translate-always)] [no-summary]

Mode: global configuration mode

Parameter:

Parameter	Description
{<0-4294967295> / ABCD}	Zone ID, integer from 0-4294967295 or IPv4 address format
{translate-always / translate-never}	Set NSSA conversion type, the default is Never
no-summary	Set whether to prohibit the ABR from sending LSA type 3 to the area, that is, configure the area as a Totally NSSA area

Description: configure/unset zone to nssa/totally nssa

Example:

Set area 1 to nssa area
Switch(config)# area 1 nssa translate-always

Interface OSPF configuration

• Configure area ID

Command:

1. ip ospf area { <0-4294967295> /[ABCD]}
2. no ip ospf area { <0-4294967295> /[ABCD]}

Mode: VLAN interface configuration mode

Parameter:

Parameter	Description
<0-4294967295> /[ABCD]	Zone ID, integer from 0-4294967295 or IPv4 address format, default is 0.0.0.0

Description: Configure/Cancel Zone ID

Example:

Configure the area of the VLAN 10 interface as 1
Switch(config)# int vlan 10
Switch(config-if)# ip ospf area 1

• Configure network type

Command:

1. ip ospf network [(broadcast|non-broadcast|point-to-multipoint|point-to-point)]
2. no ip ospf network [(broadcast|non-broadcast|point-to-multipoint|point-to-point)]

Mode: VLAN interface configuration mode

Parameter:

Parameter	Description
{ broadcast / non-broadcast/ point-to-multipoint/ point-to-point}	Set the network type of the interface , the default is broadcast

Description: Configure/Cancel Network Type. If it is set to NBMA type, additional NBMA neighbors need to be set.

Example:

Enable the network type of VLAN 10 interface as P2P
Switch(config-if)# ip ospf network point-to-point

• Enable/disable interface suppression

Command:

1. ip ospf suppress
2. no ip ospf suppress

Mode: VLAN interface configuration mode

Parameter: none

Description: Enable/disable interface suppression function

Example:

Enable VLAN 10 interface suppression function
Switch(config-if)# ip ospf suppress

• Ignore MTU checksum

Command:

1. ip ospf mtu-ignore
2. no ip ospf mtu-ignore

Mode: VLAN interface configuration mode

Parameter: none

Description: Enable/disable ignore MTU check

Example:

Enable Ignore MTU check on VLAN 10 interface
Switch(config-if)# ip ospf mtu-ignore

• Configure/Cancel LSA Retransmission Interval

Command:

1. ip ospf retransmit-interval [<3-65535>]
2. no ip ospf retransmit-interval [<3-65535>]

Mode: VLAN interface configuration mode

Parameter:

Parameter	Description
<3-65535>	Set the LSA retransmission interval (in seconds ) , default 5

Description: Configure/Cancel LSA Retransmission Interval

Example:

Set the LSA retransmission interval of VLAN 10 interface to 10 seconds
Switch(config-if)# ip ospf retransmit-interval 10

• Configure/Cancel LSA Transmission Delay Time

Command:

1. ip ospf transmit-delay [<1-500>]
2. no ip ospf transmit-delay [<1-500>]

Mode: VLAN interface configuration mode

Parameter:

Parameter	Description
<1-500>	Set LSA transmission delay time (in seconds ) , default 1

Description: Configure/Cancel LSA Transmission Delay Time

Example:

LSA transmission delay time of VLAN 10 interface to 10 seconds
Switch(config-if)# ip ospf transmit-delay 10

• Configure/Cancel Hello Interval

Command:

1. ip ospf hello-interval [<1-65535>]
2. no ip ospf hello-interval [<1-65535>]

Mode: VLAN interface configuration mode

Parameter:

Parameter	Description
<1-65535>	Set the time interval for the interface to send Hello packets (in seconds ) , the default is 10.

Description: Configure/Cancel Hello Interval

Example:

Set the Hello interval of the VLAN10 interface to 10 seconds
Switch(config-if)# ip ospf hello-interval 10

• Configure/Cancel Fast Hello

Command:

1. ip ospf dead-interval minimal hello-multiplier [<1-10>]
2. no ip ospf dead-interval minimal hello-multiplier [<1-10>]

Mode: VLAN interface configuration mode

Parameter:

Parameter	Description
<1-10> _	Enable Fast Hello, and set the number of Hello packets sent by the interface per second , the default is 1

Description: Configure/Cancel Fast Hello

Example:

Enable the Fast Hello function of the VLAN 10 interface , and set the interface to send 10 Hello packets per second
Switch(config-if)# ip ospf dead-interval minimal hello-multiplier 10

• Configure /Cancel Neighbor Dead Time

Command:

1. ip ospf dead-interval [<1-65535>]
2. no ip ospf dead-interval [<1-65535>]

Mode: VLAN interface configuration mode

Parameter:

Parameter	Description
<1-65535> _	Set the failure time of adjacent neighbors (in seconds ) , default 40

Description: Configure/Cancel Neighbor Dead Time

Example:

Set the neighbor failure time of VLAN 10 interface to 10 seconds
Switch(config-if)# ip ospf dead-interval 10

• Configure/unset overhead value

Command:

1. ip ospf cost [<1-65535>]
2. no ip ospf cost [<1-65535>]

Mode: VLAN interface configuration mode

Parameter:

Parameter	Description
<1-65535> _	Set the cost value of the interface, the default is 10

Description: Configure/deactivate the cost value of an interface

Example:

Set the cost value of the VLAN 10 interface to 100
Switch(config-if)# ip ospf cost 100

• Configure/de-prioritize

Command:

1. ip ospf priority [<0-255>]
2. no ip ospf priority [<0-255>]

Mode: VLAN interface configuration mode

Parameter:

Parameter	Description
<0-255> _	Set the priority when the interface selects DR, the default is 1

Description: Configure/Cancel Interface Priority

Example:

Set priority 0 for VLAN 10 interface
Switch(config-if)# ip ospf priority 0

• Turn on/off authentication

Command:

1. ip ospf authentication
2. no ip ospf authentication

Mode: VLAN interface configuration mode

Parameter: none

Description: Enable/disable interface authentication

Example:

Enable authentication on the VLAN10 interface
Switch(config-if)# ip ospf authentication

• Configure Simple Authentication

Command:

1. ip ospf authentication-key [AUTH_KEY]
2. no ip ospf authentication-key [AUTH_KEY]

Mode: VLAN interface configuration mode

Parameter:

Parameter	Description
AUTH_KEY	Set the key used in simple authentication, the input limit is 1-8 characters

Description: Configure Simple Authentication

Example:

Set simple authentication key 123456 for VLAN10 interface
Switch(config-if)# ip ospf authentication
Switch(config-if)# ip ospf authentication-key 123456

• Configure MD5 authentication

Command:

1. ip ospf authentication message-digest
2. no ip ospf authentication message-digest
3. ip ospf message-digest-key <1-255> [md5 KEY]
4. no ip ospf message-digest-key <1-255> [md5 KEY]

Mode: VLAN interface configuration mode

Parameter:

Parameter	Description
<1-255>	Set the key ID used for interface MD5 authentication
md5 KEY	Set the key used for interface MD5 authentication, the input limit is 1-16 characters

Description: Configure MD5 authentication

Example:

Set MD5 authentication for VLAN10 interface , key ID 1 , key 12345678
Switch(config-if)# ip ospf authentication message-digest
Switch(config-if)# ip ospf message-digest-key 1 md5 12345678

NBMA neighbor configuration

• Configuring NBMA neighbors

Command:

1. neighbor ABCD [hello-interval <1-65535> priority <0-255>]
2. no neighbor ABCD [hello-interval <1-65535> priority <0-255>]

Mode: VLAN interface configuration mode

Parameter:

Parameter	Description
ABCD	specify neighbor interface address
<1-65535>	(in seconds ) for sending polling Hello packets on the NBMA network , the default is 6 0
<0-255>	Set the priority when participating in the DR election , the default is 0

Description: Configure/Cancel NBMA Neighborhood

Example:

Set the neighbor, the interface address is 192.168.10.2, the Hello interval is 20 seconds , and the priority is 1
Switch(config-ospf-router)# neighbor 192.168.10.2 hello-interval 20 priority 1

View OSPF related information

• Check the OSPF routing table

Command: show ip ospf route

Mode: privileged EXEC mode

Parameter: none

Description: Check the OSPF routing table

Example:

Switch# show ip ospf route

• View OSPF neighbor information

Command: show ip ospf neighbor {A.B.C.D/detail}

Mode: privileged EXEC mode

Parameter:

Parameter	Description
ABCD	View the details of a specified neighbor by selecting the neighbor ID
detail	View all neighbor details

Description: View OSPF neighbor information

Example:

Check neighbor 2.2.2.2 information
Switch# show ip ospf neighbor 2.2.2.2

• View OSPF interface information

Command: show ip ospf interface {vlan <1-4094>}

Mode: privileged EXEC mode

Parameter:

Parameter	Description
vlan <1-4094>	Select to view the corresponding VLAN interface information

Description: View OSPF interface information

Example:

View OSPF information on VLAN 10 interfaces of the device
Switch# show ip ospf interface vlan 10

• View OSPF database

Command: show ip ospf database { asbr-summary / external/ max-age/ network/ nssa-external/ opaque-area/ opaque-as/ opaque-link/ router/ self-originate/ summary} { self-originate}

Mode: privileged EXEC mode

Parameter:

Parameter	Description
{ asbr-summary / external/ max-age/ network/ nssa-external/ opaque-area/ opaque-as/ opaque-link/ router/ self-originate/ summary}	View the corresponding database information by selecting the corresponding Type LSA
{self-originate}	Select to view the data information generated by the switch itself

Description: View OSPF database

Example:

View OSPF link state database
Switch# show ip ospf database
View link state information of Type 3 LSAs
Switch# show ip ospf database summary
the Type 1 LSA generated by the device itself
Switch# show ip ospf database router self-originate

• View OSPF statistics

Command: show ip ospf statistic interface {all/vlan <1-4094>}

Mode: privileged EXEC mode

Parameter:

Parameter	Description
vlan <1-4094>	Choose whether to view the corresponding vlan data statistics

Description: View OSPF statistics

Example:

View statistics on all OSPF interfaces on the device
Switch# show ip ospf statistic interface all
View the data statistics of the VLAN 10 interface of the device
Switch# show ip ospf statistic interface vlan 10

POE

Configure PoE global attributes

Configure PoE reserved power

Command:

1. poe reserved_power (0-119)
2. do show poe

Mode: global configuration mode

Parameter:

Parameter	Description
(0-119)	Value range of reserved power

Description:

1. poe reserved_power (0-119) : configure PoE reserved power
2. do show poe : View PoE information

Example:

Switch> enable
Switch # configure
Switch(config)#poe reserved_power 100
Switch(config)# do show poe

Configure PoE restart

Command:

1. poe sofe_reboot
2. do show poe

Mode: global configuration mode

Parameter: none

Description:

1. poe sofe_reboot : Reboot all PoE interfaces
2. do show poe : View PoE information

Example:

Switch> enable
Switch # configure
Switch(config)#poe sofe_reboot
Switch(config)# do show poe

Enable/disable port protection

Command:

1. poe port_protect
2. no poe port_protect

Mode: global configuration mode

Parameter: none

Description: occurs three times in a minute , the port will be disabled immediately to protect the port.

Example:

Switch> enable
Switch#configure
Switch(config)# poe port_protect

Configure PoE interface properties

Configure the power supply mode of an interface

Command:

1. poe mode {enable | forcepower | disable }
2. do show poe port ethernet interface-id

Mode: interface configuration mode

Parameter:

Parameter	Description
enable	Auto Power Mode
forcepower	forced power mode
disable	power off mode
Ethernet interface-id	Switch Ethernet port

Description:

1. poe mode (enable | forcepower) : This command is used to enable PoE on the interface.
2. poe mode disable : This command is used to disable PoE on the interface.
3. do show poe port Ethernet interface-id : View POE interface information

By default, the PoE function of an interface is enabled , and it is in automatic power supply mode.

Example:

Switch> enable
Switch # configure
Switch(config)#interface Ethernet 1/0/1
Switch(config-if)#poe mode enable
Switch(config-if)#poe mode disable

Switch(config)#do show poe port Ethernet 1/0/1-1/0/8

Configure the PoE interface priority

Command:

1. poe priority (critical|high|low)
2. do show poe port Ethernet interface-id

Mode: interface configuration mode

Parameter:

Parameter	Description
critical	highest priority
high _	second highest priority
low	lowest priority
Ethernet interface-id	Switch Ethernet port

Description:

1. poe priority (critical |high| low) : configure the PoE interface priority
2. do show poe port Ethernet interface-id : View PoE interface information

Example:

Switch > enable
Switch # configure
Switch(config)#interface Ethernet 1/0/1
Switch(config-if)#poe priority critical
Switch(config)#do show poe port Ethernet 1 /0/1 - 1/0/8

Configure the PoE interface power supply standard

Command:

1. poe af_at (af | at)
2. poe standard (af | at | bt)
3. do show poe port Ethernet interface-id

Mode: interface configuration mode

Parameter:

Parameter	Description
af	The power supply standard is PoE
at	The power supply standard is PoE+
bt	The power supply standard is PoE++ (Type 3 )
Ethernet interface-id	Switch Ethernet port

Description:

1. poe af_at (af | at): Configure PoE interface priority (Supported only on GWN78xx(P) switches with PoE/PoE+ support).
2. poe standard (af|at|bt) : configure PoE interface priority (Supported only on GWN78xx(P) switches with PoE++ support).
3. do show poe port Ethernet interface-id : View PoE interface information.

Example:

Switch > enable
Switch # configure
Switch(config)#interface Ethernet 1/0/1
Switch(config-if)#poe af_at af
Switch(config)#do show poe port Ethernet 1/0/1 - 1/0/8

Configure the maximum power supply power of the PoE interface

Command:

1. poe limit (1-30)
2. poe limit_bt (1-60)
3. do show poe port Ethernet interface-id

Mode: interface configuration mode

Parameter:

Parameter	Description
(1-30)	Range of maximum power supply power of PoE interface
Ethernet interface-id	ethernet port

Description:

1. poe limit (1-30) : Configure the maximum power supply power of the PoE interface
2. poe limit_bt (1-60) : configure the maximum power of PoE interface 802.3bt power supply
3. do show poe port Ethernet interface-id : View PoE interface information

Example:

Switch > enable
Switch # configure
Switch(config)#interface Ethernet 1/0/1
Switch(config-if)#poe limitmode user
Switch(config-if)#poe limit 20
Switch(config)#do show poe port Ethernet 1/0/1 - 1/0/8

Configure the PoE interface limit mode

Command:

1. poe limitmode (class | user)
2. do show poe port Ethernet interface-id

Mode: interface configuration mode

Parameter:

Parameter	Description
class	Automatic configuration of power limits
user	Custom Power Limits
Ethernet interface-id	ethernet port

Description:

1. poe limitmode (class | user): configure the Poe interface limit mode
2. do show poe port Ethernet interface-id : View PoE interface information

Example:

Switch > enable
Switch # configure
Switch(config)#interface Ethernet 1/0/1
Switch(config-if)#poe limitmode user
Switch(config-if)#poe limit 20
Switch(config)#do show poe port Ethernet 1/0/1 - 1/0/8

PoE power supply disconnection time policy

Command:

1. poe schedule id {id} mode class
2. poe schedule no

Mode: interface configuration mode

Parameter:

Parameter	Description
{id}	Time policy ID, an integer ranging from 1 to 32

Description:

1. poe schedule id {id} mode class : set the power-off time on the port
2. poe schedule no : turn off the power off function on the port

Example:

Port 1 uses time policy 1
Switch # config
Switch(config)# interface Ethernet 1/0/1
Switch(config-if)# poe schedule id 1 mode class

Port 1 does not use time policy
Switch(config-if)# poe schedule no

View PoE related information

Command:

1. show poe
2. show poe chip chip-id
3. show poe port Ethernet interface-id

Mode: privileged EXEC mode

Parameter:

Parameter	Description
chip-id	Chip ID
Ethernet interface-id	ethernet port

Description:

1. Show poe: View POE global information
2. show poe chip chip-id : View POE chip information, GWN7801P has 1 chip, GWN7802P has 1 chip, GWN 7803P has 3 chips
3. show poe port Ethernet interface-id : View POE interface information

Example:

Switch> enable
Switch # Show poe
Switch # show poe chip 1
Switch# show poe port Ethernet 1/0/1 - 1/0/8

QOS

Configure port QoS trust mode

Command:

1. qos trust (802.1p| 802.1p-dscp| dscp| ip-precedence | none )

Mode: interface configuration mode

Parameter:

Parameter	Description
802.1p	Trust 802.1p Priority
802.1p – dscp	Support 802.1p and DSCP priority at the same time, and trust DSCP priority first
dscp	trust DSCP priority
ip- precedence	Trust IP Priority
none	no trust mode

Description:

1. qos trust: This command is used to configure the QoS trust mode of a certain port.
2. By default, the global trust mode is CoS priority.

Example:

Switch > enable
Switch# configure
Switch(config)# interface Ethernet 1/0/1
Switch (config-if) # qos trust dscp
Switch(config-if)# do show qos interface Ethernet 1/0/1

Configure port priority

Command: qos cos <0-7>

Mode: interface configuration mode

Parameter:

Parameter	Description
<0-7>	The allowed CoS value range is 0-7

Description:

1. qos cos : Used to configure the default priority of the port.
2. By default, the port priority is 0.

Example:

Switch > enable
Switch# configure
Switch(config)# interface Ethernet 1/0/1
Switch(config-if)# qos cos 3
Switch(config-if)# do show qos interface Ethernet 1/0/1

Configure port remarking

Command:

1. qos remark (cos| dscp| precedence)
2. no qos remark (cos| dscp| precedence)

Mode: interface configuration mode

Parameter:

Parameter	Description
cos	Re-mark CoS priority
dscp	Remark DSCP Priority
precedence	Remark IP priority

Description:

1. qos remark (cos| dscp| precedence): This command is used to configure the remark priority of the port.
2. no qos remark (cos| dscp| precedence): This command is used to delete the port remark configuration.

By default, the remark function is disabled for all ports.

After remarking is enabled, the corresponding remarking mapping table needs to be configured synchronously.

Note: dscp and IP priority re-marking functions cannot be enabled at the same time.

Example:

Switch > enable
Switch# configure
Switch(config)# interface Ethernet 1/0/1
Switch (config-if) # qos trust dscp
Switch(config-if)# do show qos interface Ethernet 1/0/1

Configure CoS – Queue Mapping Table

Command:

1. qos map cos-queue <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> to <0-7>
2. show qos map cos-queue

Mode: global configuration mode

Parameter:

Parameter	Description
[<0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7>]	Select one or more CoS values
<0-7>	Select a queue for the target CoS value, the queue index is 0~7

Description:

1. qos map cos-queue <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> to <0-7> : Configure queue values for each CoS value
2. show qos map cos-queue : View configuration

Example:

Switch > enable
Switch# configure
Switch (config) # qos map cos-queue 0 to 1
Switch (config) # qos map cos-queue 2 3 4 to 7 
Switch (config) # do show qos map cos-queue

Configure DSCP – Queue Mapping Table

Command:

1. qos map dscp-queue <0-63> <0-63> <0-63> <0-63> <0-63> <0-63> <0-63> <0-63> to <0-7>
2. show qos map dscp-queue

Mode: global configuration mode

Parameter:

Parameter	Description
[<0-63> <0-63> …<0-63>]	Select one or more dscp values, it is recommended to select up to 8 dscp values at the same time
<0-7>	Select a queue for the target dscp value, the queue index is 0~7

Description:

1. qos map dscp-queue <0-63> <0-63> <0-63> <0-63> <0-63> <0-63> <0-63> <0-63> to <0-7>: configure each Queue value for DSCP value
2. show qos map dscp-queue: View configuration

Example:

Switch > enable
Switch# configure
Switch (config) # qos map dscp -queue 50 to 7
Switch (config) # qos map dscp-queue 0 1 2 3 4 5 6 7 to 2
Switch (config) # do show qos map dscp-queue

Configuration IP Priority – Queue Mapping Table

Command:

1. qos map precedence-queue <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> to <0-7>
2. show qos map precedence-queue

Mode: global configuration mode

Parameter:

Parameter	Description
[<0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7>]	Select one or more ip precedence values
<0-7>	Select a queue for the target ip precedence value, the queue index is 0~7

Description:

1. qos map precedence-queue <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> to <0-7>: Configure the queue value for each ip precedence value
2. show qos map precedence-queue: View configuration

Example:

Switch > enable
Switch# configure
Switch (config) # qos
Switch (config) # qos map precedence-queue 5 to 7
Switch (config) # qos map precedence-queue 0 1 2 3 4 5 6 7 to 2
Switch# show qos map precedence-queue

Configure Queue – CoS remark mapping table

Command:

1. qos map queue-cos <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> < 0-7> to <0-7>
2. show qos map queue-cos

Mode: global configuration mode

Parameter:

Parameter	Description
[<0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7>]	Select one or more queue values, the queue index is 0~7
<0-7>	Choose a cos value for the target queue value

Description:

1. qos map queue-cos <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7>to<0-7> : Configure the remark cos value for each queue
2. show qos map queue-cos: view the configuration

Example:

Switch > enable
Switch# configure
Switch (config) # qos map queue-cos 1 to 4
Switch (config) # qos map queue-cos 2 3 4 5 6 7 to 5
Switch (config) # do show qos map queue-cos 

Configure queue – DSCP remark mapping table

Command:

1. qos map queue-dscp <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> to <0-63>
2. show qos map queue-dscp

Mode: global configuration mode

Parameter:

Parameter	Description
[<0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7>]	Select one or more queue values, the queue index is 0~7
<0-63>	Select a dscp value for the target queue value

Description:

1. qos map queue-dscp <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> < 0-7> to <0-63> :Configure the remark dscp value for each queue
2. show qos map queue-dscp: view the configuration

Example:

Switch > enable
Switch# configure
Switch (config) # qos map queue-dscp 1 to 40
Switch (config) # qos map queue-dscp 2 3 4 5 6 7 to 55
Switch (config) # do show qos map queue-dscp

Configure Queue – IP priority remark mapping table

Command:

1. qos map queue-precedence <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> to <0-7>
2. show qos map queue-precedence

Mode: global configuration mode

Parameter:

Parameter	Description
[<0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7>]	Select one or more queue values, the queue index is 0 ~ 7
<0-7>	Choose an ip precedence value for the target queue value

Description:

1. qos map queue-precedence <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> < 0-7 > to <0-7> : configure the remark ip precedence value for each queue
2. show qos map queue-precedence: View configuration

Example:

Switch > enable
Switch# configure
Switch (config) # qos map queue-precedence 1 to 4
Switch (config) # qos map queue-precedence 2 3 4 5 6 7 to 5
Switch (config) # do show qos map queue-precedence

Configure Scheduling Algorithm

Command:

1. qos queue type sp
2. qos queue type (wfq |wrr) weight <1-1 27> <1-1 27> <1-1 27> <1-1 27> <1-1 27> <1-1 27> <1-1 27> <1-1 27>
3. qos queue type (sp-wfq |sp-wrr) weight <0-127> <0-127> <0-127> <0-127> <0-127> <0-127> <0-127> <0 -127>

Mode: interface configuration mode

Parameter:

Parameter	Description
sp	Configure the queue to which the SP scheduling algorithm is applied, but the weight cannot be set
weight [weight1 ~ weight8]	Configure the weight of each queue; weight is an octet data, namely {weight1 ~ weight8}, where the value of a single queue weightN of wfq/wrr scheduling algorithm is an integer between 1-127, sp-wfq/sp- The weightN of a single queue in the wrr scheduling algorithm is an integer ranging from 0 to 127 . Enter the ratio of how often the scheduler forwards packets in each queue. Separate each value with a space. The ratio of queue number N is weightN / SumOf{ weight1 — weight8}

Description:

1. SP: Strict Priority (strict priority), scheduling is strictly in accordance with the priority of the queue, and the weight cannot be set.
2. WRR: weighted round robin, queues are scheduled according to weighted round robin, and the weight of each queue is set by package.
3. WFQ : weighted fair queue, scheduled according to weighted fair queue, and the weight of each queue is set in bytes.
4. SP-WRR: Join the SP group first, schedule according to strict priority, and then schedule according to the weight of weighted round robin.
5. SP-WFQ: Join the SP group first, schedule according to the strict priority, and then schedule according to the weight of the weighted fair queue. By default, the scheduling algorithm applied to all queues is SP.

Example:

Switch > enable
Switch# configure
Switch(config)# interface Ethernet 1/0/1
Switch(config-if)# qos queue type sp-wfq weight 0 1 2 3 4 5 6 7
Switch(config-if)# do show qos queuing

Configure queue shaping (egress queue rate limit CIR)

Command:

1. rate-limit egress queue < 0-7> <16-1000000>
2. no rate-limit egress queue <0-7>

Mode: interface configuration mode

Parameter:

Parameter	Description
<0-7>	port queue index
<16-1000000>	The average rate limit of the queue, the allowed input range is 16-1000000, the unit is Kbps, and it needs to be a multiple of 16. (If the input is not a multiple of 16, the program will automatically convert to the nearest multiple of 16 to the input value.)

Description:

1. rate-limit egress queue <0-7> <16-1000000>: Under the specified port, configure the rate limit of the egress queue.
2. no rate-limit egress queue <0-7>: Used to clear the rate limit configuration of the specified egress queue.
3. By default, the egress queue rate is not limited.

Example:

Switch > enable
Switch# configure
Switch(config)# interface Ethernet 1/0/1
Switch(config-if)# rate-limit egress queue 3 6400
Switch(config-if)# no rate-limit egress queue 3

Configure queue shaping (egress queue speed limit CBS)

Command:

1. rate-limit egress queue <0-7> burst <burst-53247>
2. no rate-limit egress queue <0-7> burst

Mode: interface configuration mode

Parameter:

Parameter	Description
<0-7>	port queue index
<16-1000000>	The average rate limit of the queue, the allowed input range is 16-1000000, the unit is Kbps, and it needs to be a multiple of 16. (If the input is not a multiple of 16, the program will automatically convert to the nearest multiple of 16 to the input value.)
<burst-53247>	The committed burst traffic that can pass instantly , the value range is: GWN7806(P)/GWN7832/GWN7816(P): 1368-53247bytes , default 53247bytes GWN7811(P)/GWN7812P/GWN7813(P)/GWN7830/GWN7831: 678-53247bytes , default 53247bytes

Description:

1. rate-limit egress queue <0-7> burst <678-53247> : Under the specified port, configure the committed burst flow CBS of the egress queue ( CIR must be set first ) .
2. no rate-limit egress queue <0-7> burst : Used to clear the committed burst CBS of the specified egress queue.
3. By default, the egress queue CIR/CBS is not limited.

Example:

Switch > enable
Switch# configure
Switch(config)# interface Ethernet 1/0/1
Switch(config-if)# rate-limit egress queue 1 6400
Switch(config-if)# no rate-limit egress queue 1 burst 53247

Configuring Port Rate Limiting CIR

Command:

1. rate-limit (egress | ingress) <16-1000000>
2. no rate-limit (egress| ingress)

Mode: interface configuration mode

Parameter:

Parameter	Description
egress	Export
ingress	Entrance
<16-1000000>	Average rate limit, the allowable input range is 16-1000000, the unit is Kbps, and it needs to be a multiple of 16 (if the input is not a multiple of 16 , the program will automatically convert it to the closest multiple of 16 to the input value).

Description:

1. rate-limit egress <16-1000000>: Under the specified port, configure the egress rate limit.
2. rate-limit in progress <16-1000000>: Under the specified port, configure the ingress rate limit.
3. no rate-limit (egress | ingress): Used to clear egress/ingress rate-limit configuration.
4. By default, the egress and ingress rates are not limited.

Example:

Switch > enable
Switch# configure
Switch(config)# interface Ethernet 1/0/1
Switch(config-if)# rate-limit egress 6400
Switch(config-if)# rate-limit ingress 10000
Switch(config-if)# no rate-limit egress

Configure port speed limit CBS

Command:

1. rate-limit egress burst <burst-53247>
2. no rate-limit egress burst
3. rate-limit ingress burst <32768-burst>
4. no rate-limit ingress burst

Mode: interface configuration mode

Parameter:

Parameter	Description
Egress burst	Export commitment burst traffic
Ingress burst	Ingress committed burst traffic
<burst-53247>	In the outbound direction , the value range is: GWN7806(P)/GWN7832 /GWN7816(P) : 1368-53247 bytes GWN7811(P)/GWN7812P/GWN7813(P)/GWN7830/GWN7831: 678-53247bytes
<32768-burst>	Incoming direction CBS, the value range is: GWN7806(P)/GWN7832/GWN7816(P): 32768-65535 bytes. GWN7811(P)/12P/13(P)/GWN7830/GWN7831: 32768-2147483647bytes

Description:

1. rate-limit egress burst <burst-53247> : Configure egress CBS under the specified port.
2. no rate-limit egress burst : used to clear the CBS of the exit, if the speed limit in the exit direction is not closed, it will return to the default value of 32768 after clearing the CBS.
3. rate-limit in regression burst <32768-burst> : Configure ingress CBS under the specified port.
4. no rate-limit in gress burst : used to clear the exit/entry CBS , if the speed limit in the inbound direction is not closed, it will return to the default value of 32768 after clearing the CBS
5. By default, the egress and ingress rates are not limited.

Example:

Switch > enable
Switch# configure
Switch(config)# interface Ethernet 1/0/1
Switch(config-if)# rate-limit egress burst 678
Switch(config-if)# no rate-limit egress burst
Switch(config-if)# rate-limit ingress burst 327699
Switch(config-if)# no rate-limit ingress burst

View QoS related information

Command:

1. show qos map
2. show qos map (cos-queue| dscp-queue| precedence-queue| queue-cos| queue-dscp| queue-precedence)
3. show qos interfaces (Ethernet| LAG) <id>
4. show qos queuing
5. show running-config
6. show running-config {interfaces Ethernet| LAG <id>}

Mode: privileged EXEC mode

Parameter: none

Description:

1. show qos map: View all mapping tables
2. show qos map (cos-queue| dscp-queue| precedence-queue| queue-cos| queue-dscp| queue-precedence): View the specified mapping table.
3. show qos interfaces (Ethernet| LAG) <1- 2 8>: View the Q oS attributes of the specified port, including the port priority value, trust status, and remark status.
4. show qos queuing: View the scheduling algorithm being used.
5. show running-config: You can view all non-default configurations related to QoS.
6. show running-config {interfaces Ethernet| LAG <1- 2 8>}: You can view all non-default configurations of the specified port.

Example:

Switch > enable
Switch# show qos map dscp-queue
Switch# show qos interfaces LAG 1
Switch# show running-config interfaces Ethernet 1/0/1

SECURITY

Storm control

Check – storm control

Command: show storm-control

Mode: privileged EXEC mode

Parameter: none

Description: View the configuration details of each port storm

Example:

switch # show storm-control

Global configuration – strom control

Command:

1. storm control preamble and IFG {Excluded | Included}
2. storm control unit {bps | pps}

Mode: privileged EXEC mode

Parameter:

Parameter	Description
[include\exclude]	Configure frame interval
[bps\pps]	statistical unit

Description:

1. IFG {Excluded | Included}: configure frame interval
2. unit {bps | pps}: statistical unit

Example:

Switch# storm control preamble and IFG Excluded
Switch# storm control unit bps

Port configuration – storm control

Command:

1. storm-control
2. no storm-control
3. storm-control {broadcast | unkbown-multicast | unknown-unicast} level x[1-1024]

Mode: interface configuration mode

Parameter:

Parameter	Description
[no] storm-control	[ Close ] Enable port storm control function
action {drop | shutdown}	action {discard illegal packets | close port}
broadcast level [1-1024]	Broadcast packet, the value range is 1-1024 (the value is related to the measurement unit)
unknown-multicast	unknown multicast packet
unknown-unicast	unknown unicast packet

Description:

1. no storm-control: Disable the port storm control function
2. storm-control: enable port storm control function
3. storm-control {broadcast | unkbown-multicast | unknown-unicast} level x[1-1024] : Configure storm control threshold for broadcast / unkbown- multicast /unknown -unicast

Example:

Switch(config-if)# no storm-control
Switch(config-if)# storm-control
Switch(config-if)# storm-control broadcast level 1024

Port security

Check – port security

Command:

1. show port-security
2. show port-security address
3. show port-security interfaces Ethernet interface id

Mode: privileged EXEC mode

Parameter:

Parameter	Description
Ethernet interface id	The port number

Description:

1. show port-security: View port security settings
2. show port-security address: View port security MAC address
3. show port-security interfaces Ethernet interface id: View port security status

Example:

Switch# show port-security
Switch# show port-security address
Switch# show port-security interfaces Ethernet interface 1/0/2

Global configuration – port security

Command:

1. port-security
2. no port-security
3. port-security rate-limit x[1-600]

Mode: global configuration mode

Parameter:

Parameter	Description
x[1-600]	Value range of port security rate limit

Description:

1. port-security: Enable the global port security function
2. no port-security: Turn off the global port security function
3. port-security rate-limit x[1-600] : configure port security rate limit

Example:

Switch(config)# port-security
Switch(config)# no port-security
Switch(config)# port-security rate-limit 600

Port configuration – port security

Command:

1. port-security
2. no port-security
3. port-security address-limit x[1-256]
4. port-security mac-address sticky
5. no port-security mac-address sticky
6. port-security mac-address [mac] [vlan x]
7. port-security violation [protect\restric\shutdown]

Mode: interface configuration mode

Parameter:

Parameter	Description
x[1-256]	Configuring the maximum number of MAC addresses on a port
[mac] [vlan x]	Entries in the port security MAC address table : MAC address and VLAN
[protect\restrict\shutdown]	Port Protection Action protect : discard illegal packets, keep silent restrict : Discard illegal packets and report alarm notifications shutdown : close the port

Description:

1. port-security: Enable port security
2. no port-security: turn off port security
3. port-security address-limit x[1-256] : Configure the maximum number of MACs
4. port-security mac-address sticky: enable Sticky MAC address function
5. no port-security mac-address sticky: disable Sticky MAC address function
6. port-security mac-address [mac] [vlan x]: configure port security MAC address and VLAN
7. port-security violation [protect\restrict\shutdown]: Configure port security protection action

Example:

Switch(config-if)# port-security
Switch(config-if)# port-security address-limit 256
Switch(config-if)# [no] port-security mac-address sticky
Switch(config-if)# port-security mac-address aa:bb:cc:ff:ee:dd vlan 1
Switch(config-if)# port-security violation protect

Port isolation

Command: protected

Mode: interface configuration mode

Parameter:

Parameter	Description
protected	Enable port isolation

Description: Enable port isolation

Example:

Switch # configure
Switch(config)# interface Ethernet 1/0/1
Switch(config-if)# protected
Switch(config-if)# exit
Switch(config)# exit
Switch#

ACL

MAC ACL

• Create/delete MAC ACL

Command:

1. mac acl name
2. no mac acl name

Mode: global configuration mode

Parameter:

Parameter	Description
name	MAC ACL name, 1-64 characters, support numbers, letters and special characters ( excluding “\?/, ).

Description: Create/delete MAC ACL

Example:

Create an ACL named test1
Switch(config)# mac acl test1

• Create/delete permit rules

Command:

1. sequence <1-2147483647> permit {source mac} {dest mac} {vlan xx} {cos value} {ethtype <0x0600-0xFFFF>} schedule {id}
2. no sequence <1-2147483647>

Mode: ACL configuration mode

Parameter:

Parameter	Description
<1-2147483647>	rule ID
{source mac}	Source MAC address and mask
{dest mac}	Destination MAC address and mask
{vlan xx}	VLAN ID of the packet
{cos value}	CoS priority
ethtype <0x0600-0xFFFF>	Ethernet protocol
{id}	Time policy ID, an integer ranging from 1 to 32

Description: Create/delete permit rules

Example:

a rule that allows LLDP packets with a destination MAC address of 22:33:44:55:66:77 and a VLAN 3 tag to pass within the time range of time policy ID 1
Switch(config-mac-acl)# permit any 22:33:44:55:66:77/FF:FF:FF:FF:FF:FF:FF vlan 3 ethtype 0x88CC schedule 1

• Create/delete deny rules

Command:

1. sequence <1-2147483647> deny {source mac} {dest mac} {vlan xx} {cos value} {ethtype <0x0600-0xFFFF>} schedule {id}
2. no sequence <1-2147483647>

Mode: ACL configuration mode

Parameter:

Parameter	Description
<1-2147483647>	rule ID
{source mac}	Source MAC address and mask
{dest mac}	Destination MAC address and mask
{vlan xx}	VLAN ID of the packet
{cos value}	CoS priority
ethtype <0x0600-0xFFFF>	Ethernet protocol
{id}	Time policy ID , an integer whose value ranges from 1 to 32

Description: Create/delete deny rules

Example:

Create a rule to deny the passage of MPLS packets with a source MAC address of 1C:69:7A:B4:E5:AA, a VLAN 20 tag, and a CoS value of 2 within the time range of time policy ID 1
Switch(config-mac-acl)# deny 1C:69:7A:B4:E5:AA/FF:FF:FF:FF:FF:FF any vlan 20 cos 2 7 ethtype 0x8847 schedule 1

• Create/delete shutdown rules

Command:

1. sequence <1-2147483647> deny {source mac} {dest mac} {vlan xx} {cos value} {ethtype <0x0600-0xFFFF>} schedule {id} [shutdown]
2. no sequence <1-2147483647>

Mode: ACL configuration mode

Parameter:

Parameter	Description
<1-2147483647>	rule ID
{source mac}	Source MAC address and mask
{dest mac}	Destination MAC address and mask
{vlan xx}	VLAN ID of the packet
{cos value}	CoS priority
ethtype <0x0600-0xFFFF>	Ethernet protocol
{id}	Time policy ID, an integer ranging from 1 to 32
[shutdown]	when the rule matches

Description: Create/delete shutdown rules

Example:

Created within the time range of time policy ID 1 , when the source MAC is 1C:69:7A:B4:E5:AA with VLAN When the ARP packet with 10 labels and CoS value is 2, the port executes the shutdown action rule
Switch(config-mac-acl)# deny 1C:69:7A:B4:E5:AA/FF:FF:FF:FF:FF:FF any vlan 10 cos 2 7 ethtype 0x806 schedule 1 shutdown

• MAC ACL binding

Command:

1. mac acl name
2. no mac acl

Mode: interface configuration mode

Parameter:

Parameter	Description
name	MAC ACL name, 1-64 characters, support numbers, letters and special characters ._@

Description: Bind/unbind MAC ACL

Example:

Bind the mac acl named "test" to the port
Switch(config-if)# mac acl test
unbind mac acl
Switch(config-if)# no mac acl

• Show rules

Command: show mac acl [ name ]

Mode: global configuration mode

Parameter:

Parameter	Description
name	MAC ACL name, 1-64 characters, support numbers, letters and special characters ._@

Description: View MAC Detailed rules of ACL

Example:

View the detailed rules of mac acl named test1
Switch# show mac acl test1

IPV4 ACL

• Create/delete IPv4 ACL

Command:

1. ip acl name
2. no ip acl name

Mode: global configuration mode

Parameter:

Parameter	Description
name	ip ACL name, 1-64 characters, support numbers, letters and special characters ( excluding “\?/, ).

Description: Create/delete IPv4 ACL

Example:

Create an ACL named test1
Switch(config)# ip acl test1

• Create/delete permit rules

Command:

1. sequence <1-2147483647> permit {protocol} {source ip} {dest ip} {dscp/precedence} {value} schedule {id}
2. sequence <1-2147483647> permit tcp {source ip} {source port/source port range} {dest ip} {dest port/dest port range} match-all {TCP_FLAG} {dscp/precedence} {value} schedule {id}
3. sequence <1-2147483647> permit udp {source ip} {source port/source port range} {dest ip} {dest port/dest port range} {dscp/precedence} {value} schedule {id}
4. sequence <1-2147483647> permit icmp {source ip} {dest ip} {icmp type} {icmp code} {dscp/precedence} {value} schedule {id}
5. no sequence <1-2147483647>

Mode: ACL configuration mode

Parameter:

Parameter	Description
<1-2147483647>	rule ID
{protocol}	an integer ranging from 0 to 255
{source ip}	Source IP address and mask
{source port/source port range}	Source IP address port /port range
{dest ip}	Destination IP address and mask
{dest port/dest port range}	Destination IP address port /port range
{TCP_FLAG}	TCP flag
{icmp type} {icmp code}	ICMP message type and message code
{dscp/precedence}{value}	Match the type of ToS
{id}	Time policy ID, an integer ranging from 1 to 32

Description: Create/delete permit rules

Example:

Created within the time range of time policy ID 1 , allow TCP data with source IP address 192.168.1.245, source port 20, destination port 5001-5006 , with TCP flags ack and urg, and DSCP priority 63 package through
Switch(config-ip-acl)# permit tcp 192.168.1.245/255.255.255.255 ftp-data any 5001-5006 match-all +ack+urg dscp 63 schedule 1

Created within the time range of time policy ID 1 , UDP packets with source port 68 , destination IP 192.168.1.17 , destination port 37 , and IP priority 7 are allowed to pass
Switch(config-ip-acl)# permit udp any bootpc 192.168.1.17/255.255.255.255 time precedence 7 schedule 1
Created within the time range of time policy ID 1 , all ICMP packets with unreachable destinations and message code 21 are allowed to pass
Switch(config-ip-acl)# permit icmp any any destination-unreachable 21 dscp 60 schedule 1

• Create/delete deny rules

Command:

1. sequence <1-2147483647> deny {protocol} {source ip} {dest ip} {dscp/precedence} {value} schedule {id}
2. sequence <1-2147483647> deny tcp {source ip} {source port/source port range} {dest ip} {dest port/dest port range} match-all {TCP_FLAG} {dscp/precedence} {value} schedule {id}
3. sequence <1-2147483647> deny udp {source ip} {source port/source port range} {dest ip} {dest port/dest port range} {dscp/precedence} {value} schedule {id}
4. sequence <1-2147483647> deny icmp {source ip} {dest ip} {icmp type} {icmp code} {dscp/precedence} {value} schedule {id}
5. no sequence <1-2147483647>

Mode: ACL configuration mode

Parameter:

Parameter	Description
<1-2147483647>	rule ID
{protocol}	an integer ranging from 0 to 255
{source ip}	Source IP address and mask
{source port/source port range}	Source IP address port /port range
{dest ip}	Destination IP address and mask
{dest port/dest port range}	Destination IP address port /port range
{TCP_FLAG}	TCP flag
{icmp type} {icmp code}	ICMP message type and message code
{dscp/precedence}{value}	Match the type of ToS
{id}	Time policy ID, an integer ranging from 1 to 32

Description: Create/delete deny rules

Example:

Created within the time range of time policy ID 1 , reject TCP packets with source IP address 192.168.1.245 , source port 20 , destination port 5001-5006 , flag bits ack and urg , and DSCP priority 63 pass
Switch(config-ip-acl)# deny tcp 192.168.1.245/255.255.255.255 ftp-data any 5001-5006 match-all +ack+urg dscp 63 schedule 1

Created within the time range of time policy ID 1 , deny the UDP packets with source port 68 , destination IP address 192.168.1.17 , destination port 37 , and IP priority 7
Switch(config-ip-acl)# deny udp any bootpc 192.168.1.17/255.255.255.255 time precedence 7 schedule 1

Created within the time range of time policy ID 1 , all ICMP packets whose destination is unreachable and whose message code is 21 are rejected from passing
Switch(config-ip-acl)# deny icmp any any destination-unreachable 21 dscp 60 schedule 1

• Create/delete shutdown rules

Command:

1. sequence <1-2147483647> deny {protocol} {source ip} {dest ip} {dscp/precedence} {value} schedule {id} [shutdown]
2. sequence <1-2147483647> deny tcp {source ip} {source port/source port range} {dest ip} {dest port/dest port range} match-all {TCP_FLAG} {dscp/precedence} {value} schedule {id} [shutdown]
3. sequence <1-2147483647> deny udp {source ip} {source port/source port range} {dest ip} {dest port/dest port range} {dscp/precedence} {value} schedule {id} [ shutdown ]
4. sequence <1-2147483647> deny icmp {source ip} {dest ip} {icmp type} {icmp code} {dscp/precedence} {value} schedule {id} [shutdown]
5. no sequence <1-2147483647>

Mode: ACL configuration mode

Parameter:

Parameter	description
<1-2147483647>	rule ID
{protocol}	an integer ranging from 0 to 255
{source ip}	Source IP address and mask
{source port/source port range}	Source IP address port /port range
{dest ip}	Destination IP address and mask
{dest port/dest port range}	Destination IP address port /port range
{TCP_FLAG}	T CP flag
{icmp type} {icmp code}	ICMP message type and message code
{dscp/precedence}{value}	Match the type of ToS
{id}	Time policy ID, an integer ranging from 1 to 32
[shutdown]	when the rule matches

Description: Create/delete shutdown rules

Example:

Created within the time range of time policy ID 1 , when a TCP with source IP address 192.168.1.245 , source port 20 , destination port 5001-5006 , flag bits ack and urg , and DSCP priority 63 is encountered Packet, port execution shutdown action
Switch(config-ip-acl)# deny tcp 192.168.1.245/255.255.255.255 ftp-data any 5001-5006 match-all +ack+urg dscp 63 schedule 1 shutdown

Created within the time range of time policy ID 1 , when a UDP data packet with source port 68 , destination IP address 192.168.1.17 , destination port 37 , and IP priority 7 is encountered, the port will execute shutdown action
Switch(config-ip-acl)# deny udp any bootpc 192.168.1.17/255.255.255.255 time precedence 7 schedule 1 shutdown

Created within the time range of time policy ID 1 , when encountering all ICMP data packets whose destination is unreachable and whose message code is 21 , the port will execute the shutdown action
Switch(config-ip-acl)# deny icmp any any destination-unreachable 21 dscp 60 schedule 1 shutdown

• IPv4 ACL binding

Command:

1. ip acl name
2. no ip acl

Mode: interface configuration mode

Parameter:

Parameter	Description
name	IPv4 ACL name, 1-64 characters, support numbers, letters and special characters ._@

Description: Bind/unbind IPv4 ACL

Example:

v4 acl named "test" to the port
Switch(config-if)# ip acl test
unbind ipv4 acl
Switch(config-if)# no ip acl

• View rules

Command: show ip acl [ name ]

Mode: global configuration mode

Parameter:

Parameter	Description
name	IPv4 ACL name, 1-64 characters, support numbers, letters and special characters ._@

Description: View IPv4 Detailed rules of ACL

Example:

View the detailed rules of ip v4 acl named test1
Switch# show ip acl test1

IPV6 ACL

• Create/delete IPv6 ACL

Command:

1. ipv6 acl name
2. no ipv6 acl name

Mode: global configuration mode

Parameter:

Parameter	Description
name	ipv6 ACL name, 1-64 characters, support numbers, letters and special characters ( excluding “\?/, ).

Description: Create/delete IPv6 ACL

Example:

Create an ACL named test1
Switch(config)# ipv6 acl test1

• Create/delete permit rules

Command:

1. sequence <1-2147483647> permit {protocol} {source ip} {dest ip} {dscp/precedence} {value} schedule {id}
2. sequence <1-2147483647> permit tcp {source ip} {source port/source port range} {dest ip} {dest port/dest port range} match-all { TCP_FLAG} {dscp/precedence} {value} schedule {id}
3. sequence <1-2147483647> permit udp {source ip} {source port/source port range} {dest ip} {dest port/dest port range} {dscp/precedence} {value} schedule {id}
4. sequence <1-2147483647> permit icmp {source ip} {dest ip} {icmp type} {icmp code} {dscp/precedence} {value} schedule {id}
5. no sequence <1-2147483647>

Mode: ACL configuration mode

Parameter:

Parameter	Description
<1-2147483647>	rule ID
{protocol}	an integer ranging from 0 to 255
{source ip}	Source IPv6 address and mask
{source port/source port range}	Source IPv6 address port /port range
{dest ip}	Destination IPv6 address and mask
{dest port/dest port range}	Destination IPv6 address port /port range
{TCP_FLAG}	TCP flag
{icmp type} {icmp code}	ICMP message type and message code
{dscp/precedence}{value}	Match the type of ToS
{id}	Time policy ID, an integer ranging from 1 to 32

Description: Create/delete permit rules

Example:

Created within the time range of time policy ID 1 , the source IPv6 address is allowed to be 2409:8754:3020:11:585e:67e:c77b:aef , the source port is 80 , the destination port is 1000-1200 , with the TCP flag Bit fin and psh , TCP packets with DSCP priority 1 pass
Switch(config-ipv6-acl)# permit tcp 2409:8754:3020:11:585e:67e:c77b:aef/128 www any 1000-1200 match-all +fin+psh dscp 1 schedule 1
Create UDP with source port 7 , destination IPv6 address 2409:8754:3020:11:4dc:b5b6:2f2d:1415 , destination port 514 , and IP priority 3 within the time range of time policy ID 1 . packets through
Switch(config-ipv6-acl)# permit udp any echo 2409:8754:3020:11:4dc:b5b6:2f2d:1415/128 syslog precedence 3 schedule 1

Created within the time range of time policy ID 1 , all ICMP packets with message code 29 and IP priority 7 are allowed to pass through
Switch(config-ipv6-acl)# permit icmp any any packet-too-big 29 precedence 7 schedule 1

• Create/delete deny rules

Command:

1. sequence <1-2147483647> deny {protocol} {source ip} {dest ip} {dscp/precedence} {value} schedule {id}
2. sequence <1-2147483647> deny tcp {source ip} {source port/source port range} {dest ip} {dest port/dest port range} match-all {TCP_FLAG} {dscp/precedence} {value} schedule {id}
3. sequence <1-2147483647> deny udp {source ip} {source port/source port range} {dest ip} {dest port/dest port range} {dscp/precedence} {value} schedule {id}
4. sequence <1-2147483647> deny icmp {source ip} {dest ip} {icmp type} {icmp code} {dscp/precedence} {value} schedule {id}
5. no sequence <1-2147483647>

Mode: ACL configuration mode

Parameter:

Parameter	Description
<1-2147483647>	rule ID
{protocol}	an integer ranging from 0 to 255
{source ip}	Source IPv6 address and mask
{source port/source port range}	Source IPv6 address port /port range
{dest ip}	Destination IPv6 address and mask
{dest port/dest port range}	Destination IPv6 address port /port range
{TCP_FLAG}	TCP flag
{icmp type} {icmp code}	ICMP message type and message code
{dscp/precedence}{value}	Match the type of ToS
{id}	Time policy ID, an integer ranging from 1 to 32

Description: Create/delete deny rules

Example:

Created within the time range of time policy ID 1 , deny source IPv6 address 2409:8754:3020:11:585e:67e:c77b:aef , source port 80 , destination port 1000-1200 , with flag fin and psh, TCP packets with DSCP priority 1 pass through
Switch(config-ipv6-acl)# deny tcp 2409:8754:3020:11:585e:67e:c77b:aef/128 www any 1000-1200 match-all +fin+psh dscp 1 schedule 1

Create a UDP with source port 7 , destination IPv6 address 2409:8754:3020:11:4dc:b5b6:2f2d:1415 , destination port 514 , and IP priority 3 within the time range of time policy ID 1. packets through
Switch(config-ipv6-acl)# deny udp any echo 2409:8754:3020:11:4dc:b5b6:2f2d:1415/128 syslog precedence 3 schedule 1
Create within the time range of time policy ID 1 , reject all ICMP data packets with message code 29 and IP priority 7 that are too large to pass through
Switch(config-ipv6-acl)# deny icmp any any packet-too-big 29 precedence 7 schedule 1

• Create/delete shutdown rules

Command:

1. sequence <1-2147483647> deny {protocol} {source ip} {dest ip} {dscp/precedence} {value} schedule {id} [shutdown]
2. sequence <1-2147483647> deny tcp {source ip} {source port/source port range} {dest ip} {dest port/dest port range} match-all {TCP_FLAG} {dscp/precedence} {value} schedule {id} [shutdown]
3. sequence <1-2147483647> deny udp {source ip} {source port/source port range} {dest ip} {dest port/dest port range} {dscp/precedence} {value} schedule {id} [ shutdown ]
4. sequence <1-2147483647> deny icmp {source ip} {dest ip} {icmp type} {icmp code} {dscp/precedence} {value} schedule {id} [shutdown]
5. no sequence <1-2147483647>

Mode: ACL configuration mode

Parameter:

Parameter	description
<1-2147483647>	rule ID
{protocol}	an integer ranging from 0 to 255
{source ip}	Source IPv6 address and mask
{source port/source port range}	Source IPv6 address port /port range
{dest ip}	Destination IPv6 address and mask
{dest port/dest port range}	Destination IPv6 address port /port range
{TCP_FLAG}	TCP flag
{icmp type} {icmp code}	ICMP message type and message code
{dscp/precedence}{value}	Match the type of ToS
{id}	Time policy ID, an integer ranging from 1 to 32
[shutdown]	when the rule matches

Description: Create/delete shutdown rules

Example:

Created within the time range with the time policy ID of 1 , when the source IPv6 address is 2409:8754:3020:11:585e:67e:c77b:aef , the source port is 80 , the destination port is 1000-1200, with a flag Bit fin and psh, TCP data packets with DSCP priority 1 , the port executes the shutdown action
Switch(config-ipv6-acl)# deny tcp 2409:8754:3020:11:585e:67e:c77b:aef/128 www any 1000-1200 match-all +fin+psh dscp 1 schedule 1 shutdown

Created within the time range of time policy ID 1 , when the source port is 68 , the destination IPv6 address is 2409:8754:3020:11:4dc:b5b6:2f2d:1415 , the destination port is 514 , and the IP priority is 3 UDP packets, the port executes the shutdown action
Switch(config-ipv6-acl)# deny udp any echo 2409:8754:3020:11:4dc:b5b6:2f2d:1415/128 syslog precedence 3 schedule 1 shutdown

Created within the time range of the time policy ID 1 , when encountering all ICMP data packets with a message
code of 29 and an IP priority of 7 , the port will perform a shutdown action
Switch(config-ipv6-acl)# deny icmp any any packet-too-big 29 precedence 7 schedule 1 shutdown

• IPv6 ACL binding

Command:

1. ipv6 acl name
2. no ipv6 acl

Mode: interface configuration mode

Parameter:

Parameter	Description
name	IPv6 ACL name, 1-64 characters, support numbers, letters and special characters ._@

Description: Bind/unbind IPv6 ACL

Example:

v6 acl named "test" to the port
Switch(config-if)# ipv6 acl test
unbind ipv6 acl
Switch(config-if)# no ipv6 acl

• View rules

Command: show ipv6 acl [ name ]

Mode: global configuration mode

Parameter:

Parameter	Description
name	IPv6 ACL name, 1-64 characters, support numbers, letters and special characters ._@

Description: Check the detailed rules of IPv6 ACL

Example:

View the detailed rules of ip v6 acl named test1
Switch# show ip v6 acl test1

ACL Statistics

• Configure ACL Statistics

Command:

1. acl-counter-set [name] sequence <1-2147483647>
2. acl-counter-set [name] sequence <1-2147483647> (byte64|packet32)
3. acl-counter-set [name] sequence <1-2147483647> (byte64|packet32) idx <1-32>

Mode: global configuration mode

Parameter:

Parameter	Description
name	ACL name
<1-2147483647>	ACL rule ID
byte64|packet32	statistical unit Note : Only GWN7801(P)/02(P)/03(P)/11(P)/12P/13(P) /GWN7830/GWN7831/GWN7816(P) support configuration.
<1-32>	Statistics ID Note : Only supported by GWN7801(P)/02(P)/03(P)

Description:

1. Configure ACL Statistics
2. acl-counter-set [name] sequence <1-2147483647> : Set ACL statistics count , applicable model: GWN7806(P).
3. acl-counter-set [name] sequence <1-2147483647> (byte64|packet32) : Set ACL statistics count , applicable model: GWN7811(P)/12P/13(P)
4. acl-counter-set [name] sequence <1-2147483647> (byte64|packet32) idx <1-32> : set ACL statistics count, applicable model: GWN7801(P)/02(P)/03(P)

Example:

Configure the statistics of ACL name 1 and sequence number 1
GWN7806(config)# acl-counter-set 1 sequence 1

Configure the statistics of ACL name 2 and sequence number 2, and the statistical unit is packet32
GWN7811 (config)# acl-counter-set 2 sequence 2 packet32

Configure the statistics of ACL name 3 and sequence number 3 , the statistics unit is packet32, and the statistics ID is 3
GWN7801 (config)# acl-counter-set 3 sequence 3 packet32 idx 3

• Cancel ACL Statistics

Command: no acl-counter-set [name] sequence (<1-2147483647>|all)

Mode: global configuration mode

Parameter:

Parameter	Description
name	ACL name
<1-2147483647>|all	Cancel the statistics of a single rule, or cancel the statistics of all

Description: Cancel ACL Statistics

Example:

Cancel the statistical binding of ACL name 1 and serial number 1
GWN7806(config)# no acl-counter-set 1 sequence 1

all statistical bindings for ACL name 2
GWN7811 (config)# no acl-counter-set 2 sequence all

• Clear ACL Statistics

Command: acl-counter-clear [name] sequence (<1-2147483647>|all)

Mode: global configuration mode

Parameter:

Parameter	Description
name	ACL name
<1-2147483647>|all	Clear statistics for a single rule, or all

Description: Clear ACL Statistics

Example:

Clear the statistical binding of ACL name 1, sequence number 1
GWN7806(config)# no acl-counter- clear 1 sequence 1

all stat bindings for ACL name 2
GWN7811 (config)# no acl-counter- clear 2 sequence all

• View ACL Statistics

Command: show acl-counter [name] sequence <1-2147483647>

Mode: privileged EXEC mode

Parameter:

Parameter	Description
name	ACL name
<1-2147483647>	ACL rule ID

Description: View ACL Statistics

Example:

Check the statistics of ACL name 1 and sequence number 1
GWN7806# show acl-counter 1 sequence 1
acl counter status : enabled
hit count: 0 Bytes

ACL Mirror

• Configure ACL Mirror

Command: acl-mirror-set [name] sequence <1-2147483647> original groupId <1-4>

Mode: global configuration mode

Parameter:

Parameter	Description
name	ACL name
<1-2147483647>	ACL rule ID
<1-4>	ACL mirroring joins

Description: Configure ACL Mirror

Note : For the configuration of the related ACL mirroring observation port, you need to go to Mirroring Settings

Example:

Configure ACL name 1, sequence number 1 to join mirroring group 1
Switch (config)# acl- mirror -set 1 sequence 1 original groupId 1

• Cancel ACL Mirror

Command: no acl-mirror-set [name] sequence <1-2147483647>

Mode: global configuration mode

Parameter:

Parameter	Description
name	ACL name
<1-2147483647>	ACL rule ID

Description: Cancel ACL Mirror

Example:

Cancel the mirroring of ACL name 1, sequence number 1
Switch (config)# no acl-mirror-set 1 sequence 1

• View ACL Mirror

Command: show acl-mirror-set [name] sequence <1-2147483647>

Mode: privileged EXEC mode

Parameter:

Parameter	Description
name	ACL name
<1-2147483647>	ACL rule ID

Description: Configure ACL Mirror

Example:

View the image of ACL name 1, sequence number 1
Switch # show acl-mirror-set 1 sequence 1
acl mirror status : enabled
gid: group0
mirror type: original

ACL Priority Remapping

• Configuring ACL Priority Remapping

Command: acl-remap-set [name] sequence <1-2147483647> remap <0-7>

Mode: global configuration mode

Parameter:

Parameter	Description
name	ACL name
<1-2147483647>	ACL rule ID
<0-7>	ACL priority , the larger the value, the higher the priority

Description: Configuring ACL Priority Remapping

Example:

Configure ACL name 1, the priority of sequence number 1 is 7
Switch (config)# acl-remap-set 1 sequence 1 remap 7

• Cancel ACL Priority Remapping

Command: no acl-remap-set [name] sequence (<1-2147483647>|all)

Mode: global configuration mode

Parameter:

Parameter	Description
name	ACL name
<1-2147483647>|all	ACL rule ID , you can cancel the priority setting of a single rule , or cancel the priority setting of all rules

Description: Cancel ACL Priority Remapping

Example:

Cancel ACL name 1, the priority of sequence number 1 is configuration
Switch (config)# no acl-remap-set 1 sequence 1

• View ACL Priority Remapping

Command: show acl-remap-set [name] sequence <1-2147483647>

Mode: privileged EXEC mode

Parameter:

Parameter	Description
name	ACL name
<1-2147483647>	ACL rule ID

Description: View ACL Priority Remapping

Example:

priority configuration of ACL name 1 and sequence number 1
Switch # show acl-remap-set 1 sequence 1
acl remap status : enabled
remap priority: 1

IP Source Guard

Check – IP source guard

Command:

1. show ip source binding
2. show ip source interfaces Ethernet [1-x]

Mode: privileged EXEC mode

Parameter:

Parameter	Description
[1-x]	Port ID

Description:

1. show ip source binding : View ip-mac-port-vlan binding list
2. show ip source interfaces Ethernet [1-x]: View port configuration

Example:

Switch# show ip source binding
Switch# show ip source interfaces Ethernet 1/0/2

Global configuration – IP source guard

Command:

1. ip source binding [mac] vlan [x] [ip] [interface]
2. ip source binding vlan [x] [ip] [interface]

Mode: global configuration mode

Parameter:

Parameter	Description
[mac]	bound MAC address cannot be set to FFFF-FFFF-FFFF, multicast address and all-zero MAC address
vlan [x]	Binding VLAN ID, the range is 1-4094
[ip]	Binding IP address, supports IPv4 and IPv6
[interface]	Bonded switch ports, including electrical ports, optical ports, and aggregated ports

Description:

1. ip source binding [mac] vlan [x] [ip] [interface] : add static quad binding table
2. ip source binding vlan [x] [ip] [interface] : add static ternary binding table

Example:

Switch(config)# ip source binding aa:aa:aa:bb:ff:ff vlan 1 192.168.1.11 interface Ethernet 1/0/2

Port configuration – IP source guard

Command:

1. ip source verify
2. no ip source verify
3. ip source verify [mac-and-ip\ip]
4. ip source binding max-entry [ no-limit \x]

Mode: interface configuration mode

Parameter:

Parameter	Description
[mac-and-ip\ip]	port check mode
[ no-limit \x]	maximum number of binding entries for the port , the range is 0-50, 0 means unlimited

Description:

1. [no] ip source verify : enable /disable IP source verification
2. ip source verify [mac-and-ip\ip] : Set port verification mode
3. ip source binding max-entry [ no-limit \x] : Set the maximum number of binding ports

Example:

Switch(config-if)# ip source verify
Switch(config-if)# ip source verify mac-and-ip
Switch(config-if)# ip source binding max-entry 10

Attack defense

Check – attack defense

Command:

1. show dos
2. show dos interface IF_PORTS

Mode: privileged EXEC mode

Parameter:

Parameter	Description
IF_PORTS	Port ID

Description:

1. show dos : View DoS information
2. show dos interface IF_PORTS : View the DoS information of the specified interface

Example:

Switch # show dos
Switch# show dos interfaces Ethernet 1/0/2

Global configuration – attack defense

Command: Switch(config)# [no] dos [option name]

Mode: global configuration mode

Parameter:

Parameter

Description

[option name]

DoS related function options mainly include: daeqsa-deny : deny source mac address = destination mac address icmp-frag-pkts-deny : Deny fragmented ICMP packets icmp-ping-max-length : limit the maximum length of ICMP icmpv4-ping-max-check : Verify the maximum ping packet of IPV4 icmpv6-ping-max-check : Verify the maximum ping packet of IPV6 ipv6-min-frag-size-check : Verify the minimum fragmentation of an IPV6 data frame ipv6-min-frag-size-length : check the minimum length of IPV6 data frame fragmentation land-deny : Deny source IP=destination IP nullscan-deny : Deny NULL Scan attacks pod-deny : Deny death Ping attack smurf-deny : Deny Smurf attacks smurf-netmask : Configure the subnet mask for Smurf attacks syn-sportl1024-deny : Deny TCP-sport attacks synfin-deny : Deny TCP-FIN attacks synrst-deny : deny TCP-RST attack tcp-frag-off-min-check : Deny TCP minimum fragment carrying offset attack tcpblat-deny : Deny TCP packet source port = destination port attack tcphdr-min-check : Check the minimum header length of TCP packets tcphdr-min-length : configure the minimum header field length udpblat-deny : Deny UDP packet source port=destination port attack xma-deny : Deny Christmas tree TCP attacks

Description: Enable/disable the designated DoS function

Example:

Switch(config)# [no] dos daeqsa-deny

Port configuration – attack defense

Command: [no] dos

Mode: interface configuration mode

Parameter: none

Description: Enable/disable port DoS function

Example:

Switch(config-if)# dos
Switch(config-if)# no dos

Dynamic ARP Inspection (DAI)

Check – DAI

Command:

1. show ip arp inspection
2. show ip arp inspection interfaces Ethernet [1-x]

Mode: privileged EXEC mode

Parameter:

Parameter	Description
Ethernet [x]	Port ID

Description:

1. show ip arp inspection: View the global switch status of DAI
2. show ip arp inspection interfaces Ethernet [x]: View the DAI settings of the specified port

Example:

Switch# show ip arp inspection
Switch# show ip arp inspection interfaces Ethernet 1/0/2

Global configuration – DAI

Command:

1. [no] ip arp inspection
2. [no] ip arp inspection vlan [vlan-id]

Mode: global configuration mode

Parameter:

Parameter	Description
[vlan-id]	Port ID

Description:

1. [no] ip arp inspection: enable/disable the global DAI function
2. [no] ip arp inspection vlan [vlan-id]: enable/disable the DAI function of the specified VLAN

Example:

Enable the DAI function on VLAN 1
Switch(config)# ip arp inspection vlan 1

Port configuration – DAI

Command:

1. [no] ip arp inspection trust
2. [no] ip arp inspection validate [dst-mac\ip\src-mac]
3. ip arp inspection rate-limit rate

Mode: interface configuration mode

Parameter:

Parameter	Description
dst-mac	Check whether the destination MAC address of the data frame matches the destination MAC address in the ARP message
ip	Check whether the ARP packet contains illegal IP addresses, such as all 0s, all 1s, and multicast addresses, etc.
src-mac	Check whether the source MAC address of the data frame matches the sender MAC address in the ARP message
rate	Port check rate, an integer ranging from 0 to 50 ( unit : pps ) , 0 means no speed limit

Description:

1. ip arp inspection rate-limit rate : Configure port inspection rate
2. [no] ip arp inspection trust : enable/disable port trust mode
3. [no] ip arp inspection validate [dst-mac\ip\src-mac] : Set port verification mode

Example:

Enable the port trust mode, set the verification based on the destination MAC address, and set the detection rate to 50 pps
Switch(config-if)# ip arp inspection trust
Switch(config-if)# ip arp inspection validate dst-mac
Switch(config-if)# ip arp inspection rate-limit 50

RADIUS

Check – RADIUS

Command:

1. show radius
2. show radius default-config

Mode: privileged EXEC mode

Parameter: none

Description:

1. show radius: View server list
2. show radius default-config: View port configuration

Example:

Switch# show radius
Switch# show radius default-config

Global configuration – RADIUS

Command:

1. no radius [host]
2. radius host [ipv4\ipv6\domain] []
3. radius default-config [key\retransmit\timeout]

Mode: global configuration mode

Parameter:

Parameter	Description
[host]	RADIUS server host name
auth-port	UDP port used by RADIUS , an integer ranging from 1 to 65535 , and the default is 1818
key	RADIUS public key
priority	server priority
retransmit	Specify the number of retransmissions

Description:

1. no radius [host]: Delete items in the radius list, specify a single record or delete all
2. radius host [ipv4\ipv6\domain] []: add a radius server, and optionally specify a profile parameter
3. radius default-config [key\retransmit\timeout]: Configure the default profile configuration of the radius server

Example:

Switch(config)# radius host 192.168.1.3 auth-port 1812 key test retransmit 2 timeout 2 type login

TACACS+

Check – TACACS+

Command:

1. show tacacs
2. show tacacs default-config

Mode: privileged EXEC mode

Parameter: none

Description:

1. Show tacacs: View the list of TACACS+ servers
2. Show tacacs default-config: View TACACS+ default configuration

Example:

Switch # show tacacs
Prio | Timeout | IP Address | Port |
------+---------+-------------------+--------+---- ------

Switch# show tacacs default-config
Timeout | Key
--------+---------
       5 |

Global configuration – TACACS+

Command:

1. no tacacs [host]
2. tacacs host [ipv4\ipv6\domain] []
3. tacacs default-config [key\timeout]

Mode: global configuration mode

Parameter:

Parameter	Description
[host]	TACACS+server hostname
auth-port	UDP port used by TACACS+ , an integer ranging from 1 to 65535 , the default is 1818
key	TACACS+ public key
priority	server priority
retransmit	Specify the number of retransmissions

Description:

1. no tacacs [host]: Delete items in the TACACS+ list, specify a single record or delete all
2. tacacs host [ipv4\ipv6\domain] []: add TACACS+ server, and optionally specify profile parameters
3. tacacs default-config [key\timeout] : Configure TACACS+ server default profile configuration

Example:

Switch(config)# tacacs host 192.168.1.3 port 49 key test priority 2 timeout 2

AAA

Check – AAA

Command:

1. show aaa authentication login lists
2. show aaa authentication enable lists

Mode: privileged EXEC mode

Parameter:

Parameter	Description
login lists	View login authentication request sequence
enable lists	View enable’s authentication request sequence

Description: View the enable command and the list of configured authentication methods corresponding to the login operation

Example:

Switch# show aaa authentication login lists
Switch# show aaa authentication enable lists

Global configuration – AAA

Command: [no] aaa authentication [enable\login] [name] [enable\local\none\radius\tacacs]

Mode: global configuration mode

Parameter:

Parameter	Description
[enable\login]	Specify the configuration authentication method to the enable command or the login process
[name]	Specifies the sequence name of the configuration operation
[enable\local\none\radius\tacacs]	Specify the authentication sequence, up to four items

Description: AAA sets different authentication method sequences for enable and login respectively, and can be configured to ssh\telnet\console\http\https

Example:

Add an authentication method named tacacs_1 for the login process, and the order is tacacs, radius, none
Switch(config)# aaa authentication login tacacs_1 tacacs+ radius none

802.1X

Check – 802.1X

Command: show authentication sessions

Mode: privileged EXEC mode

Parameter: none

Description: View the current 802.1x authentication session status

Example:

Switch # show authentication sessions 

Global configuration – 802.1X

Command:

1. [no] dot1x
2. dot1x guest-vlan x

Mode: global configuration mode

Parameter:

Parameter	Description
guest-vlan x	Guest VLAN ID

Description: Enable/disable the global 802.1X function
opening , specify the Guest VLAN

Example:

Switch(config)# dot1x
Switch(config)# dot1x guest-vlan 4

Port configuration – 802.1X

Command: authentication [parameter] [sub-parameter]

Mode: interface configuration mode

Parameter:

Parameter	Description
dot1x	Enable 802.1x on the port
guest-vlan	Enable guest-vlan for port
host-mode	Configure the user authentication mode for a port
multi-auth	Based on mac authentication mode, each mac address needs to be authenticated separately
multi-host	Based on the port authentication mode, any host under the port is successfully authenticated without re-authentication
single-host	Single-user authentication mode, allowing only one successfully authenticated host
mac	Configure mac-based authentication mode for ports
max-hosts	Configure the maximum number of hosts allowed for the port, only multi-auth is valid
method	Configure the authentication method for the port, only MAC-Based/Web-Based is valid
order	Configure the order of authentication modes for ports, including mac, web, dot1x
port-control	Configure the authentication control mode for a port
auto	choose automatic
force-auth	Port automatic authentication passed
force-unauth	port force denial of authentication
radius-attributes	Configure whether to obtain radius server information
reauth	Whether to enable re-authentication for port configuration
timer	Configure various timers
inactive	Offline timer when there is no active message
quiet	Re-authentication interval timer after authentication failure
reauth	Authentication success follow-up interval timer
Web	Configure web authentication related information
max-login-attempts	Login Max Attempts

Description: For the 802.1x module, the parameter configuration of each port

Example:

Configure the user authentication mode as mac authentication
Switch(config-if)# authentication host-mode multi-auth

Configure port control mode
Switch(config-if)# authentication port-control force-auth

Configure the inactivity timer
Switch(config-if)# authentication timer inactive 60

DHCP Snooping

DHCP snooping global configuration

• Enable/disable DHCP Snooping

Command:

1. ip dhcp snooping
2. no ip dhcp snooping

Mode: global configuration mode

Parameter: none

Description: Enable/disable DHCP Snooping function

Example:

Switch(config)# ip dhcp snooping

• Select VLAN

Command: ip dhcp snooping vlan VLAN-LIST

Mode: global configuration mode

Parameter:

Parameter	Description
VLAN-LIST	VLAN, the value range is 1-4094 , it can be a single VLAN or multiple VLANs

Description: Enable the DHCP snooping function on the specified VLAN

Example:

switch(config)# ip dhcp snooping vlan 1-100

• View DHCP Snooping

Command: show ip dhcp snooping

Mode: privileged EXEC mode

Parameter: none

Description: View DHCP snooping settings

Example:

switch # show ip dhcp snooping

DHCP Snooping: disabled
Enable on following Vlans : None
circuit-id default format: vlan-port
remote-id: : c0:74:ad:b9:3b:44 (Switch Mac in Byte Order)

Port configuration – DHCP Snooping

• Port trust mode

Command:

1. ip dhcp snooping trust
2. no ip dhcp snooping trust

Mode: interface configuration mode

Parameter: none

Description: Configure the trust mode of the port , the default is not trusted

Example:

Switch # configure
Switch(config)# interface Ethernet 1/0/1
Switch(config-if)# ip dhcp snooping trust

• Chaddr check

Command: ip dhcp snooping verify mac-address

Mode: interface configuration mode

Parameter: none

Description: Set to check whether the source MAC address of the reported DHCP message frame header is the same as the Chaddr field, which is disabled by default

Example:

switch(config)# interface Ethernet 1/0/1
switch(config-if)# ip dhcp snooping verify mac-address

• Port speed limit

Command:

1. ip dhcp snooping rate-limit <1-300>
2. no ip dhcp snooping rate-limit

Mode: interface configuration mode

Parameter:

Parameter	Description
<1-300>	Limit rate, an integer ranging from 1 to 300

Description: Set the rate at which the port processes DHCP packets (pps) , the default is unlimited

Example:

switch(config)# interface Ethernet 1/0/1
switch(config-if)# ip dhcp snooping rate-limit 30

• View port configuration

Command: show ip dhcp snooping interfaces IF_PORTS

Mode: privileged EXEC mode

Parameter:

Parameter	Description
IF_PORTS	Designated interfaces , including Ethernet interfaces, optical interfaces, and aggregation interfaces

Description: Check the DHCP snooping settings of the port

Example:

switch# show ip dhcp snooping interface Ethernet 1/0/1

Interfaces | Trust State | Rate (pps) | hwaddr Check | Insert Option82 |
-----------+-------------+------------+----------- ---+------------------+
eth1/0/1 | Untrusted | None | disabled | disabled |

• View DHCP snooping data

Command: show ip dhcp snooping interfaces IF_PORTS statistics

Mode: interface configuration mode

Parameter:

Parameter	Description
IF_PORTS	Switch interfaces , including electrical ports, optical ports, and aggregation interfaces

Description: View the DHCP snooping data of a specified interface

Example:

switch# show ip dhcp snooping interfaces Ethernet 1/0/1 statistics

switch# show ip dhcp snooping interfaces Ethernet 1/0/1 statistics
Interfaces | Forwarded | Chaddr Check Dropped | Untrust Port Dropped|Untrust Port With Option82 Dropped | InvalidDrop
-----------+-----------+----------------------+--- ------------------+------------------------------- ----+-------
eth1/0/1 | 0 | 0 | 0 | 0 | 0

• Clear DHCP snooping data

Command: clear ip dhcp snooping interfaces IF_PORTS statistics

Mode: interface configuration mode

Parameter:

Parameter	Description
IF_PORTS	Switch interfaces , including electrical ports, optical ports, and aggregation interfaces

Description: Clear the DHCP snooping data of the specified interface

Example:

switch# clear ip dhcp snooping interfaces Ethernet 1/0/1 statistics

switch# show ip dhcp snooping interfaces Ethernet 1/0/1 statistics
Interfaces | Forwarded | Chaddr Check Dropped | Untrust Port Dropped|Untrust Port With Option82 Dropped | InvalidDrop
----- ------+-----------+----------------------+--- ------------------+------------------------------- ----+-------
eth1/0/1 | 0 | 0 | 0 | 0 | 0

Configure Option 82

• Enable/disable option 82

Command:

1. ip dhcp snooping option
2. no ip dhcp snooping option

Mode: interface configuration mode

Parameter: none

Description: Set to enable/disable the Option 82 function on the specified interface

Example:

Switch # configure
Switch(config)# interface Ethernet 1/0/1
Switch(config-if)# ip dhcp snooping option

• Option 82 mode

Command: ip dhcp snooping option action (drop|keep|replace)

Mode: interface configuration mode

Parameter:

Parameter	Description
drop	If the message contains Option 82, the message will be discarded directly
keep	If the message contains Option 82, keep Option 82 in the message unchanged and forward it
replace	If there is Option 82 in the message, replace the original Option 82 in the message and forward it

Description: Set the processing of the message when the received message contains Option 82 , support discard, retain and replace, and discard by default

Example:

switch(config)# interface Ethernet 1/0/1
switch(config-if)# ip dhcp snooping option action replace

• Add/delete circuit ID

Command:

1. ip dhcp snooping [vlan <1-4094>] option circuit-id STRING
2. no ip dhcp snooping [vlan <1-4094>] option circuit-id

Mode: interface configuration mode

Parameter:

Parameter	Description
vlan <1-4094>	VLAN , an integer ranging from 1 to 4094
STRING	Circuit ID value, up to 63 characters, “\?/, characters are not supported.

Description: the custom Circuit ID of the specified interface

Example:

switch(config)# interface Ethernet 1/0/1
switch(config-if)# ip dhcp snooping vlan 1 option circuit-id test

• Add/Remove Remote ID

Command:

1. ip dhcp snooping option remote-id STRING
2. no ip dhcp snooping option remote-id

Mode: global configuration mode

Parameter:

Parameter	Description
STRING	Remote ID value, up to 63 characters, “\?/, characters are not supported.

Description: Set the remote ID of the switch, the default is the MAC address of the switch

Example:

switch(config)# ip dhcp snooping option remote-id test_remote

• View Remote ID

Command: do show ip dhcp snooping option remote-id

Mode: global configuration mode

Parameter: none

Description: View the remote ID of the switch

Example:

switch(config)# do show ip dhcp snooping option remote-id
Remote ID: test_remote

Configure database

• Save to flash

Command: ip dhcp snooping database flash

Mode: global configuration mode

Parameter: none

Description: Save DHCP Snooping to flash

Example:

Switch(config)# ip dhcp snooping database flash

• Save to TFTP server

Command: ip dhcp snooping database tftp (A.B.C.D|HOSTNAME)NAME

Mode: global configuration mode

Parameter:

Parameter	Description
ABCD|HOSTNAME	IP address or hostname of the TFTP server
name	saved to the TFTP server

Description: Save DHCP Snooping to TFTP Server

Example:

Switch(config)# ip dhcp snooping database tftp 192.168.5.231 switch_backup

• The waiting time after configuring table entries to be updated

Command:

1. ip dhcp snooping database write-delay <15-86400>
2. no ip dhcp snooping database write-delay

Mode: global configuration mode

Parameter:

Parameter	Description
<15-86400>	The waiting time after the DHCP snooping table is updated , the value range is an integer from 15 to 86400 , and the default is 300 seconds

Description:

1. Set the waiting period after DHCP snooping entries are updated
2. no ip dhcp snooping databasewrite-delay: reset the waiting time to the default 300 seconds

Example:

switch(config)# ip dhcp snooping database write-delay 60

• Configure how long to retry write operations

Command:

1. ip dhcp snooping database timeout <0-86400>
2. no ip dhcp snooping database timeout

Mode: global configuration mode

Parameter:

Parameter	Description
<0-86400>	DHCP Snooping table fails, the duration of the re-attempted write operation. The value range is an integer from 0 to 86400, and the default is 300 seconds.

Description:

1. Set the duration of retrying the write operation after the failed attempt to write the DHCP snooping table
2. no ip dhcp snooping database timeout: reset the duration to the default 300 seconds

Example:

Switch(config)# ip dhcp snooping database timeout 600

• Viewing DHCP snooping entries

Command: show ip dhcp snooping database

Mode: privileged EXEC mode

Parameter: none

Description: Viewing DHCP Snooping Entries

Example:

switch# show ip dhcp snooping database

• Clear DHCP snooping entries

Command: clear ip dhcp snooping database statistics

Mode: privileged EXEC mode

Parameter: none

Description: Clearing DHCP Snooping Entries

Example:

switch# clear ip dhcp snooping database statistics

• Read DHCP snooping entries

Command: renew ip dhcp snooping database

Mode: privileged EXEC mode

Parameter: none

Description: Read DHCP Snooping entries from the saved database file

Example:

Switch# show ip dhcp snooping database

Type : None
FileName:
Write delay Timer : 300 seconds
Abort Timer : 300 seconds

Agent Running : None
Delay Timer Expiry : Not Running
Abort Timer Expiry : Not Running

Last Succeded Time : None
Last Failed Time : None
Last Failed Reason :

Total Attempts : 0
Successful Transfers : 0 Failed Transfers : 0
Successful Reads : 0 Failed Reads : 0
Successful Writes : 0 Failed Writes : 0


Switch# show ip dhcp snooping binding

Bind Table: Maximum Binding Entry Number 256
Port | VID | MAC Address | IP | Type |
-------+------+------------------+---------------- ------+------------+-----------
eth1/0/1|1|48:5B:39:C7:12:62|192.168.1.100(255.255.255.255)|DHCP Snooping|86400

• Display the binding entries learned by DHCP snooping

Command: show ip dhcp snooping binding

Mode: privileged EXEC mode

Parameter: none

Description: Display the binding entries learned by DHCP snooping

Example:

Switch# show ip dhcp snooping binding

Bind Table: Maximum Binding Entry Number 256
Port | VID | MAC Address | IP | Type |
-------+------+------------------+---------------- ------+------------+-----------
eth1/0/1|1|48:5B:39:C7:12:62|192.168.1.100(255.255.255.255)|DHCP Snooping|86400

MAINTENANCE

Upgrade

Configure the firmware upgrade method

Command: upgrade protocol [ http | https | tftp ]

Mode: global configuration mode

Parameter:

Parameter	Description
http	via http protocol
https	Upgrade via https protocol
tftp	Upgrade via tftp protocol

Description: Configure the firmware upgrade method, the default upgrade method is https.

Example:

Set the upgrade method to HTTP
Switch(config)# upgrade protocol http

Configure firmware server path

Command: upgrade server [ip v4 -addr|hostname|ip v6 -addr]

Mode: global configuration mode

Parameter:

Parameter	Description
ip v4 -addr	Specify the firmware server IPv4 address
hostname	Specify the firmware server host address
ip v6 -addr	Specify the firmware server IPv6 address

Description: Set the IP address or URL of the firmware (software) upgrade server, the default address is fm.grandstream.com/gs

Example:

Set the upgrade server address to fm.grandstream.com/gs
Switch(config)# upgrade server fm.grandstream.com/gs

Configure DHCP option upgrade

Command: upgrade dhcpoverride [disable | enable | enablefallback]

Mode: global configuration mode

Parameter:

Parameter	Description
disable	Disable DHCP Option Upgrade
enable	Enable DHCP Option upgrade
enable fallback	Set the upgrade method of DHCP Option to be used first, fall back when it fails, and use the local firmware server address to upgrade

Description: Set the DHCP Option upgrade method, the default is to enable DHCP Option upgrade.

Example:

Enable DHCP Option upgrade
Switch(config)# upgrade dhcpoverride enable

Configuration upgrade immediately

Command: upgrade [hostname]

Mode: privileged EXEC mode

Parameter:

Parameter	Description
hostname	(Optional) Specify the firmware server address

Description: firmware server address for immediate upgrade

Example:

Switch#upgrade
System: upgrade firmware. Do you want to upgrade now? (y/n)

Configuration appointment upgrade

Command:

1. schedule use id {id} provision
2. no schedule use provision

Mode: privileged EXEC mode

Parameter: none

Description:

1. schedule use id {id} provision : Refer to the time policy for appointment upgrade.
2. no schedule use provision : Close appointment upgrade.

Example:

Enable appointment escalation ( reference strategy 1 )
Switch # config
Switch(config)# schedule use id 1 provision

Close Appointment Upgrade
Switch)config)# no schedule use provision

View upgrade configuration

Command: show upgrade

Mode: privileged EXEC mode

Parameter: none

Description: View upgrade configuration

Example:

switch # show upgrade

Diagnosis

Log

• Configure global log on/off

Command:

1. [no] logging [buffered | console | file]
2. show logging

Mode: global configuration mode

Parameter:

Parameter	Description
buffered	buffer logging
console	Serial port print record
file	file logging

Description:

1. [no] logging [buffered | console | file]: enable /disable the global log function
2. By default, the global log function is enabled

Example:

Switch > enable
Switch# configure
Switch (config) # logging
Switch (config) # no logging 
Switch# show logging

• Clear log

Command: clear logging [ buffered | file]

Mode: privileged EXEC mode

Parameter:

Parameter	Description
buffered	buffer logging
file	file logging

Description: Clear log messages in RAM and FLASH

Example:

Switch > enable 
Switch# clear logging buffered
Switch# clear logging file

• Configure logging level

Command: logging [buffered | console | file] [severity sev]

Mode: global configuration mode

Parameter:

Parameter	Description
buffered	buffer logging
console	Serial port print record
file	file logging
severity sev	Specify the log level, the value range is 0-7

Description: Configure the switch to record different levels of log information, including the following eight different levels of information:

• 0 : Emergency
• 1 : Alert
• 2 : Critical
• 3 : Error
• 4 : Warning
• 5 : Notice
• 6 : Information
• 7 : Debug

Example:

Switch(config)# logging buffered severity 7 
Switch(config)# logging file severity 7

• Configure remote server

Command:

1. logging host [ip-addr | hostname] [ facility facility] [ port port] [severity sev]
2. no logging host [ip-addr | hostname]

Mode: global configuration mode

Parameter:

Parameter	Description
ip-addr	Specifies the log server IPv4 address
hostname	Specifies the URL of the log server
facility	Specify the recording tool of the log server, there are 8 local 0-7 , the default is Local 7
port	Specify the port number of the log server, the value range is an integer from 1 to 65535 , and the default is 514
severity sev	Specify the minimum log level, a total of eight levels from 0 to 7 , respectively: • 0 : Emergency • 1 : Alert • 2 : Critical • 3 : Error • 4 : Warning • 5 : Notice • 6 : Information • 7 : Debug

Description: Add remote log server.

Example:

Add the log server address as 1.2.3.4
Switch(config)# logging host 1.2.3.4

• View log configuration information

Command: show logging [buffered | file]

Mode: privileged EXEC mode

Parameter:

Parameter	Description
buffered	buffer logging
file	file logging

Description: View log configuration information

Example:

Switch# show logging

Mirror image

Command:

1. mirror Session Session-ID source interface  {Ethernet|LAG} interfaced-id {both|rx|tx}
2. mirror Session Session-ID destination interface Ethernet interfaced-id  allow-ingress
3. show mirror/show mirror session Session-ID

Mode: global configuration mode

Parameter:

Parameter	Description
Session-ID	Mirroring group, value range <1-4>
source	source port, mirrored port
{Ethernet|LAG} interfaced-id	Switch port numbers, including Ethernet ports and aggregated interfaces
destination	Destination port, monitored port
both	Monitor data in and out of the source port
rx	Monitor the data in the inbound direction of the source port
tx	Monitor the outbound data of the source port
allow-ingress	Allow receiving data from the destination port (monitoring port)

Description:

• Use the no mirror session configuration command to turn off Mirror

• Use the no mirror session source configuration command to delete the Mirror source port

• Use the no mirror session destination configuration command to delete the Mirror destination port

Note: When configuring the destination port of the mirror, there is a parameter of allow-ingress. After this configuration, the port can receive the message of the connected device. In other words, after this configuration, the device connected to this port can communicate normally.

Example:

enter global mode
Switch # configure

Configure mirror source port
Switch(config)# mirror session 1 source interfaces Ethernet 1 /0/ 2 both

Configure mirror destination port
Switch(config)# mirror session 1 destination interface Ethernet 1/0/4 allow-ingress
Switch(config)# exit

View mirror entries
Switch # show mirror

delete mirror
Switch(config)# no mirror session 1

remove all mirrors
Switch(config)# no mirror session all

Delete mirror source port
Switch(config)# no mirror session 1 source interfaces Ethernet 1/0/2 both

delete mirror destination port
Switch(config)# no mirror session 1 destination interface Ethernet 1/0/4

Cable detection

Command: show cable-diag interfaces Ethernet interfaced-id

Mode: privileged EXEC mode

Parameter:

Parameter	Description
interfaced-id	port number, such as 1/0/1

Description: View cable tests for ports.

Example:

the cable detection result of port 1/0/1
Switch# show cable-diag interfaces Ethernet 1/0/1
Port | Speed | Local pair | Pair length |
--------+-------+------------+-------------+----- ----------
eth1/0/1 | auto | Pair A | 0.98 |
Pair B | 0.97 | Open
Pair C | 1.05 | Open
Pair D | 0.98 | Open

Backup and Restore

Backup and upload files

Command:

1. copy [flash:// | tftp://] [flash:// | tftp://]
2. copy tftp:// [backup-config | running-config |startup-config]
3. copy [backup-config | running-config | startup-config]
4. tftp://
5. copy [backup-config | startup-config] running-config
6. copy [backup-config | running-config] startup-config
7. copy [running-config | startup-config] backup-config

Mode: privileged EXEC mode

Parameter:

Parameter	Description
flash://	Specifies the file stored in flash
tftp://	Specify the file path under the remote tftp server, such as ” tftp://192.168.1.111/remote_file_name”
backup-config	backup configuration
running-config	run configuration
startup-config	launch configuration

Description: Backup or upload configuration files.

Example:

Switch# copy flash://dsa2 tftp://192.168.1.111/dsa2
Uploading file. Please Wait...
Uploading Done

Delete files

Command: delete [startrup-config | backup-config | flash://]

Mode: privileged EXEC mode

Parameter:

Parameter	Description
flash://	Specifies the file stored in flash
startrup-config	launch configuration
backup-config	backup configuration

Description: Delete configuration files or files stored in flash.

Example:

delete backup configuration file
Switch# delete backup-config

Restore factory

Command: restore-defaults [ interfaces IF_PORTS ]

Mode: privileged EXEC mode

Parameter:

Parameter	Description
Interfaces IF_PORTS	Specify the port to perform the factory reset operation

Description: Restores factory defaults for all systems. This command is equivalent to delete startup-config

Example:

Switch#restore-defaults
Restore Default Success. Do you want to reboot now? (y/n)n

Save configuration

Command: save

Mode: privileged EXEC mode

Parameter: none

Description: Save the running configuration to the startup configuration file.

Example:

Switch # save
Success

SNMP

View SNMP configuration

Command: show snmp

Mode: privileged EXEC mode

Parameter: none

Description: View the status of Simple Network Management Protocol (SNMP)

Example:

Switch # show snmp
SNMP is enabled.

View SNMP community configuration

Command: show snmp community

Mode: privileged EXEC mode

Parameter: none

Description: View SNMP community configuration

Example:

Switch# show snmp community

Commnunity Name Group Name View Access
--------------- -- ---------------- --------- -------- ---
public                   all ro

Total Entries: 1

View SNMP engine ID configuration

Command: show snmp engineid

Mode: privileged EXEC mode

Parameter: none

Description:View the SNMPv3 engine ID defined on the switch

Example:

Switch# show snmp engineid
Local SNMPV3 Engine id: 80006a9203c074ad2202b1

IP address     Remote SNMP engineID
------ ------ --- ----------------------------------- -

Total Entries: 0 

View SNMP group configuration

Command: show snmp group

Mode: privileged EXEC mode

Parameter: none

Description: Check the configuration of the SNMP group

Example:

Switch# show snmp group
Group Name Model Level ReadView WriteView NotifyView
---------- ------ ------ -------- ---------- ---------- -

Total Entries: 0

View SNMP notification configuration

Command: show snmp host

Mode: privileged EXEC mode

Parameter: none

Description: View the configuration of SNMP notification

Example:

Switch# show snmp host
Server  Community/User Name  Notification Version Notification Type  UDP Port  Retries Timeout
-------- - ----------------------- ---------------------- ------------------- ------------ ----------- --------- - -
192.168.6.162 public   v1 trap        162  -- --

Total Entries: 1

View SNMP trap configuration

Command: show snmp trap

Mode: privileged EXEC mode

Parameter: none

Description: View SNMP trap configuration

Example:

Switch# show snmp trap
SNMP auth failed trap : Enable
SNMP linkUpDown trap : Enable
SNMP cold-start trap : Enable
SNMP warm-start trap : Enable

View SNMP view configuration

Command: show snmp view

Mode: privileged EXEC mode

Parameter: none

Description: Check the configuration of the SNMP view

Example:

Switch# show snmp view
View Name Subtree OIDs OID Mask     View Type
---------- -- ---------------- - - ------------ -------- - --
all        .1 all included

Total Entries: 1

View SNMP user configuration

Command: show snmp user

Mode: privileged EXEC mode

Parameter: none

Description: View SNMP user configuration

Example:

Switch# show snmp user
Username: v3
Password: ***********
Privilege Mode: rw
Access GroupName: v3
Authentication Protocol: md5
Encryption Protocol: none
Access SecLevel: auth

Total Entries: 1

Configure SNMP

Command:

1. snmp
2. no snmp

Mode: global configuration mode

Parameter: none

Description: To enable SNMP on the switch, use the SNMP command in global configuration mode. Use the no form of the command to disable SNMP.

Example:

Enable SNMP function
Switch(config)# snmp

Configure SNMP community

Command:

1. snmp community community-name [ view view-name] ( ro|rw )
2. snmp community community-name group group-name
3. no snmp community community-name

Mode: global configuration mode

Parameter:

Parameter	Description
community-name	Group name, up to 32 characters, “\?/, characters are not supported.
view view-name	referenced view name
ro	set to read-only
rw	set to read-write
group group-name	referenced group name

Description: Define SNMP communities that allow access to SNMP v1 and v2

Example:

community named private that references all view and is read-only
Switch(config)# snmp community private ro

Configure SNMP engine ID

Command: snmp engineid [ default |ENGINEID]

Mode: global configuration mode

Parameter:

Parameter	Description
default	Default local engine ID
ENGINEID	Set the local engine ID, in hexadecimal form of 2-56 characters, and the number of digits must be an integer

Description: Define SNMP local engine

Example:

Switch(config)# snmp engineid 00036D001122

Configure SNMP remote engine ID

Command:

1. snmp engineid remote [ip-addr|ipv6-addr] ENGINEID
2. no snmp engineid remote [ip-addr|ipv6-addr]

Mode: global configuration mode

Parameter:

Parameter	Description
ENGINEID	Remote engine ID, 10-64 characters in hexadecimal form, and the number of digits must be even
ip-addr	Server IPv4 address
Ipv6-addr	Server IPv6 address

Description:

1. snmp engineid remote [ ip-addr|ipv6-addr ] ENGINEID : Define the remote host of the SNMP engine
2. no snmp engineid remote [ip-addr|ipv6-addr] : Remove remote host from SNMP engine.

Example:

Switch(config)# snmp engineid remote 192.168.1.11 00036D10000A

Configure SNMP group

Command:

1. snmp group group-name (1|2c|3) (noauth|auth|priv) read-view read-view write-view write-view [ notify-view notify-view ]
2. no snmp group group-name security-mode version (1|2c|3)

Mode: global configuration mode

Parameter:

Parameter	Description
group-name	Group name, up to 32 characters, “\?/, characters are not supported.
(1|2c|3)	SNMP version
noauth	no authentication no encryption
auth	Authentication only without encryption
private	Both authentication and encryption
read-view read-view	read-only view name
write-view write-view	Read and write view names
notify-view notify-view	notification view name

Description:

1. snmp group group-name (1|2c|3) ( noauth|auth|priv ) read-view read-view write-view write-view [ notify-view notify-view ] : define SNMP group
2. no snmp group group-name security-mode version (1|2c|3) : delete the configuration

Example:

Switch(config)# snmp group v3 version 3 auth read-view all write-view all notify-view all

Configure SNMP notification

Command:

1. snmp host (ip-addr|ipv6-addr|hostmane) [ traps|informs ] [ version (1|2c) ] community-name [ udp-port udp-port] [ timeout timeout] [ retries retries]
2. snmp host (ip-addr|ipv6-addr|hostmane) [ traps|informs ] version 3 [ (auth|noauth|priv) ] community-name [ udp-port udp-port] [ timeout timeout] [ retries retries]
3. no snmp host (ip-addr|ipv6-addr|hostmane) [ traps|informs ] [ version (1|2c|3) ]

Mode: global configuration mode

Parameter:

Parameter	Description
ip-addr	Server IPv4 address
ipv6-addr	Server IPv6 address
hostmane	server hostname
traps	notification type is traps
informs	notification type is informs
version (1|2c|3)	Notified SNMP version
noauth	no authentication no encryption
auth	Authentication only without encryption
private	Both authentication and encryption
community-name	The community name under which notifications are sent
udp-port	UDP port number
timeout timeout	v 2 c notification timeout , the value range is an integer from 1 to 300 , the default is 15 seconds
retries retries	The maximum number of retransmissions for v 2 c notifications , an integer ranging from 1 to 255 , defaulting to 3 times

Description:

1. The snmp host command defines SNMP notifications
2. no snmp host delete notification configuration

Example:

Switch(config)# snmp host 192.168.1.11 private

Configure SNMP traps

Command:

1. snmp trap (auth|cold-start|linkUpDown|warm-start)
2. no snmp trap (auth|cold-start|linkUpDown|warm-start)

Mode: global configuration mode

Parameter:

Parameter	Description
auth	Set authentication failure trap
cold-start	Set cold start trap
linkUpDown	Set port up/down trap
warm-start	Set hot start trap

Description:

1. snmp trap command defines SNMP trap
2. no snmp trap delete trap configuration

Example:

Switch(config)# no snmp trap linkUpDown
Switch(config)# snmp trap linkUpDown

Configure SNMP user

Command:

1. snmp user username group-name [ auth (md5|sha) AUTHPASSWD]
2. snmp user username group-name auth (md5|sha) AUTHPASSWD priv PRIVPASSWD
3. no snmp user username

Mode: global configuration mode

Parameter:

Parameter	Description
username	SNMP username, up to 32 characters, “\?/, characters are not supported.
group-name	referenced v3 group name
auth md5	MD5 authentication method
auth sha	SHA authentication method
AUTHPASSWD	authentication password
priv PRIVPASSWD	encrypted password

Description:

1. snmp user command defines an SNMP user
2. no snmp user command deletes user configuration

Example:

Switch(config)# snmp user v3 v3 auth md5 12345678

Configure SNMP view

Command:

1. snmp view view-name subtree oid-tree oid-mask (all|oid-mask) viewtype (included|excluded)
2. no snmp view view-name subtree (all|oid-tree)

Mode: global configuration mode

Parameter:

Parameter	Description
view-name	view name, up to 32 characters, “\?/, characters are not supported.
subtree oid-tree	view subtree
oid-mask (all|oid-mask)	subtree mask
viewtype ( included|excluded )	Include or exclude selected MIBs from the view

Description: Use the command SNMP view to define the SNMP view; use the no command to delete the configuration

Example:

Switch(config)# snmp view private subtree 1.3.3.1 oid-mask all viewtype included

RMON

Configure RMON events

Command:

1. rmon event <1-65535> [log] [trap COMMUNITY] [description DESCRIPTION] [owner NAME]
2. no rmon event <1-65535>

Mode: global configuration mode

Parameter:

Parameter	Description
<1-65535>	event ID
log	The event type is log
trap COMMUNITY	The event type is trap
description DESCRIPTION	Event description, up to 32 characters, “\?/, characters are not supported.
owner NAME	The owner of the event, up to 32 characters, “\?/, characters are not supported.

Description:

1. rmon event command adds or modifies rmon evnet entries
2. no rmon event command to delete events can be viewed through the show rmon event command

Example:

switch(config)# rmon event 1 log trap public description test owner admin
switch(config)# show rmon event 1
Rmon Event Index 1
Rmon Event Type : Log and Trap
Rmon Event Community :
public Rmon Event Description : test
Rmon Event Last Sent :
Rmon Event Owner : admin

Configuring RMON alarm

Command:

1. rmon alarm <1-65535> interface IF_PORT (drop-events|octets|pkts|broadcast-pkts|multicast-pkts|crc-align-errors|undersize-pkts|oversize-pkts|fragments|jabbers|collisions |pkts64octets|pkts65to127octets| pkts128to255octets|pkts256to511octets|pkts512to1023octets |pkts1024to1518octets) <1-2147483647> (absolute|delta) rising <0-2147483647> <0-65535> falling <0-2147483647> <0-65535> startup (rising|rising-falling|falling) [owner NAME]
2. no rmon alarm <1-65535>

Mode: global configuration mode

Parameter:

Parameter	Description
<1-65535>	event ID
IF_PORT	Specify the sampling port
<1-2147483647>	sampling interval
absolute|delta	Specify the sampling method, including absolute sampling and incremental sampling
<0-2147483647>	Specify thresholds to trigger rising or falling alarms
<0-65535>	Specify the event to be executed when the rising or falling alarm is triggered
rising|rising-falling|falling	Specifies the rising or falling mode of the start event
owner NAME	(Optional) Specifies the owner of the alarm. The maximum length is 32 characters, “\?/, characters are not supported.

Description:

1. The rmon alarm command adds or modifies rmon alarm entries. Before adding an alarm entry, at least one event entry must be added.
2. no rmon alarm command to delete.
3. The settings can be verified by the show rmon alarm command

Example:

switch(config)# rmon event 1 log
switch(config)# rmon event 2 log
Switch(config)# rmon alarm 1 interface eth1/0/1 pkts 300 delta rising 10000 1 falling 100 1 startup rising-falling owner admin
Rmon Alarm Index 1
Rmon Alarm Sample Interval 300
Rmon Alarm Sample Interface : eth1/0/1
Rmon Alarm Sample Variable : Pkts
Rmon Alarm Sample Type : delta
Rmon Alarm Type : Rising or Falling
Rmon Alarm Rising Threshold : 10000
Rmon Alarm Rising Event 1
Rmon Alarm Falling Threshold 100
Rmon Alarm Falling Event 1
Rmon Alarm Owner : admin

Configure RMON history

Command:

1. rmon history <1-65535> interface IF_PORT [buckets <1-65535>] [interval <1-3600>] [owner NAME]
2. no rmon history <1-65535>

Mode: global configuration mode

Parameter:

Parameter	Description
<1-65535>	history table ID
IF_PORT	Specify the sampling port
buckets <1-65535>	(Optional) Specify the maximum number of samples
interval <1-3600>	(Optional) specify the sampling interval
owner NAME	(Optional) Specifies the owner of the history table. The maximum length is 32 characters, “\?/, characters are not supported.

Description:

1. rmon history command adds or modifies rmon history entries.
2. no rmon history command to delete.
3. The settings can be verified with the show rmon history command.

Example:

switch(config)# rmon history 1 interface eth1/0/1 interval 60 owner admin
switch(config)# show rmon history 1
Rmon History Index 1
Rmon Collection Interface: eth1/0/1
Rmon History Bucket 50
Rmon history Interval 60
Rmon History Owner : admin

Clear RMON statistics

Command: clear rmon interfaces IF_PORTS statistics

Mode: privileged EXEC mode

Parameter:

Parameter	Description
IF_PORTS	Specifies the interface for clearing statistics

Description:

1. Clear the statistics recorded on the specified interface.
2. You can verify the result with the show rmon interface statistics command.

Example:

switch# clear rmon interfaces eth1/0/1 statistics
switch# show rmon interfaces eth1/0/1 statistics
==== Port eth1/0/1 ================================
etherStatsDropEvents 0
etherStatsOctets0
etherStatsPkts0
etherStatsBroadcastPkts0
etherStatsMulticastPkts0
etherStatsCRCAlignErrors 0
etherStatsUnderSizePkts0
etherStatsOverSizePkts0
etherStatsFragments 0
etherStatsJabbers0
etherStatsCollisions0
etherStatsPkts64Octets0
etherStatsPkts65to127Octets0
etherStatsPkts128to255Octets 0
etherStatsPkts256to511Octets 0
etherStatsPkts512to1023Octets 0
etherStatsPkts1024to1518Octets 0

View RMON statistics

Command: show rmon interfaces IF_PORT statistics

Mode: privileged EXEC mode

Parameter:

Parameter	Description
IF_PORT	specified port

Description: Use the show rmon interfaces statistics command to display interface statistics

Example:

switch# show rmon interfaces eth1/0/8 statistics
==== Port eth1/0/8 ================================
etherStatsDropEvents : 0
etherStatsOctets : 0
etherStatsPkts : 0
etherStatsBroadcastPkts : 0
etherStatsMulticastPkts : 0
etherStatsCRCAlignErrors : 0
etherStatsUnderSizePkts : 0
etherStatsOverSizePkts : 0
etherStatsFragments : 0
etherStatsJabbers : 0
etherStatsCollisions : 0
etherStatsPkts64Octets : 0
etherStatsPkts65to127Octets : 0
etherStatsPkts128to255Octets : 0
etherStatsPkts256to511Octets : 0
etherStatsPkts512to1023Octets : 0
etherStatsPkts1024to1518Octets : 0

View RMON events

Command: show rmon event (<1-65535> | all)

Mode: privileged EXEC mode

Parameter:

Parameter	Description
<1-65535>	event ID
all	all existing events

Description: Run the show rmon event command to display existing RMON event entries.

Example:

switch(config)# rmon event 1 log trap public description test owner admin
switch(config)# show rmon event 1
Rmon Event Index 1
Rmon Event Type : Log and Trap
Rmon Event Community : public
Rmon Event Description : test
Rmon Event Last Sent :
Rmon Event Owner : admin

View the logs of RMON events

Command: show rmon event <1-65535> log

Mode: privileged EXEC mode

Parameter:

Parameter	Description
<1-65535>	event log id

Description: Use the show rmon event command to display logs triggered by RMON alarms.

Example:

switch(config)# show rmon event 1 log
==================================================== =====
Index 1
Alarm Index 1
Action : Startup Falling
Time : (32918334) 3 days, 19:26:23.34
Description : fa1.Pkts=0 <= 100

View RMON alarms

Command: show rmon alarm (<1-65535> | all)

Mode: privileged EXEC mode

Parameter:

Parameter	Description
<1-65535>	Alarm ID
all	all existing warnings

Description: show rmon alarm command to display RMON alarm entries

Example:

Switch(config)# rmon alarm 1 interface eth1/0/1 pkts 300 delta rising 10000 1 falling 100 1 startup rising-falling owner admin

Rmon Alarm Index 1
Rmon Alarm Sample Interval 300
Rmon Alarm Sample Interface : eth1/0/1
Rmon Alarm Sample Variable : Pkts
Rmon Alarm Sample Type : delta
Rmon Alarm Type : Rising or Falling
Rmon Alarm Rising Threshold : 10000
Rmon Alarm Rising Event 1
Rmon Alarm Falling Threshold 100
Rmon Alarm Falling Event 1
Rmon Alarm Owner : admin

View RMON history group

Command: show rmon history (<1-65535> | all)

Mode: privileged EXEC mode

Parameter:

Parameter	Description
<1-65535>	history group id
all	all existing history groups

Description: Use show rmon history command to display the entries of the RMON history group

Example:

switch(config)# rmon history 1 interface eth1/0/1 interval 30 owner admin
switch(config)# show rmon history 1
Rmon History Index 1
Rmon Collection Interface: eth1/0/1
Rmon History Bucket 50
Rmon history Interval 30
Rmon History Owner : admin

View RMON history group statistics

Command: show rmon history <1-65535> statistic

Mode: privileged EXEC mode

Parameter:

Parameter	Description
<1-65535>	History group statistics table ID

Description: show rmon history command to display the statistical data of the RMON historical group

Example:

switch(config)# show rmon history 1 statistics
==================================================== =====
Sample Index 2
Interval Start : (32940466) 3 days, 19:30:04.66
DropEvents 0
Octets : 117226
Pkts 763
Broadcast Pkts 9
MulticastPkts 0
CRCAlignErrors 0
UnderSizePkts0
OverSizePkts0
Fragments 0
Jabbers 0
Collisions 0
Utilization 1
==================================================== =====
Sample Index 1
Interval Start : (32939462) 3 days, 19:29:54.62
DropEvents 0
Octets 220
Pkts 3
BroadcastPkts 1
MulticastPkts 0
CRCAlignErrors 0
UnderSizePkts0
OverSizePkts0
Fragments 0
Jabbers 0
Collisions 0
Utilization 0

LLDP

LLDP global configuration

• Enable/disable LLDP

Command:

1. lldp
2. no lldp

Mode: global configuration mode

Parameter: none

Description: Enable/disable LLDP

Example:

Enable the global LLDP function
Switch (config)# lldp

• TLV sending interval

Command: lldp tx-interval <5-32767>

Mode: global configuration mode

Parameter:

Parameter	Description
<5-32767>	sending LLDP packets , the value range is an integer from 5 to 32767 , and the default is 30 seconds

Description: Set TLV sending interval

Example:

Globally set the TLV interval to 30 seconds
Switch(config)# lldp tx-interval 30

• TTL multiplier

Command: lldp holdtime-multiplier <2-10>

Mode: global configuration mode

Parameter:

Parameter	Description
<2-10>	The value of the TTL field of LLDPDU time to live, the value range is an integer from 2 to 10 , and the default is 4

Description: Set TTL multiplier

Example:

Globally set the TTL multiplier to 2 seconds
Switch(config)# lldp holdtime-multiplier 2

• Port initialization delay time

Command: lldp reinit-delay <1-10>

Mode: global configuration mode

Parameter:

Parameter	Description
<1-10>	LLDP initialization, the value range is an integer from 1 to 10 , the default is 2 seconds

Description: Set port initialization delay time

Example:

Globally set the port initialization delay time to 10 seconds
Switch(config)# lldp reinit-delay 10

• LLDPDU sending delay time

Command: lldp tx-delay <1-8191>

Mode: global configuration mode

Parameter:

Parameter	Description
<1-8191>	Send LLDPDU sending delay time, the value range is an integer from 1 to 8191 , the default is 2 seconds

Description: Set LLDPDU sending delay time

Example:

Globally set the LLDPDU sending delay time to 30 seconds
Switch(config)# lldp tx-delay 30

• LLDP processing

Command: lldp lldpdu {bridging/filtering/flooding}

Mode: global configuration mode

Parameter:

Parameter	Description
bridging	Bridging , the LLDP packet received by the switch is directly forwarded to the port of the same VLAN domain except the ingress
filtering	Filtering , the LLDP packets received by the switch will not be forwarded to the downstream device, and will be discarded directly
flooding	Flooding , the LLDP packets received by the switch are directly forwarded to ports other than the ingress, regardless of VLAN

Description: When LLDP is disabled, set the processing of LLDP packets.

Example:

When lldp is disabled globally, set the flood operation when receiving lldp packets
Switch (config)# no lldp
switch(config)# lldp lldpdu flooding

• View LLDP configuration and port information

Command: show lldp

Mode: privileged EXEC mode

Parameter: none

Description: View global LLDP configuration and port information

Example:

View LLDP global information and port information
Switch # show lldp

State: Enabled
Timer: 30 Seconds
Hold multiplier: 4
Reinit delay: 2 Seconds
Tx delay: 2 Seconds
LLDP packet handling: Flooding

Port | State | Optional TLVs | Address
-------- + ------ + -------------- + --------
eth1/0/1 | RX,TX | |192.168.80.202
eth1/0/2 | RX,TX | |192.168.80.202
eth1/0/3 | RX,TX | |192.168.80.202
eth1/0/4 | RX,TX | |192.168.80.202
eth1/0/5 | RX,TX | |192.168.80.202
eth1/0/6 | RX,TX | |192.168.80.202
eth1/0/7 | RX,TX | |192.168.80.202
eth1/0/8 | RX,TX | |192.168.80.202
eth1/0/9 | RX,TX | |192.168.80.202
eth1/0/10 | RX,TX | |192.168.80.202

Port ID: eth1/0/1
802.3 optional TLVs:
802.1 optional TLVs
PVID: Enabled
--More--

LLDP port setting

• The working mode is to send

Command: LLDP tx

Mode: interface configuration mode

Parameter: none

Description: Set the working mode of the specified interface to send

Example:

Set the working mode on the port to send
Switch(config-if)# lldp tx

• The working mode is receiving

Command: LLDP rx

Mode: interface configuration mode

Parameter: none

Description: Set the working mode of the specified interface to receive

Example:

Set the working mode on the port to receive
Switch(config-if)# lldp rx

• The working mode is sending and receiving

Command:

1. LLDP tx
2. LLDP rx

Mode: interface configuration mode

Parameter: none

Description: Set the working mode of the specified interface to send and receive

Example:

Set the working mode on the port to send and receive
Switch(config-if)# lldp tx
Switch(config-if)# lldp rx

• Working mode is disabled

Command:

1. no lldp tx
2. no lldp rx

Mode: interface configuration mode

Parameter: none

Description: Set the working mode of the specified interface to disabled.

Example:

Set the working mode on the port to disabled
Switch(config-if)# no lldp tx
Switch(config-if)# no lldp rx

• TLV selection

Command:

1. lldp tlv-select TLV{port-desc/sys-name/sys-desc/sys-cap/mac-phy/lag/max-frame-size/management-addr}
2. lldp tlv-select pvid(disable|enable)
3. lldp tlv-select vlan-name (add|remove) VLAN-LIST

Mode: interface configuration mode

Parameter:

Parameter	Description
TLV{port- desc/sys- name/sys- desc/sys- cap/mac- phy/lag/max- frame-size/management-addr}	Select the specified TLV, including port description TLV, system name TLV , system description TLV, system function TLV, MAC / PHY TLV , link aggregation TLV, maximum frame size TLV, management address TLV
(disable|enable)	Enable/disable PVID TLV
(add|remove)	Add /delete VLAN in VLAN name TLV
VLAN-LIST	VLAN Name TLV Added /Deleted VLAN

Description: Set the TLV of the specified interface

Example:

TLVs on ports 1, 2, and 3 are port description TLV, system name TLV, PVID TLV, and VLAN name TLV with added VLAN name 1
Switch(config)# interface range eth1/0/1-eth1/0/3
Switch(config-if)# lldp tlv-select port-desc sys-name
Switch(config-if)# lldp tlv-select pvid enable
Switch(config-if)# lldp tlv-select vlan-name add 1

• View port LLDP configuration information

Command: show lldp interfaces Ethernet xx

Mode: privileged EXEC mode

Parameter:

Parameter	Description
Ethernet xx	Port ID

Description: View the LLDP configuration information of a specified port

Example:

Check port 1 information
Switch# show lldp interface Ethernet 1/0/1

State: Enabled
Timer: 30 Seconds
Hold multiplier: 4
Reinit delay: 2 Seconds
Tx delay: 2 Seconds
LLDP packet handling: Flooding

Port | State | Optional TLVs | Address
-------- + ------ + -------------- + --------
eth1/0/1 | RX,TX | |192.168.80.202

Port ID: eth1/0/1
802.3 optional TLVs:
802.1 optional TLVs
PVID: Enabled

LLDP MED global configuration

• Number of fast packets

Command: lldp med fast-start-repeat-count <1-10>

Mode: global configuration mode

Parameter:

Parameter	Description
<1-10>	of LLDPDU packets containing LLDP-MED, an integer ranging from 1 to 10 , the default is 3

Description: Set the number of fast packets

Example:

Set the number of fast packets to 10
Switch(config)# lldp med fast-start-repeat-count 10

• Add/remove network policies

Command:

1. lldp med network-policy <1-32> app(voice|voice-signaling|guest-voice|guest-voice-signaling|softphone-voice|video-conferencing|streaming-video|video-signaling) vlan <0-4095> vlan-type (tag|untag) priority <0-7> dscp <0-63>
2. no lldp med network-policy <1-32>

Mode: global configuration mode

Parameter:

Parameter	Description
<1-32 >	Network Policy ID
app(voice|voice-signaling|guest-voice|guest-voice-signaling|softphone-voice|video-conferencing|streaming-video|video-signaling)	Network policy application types, including Voice, Voice Signaling, Guest Voice, Guest Voice Signaling, Softphone Voice, Video Conferencing, Streaming Video, and Video Signaling
<0-4095>	Specify Voice VLAN ID
(tag|untag)	VLAN tag type
<0-7>	CoS priority
<0-63>	DSC P Priority

Description: Add/Remove Network Policies

Example:

Set a voice network policy, tag it with VLAN 10, set the Co S priority to 7, and set the DSCP priority to 56
Switch(config)# lldp med network-policy 1 app voice vlan 10 vlan-type tag priority 7 dscp 56

Delete the policy whose network policy ID is 1
Switch(config)# no lldp med network-policy 1

• Enable/disable automatic voice network policy

Command:

1. lldp med network-policy voice-auto
2. no lldp med network-policy voice-auto

Mode: global configuration mode

Parameter: none

Description: Enable/disable automatic voice network policy

Example:

Enable automatic voice network policy
Switch(config)# lldp med network-policy voice-auto

• View LLDP-MED configuration information

Command: show lldp med

Mode: privileged EXEC mode

Parameter: none

Description: View LLDP MED configuration information

Example:

View LLDP MED information
Switch #show lldp med

Fast Start Repeat Count: 3

Network policy 1
-------------------
Application type: Voice
VLAN ID: 222 tagged
Layer 2 priority: 0
DSCP: 0

Network policy 2
-------------------
Application type: Voice
VLAN ID: 2 tagged
Layer 2 priority: 0
DSCP: 0

Port | Capabilities | Network Policy | Location | Inventory | PoE PSE
------ + ------------ + -------------- + -------- + ------ --- + -------
eth1/0/1 | Yes | No | No | No | N/A
eth1/0/2 | Yes | No | No | No | N/A
eth1/0/3 | Yes | No | No | No | N/A
eth1/0/4 | Yes | No | No | No | N/A
eth1/0/5 | Yes | No | No | No | N/A
eth1/0/6 | Yes | No | No | No | N/A
eth1/0/7 | Yes | No | No | No | N/A
--More--

LLDP MED port setting

• Enable/disable LLDP-MED

Command:

1. no lldp med
2. lldp med

Mode: interface configuration mode

Parameter: none

Description: Enable/disable the LLDP-MED function of the specified interface

Example:

Enable the LLDP-MED function of port 1 and disable the lLDP-MED function of port 2
Switch(config)# interface Ethernet 1/0/1
Switch(config-if)# lldp med
Switch(config)# interface Ethernet 1/0/2
Switch(config-if)# no lldp med

• MED TLV selection

Command:

1. lldp med tlv-select MEDTLV{network-policy/location/inventory/poe-pse}
2. no lldp med tlv-select

Mode: interface configuration mode

Parameter:

Parameter	Description
MEDTLV{network-policy/location/inventory/poe-pse}	Select to specify MED TLV, including Network Policy TLV, Location TLV, Asset Inventory TLV and PoE-PSE TLV

Description: Select /delete the MED TLV of the specified interface

Example:

Specify the TLV sent by port 2 as location, inventory, and network policy information
Switch(config)# interface eth1/0/2
Switch(config-if)# lldp med tlv-select location inventory network-policy
Cancel the TLV sent by port 2
Switch(config-if)#no lldp med tlv-select

• Add/remove location information

Command:

1. lldp med location (coordination|civic-address|ecs-elin) ADDR
2. no lldp med location(coordination|civic-address|ecs-elin)

Mode: interface configuration mode

Parameter:

Parameter	Description
coordination	Position coordinates , 16 pairs of hexadecimal
civic-address	City address , 6-16 pairs of hexadecimal
ecs-elin	Emergency phone number , 10 -25 pairs of hexadecimal
ADDR	Specifies the location information data format

Description: Add/delete LLDP MED location information

Example:

the location information of port 1
Switch(config)# interface Ethernet 1/0/1
Switch(config-if)# lldp med location coordinate
112233445566778899AABBCCDDEEFF00
Switch(config-if)# lldp med location civic-address
112233445566
Switch(config-if)# lldp med location ecs-elin
112233445566778899AA

• Add/remove network policy information

Command: lldp med network-policy (add|remove) <1-32>

Mode: interface configuration mode

Parameter:

Parameter	Description
add	Add a binding between a network policy and an interface
remove	Delete the binding of a network policy to an interface
< 1-32 >	Specifies the network policy ID

Description: Add/remove network policy for specified interface

Example:

/ remove network policy with policy ID 1 to port binding
Switch(config-if)# lldp med network-policy add/remove 1

• View port LLDP-MED configuration information

Command: show lldp interfaces Ethernet xx med

Mode: privileged EXEC mode

Parameter:

Parameter	Description
Ethernet xx	Specify port ID

Description: View LLDP-MED configuration information on a specified port

Example:

View LLDP-MED configuration information on port 1
Switch# show lldp interfaces eth1/0/1 med
Port | Capabilities | Network Policy | Location |
Inventory
---- + ------------ + -------------- + -------- + ------
eth1/0/1 | Yes | Yes | Yes |
Yes
Port ID: eth1/0/1
Network policies: 1, 32
Location:
Coordinates: 112233445566778899AABBCCDDEEFF00
Civic-address: 112233445566
Ecs-elin: 112233445566778899AA

Information viewing and clearing

• View device local information

Command: show lldp local-device

Mode: privileged EXEC mode

Parameter: none

Description: View device local information

Example:

View device local information
Switch# show lldp local-device

LLDP Local Device Information:
Chassis Type : Mac Address
Chassis ID: C0:74:AD:B9:3B:44
System Name : Switch
System Description : GWN7801
System Capabilities Support : Bridge, Router
System Capabilities Enable : Bridge, Router
Management Address : 192.168.80.202(IPv4)
Management Address : fe80::c274:adff:feb9:3b44(IPv6)

• View port local information

Command: show lldp interfaces Ethernet xx local-device

Mode: privileged EXEC mode

Parameter:

Parameter	Description
Ethernet xx	Specify port ID

Description: View the local information of the specified port

Example:

Check the local information of port 1
Switch121212(config)# show lldp interfaces eth1/0/1 local-device

Device ID: 00:12:12:12:12:12
Port ID: eth1/0/1
System Name: Switch121212
Capabilities: Bridge
System description:
Port description:
Management address: 192.168.1.254
Time To Live: 120
802.3 MAC/PHY Configur/Status
Auto-negotiation support: Supported
Auto-negotiation status: Enabled
Auto-negotiation Advertised Capabilities: 10BASE-T half
duplex, 10BASE-T full duplex, 100BASE-TX half duplex,
100BASE-TX full duplex
Operational MAU type: Other or unknown
802.3 Link Aggregation
Aggregation capability: Capable of being aggregated
Aggregation status: Not currently in aggregation
Aggregation port ID: 0
802.3 Maximum Frame Size: 1522
802.1 PVID: 1
LLDP-MED capabilities: Capabilities, Network Policy, Location,
Extended PSE, Inventory
LLDP-MED Device type: Network Connectivity
LLDP-MED Network policy
Application type: Voice Signaling
Flags: Unknown Policy
VLAN ID: 2
Layer 2 priority: 3
DSCP: 4
LLDP-MED Network policy
Application type: Conferencing
Flags: Unknown Policy
VLAN ID: 5
Layer 2 priority: 1
DSCP: 63
Hardware revision: 1123
Firmware revision: 2.5.0-beta.32801
Software revision: 2.5.0-beta.32801
Serial number: abc
Manufacturer Name:
Model name: RTL8328-24FE-4GE
Asset ID:
LLDP-MED Location
Coordinates: 11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00
Civic-address: 11:22:33:44:55:66
Ecs-elin: 11:22:33:44:55:66:77:88:99:AA

• View neighbor information

Command:

1. show lldp neighbor
2. show lldp interfaces Ethernet xx neighbor

Mode: privileged EXEC mode

Parameter:

Parameter	Description
Ethernet xx	Specify port ID

Description:

1. View Device Neighborhood Information
2. View the neighbor information of a specified port

Example:

View Device Neighborhood Information
Switch# show lldp neighbor
Port | Device ID | Port ID | SysName
| Capabilities | TTL
---- + ----------------- + ---------------- + ---------- -----
-- + -------------- + -----
eth1/0/3 | 00:12:12:12:12:12 | eth1/0/1 |
Switch121212 | Bridge | 111
eth1/0/1 | TREEBASE |00:1A:4D:26:EB:E8 |
TREEBASE | Station Only | 33

Check the neighbor information of port 3
Switch# show lldp interface Ethernet 1/0/3 neighbor

Device ID: 00:12:12:12:12:12
Port ID: eth1/0/1
System Name: Switch121212
Capabilities: Bridge
System description:
Port description:
Management address: 192.168.1.254
Time To Live: 98
802.3 MAC/PHY Configur/Status
Auto-negotiation support: Supported
Auto-negotiation status: Enabled
Auto-negotiation Advertised Capabilities: 10BASE-T half
duplex, 10BASE-T full duplex, 100BASE-TX half duplex,
100BASE-TX full duplex
Operational MAU type: 100BASE-TX full duplex mode
802.3 Link Aggregation
Aggregation capability: Capable of being aggregated
Aggregation status: Not currently in aggregation
Aggregation port ID: 0
802.3 Maximum Frame Size: 1522
802.1 PVID: 1
LLDP-MED capabilities: Capabilities, Network Policy, Location,
Extended PSE, Inventory
LLDP-MED Device type: Network Connectivity
LLDP-MED Network policy
Application type: Voice Signaling
Flags: Unknown Policy
VLAN ID: 2
Layer 2 priority: 3
DSCP: 4
LLDP-MED Network policy
Application type: Conferencing
Flags: Unknown Policy
VLAN ID: 5
Layer 2 priority: 1
DSCP: 63
LLDP-MED Power over Ethernet
Device Type: Power Sourcing Entity
Power Source: Primary Power Source
Power priority: Low
Power value: 13.0 Watts
Hardware revision: 1123
Firmware revision: 2.5.0-beta.32801
Software revision: 2.5.0-beta.32801
Serial number: abc
Manufacturer Name:
Model name: RTL8328-24FE-4GE
Asset ID:
LLDP-MED Location
Coordinates: 11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00
Civic-address: 11:22:33:44:55:66
Ecs-elin: 11:22:33:44:55:66:77:88:99:AA

• View LLDP statistics

Command:

1. show lldp statistics
2. show lldp interfaces Ethernet xx statistics

Mode: privileged EXEC mode

Parameter:

Parameter	Description
Ethernet xx	Specify port ID

Description:

1. View LLDP statistics
2. View LLDP statistics on a specified port

Example:

View LLDP statistics
LLDP Global Statistics:
Insertions: 0
Deletions: 0
Drops: 0
Age Outs : 0

| TX Frames | RX Frames | RX TLVs | RX Ageouts
Total | Total | Discarded | Errors | Discarded | Unrecognized | Total
--------+----------+-------+-----------+-------+ -----------+--------------+----------
eth1/0/1 | 0 | 0 | 0 | 0 | 0 | 0 | 0
eth1/0/2 | 5537 | 0 | 0 | 0 | 0 | 0 | 0
eth1/0/3 | 0 | 0 | 0 | 0 | 0 | 0 | 0
eth1/0/4 | 0 | 0 | 0 | 0 | 0 | 0 | 0
eth1/0/5 | 0 | 0 | 0 | 0 | 0 | 0 | 0
eth1/0/6 | 0 | 0 | 0 | 0 | 0 | 0 | 0
eth1/0/7 | 0 | 0 | 0 | 0 | 0 | 0 | 0
eth1/0/8 | 0 | 0 | 0 | 0 | 0 | 0 | 0
eth1/0/9 | 0 | 0 | 0 | 0 | 0 | 0 | 0
eth1/0/10 | 0 | 0 | 0 | 0 | 0 | 0 | 0

View LLDP statistics on port 1
Switch# show lldp interface Ethernet 1/0/1 statistics

LLDP Port Statistics:
| TX Frames | RX Frames | RX TLVs | RX Ageouts
Total | Total | Discarded | Errors | Discarded | Unrecognized | Total
--------+----------+-------+-----------+-------+ -----------+--------------+----------
Eth1/0/1 | 0 | 0 | 0 | 0 | 0 | 0 | 0

• Whether the port TLV is overloaded

Command: show lldp interfaces Ethernet xx tlvs-overloading

Mode: privileged EXEC mode

Parameter:

Parameter	Description
Ethernet xx	Specify port ID

Description: Check whether the TLV of the specified port is overloaded

Example:

Check whether the TLV of port 1 is overloaded
Switch# show lldp interface Ethernet 1/0/1 statistics

LLDP Port Statistics:
| TX Frames | RX Frames | RX TLVs | RX Ageouts
Total | Total | Discarded | Errors | Discarded | Unrecognized | Total
--------+----------+-------+-----------+-------+ -----------+--------------+----------
eth1/0/1 | 0 | 0 | 0 | 0 | 0 | 0 | 0

Switch#
Switch#
Switch# show lldp interface Ethernet tlvs-overloading
invalid port id
Switch# show lldp interface Ethernet 1/0/1 tlvs-overloading

eth1/0/1:

TLVs Group | Bytes | Status
---------------------------- + ------- + ------------- ---
Mandatory | 21 | Transmitted
LLDP-MED Capabilities | 9 | Transmitted
802.1 | 8 | Transmitted

Total: 38 bytes
Left: 1450 bytes

• Clear statistics

Command:

1. clear lldp global statistics
2. clear lldp interface Ethernet xx statistics

Mode: privileged EXEC mode

Parameter:

Parameter	Description
Ethernet xx	Specify port ID

Description:

1. Clear global LLDP statistics
2. Clear LLDP statistics on a specified port

Example:

Clear global LLDP statistics
Switch#clear lldp global statistics

Clear LLDP statistics on port 1
Switch#clear lldp interfaces Ethernet 1/0/1 statistics

EEE

Enable/disable 802.3 EEE

Command:

1. lldp
2. no lldp

Mode: global configuration mode

Parameter: none

Description: Enable/disable LLDP

Example:

Enable the global LLDP function
Switch (config)# lldp

SYSTEM

Basic Settings

Basic Setting

• Configure switch name

Command: system name WORD<1-64>

Mode: global configuration mode

Parameter:

Parameter	Description
WORD<1-64>	Character range: 1-64, support letters, numbers and special characters (excluding “\?/,). If the string is empty, use “” to quote it.

Description: Set switch name

Example:

Set the switch name to MySwitch and check
Switch # config
Switch(config)# system name MySwitch
MySw itch (config) # d o show info

System Name : MySwitch
System Location : Default
System Contact : Default
Device model : GWN7801
MAC Address : C0:74:AD:B9:3B:44
IP Address : 192.168.80.201
Subnet Mask : 255.255.255.0
Loader Version: 3.6.9.55156
Loader Date : Mar 17 2023 - 02:00:37
Firmware Version : 1.0.3.15
Firmware Date : Jan 12 2023 - 11:51:17
Hardware Version : V1.2A
PN Series number : 9640004612A
SN Series number : 20VXU28N90B93B44
System Object ID : 1.3.6.1.4.1.42379
System Up Time: 6 days, 18 hours, 51 mins, 3 secs

• Configure Switch Location

Command: system location LOCATION

Mode: global configuration mode

Parameter:

Parameter	Description
LOCATION	Character range: 0-64, support letters, numbers and special characters (excluding “\?/,). If the string is empty, use “” to quote it.

Description: Set switch location

Example:

Set the switch location to hangzhou and check
Switch # config
Switch(config)# system location Hangzhou
Switch(config)# do show info

System Name : Switch
System Location : hangzhou
System Contact : Default
Device model : GWN7801
MAC Address : C0:74:AD:B9:3B:44
IP Address : 192.168.80.201
Subnet Mask : 255.255.255.0
Loader Version: 3.6.9.55156
Loader Date : Mar 17 2023 - 02:00:37
Firmware Version : 1.0.3.15
Firmware Date : Jan 12 2023 - 11:51:17
Hardware Version : V1.2A
PN Series number : 9640004612A
SN Series number : 20VXU28N90B93B44
System Object ID : 1.3.6.1.4.1.42379
System Up Time: 6 days, 18 hours, 54 mins, 12 secs

• Configure Switch Contact Information

Command: system contact CONTACT

Mode: global configuration mode

Parameter:

Parameter	Description
CONTACT	Character range: 0-64, support letters, numbers and special characters (excluding “\?/,). If the string is empty, use “” to quote it.

Description: Set Switch Contacts

Example:

Set the switch contact to 15968140574 and check
Switch # config
Switch(config)# do show info

System Name : Switch
System Location : hangzhou
System Contact : 15968140574
Device model : GWN7801
MAC Address : C0:74:AD:B9:3B:44
IP Address : 192.168.80.201
Subnet Mask : 255.255.255.0
Loader Version: 3.6.9.55156
Loader Date : Mar 17 2023 - 02:00:37
Firmware Version : 1.0.3.15
Firmware Date : Jan 12 2023 - 11:51:17
Hardware Version : V1.2A
PN Series number : 9640004612A
SN Series number : 20VXU28N90B93B44
System Object ID : 1.3.6.1.4.1.42379
System Up Time: 6 days, 19 hours, 9 mins, 37 secs

Time setting

• View current system time

Command:

1. show clock
2. show clock details

Mode: Privileged Exec Mode

Parameter: none

Description: View current system time

Example:

Switch # show clock
Switch# show clock detail

• Set static time manually

Command: clock set HH:MM:SS (jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)

<1-31> <2000-2035>

Mode: Privileged Exec Mode

Parameter:

Parameter	Description
HH:MM:SS	Minutes and seconds
(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)	month
<1-31>	day
<2000-2035>	years

Description: Manually set the time

Example:

Switch# clock set 04:14 :2 4 jan 24 2034

• Set the time source to manual setting

Command: clock source local

Mode: global configuration mode

Parameter: none

Description: Set the time source to manual setting

Example:

Switch # configure
Switch (config) # clock source local

• Set time source as SNTP server

Command:

1. clock source sntp
2. show sntp

Mode: global configuration mode

Parameter: none

Description:

1. clock source sntp set the time source as SNTP server
2. show sntp View SNTP server

Example:

Switch # configure
Switch (config) # clock source local
Switch(config) #d o show sntp

• Configure sntp server

Command:

1. sntp host A .BCD port<1-65535>
2. sntp host HOSTNAME port<1-65535>

Mode: global configuration mode

Parameter:

Parameter	Description
A.BCD _ _	SNTP server IP address
HOSTNAME	SNTP server domain name
port<1-65535>	SNTP server port, an integer ranging from 1 to 65535

Description: Configure SNTP server address

Example:

Switch # configure
Switch (config) # sntp host 192.168.1.27 port 123
Switch(config) # sntp host time.windows.com port 124

• Clear SNTP server

Command: no sntp

Mode: global configuration mode

Parameter: none

Description: clear SNTP server

Example:

Switch # configure
Switch (config) #no sntp

• Configure time zone

Command: clock timezone ACRONYM HOUR-OFFSET minutes < 0-59>

Mode: global configuration mode

Parameter:

Parameter	Description
ACRONYM	Acronym for time zone ( 1 -4 characters)
HOUR-OFFSET <-12-13>	Time difference from UTC
minutes <0-59>	Minutes difference from UTC

Description: Configure time zone

Example:

Switch # configure
Switch (config) #clock timezone Pac -8 minutes 30

• Restore default timezone

Command: no clock timezone

Mode: global configuration mode

Parameter: none

Description: restore default timezone

Example:

Switch # configure
Switch (config) #no clock timezone

Scheduled restart

• Scheduled restart

Command:

1. schedule use id {id} reboot
2. no schedule use reboot

Mode: global configuration mode

Parameter:

Parameter	Description
{id}	Time policy ID, an integer ranging from 1 to 32

Description:

1. schedule use id {id} reboot : set switch restart time
2. no schedule use reboot : Turn off the scheduled reboot function

Example:

Turn on timed restart ( refer to time policy 1 )
Switch # config
Switch(config)# schedule use id 2 reboot

Turn off scheduled restart
Switch (config)# no schedule use reboot

Access control

Web service management

• Enable telnet permission/ssh permission/https access

Command: ip telnet|ssh|https

Mode: global configuration mode

Parameter: none

Description: Enable telnet permission/ssh permission/https access

Example:

Switch # configure
Switch (config) # ip telnet|ssh|https

• Close telnet permission/ssh permission/https access

Command: no ip telnet|ssh|https

Mode: global configuration mode

Parameter: none

Description: Close telnet permission/ssh permission/https access

Example:

Switch # configure
Switch (config) #no ip telnet|ssh|https

• View https access status

Command: show ip https

Mode: Privileged Exec Mode

Parameter: none

Description: View https access status

Example:

Switch# show ip https

• Modify web (https) idle timeout

Command: ip web session-timeout session-timeout

Mode: Privileged Exec Mode

Parameter:

Parameter	Description
session-timeout	HTTPS timeout, the value range is 1-1440 minutes

Description: Modify web idle timeout

Example:

Switch#configure
Switch (config) # ip web session-timeout 500

Manager settings

• Turn on/off the Manager function

Command:

1. manager
2. no manager

Mode: global configuration mode

Parameter: none

Description: Turn on/off the Manager function

Example:

Enable the Manager function
Switch # config
Switch(config)# manager

• Configure the Manager server address

Command: manager server IP/HOSTNAM port <0-65535> dhcpOverwrite enable/disable

Mode: global configuration mode

Parameter:

Parameter	Description
IP	Manager server IP address , including IPv4 address and IPv6 address
HOSTNAM	Manager server hostname
<0-65535>	port , an integer ranging from 0 to 65535
enable/disable	Enable/disable DHCP option 43 rewrite Manager server address function

Description: Configure the Manager server address

Example:

Configure Manager server as 1 92.168.1.1 , port 8 443 , disable DHCP option 43 rewrite address function
Switch # config
Switch(config)# manager server 192.168.1.1 port 8443 dhcpOverwrite disable

• View Manager configuration

Command: show manager

Mode: privileged EXEC mode

Parameter: none

Description: View Manager configuration

Example:

Switch# show manager
MANAGER OPTION | VALUE
----------------------+--------------------------- ----
manager set | enabled
manager server | 192.168.1.1
manager port | 8443
allow dhcp overwrite | disabled

Telnet/SSH Client

• View help information 1

Command: ssh {ip-addr |domain} ?

Mode: global configuration mode

Parameter:

Parameter	Description
ip-addr	Switch IPv4 address
domain	Switch domain name

Description: There are 5 items of information debug, keyfile, port , removeknownhosts, user , and corresponding descriptions.

Example:

Switch # config
Switch(config)# ssh 192.168.80.201
<cr>
debug config show debug log
keyfile Log in with the ssh Server specified public key
port TCP/UDP port
removeknownhosts Remove all keys belonging to hostname from known_hosts file
user ssh login user name

• View help information 2

Command: telnet {ip-addr | domain} ?

Mode: global configuration mode

Parameter:

Parameter	Description
ip-addr	Switch IPv4 address
domain _	Switch domain name

Description: There is a port option, and it corresponds to the relevant description.

Example:

Switch # config
Switch(config)# telnet 192.168.80.201
<cr>
port TCP/UDP port

• View help information 3

Command: ssh public key?

Mode: global configuration mode

Parameter: none

Description: There are 3 items of information delete , list , tftp: // , and corresponding to the relevant description

Example:

Switch # config
Switch(config)# sshpublickey
delete Delete the public key on the device
list The key file that has been downloaded to the device list
tftp:// SSH Server public key download

• SSH connection management device

Command: ssh {ip-addr |domain} {keyfile/port/removeknownhosts/user}

Mode: Privileged Exec Mode

Parameter:

Parameter	Description
ip-addr	Device IPv4 address or IPv6 address
domain	switch domain name
keyfile	Specify the private key file to use
port	Specify the port number of the device to be connected
remove known hosts	Clear connected hosts
user	Specify the username to connect to

Description: and manage other devices through SSH , and specify the user name, port and private key file. In this way, you can log in to the gwnmenu interface of GWN AP/Route and the CLI interface of GWN Switch to manage devices. Use the specified private key to log in to the server encrypted by the corresponding public key

Example:

The IP address of the SSH server is 192.168.0.254, and the SSH service is enabled by default on the GWN switch

Log in to the SSH server using the default root account
Switch# ssh 192.168.0.254

Log in to the SSH server using the admin account
Switch# ssh 192.168.0.254 user admin

If the SSH server changes the SSH port to 6622, specify the port to log in
Switch# ssh 192.168.0.254 user admin port 6622

If the SSH server uses public key encryption and the private key is GWN, use the key to log in
Switch# ssh 192.168.0.254 user root keyfile GWN

The switch has been connected to the switch device, and the device has been restored to factory settings, you need to clear the knownhosts and then log in
Switch# ssh 192.168.0.254 removeknownhosts

• Telnet connection management device

Command: telnet {ip-addr |domain} {port}

Mode: Privileged Exec Mode

Parameter:

Parameter	Description
ip-addr	Device IPv4 address or IPv6 address
domain	switch domain name
port	Specify the port number of the device to be connected

Description: and manage other devices via Telnet

Example:

Telnet server is 192.168.0.254, and the SSH service is disabled by default on the GWN switch

Log in with telnet
Switch# telnet 192.168.0.254

Modify the port of the Telnet server to 6623, and specify the port to log in
Switch# telnet 192.168.0.254 port 6623

• Upload secret key

Command: sshpublickey tftp://target_ip/target_file

Mode: global configuration mode

Parameter:

Parameter	Description
tftp://target_ip	Upload the key file through TFTP
target_file	key file that needs to be uploaded

Description: Upload the secret key file through TFTP , support to upload and use the private key file in RSA/ecdsa/ed26619 format
The secret key uploaded successfully Downloading Done
Failed to upload the secret key Downloading config file failed

Example:

Switch#configure
Switch(config)# sshpublickey list
Switch(config)# sshpublickey tftp://192.168.99.176/gwn
Downloading Done

• The list of uploaded keys

Command: ssh publickey list

Mode: global configuration mode

Parameter: none

Description: View all uploaded key files

Example:

Switch # configure
Switch(config)# sshpublickey list
gwn

• Delete uploaded key

Command: ssh publickey delete xxx

Mode: global configuration mode

Parameter:

Parameter	Description
xxx	key file name

Description: Delete the key file named xxx

Example:

Switch # configure
Switch(config)# ssh publickey delete xxx
Switch(config)# sshpublickey list

• View device key

Command: show flash

Mode: privileged EXEC mode

Parameter: none

Description: View device key file

Example:

Switch # show flash
File Name File Size Modified
------------------------ ---------------- ---------- --------------
startup-config 2283 2023-05-22 03:23:33
flash.log 3552 2023-05-19 11:56:38
rsa2 2455 2023-05-18 03:13:34
dsa2 668 2023-05-18 03:13:39
rsa2.pub 559 2023-05-18 03:13:34
dsa2.pub 595 2023-05-18 03:13:39
ssl_cert 1245 2023-05-18 03:13:44
image 12277439 2023-05-18 12:27:04

• Upload device key to other devices

Command: copy flash://target_file tftp://target_ip

Mode: privileged EXEC mode

Parameter: none

Description: Upload the device’s own key to other devices

Example:

Switch# copy flash://rsa2 tftp://192.168.99.176
Uploading file. Please wait...
Uploading Done

Login service

View telnet/ssh/console process status

Command: show line telnet/ssh/console

Mode: privileged EXEC mode

Parameter: none

Description: View telnet/ssh/console process status

Example:

Switch# show line telnet

Telnet =================================
Telnet Server : enabled
Session Timeout : 10 (minutes)
History Count : 128
Password Retry : 3
Silent Time : 180 (seconds)

Modify telnet/ssh/console idle time

Command:

1. line telnet/ssh/console
2. exec-timeout < 0-65535>

Mode: global configuration mode

Parameter:

Parameter	Description
< 0-65535>	specified minutes, 0 means no timeout

Description: Modify telnet/ssh/console idle time

Example:

Switch#configure
Switch (config) #line telnet /ssh/console
Switch (config) #exec -timeout 100
Switch (config) #do show line telnet/ssh/console

Modify telnet/ssh/console history command count

Command:

1. line telnet/ssh/console
2. history < 1-256>

Mode: global configuration mode

Parameter:

Parameter	Description
< 1-256>	History command count

Description: Modify telnet/ssh/console history command count

Example:

Switch#configure
Switch (config) #line telnet /ssh/console
Switch (config) #history 100
Switch (config) #do show line telnet/ssh/console

Modify the number of telnet/ssh/console password retries

Command:

1. line telnet/ssh/console
2. password-thresh < 0-120>

Mode: global configuration mode

Parameter:

Parameter	Description
< 0-120>	Number of password retries allowed , 0 means unlimited

Description: Modify the number of telnet/ssh/console password retries

Example:

Switch#configure
Switch (config) #line telnet /ssh/console
Switch (config) #password-thresh 5
Switch (config) #do show line telnet/ssh/console

Modify telnet/ssh/console silent time

Command:

1. line telnet/ssh/console
2. silent-time < 0-65535>

Mode: global configuration mode

Parameter:

Parameter	Description
< 0-65535>	suppress console response , 0 means unlimited

Description: Modify telnet/ssh/console silent time. When the user enters the password to log in, the authentication fails, the number of failed retries will be increased by one, when the number of failed retries exceeds the configured number, the cli will block the login for a silent time

Example:

Switch#configure
Switch (config) #line telnet /ssh/console
Switch (config) #silent-time 2400
Switch (config) #do show line telnet/ssh/console

Clear telnet/ssh process

Command: clear line telnet|ssh

Mode: privileged EXEC mode

Parameter: none

Description: Clear telnet /ssh processes

Example:

Switch# clear line telnet|ssh

User Management

View user list

Command: show username

Mode: privileged EXEC mode

Parameter:

Parameter	Description
Priv	user level
type	user type
User Name	username
Password	password

Description: view user list

Example:

Switch# show username

View all current online users

Command: show users

Mode: privileged EXEC mode

Parameter:

Parameter	Description
Username	username
Protocol	protocol
location	address

Description: View all current online users

Example:

Switch # show users

Username Protocol Location
------------- -------------- -----------------------
console0.0.0.0
admin telnet 192.168.122.52

View current user’s level

Command: show privilege

Mode: privileged EXEC mode

Parameter:

Parameter	Description
Current CLI Username	Current CLI username
Current CLI Privilege	Current CLI user level

Description: View current user’s level

Example:

Switch # show privilege

Current CLI Username: admin
Current CLI Privilege: 15

Add user

Command: username WORD<1-64> [privilege (admin|monitor|operator)]
(password UNENCRYPY-PASSWORD | secret UNENCRYPY-PASSWORD | secret encrypted ENCRYPT-PASSWORD)

Mode: global configuration mode

Parameter:

Parameter	Description
WORD<1-64>	Username , character range : 1-64, “\?/, characters are not supported.
privilege (admin|monitor|operator)	User level: administrator |monitor| operator
password UNENCRYPY-PASSWORD	Password is not encrypted
secret UNENCRYPY-PASSWORD	Encryption, the password is before encryption
secret encrypted ENCRYPT-PASSWORD	Encrypted, the password is encrypted

Description: Add user

Example:

Switch # configure
Switch (config) #username test1 privilege admin password 123456
Switch (config) #username test2 privilege monitor secret 123456
Switch (config) #username test3 privilege operator secret encrypted 123456
Switch (config) # show username

Delete user

Command: no username WORD<1-64>

Mode: global configuration mode

Parameter:

Parameter	Description
WORD<1-64>	Username

Description: delete users

Example:

Switch # configure
Switch (config) #no username test2

Modify the password for user mode to enter privileged mode

Command: enable password UNENCRYPY-PASSWORD

Mode: global configuration mode

Parameter:

Parameter	Description
password UNENCRYPY-PASSWORD	Password is not encrypted

Description: Modify the password for user mode to enter privileged mode

Example:

Switch # configure
Switch (config) # enable password 11111111

Modify user password

Command: username WORD<1-64>
(password UNENCRYPY-PASSWORD | secret UNENCRYPY-PASSWORD | secret encrypted ENCRYPT-PASSWORD)

Mode: global configuration mode

Parameter:

Parameter	Description
WORD<1-64>	Username
password UNENCRYPY-PASSWORD	Password is not encrypted
secret UNENCRYPY-PASSWORD	Encryption, the password is before encryption
secret encrypted ENCRYPT-PASSWORD	Encrypted, the password is encrypted

Description: Modify user password

Example:

Switch # configure
Switch( config)#username test3 password aa33333333
Old password: 123456

Restore the password for user mode to enter privileged mode to default value (default is empty)

Command: enable password “”

Mode: global configuration mode

Parameter: none

Description: Restore the password for user mode to enter privileged mode to the default value (the default is empty)

Example:

Switch # configure
Switch (config) # enable password ""

Time strategy

View time policy

Command: show schedule

Mode: privileged EXEC mode

Parameter: none

Description: View time policy

Example:

Switch# show schedule
|------------------------------------------------- -------------|
| ID:1 | NAME: reboot | USE:
|------------------------------------------------- -------------|
| week1:0000-0030
| week2:0000-0030
| abtime1:
|------------------------------------------------- -------------|

Add time policy

Command:

1. schedule id {id} name {name}
2. schedule id {id} week {week} {hour} {minute} to {hour} {minute}
3. schedule id {id} abtime {abtime} date {date} mon {mon} day {day}

Mode: global configuration mode

Parameter:

Parameter	Description
{id}	Set the policy ID , an integer ranging from 1-32
{name}	Set the policy name, the input length is 1-64 characters, “\?/, characters are not supported.
{week}	<1-7> monday to sunday
{hour}	<0-24>
{minute}	0 or 30
{ab time}	Set special dates, up to 8
{date}	<2022-9999> years
{mon}	<1-12> month
{day}	<1-31> day

Description: add time policy

Example:

Create a time policy with id 1 and name policy1, and the period is Wednesday 4:00-5:30
Switch(config)# schedule id 1 name policy1
Switch(config)# schedule id 1 week 3 hour 4 minute 0 to hour 5 minute 30

Delete time policy

Command: no schedule id {id}

Mode: global configuration mode

Parameter:

Parameter	Description
{id}	Set the policy ID , an integer ranging from 1-32

Description: delete time policy

Example:

Delete time policy with id 1
Switch(config)# no schedule id 1

1588 v2 TC

Enable/disable global 1588v2 TC

Command:

1. ptp enable
2. no ptp enable

Mode: global configuration mode

Parameter: none

Description: Enable/disable global 1588v2 TC function

Example:

Enable the global 1588 v2 TC function
Switch # config
Switch(config)# ptp enable

Configure 1 588v2 TC clock type

Command: ptp clock-type e2e-tc | p2p-tc

Mode: global configuration mode

Parameter:

Parameter	Description
e2e-tc	E2E TC clock type
p2p-tc	PTP TC clock type

Description: Configure 1588v2 TC clock type

Example:

Configure the 1588 v2 TC clock type as E2E TC
Switch # config
Switch(config)# ptp enable
Switch(config)# ptp clock-type e2e-tc

Configuring the Encapsulation Format of PTP TC Packets

Command: ptp protocol l ethernet|udpv4|udpv6

Mode: global configuration mode

Parameter:

Parameter	Description
ethernet	Ethernet encapsulation
udpv4	UDP over IPv4 encapsulation
udpv6	UDP over IPv6 encapsulation

Description: Configure the encapsulation format of PTP TC packets, the default is Ethernet encapsulation.

Example:

Configure the encapsulation format of PTP TC packets to Ethernet
Switch # config
Switch(config)# ptp enable
Switch(config)# ptp clock-type p2p-tc
Switch(config)# ptp protocol ethernet

Configure a PTP TC domain

Command: ptp domain <0-255>

Mode: global configuration mode

Parameter:

Parameter	Description
<0-255>	Configure the PTP TC clock domain ID

Description: Configure the PTP TC clock domain

Example:

Configure the PTP TC clock domain as 10
Switch # config
Switch(config)# ptp enable
Switch(config)# ptp clock-type p2p-tc
Switch(config)# ptp domain 10

Configure the PTP TC virtual clock ID

Command: ptp virtual0clock-id auto|xxxxxxxxxxxxxxxxx

Mode: global configuration mode

Parameter:

Parameter	Description
auto	Automatically generate virtual clock ID, insert FFFE in the middle of MAC address as ID ( XXXXXX-FFFE-XXXXXX )
xxxxxxxxxxxxxxxx	16 hexadecimal characters , if it is less than 16 digits , it will be automatically filled with 0 in front

Description: Configure the PTP TC virtual clock ID

Example:

Configure the ID of the PTP TC virtual clock as 12365 acaaaaa
Switch # config
Switch(config)# ptp enable
Switch(config)# ptp clock-type p2p-tc
Switch(config)# ptp virtual-clock-id 12365acaaaaa

Enable/disable 1588 v2 TC on interface

Command:

1. ptp enable
2. no ptp enable

Mode: interface configuration mode

Parameter: none

Description: Enable/disable the 1588 v2 TC function of the port

Example:

Enable the 1588 v2 TC function of port 1/0/1 -1 /0/10
Switch # config
Switch(config)# interface range e1/0/1-e1/0/10
Switch(config-if-range)# ptp enable

View 1588 v2 TC related information

Command: show ptp state

Mode: privileged EXEC mode

Parameter: none

Description: View global and port 1588 v2 TC status

Example:

Switch# show ptp state
|---------------------------------------------------|
PTP clock type : e2e-tc
|---------------------------------------------------|
PTP state : enabled
|---------------------------------------------------|
| LogicPort mode |
--------------------------------------------------
| eth1/0/1 Disabled |
--------------------------------------------------
| eth1/0/2 Disabled |
--------------------------------------------------
| eth1/0/3 Disabled |
--------------------------------------------------
| eth1/0/4 Disabled |
--------------------------------------------------
| eth1/0/5 Disabled |
--------------------------------------------------
| eth1/0/6 Disabled |
--------------------------------------------------
| eth1/0/7 Disabled |
--------------------------------------------------
| eth1/0/8 Disabled |
--------------------------------------------------
| eth1/0/9 Disabled |
--------------------------------------------------
| eth1/0/10 Disabled |
--------------------------------------------------
| eth1/0/11 Disabled |
--------------------------------------------------
| eth1/0/12 Disabled |
--------------------------------------------------
| eth1/0/13 Disabled |
--------------------------------------------------
| eth1/0/14 Disabled |
--------------------------------------------------
| eth1/0/15 Disabled |
--------------------------------------------------
| eth1/0/16 Disabled |
--------------------------------------------------

Restart and view running configuration

Reboot

Command: Reboot

Mode: privileged EXEC mode

Parameter: none

Description: reboot switch

Example:

Switch # reboot

View running configuration

Command: show running-config

Mode: privileged EXEC mode

Parameter: none

Description: View running configuration

Example:

Switch# show running-config