Manuel d'utilisation / d'entretien du produit 4500 PWR 50-PORT du fabricant 3Com
Aller à la page of 466
3Com ® Switch 4500 Family Command Refer ence Guide Switch 4500 26-Port Switch 4500 50-Port Switch 4500 PWR 26-Port Switch 4500 PWR 50-Port www.3Com.com Part No.
3Com Corporation 350 Campus Drive Marlbor ough, MA USA 01752-3064 Copyright © 2007, 3Com Corporati on. All rights reserved. No part of this documentation may be repro duced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corpo ration.
C ONTENTS A BOUT T HIS G UIDE About This So ftware V ersion 13 How This Guide is Organized 13 Intended Readership 14 Conventions 14 Related Docum entation 15 1 U SING S YSTEM A CCESS C OMMANDS Logging.
7 U SING M ULTICAST P ROT O C O L C OMMANDS IGMP Snooping Configuratio n Commands 176 8 U SING Q O S/ACL C OMMANDS ACL Commands List 184 QoS Config uration Commands L ist 190 Logon User’ s ACL Contr.
13 C ONFIGURING P ASSWORD C ONTR OL A B OOTR OM I NTERFACE Accessing the Bootr om Interface 455 Boot Menu 456.
.
A LPHABETICAL L ISTING OF C OMMANDS display poe interface 88 display poe power 89 poe power-management 93 poe update 95 access-limit 254 accounting optional 270 acl 184 acl 201 am enable 114 am ip-poo.
copy configuration 43 copy 299 cut connection 255 databits 20 data-flow-format 270 debugging arp packet 104 debugging dhcp client 108 debugging dhcp xrn xha 108 debugging dhcp-relay 110 debugging lacp.
display dhcp-server 112 display dhcp-server in terface vlan-interface 113 display diagnostic-information 352 display domain 258 display dot1x 236 display fan 340 display fib 121 display fib 123 displa.
display memory 341 display mirror 190 display ntp-service sessions 404 display ntp-service status 405 display ntp-service trace 406 display password-control 445 display password-control super 446 disp.
display this 311 display udp statistics 129 display udp-helper server 119 display unit 48 display user-interface 21 display users 23 display version 350 display vlan 77 display voice vlan oui 81 displ.
idle-cut 261 idle-timeout 27 if-match cost 168 if-match interface 169 if-match ip next-hop 170 igmp-snooping 178 igmp-snooping host-aging-time 178 igmp-snooping max-response-time 179 igmp-snooping rou.
loopback-detection per-vlan enable 54 ls 440 ls 327 mac-address max-mac-count 336 mac-address timer 337 mac-address 335 mac-authentication 249 mac-authentication authmode 250 mac-authentication authpa.
peer-public-key end 421 peer-public-key end 428 peer 155 ping 353 poe enable 91 poe legacy enable 91 poe max-power 92 poe mode 93 poe priority 94 port 79 port access vlan 56 port hybrid pvid vlan 56 p.
remove 442 rename 442 rename 305 reset 156 reset acl counter 187 reset arp 107 reset counters interface 60 reset dot1x statistics 246 reset igmp-snoopi ng statistics 180 reset ip statistic s 130 reset.
rsa peer-public-key 431 rule 187 save 313 schedule reboot at 343 schedule reboot delay 344 scheme 266 screen-length 31 secondary accounting 284 secondary authentication 285 Select Application File to .
ssh user assign rsa-key 426 ssh user authentication-type 427 ssh user service-type 435 ssh2 433 startup bootrom-access enable 314 state 269 state 286 stop-accounting-buffer enable 287 stopbits 35 stp .
timers 164 timer 288 tracert 359 traffic-limit 199 udp-helper enable 119 udp-helper port 119 udp-helper server 120 undelete 307 undo snmp-agent 393 unicast-suppression 62 user privilege level 40 user .
A BOUT T HIS G UIDE This guide pr ovides all the informati on you need to use the configuration commands supported by ver sion 3.0.x software on the 3Com ® Switch 4500. About This Software Ve r s i o n The software in the Switch 4500 is a subset of that used in some other 3Com products.
14 A BOUT T HIS G UIDE ■ Using System Management Commands — Intr oduces the commands used for system management and maintenance. Intended Readership The guide is intended fo r the following reader.
Related Documentation 15 Related Documentation The 3Com Switch 4500 Getting Started Guide provides information about installation. The 3Com Switch 4500 Con figuration Guide p rovides information about configuring your network using the commands described in this guide.
16 A BOUT T HIS G UIDE.
1 U SING S YSTEM A CCESS C OMMANDS This chapter describes how to use th e following commands: Logging in Commands ■ authentication-mode ■ auto-execute command ■ command-privilege level ■ datab.
18 C HAPTER 1: U SING S YSTEM A C CESS C OMMANDS ■ system-view ■ telnet ■ user -interface ■ user privilege level Logging in Commands This section describes the commands that you can use to configure system access and system security .
Logging in Commands 19 auto-execute command Syntax auto-execute command text undo auto-execute command Vie w User Interface V iew Parameter text: Specifies the command to be run automatically . Description Enter auto-execute command text to co nfigure the Switch to automatically run a specified command.
20 C HAPTER 1: U SING S YSTEM A C CESS C OMMANDS Description Use the command-privilege level command to configure the priority level assigned to any comman d within a select ed view .
Logging in Commands 21 8 – Sets the data bits to 8. Description Use the databits command to configure the data bits for the AUX (Console) port to either 7 or 8 . By default, the value is 8 . Use the undo databits command to restor e the default value (8).
22 C HAPTER 1: U SING S YSTEM A C CESS C OMMANDS summary: Display the summary of a user interface. Description Use the display user-interface command to view informat ion on a user interface. Y ou can choose to access this information by user interf ace type and type nu mber , or by user interface ind ex number .
Logging in Commands 23 1 character mode users. (U) 1 total UIs in use. UI's name: aux0 display us ers Syntax display users [ all ] Vie w All views Parameter all: Enter to display information on all user interfaces. Description Use the display users command to view information on the current user interface.
24 C HAPTER 1: U SING S YSTEM A C CESS C OMMANDS flow-control Syntax flow-control { hardware | none | s oftware } undo flow-con trol View User interface view Parameter hardware: Enter to set har dware flow control. none: Enter to set no flow control. software: Enter to set software flow contr ol.
Logging in Commands 25 Example T o reset user interface AUX 1 from anothe r user interface on the Switch, enter the following: <4500> free user-interface aux 1 After the command is executed, use r interface AUX 1 is disconnected. When you next log in using user inter face AUX 1, it opens using the default settings.
26 C HAPTER 1: U SING S YSTEM A C CESS C OMMANDS If you press <En ter> after typing any of the three keywords shell, login an d incoming in the command, then what you type af ter the word header is the contents of the login information, instead of identifying header type.
Logging in Commands 27 When you log on the Switch again, the terminal displays the configured session establishme nt title. [4500]quit <4500>quit Please press ENTER %SHELL: The initial character "%" is the header cont ents.
28 C HAPTER 1: U SING S YSTEM A C CESS C OMMANDS Parameter minutes: Enter the number of minutes you want to allow a user interface to remain idle before it is disconnected. This can be in the range 0 to 35791. seconds: Enter the number of seconds in addition to the number of minutes.
Logging in Commands 29 Parameter None Description Use the lock command to lock the current user interface and prevent unauthorized users f rom accessing it.
30 C HAPTER 1: U SING S YSTEM A C CESS C OMMANDS View VTY user int erface view Parameter all: Supports both T elnet and SSH protocols. ssh: Supports only SSH protocol. telnet: Supports only T eln et protocol. Description Use the protocol inbound command to configure the pr otocols support ed by a designated user interface.
Logging in Commands 31 ret u r n Syntax return Vie w System view or higher Parameter None Description Use the return command to return to user view from any other view . Ctrl+Z performs the same function as the return command. T o ret urn to the next highest level of view , use quit .
32 C HAPTER 1: U SING S YSTEM A C CESS C OMMANDS send Syntax send { all | number | type } View User view Parameter all: Sends a message to all user interfaces. type: Enter the type and type n umber of the user interface that you want to send a message to.
Logging in Commands 33 Description Use the command service -type to configure which level of command a user can access after login. Use the command undo service-type to r estore the default level of command (level 1). Commands are cla ssified into four levels, as follows: ■ 0 - V isit level .
34 C HAPTER 1: U SING S YSTEM A C CESS C OMMANDS Parameter cipher: Configur e to display the password in encrypted text. simple: Configur e to display the password in plain text. password: If the authentication is in the simple mode, the passwor d must b e in plain text.
Logging in Commands 35 When using the undo shell command, note th e follo wing points. ■ For reasons of security , the undo shell command can only be used on user interfaces other than the AUX user in terface. ■ Y ou cannot use this command on the current user interface.
36 C HAPTER 1: U SING S YSTEM A C CESS C OMMANDS Parameter 1: Sets the stop bits to 1. 1.5: Sets the stop bits to 1.5. 2: Sets the stop bits to 2. Description Use the stopbits command to co nfigure the stop bits on the AUX (Console) port. Use the undo stopbits command to restore the default stop bits (the default is 1).
Logging in Commands 37 super passwor d Syntax super password [ level level ]{ simple | cipher } password undo super password [ level level ] Vie w System View Parameter level: Enter a user level in the range 1 to 3. The default is 3. The password you enter is set for the specified level.
38 C HAPTER 1: U SING S YSTEM A C CESS C OMMANDS Parameter text: Enter the host name of the Sw itch. The hos t name must be no more than 30 characters long. The d efault is 4500. Description Use the sysname command to configure the host name of the Switch.
Logging in Commands 39 ip_address: Enter the IP address or the host name o f the remote Switch. If you enter the host name, the Switch must be set to static resolution. service_port: Designates the management port on the remote Switch, in the range 0 to 65535.
40 C HAPTER 1: U SING S YSTEM A C CESS C OMMANDS <SW4500> system-view System View: return to User View w ith Ctrl+Z. [SW4500] user-interface 0 9 [SW4500-ui0-9] This example c ommand selects two AUX (C onsole) port user interfaces and two VTY user interfaces (VTY 0, VTY 1).
2 U SING P ORT C OMMANDS This chapter describes how to use th e following commands: Ethernet Port Configu ration Commands ■ copy configuration ■ broadcast-suppression ■ d escription ■ d isplay.
42 C HAPTER 2: U SING P ORT C OMMAND S ■ debugging link-aggregation event ■ debugging lacp packet ■ debugging lacp state ■ display link-aggregation summary ■ display link-aggregation verbose.
Ethernet Port Configuration Commands 43 Ether net Port Configuration Commands This section describes the commands y ou can use to configure and manage the ports on your Switch 4500.
44 C HAPTER 2: U SING P ORT C OMMAND S undo broadcast-suppression View Ether net Port V iew Parameter ratio : Specifies the bandwidth ratio of br oa dcast traffic allowed on an Ether net port. The ratio value ranges from 1 to 100. The incremental step is 1.
Ethernet Port Configuration Commands 45 Parameter text: Enter a description of the Ethernet port. This can be a maximum of 80 characters. Description Use the description command to enter a description of an Ether net port. Use the undo description command to cancel the description.
46 C HAPTER 2: U SING P ORT C OMMAND S The information displays in the following format : Ethernet1/0/1 current state : UP IP Sending Frames' Format is PKTFM T_ETHNT_2, Hardware address is 00e0-f.
Ethernet Port Configuration Commands 47 display loopback-detection Syntax display loopback-detection Vie w All views Parameter None Description Use the display loopback-detection command to view whether the por t loopback detection has been enabled.
48 C HAPTER 2: U SING P ORT C OMMAND S The detail s display in the followin g format: Port Ethernet1/0/1 loopback-detect ion is running system Loopback-detection is runni ng Detection interval time is.
Ethernet Port Configuration Commands 49 Description Using display unit unit-id interface command, you can view all port interfaces for t he specified unit.
50 C HAPTER 2: U SING P ORT C OMMAND S [4500-Ethernet1/0/1] duplex auto flow-control Syntax flow-control undo flow-control View Ether net Port V iew Parameters None Description Use the flow-control command to enable flow control on an Ether net port. This avoids discarding data packets due to congestion.
Ethernet Port Configuration Commands 51 Description Use the command interface interface_type interface_number to enter the interface of the specified port. I f you want to configure the parameters of an Ether net port, you must first use this command to enter the Ether net port view .
52 C HAPTER 2: U SING P ORT C OMMAND S Loop internal succeeded. [4500-Ethernet1/0/1] [4500-Ethernet1/0/1] loopback inter nal loopback-detection control enable Syntax loopback-detection control enable .
Ethernet Port Configuration Commands 53 Parameter None Description Use the loopback-detection enable command to enable port loopback detection. If there is a loopback port found, the switch w ill put it under con trol. Use the undo loopback-detection enable command to disable port loopback detection.
54 C HAPTER 2: U SING P ORT C OMMAND S [4500] loopback-detection per -vlan enable Syntax loopback-detection per-vlan enable undo loopback-detection per-vlan e nable View Ether net Port V iew Parameter.
Ethernet Port Configuration Commands 55 Description ■ Use the mdi command to configure the network cable type fo r an Ether net port. ■ Use the undo mdi command to restor e the defa ult type. By default, the network ca ble type is r ecognized a utomatically (the mdi auto command).
56 C HAPTER 2: U SING P ORT C OMMAND S [4500-Ethernet1/0/1] multicast-supp ression 20 [4500-Ethernet1/0/1] Specify the maximum packets per second of the multicast traffic on an Ethern et1/0/1 as 1000 Mpps. < 4500 > system-view System View: return to User View w ith Ctrl+Z.
Ethernet Port Configuration Commands 57 Description Use the port hybrid pvid vlan command to configur e the default VLAN ID of the hybrid port. Use the undo port hybrid pvid command to restor e the default VLAN ID of the hybrid port. Hybrid port can be configured together with the isolate-user -vlan.
58 C HAPTER 2: U SING P ORT C OMMAND S A hybrid port can belong to multiple VL ANs. A port can only be added to a VLAN if the VLAN has already bee n created.
Ethernet Port Configuration Commands 59 [4500] interface ethernet 1/0/1 [4500-Ethernet1/0/1]port link-type trun k [4500-Ethernet1/0/1] port trunk permit vlan Syntax port trunk permit vlan { vlan_id _l.
60 C HAPTER 2: U SING P ORT C OMMAND S View Ether net Port V iew Parameter vlan_id: Enter a VLAN ID in the range 2 to 409 4, as defined in IEEE802.1 Q. This is the VLAN that you want to be the default VLAN for a trunk port. The default is 1. Description Use the port trunk pvid vlan command to configure the default VLAN ID for a trunk port.
Ethernet Port Configuration Commands 61 number ar e specified, the information on th e specified port will be cleare d. After 802.1x is enabled, the port information cannot be reset.
62 C HAPTER 2: U SING P ORT C OMMAND S 1000 : Enter to set the port speed to 1000 M bps. (Only available on Gigabit ports). auto: Enter to set the port speed to auto-nego tiation. Description Use the speed command to configure the port speed. Use the undo speed command to restor e the default sp eed.
Ethernet Port Configuration Commands 63 [4500-Ethernet1/0/1] unicast-suppression 20 [4500-Ethernet1/0/1] Specify the maximum packets per sec ond of the unicast traffic on an Ethernet1/0/1 as 1000 Mpps. <4500> system-view System View: return to User View with C trl+Z.
64 C HAPTER 2: U SING P ORT C OMMAND S Ethernet Port Link Aggregation Commands This section describes the commands you can use to configure Ethernet Port LInk Aggregation on the Switch.
Ethernet Port Link Aggregation Commands 65 undo debugging lacp packet [ interface { interface_type interface_number | interface_name } [ t o { interface_type interface_num | interface_name } ] ] Vie w.
66 C HAPTER 2: U SING P ORT C OMMAND S interface_name: Specifies port name, in the format of interface_name = interface_type interface_num. interface_type: Specifies port type and interfa ce_num port number . For more information, see the parameter item for the int erface command.
Ethernet Port Link Aggregation Commands 67 AL AL Partner ID Select Standby Share Master ID Type Ports Ports Type Port --------------------------------------- ---------------------------- 1 D 0x8000,00.
68 C HAPTER 2: U SING P ORT C OMMAND S display link-aggregation interface Syntax display link-aggregation interface { interface_type interface_number | interface_name } [ to { interface_type interface.
Ethernet Port Link Aggregation Commands 69 Local: Port-Priority: 32768, Oper key: 2, Flag: 0x3d Remote: System ID: 0x8000, 000e-84a6-fb00 Port Number: 2, Port-Priority: 327 68 , Oper-key: 10, Flag: 0x3d Received LACP Packets: 8 packet(s), Illegal: 0 packet(s) Sent LACP Packets: 9 packet(s) Related co mmand: display link-aggregation ver bose .
70 C HAPTER 2: U SING P ORT C OMMAND S Example T o enable LACP at Ether net 1/0/1, enter the following: <4500> system-view System View: return to User View w ith Ctrl+Z.
Ethernet Port Link Aggregation Commands 71 Use the undo lacp system-priority command to r estore the default value. Related co mmand: display lacp system-id . Example T o set system priority as 64, enter the following: <4500> system-view System View: return to User View with C trl+Z.
72 C HAPTER 2: U SING P ORT C OMMAND S manual: Manual aggregation group. static: Static aggregation gr oup. Description Use the link-aggregation group agg_id mode command to create a manual or static aggregation group. Use the undo link-aggregation group command to delete an aggre gation group.
Ethernet Port Link Aggregation Commands 73 System View: return to User View with C trl+Z. [4500] link-aggregation group 22 mode manual [4500] interface ethernet 1/0/1 [4500-Ethernet1/0/1] port link-aggregati on group 22 #Apr 2 03:29:48:954 2000 4500 LAGG/2/A ggPortInactive:- 1 -Trap 1.
74 C HAPTER 2: U SING P ORT C OMMAND S.
3 U SING VLAN C OMMANDS This chapter describes how to use th e following commands: VLAN Configuration Commands ■ d escription ■ d isplay interface VLAN-in terface ■ d isplay vlan ■ i nterface .
76 C HAPTER 3: U SING VLAN C OMMANDS VLAN Configuration Commands This section describes the commands you can use to configure and manage the VLANs and VLAN interfa ces on your system. description Syntax description string undo description View VLAN view Parameter string: Enter a description of the current VLAN, up to a maximum of 32 characters.
VLAN Configuration Commands 77 ■ VLAN interface description ■ Maximum T ransmit Unit (MTU) ■ IP address and subnet mask ■ Format of the IP frames ■ MA C ha rd w are a d dre s s. Use display interface vlan-interface to display information on all VLAN interfaces.
78 C HAPTER 3: U SING VLAN C OMMANDS command display vlan vlan_id to display information on a specific VLAN. Use the command display vlan all to display information on all the VLANs. Use the command display vlan dynamic to display information on VLANs created dynamically by the system.
VLAN Configuration Commands 79 Vie w System View Parameter vlan_id: Enter the ID of the VLAN interface yo u want to configure, in the range 1 to 4094. Note that VLAN1 is the default VLAN and cannot be deleted. Description Use the interface vlan-interface command to enter a VLAN interface view and use the related configuration commands.
80 C HAPTER 3: U SING VLAN C OMMANDS Example Add Ether net1/0/2 through Ether net1/0/4 t o VLAN 2. <4500> system-view System View: return to User View w ith Ctrl+Z.
Voice VLAN Configuration Comman ds 81 %Apr 2 00:05:28:213 2000 4500 STP/2/SP EED:- 1 -Ethernet1/0/1's speed changed ! %Apr 2 00:05:28:319 2000 4500 STP/2/PF WD:- 1 -Ethernet1/0/1 is forwarding! [.
82 C HAPTER 3: U SING VLAN C OMMANDS Description Use the display voice vlan oui command to display the OUI address supported by the current system and its relative featur es.
Voice VLAN Configuration Comman ds 83 voice vlan aging Syntax voice vlan aging minutes undo voice vlan aging Vie w System View Parameter minutes: The aging time of V oice VLAN, in minutes, ranging fr om 5 to 43200. The default value is 1440 minutes. Description Use the voice vlan aging command t o set the aging time of V oice VLAN.
84 C HAPTER 3: U SING VLAN C OMMANDS [4500-Ethernet1/0/2] voice vlan ena ble [4500-Ethernet1/0/2] voice vlan Syntax voice vlan vlan_id enable undo voice vlan enable View System View Parameter vlan_id: The VLAN ID for the V oice VLAN to be enabled, in the range of 2 to 4094.
Voice VLAN Configuration Comman ds 85 Description Use the voice vlan mac_address command to set the MAC address that the V oice VLAN can contr ol. Use the undo voice vlan mac_address command to cancel this MAC addr ess. Here the OUI addr ess refers to a vendor and you need only input the first three-byte va lues of the MAC address.
86 C HAPTER 3: U SING VLAN C OMMANDS <4500> system-view System View: return to User View w ith Ctrl+Z. [4500] undo voice vlan mode auto Can't change voice vlan configurat ion when voice vla.
4 U SING P OWER OVER E THER NET (P O E) C OMMANDS This chapter describes how to use th e following commands: PoE Configuration Commands ■ display poe interface ■ display poe power ■ display poe .
88 C HAPTER 4: U SING P OWER OV ER E THERNET (P O E) C OMMANDS PoE Configuration Commands This section describes the commands you can use to configure and manage the PoE on your Switch 4500 PWR.
PoE Configuration Commands 89 Ethernet1/0/15 off enable signal lo w Detection Ethernet1/0/16 off enable signal lo w Detection Ethernet1/0/17 off enable signal lo w Detection Ethernet1/0/18 off enable .
90 C HAPTER 4: U SING P OWER OV ER E THERNET (P O E) C OMMANDS Port power :1240 0 mW Display the power information of all ports. [4500] display poe power PORT INDEX POWER (mW) PORT INDEXPOWER (mW) Eth.
PoE Configuration Commands 91 Description Use the display poe powersupply command to view the parameters of the power sourcing equipment (PSE). Example Display the PSE parame ters.
92 C HAPTER 4: U SING P OWER OV ER E THERNET (P O E) C OMMANDS View System View Parameter None Description Use the poe legacy enable command to enable the nonstandard-PD detect function. Use the undo poe legacy enable command to disable the nonstandard-PD detect function.
PoE Configuration Commands 93 The unit of power is mW . Y ou can set the power in the granularit y of 100 mW . The actual maximum power will be 5% larg er than what you have set allowing for the effect of transient peak power . Example Set the maximum power supplied by cu rrent port.
94 C HAPTER 4: U SING P OWER OV ER E THERNET (P O E) C OMMANDS View System View Parameter auto: Adopt the auto mode, a PoE management mode based on port priority . manual: Adopt the manual mode. Description Use the poe power-management command to configure the PoE mana gement mode of port used in the case of power overloading.
PoE Configuration Commands 95 If there are too many ports with critical priority , the total power these ports need might exceed the maximum power supplied by the equipment, i.e., 300W . In this case, no new PD can be added to the switch. When the remaining power of the whole equipment is below 18.
96 C HAPTER 4: U SING P OWER OV ER E THERNET (P O E) C OMMANDS Example Update the PSE pr ocessing software online. [4500] poe update refresh 0290_021.s19 .................................. ................................. ............................
5 U SING N ETWORK P RO T O C O L C OMMANDS This chapter describes how to use th e following commands: IP Address Configuration Commands ■ d isplay ip ho st ■ d isplay ip interface vlan ■ ip addr.
98 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS ■ d isplay isolate port ■ p ort isolate UDP Helper Configuration Commands ■ d ebugging udp-helper ■ d isplay udp-helper server ■ u dp-helpe.
IP Address Configuration Commands 99 IP Address Configuration Commands This section describes the commands y ou can use to config ure and manage IP Addressing on your Switch 4500.
100 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS Line protocol current state : DOWN Internet Address is 1.1.1.1/8 Primary Broadcast address : 1.255.
ARP Configuration Commands 101 ip host Syntax ip host hostname ip_address undo ip host hostname [ ip_address ] Vie w System view Parameters hostname Enter the host name of the connecti ng de vice. This is a character string of up to 20 characters. ip_address Enter the host’ s IP address.
102 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS MAC addr ess. Use the undo arp check enable command to disable the checking of ARP entry s o the device le arns th e ARP entry wher e the MAC addr ess is a multicast MAC addr ess.
ARP Configuration Commands 103 By default, the ARP mapping tab le is empty , and the Switch uses dynamic ARP to maintain its address mapping. Related co mmands: reset arp , display arp , debugging arp .
104 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS Example T o establish a mapping between IP address 129.102.0.1 and MAC address 00e0-fc01-0000, and to send frames to this address thr ough VLAN 1, Ethern et port 1/0/ 1, enter the following : <4500> system-view System View: return to User View w ith Ctrl+Z.
ARP Configuration Commands 105 Description Use the debugging arp command to enable ARP debugging. Use the undo debugging arp command to disable the corresponding ARP debugging. By default, undo ARP debugging is enabled. For the related commands, see arp static and display arp .
106 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS include: Enter to display only the ARP entries that contain the specified characte r string "text". exclude : Enter to display only the ARP entries that do not contain the specified characte r string "text" .
ARP Configuration Commands 107 System View: return to User View with C trl+Z. [4500] display arp timer aging The information displays in the following format: Current ARP aging time is 20 minute(s) (d.
108 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS DHCP Client Configuration Commands This section describes the commands you can use to configure and manage the Dynamic Host Configuratio n Protocol (DHC P) Client operations on your Switch 4500.
DHCP Client Con figuration Commands 109 Use the undo debugging dhcp xrn xha command to disable DHCP client hot backup debugging . By defaul t, DHCP client ho t backup debugging is disabled.
110 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS Parameter None Description Use the ip address dhcp-alloc command to configur e VLAN interface to obtain IP address using DHCP . Use the undo ip address dhcp-alloc command to remove the configuration.
DHCP Relay Configuration Commands 111 Type: dhcp-request ClientHardAddress: 0010-dc19-695d ServerIpAddress: 192.168.1.2 *0.7200230-DHCP-8-dhcp_debug: From server to client: Interface: VLAN-Interface 1 ServerGroupNo: 0 Type: dhcp-ack ClientHardAddress: 0010-dc19-695d AllocatedIpAddress: 10.
112 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS dhcp-server ip Syntax dhcp-server groupNo ip ipaddress1 [ ipaddress2 ] undo dhcp-server groupNo View System View Parameters groupNo Enter the DHCP server gr oup num ber , in the range 0 to 19. ip_address1 Enter the IP addr ess of the primary Server in the group.
DHCP Relay Configuration Commands 113 Related co mmands: dhcp-server ip , dhcp-server , display dhcp-server interface vlan-interface , debugging dhcp-relay .
114 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS The information shown above indicates that vlan-interface 2 is configured with a DHCP Server group whose ID is 0. Access Management Configuration Commands This section describes the commands you can use to configure and manage the Access Management Configuration operations on your Switch 4500.
Access Manageme nt Configuration Commands 115 address-list Enter IP addr ess list in the start_ip_address [ ip_address_num ] & < 1-10 > format. start_ip_address Is the start addr ess of an IP address range in the pool. ip_address_num: Specifies how many IP addr esses following start_ip_address in the range.
116 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS By default, the access mana gement trap is disabled. Example T o enable the access management tr ap, enter the following: <4500> system-view System View: return to User View w ith Ctrl+Z.
Access Manageme nt Configuration Commands 117 T o display the access management configurations on Ether net1/0/1: <4500> display am ethernet1/0/1 Ethernet1/0/1 Status : disabled IP Pools : (NULL.
118 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS other ports of this group, that is, Layer 2 forwarding between the isolated ports is not available.
UDP Helper Configuration Commands 119 display udp-helper server Syntax display udp-helper server [ interface v lan-interface vlan_id ] Vie w Any view Parameter vlan_id VLAN interface ID. Description Use the display udp-helper server command to view the information of destination Helper server corresponding to the VLAN interface.
120 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS View System view Parameters port Enter the ID of the UDP port with rela y function to be enabled, in the range of 1 to 65535. dns Domain name s ervice, corresponding to UDP port 53. netbios-ds NetBios datagram service, corresponding to UDP port 138.
IP Performance Configuration Commands 121 Related co mmand: display udp-helper server . Example T o configure the relay destination server with IP address 192.1.1.2, enter the following: <4500> system-view System View: return to User View with C trl+Z.
122 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS display fib ip_address Syntax display fib ip_address1 [ { mask1 | mask-length1 } [ ip_address2 { mask2 | mask-length2 } | longer ] | longer ] View Any view Parameters ip_address1, ip_address2 Enter destination IP address, in dotted decimal format.
IP Performance Configuration Commands 123 Description Use the display fib acl command to view the FIB entries matching a specific ACL. Example T o display the FIB entries matching ACL 2000, enter the .
124 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS Description Use the display fib ip-prefix command to view the FIB entries matching the specific prefi x list.
IP Performance Configuration Commands 125 Description Use the display icmp statistics command to view the statistics information about ICMP packets. Related co mmands: display ip interface vlan-in terface , reset ip statistics .
126 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS task-id Enter the ID of a task, with the value ranging from 1 to 100. socket-id Enter the ID of a socket, with the value ranging fr om 0 to 3072. Description Use the display ip socket command to display the informat ion about the sockets in the current system.
IP Performance Configuration Commands 127 Vie w Any view Parameter none Description Use the display ip statistics command to view the statistics information about IP packets.
128 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS display tcp statistics Syntax display tcp statistics View Any view Parameter none Description Use the display tcp statistics command to view the statistics information about TCP packets.
IP Performance Configuration Commands 129 Closed connections: 0 (dropped: 0, init iated dropped: 0) Packets dropped with MD5 authentication : 0 Packets permitted with MD5 authenticati on: 0 display tcp status Syntax display tcp status Vie w Any view Parameter none Description Use the display tcp status command to view the TCP connection s tate.
130 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS Received packet: Total:0 checksum error:0 shorter than header:0, data length larger than packet:0 no socket on port:0 broadcast:0 not delivered, inp.
IP Performance Configuration Commands 131 reset udp statistics Syntax reset udp statistics Vie w User view Parameter None Description Use the reset udp statistics command to clear the UDP statistics information.
132 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS undo tcp timer syn-timeout View System View Parameter time-value Enter the TCP synwait timer value measured in second, whose value ranges from 2 to 600. The default time-value is 75 seconds. Description Use the tcp timer syn-timeout command to configure the TCP synwait timer .
IP Performance Configuration Commands 133 <4500> system-view System View: return to User View with C trl+Z. [4500] tcp window 3.
134 C HAPTER 5: U SING N ETWORK P ROTOCOL C OMMANDS.
6 U SING R OUTING P R OTOCOL C OMMANDS This chapter describes how to use th e following commands: Routing T able Display Commands ■ display ip r outing-table ■ d isplay ip routing-table acl ■ d .
136 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS ■ r ip metricin ■ r ip metricout ■ ri p output ■ rip split-horizon ■ r ip version ■ r ip work ■ s ummary ■ t imers IP Routing Polic.
Routing Table Display Commands 137 Only the currently used route, that is the best r oute, is displayed. Example T o view a summary of routing table information, enter the following: <4500> display ip routing-table The information displays in the following format: Routing Table: public net Destination/Mask Proto Pre Cost Nexthop Interface 1.
138 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS Example T o display a summary of the active routes filter ed through basic ACL 2000, enter the following: <4500> system-view System View: return to User View w ith Ctrl+Z. [4500] acl number 2000 [4500-acl-basic-2000] rule permit s ource 10.
Routing Table Display Commands 139 display ip r outing-table ip_address Syntax display ip routing-table ip_address [ m ask ] [ longer-match ] [ verbose ] Interface Output interface, through which th e.
140 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS View All views Parameters ip_address Enter the destination IP address. mask Enter either the IP subnet mask (in x.
Routing Table Display Commands 141 Protocol: #Static Preference: 60 *NextHop: 2.1.1.1 Interface: 2.1.1.1(LoopBack1) Vlinkindex: 0 State: <Int ActiveU Static Unicast> Age: 4:479 Cost: 0/0 Tag: 0 For detailed description of ou tput information, refer to Ta b l e 18 .
142 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS View All views Parameter ip_prefix_name Enter the ip pr efix list name. verbose Enter to display verbose information about both the active and in active routes that passed filtering rules. Without this paramet er , this command displays the summary of active routes that passed filtering rules.
Routing Table Display Commands 143 For detailed information of the output information, refer to Ta b l e 18 . display ip r outing-table protocol Syntax display ip routing-table protocol proto col [ in.
144 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS The information displays in the following format : STATIC Routing tables: Summary count: 1 STATIC Routing tables status:<acti ve>: Summary count: 0 STATIC Routing tables status:<inac tive>: Summary count: 1 Destination/Mask Protocol Pre Cost Nextho p Interface 1.
Routing Table Display Commands 145 Vie w All views Parameter None Description Use the display ip routing-table statistics command to display the routing information for all protocols.
146 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS The information displayed includes the route state, the ve rbose description of each route and the statistics of the entir e routing table. All current r outes, includ ing inactive ro utes and invalid r outes, are di splayed.
Static Route Configuratio n Command 14 7 delete static-routes all Syntax delete static-routes all Vie w System View Parameter None Description Use the delete static-routes all command to delete all the static routes. The system requests your confirmation befo re it deletes all the configured static rou t e s.
148 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS preference_value Enter the pr eference level of the r oute in the range 1 to 255. The default prefer ence is 60. reject Enter to indicate an unreachable r oute. blackhole Enter to indicate a blackhole r oute.
RIP Configuration Commands 149 Example T o configure the next hop of the default route as 129.102.0.2, enter the following: <4500> system-view System View: return to User View with C trl+Z.
150 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS undo default cost View RIP view Parameter value Enter the default routing cost, in the range 1 to 16. The default is 1. Description Use the default cost command to set the default routing cost of an imported route.
RIP Configuration Commands 151 Garbage-collection timer : 120 No peer router Network : 202.38.168.0 filter -policy export Syntax filter-policy { acl_number | gateway ga teway-ip | ip-prefix ip_prefix_.
152 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS Description Use the filter-policy ex port command to configure RIP to filter the advertised routing information. Use the undo filter-policy export command to configure RIP not to filter the advertised routing information.
RIP Configuration Commands 153 Use the filter-policy import command to config ure the switch to filter global routing information. Use the undo filter-policy import command to disable filtering of received global r outing in formation. By default, RIP does not filter the received routing information.
154 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS Parameters protocol Enter the r outing pr otocol to be imported. This can be on e of the following: direct or static . value Enter the cost value of the route to be importe d. route-policy route_policy_name E nter a route-policy name.
RIP Configuration Commands 155 Use the undo network command t o disable RIP o n the interface . By default, R IP is disabled on an interface. After you have enabled RIP , you must also enable RIP for a specif ied interface using this command. RIP only opera tes on the interf ace of specified ne twork segments.
156 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS System View: return to User View w ith Ctrl+Z. [4500] rip [4500-rip] peer 202.38.165.1 prefer ence Syntax preference value undo preference View RIP view Parameter value Enter the prefer ence level, in the ra nge 1 to 255.
RIP Configuration Commands 157 [4500] rip [4500-rip] reset rip Syntax rip undo rip Vie w System view Parameter None Description Use the rip command to enable RIP and enter the RIP command view . From he re, you can configure RIP using the other commands described in t his section.
158 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS current-configuration command is executed. Inputtin g the MD5 key in cipher text form with 24 characters long is also supported. nonstandard: Enter to set the MD5 cipher text authentication packet to use a packet format (as described in RFC2082).
RIP Configuration Commands 159 T o set MD5 authentication on Vlan-interfa ce 1 with the key string set to “aaa” and the packet type set to usual , enter the following: [4500] interface Vlan-interf.
160 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS Description Use the rip metricin command to con figure a n additional r oute metric to be added to the route when an interface receives RIP packets. Use the undo rip metricin command to restore the default value of this additional route metric.
RIP Configuration Commands 161 Vie w Interface View Parameter None Description Use the rip output command to allow an interface to tr ansmit RIP packets. Use the undo rip output command to disable an inte rface fr om transmitting RIP packets. By default, all interfaces except loopback interfaces are able to transmit RIP packets.
162 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS Example T o set the interface Vlan-interface 1 not to use split horizo n when processing RIP packets, enter the following: <4500> system-view System View: return to User View w ith Ctrl+Z.
RIP Configuration Commands 163 [4500-Vlan-interface1] rip version 2 bro adcast rip work Syntax rip work undo rip work Vie w Interface View Parameter None Description Use the rip work command to enable the RIP on an interface. This is the default. Use the undo rip work command to disable RIP on an interface.
164 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS summarization all the time. If RIP-2 is used, route summarization function can be disabled with the undo summary command, when it is necessary to br oadcast the subnet route.
RIP Configuration Commands 165 Example Set the values of the Period Update ti mer and the T imeout timer of RIP to 10 seconds and 30 seconds respectively .
166 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS IP Routing Policy Configuration Commands This section describes the commands you can use to configure IP Routing Policy . These commands operate across all r outing protocols. When the Switch 450 0 runs a routing proto col, it is able to perform the functions of a router .
IP Routing Policy Configuration Commands 167 Example Display the information of th e address prefix list named to p1 . <4500> display ip ip-prefix p1 name index conditions ip-prefix / mask GE LE p1 10 permit 10.
168 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS if-match { acl | ip-p refix } Syntax if-match { acl acl _ number | ip-prefix ip _ prefix _ name } undo if-match [ acl | ip-prefix ] View Route poli.
IP Routing Policy Configuration Commands 169 By default, no match su b-statement is defined. Related co mmands: i f-match interface , if-match acl , if- match ip-prefix , if-match ip next-hop , if-match tag , route-policy , apply ip next-hop, apply local-preference, apply cost, app ly origin and apply tag .
170 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS if-match ip next-hop Syntax if-match ip next-hop { acl acl_num ber | ip-prefix ip_prefix_name } undo if-match ip next-hop [ ip-pre fix ] View Route policy view Parameter acl_number Ente r the number of the access contr ol list use d for filtrati on.
IP Routing Policy Configuration Commands 171 index_number Identify an item in the prefix addr ess list. The item with smalle r index-number will be tested first. permit Enter to specify the match mode of the d efined address prefix list items as permit mode.
172 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS route-policy Syntax route-policy route_policy_name { permit | deny } nod e { node_number } undo route-policy route_policy_nam e [ permit | deny | node node_number ] View System view Parameter route_policy_name Enter the Route-policy name to identify one Route-p olicy uniquely .
IP Routing Policy Configuration Commands 173 [4500-route-policy].
174 C HAPTER 6: U SING R OUTING P R OTOCOL C OMMANDS.
7 U SING M ULTICAST P ROT O C O L C OMMANDS This chapter describes how to use th e following commands: IGMP Snooping Configuration Commands ■ d isplay igmp-snoo ping configuration ■ display igmp-s.
176 C HAPTER 7: U SING M ULTICAST P R OTOCOL C OMMANDS IGMP Snooping Configuration Commands This section describes how to use the Internet Group Management Protocol (IGMP) configuratio n comma nds on your Switch 4500.
IGMP Snooping Configuration Commands 17 7 This command displays the IP mult icast group and MAC multicast group information of a VLAN or all the VLAN wh er e the Ether net Switch is located.
178 C HAPTER 7: U SING M ULTICAST P R OTOCOL C OMMANDS <4500> display igmp-snooping statis tics Received IGMP general query packet (s) number:0. Received IGMP specific query packe t(s) number:0. Received IGMP V1 report packet(s) number:0. Received IGMP V2 report packet(s) number:0.
IGMP Snooping Configuration Commands 17 9 Parameter seconds: Specifies the port aging time of the multicast g roup member , ranging from 200 to 1000 and measured in seconds. The default is 260. Description Use the igmp-snooping host-aging- time command to co nfigure the port aging time of the multicast group members.
180 C HAPTER 7: U SING M ULTICAST P R OTOCOL C OMMANDS [4500] igmp-snooping max-response-t ime 20 igmp-snooping router -aging-time Syntax igmp-snooping router-aging-time se conds undo igmp-snooping router-aging-ti me View System View Parameter seconds: Specifies the r outer port aging time, ranging from 1 to 1000 measured in seconds.
IGMP Snooping Configuration Commands 18 1 <4500> reset igmp-snooping statistics.
182 C HAPTER 7: U SING M ULTICAST P R OTOCOL C OMMANDS.
8 U SING Q O S/ACL C OMMANDS This chapter describes how to use th e following commands: ACL Commands List ■ acl ■ d isplay ac l ■ d isplay pa cket-filter ■ p acket-filter ■ r eset ac l count.
184 C HAPTER 8: U SING Q O S/ACL C OMMANDS ACL Commands List This section describes how to use the ACL configuration commands on your Switch 4500. acl Syntax acl acl-number1 { inbound | outbou nd } un.
ACL Commands List 185 [4500] user-interface vty 0 4 [4500-user-interface-vty0-4] acl 2000 i nbound display acl Syntax display acl { all | acl-number } Vie w All views Parameter all: Displays all ACLs. acl-number: Specifies the sequen ce number of th e ACL to be displayed.
186 C HAPTER 8: U SING Q O S/ACL C OMMANDS Example T o display the information of the acti vated ACL of all interfaces, enter the following: <4500> display packet-filter unitid 1 packet-filter S.
ACL Commands List 187 reset acl counter Syntax reset acl counter { all | acl-number } Vie w User View Parameter all: All ACLs. acl-number : Specifies the sequence number of an ACL. Description Use the reset acl counters command to reset the ACL statistics information to zero.
188 C HAPTER 8: U SING Q O S/ACL C OMMANDS undo rule rule-id View Corresponding ACL View Parameter rule-id: Specifies the subitems of an ACL, ranging from 0 to 65534. permit: Permits pack ets that meet the requir ements. deny: Denies packets that meet the requirements.
ACL Commands List 189 a number which ranges from 0 to 255; code r epresents ICMP code, which appears when the protocol is “icmp” and the type of packet is not notated by a character , ranging from 0 to 255. established : Means that it is only effective to the first SYN packet established by TCP , appears when protocol is TCP .
190 C HAPTER 8: U SING Q O S/ACL C OMMANDS Y ou can define several subrules for an AC L. If you include parameters when using the undo rule command, the system only delete s the corresponding content of the subrule. For related configurations, refer to command acl .
QoS Configuration Commands List 191 Related co mmands: mirroring-port , monitor-port . Example T o display the po rt mirroring configuration, enter the follo wing: <4500> system-view System View.
192 C HAPTER 8: U SING Q O S/ACL C OMMANDS QoS setting information of the specified in terfaces, including tr affic policing, rate limit at interfaces, and so on.
QoS Configuration Commands List 193 Description Use the display qos-interface mirrored- to command to view the settings of the traffic mirr or . This command is used for displaying the set tings of traffic mirror . The information displayed includes the ACL of traffic to be mirr ored and the observing port.
194 C HAPTER 8: U SING Q O S/ACL C OMMANDS View Ether net Port V iew Parameter target-rate : The total limited rate of the pack ets sent by interfaces. Unit in Kbps. The number input must be a multip le of 64. For 100 Mbps port, the rang e is from 64 to 99968; for 1000 Mbps port, the range is from 64 to 1000000.
QoS Configuration Commands List 195 rule rule : Specifies the subitem of an active ACL, ranging fr om 0 to 65534; if not specified, all subitems of the ACL will be activated. If only IP ACL or Layer 2 ACL is activated, this para meter can be omitted. If both IP and Layer 2 ACL are activated at the same time, the rule parameter cannot be omitted.
196 C HAPTER 8: U SING Q O S/ACL C OMMANDS the Fabric. Y ou need to configure the monitor por t before configuring the monitored port. Related comma nd: display mirror .
QoS Configuration Commands List 197 Parameter priority-level: Specifies the priority level of the port, ranging from 0 to 7. Description Use the priority command to configure the priority of Ethernet po rt. Use the undo priority command to restor e the default port priority .
198 C HAPTER 8: U SING Q O S/ACL C OMMANDS System View: return to User View w ith Ctrl+Z [4500] interface Ethernet 1/0/1 [4500-Ethernet1/0/1] priority trust [4500-Ethernet1/0/1] qos cos-local-pr ecede.
QoS Configuration Commands List 199 Example Configure CoS and Local Pr ecedence table. <4500> system-view System View: return to User View with C trl+Z [4500] qos cos-local-precedence-map 0 1 2 3 4 5 6 7 [4500] The following is the configured "CoS Local-precedence” mapping table.
200 C HAPTER 8: U SING Q O S/ACL C OMMANDS link-group acl-number : Activ ates Layer 2 ACLs. acl-number: Sequence number of ACL, ranging from 4000 to 4999. rule rule : Specifies the subitem of an active ACL, ranging from 0 to 65534; if not specified, all subitems of th e ACL will be activated.
Logon User’s ACL Control Command 201 qstart : Start random di scarding queue length, if the queue is shorter than the value, no packet will be dr opped. Ranging from 1 to 128. The value must be a multiple of 16 KBytes. probability: discar ding probability .
202 C HAPTER 8: U SING Q O S/ACL C OMMANDS Example Perform ACL control to the users who access the local Switch using TELNET (basic ACL 2000 has been defined).
Logon User’s ACL Control Command 203 write : Indicates that this community name has the read-write right within the specified view . community-name : Character string of the community name. mib-view : Set the MIB view name which ca n be accessed by the community name.
204 C HAPTER 8: U SING Q O S/ACL C OMMANDS groupname: Gr oup name, ranging from 1 to 32 bytes. authentication: If this parameter is added to configuration command, the system will authenticate but no t encrypt SNMP data packets. privacy: Authenticates and encryp ts the packets.
Logon User’s ACL Control Command 205 Parameter v1 : V 1 security mode. v2c : V 2 security mode. v3 : V 3 security mode. user-name : The user name, ranging fr om 1 to 32 bytes. group-name : The corresponding group name of the user , ranging from 1 to 32 bytes.
206 C HAPTER 8: U SING Q O S/ACL C OMMANDS [4500] snmp-agent usm-user v3 John Mygroup authentication-mode md5 hello acl 2002.
9 U SING S TACK C OMMANDS This chapter describes how to use th e following commands: Stack Configu ration Commands ■ c hange self-unit ■ c hange unit-id ■ display ftm ■ display xrn-fabric ■ .
208 C HAPTER 9: U SING S TACK C OMMANDS change unit-id Syntax change unit-id to < 1-8 >{ < 1-8 > | auto-numbering } View System View Parameter < 1-8 >: Unit ID of the unit in a stack. auto-numbering: Change the unit ID automatically .
Stack Commands 209 2 00e0-fc03-5502 10 UP/DOWN 2 2/3 3 A 3 00e0-fc04-5502 10 UP/DOWN 2 4/5 3 A 6 00e0-fc05-5502 10 UP/DOWN 2 10/11 3 A 5 00e0-fc06-5502 10 UP/DOWN 2 8/9 3 A 4 00e0-fc07-5502 5 UP/DOWN .
210 C HAPTER 9: U SING S TACK C OMMANDS displayed on the console port of a device, an asterisk (*) next to the unit ID indicates the current device. Example T o display fabric information on the console port of unit 1, en ter the following: [4500] display xrn-fabric Fabric name is 4500 , system mode is L3.
Stack Commands 211 Unit 3 saved unit ID successfully. Unit 4 saved unit ID successfully. Unit 5 saved unit ID successfully. Unit 6 saved unit ID successfully.
212 C HAPTER 9: U SING S TACK C OMMANDS Description Use the ftm stacking-vlan command to specify the stacking VLAN of the Switch. Use the undo ftm stacking-vlan command to set the stacking VLAN of the Switch to its default value. Y ou should specify the stacking VLAN before the stack is established.
Stack Commands 213 Description Y ou can use this comm and to set a name for a device. Example T o set the name “hello” for the device with unit ID 1, enter the following: <4500> display xrn-.
214 C HAPTER 9: U SING S TACK C OMMANDS Unit Name Unit ID First 1 Second 2 (*).
10 U SING RSTP C OMMANDS This chapter describes how to use th e following commands: RSTP Configurat ion Commands ■ display stp ■ r eset stp ■ stp ■ stp bpdu-protection ■ stp cost ■ stp edg.
216 C HAPTER 10: U SING RSTP C OMMANDS RSTP Configuration Commands This section describes how to use the Rapid Spanning T ree Protocol (RSTP) configuration co mmands on your Switch.
RSTP Configuration Commands 217 Times: Hello Time 2 sec, Max Age 20 sec Forward Delay 15 sec, Message Age 0 BPDU sent: 0 TCN: 0, RST: 0, Config BPDU: 0 BPDU received: 0 TCN: 0, RST: 0, Config BPDU: 0 .
218 C HAPTER 10: U SING RSTP C OMMANDS Parameter interface interface_list : Specifies the Ethernet port list, including multiple Ethern et ports. Expressed as interface _list = { { interface_type interface_num | interface_name } [ to { interface_type interface_num | interface_name } ] }&<1-10> .
RSTP Configuration Commands 219 for the device and ports. This command en ables/disables RSTP on a device in system view and enables/disables RSTP on a port in Ether net Port View . Related co mmand: stp mode . Example T o enable RSTP on a Switch, enter the following: <4500> system-view System View: return to User View with C trl+Z.
220 C HAPTER 10: U SING RSTP C OMMANDS [4500]stp bpdu-protection stp cost Syntax stp cost cost undo stp cost View Ether net Port V iew Parameter cost : Specifies the path cost, ranging from 1 to 2000000. Description Use the stp cost command to configure the path cost on a spanning t ree for the current Ether net port.
RSTP Configuration Commands 221 Parameter enable: Sets the current Ethernet port as an edge port. disable: Sets the current Ethernet port as a non-edge port. Description Use the stp edged-port enable command to configur e the current port as an edge port.
222 C HAPTER 10: U SING RSTP C OMMANDS Example T o enable loop pr otection func tion in Ethernet1/ 0/1, enter th e following: <4500> system-view System View: return to User View w ith Ctrl+Z.
RSTP Configuration Commands 223 Parameter stp: Specifies to run Spanning T r ee in STP compatible mode. rstp: Specifies to run Spanning T ree in RSTP mode. Description Use the stp mode command to configure Spanning T ree’ s running mode. Use the undo stp mode command to restor e the default Spanning T ree’ s running mode.
224 C HAPTER 10: U SING RSTP C OMMANDS <4500> system-view System View: return to User View w ith Ctrl+Z. [4500] stp pathcost-standard dot1d- 1998 T o configure the Switch to calculate the default Path Cost of a port by the IEEE 802.
RSTP Configuration Commands 225 Parameter port-priority : Specifies the priority of the port, ranging fr om 0 to 240. The values are not consecutive integers. Step le ngth is 16. By default, the value is 128. Description Use the stp port priority command to configure the priority of the current Ethernet port.
226 C HAPTER 10: U SING RSTP C OMMANDS stp root primary Syntax stp root primary undo stp root View System View Parameter None Description Use the stp root primary command to configure the current Switch as the primary root of a spanning tr ee. Use the undo stp root command to can cel the current Switch for primary root of a spanning tree.
RSTP Configuration Commands 227 Description Use the stp root secondary command to configure the current Switch as a secondary root of a specified spanning tree. Use the undo stp root command to cancel the designation of th e current Switch for a secondary root of a specified spanning tree.
228 C HAPTER 10: U SING RSTP C OMMANDS not forward any packets (as if the link to it is disconnected). It will r esume normal status if it receives no BPDU with higher -pr iority for a period of time.
RSTP Configuration Commands 229 undo stp timer forward-delay Vie w System View Parameter centiseconds : Specifies the time of forwar d delay in centiseconds, ranging from 400 to 3000. By default, the value is 1500 centiseconds. Description Use the stp timer forward-delay command to configure the time of forwar d delay for the Switch.
230 C HAPTER 10: U SING RSTP C OMMANDS Related comma nds: stp timer forward-delay , stp timer max-age , stp transmit-limit . Example T o set the hello time of the Swit ch to 300 centiseconds, enter the fo llowing: <4500> system-view System View: return to User View w ith Ctrl+Z.
RSTP Configuration Commands 231 Parameter packetnum : The maximum number of STP pac kets a port can send within one hello time. It ranges from 1 to 255 and defaults to 3. Description Use the stp transmit-limit command to set the m aximum numb er of STP packets the curr ent port can send within one hello time.
232 C HAPTER 10: U SING RSTP C OMMANDS.
11 U SING AAA AND RADIUS C OMMANDS This chapter describes how to use th e following commands: 802.1x Configuration Commands ■ display dot1 x ■ dot1x ■ dot1x authentication-met hod ■ dot1x dhcp.
234 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS ■ domain ■ idle-cut ■ level ■ local-use r ■ local-user password-display-mode ■ messenger ■ password ■ radius-s cheme ■ scheme ■ sel.
235 ■ timer realtime-accounting ■ timer response-timeout ■ user -name-format.
236 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS 802.1x Configuration Commands This section describes how to use the 802.1x configuration commands on your Switch 4500. display dot1x Syntax display dot1x [ sessions | statist ics [ interface interface-list ]] View All views Parameter interface: Displays the 802.
802.1x Configuration Commands 237 Configuration: Transmit Period 30 s, Handshake Period 15 s Quiet Period 60 s, Quiet Period Timer i s disabled Supp Timeout 30 s, Server Timeout 100 s The Max-Req 3 Total maximum 802.1x user resource num ber is 1024 Total current used 802.
238 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS enabled global ly , if the parameters ar e not configur ed globally or for a specified port, they will maintain the default values. After the global 802.1x perfor mance is enabled, only when port 80 2.1x performance is enabled will the configurat ion of 802.
802.1x Configuration Commands 239 forwarding to the RADIUS server . Y ou can use EAP authenticatio n in one of th e four sub-methods: PEAP , EAP-TLS, EAP-TT LS and EAP-MD5. T o use P AP , CHAP or EAP authentication, RADIUS server should support P A P , CHAP or EAP authentication resp ectively .
240 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS Parameter user-number: Specifies the limit to the amount of supplicants on the port, ranging from 1 to 1024.
802.1x Configuration Commands 241 authorized-force: For ced authorized mod e, confi guring the interface to always stay in authorized state and the user is allowed to access the network resources without authentication/autho rization.
242 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS portbased: Configures the 802 .1x authentication system to perform authenti cation on the supplic ant based on interfac e number .
802.1x Configuration Commands 243 Parameter None Description Use the dot1x quiet-period comma nd to enable the qui et-period timer . Use the undo dot1x quiet-period comman d to disable this timer .
244 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS Related comma nds: display dot1x . Example T o configure the current device to transmi t an authentication request frame to the user for no more than 9.
802.1x Configuration Commands 245 Example T o configure the Switch to cut the netwo rk connection to a u ser upon detecting the use of proxy on Ethernet 1/0/1 ~ Ether net 1/0/8, enter the following: <4500> system-view System View: return to User View with C trl+Z.
246 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS server-timeout-value: Specify how long the duration of a timeout timer of an Authentication Server is. The value ranges from 100 to 300 seconds and defaults to 100 seconds. supp-timeout: Specify the authentication timeou t timer of a Supplican t.
Centralized MAC Address Authentic ation Configuration Commands 247 interface-type interface-num | interfac e-name } , where interface-type specifies the port type, interface-num specifies the port number an d interface-name specifies the port name. For the r espective meanings and value ranges, read the Parameter of the Port Configuration section.
248 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS Description Use the debugging mac-authentication event command to enable centralized MAC address authentication event debugging. Us e the undo debugging mac-authentication event command to disable event debugging.
Centralized MAC Address Authentic ation Configuration Commands 249 MAC ADDR Authenticate state AuthIndex mac-authentication Syntax mac-authentication [ interface interfac e-list ] undo mac-authenticat.
250 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS Parameter interface interface-list: Ethernet interface list in cluding several Ethernet interfaces, expressed in the fo rmat interface-list = { interface-num [ to interface-num ] } & < 1-10 > .
Centralized MAC Address Authentic ation Configuration Commands 251 Parameter usernamemacaddress : Specify the MAC addr ess mode for aut hentication. usernamefixed: Specify the fixed mode for authentication. Description Use the mac-authentication authmode command to set the MAC addr ess authentication mode.
252 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS <4500> system-view System View: return to User View w ith Ctrl+Z. [4500] mac-authentication authpassword mac mac-authentication authusername Synt.
Centralized MAC Address Authentic ation Configuration Commands 253 By default, the domain used by centraliz ed MAC addr ess authentication user is null, that is, not configured. Example T o configure the domain used by the MAC addr ess to Cams, enter the following: <4500> system-view System View: return to User View with C trl+Z.
254 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS AAA and RADIUS Configuration Commands This section describes how to use the AAA and RADIUS configuration commands on your Switch 4500.
AAA and RADIUS Configuration Commands 255 mac mac-address: Specifies the MAC address of a user . Where, mac-address takes on the hexadecimal format of HHHH-HHHH-HHHH-HHHH . idle-cut second: Allows/disallows the local us ers to enable the idle-cut function.
256 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS Parameter all: Configures to disconnect all connection. access-type { dot1x | mac authenti cation }: Configures to cut a category of connections according to logon type. dot1x means the 802.1x users. mac authentication means the centralized M AC address authentication users.
AAA and RADIUS Configuration Commands 257 ip-address | mac mac-address | radius-s cheme radius-scheme-name | vlan vlanid | ucibindex ucib-index | us er-name user-name ] Vie w All views Parameter access-type { dot1x | mac-authenticatio n }: Configures to display the supplicants according to their logon type.
258 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS display domain Syntax display domain [ isp-name ] View All views Parameter isp-name: Specifies the ISP domain nam e, wi th a character string not exceeding 24 characters. The specifi ed ISP domain shall have been cr eated.
AAA and RADIUS Configuration Commands 259 idle-cut: Configur es to display the local user s accor ding to the state of idle-cut function. disable means that the user disables the idle-cut function an d enable means the user enables the func tion. This parameter only takes effect on the users configured as lan-access type.
260 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS Ta b l e 30 Output description of the display local-user command domain Syntax domain { isp-name | default { disa ble | enable isp-name }} undo domain isp-name View System View Parameter isp-name: Specifies an ISP domain name.
AAA and RADIUS Configuration Commands 261 For a Switch, each supplicant belongs to an ISP domain. The system supports up to 16 ISP domains. If a user has not reported its ISP domain name, the system will put it into the default domain. When this command is used, if the spe cif ied ISP domain does not exist, the system will create a new ISP domain.
262 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS Related comma nd: domain Example T o enable the user in the current ISP domain, 3Com163.net, to use the idle-cut attribute specified in the use r template (that is, enabling the user to use the idle-cut function).
AAA and RADIUS Configuration Commands 263 Vie w System View Parameter user-name: Specifies a local username with a character string not exceeding 80 characters, excluding “/”, “:”, “*”, “?”, “<” and “> ”. The @ charac ter can only be used once in one username.
264 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS auto: The auto mode specifies that a us er is allowed to use the password command to set a password display mode. Description Use the local-user password-display-mode command, you can configure the password display mode of all the accessing user .
AAA and RADIUS Configuration Commands 265 ■ The client keeps the user informed of the remaining online time through a message aler t dialog box. Example T o configure to start the sending of al ert .
266 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS Parameter radius-scheme-name: Specifies a RADIUS scheme, with a character string not exceeding 32 characters. Description Use the radius-scheme command to conf igure the R ADIUS scheme used by the current ISP domain.
AAA and RADIUS Configuration Commands 267 ■ If the local or none scheme applies, no RADIUS scheme can be ad opted. ■ If you want to specify the ISP domain to adopt RADIUS scheme, then the RADIUS scheme must have already been configur ed. Y ou can use either scheme or radius -scheme command to spec ify the RADIUS scheme for an ISP domain.
268 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS The "Change user password" option is available only after the user passed the authentication; oth erwise, this o p tion is in grey and unavailable.
AAA and RADIUS Configuration Commands 269 Y ou can use either level or service-type commands to specify the level for a local user . If both of these commands are used , the latest configuration takes effect.
270 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS [4500] domain marlboro.net [4500-isp-marlboro.net] state block [4500-isp-marlboro.net] quit T o set the user 3Com1 to be in the block state, enter the .
RADIUS Protocol Configuration Comman ds 27 1 undo data-flow format Vie w RADIUS Sch eme View Parameter data: Set data unit. byte: Set 'byte' as the unit of data flow . giga-byte: Set 'giga-byte' as the unit of data flow . kilo-byte: Set 'kilo-byte' as th e unit of data flow .
272 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS Parameter None Description Use the display local-server statistics command to v iew the statistics of local RADIUS authentication server .
RADIUS Protocol Configuration Comman ds 27 3 TimeOutValue(in second)=3 RetryTimes=3 RealtimeACCT(in minute)=12 Permitted send realtime PKT failed coun ts =5 Retry sending times of noresponse acct- sto.
274 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS PKT auth timeout ,N um=0 ,Err=0 ,Succ=0 display stop-accounting-buffer Syntax display stop-accounting-buffer { r adius-scheme radius-scheme-name | sess.
RADIUS Protocol Configuration Comman ds 27 5 <4500> display stop-accounting-buffer time-range 0:0:0-2003/08/31 23:59:59-2003/08/31 Total find 0 record key Syntax key { accounting | authenticatio.
276 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS Example 2: T o set the accounting packet key of the RADIUS scheme to “ok”, enter the following: [4500-radius] key accounting ok local-server Syntax.
RADIUS Protocol Configuration Comman ds 27 7 undo nas-ip Vie w RADIUS Sch eme View Parameter ip-address : IP addr ess in dotte d decimal format. Description Use the nas-ip command to set the source IP.
278 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS By default, as for the newly created RADI US scheme, the IP a ddress of the primary accounting server is 0.0.0.0, and the UDP port nu mber of this server is 1813; as for the "system" RADIUS scheme created by the system, the IP addr ess of the primary accounting server is 127.
RADIUS Protocol Configuration Comman ds 27 9 After creating a RADIUS serv er group, you ar e supposed to set IP addresses and UDP port numbers for the RADIUS se rvers, including primary/seco nd authentication/authorization servers and accounting servers.
280 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS radius scheme Syntax radius scheme radius-scheme-name undo radius scheme radius-scheme-n ame View System View Parameter radius-scheme-name: Specifie s the Radius server name with a charac ter string not exceeding 32 characters.
RADIUS Protocol Configuration Comman ds 28 1 Vie w User View Parameter None Description Use the r eset radius sta tistics command to clear the statisti c information r elated to the RADIUS protoc ol.
282 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS retransmit it for several time s, which is set through the retry realtime-accounting command. This command is used to delete the stopping accountin g requests fr om the Switch buffer .
RADIUS Protocol Configuration Comman ds 28 3 <4500> system-view System View: return to User View with C trl+Z. [4500] radius scheme 3Com [4500-radius-3Com] retry 5 retry realtime-accounting Synt.
284 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS View RADIUS Scheme View Parameter retry-times: Specifies the maximal r etra nsmission times after stopping accounting request,.
RADIUS Protocol Configuration Comman ds 28 5 For detailed information, read the Description of the primary accounting command. Related co mmands: key , radius scheme , state . Example T o set the IP address of the second ac coun ting server of RADIUS scheme, 3Com, to 10.
286 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS undo server-type View RADIUS Scheme View Parameter 3Com: Configures the Switch to support the extended RADIUS server type, which requir es the RADIUS client end (Switch) and RADIUS server to interact according RADIUS extensions.
RADIUS Protocol Configuration Comman ds 28 7 authentication: Configures to set th e state of RADIUS authentication/authorization. block: Configures the RADIUS server to be in the state of block . active: Configures the RADIUS server to be active , namely the normal operation state .
288 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS Description Use the stop-accounting-buffer enable command to configure to save the stopping accounting requests without response in the Switch buffer .
RADIUS Protocol Configuration Comman ds 28 9 Related co mmands: radius scheme , retry . Example T o set the response timeout timer of RA DIUS scheme, 3Com, to 5 seconds, enter the following: <4500> system-view System View: return to User View with C trl+Z.
290 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS Parameter minutes: Real-time accounting in terval, rangin g from 3 to 60, measur ed in minutes in multiples of 3. By default, the value is 12. Description Use the timer realtime-accounting command to configure the real-time accounting in terval.
RADIUS Protocol Configuration Comman ds 29 1 Description Use the timer response-timeout command to configur e the RADIUS server response timer . Use the undo timer command to restor e the default.
292 C HAPTER 11: U SING AAA AND RADIUS C OMMANDS domains. Otherw ise, the RADIUS se rver will regard t wo users in different IS P domains as the same user b y mistake, if they have the same username (excluding their respective domain names.) Related comma nd: radius scheme .
12 U SING S YSTEM M ANAGEMENT C OMMANDS This chapter describes how to use th e following commands: File System Management Commands ■ cd ■ copy ■ delete ■ dir ■ execute ■ file prompt ■ fo.
294 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS ■ ftp timeout ■ local-use r ■ password ■ service-type F TP Client Commands ■ ascii ■ binary ■ bye ■ cd ■ cdup ■ close ■ dele.
295 Device Management Commands ■ boot boot-loader ■ boot bootrom ■ display boot-loader ■ display cpu ■ display devic e ■ display fan ■ display memory ■ display power ■ display schedu.
296 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS ■ info-center channel name ■ info-center console channel ■ info-center enable ■ info-center logbuffer ■ info-center loghost ■ info-cen.
297 ■ snmp-agent trap source ■ snmp-agen t usm-user ■ undo snmp-agent RMON Configuration Co mmands ■ display rmon alarm ■ display rmon event ■ display rmon eventlog ■ display rmon hist o.
298 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS ■ peer - public-key end ■ protocol inbound ■ public-key-code begin ■ public-key-code end ■ rsa local-key-pair create ■ rsa local-key-p.
File System Managem ent Commands 299 ■ quit ■ rem o v e ■ ren a me ■ rmdir ■ sftp File System Management Commands This section describes the commands you can use to manage the file system on your Switch 4500. In switches supporting the XRN feature, the file path must start with "unit[No.
300 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS When the destination filename is the same as that of an existing file, the system will ask whether to overwrite it. Example Display current dir e ctory information. <4500> dir Directory of unit1>flash:/ 0 -rw- 595 Jul 12 2001 19 :41:50 test.
File System Managem ent Commands 301 <4500> dir Syntax dir [ /all ] [ file-path ] Vie w User view Parameter /all: Display all the files (inc luding the deleted ones). file-path : File or dir ectory name to be displayed. The file-path parameter supports “*” matching.
302 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS 1 -rw- 248 Aug 29 2000 17:49:36 text.txt 20578304 bytes total (3104544 byte s free) execute Syntax execute filename View System view Parameter filename : Name of the batch file, which is a string up to 256 characters in lengt h, with a suffix of “.
File System Managem ent Commands 303 [4500] file prompt quiet [4500] format Syntax format filesystem Vie w User view Parameter filesystem: Device name. Description Use the format command to format the storage device. All of the files on the storage device will be lost and non-r ecov erable.
304 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS View User view Parameter file-path: File name. Description Use the more command to display the contents f of the specified file formatted as text. Example Display contents of file test.txt. <4500> more test.
File System Managem ent Commands 305 Move flash:/test/sample.txt to flash:/sample.txt. <4500> move flash:/test/sample.txt flash :/sample.txt Move unit1>flash:/test/sample.txt to un it1>flash:/sample.txt ?[confirm]: y % Moved file unit1>flash:/test/sample.
306 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS If the destination file name is the same as an existing dire ctory name, the rename operation will fail. If the dest ination file name is the same as an existing file name, a prompt will be displayed asking whet her to overwrite th e existing file.
File System Managem ent Commands 307 Vie w User view Parameter directory: Directory name. Description Use the rmdir command to delete a directory . Th e directo ry to be deleted must be empty .
308 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Display the information for all of the files in the current directory , including the deleted files . <4500> dir /all Directory of unit1>flash:/ 0 -rw- 50 Jul 12 2001 20 :34:19 sample.bak 1 -rw- 595 Jul 12 2001 20 :13:19 test.
Configurati on File Management Comma nds 309 By default, if some running configuration parameters are the same with the default operational parameters, they will not be displayed.
310 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS interface Ethernet1/0/6 interface Ethernet1/0/7 interface Ethernet1/0/8 interface Ethernet1/0/9 interface Ethernet1/0/10 interface Ethernet1/0/11 .
Configurati on File Management Comma nds 311 <4500> display saved-configuration local-server nas-ip 127.0.0.1 key 3com domain default enable system queue-scheduler wrr 1 2 3 4 5 9 13 15 ip http .
312 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS display startup Syntax display startup View All views Parameter None Description Use the display startup command, to display the related system softwar e and configuration filenames used for th e current and the next start-ups.
Configurati on File Management Comma nds 313 Generally , this command is used in the following situations: ■ After upgrade of software, configuration files in flash memory may not match the new version's software. Perform reset saved-configuration command to erase the old configuration files.
314 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Related comma nds: reset saved-configuration, display current-configuration, display sav ed-configuration. Example Get the current configuration files stored in flash memory . <4500> save The configuration will be written to the device.
FTP Server Configuration Commands 315 Parameter cfgfile : The name of the configuration file. It is a string with a leng th of 5 to 56 characters. Description Use the startup saved-configuration command to configure the configuration file used for enabling the system for the next time.
316 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS View All views Parameter None Description Use the display ftp-user command to display the parameters of current F TP user . Y ou can perform this command to examine the configuration after setting F TP parameter s.
FTP Server Configuration Commands 317 Vie w System view Parameter minute: Connection timeouts (measured in minutes), ranging fr om 1 to 35791; The default connection time out time is 30 minutes. Description ■ Use the ftp timeout command to configure connection timeout interval.
318 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS terminal : Specifies tha t the user type is te rminal which refers to users who use the terminal service (login fr om the Console, AUX or Asyn port). Description Use the local-user command to configure a local user and enter the local user view .
FTP Server Configuration Commands 319 [4500] local-user 3Com1 New local user added [4500-luser-3Com1] password simple 20030 422 service-type Syntax service-type { ftp [ ftp-directory directory ] | lan.
320 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS <4500> sys System View: return to User View w ith Ctrl+Z. [4500] local-user-3Com1 New local user added. [4500-luser-3Com1] service-type lan -access F TP Client Commands This section describes the File T ransfer Protocol (F TP) Client commands on your Switch 4500.
FTP Client Command s 321 Description Use the binary command to configure file tran smission type a s binary mode. Example Configure to transmit data in the binary mode. <4500> ftp 1.1.1.1 Trying ... Press CTRL+K to abort Connected. 220 FTP service ready.
322 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS View F TP Client view Parameter pathname: Path na me. Description Use the cd comman d to change the working path on the remote F TP Server . This command is used to access another directory on F TP Server .
FTP Client Command s 323 230 User logged in. [ftp] cdup 501 Change to no authenticated director y. [ftp] close Syntax close Vie w F TP Client view Parameter None Description Use the close command to d.
324 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Trying ... Press CTRL+K to abort Connected. 220 FTP service ready. User(none):hello 331 Password required for hello.
FTP Client Command s 325 Parameter None Description Using the disconnect command, subscri bers can disconnect F TP client side fr om F TP server sid e without exiting F TP client side view . This command terminates the contr ol co nnection and data connection with the remote F TP Server at the same time.
326 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS [ftp] get Syntax get remotefile [ localfile ] View F TP Client view Parameter localfile: Local file name. remotefile: Name of a file on the r emote F TP Server . Description Use the get command to download a r emote file and save it locall y .
FTP Client Command s 327 <SW4500> ftp 1.1.1.1 Trying ... Press CTRL+K to abort Connected. 220 FTP service ready. User(none):hello 331 Password required for hello.
328 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Parameter pathname: Dir ectory name. Description Use the mkdir command to create a dir ectory on the remote F TP Server . User can perform this operation as long as the remote F TP server has authorized the operation.
FTP Client Command s 329 230 User logged in [ftp] passive % Passive is on [ftp] put Syntax put localfile [ remotefile ] Vie w F TP Client view Parameter localfile: Local file nam e. remotefile: File name on the r emote F TP Server . Description Use the put command to upload a local file to the remote F TP Server .
330 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Example Show the current dir ectory on the remote F TP Server . <SW4500> ftp 1.1.1.1 Trying ... Press CTRL+K to abort Connected. 220 FTP service ready. User(none):hello 331 Password required for hello.
FTP Client Command s 331 Description Use the remotehelp command to display help information about the F TP protocol command. Example Show the syntax of the protocol command user . <SW5500> ftp 1.1.1.1 Trying ... Press CTRL+K to abort Connected. 220 FTP service ready.
332 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Parameter username: Logon username. password: Logon password. Description Use the user command to r egister an F TP user . Example Log in the F TP S erver with user name tom an d password hello . <SW4500> ftp 1.
TFTP Configuration Commands 333 % Verbose is on [ftp] TF TP Configuration Commands This section describes the T rivial File T r ansfer Protocol (TF TP) Commands on your Switch 4500. tftp get Syntax tftp tftpserver get source-file [ dest- file ] Vie w User view Parameter tftp-server: IP address or host name of the TF T P server .
334 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Description Use the tftp put co mmand to upload a f ile from the switch to the specif ied directory on the TF TP server and save it with a new name. Related comma nds: tftp get . Example < SW5500> tftp 1.
MAC Address Table M anagement Commands 335 When manag ing the Layer -2 addr esses of the switch, the administr ator can perform this command to view such info rmation as the Layer -2 address table, address status (static or dy namic), Ethernet port of the MAC address, VLAN of the address, and system address aging time.
336 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS undo mac-address [ { static | dyna mic | blackhole } mac-address interface { interface-name | inter face-type interface-num ] vlan vlan-id ] View System view Parameter static: Static table entry , lost after resetting switch.
MAC Address Table M anagement Commands 337 undo mac-address max-mac-count Vie w Ethernet port view Parameter count: Enter a value in the range 0 to 32768 to specify how many MAC addresses a port can learn. 0 means that the port is not allowed to lea r n MAC addresses.
338 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Description Use the mac-address timer command to configure the aging time of the Layer -2 dynamic addr ess table ent ry .
Device Managem ent Commands 339 Vie w User view Parameter file-path: File path and file name of Bootr om. Description Use the boot bootrom command to upgrade bootro m. Example Upgrade bootrom of the switch. <SW4500> boot bootrom PLATV100R002B09D00 2.
340 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS The information displays in the following format : Unit 1 Board 0 CPU busy status: 11% in last 5 seconds 12% in last 1 minute 14% in last 5 minutes display device Syntax display device [ unit unit-id ] View All views Parameter unit unit-id : Specify the Unit ID of the switch.
Device Managem ent Commands 341 Parameter unit unit-id : Specify the Unit ID of the switch Description Use the display fan command to display the working state of the built-in fans. Example Display the working state of the fans. <SW4500> display fan Unit 1 Fan 1 State: Normal The above information indicate s that the fan works normally .
342 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Parameter unit unit-id : Specify the Unit ID of the switch power-ID: Power ID. Description Use the display power command to display the working state of th e built-in power supply . Example Show power s tate.
Device Managem ent Commands 343 Example Reboots the Switch. <SW4500> reboot This will reboot device. Continue? [Y/N ] schedule reboot at Syntax schedule reboot at hh:mm [ yyyy/mm/dd ] undo sched.
344 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Example Set the switch to be restarted at 22:00 that night (the curr ent time is 15:50). <SW4500> schedule reboot at 22:00 Reboot system at .
Device Managem ent Commands 345 Confirm? [Y/N]: y %Apr 2 02:13:10:09 2000 3Com CMD/5/REB OOT:- 1 - aux0: schedule reboot parameters at 02: 13:10 2000/04/02.
346 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Basic System Configuration and Management Commands This section describes the basic system configuration and system management commands available on your Switch 4500. clock datetime Syntax clock datetime time date View User view Parameters time : Enter the current time in HH:MM:SS forma t .
Basic System Confi guration and Management Comma nds 347 end_time : Enter the end time of summer time, in the format HH:MM:SS. end_date : Enter the end date of summer time, in the format YYYY/MM/DD. offset_time : Enter the of fset time, that is th e amount o f time added, in the format HH:MM:SS.
348 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Use the undo clock timezone command to return t o the default, which is Universal T ime Coordinated (UTC).
System Status and System Information Display Comma nds 349 Vie w All views Parameter None Description Use the display clock command to obtain informat ion about system data and time from the terminal display .. For the related commands, see clock . Example View the curr ent system date and clock.
350 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Config message send: 0 0 Notification message recv: 0 0 Notification message send: 0 0 Information message recv: 0 0 Information message send: 0 0.
System Debug Commands 351 System Debug Commands This section describes the system debug ging options, and the system diagnostics information that can be displayed on your Switch 4500.
352 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS after the synchronization information statis tics and detection, you must execut e the undo info-center switch-on command to disable the switch in time. For the related commands, see display debugging .
Network Connection Test Commands 353 Use the undo end-station polling ip-address command to delete the IP address r equiring periodic testing. The switch can ping an IP ad dress every one minute to tes t if it is reachable. Three PING packets can be sent at most for ever y IP address in every testing with a time interval of five seconds.
354 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS -q : Configure not to display any other detailed information except stat istics. -r: Record route. -s packetsize: Specify the l ength of ECHO-REQUEST (excluding IP and ICMP packet header) in bytes.
Network Connection Test Commands 355 ■ The final statistics, inclu ding number of sent packets, nu mber of response packets received, per centage of non-response packets and minimal/maximum/average value of response time. If the network transmission rat e is too low to increase the r esponse message timeout.
356 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS View This command can be used in the following views: ■ System view Description Remote-ping is a network d iagnostic tool used to test the performance of protocols (only ICMP by far) operatin g on ne twork.
Network Connection Test Commands 357 Destination ip address:10.10.10.1 0 Send operation times: 10 Receive response times: 10 Min/Max/Average Round Trip Time: 1/2/1 Square-Sum of Round Trip Time: 13 Last complete test time: 2004-11- 25 16:28:55.
358 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS 9 1 1 0 2004-11-25 16:28:55.9 10 1 1 0 2004-11-25 16:28:55.9 View This command can be used in the following views: ■ Any view Description If a test group is specified by using the administrator -name and test-tag arguments, the system displays the test results of the specified test gr oup.
Network Connection Test Commands 359 Syntax remote-ping-agent enable undo remote-ping-agent enable Parameters None Example Enable remote-ping client. [S5500] remote-ping-agent enable Vie w This command can be used in the following views: ■ System view Description Y ou can perform a tes t only after the re mote-ping client f unction is enabled.
360 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Description Use the tracert command to check the reachab ility of network connection and troubleshoot the network. User can te st gateways passed by the packets transmitted from the host to th e destination.
Log Commands 361 Log Commands This section displays the logg ing opt ions available on your Switch 4500. display channel Syntax display channel [ channel-number | chan nel-name ] Vie w All views Parameter channel-number: Channel number , ranging from 0 to 9, that is, the system has ten channels.
362 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS For the related commands, see info-center enable , info-center loghos t , info-center logbuffer , info-center console channel , info-center monitor channel . Example Show the system log informatio n.
Log Commands 363 Example Rename channel 0 as execconsole. <SW4500>system-view System View: return to User View with C trl+Z. [SW4500] info-center channel 0 name exec console [SW4500] info-center.
364 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Parameter None Description Use the info-center enable command to enable the system log function. Use the undo info-center enable command to disable system log function. By default, system lo g function is enabled.
Log Commands 365 This command takes ef fect only after the system logging is enabled. For the related commands, see info-center e nable , display info-center . Example Send log information to bu ffer and sets the size of buffer as 50. <SW4500> system-view System View: return to User View with C trl+Z.
366 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Example Configure to send log information to the UNIX workstation at 202.38.160.1. <SW4500> system-view System View: return to User View w ith Ctrl+Z. [SW4500] info-center loghost 202.38 .160.
Log Commands 367 channel-name: Specify the channel name. The name can be channel6, channel7, channel8, channel9, console, logbuffer, loghost, monitor, snmpagent, trapbuffer. Description Use the info-center monitor channel command to set the channel to output the log information to the user terminal.
368 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS System View: return to User View w ith Ctrl+Z. [SW4500] info-center snmp channel 6 [SW4500] info-center source Syntax info-center source { modu-na.
Log Commands 369 channel-name: Channel name to be set. The name can be cha nnel6, channel7, channel8, channel9, console, logbu ffer, loghost, monitor, snmpagent, trapbuffer. state: Set the state of the information. state: Specify the state as on or off .
370 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Description Use the info-center source command to add/delete a record to the information channel.
Log Commands 371 In addition, each informati on channel has a default reco rd with the module name “a l l ” a n d m o du l e n u m be r as 0 xffff 0 0 0 0. H ow e ve r , f o r d i ffe re n t i n fo r ma t i on channel, the default log, trap and debugging settin gs in the recor ds may be differ ent with one anoth er .
372 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS After the forming of a Fabr ic by switches which support the XRN, th e log, debugging and trap informat ion among the switches is synchronous.
Log Commands 373 Example Configure the debugging informat ion timestamp format as boot. <SW4500> system-view System View: return to User View with C trl+Z.
374 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS View User view Parameter None Description Use the reset logbuffer command to clear information in log buf fer .
Log Commands 375 Example Enable the terminal display debugging . <SW4500> terminal debugging % Current terminal debugging is on <SW4500> terminal logging Syntax terminal logging undo terminal logging Vie w User view Parameter None Description Use the terminal logging command to start logging the information displayed on the terminal.
376 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS This command only takes effect on the current terminal where the commands ar e input. The debugg ing/log/trap information can be output to the current terminal, beginning in user view .
SNMP Configuration Commands 377 Parameter local-engineid: local engine ID. remote-engineid: r emote en gine ID. Description Use the display snmp-agent engineid com mand to view the engine ID of current device.
378 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Parameter groupname: Gr oup name, ranging from 1 to 32 bytes. Description Use the display snmp-agent group command to display g roup name, safe mode, state of various views and storage modes. Example Display SNMP group name and safe mode.
SNMP Configuration Commands 379 <SW4500> display snmp-agent mib-view View name:ViewDefault MIB Subtree:snmpUsmMIB Subtree mask: Storage-type: nonVolatile View Type:excluded View status:active Vi.
380 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS 3 Messages passed from the SNMP en tity 0 SNMP PDUs which had a tooBig err or (Maximum packet size 1500) 0 SNMP PDUs which had a noSuchName error .
SNMP Configuration Commands 381 display snmp-agent sys-info Syntax display snmp-agent sys-info [ contact | location | version ]* Vie w All views Parameter None Description Use the display snmp-agent sys-info command to view th e system information of SNMP configuration.
382 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS <SW4500> display snmp-agent usm-use r User name: hello Group name: hellogroup Engine ID: 800007DB00E0FC00 39006877 Storage-type: nonVolatile UserStatus: active Acl:2000 display snmp-proxy unit Syntax display snmp-proxy unit unit-id View Any view Parameter unit-id :Unit ID of the switch.
SNMP Configuration Commands 383 Parameter None. Description Use the enable snmp trap updown command to enable the current port to transmit the LINK UP and LI NK DOWN trap information. Use the undo enable snmp trap updown command to disable the current port to transmit the LINK UP and LI NK DOWN trap information.
384 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Configur e communit y name as mgr and read-write access permission. <SW4500> system-view System View: return to User View w ith Ctrl+Z. [SW4500] snmp-agent community write mgr [SW4500] Delete the community name comaccess .
SNMP Configuration Commands 385 3Com recommends that you do not use the notify-view parameter when configuring an SNMP group, for the following reasons: ■ The snmp-agent target-host command automatically generates a notify-view for a user , and adds it to the corresponding group.
386 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS View System view Parameter included: Include this MIB subtr ee. excluded: Exclude this MIB subtr ee. view-name: Specify the view name, with a character string, ranging from 1 to 32 characters . oid-tree: MIB object subtree.
SNMP Configuration Commands 387 Example Set the size of SNMP packet to 1042 bytes. <SW4500> system-view System View: return to User View with C trl+Z.
388 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS undo snmp-agent target-host host-a ddr securityname community-string View System view Parameter trap: Specifies the host to receive traps or notifications address: Specifies the transport address to be used in the generation of SNMP messages.
SNMP Configuration Commands 389 [SW4500] snmp-agent target-host trap add ress udp-domain 2.2.2.2 params securityname comaccess [SW4500] T o enable T rap messa ges to be sent to 2.2.2.2 with a commun ity name of public , enter the following: <SW4500> system-view System View: return to User View with C trl+Z.
390 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Description Use the snmp-agent trap enable command to enable the device to send T rap message. Use the undo snmp-agent trap enable command to d isable T rap message sending. By default, T rap messag e sending is disabled.
SNMP Configuration Commands 391 snmp-agent trap queue-siz e Syntax snmp-agent trap queue-size length undo snmp-agent trap queue-size Vie w System view Parameter length: Length of queue, ranging from 1 to 1000; the default length is 100.
392 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS snmp-agent usm-user Syntax snmp-agent usm-user { v1 | v2c } u sername groupname [ acl acl-list ] undo snmp-agent usm-user { v1 | v2 c } username g.
SNMP Configuration Commands 393 Use the undo snmp-agent usm-user command to delete a user from an SNMP group. SNMP engineID (for authen tication) is required when configuring remote users. This command will not be effectiv e if engineID is not configured.
394 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS RMON Configuration Commands This section describes the Remote Mon itoring (RMON) configuration command s available on your Switch 4500 . display rmon alarm Syntax display rmon alarm [ alarm-table-e ntry ] View All views Parameter alarm-table-entry: Alarm table entry index.
RMON Configuration Commands 395 Vie w All views Parameter event-table-entry: Entry index of event table. Description Use the display rmon event command to vi ew RMON events.
396 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS <SW4500> display rmon eventlog 1 Event table 1 owned by 3Com is VAL ID. Generates eventLog 1.1 at 0days 00 h:01m:39s. Description: The 1.3.6.1.2.1.16.1. 1.1.4.1 defined in alarm table 1, less than(or =) 100 with alarm val ue 0.
RMON Configuration Commands 397 display rmon prialarm Syntax display rmon prialarm [ prialarm-table- entry ] Vie w All views Parameter prialarm-table-entry: entry of ex tended alarm table. Description Use the display rmon prialarm command to display information about extended al arm table.
398 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Ta b l e 44 Output description of the display rmon prialarm command display rmon statistics Syntax display rmon statistics [ port-num ] View All views Parameter port-num: Ethernet port number . Description Use the display rmon statistics command to displa y RMON statistics.
RMON Configuration Commands 399 rmon alarm Syntax rmon alarm entry-number alarm-variable sampling-time { delta | absolute } rising-threshold threshold-v alue1 event-entry1 falling-threshold threshold-.
400 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS falling-threshold threshold-value2 : Falling threshold, ranging from 0 to 2147483647. event-entry2: Event number corresponding to the falling th reshold, ranging from 0 to 65535. owner text : Specifies the cr eator of th e alarm.
RMON Configuration Commands 401 owner rmon-station: Name of the network management station that cr eates this entry . The length of the character strin g ranges from 1 to 127. Description Use the rmon event command to add an entry to the event table. Use the undo rmon event command to delete an entry from this table.
402 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS [SW4500] interface Ethernet1/0/1 [SW4500-Ethernet1/0/1] undo rmon hi story 15 [SW4500-Ethernet1/0/1] rmon prialarm Syntax rmon prialarm entry-numb.
NTP Configuration Commands 403 The number of instances can be created in the table depends on the hardware resour ce of the p roduct. Example Delete line 10 from the extended RMON alarm table. <SW4500> system-view System View: return to User View with C trl+Z.
404 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS ■ Execute either ntp-service unicast-server , ntp-service unicast-peer , ntp-service broadcast-client , ntp-service broadcast-server , ntp-service multicast-client , and ntp-service mu lticast-server commands to enable the NTP feature and open UDP port 123 at the same time.
NTP Configuration Commands 405 display ntp-service status Syntax display ntp-service status Vie w Any view Parameter None Description Use the display ntp-service status command to display the status of NTP services. Example # View the status of the local NTP serv ice.
406 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS display ntp-service trace Syntax display ntp-service trace View Any view Parameter None Description Use the display ntp-service trace command to display the brief information of each NTP time server along the t ime sy nchronization chain fr om the local device to the refer ence clock source.
NTP Configuration Commands 407 server : Allows time request and query on the local NTP server . The loca l clock cannot be synch ronized to the remote server . synchronization : Allows only time r equest on the local NTP server . query: Allows only query on the local NTP server .
408 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Description Use the ntp-service authentication enable command to enable the NTP authentication. Use the undo ntp-service authentication enable command t o disable the NTP authenticatio n. By default, the NTP authentication is disabled.
NTP Configuration Commands 409 ntp-service broadcast-client Syntax ntp-service broadcast-client undo ntp-service broadcast-client Vie w VLAN interface view Parameter None Description Use the ntp-servi.
410 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Description Use the ntp-service broadcast-server command to configure an Etherne t switch to operate in the NTP br oadcas t server mode and send NTP broadcast messages through the curr ent interface.
NTP Configuration Commands 411 undo ntp-service max-dynamic-sessions Vie w System view Parameter number : Maximum number of the NTP se ssions th at can be established locally . This argument ranges from 0 to 100. Description Use the ntp-service max-dynamic-sessions command to set the maximum number of NTP sessions that can be established locally .
412 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Example Configure the switch to receive NTP mult icast messages thr ough Vlan-interface1, with the multicast IP address being 224.0.1.1. <SW4500> system-view System View: return to User View w ith Ctrl+Z.
NTP Configuration Commands 413 ntp-service reliable authentication-keyid Syntax ntp-service reliable authentication-key id key-id undo ntp-service reliable authenticatio n-keyid key-id Vie w System view Parameter key-id : Authentication key ID, in the range of 1 to 429496729 5.
414 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Use the undo ntp-service source-interface command to r emove the configuratio n. If you do not want the IP addresses of th e other interfaces on t.
NTP Configuration Commands 415 By default, the local Ether net switch is not configured as an active NTP peer . If you use remote-ip to specify a remote server as the peer of the local Ether net switch, the local switch operate s in the active pe er mode.
416 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Use the undo ntp-service unicast-server command to r emove the configuratio n. By default, no Ether net switch op erates in the NTP client mod e. The remote server specified by remote-ip serves as the NTP server and the local Ethern et switch serves as the NTP client.
SSH Terminal Service Configuration Comma nds 417 SSH T erminal Service Configuration Commands This section describes the SSH configur ation command s available on you r Switch 4500.
418 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS *0.1481894 SW4500 SSH/8/debugging_msg_send:- 1 -SSH2_MSG_USERAUTH_SUCCESS message sent on VTY 3 *0.
SSH Terminal Service Configuration Comma nds 419 Key name: SW4500_Host Key type: RSA encryption Key ======================================= ============== Key code: 308188 028180 A768F212 CDF98303 7D6.
420 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Example T o display all of the RSA public keys currently configur ed, enter the command display rsa peer-public-key .
SSH Terminal Service Configuration Comma nds 421 [SW4500] display ssh server status SSH version : 2.0 SSH connection timeout : 60 seconds SSH server key generating interval : 0 hours SSH Authentication retries : 3 times SFTP Server: Disable T o display SSH sessions: [SW4500] display ssh server session Conn Ver Encry State Retry Username VTY 3 2.
422 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Description Use the peer-public-key end command to exit from the public key view and return to the system view .
SSH Terminal Service Configuration Comma nds 423 [SW4500-ui-vty0-4] protocol inbound ssh T o disable the T elnet function of VTY 0 and make it support SSH only: [SW4500] user-interface vty 0 [SW4500-u.
424 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS After this command is performed to end th e public key edit procedur e, the system will check the validity of the key before saving the input public key .
SSH Terminal Service Configuration Comma nds 425 rsa local-key-pair destroy Syntax rsa local-key-pair destroy Vie w System view Parameter None Description Use the rsa local-key-pair destroy command to destr oy all the RSA key pairs of the server , in cluding the host keys and server keys.
426 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS View System view Parameter times : Specifies authentication retry times, in th e range of 1~5. Description Use the ssh server authentication-retries command to define SSH authentication retry times value, wh ich takes ef fect at next logon.
SSH Terminal Service Configuration Comma nds 427 Vie w System view Parameter username : A valid SSH username, which is a string consisting of 1 to 80 characters. keyname : A name of the client public key which is a string consisting of 1 to 54 characters.
428 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Use the undo ssh user username authentication-type command to r estore the default mode in which logon fails. By default, user cannot logon to the Sw itch through SSH or TELNET , you need to specify the authenticat ion type for a ne w user .
SSH Client Configu ration Commands 429 Parameter None Description Use the peer - public-key end command to exit from the public key view and r etur n to the system view .
430 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS [SW4500-key-code] BB2FC1ACF3EC8F828D55A36F1 CDDC4BB45504F020125 [SW4500-key-code] public-key-code end [SW4500-rsa-public-key] public-key-code end .
SSH Client Configu ration Commands 431 <SW4500> quit rsa peer -public-key Syntax rsa peer-public-key key-name Vie w System View Parameter key-name: The name of the public key o f the server , wh ich is a string consisting of 1 to 64 charac ters.
432 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Description Use the ssh client assign rsa-key command to specify the public key of the server to connect with on the client, so that the client authenticates if the server is trustworthy .
SSH Client Configu ration Commands 433 [SW4500] ssh client first-time enable ssh2 Syntax ssh2 { host-ip | host-name } [ port-num ] [ prefer_kex { dh_group1 | dh_exchange_group } ] [ prefer_ctos_cipher.
434 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS md5_96: HMAC algorithm hmac-md5-96. Description Use the ssh2 command to en able the connect ion between the SSH client and the server , and specify the preferred key ex change algorithm, encryption algorithm and HMAC algorithm of the client and the server .
SFTP Server Configuration Commands 435 SF TP Se rver Configuration Commands This section describes the SF TP server configur ation commands available on your Switch 4500. sftp server enable Syntax sftp server enable undo sftp server Vie w System View Parameter None Description Use the sftp server enable command to start the SF TP server .
436 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Description Use the ssh user service-type command to specify the service type for a particular user . Use the undo ssh user service-type command to restor e the default service type. By default, the service type is stelnet .
SFTP Client Configuration Commands 437 Parameter remote-path: The name of a path on the server . Description Use the cd command to change the current pa th on the SF TP server . If you do not specify the remote-path argument, the current path will be displayed .
438 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS Example T o delete the file temp.c from the server , enter the following: sftp-client> delete temp.c dir Syntax dir[ remote-path ] View SF TP client view Parameter remote-path :The n ame of the di rectory t o view .
SFTP Client Configuration Commands 439 Example T o terminate the connection with the re mote SF TP server , en ter the following: sftp-client> exit [SW4500] get Syntax get remote-file [ local-file ] Vie w SF TP client view Parameter remote-file: The name of a file on the r emote SF TP server .
440 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS sftp-client> help get get remote-path [local-path] Down load file Default local-path is the same wit h remote-path ls Syntax ls [ remote-path ] View SF TP client view Parameter remote-path: The name of the directory to view .
SFTP Client Configuration Commands 441 put Syntax put local-file [ remote-file ] Vie w SF TP client view Parameter local-file: The name of a local file. remote-file: The name of a file on the r emote SF TP server . Description Use the put command to upload a local file to the remote SF TP server .
442 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS View SF TP client view Parameter None Description Use the quit command to terminate th e connection with the r emote SF TP server and return to the System view . This command has the same functionality as the bye and exit commands.
SFTP Client Configuration Commands 443 newname: New file name. Description Use the rename command to change the name of the specified file on the SF TP server .
444 C HAPTER 12: U SING S YSTEM M ANAGEMENT C OMMANDS prefer_kex: Pr eferred key e xchange algorithm, which can be either diffie-hellman-gr oup1- sha1 or diffie-hellman-group-exchange-sha1. dh_group1: Key exchange algorithm diffie-hellman-group1-sha1, which is default algorithm.
13 C ONFIGURING P ASSWOR D C ONTR OL This chapter describes how to use th e following password contr ol commands: ■ display passwor d-contr ol ■ display passwor d-contr ol blacklist ■ display pa.
446 C HAPTER 13: C ONFIGU RING P ASSWORD C ONTROL Ta b l e 48 describes the output fields of the display passwor d-control command. display password-contr ol blacklist Syntax display password-control blacklist [ username username | ipaddress ip-address ] View Any view Parameter ■ username : Name of a user who has been added to the blacklist.
447 Description Use the display password-control super command to display the in formation about the password control for super passwords, including the passw ord aging time and the minimum passwor d length. Example # Display the information about the password contr ol for super passwords.
448 C HAPTER 13: C ONFIGU RING P ASSWORD C ONTROL View System view Parameter ■ aging-time : Password aging time. It ranges fr om 1 day to 365 days and defaults to 90 days. ■ length : Minimum password length. It ranges fr om 4 characters to 32 characters and defaults to 10 characters.
449 Use the password-control authentication-timeout authentication-timeout command to configure the timeout time for user passwor d authenticat ion. Use the password-control exceed command to configur e the procession mode used after password att empt failur e.
450 C HAPTER 13: C ONFIGU RING P ASSWORD C ONTROL Description Use the following password-contr ol enable commands to enable the various password control functions of the system: ■ Use the password-control aging enable command t o enable passwor d aging.
451 Vie w System view Parameter ■ aging-time : Aging time for super passwords. It ran ges from 1 day to 365 days and defaults to 90 days. ■ min-length : Minimum length for super pas swords. It ranges fr om 4 characters to 16 character s and de faults to 10 characters.
452 C HAPTER 13: C ONFIGU RING P ASSWORD C ONTROL # Delete the history password recor ds of user t est <4500> reset password-control hist ory-record username test Are you sure to delete all the .
453 Use the reset password-control blac klist username username command to delete one specific user entry in the blacklist. Example # Check the use r information in the blacklis t; as you can see, the blacklist cont ains three users: test, tes, and test2.
454 C HAPTER 13: C ONFIGU RING P ASSWORD C ONTROL.
A B OOTR OM I NTERFACE Accessing the Bootrom Interface During the initial boot phase of the Switch the following prompt is displayed with a five second countdown timer a llowing access to the bootrom: Starting...... ******************************************************* * * SuperStack 4 Switch 4500 5 0 -Port BOOTROM, Version 1.
456 A PPENDIX A: B OO TROM I NTERFACE BOOT MENU 1. Download application file to flash 2. Select application file to boot 3. Display all files in flash 4. Delete file from flash 5. Modify bootrom password 6. Enter bootrom upgrade menu 7. Skip current configuration file 8.
Boot Menu 45 7 Enter Option 1 at the prompt to display the following: Free Space: 10491904 bytes (*)-with main attribute;(b)-with backup attribute (*b)-with both main and backup attribute Please input the file number to be change: An asterisk (*) indicates the current main boot file.
458 A PPENDIX A: B OO TROM I NTERFACE Free Space: 10460160 bytes The current application file is s4b03_01_04s168.app (*)-with main attribute;(b)-with backup attribute (*b)-with both main and backup attribute Please input the file number to de lete: The current appl ication file is name a nd an * indicates the file in the list.
Boot Menu 45 9 Are you sure to disable bootrom password recovery? Yes or No(Y/N) n If the bootrom super password is disabled and the bootrom password (set at Boot Menu Option 5) is lost, bootrom access is no longer possible. If access to the bootrom menu is r equired, the Switch will need to be returned to 3Com for repair .
460 A PPENDIX A: B OO TROM I NTERFACE Selecting a F TP download 1. Set TFTP protocol parameter 2. Set FTP protocol parameter 3. Set XMODEM protocol parameter 0. Return to boot menu Enter your choice(0-3): 2 Load File name:s4b03_01_04s168.app Switch IP address:10.
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté 3Com 4500 PWR 50-PORT c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du 3Com 4500 PWR 50-PORT - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation 3Com 4500 PWR 50-PORT, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le 3Com 4500 PWR 50-PORT va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le 3Com 4500 PWR 50-PORT, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du 3Com 4500 PWR 50-PORT.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le 3Com 4500 PWR 50-PORT. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei 3Com 4500 PWR 50-PORT ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.