Backbone Switches, Aggregation Switches, Access Switches

MES53xx, MES33xx, MES23xx
Operation Manual, Firmware Version 4.0.2

Document Version
Version 1.2

Issue Date
25/05/2016

Version 1.1

12/05/2016

Version 1.0
Firmware Version

25/03/2016
4.0.2

Revisions
Chapter added:
2.3 Main Specifications
2.4 MES2348B Switch Design
Chapter added:
2.3 Main Specifications
2.4 MES3324 and MES2324 Switch Design
Chapter deleted:
5.14.2 IPv6 Protocol Tunnelling (ISATAP)
First issue

MES5324, MES2324, MES3324, MES2348Ethernet Switch Series

2

CONTENTS
1 INTRODUCTION ...........................................................................................................................................7
2 PRODUCT DESCRIPTION ..............................................................................................................................8
2.1 Purpose ................................................................................................................................................8
2.2 Switch Features ...................................................................................................................................8
2.2.1 Basic Features ............................................................................................................................8
2.2.2 MAC address processing features .............................................................................................8
2.2.3 Layer 2 Protocol Tunneling (L2PT) Features ..............................................................................9
2.2.4 Layer 3 Protocol Tunneling (L3PT) Features ............................................................................11
2.2.5 QoS Features............................................................................................................................12
2.2.6 Security features ......................................................................................................................12
2.2.7 Switch Control Features...........................................................................................................13
2.2.8 Additional Features..................................................................................................................14
2.3 Main specifications ............................................................................................................................15
2.4 Design ................................................................................................................................................17
2.4.1 Appearance and description of the front panel of MES5324, MES3324F, MES2324,
MES2324B, MES2324FB, MES2348B switches. ..........................................................................................17
2.4.2 Rear panel of the device ..........................................................................................................22
2.4.3 Side panels of the device .........................................................................................................23
2.4.4 Light Indication ........................................................................................................................24
2.5 Delivery Package................................................................................................................................26
3 INSTALLATION AND CONNECTION ............................................................................................................27
3.1 Support brackets mounting ...............................................................................................................27
3.2 Device rack installation......................................................................................................................27
3.3 Power module installation ................................................................................................................29
3.4 Connection to power supply .............................................................................................................29
3.5 Battery connection to MES2324B, MES2324FB ................................................................................30
3.6 SFP transceiver installation and removal ..........................................................................................30
4 INITIAL SWITCH CONFIGURATION.............................................................................................................32
4.1 Configuring the Terminal ...................................................................................................................32
4.2 Turning on the device ........................................................................................................................32
4.3 Startup menu .....................................................................................................................................33
4.4 Switch operation modes ....................................................................................................................34
4.4.1 Switch operation in stacking mode .........................................................................................34
4.5 Switch function configuration ...........................................................................................................35
4.5.1 Basic switch configuration .......................................................................................................35
4.5.2 Security system configuration .................................................................................................38
4.5.3 Banner configuration ...............................................................................................................39
5 DEVICE MANAGEMENT. COMMAND LINE INTERFACE .............................................................................40
5.1 Basic commands ................................................................................................................................40
5.2 Filtering command line messages .....................................................................................................42
5.3 Macrocommand configuration..........................................................................................................42
5.4 System management commands ......................................................................................................43
5.5 Password parameters configuration commands ..............................................................................48
5.6 File operations ...................................................................................................................................49
5.6.1 Command parameters description ..........................................................................................49
5.6.2 File operation commands ........................................................................................................49
5.6.3 Automatic update and configuration commands....................................................................51
5.7 System time configuration ................................................................................................................53
5.8 Interface configuration ......................................................................................................................57
5.8.1 Ethernet and Port-Channel interface parameters ...................................................................57
5.8.2 VLAN interface configuration ..................................................................................................64
MES5324, MES2324, MES3324, MES2348Ethernet Switch Series

3

5.9 Selective Q-in-Q ................................................................................................................................ 71
5.10 Broadcast Storm Control .................................................................................................................. 73
5.11 Link Aggregation Groups (LAG) ......................................................................................................... 74
5.11.1 Static link aggregation groups.............................................................................................. 75
5.11.2 LACP link aggregation protocol ............................................................................................ 75
5.12 IPv4 addressing configuration .......................................................................................................... 76
5.13 Green Ethernet configuration........................................................................................................... 78
5.14 IPv6 addressing configuration .......................................................................................................... 79
5.14.1 IPv6 protocol ........................................................................................................................ 79
5.15 Protocol configuration ...................................................................................................................... 82
5.15.1 DNS configuration ................................................................................................................ 82
5.15.2 ARP configuration ................................................................................................................ 83
5.15.3 GVRP configuration .............................................................................................................. 85
5.15.4 Loopback detection mechanism .......................................................................................... 86
5.15.5 STP family (STP, RSTP, MSTP) .............................................................................................. 87
5.15.7 LLDP configuration ............................................................................................................... 93
5.16 Voice VLAN........................................................................................................................................ 99
5.17 Multicast addressing....................................................................................................................... 100
5.17.1 Multicast addressing rules ................................................................................................. 100
5.17.2 IGMP snooping function .................................................................................................... 105
5.17.3 MLD snooping is a multicast traffic control protocol for IPv6 networks. .......................... 108
5.17.4 IGMP Proxy multicast routing function ............................................................................. 110
5.18 Multicast routing. PIM protocol ..................................................................................................... 112
5.19 Control functions ............................................................................................................................ 115
5.19.1 AAA mechanism ................................................................................................................. 115
5.19.2 RADIUS ............................................................................................................................... 118
5.19.4 TACACS+ ............................................................................................................................. 121
5.19.5 Simple network management protocol (SNMP) ................................................................ 122
5.19.6 Remote network monitoring protocol (RMON) ................................................................ 125
5.19.7 ACL access lists for device management ........................................................................... 131
5.19.8 Access configuration .......................................................................................................... 133
5.20 Alarm log, SYSLOG protocol ............................................................................................................ 137
5.21 Port mirroring (monitoring) ............................................................................................................ 139
5.22 sFlow function................................................................................................................................. 141
5.23 Physical layer diagnostics functions ............................................................................................... 142
5.23.1 Copper-wire cable diagnostics ........................................................................................... 142
5.23.2 Optical transceiver diagnostics .......................................................................................... 143
5.24 Security functions ........................................................................................................................... 145
5.24.1 Port security functions ....................................................................................................... 145
5.24.2 Port-based client authentication (802.1x standard) .......................................................... 147
5.24.3 DHCP management and Option 82 .................................................................................... 153
5.24.4 Client IP address protection (IP-source Guard) ................................................................. 156
5.24.5 ARP Inspection ................................................................................................................... 159
5.25 DHCP Relay features ....................................................................................................................... 161
5.26 DHCP Server Configuration ............................................................................................................. 163
5.27 ACL Configuration ........................................................................................................................... 166
5.27.1 IPv4-based ACL Configuration............................................................................................ 168
5.27.2 IPv6 ACL Configuration ...................................................................................................... 171
5.27.3 MAC-based ACL Configuration........................................................................................... 173
5.28 DoS attack protection configuration .............................................................................................. 175
5.29 Quality of Services (QoS) ................................................................................................................ 176
5.29.1 QoS Configuration.............................................................................................................. 176
5.29.2 QoS Statistics ..................................................................................................................... 181

MES5324, MES2324, MES3324, MES2348Ethernet Switch Series

4

5.30 Routing protocol configuration .......................................................................................................182
5.30.1 Static Routing Configuration...............................................................................................182
5.30.2 RIP Configuration ................................................................................................................183
5.30.3 OSPF and OSPFv3 configuration .........................................................................................185
5.30.4 Configuration of Virtual Router Redundancy Protocol (VRRP)...........................................190
6 SERVICE MENU, CHANGE OF FIRMWARE................................................................................................193
6.1 Startup Menu...................................................................................................................................193
6.2 Updating firmware from TFTP server ..............................................................................................193
6.2.1 System firmware update .......................................................................................................194
APPENDIX A. EXAMPLE OF DEVICE USAGE AND CONFIGURATION ..............................................................196
APPENDIX B. CONSOLE CABLE ......................................................................................................................200

MES5324, MES2324, MES3324, MES2348Ethernet Switch Series

5

LEGEND
Label

Description

[]

Square brackets are used to indicate optional parameters in the command
line; when entered, they provide additional options.

{}

Curly brackets are used to indicate mandatory parameters in the command
line. You need to choose one of them.

“,”
“-”

In the command description, these characters are used to define ranges.

“|”

In the command description, this character means 'or'.

“/”

In the command description, this character indicates the default value.

Calibri Italic

Calibri Italic is used to indicate variables and parameters that should be
replaced with an appropriate word or string.

Bold

Notes and warnings are shown in semibold.

<Bold Italic>

Keyboard keys are shown in bold italic within angle brackets.

Courier New

Command examples are shown in Courier New Bold.

Courier New

Command execution results are shown in Courier New in a frame with a
shadow border.

Notes and Warnings
Notes contain important information, tips or recommendations on device operation and
set-up.
Warnings tell the user about situations that may be harmful to the user, cause damage
to the device, malfunction or data loss.

MES5324, MES2324, MES3324, MES2348Ethernet Switch Series

6

1

INTRODUCTION

Over the last few years, more and more large-scale projects are utilising NGN concept in
communication network development. One of the main tasks in implementing large multiservice networks
is to create reliable high-performance backbone networks for multilayer architecture of next-generation
networks.
High-speed data transmission, especially in large-scale networks, requires a network topology that
will allow flexible distribution of high-speed data flows.
MES5324, MES3324, MES2324 and MES2348 series switches can be used in large enterprise
networks, SMB networks and carrier networks. These switches deliver high performance, flexibility,
security, and multi-tier QoS. MES5324 and MES3324 switches provide better availability due to protection
of nodes that enable fail-over operation and backup of power and ventilation modules.
This operation manual describes intended use, specifications, first-time set-up recommendations,
and the syntax of commands used for configuration, monitoring and firmware update of the switches.

MES5324, MES2324, MES3324, MES2348Ethernet Switch Series

7

2

PRODUCT DESCRIPTION
2.1

Purpose

High-performance aggregation switches MES5324 and MES3324 have 10GBASE-X, 40GBASE-X ports
and are designed to be used in carrier networks as aggregation devices and in data processing centres as
top-of-rack or end-of-row switches.
The ports support 40 Gbps (QSFP) (MES5324), 10 Gbps (SFP+) or 1 Gbps (1000BASE-X and
1000BASE-T SFP) for higher flexibility and ensure that you can gradually move to higher transfer rates.
Non-blocking switch fabric ensures correct packet processing with minimal and predictable latency at
maximum load for all types of traffic.
Front-to-back ventilation ensures efficient cooling in data processing centres.
Redundancy fans and AC or DC power supplies along with a comprehensive hardware monitoring
system ensure high reliability. The devices allow hot swapping of power and ventilation modules providing
smooth network operation.
MES2324 and MES2348 series access switches are L2+ managed
24 10/100/1000Base-T ports and 4 10GBase-X (SFP+)/1000Base-X (SFP) ports.

switches

with

The switches provide end users with connection to SMB networks and carrier networks through the
Gigabit Ethernet interface.

2.2

Switch Features

2.2.1 Basic Features
Table 2.1 lists the basic administrable features of the devices of this series.
Table 2.1. Basic features of the device

Head-of-Line blocking
(HOL)

HOL blocking occurs when device output ports are overloaded with traffic coming
from input ports. It may lead to data transfer delays and packet loss.

Jumbo frames

Enables jumbo frame transmission to minimize the amount of transmitted
packets. This reduces overhead, processing time and interruptions.

Flow control

With flow control you can interconnect low-speed and high-speed devices. To
avoid buffer overrun, the low-speed device can send PAUSE packets that will force
the high-speed device to pause packet transmission.

(IEEE 802.3X)

Operation in device
stack

You can combine multiple switches in a stack. In this case, switches are considered
as a single device with shared settings. There are two stack topologies—ring and
chain. All port parameters of each stack unit can be configured from the master
switch. Device stacking allows for reducing network management efforts.

2.2.2 MAC address processing features
Table 2.2 lists MAC address processing features.

MES5324, MES2324, MES3324, MES2348Ethernet Switch Series

8

This uplink port will receive all the traffic and provide isolation from other ports (in a single switch) located in the same broadcast domain (VLAN). MAC address processing features MAC address table The switch creates an in-memory look-up table that maps MAC addresses and switch port nodes. MES2348Ethernet Switch Series 9 .2. that frame will be sent only to the port specified in the table. Table 2. Thus. Learning mode allows the switch to analyse the frame. MES3324. Learning mode When learning is not available. Layer 2 feature description (OSI Layer 2) IGMP Snooping IGMP implementation analyses the contents of IGMP packets and discovers (Internet Group network devices participating in multicast groups and forwards the traffic to the Management Protocol) corresponding ports.3 Layer 2 Protocol Tunneling (L2PT) Features Table 2. Static MAC Entries The network switch allows you to define static MAC entries that will be saved in the routing table. MLD Snooping (Multicast Listener Discovery) MLD protocol implementation allows the device to minimize multicast IPv6 traffic. Then. Broadcast storm is a multiplication of broadcast messages in each host causing Broadcast Storm Control their exponential growth that can lead to the network meltdown. discover sender's MAC address and add it to the routing table.3 lists Layer 2 features and special aspects (OSI Layer 2). Switch users can define controlled and controlling ports and select the type of traffic (ingress or egress) that will be sent to the controlling port. 2. MAC Multicast support This feature enables one-to-many and many-to-many data distribution. MES5324.3. Port Mirroring Protected ports Port mirroring is used to duplicate the traffic on monitored ports by sending ingress or and/or egress packets to the controlling port. Used in III-play solutions. This feature assigns the uplink port to the switch port. MES2324. The switches can restrict the transfer rate for multicast and broadcast frames received and sent by the switch. the entry for this address expires and will be removed. It keeps the switch table up to date. Automatic Aging for MAC Addresses If there are no packets from a device with a specific MAC address in a specific period. if the destination MAC address of an Ethernet frames is already in the routing table.Table 2. the incoming data on a port will be transmitted to all other ports of the switch.2. MVR (Multicast VLAN Registration) This feature can redirect multicast traffic from one VLAN to another using IGMP messages and reduce uplink port load. the frame addressed to a multicast group will be transmitted to each port of the group.

Only two port operation modes are implemented— Promiscuous and Isolated (isolated ports cannot exchange traffic). IEEE 802. its traffic will be automatically redistributed to functioning components of the aggregated channel. Spanning Tree Protocol Spanning Tree Protocol is a network protocol that ensures loop-free network topology by converting networks with redundant links to a spanning tree topology.1w Rapid spanning tree protocol Rapid STP (RSTP) is the enhanced version of the STP that enables faster convergence of a network to a spanning tree topology and provides higher stability. the switch identifies and then distributes the VLAN inheritance data to all ports that form the active topology. This solution ensures that only one VLAN group is used on each port. The LACP enables automatic aggregation of separate links between two devices (switch-switch or switch-server) in a single data communication channel.1Q is an open standard that describes the traffic tagging procedure for transferring VLAN inheritance information. in case one link in the aggregated channel fails. Port Based VLAN 802. GARP VLAN (GVRP) GARP VLAN registration protocol dynamically add/removes VLAN groups on the switch ports.Private VLAN Edge Private VLAN (light version) This feature isolates the ports in a group (in a single switch) located in the same broadcast domain from each other. allowing traffic exchange with other ports that are located in the same broadcast domain but do not belong to this group. The switch supports various packet classification methods to identify the VLAN they belong to. Enables isolation of devices located in the same broadcast domain within the entire L2 network. VLAN support VLAN is a group of switch ports that form a single broadcast domain. The protocol constantly monitors whether link aggregation is possible. MES5324.1Q support Link aggregation with LACP (Link Aggregation Control Protocol) Distribution to VLAN groups is performed according to the ingress ports. IEEE 802. MES2324. If GVRP is enabled. MES2348Ethernet Switch Series 10 . MES3324. Switches exchange configuration messages using frames in a specific format and selectively enable or disable traffic transmission to ports. It allows multiple VLAN groups to be used on one port.

This protocol detects optimum routes on the basis of hops count data. (RIP) IGMP Proxy function OSPF protocol (Open Shortest Path First) Supported by MES5323. This is achieved MES5324. Routing Information Protocol The dynamic routing protocol that allows routers to get new routing information from the neighbour routers. This leads to greater bandwidth and reliability of the backbone 'switch-switch' or 'switch-server' channels. MES3324. Selective Q-in-Q Allows you to assign external VLAN SPVLAN (Service Provider’s VLAN) based on configured filtering rules by internal VLAN numbers (Customer VLAN).4 Layer 3 Protocol Tunneling (L3PT) Features Table 2. Static IP routes The switch administrator can add or remove static entries into/from the routing table.2. Address Resolution Protocol ARP maps the IP address and the physical address of the device. Supported by MES5323. IGMP is used for routing management. Link aggregation. A dynamic routing protocol that is based on a link-state technology and uses Dijkstra's algorithm to find the shortest route. change SPVLAN stamp for the packet in the specific network section. this port will be automatically added to the voice VLAN (identification by SIP or the destination MAC address is not supported). 2.LAG group creation (Link Aggregation Group) The device allows for link group creation. MES2324. trunking or IEEE 802. Table 2. MES3324F switches Virtual Router VRRP is designed for backup of routers acting as default gateways. MES3324F switches IGMP Proxy is a feature that allows simplified routing of multicast data between networks. If the MAC table of the switch contains a MAC address with VoIP gateway or IP phone OUI. MES2348Ethernet Switch Series 11 .4 lists Layer 3 functions (OSI Layer 3). A LAG group contains ports with the same speed operating in full-duplex mode.3ad is a technology that enables aggregation of multiple physical links into one logical link. the host address is requested by a broadcast packet.4. Selective Qin-Q allows you to break down subscriber’s traffic into several VLANs. Layer 3 Features description (Layer 3) BootP and DHCP clients (Dynamic Host Configuration Protocol) The devices can obtain IP address automatically via the BootP/DHCP. There are three types of balancing— based on MAC addresses. The mapping is established on the basis of the network host response analysis. IP addresses or destination port (socket). Auto Voice VLAN support Allows you to identify voice traffic by OUI (Organizationally Unique Identifier—first 24 bits of the MAC address). OSPF protocol distributes information on available routes between routers in a single autonomous system.

5. IP Source address guard The switch feature that restricts and filters IP traffic according to the mapping table from the DHCP snooping binding database and statically configured IP addresses. Packets are distributed into queues by classifying them by various fields in packet headers. MES2324.Redundancy Protocol (VRRP) Protocl Independent Multicast (PIM) by joining IP interfaces of the group of routers into one virtual interface which will be used as the default gateway for the computers of the network.1p priority value to distribute frames between priority queues.6.2. The switch checks the message received from the untrusted port: if the IP address in the body of the received ARP packet matches the source IP address.1p standard specifies the method for indicating and using frame priority to ensure on-time delivery of time-critical traffic. the switch drops this packet. Enable filtering of DHCP messages coming from untrusted ports by building and maintaining DHCP snooping binding database.6 Security features Table 2. 802. if they were received via an untrusted port. 2. Broadcast UDP traffic forwarding to the specified IP address. Table 2. Security features DHCP snooping DHCP Option 82 UDP relay A switch feature designed for protection from DHCP attacks. Supported by MES5323.1p standard defines 8 priority levels. DHСP snooping performs functions of a firewall between untrusted ports and DHCP servers. 3. the switch with DHCP snooping feature enabled identifies and drops all DHCP requests with Option 82. Border Gateway Protocol) rather than creates its own network topology.5 QoS Features Table 2.2. Basic quality of service features Priority queues support The switch supports egress traffic prioritization with queues for each port. the administrator can configure MES5324. 4 headers. The Protocol-Independent Multicast protocols for IP networks were created to address the problem of multicast routing. and automatically provides them to subscribers. MES3324. Dynamic ARP Inspection A switch feature designed for protection from ARP attacks. 802. It uses unicast routing to verify RPF. PIM relies on traditional routing protocols (such as. By default. An option to tell the DHCP server about the DHCP relay and port of the incoming request. (Protection) If these addresses do not match.5 lists the basic quality of service features. MES3324F switches 2. The switches can use the 802. This feature is used to prevent IP address spoofing. MES2348Ethernet Switch Series 12 . Routers perform this verification to ensure loop-free forwarding of multicast traffic. DHCP server features DHCP server performs centralised management of network addresses and corresponding configuration parameters.1p class of service support 802. L2 – L3 – L4 ACL (Access Using information from the level 2.

(SNTP) Traceroute Privilege level controlled access management Traceroute is a service feature that allows the user to display data transfer routes in IP networks. Authorized users will gain access to the specified network resources. access to the switch port will be granted only to those devices whose MAC addresses were assigned for this port. 2. The devices are able to download and transfer configuration files and firmware images via this protocol. The administrator can define privilege levels for device users and settings for each privilege level (read-only . Console command line interface (CLI) is an industrial standard. MES2324. This protocol is based on SSH network protocol. Switch control features Uploading and Device parameters are saved into the configuration file that contains configuration data for the specific device ports as well as for the whole system.1x authentication mechanism manages access to resources through an external server. the community entry list is defined where each entry contains access privileges.7.level 1. MES2348Ethernet Switch Series 13 .1x standard) IEEE 802. To control system access. Compatible devices gather diagnostics data using the network management station. Blocked ports support The key feature of blocking is to improve the network security. RMON is a standard MIB database that contains actual and historic MAC-level statistics and control objects that provide real-time data. downloading the configuration file Trivial File Transfer Protocol (TFTP) Secure Copy protocol (SCP) Remote monitoring (RMON) The TFTP is used for file read and write operations. Command Line Interface (CLI) Switches can be managed using CLI locally via serial port RS-232. This protocol is based on UDP transport protocol.Control List) Time Based ACL up to 1024 rules for processing or dropping packets. Port based authentication (802. The devices are able to download and transfer configuration files and firmware images via this protocol. CLI interpreter provides a list of commands and keywords that help the user and reduce the amount of input data. it is used to synchronize time on a network device with the server and can achieve accuracy of up to 1ms.7 Switch Control Features Table 2. Remote network monitoring (RMON) is an extension of SNMP that enables monitoring of computer networks.2. Allow you to configure the time frame for ACL operation. or remotely via telnet or ssh. SNTP is a network time synchronization protocol. full access . Simple Network Management Protocol (SNMP) SNMP is used for monitoring and management of network devices. MES3324. MES5324. Syslog Simple Network Time Protocol Syslog is a protocol designed for transmission of system event messages and error notifications to remote servers. SCP is used for file read and write operations.level 15).

RADIUS server uses a user database that contains authentication data for each user. Access via SNMP is allowed only for specific IP addresses that are the part of the SNMP community. MES2324. Additional functions Virtual Cable Test (VCT) The network switches are equipped with the hardware and software tools that allow them to perform the functions of a virtual cable tester (VCT). these features should be supported by the transceiver. Optical transceiver diagnostics The device can be used to test the optical transceiver. SSH server SSH server functionality allows SSH clients to establish secure connection to the device for management purposes. To use this function. MES2348Ethernet Switch Series 14 . The TACACS+ protocol provides a centralized security system that handles user authentication and a centralized management system to ensure compatibility with RADIUS and other authentication mechanisms. CLI). Table 2. 2. The device supports client authentication with TACACS+ protocol. MES5324.2.8. MES3324. Green Ethernet This mechanism reduces power consumption of the switch by disabling inactive electric ports. the device monitors the current. The tester check the condition of copper communication cables.8 Additional Features The table lists additional device features. power voltage and transceiver temperature.The switch can block access to each management interface (SNMP. authorization and accounting. Macrocommand support This feature allows the user to create sets of commands—macrocommands—and user them to configure the device. The switches implement a RADIUS client. During testing. RADIUS is used for authentication. Each type of access can be blocked independently: Management interface blocking Telnet (CLI over Telnet Session) Secure Shell (CLI over SSH) SNMP Local authentication IP address filtering for SNMP RADIUS client Terminal Access Controller Access Control System (TACACS+) Passwords for local authentication can be stored in the switch database.

4x40G Base-SR4/LR4 (QSFP) MES3324F 1x10/100/1000Base-T (ООВ).3 Main specifications Table 2. 24x10G Base-X(SFP+)/1000Base-X (SFP). MES2348Ethernet Switch Series 15 . MES3324F. MES2324B. MES2324FB. 4x10/100/1000 Base-T/1000 Base-X Combo MES2324. Main specifications General parameters MES5324 Marvell 98CX8129 MES3324F Packet processor Interfaces Switch performance Buffer memory MAC Address Table MES2324. Table 2. MES3324. 4x(10G Base-X(SFP+)/1000Base-X (SFP). 24x10/100/1000Base-T. 4x(10G Base-X(SFP+)/1000Base-X (SFP). MES5324 for routing: 8192 for traffic processing tasks: 8192х24V MES3324F for routing: 3072 for traffic processing tasks: 3072х24V TCAM routing volume MES5324. MES2324FB Marvell 98DX3236 MES2348B Marvell 2x98DX3236 MES5324 1x10/100/1000Base-T (ООВ). MES2324B 1x10/100/1000Base-T (ООВ). MES2324B. 4x(10G Base-X(SFP+)/1000Base-X (SFP)) MES5324 800 Gbps MES3324F MES2324. MES2324B. MES2324FB 128 Gbps MES2348B 176 Gbps MES5324 32Mb MES3324F MES2324.2. MES2348B 12Mb MES5324 64K entries (some MAC addresses are reserved by the system). 4x10/100/1000 Base-T/1000 Base-X Combo MES2348B 48x10/100/1000Base-T. 1х10/100/1000Base-T (Management). MES2324FB. 20x1000 Base-X (SFP). MES2324. MES2348B 16K entries (some MAC addresses are reserved by the system).9. 4x(10G Base-X(SFP+)/1000Base-X (SFP)) MES2324FB 1x10/100/1000Base-T (ООВ). MES2324.9 lists main specifications of the switch. MES2324B. 20x1000 Base-X (SFP).

1x User authentication Control Local control SNMP.3u 100BASE-T Fast Ethernet IEEE 802.MES2324.1s MSTP multiple spanning tree IEEE 802.1p Priority of traffic IEEE 802. packet size 10K Stacking Up to 8 devices Compliance IEEE 802. MES2324.3 10BASE-T Ethernet IEEE 802. AC: 220V+-20%.1q VLAN IEEE 802. 50 Hz DC: -36. 50 Hz MES2324B.1d STP spanning tree IEEE 802. MES2324FB.1Q Quality of Services (QoS) Traffic priority.3ab 1000BASE-T Gigabit Ethernet IEEE 802. MES2348B for routing: 1024хIPv4 for traffic processing tasks: 1024х24V Data transfer rate electric interfaces 10/100/1000Mbps optical interfaces 1/10/40 Gbps SQinQ rules qty Ingress: 980 Egress:140 ACL rules qty 1012 VLAN support up to 4K active VLANs as per 802.3x Data flow control IEEE 802.Single AC or DC power supply . 50 Hz and a lead-acid battery. MES2324FB.Two AC or DC hot-swappable power supplies MES2324 AC: 220V+-20%. MES2348Ethernet Switch Series 16 .3 ac IEEE 802.3ad LACP link aggregation IEEE 802. CLI Remote control TELNET.3 rate auto-detection IEEE 802. SSH Physical specifications and ambient conditions MES5324 MES3324F AC: 220V+-20%.1v IEEE 802. Power supply MES5324. 8 tiers 8 output queues with different priorities for each port Multicast up to 1024 static multicast groups ACL quantity 1024 Total number of ACL rules up to 2048 Number of L3 interfaces 512 LAG 8 groups with up to 8 ports in each MSTP instances qty 64 Jumbo frames Max.3z Fiber Gigabit Ethernet ANSI/IEEE 802.1w RSTP rapid spanning tree IEEE 802.. -72V Power options: . MES3324. MES2324B.

1–6. Ethernet switches MES3324F.4 Design This section describes the design of devices.4. MES3324F.min 20Ah (for example. MES2348B series is shown in Fig. MES2348B have a metal-enclosed design for 1U 19" racks. . MES2324FB. MES2348B switches. MES2348Ethernet Switch Series 17 . MES2324. MES2324.min 1. the description of connectors. MES2324FB. MES2324B.5 mm² Battery capacity . MES2324B.threshold voltage for low batter indication .11 V Battery connection wire size . . Front panel layout of the MES5324.MES2348B Charger specifications: . Front panel layout of the MES5324. 2. MES3324.1. 1–6. MES2324FB. MES2324. MES2324. 2.10–10. MES3324F. It provides the images of front. GP12200) Power consumption Dimensions MES5324 MES3324F max 85 W MES2324 max 25 W MES2324B max 50 W MES2324FB max 45 W MES2348B max 44 W / max 84 W (including for battery charging) MES5324 MES3324F 430x298x44mm MES2324 MES2324B 430 x 158 x 44 mm MES2324FB 430 x 243 x 44 mm MES2348B 430 х 280 х 44 mm о Operating temperature range from -20 to +45 C Storage temperature range from -40 to +70 С Operational relative humidity (noncondensing) up to 40% Storage relative condensing) from 10% to 95% humidity Average lifetime о (non- 20 years Power supply type is specified when ordering. MES2324B.7 A. MES2348B series is shown in Fig. MES2324B. MES2324. MES2324FB. rear and side panels of the device.5 V. MES5324.voltage of the load current release .charge current . MES3324F.1 Appearance and description of the front panel of MES5324. LED indicators and controls.

RPS Backup power supply LED.pressing the key for more than 10 seconds resets the device to factory default configuration. XLG4 Slots for XLG1-XLG4 transceivers. XLG2 XLG3. Connector pinning: 1 not used 2 not used 3 RX 4 GND 5 GND 6 TX 7 not used 8 not used 9 not used Soldering pattern of the console pattern is given in Appendix B 3 USB USB port. Description of MES5324 connectors. 2 Console Console port for local management of the device. 7 [1-24] Slots for 10G SFP+/ 1G SFP transceivers. 1. Management is performed over network other than the transportation network. MES5324.pressing the key for less than 10 seconds reboots the device. 4 OOB Out-of-band 10/100/1000 Base-T (RJ-45) port for remote device management. . 5 Mgmt 10/100/1000 Base-T (RJ-45) port for remote device management over the transportation network. LEDs and front panel controls No Front panel element Description Unit ID Indicator of the stack unit number. Transceivers QSFP+/SFP. Table 2. front panel Table 2.10 lists connectors. LEDs and controls located on the front panel of the switch. MES2348Ethernet Switch Series 18 .10. MES2324. Fan Fan operation LED. Master Device operation mode LED (master/slave). Power Device power LED. 1 MES5324. 8 XLG1.Fig. MES3324. 6 F Functional key that reboots the device and resets it to factory default configuration: .

11. 23-24] Combo ports: 10/100/1000 Base-T (RJ45) ports 7 XG1. Table 2. 3. Console Console port for local management of the device. Master Device operation mode LED (master/slave). OOB Out-of-band 10/100/1000 Base-T (RJ-45) port for remote device management. front panel MES5324. Power Device power LED. MES2348Ethernet Switch Series 19 . XG2 XG3. MES2324. Description of MES3324F connectors. RPS Backup power supply LED. front panel Table 2.Fig. MES3324F.pressing the key for less than 10 seconds reboots the device. Management is performed over network other than the transportation network. 2. . 4 F Functional key that reboots the device and resets it to factory default configuration: .11 lists connectors. 6 [11-12. MES3324.pressing the key for more than 10 seconds resets the device to factory default configuration. LEDs and controls located on the front panel of the MES3324F switch. 5 [1-24] Slots for 1GSFP transceivers. LEDs and front panel controls No Front panel element Description UnitID Indicator of the stack unit number. 1 2 3 Fig. XG4 Slots for 10GSFP+/ 1GSFP transceivers. Fan Fan operation LED. MES2324.

Power Device power LED. Status Device status LED (Green-red flash indicates missing IP address. Description of MES2324 connectors. MES2348Ethernet Switch Series 20 . Management is performed over the network other than the transportation network). Table 2. 5.pressing the key for less than 10 seconds reboots the device. Master Device operation mode LED (master/slave).12. front panel Fig. 6. MES2348B. MES2324FB. MES5324. 60/50Hz max 2A Connector for AC power supply. front panel Table 2. MES2324. 3 Console Console port for local management of the device. Greed light indicates that IP address is set. MES3324. LEDs and controls located on the front panel of the MES2324 switch. LEDs and front panel controls1 No Front panel element 1 ~110-250VAC. UnitID Indicator of the stack unit number.) Battery (MES2324B (FB)) Battery status LED.Fig. MES2324B. 4 F Functional key that reboots the device and resets it to factory default configuration: . MES2324B. 4. front panel Fig.12 lists controls. MES2324FB switches can have an OOB port (out-of-band 10/100/1000 Base-T (RJ-45) for remote device management. 2 Description 1 The MES2324.

MES5324. RPS Backup power supply LED. 1 The MES2324. 5 [1-24] 24 10/100/1000 Base-T (RJ-45) ports 6 Link/Speed Optical interface status LED 7 XG1.pressing the key for less than 10 seconds reboots the device. Power Device power LED. MES2348B switches. XG4 Slots for 10GSFP+/ 1GSFP transceivers. . XG2 XG3. MES3324.pressing the key for more than 10 seconds resets the device to factory default configuration. Link/Speed MES2324B Optical interface status LED. Table 2. MES2324FB switches can have an OOB port (out-of-band 10/100/1000 Base-T (RJ-45) for remote device management. MES2324. LEDs and controls located on the front panel of the MES2324B.pressing the key for more than 10 seconds resets the device to factory default configuration. Description of MES2324B. LEDs and front panel controls No Front panel element 1 ~110-250VAC. MES2324FB Slots for 1GSFP transceivers. Console Console port for local management of the device. MES2348B connectors.13 lists connectors. 3 4 5 6 Description MES2324B 24 10/100/1000 Base-T (RJ-45) ports. 2324] MES2324FB 4 10/100/1000 Base-T (RJ-45) ports. 60/50Hz max 2A Connector for AC power supply 2 12VDC max 3A Terminals for battery 12V UnitID Indicator of the stack unit number. Master Device operation mode LED (master/slave). XG4 Slots for 10GSFP+/ 1GSFP transceivers. MES2324B. F Functional key that reboots the device and resets it to factory default configuration: . 2324FB 1. [11-12. Table 2. Fan Fan operation LED. [1-24] 7 8 XG1. Management is performed over the network other than the transportation network).13.. MES2348Ethernet Switch Series 21 . XG2 XG3. MES2324FB.

15. 3 Connector for DC power supply 4 Connector for AC power supply Figure 8. 2 Removable fans Hot-swappable removable ventilation modules. MES3324.14 lists rear panel connectors of the switch.4. Table 2. 3 Connector for DC power supply 4 Connector for AC power supply MES5324. 7. MES2324.2. rear panel Table 2. 2 Removable fans Hot-swappable removable ventilation modules.14. Description of the rear panel connectors of the switch No Rear panel element Description 1 Earth bonding point Earth bonding point of the device.2 Rear panel of the device The rear panel layout of MES5324 series switches is depicted in Fig. 7. MES5324. MES2348Ethernet Switch Series 22 . MES3324F. Fig. rear panel Table 2. Description of the rear panel connectors of the switch No Rear panel element Description 1 Earth bonding point Earth bonding point of the device.

16. Description of the rear panel connectors of the switch No Rear panel element Description 1 Earth bonding point Earth bonding point of the device. rear panel Table 2. 3 12VDC max 5A Terminals for battery 12V 4 Connector for AC power supply 2.4. MES2324B.3 Side panels of the device Figure 11. Left side panel of Ethernet switches MES5324. 2 Removable fans Hot-swappable removable ventilation modules. 9. which is marked by (1) Figure 9. The rear panel of the MES2324. MES3324.The rear panel layout of MES2324 series switches is depicted in Fig. Right side panel of Ethernet switches Figure 12. MES2324. MES2348Ethernet Switch Series 23 . rear panel Figure 10. MES2324. MES2348B. MES2324FB switches have a grounding connection bolt.

see section 'Installation and connection'. Do not block air vents. 14. MES2324. which may result in device malfunction. 2. RJ-45 socket view MES5324. This may cause the components to overheat. 15. Location of LEDs is shown in Fig. For recommendations on device installation. 15. Figure 13. MES2348Ethernet Switch Series 24 .Side panels of the device have air vents for heat removal. SFP transceiver socket view LINK/ACT SPEED Fig. MES3324. 13.4.4 Light Indication Ethernet interface status is represented by two LEDs: green LINK/ACT and red SPEED. QSFP transceiver socket appearance LINK/ACT SPEED Fig. 14.

XLG port status LED SPEED indicator is lit LINK/ACT indicator is lit Ethernet interface state Off Off Port is disabled or connection is not established Solid on Solid on 40 Gbps connection is established Solid on Flashes Data transfer is in progress Table 2. System indicator LED LED name LED function LED State Off Power Power supply status Solid green Flashing green Solid green Master Indicates master stack unit Fan Cooling fan status Off Solid green Solid red Solid green RPS Backup power supply operation mode Solid red Off Solid green Battery (MES2324B.19. battery discharging Low battery 25 . Table 2. MES2348Ethernet Switch Series Device State Power is off Power is on.Table 2. power good Battery charging Main power disconnected. MES2324FB) Battery status LED Flashing green Solid orange Flashing red-green MES5324.13)) SPEED indicator is lit LINK/ACT indicator is lit Ethernet interface state Off Off Port is disabled or connection is not established Off Solid on 1 Gbps connection is established Solid on Solid on 10 Gbps connection is established X Flashes Data transfer is in progress Unit ID (1-8) LED indicates the stack unit number. RPS) are designed to display the operational status of the modules of the MES5324 and MES3324F switches. XG port state LED (Link/Speed LED for MES2324 (table 2. Master. MES3324. normal device operation Power-on self-test (POST) The device is a stack master The device is not a stack master or stacking mode is not set All fans are operational One or more fans failed Backup power supply is connected and in normal operation Backup power supply is missing or failed. Fan. System indicators (Power.17. MES2324.18. Backup power supply is not connected Battery connected.

MES2348Ethernet Switch Series 26 . MES5324.5 Battery disconnected Current release fault Delivery Package The standard delivery package includes: – – – – – Ethernet switch. Documentation. Power cable (if equipped with 220V power supply) Rack mounting set. Power module PM75-48/12 or PM-160-220/12. SFP/SFP+ transceivers may be included in the delivery package on request.Solid red Flashing red 2. MES3324. MES2324.

Attach the device to the vertical guides of the rack. To install the support brackets: Fig. MES5324. 2. Use a screwdriver to screw the support bracket to the case.2 Device rack installation To install the device to the rack: 1. 3. Use a screwdriver to screw the switch to the rack. 3.1 Support brackets mounting The delivery package includes support brackets for rack installation and mounting screws to fix the device case on the brackets.3 INSTALLATION AND CONNECTION This section describes installation of the equipment into a rack and connection to a power supply. MES3324. 16. Repeat steps 1 and 2 for the second support bracket. 2. Align four mounting holes in the support bracket with the corresponding holes in the side panel of the device. Align mounting holes in the support bracket with the corresponding holes in the rack guides. Support brackets mounting 1. MES2324. Use the holes of the same level on both sides of the guides to ensure horizontal installation of the device. 3. MES2348Ethernet Switch Series 27 . 3.

17. Figure 18.Fig. MES5324. MES2324. MES3324. Device rack installation Fig. MES2348Ethernet Switch Series 28 . MES5324 switch rack location Do not block air vents and fans located on the rear panel to avoid components overheating and subsequent switch malfunction. 18 shows an example of MES5324 rack installation.

4 Connection to power supply 1.3 Power module installation Switch can operate with one or two power modules. Depending on the delivery package. Power modules can be inserted and removed without powering the device off. but also by the absence of the primary power supply. The second power module installation is necessary when greater reliability is required.4. both places for power module installation are equivalent. the device must be properly grounded as well. Power module fault indication may be caused not only by the module failure. use wires with a minimum cross-section of 1 mm2. MES2324. Connect the power supply cable to the device. Use an insulated stranded wire to ground the case. MES3324. Fig.4) or by checking diagnostics available through the switch management interfaces. 3. the switch continues to operate without reboot. When an additional power module is inserted or removed. Prior to connecting the power supply. 3. the device can be powered by AC or DC electrical network. Power module installation You can check the state of power modules by viewing the indication on the front panel of the switch (see Section 2. 19. To connect the device to DC power supply. MES2348Ethernet Switch Series 29 . the power module located closer to the edge is considered as the main module. 2.3. In the terms of device operation. the device case must be grounded. From the electric point of view. use the cable from the delivery package. The grounding device and the ground wire cross-section must comply with Electric Installation Code. If you intend to connect a PC or another device to the switch console port. and the one closer to the centre—as the backup module. To connect the device to AC power supply. MES5324.

1. Insert the top SFP module into a slot with its open side down. Turn the device on and check the front panel LEDs to make sure the terminal is in normal operating conditions. MES2324FB To connect the battery. min 20Ah.6 SFP transceiver installation and removal Optical modules can be installed when the terminal is turned on or off.5 mm2. SFP transceiver installation MES5324. Figure 21. and the bottom SFP module with its open side up. 3. Connecting the battery to the device 3. Polarity must be observed when connecting the battery.5 Battery connection to MES2324B. Battery capacity. MES3324. MES2324. Figure 20. MES2348Ethernet Switch Series 30 . use wires with a minimum cross-section of 1.4.

When it is in place. Opening SFP transceiver latch 2. Push the module. Installed SFP transceivers To remove a transceiver. Remove the module from the slot. MES2324. Figure 24.2. MES2348Ethernet Switch Series 31 . MES3324. you should hear a distinctive 'click'. Fig. 22. 23. Fig. Unlock the module's latch. SFP transceiver removal MES5324. perform the following actions: 1.

20 Booting from SPI flash General initialization . To perform specific procedures. Set the data transfer rate to 115.0 High speed PHY . DDR3 Training Sequence .0. 4. MES3324.0 DDR3 Training Sequence .0. 3.1. Select the corresponding serial port. Turn the device on. non-parity. Specify the data format: 8 data bits.Number of DIMMs detected: 1 DDR3 Training Sequence ..5 (COM-PHY-V20) Update Device ID PEX0784611AB Update Device ID PEX1784611AB Update Device ID PEX2784611AB Update Device ID PEX3784611AB Update Device ID PEX4784611AB Update Device ID PEX5784611AB Update Device ID PEX6784611AB Update Device ID PEX7784611AB Update Device ID PEX8784611AB Update PEX Device ID 0x78460 High speed PHY . Press ctrl+shift+6 to enable debug mode.12 2013_Q3. To do this.Run with PBS.press RETURN or Esc. MES5324. 1 stop bit..14:45:42) Eltex version: v2011. U-Boot 2011.1 Configuring the Terminal Run the terminal emulation application on PC (HyperTerminal.0 4. Specify VT100 terminal emulation mode (many terminal applications use this emulation mode by default). the switch performs a power-on self-test (POST) which checks operational capability of the device before the executable program is loaded into RAM. Upon every startup.1 Loading system/images/active-image .12 (Feb 01 2016 .Ended Successfully BootROM: Image checksum verification PASSED Starting U-Boot. 5. use the Startup menu. interrupt the startup procedure by pressing <Esc> or <Enter>. MES2324.4 INITIAL SWITCH CONFIGURATION 4.2 Turning on the device Establish connection between the switch console ('console' port) and the serial interface port on PC that runs the terminal emulation application. MES2348Ethernet Switch Series 32 .200 baud. Disable hardware and software data flow control.Version: 1. The switch firmware will be automatically loaded two seconds after POST is completed. 4. Autoboot in 2 seconds . 2.Ended Successfully DDR3 Training Sequence . POST procedure progress on MES5324 switches: BootROM 1.Version: 2. TeraTerm.3.Ver 5. to abort and enter prom. Minicom) and perform the following actions: 1.

Autoboot in 2 seconds .12 (Feb 01 2016 . press Enter twice to complete the detection process User Name: Detected speed: 115200 User Name:admin Password:***** (admin) console# To quickly get help for available commands. >lcli Console baud-rate auto detection is enabled.3 Startup menu To enter the startup menu.14:45:42) Eltex version: v2011. use key combination SHIFT+?. reboot the device and press and hold the ESC or ENTER key for 2 seconds after the POST procedure is completed.1.After successful startup.1 Loading system/images/active-image . Startup menu interface functions Function Description Restore Factory Defaults Restore factory default configuration Password Recovery Procedure Reset authentication settings Back Resume startup MES5324.12 2013_Q3. connect to the device via the RS-232 interface. U-Boot 2011.press RETURN or Esc. MES3324..0 4.0. MES2324. Startup menu view: Startup Menu [1] Restore Factory Defaults [2] Password Recovery Procedure [3] Back Enter your choice or press 'ESC' to exit: Table 4.. MES2348Ethernet Switch Series 33 . 4. you will see the CLI interface prompt. to abort and enter prom.

Specify the device number unit-id to a local device (where the command is executed).4 Switch operation modes By default the MES5324. auto)/auto Unit_id: (1. Replicates all settings. MES3324.4. Remove stack settings. MES2348 are operating in the stacking mode. Privileged EXEC mode commands Command line prompt is as follows: console# Table 4. In stacking mode.1 Switch operation in stacking mode Switch stack works as a single device and can include up to 8 devices with the following roles defined by their sequential number (UID):  Master (device UID 1 or 2) manages all stack units.{fo1-fo4} stack configuration unit-id unit_id no stack configuration stack unit unit_id unit_id: (1. MES2348Ethernet Switch Series 34 .8.. and takes over stack management functions in case of the master device failure. Display verbose information about stackable interfaces. MES2324.8. Basic commands available in the EXEC mode Command show stack show stack configuration show stack links [details]  Value/Default value - Action Shows stack units information. Configuring the switch to operate in the stacking mode Command line prompt is as follows: console(config)# Table 4. There are two topologies for device synchronisation: ring and linear.2. Ring topology is recommended for increased stack robustness. MES2324. Display information about stackable interfaces of stack units. MES3324.  Backup (device UID 1 or 2) is controlled by the master.all) Action Assign the interfaces to synchronize switch in the stack. Can't work in a standalone mode (without a master device). multiple switches can be combined in a stack and perform as a single device.  Slave (device UID 3 or 8) is controlled by the master. Basic commands Command Value/Default value stack configuration links {fo1-fo4}. The device number change takes effect after the switch is restarted.3. In this mode. Switch to configuring a stack unit.. 4. MES5324 uses XLG ports for synchronization (other switches use XG ports) and these ports are not used for data transmission. show stack links command example: MES5324.4.

5. password. Run the terminal emulation application on the PC according to Paragraph 4. Use the following commands to create a new system user or configure the username. 4. 3.-------------------. connect the device to the PC using the serial port. default gateway Obtain IP address from the DHCP server Configure SNMP settings 4. Use the following command to save all changes made to the switch configuration: console# write 4.5 Switch function configuration Initial configuration functions can be divided into two types. MES2324. 4. Set up the admin password (with level 15 privileges) Create new users Configure static IP address.1. or privilege level: MES5324. Basic configuration includes: 1.----------.-------------------1 fo1/0/1 fo2/0/2 40G fo1/0/2 2 fo2/0/2 fo1/0/1 40G fo2/0/1 Devices with identical Unit IDs can't work in one stack.-------------------. MES3324. – – Basic configuration includes definition of basic configuration functions and dynamic IP address configuration. Authorization. you can define which interface will be used for remote connection to the device. Accounting).5. MES2348Ethernet Switch Series 35 .1 Setting up the admin password and creating new users Configure the password for the 'admin' privileged user to ensure access to the system. During initial configuration.console# show stack links Topology is Chain Unit Id Active Links Neighbor Links Operational Down/Standby Link Speed Links ------. subnet mask.5. 2. All unsaved changes will be lost after the device is rebooted.1 Basic switch configuration Prior to configuration. Security system parameters configuration includes security system management based on ААА mechanism (Authentication. Username and password are required to log in for device administration.1 Terminal Configuration.

enter the following command: console# show ip interface vlan 1 IP Address I/F I/F Status Type admin/oper -----------------. default gateway.-----disable No enable Valid MES5324.1. you can access it via IP 192.  Command examples for IP address configuration on VLAN 1 interface. mask 255.255.16. You can assign an IP address to any interface—VLAN.2 Configure static IP address.1. Gateway IP address should belong to the subnet that has one of the IP interfaces of the device. but denies configuration.0). If the IP address is configured for the physical port or port group interface.239.168. subnet mask.1 console (config) # exit console# To verify that the interface was assigned the correct IP address.168.168. MES2348Ethernet Switch Series 36 . VLAN 1 interface has the IP address 192.---------. in case the device is managed from another network.255.168. MES2324.------192. you have to configure the device IP address.168.239/24.console# configure console(config)# usernamenamepasswordpasswordprivilege {1-15} Privilege level 1 allows access to the device.168.-------. default gateway.--------. port group (by default.1. MES3324. and.16. In order to manage the switch from the network.144/24 vlan 1 UP/DOWN Static Directed Prec Redirect Status Broadcast --------. Privilege level 15 allows both the access and configuration of the device. subnet mask.16.144 /24 console (config-if) # exit console (config) # ip default-gateway192. physical port.255. this interface will be deleted from its VLAN group.168.1 console# configure console(config)# interface vlan 1 console (config-if) # ip address192.16.16. If all switch IP addresses are deleted.0 The default IP address of the gateway is 192. Interface parameters: IP address to be assigned for VLAN 1 interface: 192. Example commands to set admin's password as “eltex” and create the “operator” user with the “pass” password and privilege level 1: console# configure console(config)# username adminpasswordeltex console(config)# usernameoperatorpasswordpassprivilege1 console (config) # exit console# 4.5.---.255.144 Subnet mask: 255.

5. 2.4 Configuring SNMP settings for accessing the device The device equipped with an integrated SNMP agent and supports protocol versions 1. and private with read-write access to MIB objects.44 console (config)# exit console# Use the following command to view the community strings and SNMP settings: console# show snmp MES5324. IP address can be obtained from DHCP server via any interface—VLAN.specify read-only access rw .168.5.10.define SNMP administrator access.defines read-write access su .---. 3. By default.3 Obtain IP address from the DHCP server If there is a DHCP server in the network. Example of private community creation with read-write access and management station IP address 192.1. physical port. To enable device administration via SNMP. port group. Most commonly used community strings are public with read-only access to MIB objects.3/24 vlan 1 UP/UP DHCP disable No enable Valid 4.-------. The switches support three types of community strings: – – – ro . enter the following command: console# show ip interface vlan 1 IP Address I/F I/F Status Type Directed Prec Redirect Status admin/oper Broadcast ----------------. MES2348Ethernet Switch Series 37 .1. MES3324.-----10. The SNMP agent supports standard MIB variables.168. You can set the IP address of the management station for each community. DHCP client is enabled on the VLAN 1 interface.--------.--------. you can obtain the IP address via DHCP.10. MES2324.------.16. Configuration example for obtaining dynamic IP address from the DHCP server on the VLAN 1 interface: console# configure console(config)# interface vlan 1 console (config-if) # ip address dhcp console (config-if) # exit console# To verify that the interface was assigned the correct IP address. you have to create at least one community string.44: console# configure console(config)# snmp-server server console(config)# snmp-server communityprivate rw 192.16.4.---------.

The SSH mechanism is used for data encryption.----------. Accounting).16.2 notifications Target Address Type Community Version 3 notifications Target Address Type Username Version Udp Filter To Retries Port name Sec ---------------. Authentication-failure trap is enabled.----.-------------.1 Setting console password console(config)# aaa authentication login defaultline console(config)# aaa authentication enable defaultline console(config)# line console console(config-line)# login authentication default console(config-line)# enable authentication default console(config-line)# password console MES5324. Authorization.----. MES2348Ethernet Switch Series 38 .---------------.---------.------.-----------------.-----------private read write Default 192. MES3324.--------System Contact: System Location: 4.------. – – – Authentication—the process of mapping with the existing account in the security system.-----------.5.----.----.-------. The password is assigned by the user.2 Security system configuration To ensure system security.1 44 Community-String Group name IP address Mask Version Type -----------------. you can restart the device and interrupt its startup via the serial port by pressing the <Esc> or <Enter> keys in two seconds after the automatic startup message is displayed.----------.---------------.SNMP is enabled.2. If you lose your password.-----------. The default user name is admin and default password is admin. Version 1.5.-----Traps are enabled.-------. SSH. SNMP SNMP SNMP SNMP traps Source IPv4 interface: informs Source IPv4 interface: traps Source IPv6 interface: informs Source IPv6 interface: Community-String Community-Access View name IP address Mask -------------------.-------. 4. To ensure basic security. MES2324.------. Authorization (access level verification)—the process of defining specific privileges for the existing account (already authorized) in the system. Accounting—user resource consumption monitoring. The Startup menu will open where you can initiate password recovery procedure ([2]). the switch uses AAA mechanism (Authentication.--------- Security Udp Filter To Retries Level Port name Sec ---------------.168. you can define the password for the following services: – – – Console (serial port connection) Telnet.

2 Setting Telnet password console(config)# aaa authentication login default line console(config)# aaa authentication enable default line console(config)# ip telnet server console(config)# line telnet console(config-line)# login authentication default console(config-line)# enable authentication default console(config-line)# password telnet Enter telnet in response to the password prompt that appears during the registration in the telnet session. Role: Core switch Location: Objedineniya 9.2. For example: console(config)# banner exec . 4. str. you can specify a banner. 4. a message with any information.3 Banner configuration For your convenience. 4. MES5324.2.5.5.3 Setting SSH password console(config)# aaa authentication login default line console(config)# aaa authentication enable default line console(config)# ip ssh server console(config)# line ssh console(config-line)# login authentication default console(config-line)# enable authentication default console(config-line)# password ssh Enter ssh in response to the password prompt that appears during the registration in the SSH session.Enter console in response to the password prompt that appears during the registration in the console session. MES2324. MES2348Ethernet Switch Series 39 . MES3324.5.

This mode is designed for terminal operation configuration. MES3324. MES5324. Each mode has its own specific set of commands.. System prompt in this mode consists of the device name (host name) and the ‘#’ character. This mode is available immediately after the switch starts up and you enter your user name and password. the privilege level is 15). You can enter this mode from the global configuration mode.This mode allows you to specify general settings of the switch. Switching between modes is performed by using special commands. MES2348Ethernet Switch Series 40 .15)/15 -/function is enabled Action Switch to the privileged mode (if the value is not defined. Show command history for the current terminal session. COMMAND LINE INTERFACE Switch settings can be configured in several modes. Use the configure command to enter this mode.1 Basic commands EXEC mode commands Command line prompt in the EXEC mode is as follows: console> Table 5.5 DEVICE MANAGEMENT. console> Privileged command mode(privileged EXEC). Get help on command line interface operations. console# configure console(config)# Terminal configuration mode (line configuration). MES2324. Close the active terminal session. The list of existing modes and commands for mode switching: Command mode (EXEC). console# Global configuration mode. Enable command history for the current terminal session. console(config)# line{console | telnet | ssh} console(config-line)# 5.1. Basic commands available in the EXEC mode Command enable [priv] login exit help show history show privilege terminal history Value/Default value priv: (1. Close the current session and switch the user. Global configuration mode commands are available in any configuration submode. Show the privilege level of the current user. This mode is available immediately after the switch starts up and you enter your user name and password (for unprivileged users). Enter the ‘?’ character to view the set of commands available for each mode. System prompt in this mode consists of the device name (host name) and the ‘>’ character.

Execute a command of the command level (EXEC) from any configuration mode. Enable the debug mode.terminal no history - terminal history size size size: (10. Display banner configuration. Basic commands available in all configuration modes Command exit end do help Value/Default value - Action Exit any configuration mode to the upper level in the CLI command hierarchy. Enter the configuration mode.3. 7 . Set the default value Show command output without splitting into pages (to split help output into pages.. MES3324. The commands available in all configuration modes Command line prompt is as follows: console# console(config)# console(config-line)# Table 5. Basic commands available in privileged EXEC mode Command disable [priv] configure[terminal] debug-mode Value/Default value priv: (1. MES2348Ethernet Switch Series 41 . MES5324.15)/1 - Action Switch from privileged mode to normal mode. Set the default value. Quit: q or CTRL+Z. Privileged EXEC mode commands Command line prompt is as follows: console# Table 5. Show help on available commands. Exit any configuration mode to the command mode (Privileged EXEC). One line: <return>). MES2324.2. Change the buffer size for command history for the current terminal session.207)/10 terminal no history size - terminal datadump -/command output is split into pages no terminal datadump show banner [login | exec] - Disable command history for the current terminal session. use the following command: More: <space>.

Basic commands available in the configuration mode Command Value/Default value banner execd message_text d Action Specify the exec message text (example: User logged in successfully) and show it on the screen . Display all strings that contain the template. Set the default value. you can create unified sets of commands—macros—to be later used for configuration purposes. total count is 2000 characters).3 Value/Default value - Action Show strings that begin with the pattern. Remove the login message. MES3324.message_text . Change buffer size for command history. . Global configuration mode commands Method begin pattern include pattern exclude pattern 5.6. MES2348Ethernet Switch Series 42 .5. Basic commands available in terminal configuration mode Command Value/Default value history -/function is enabled no history history size size no history size exec-timeout timeout no exec-timeout 5. . no banner exec banner login d message_text d - no banner login Terminal configuration mode commands Command line prompt in the terminal configuration mode is as follows: console(config-line)# Table 5.d – delimiter. min. To filter information. Table 5. total count is 2000 characters). Display all strings that doesn't contain the template Macrocommand configuration Using this function. . Set the default value. add the ‘|’ symbol at the end of the command line and use one of the filtering options provided in the table. MES5324.message text (up to 510 characters in a line. Set timeout for the current terminal session.207)/10 timeout: 0-65535/10 minutes Action Enable command history. Specify the login message text (informational message that is shown before username and password entry) and show it on the screen.d – delimiter. Disable command history.4.message_text . Remove the exec message. Filtering command line messages Message filtering allows you to reduce the amount of data displayed by user requests and make it easier to find the required information.message text (up to 510 characters in a line.. MES2324.2 size: (10.Global configuration mode commands Command line prompt is as follows: console(config)# Table 5.

group: (1. MES2348Ethernet Switch Series 43 ...32) characters word: (1...7.. MES2324. EXEC mode commands Command macro apply word macro trace word show parser macro [{brief | description [interface {gigabitethernet gi_port | tengigabitethernette_port | fortygigabitethernet fo_port | port-channel group}] | name word}] Value/Default value word: (1.... Delete the descriptor string.. Apply the selected macro.32) characters Interface configuration mode commands Command line prompt in the interface configuration mode is as follows: console(config-if)# Table 5.. Create the global macro descriptor string. Specify the macro descriptor string.32) characters no macro name word macro global apply word macro global trace word macro global description word no macro global description word: (1. te_port: (1. MES3324. enter the ‘@’ character. word: (1. it will be overwritten.4 Value/Default value word: (1.4). word: (1.. Commands are entered line by line. Action Apply the selected macro. Maximum macro length is 510 characters. Show parameters of the macros configured on the device. Validate the selected macro. Validate the selected macro. System management commands EXEC mode commands Command line prompt in the EXEC mode is as follows: console> MES5324. Delete the selected macro. EXEC mode commands Command line prompt in the EXEC mode is as follows: console> Table 5. word: (1. word: (1.32) characters.48).. Interface configuration mode commands Command macro apply word macro trace word macro descriptionword no macro description 5.32) characters Action Apply the selected macro. gi_port: (1. fo_port: (1. Validate the selected macro.32) characters Action Create a new command set.9. if the set with this name already exists.8/0/1. Global configuration mode commands Command Value/Default value macro name word word: (1.8.Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5..8/0/1.8)..8/0/1..32) characters.160) characters. To finish the macro.24).160) characters Delete the descriptor string..

D |host}[sizesize][countcount][ timeouttimeout][sourceA..1518)/66 bytes..C.Ошибка! Неизвестный аргумент ключа.65535)/4.request timeout.D.F] Value/Default value host: (1... . .D ...timeout . ttl: (1. timeout: (1.A. .F .15.timeout of the request.maximum quantity of packet transmission attempts for each section.158) characters. . .B... .255)/30. System management commands in EXEC mode Command ping [ip] {A.B. the quantity of bytes in the packet. port: (1.domain name of the network node.B.size of the packet to be sent... MES3324. telnet {A.1518)/64 bytes.C. MES5324.158) characters.D] ping ipv6 {A.D.count . . 5. resume [connection] (1..C.keyword .A. timeout: (1.domain name of the network node.connection .F |host} [sizesize] [ttlttl] [countcount] [timeout timeout] [sourceip_address] host: (1.60)/3 s.B.quantity of packets to be sent. .D | host} [port] [keyword1…] host: (1..B. Detect traffic route to the destination node..TCP port which is used by Telnet. .C. .C.C.ip_address. .timeout .size . size: (66. count: (1. traceroute ip {A.D | host} [port] [keyword1.F |host}[sizesize][countcount][ timeouttimeout][source A.count ..10)/3.1518)/64 bytes.keyword . . .12. Keywords are described in table Неизвестный аргумент ключа.network node IPv4 address.size of the packet to be sent. ssh {A. size: (64.D.host . .E. . .host . .ttl .count .D.maximum quantity of packet transmission attempts for each section.. . ttl: (1.size of the packet to be sent.size .request timeout. .14.158) characters. MES2324..switch interface IP address used for packet transmission.Table 5. . .host .C ..B.10)/3.C. . . . MES2348Ethernet Switch Series Ошибка! 44 . .size .IPv6 address of the network node.quantity of packets to be sent.port . Ошибка! Неизвестный аргумент ключа. the quantity of bytes in the packet.A.E... .158) characters. Detect traffic route to the destination node..count .B.domain name of the network node. count: (0. The description of the command errors and results is given in tables Ошибка! Источник ссылки не найден.C. .255)/30. Open SSH session for the network node.. Switch to another established TELNET session.domain name of the network node.maximum quantity of route sections.ip_address.maximum quantity of route sections. . . . port: (1. size: (64.. . .host .switch interface IP address used for packet transmission.B.timeout . This command is used to transmit ICMP requests (ICMP EchoRequest) to a specific network node and to manage replies (ICMP Echo-Reply).B.B. the quantity of bytes in the packet.port .158) characters.60) /3 s. count: (0.host . timeout: (50.network node IPv4 address.C.C.10. host: (1.158) characters.A..65535)/4. Specific Telnet commands and keywords are given in tables 5.4)/the last established session Action This command is used to transmit ICMP requests (ICMP EchoRequest) to a specific network node and to manage replies (ICMP Echo-Reply).timeout of the request. .D .keyword..keyword.B.B.65535)/2000 ms.host . count: (1.D .number of established telnet session.network node IPv4 address.F . .TCP port which is used by SSH. Open TELNET session for the network node.network node IPv4 address. traceroute ipv6 {A.D .E.C. timeout: (50.IPv6 address of the network node..size of the packet to be sent. The description of the command errors and results is given in tables 5.domain name of the network node.size .] host: (1. the quantity of bytes in the packet.. size: (68.65535)/22.B.E..domain name of the network node.A.65535)/23.E.B.A.C.D.65535)/2000 ms.D | host} [sizesize] [ttlttl] [countcount] [timeouttimeout] [sourceip_address] host: (1.1518)/68 bytes.C.ttl ..timeout .

8)/- Display the total and used size of hardware tables (routing. . show system show system id [unit unit] - - Output system information. execute the ‘resume N’ command where N is the connection number from the ‘show sessions’ command output. MES5324.unit .8)/unit: (1. This will switch you to the parent session.show users [accounts] - Show information on users that consume device resources. . Return to the parent session (to the switch). 2. show sessions - Display information about open sessions to remote devices. MES3324. MES2324.the stack unit number. Press <Ctrl+Shift+6>.unit . . Display information about power module state. Display information about fan status. .. 4. interfaces).unit . The ‘Show sessions’ command shows all remote connections for the current session. All outgoing connections for the current session will be listed in the table.the stack unit number. 3. Display information about temperature sensors. This command is used as follows: 1.the stack unit number. To return to remote device session.. Show TCAM memory (Ternary Content Addressable Memory) resource load. Show switch system information.8)/- unit: (1. release the keys and press <x>. Execute the ‘show sessions’ command. neighbours.unit . show system [unitunit] show system fans [unitunit] show system power-supply show system sensors show version show system router resources show system tcam utilization [unit unit] unit: (1... - Display the current firmware version. Device serial number.8)/unit: (1. MES2348Ethernet Switch Series 45 . Connect to a remote device from the switch via TELNET or SSH.the stack unit number.

Privileged EXEC mode commands
Command line prompt in the privileged EXEC mode is as follows:
console#

Table 5.11. System management commands in the privileged EXEC mode
Command
reload [unit unit_id]
reload in {minutes | hh:mm}
reload at hh:mm
reload cancel
show cpu utilization
show cpu input rate

Value/Default value
unit_id: (1..8)/minutes: (1..999);
hh: (0..23), mm: (0..59).
hh: (0..23), mm: (0..59).
-

Action
Use this command to restart the device.
- unit_id - stack unit number
Set the time period for delayed device restart.
Set the device reload time.
Cancel delayed restart.

-

Show statistics on CPU load.

-

Show statistics on the speed of ingress frames processed by
CPU.

Example use of the traceroute command:

console# traceroute ip eltex.com
Tracing the route to eltex.com (148.21.11.69) form , 30 hops max, 18 byte packets
Type Esc to abort.
1 gateway.eltex (192.168.1.101) 0 msec 0 msec 0 msec
2 eltexsrv (192.168.0.1) 0 msec 0 msec 0 msec
3 * * *

Table 5.12. Description of 'traceroute' command results
Field

Description

1

The hop number of the router in the path to the specified network node.

gateway.eltex

The network name of this router.

192.168.1.101

The IP address of the router.

0 msec 0 msec 0 msec

The time taken by the packet to go to and return from the router. Specify for each
packet transmission attempt.

The errors that occur during execution of the traceroute command are described in the table.
Table 5.13. 'traceroute' command errors
Error symbol

Description

*

Packet transmission timeout.

?

Unknown packet type.

A

Administratively unavailable. As a rule, this error is shown when the egress traffic is
blocked by rules in the ACL access table.

F

Fragmentation or DF bit is required.

H

Network node is not available.

N

Network is not available.

P

Protocol is not available.

Q

Source is suppressed.

R

Expiration of the fragment reassembly timer.

S

Egress route error.

MES5324, MES2324, MES3324, MES2348Ethernet Switch Series

46

U

Port is not available.

Switch Telnet software supports special terminal management commands. To enter special
command mode during the active Telnet session, use key combination <Ctrl-shift-6>.
Table 5.14. Telnet special commands
Special command

Purpose

^^ b

Send disconnect command through telnet.

^^ c

Send interrupt process (IP) command through telnet.

^^ h

Send erase character (EC) command through telnet.

^^ o

Send abort output (AO) command through telnet.

^^ t

Send 'Are You There?' (AYT) message through telnet to check the connection.

^^ u

Send erase line (EL) command through telnet.

^^ x

Return to the command line mode.

You can also use additional options in the Telnet and SSH open session commands:
Table 5.15. Keywords used in the Telnet and SSH open session commands
Option

Description

/echo

Locally enable the echo function (suppress console output).

/password

Set the password for the SSH server

/quiet

Suppress output of all Telnet messages

/source-interface

Specify the source interface.

/stream

Activate the processing of the stream that enables insecure TCP connection without
Telnet sequence control. The stream connection will not process Telnet options and
could be used to establish connections to ports where UNIX-to-UNIX (UUCP) copy
programs or other non-telnet protocols are running.

/user

Set the user name for the SSH server.

Global configuration mode commands
Command line prompt in the global configuration mode is as follows:
console(config)#

Table 5.16. System management commands in the global configuration mode
Command
hostname name
no hostname
service cpu-utilization
no service cpu-utilization
service password-recovery
no service passwordrecovery
service mirrorconfiguration
no service mirrorconfiguration
system router resources

Value/Default value
name: (1..160) characters/-

-/enabled

-/enabled

Action
Use this command to specify the network name for the device.
Set the default network device name.
Allow the device to perform software based measurement of
the switch CPU load level.
Deny the device to perform software based measurement of
the switch CPU load level.
Disable password recovery
Enable password recovery
Create a backup copy of the running configuration

-/enabled
Disable copying of the running configuration
ip_entries: (8..8024)/5120;

Set the size of the routing table.

MES5324, MES2324, MES3324, MES2348Ethernet Switch Series

47

[ip­entries ip_entries |ipv6entries ipv6_entries |ipmentries ipm_entries
|ipmv6-entries
ipmv6_entries]

5.5

ipv6_entries:
(32..8048)/1024;
ipm_entries: (8..8024)/512;
ipmv6_entries:
(32..8048)/512

Password parameters configuration commands

This set of commands is used to configure minimum complexity and validity period for the
password.
Global configuration mode commands
Command line prompt in the global configuration mode is as follows:
console(config)#

Table 5.17. System management commands in the global configuration mode
Command

Value/Default value

passwords aging age
age: (0..365)/180 days.
no password aging
passwords complexity
enable
passwords complexity
min­classes value
no passwords complexity
min-classes
passwords complexity
min­length value
no passwords complexity
min-length
passwords complexity
no­repeat number
no password complexity
no-repeat
passwords complexity
not­current
no passwords complexity
not-current
passwords complexity
not­username
no passwords complexity
not-username

-/disabled

value: (0..4)/3

Action
Specify password validity period. When this period expires,
you will be asked to change the password. Zero value '0'
means that the password duration is not set.
Restore the default value.
Enable field format restriction.
Enable the restriction for the minimum quantity of character
classes (lowercase, uppercase, numbers, symbols).
Restore the default value.
Enable minimum password length restriction.

value: (0..64)/8
Restore the default value.

number: (0..16)/3

Enable the restriction for the minimum quantity of identical
consecutive characters in a new password.
Restore the default value.

-/enabled

Prohibit the use of the old password when the password is
changed.
Allow the use of the old password when the password is
changed.
Deny the use of the username as a password.

-/enabled
Allow the use of the username as a password.

Table 5.18. System management commands in the privileged EXEC mode
Command
show passwords
configuration

Action
Show information on password restriction.

MES5324, MES2324, MES3324, MES2348Ethernet Switch Series

48

5.6

File operations

5.6.1 Command parameters description
File operation commands use URL addresses to perform operations on files. For description of
keywords used in operations see Table 5.19.
Table 5.19. Keywords and their description
Keyword

Description

flash://

Source or destination address for non-volatile memory. Non-volatile memory is used by
default if the URL address is defined without the prefix (prefixes include: flash:, tftp:, scp:…).

running-config

Current configuration file.

mirror-config

Copy of the running configuration file

startup-config

Initial configuration file.

active-image

Active image file

inactive-image

Inactive image file
Source
or
destination
address
for
the
Syntax: tftp://host/[directory] /filename.
- host - IPv4 address or device network name;
- directory - directory;
- filename - file name.
Source or destination address for the SSH server.
Syntax: scp://[username[:password]@]host/[directory/] filename
- username - username;
- password - user password;
- host - IPv4 address or device network name;
- directory - directory;
- filename - file name.

tftp://

scp://

logging

Command history file.

usb://

Source or destination address on an USB drive.

TFTP

server.

5.6.2 File operation commands
File operation commands are available to privileged users only.
Command line prompt in the Privileged EXEC mode is as follows:
console#

Table 5.20. File operation commands in the Privileged EXEC mode
Command

Value

Action

source_url: (1..160)
characters;
destination_url: (1..160)
characters.

Copy file from source to destination.
- source_url - source location of the file to copy;
- destination_url - destination location the file to be copied to;
The following options are available only for copying from the
configuration file:
- exclude - do not include security information into the output
file.
- include-encrypted - include security information in the
output file in encrypted form.
- include-plaintext - include security information in the output
file in unencrypted form.
Copy the configuration file from the server to the current
configuration.

copysource_urldestination_url
[exclude | include-encrypted
| include-plaintext]

copysource_urlrunning­config

MES5324, MES2324, MES3324, MES2348Ethernet Switch Series

49

48). Change the file name. .show the content of the current configuration file. oob ports.copy running-config destination_url copy startup-config destination_url copyrunning-config startupconfig copyrunning-configfile copy startup-config file dir [flash:path | usb:path| dir_name] more {flash:file|usb:file|startupconfig | running­config | mirror­config | active­image | inactive­image | logging | file} Save the current configuration on the server.output the configuration with binary data Show the active system firmware file that the device loads on startup. MES3324.file . . tunnels. . Save the current configuration into the initial configuration file.display the log file content.160) characters.show the current configuration file content from the mirror. loopback interface.16) - rename url new_url url: (1.. . . vlan_id: (1. .mirror-config . delete url delete startup-config boot system inactive-image show {startup-config |running-config}[brief | detailed | interfaces {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | oob | port-channel group | vlan vlan_id | tunnel tunnel_id | loopback}] showbootvar write [memory] - gi_port: (1... .4) group: (1... VLAN interfaces. fo_port: (1.. Example use of commands  Delete the test file from the non-volatile memory: console# delete flash:test Delete flash:test? [confirm] Command execution result: File will be deleted after confirmation.8/0/1. interface groups (port-channel).160) characters Delete the file.12). te_port: (1. The running configuration can be output with the following options: . Save the current configuration into the initial configuration. - file: (1.display the current inactive software image file version.brief .active-image .detailed .inactive-image . .running-config . Files are displayed as ASCII text.. MES2324. Display the list of files of a specific directory.do not output binary data. MES5324.display the current software image file version.. Save the initial configuration into the specified backup configuration file. MES2348Ethernet Switch Series 50 . Boot the inactive software image..8/0/1. The TFTP server cannot be used as the source or destination address for a single copy command. Save the initial configuration on the server..configuration of the switch interfaces—physical interfaces.usb: display files from the USB flash drives. . .interfaces . Show file content. .url .show the content of the initial configuration file.4094). Save the current configuration into the specified backup configuration file.file name.24).8/0/1.flash: display files from the flash memory of the device. . Show the content of the initial configuration file (startupconfig) or the current configuration file (running-config).current filename.. such as SSH and SSL keys. Delete the initial configuration file. . tunnel_id: (1.new file name.startup-config .logging .new-url .

The resulting configuration file will be added to the current (running) configuration. Automatic update process includes the following steps: 1. Set the default value. MES2324. Automatic configuration The switch will automatically execute the configuration process based on DHCP if the following conditions are met: Automatic configuring is enabled in configuration. When the firmware image download is finished. System management commands in the privileged EXEC mode Command show boot Value/Default value - Action View automatic update and configuration settings. the switch downloads the firmware image from the TFTP server and makes it active.21. The switch downloads the first block (512 bytes) of the firmware image from the TFTP server where the firmware is stored. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5. Enable automatic update based on DHCP. 3.3 Automatic update and configuration commands Automatic update The switch will automatically start update process based on DHCP (prior to the automatic configuration process).22.6. MES2348Ethernet Switch Series 51 .5. If they differ. if autoupdate is enabled and the name of the text file (DHCP Option 125) containing the firmware file name is provided by the DHCP server. Set the default value. MES3324. Privileged EXEC mode commands Command line prompt in the privileged EXEC mode is as follows: console# Table 5. 4. the switch restarts. 2. DHCP server reply contains the TFTP server IP address (DHCP Option 66) and configuration file name (DHCP Option 67) in ASCII format. The switch compares firmware image file version downloaded from TFTP server with the active image of the switch firmware. The switch downloads the text file and reads the firmware file name on the TFTP server. MES5324. System management commands in the global configuration mode Command Value/Default value boot host auto-config no boot host auto-config boot host auto-update no boot host auto-update -/enabled -/enabled Action Enable automatic configuration based on DHCP.

Length of sub-option-data string text #sub-option-data. Suboption code. The name of the text file that contains the name of the software image }. host mes2124-test { hardware ethernet a8:f9:4b:85:a2:00.168. always equal to 35265(Eltex) unsigned integer 8.3. MES2348Ethernet Switch Series 52 . #sub-option-len. #TFTP server IP address fixed-address 192.cfg". Example of an ISC DHCP Server configuration: option image-filename code 125 = { unsigned integer 32.#mac-address of the switch filename "mesXXX-test. #switch IP address } MES5324.1.1. The length of all option parameters. always equal 1 unsigned integer 8. #enterprise-number.#switch configuration name option image-filename 35265 18 1 16 "mesXXX-401. MES2324. unsigned integer 8. Equals to the length of the “sub-option-data” string + 2. MES3324.ros". Manufacturer ID.36.168. #name of the text file containing the name of the software image next-server 192. #data-len. #sub-option-code.

. DST start time— second.day. month . System time configuration commands in the EXEC mode Command show clock show clock detail Value - Action Show system time and date. and DST end time—third.31).. Action Use an external source to set system time.24.4) characters / no area description. .hh .hours-offset . zone: (1.59)/0.59).hour offset from the UTC zero meridian .59).+13)/0. day: (1..zone .minutes.Dec). Specify date and time when daylight saving time starts and ends (for a specific year). Show SNTP status... .. month: (Jan.2037) - Manual system time setting (this command is available to privileged users only).7 System time configuration By default.4) characters / no area description. date: (1...seconds. mm .minutes-offset . hours_offset: (12. MES3324. Set the timezone value. MES5324.23).year.5.Dec). . minutes_offset: (0.23. ss: (0. automatic daylight saving change is performed according to US and EU standards. EXEC mode commands Command line prompt in the EXEC mode is as follows: console> Table 5. year: (2000.25. Privileged EXEC mode commands Command line prompt in the Privileged EXEC mode is as follows: console# Table 5. ss .31).. year . Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5.hours.abbreviation of the phrase (zone description) . System time configuration commands in the Privileged EXEC mode Command clock set hh:mm:ss day month year clock set hh:mm:ss month day year show sntp configuration show sntp status Value Action hh: (0. MES2348Ethernet Switch Series 53 .. You can set any date and time for daylight saving change in the configuration. Show SNTP configuration.month.. Show timezone and daylight saving settings.. month: (Jan. List of system time configuration commands in the global configuration mode Command clock source {sntp | browser} no clock source {sntp | browse} clock timezone zonehours_offset [minutes minutes_offset] no clock timezone clock summer-time zone date date month year hh:mm date month year hh:mm[offset] clock summer-time zone Value/Default value -/external source is not used zone: (1.minute offset from the UTC zero meridian Set the default value. Deny the use of an external source for system time setting. MES2324. Zone description should be specified first.day . mm: (0.

2037).month . Set the default value.date. MES3324.key number... Require authorization of the system that is used for synchronization via SNTP by the specified key.datemonth date year hh:mm month date year hh:mm[offset] clock summer-time zone recurring{usa | eu | {first | last | week} day month hh:mm {first|last|week} day month hh:mm} [offset] year: (2000 .year . Set the default value.offset . Allow multicast SNTP client operation.zone .8).hh .day .sat).zone .158) characters Allow the operation of SNTP clients that support packet transmission to the nearest device in a group of receivers..month.for the detailed interface configuration.month .ipv4_address . MES2324. By default.month. MES5324. see Interface Configuration Section. . . as well as broadcast SNTP clients for the selected interface.abbreviation of the phrase (zone description) .4094) /denied -/denied -/denied hostname: (1. Allow unicast SNTP client operation.. authentication is disabled -/authentication is not required key_number: (1. at 2am local time) .key_number ..hours.Ipv4-address of a network node. Set the default value. . value: (1.abbreviation of the phrase (zone description) . Delete authentication key for SNTP.. Set the default value. Set the default value.date .number of minutes added for the daylight saving change.hh . The daylight saving change is disabled by default.8) characters By default. .59).. . .week of month. te_port: (1. Allow the operation of SNTP clients that support packet transmission to the nearest device in a group of receivers.24).number . .key number.offset . week: (1-5).number of minutes added for the daylight saving change.eu . mm . . Set the default value. at 1am GMT) ..week . Set the SNTP server address. authentication is disabled Disable daylight saving change Specify authentication key for SNTP..key value. . number: (1.hours.1440)/60 min. Specify date and time when daylight saving time starts and ends for each year. offset: (1. MES2348Ethernet Switch Series 54 .4). day: (sun.. Authentication is required to obtain information from NTP servers.usa .day of the week. hh: (0.4294967295)... .23).minutes. vlan_id (1.set the daylight saving rules used in EU (daylight saving starts on the last Sunday of March and ends on the last Sunday of October.year. -/denied fo_port: (1.set the daylight saving rules used in the USA (daylight saving starts on the second Sunday of March and ends on the first Sunday of November. .minutes. Allow sequential polling of the selected unicast SNTP servers. mm . -/denied Set the default value. .4294967295).. group: (1. .value . . no clock summer-time sntp authenticationkeynumber md5 value no sntp authentication-key number sntp authenticate no sntp authenticate sntp trusted-key key_number no sntp trusted-key keynumber sntp broadcast client enable {both | ipv4 | ipv6} no sntp broadcast client enable sntp anycast client enable {both | ipv4 | ipv6} no sntp anycast client enable sntp client enable {fortygigabitethernet fo_port | tengigabitethernet te_port | port-channel group | oob| vlan vlan_id} no sntp client enable {fortygigabitethernet fo_port | tengigabitethernet te_port | port-channel group | oob | vlan vlan_id} sntp unicast client enable no sntp unicast client enable sntp unicast client poll no sntp unicast client poll sntp server {ipv4_address | ipv6_address | {ipv6-link-local- . mm: (0.

MES2324.enable polling.key identifier.ipv6_address . Synchronization status is indicated by the additional character before the time value.local link IPv6 address. List of system time configuration commands in the interface configuration mode Command Value/Default value sntp client enable -/denied no sntp client enable Action Allow the operation of SNTP clients that support packet transmission to the nearest device in a group of receivers. VLAN). MES2348Ethernet Switch Series 55 . date and timezone data: console# show clock detail 15:29:08 PDT(UTC-7) Jun 17 2009 Time source is SNTP Time zone: Acronym is PST Offset is UTC-8 Summertime: Acronym is PDT Recurring every year.26.keyid . Address format {ipv6-link-local-address}%{interface-name}. -/denied no clock dhcp timezone Get the timezone and daylight saving data from the DHCP server. Delete the server from the NTP server list.4294967295) no sntp server {ipv4_address | ipv6_address | {ipv6-link-localaddress}%{vlan {integer} | ch {integer} | isatap {integer} | {physical-port-name}} | hostname} clock dhcp timezone .ipv6z-address . Prohibit the receipt of the timezone and daylight saving data from the DHCP server. .poll . MES3324. MES5324.hostname . Interface configuration mode commands Command line prompt in the interface configuration mode is as follows: console(config-if)# Table 5. ipv6-link-local-address .address}%{vlan {integer} | ch {integer} | isatap {integer} | {physical-port-name}}| hostname} [poll] [key keyid] keyid: (1. Examples of command usage  Show the system time.name of the source interface in the following format: vlan {integer} | ch {integer} | isatap {integer} | {physicalport-name} .domain name of the network node..Ipv6z-address of a network node for pinging.Ipv6-address of a network node. Begins at first Sunday of April at 2:00. . Set the default value. as well as broadcast SNTP client for the selected interface (ethernet. . port-channel. interface-name .

8a20cccb 05:47:01.) means that the time is valid.--------.--------.Example: *15:29:08 PDT(UTC-7) Jun 17 2009 The following symbols are used: The dot (. Asterisk (*) means that the time is not valid. the last response is received at 05:47:01.--------. MES2324.168. reference is 192.------Broadcast: Interface IP address Last Response In the example above.23 seconds. system time mismatch with the server time is equal to 7. but there is no synchronization with the SNTP server.------192.16. 1:32pm console# clock set 13:32:00 7 Mar 2009  Show SNTP status: console# show sntp status Clock is synchronized. 2009. MES2348Ethernet Switch Series 56 .------------------.--------. the system time is synchronized with server 192.0 UTC Dec 8 2009 Unicast servers: Server Status Last Response Offset Delay [mSec] [mSec] --------------.  Specify system clock date and time: March 7.16. unicast Reference time is cec866d5.16.168.168.1.--------.1 up 05:47:01.1. stratum 0.0 UTC Dec 7230 -1000 8 2009 Anycast server: Server Interface Status Last Response Offset Delay [mSec] [mSe --------------.----------------------. MES5324. MES3324. No symbol means that the time is valid and time is synchronized.

N number of the stack unit slot number interface number Commands entered in the interface configuration mode are applied to the selected interface. possible values are (1..1 Ethernet and Port-Channel interface parameters Interface configuration mode commands (interface range) console# configure console(config)# interface { gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | oob |port-channelgroup |range{…}} console(config-if)# This mode is available from the configuration mode and designed for configuration of interface parameters (switch port or port group operating in the load distribution mode) or the interface range parameters.8/0/1.24. 5.Х format or in /N format. Below are given the commands for entering in the configuration mode of the 10th Ethernet interface located on the first stack unit and for entering in the configuration mode of channel group 1. where – – – – – group is the sequential number of the channel group.the sequential number of the Ethernet g(1.the sequential number of the Ethernet XLG1-XLG4 interface Specified as follows: 1.24.. Interface entry 1.8/0/1. MES2324.8/0/1.8. gi_port .8 Interface configuration You can specify the mask value in Х.Х. interface oob – for control interface configuration.24) interface specified as follows: 1. interface fortygigabitethernet fo_port – toconfigure the interfaces Ethernet XLG1-XLG4 interface port-channel group – for channel group configuration. console# configure console(config)# interfacetengigabitethernet1/0/10 console(config-if)# console# configure console(config)# interface port-channel1 console(config-if)# MES5324. fo_port .8/0/1. interface tengigabitethernet te_port – toconfigure the interfaces Ethernet XG1-XG24. MES2348Ethernet Switch Series 57 . The interface is selected by the following commands: – – – – – interface gigabitethernet gi_port – to configure the interfaces Ethernet 1-24.4...sequential number of the Ethernet XG1-XG24 interface specified as follows: 1...5. te_port ... where N is the number of 1's in the binary mask representation.Х.8)... MES3324..

Set data transfer rate (Ethernet). load-average period period: 5. half)/full no duplex negotiation [cap1 [cap2… cap5]] cap: (10f.. Set the default value.28. console# configure console(config)# interface range tengigabitethernet1/0/1-10 console(config-if)# console# configure console(config)# interface range port-channel1-8 console(config-if)# Table 5. MES3324. port-channel). Ethernet and Port-Channel interface general configuration mode commands Command port jumbo-frame Value/Default value -/denied Action Enable processing of jumbo fames by the switch. Set the default value. 100h. You can define specific compatibilities for the autonegotiation parameter. 1000f. Disable autonegotiation of speed and duplex on the interface. port-channel). Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5. Add interface description (Ethernet. Disable ‘back pressure' function for the interface.27. 10000f) no negotiation flowcontrol mode mode: (on.. MES2348Ethernet Switch Series 58 . Enable the ‘back pressure' function for the interface (Ethernet). all compatibilities are supported (Ethernet. Commands entered in this mode are applied to the selected interface range. 10000) no speed duplex mode mode: (full. Ethernet and Port-Channel interface configuration mode commands Command Value/Default value shutdown no shutdown description descr no description speed mode -/enabled descr: (1. Disable flow control mode. if these parameters are not defined. port-channel). MES2324. disable or autonegotiation). Maximum transmission unit (MTU) default value is MES5324. Enable autonegotiation of speed and duplex on the interface. Specify the flow control mode (enable. Specify interface duplex mode (full-duplex connection. halfduplex connection. Flowcontrol autonegotiation works only when negotiation mode is enabled on the interface (Ethernet. port-channel). off.64) characters / no description mode: (10. 10h. 100f. 1000. Enable the current interface.The interface range is selected by the following commands: – – interface range tengigabitethernetportlist – to configure an interface range.300/15 no load-average Specify the period during which the interface utilization statistics is collected. interface range port-channelgrouplist – to configure a port group. Set the default value. Ethernet). Below are given the commands for entering in the configuration mode of the Ethernet interface range from 1 to 10 and for entering in the configuration mode of all port groups. 100. auto)/off no flowcontrol back-pressure no back-pressure -/disabled Action Disable the current interface (Ethernet. Remove interface description.

te_port: (1.8/0/1.8/0/1.8/0/1.8/0/1...86400)/300 seconds Specify the time period for automatic interface reactivation. .UDLD protection activation..500 bytes..non-compliance with access lists (ACL). group: (1.8/0/1.... fo_port: (1. gi_port: (1. MES5324.8/0/1.. seconds: (30.link flapping.port-security -security breach for port security. ..loopback-detection .. .8/0/1. EXEC mode commands Command line prompt in the EXEC mode is as follows: console# Table 5..48). Set the default value..24). gi_port: (1.stp-bpdu-guard . no port jumbo-frame errdisable recovery cause {all| loopack­detection | port­security | dot1x­src­address | acl­deny | stp­bpdu­guard | stp­loopback-guard | udld |storm-control | link­flapping} -/denied no errdisable recovery cause {all | loopack­detection | port­security | dot1x­src­address | acl­deny | stp­bpdu­guard | stp­loopback-guard | udld |storm-control| link­flapping} errdisable recovery interval seconds no errdisable recovery interval Maximum transmission unit (MTU) value for port jumboframe configuration is 10..200 bytes. EXEC mode commands Command Value clear counters clear counters {oob| gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group} set interface active {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group} show interfaces configuration {oob|gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group | detailed} show interfaces status show interfaces status {oob| gigabitethernet gi_port | - Action Reset statistics for all interfaces.8/0/1. .4). MES2324.24)..48).8/0/1..loopback detection using the STP. gi_port: (1.. Show the status for Ethernet port or port group.4)..29. . gi_port: (1. te_port: (1. te_port: (1.link-flapping . Enable automatic interface activation after it is disconnected in the following cases: .stp-loopback-guard . fo_port: (1.1. group: (1..48)..8/0/1.8) Activate a port or port group disabled with the shutdown command. MES2348Ethernet Switch Series 59 ..4).. Configuration changes will take effect after the switch is restarted. Set the default value.acl-deny .8/0/1. .48)..BPDU Guard activation (unauthorized BPDU packet transfer on the interface). MES3324.. group: (1.broadcast storm.udld ..24).24). . Show the status for all interfaces.dot1x-src-address .8) Reset statistics for an Ethernet port or port group. . te_port: (1.MAC based user authentication failed.storm-control . fo_port: (1.8) Show the interface configuration.loopback detection... Disable processing of jumbo fames by the switch.

te_port: (1.48).8/0/1... Show automatic port reactivation settings. Show all interfaces utilization statistics.8/0/1. Show autonegotiation parameters announced for all interfaces.. Show autonegotiation parameters announced for an Ethernet port or port group.24)..48)..48)...24)..8/0/1. Show jumbo frame settings for the switch. Show statistics for an Ethernet port.8/0/1. fo_port: (1.24).. fo_port: (1...8/0/1.48)... group: (1. Show Ethernet interface utilization statistics. group: (1. Show the reason for disabling the port or port group and automatic activation status. MES2348Ethernet Switch Series 60 .4).48).8/0/1.4). fo_port: (1. group: (1.8) gi_port: (1....4).8) gi_port: (1.. MES2324. group: (1.8) group: (1..8/0/1.8) gi_port: (1. te_port: (1....8/0/1... Show descriptions for an Ethernet port or port group.24)...tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group| detailed} show interfaces port-channel group show interfaces advertise show interfaces advertise {oob | gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group| detailed} show interfaces description show interfaces description {oob| gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group|detailed} show interfaces counters show interfaces counters {oob |gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group| detailed} show interfaces utilization show interfaces utilization{gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group} show ports jumbo-frame show errdisable recovery show errdisable interfaces {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group} fo_port: (1. group: (1.8/0/1. group: (1.8/0/1.24). te_port: (1. fo_port: (1. te_port: (1...4)..8) gi_port: (1. Show descriptions for all interfaces. MES5324...4).8/0/1.4).. MES3324. configuration and statistics of the port group.. Show statistics for all interfaces.8/0/1.8/0/1.8/0/1.8) Show summary information about the status..8/0/1.... te_port: (1..8) gi_port: (1... fo_port: (1.8/0/1.

Down -----.Down -----.Down -----.Down -----.---------Disabled -Disabled -Disabled -Disabled -- fo1/0/3 fo1/0/4 gi1/0/1 40G-Fiber 40G-Fiber 1G-Copper Disabled -Disabled -Enabled Slave Operational Link Advertisement --------------------------------------- MES5324.Down -----.Down -----.Down -----.Down -----. MES2324.----------100 Enabled Up Show autonegotiation parameters: console# show interfaces advertise Port --------te1/0/1 te1/0/2 te1/0/3 te1/0/4 Type -----------10G-Fiber 10G-Fiber 10G-Fiber 10G-Fiber Neg Preferred -------.-----1G-Copper Full Flow Neg control -------.---------.-------.----------.Down -----.-----Po1 --Po2 --Po3 --Po4 --Po5 --Po6 --Po7 --Po8 --Oob -------oob  Flow Link Back Mdix Speed Neg ctrl State Pressure Mode ----.Down -----.Down -----. MES2348Ethernet Switch Series ---- 61 .Down -----.---.Down -----.Down -----.Down -----.Down -----.Down -----.-------.Examples of command usage  Show interface status: console# show interfaces status Port -------te1/0/1 te1/0/2 te1/0/3 te1/0/4 te1/0/5 te1/0/6 te1/0/7 te1/0/8 te1/0/9 te1/0/10 te1/0/11 te1/0/12 te1/0/13 te1/0/14 te1/0/15 te1/0/16 te1/0/17 te1/0/18 te1/0/19 te1/0/20 te1/0/21 te1/0/22 te1/0/23 te1/0/24 fo1/0/3 fo1/0/4 gi1/0/1 Type Duplex -----------.Down -----.Down -----.Down -----.-----10G-Fiber -10G-Fiber -10G-Fiber -10G-Fiber -10G-Fiber -10G-Fiber -10G-Fiber -10G-Fiber -10G-Fiber -10G-Fiber -10G-Fiber -10G-Fiber -10G-Fiber -10G-Fiber -10G-Fiber -10G-Fiber -10G-Fiber -10G-Fiber -10G-Fiber -10G-Fiber -10G-Fiber -10G-Fiber -10G-Fiber -10G-Fiber -40G-Fiber -40G-Fiber -1G-Copper -- Ch Type Duplex -------.Down -----.Down -----.Down -----.Down -----.----------------------- Link State ----------Not Present Not Present Not Present Not Present Not Present Not Present Not Present Not Present Link Speed Neg State ----.Down -----.-------.Down -----. MES3324.------.Down --- Speed ------------- Type Duplex -----------.

-----------te1/0/1 0 0 0 0 te1/0/2 0 0 0 0 ………………………………………………………………………………………………………………………………………………………………….-----------.-----------. 10h  Show interface statistics: console# show interfaces counters Port InUcastPkts InMcastPkts InBcastPkts InOctets ---------------.-----------Po1 0 6 3 912 Alignment Errors: 0 FCS Errors: 0 Single Collision Frames: 0 Multiple Collision Frames: 0 SQE Test Errors: 0 MES5324.-----------.-----------.-----------. Port OutUcastPkts OutMcastPkts OutBcastPkts OutOctets ---------------. 100f.-------.-----------.-----------. 100h.-----------.---------------------------------oob 1G-Copper Enabled 1000f. MES3324.-----------te1/0/1 0 0 0 0 te1/0/2 0 0 0 0 te1/0/3 0 0 0 0 te1/0/4 0 0 0 0 te1/0/5 0 0 0 0 te1/0/6 0 545 83 62186 te1/0/7 0 1424 216 164048 te1/0/8 0 0 0 0 te1/0/9 0 0 0 0 ………………………………………………………………………………………………………………………………………………………………….-----------oob 3 616 0 39616  Show channel group 1 statistics: console# show interfaces counters port-channel 1 Ch InUcastPkts InMcastPkts InBcastPkts InOctets ---------------.-----------.-----------. MES2348Ethernet Switch Series 62 .-----------.-----------oob 0 13 0 1390 OOB OutUcastPkts OutMcastPkts OutBcastPkts OutOctets ---------------.Po1 Po2 Po8 ---- Enabled Enabled Enabled Slave Slave Slave ---- Oob Type Neg Operational Link Advertisement --------.-----------Po1 111 0 0 9007 Ch OutUcastPkts OutMcastPkts OutBcastPkts OutOctets ---------------.-----------. 10f.-----------.-----------.-----------.-----------.-----------.-----------.-----------. MES2324. te1/0/5 0 0 0 0 te1/0/6 0 2 0 2176 te1/0/7 0 1 0 4160 te1/0/8 0 0 0 0 …………………………………………………………………………………………………………………………………………………………………. OOB InUcastPkts InMcastPkts InBcastPkts InOctets ---------------.

the number of cases when receiving instrumentation was busy for a time period equal or greater than the slot size (slotTime) during which there was at least one occurrence of an event that caused the PHY to indicate Data reception error or Carrier extend error on the GMII. OutMcastPkts The number of multicast packets sent. the number of cases there was as invalid data symbol when a valid carrier was present. Oversize Packets The number of received packets whose size exceeds the maximum allowed frame size. OutUcastPkts The number of unicast packets sent. Single Collision Frames The number of frames involved in a single collision. Excessive Collisions The number of frames that were not sent due to excessive number of collisions. InMcastPkts The number of multicast packets received. Deferred Transmissions The number of frames for which the first transmission attempt was delayed due to busy transmission media. MES2348Ethernet Switch Series 63 . InBcastPkts The number of broadcast packets received. Late Collisions The number of cases when collision is identified after transmitting the first 64 bytes of the packet to the communication link (slotTime). the number of times MES5324. MES2324. but transmitted successfully. Multiple Collision Frames The number of frames involved in multiple collisions. Alignment Errors The number of frames that failed integrity verification (whose number of bytes mismatches the length) and frame check sequence validation (FCS). For an interface operating in 1000Mbps full-duplex mode. OutOctets The number of bytes sent. but transmitted successfully.30. Description of counters Counter InOctets Description The number of bytes received. InUcastPkts The number of unicast packets received. Carrier Sense Errors The number of cases when the carrier control state was lost or not approved during the frame transmission attempt. MES3324. For an interface operating in 1000Mbps half-duplex mode. Internal MAC Rx Errors The number of frames for which a reception fails due to an internal MAC receive error. FCS Errors The number of frames whose byte number matches the length that failed frame check sequence (FCS) validation. OutBcastPkts The number of broadcast packets sent.Deferred Transmissions: 0 Late Collisions: 0 Excessive Collisions: 0 Carrier Sense Errors: 0 Oversize Packets: 0 Internal MAC Rx Errors: 0 Symbol Errors: 0 Received Pause Frames: 0 Transmitted Pause Frames: 0  Show jumbo frame settings for the switch: console# show ports jumbo-frame Jumbo frames are disabled Jumbo frames will be disabled after reset Table 5. Symbol Errors For an interface operating at 100Mbps.

protocol number (16 bit). Remove tethering. encaps: (ethernet. 5.8.4094) protocol: (ip. VLAN configuration mode commands Command vlanVLANlist no vlan VLANlist map protocol protocol [encaps] protocols-group group no map protocol protocol [encaps] map mac mac_address {host | mask} macs-group group Value/Default value VLANlist: (2. The number of control MAC frames with PAUSE operation code sent.48) no map mac mac_address {host | mask} Remove tethering. and during which there was at least one occurrence of an event caused the PHY to indicate Data reception error on the GMII. arp. * . Remove a single or multiple VLANs. VLAN interface (interface range) configuration mode commands Command line prompt in the VLAN interface configuration mode is as follows: console# configure console(config)# interface {vlanvlan_id |rangevlanVLANlist} console(config-if)# This mode is available in the global configuration mode and designed for configuration of VLAN interface or VLAN interface range parameters.. MES3324. Table 5. ethernet group: (1.2147483647). llcOther).2 VLAN interface configuration VLAN configuration mode commands Command line prompt in the VLAN configuration mode is as follows: console# configure console(config)# vlan database console(config-vlan)# This mode is available in the global configuration mode and designed for configuration of VLAN parameters. rfc1042. MES2324. The interface is selected by the following command: interface vlanvlan_id The interface range is selected by the following command: interface range vlanVLANlist MES5324. ipv6.. mask: (9.. (0600-ffff (hex)}*). ipx. MES2348Ethernet Switch Series 64 . Tether a single or a range of MAC addresses to MAC address group.31. Action Add a single or multiple VLANs. Tether the protocol to the associated protocol group.when receiving instrumentation was busy for a time period equal or greater than the minimum frame size (minFrameSize). Received Pause Frames Transmitted Pause Frames The number of control MAC frames with PAUSE operation code received.

Remove the VLAN list for the interface.tagged only. customer)/access vlan_id: (1. Table 5. .vlan_id .. The port can operate in four modes: – – – – access .mode . trunk.untagged-only – only untagged. Ethernet interface configuration mode commands Command switchport mode mode no switchport mode switchport access vlan vlan_id Value/Default value mode: (access. MES5324. Accept only specific frame type on the interface: .1q that accepts both tagged and untagged traffic.32.list of VLAN IDs. Set the default value. 7 group.7 console(config-if)# Table 5.VLAN ID.an untagged access interface for a single VLAN.Below are given the commands for entering in the configuration mode of the VLAN 1 interface and for entering in the configuration mode of VLAN 1. Set the default value.3. To define a VLAN number range. Add a VLAN list for the interface. . enter values separated by commas or enter the starting and ending values separated by a hyphen ’-’.an interface with full support of 802. MES3324. trunk . Set the default value.1 Q-in-Q interface. Ethernet or port group interface (interface range) configuration mode commands Command line prompt in the Ethernet or port group interface configuration mode is as follows: console# configure console(config)# interface { fortygigabitethernet fo_port | tengigabitethernette_port | gigabitethernetgi_port| oob |port-channelgroup | range {…}} console(config-if)# This mode is available from the configuration mode and designed for configuration of interface parameters (switch port or port group operating in the load distribution mode) or the interface range parameters. console# configure console(config)# interfacevlan 1 console(config-if)# console# configure console(config)# interfacerange vlan 1.an interface that accepts tagged traffic only. Add VLAN for the access interface.802..all – all frames. customer . all) switchport trunk allowed vlan remove vlan_list Action Specify port operation mode in VLAN. . general.vlan_list . . MES2324.33. 3. except for a single VLAN that can be added by the switchport trunk native vlan command.tagged-only .4094. MES2348Ethernet Switch Series 65 . VLAN interface configuration mode commands Command name name no name Value/Default value name: (1-32) characters / name matches VLAN number Action Add a VLAN name. general. .port operation mode in VLAN.4094)/1 no switchport access vlan switchport general acceptableframe-type {untagged-only | tagged­only | all} -/accept all frame types switchport trunk allowed vlan add vlan_list vlan_list: (2.

. Add a VLAN for the user interface. group: (1. .4094). no switchport general map protocols-group group switchport customer vlan vlan_id no switchport customer vlan switchport customer multicast-tv vlan add vlan_list Add a VLAN list for the interface.4094.. . Enable the receipt of multicast traffic from the specified VLANs (other than the user interface VLAN) on the interface together with other port users that receive multicast traffic from these VLANs.4094) group: (1.all – all frames.. vlan_id: (1.group – group number ID. Set the default value.vlan_id . Disable filtering of ingress packets on the main interface based on their assigned VLAN ID. .. Set the default value. this packet will be dropped.vlan_id . Remove a classification rule..tagged only. .4094)/1 . enter values separated by commas or enter the starting and ending values separated by a hyphen ’-’. 2147483647). 2147483647) Set a classification rule for the main interface based on protocol tethering.vlan_id . Remove the VLAN list for the interface.untagged-only – only untagged.VLAN ID. .4094). . Remove a classification rule. . vlan_id: (1.. Accept all frame types on the main interface. vlan_list: (2.the port will transmit untagged packets for the VLAN. all) switchport general allowed vlan remove vlan_list switchport general pvid vlan_id no switchport general pvid switchport general ingress­filtering disable no switchport general ingress­filtering disable switchport general acceptable­frame-type {tagged-only | untagged­only | all} no switchport general acceptable-frame-type switchport general map protocols-group group vlan vlan_id vlan_id:(1. no switchport general map protocols-group group switchport general map macs­group group vlan vlan_id no switchport general map macs-group group switchport general map protocols-group group vlan vlan_id Add the VLAN ID as Default VLAN for this interface. -/filter is enabled -/accept all frame types Enable filtering of ingress packets on the main interface based on their assigned VLAN ID.if default VLAN is set Add a port VLAN identifier (PVID) for the main interface. and the packet is not in VLAN group with the assigned VLAN ID.4094)/1 vlan_list: (2.VLAN ID. Set a classification rule for the main interface based on MAC address tethering. Accept only specific frame type on the main interface: .vlan_id – VLAN port ID.list of VLAN IDs.switchport trunk native vlan vlan_id vlan_id: (1.vlan_list . enter values separated by commas or enter the starting and ending values separated by a hyphen ’-’. . MES3324.2147483647)..To define a VLAN number range..VLAN ID. .vlan_id . Remove a classification rule. MES5324.4094)/1 no switchport trunk native vlan switchport general allowed vlan add vlan_list[tagged | untagged] Set the default value. Set the classification rule for the main interface based on the protocol tethering. vlan_id: (1.4094. . all).untagged . .group – group number ID. .list of VLAN IDs. MES2348Ethernet Switch Series 66 . To define a VLAN number range.the port will transmit tagged packets for the VLAN. MES2324. group: (1. If filtering is enabled.VLAN ID.group – group number ID.vlan_list . . ..VLAN ID.tagged-only . All untagged traffic coming to this port will be directed to this VLAN.vlan_id ... vlan_id:(1.tagged ..

1ag CFM / Y. membership in the default VLAN is enabled.. te_port: (1.. MES2324. Basic reserved protocol numbers Protocol number Description 0x0800 0x0806 0x86DD 0x8808 0x8809 0x8847 0x8848 0x8863 0x8864 0x8870 0x888E 0x88CC 0x8902 Internet Protocol Version 4 (IPv4) Address Resolution Protocol (ARP) Internet Protocol Version 6 (IPv6) Ethernet flow control Slow Protocols (IEEE 802. MES3324. Specify the port as a tagging port in the default VLAN.list of VLAN IDs. fo_port: (1..48). By default . Table 5.... Deny adding the default VLAN for this port. MES5324. Disable routing based on the database of learned MAC addresses (FDB) and forward all unicast. all)/all VLAN are enabled for this port Allow adding the selected VLANs for this port.To define a VLAN number range.8/0/1. - no switchport protected­port switchport protected {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group} no switchport protected Deny adding specified VLANs for this port. gi_port: (1.8/0/1..35..48).3) MPLS unicast MPLS multicast PPPoE Discovery stage PPPoE Session Stage Jumbo Frames EAP over LAN (IEEE 802. Enable routing based on the database of learned MAC addresses (FDB).24).8/0/1. Action Show information on all VLANs Show information on a specific VLAN by ID. switchport default-vlan tagged no switchport default-vlan tagged - Put the port into Private VLAN Edge mode.24).. multicast and broadcast traffic to the uplink port. Privileged EXEC mode commands Command show vlan show vlan tag vlan_id show vlan internal usage show default­vlan­membership [gigabitethernet gi_port | Value vlan_id: (1.4). Set the default value.vlan_list .switchport customer multicast-tv vlan remove vlan_list switchport forbidden vlan add vlan_list switchport forbidden vlan remove vlan_list switchport forbidden default­vlan no switchport forbidden default-vlan switchport protected-port Disable the receipt of multicast traffic for the interface. Restore the default value.8/0/1.. te_port: (1.1X) LLDP IEEE 802.8) By default. Show default VLAN group members. Show VLAN list for internal use by the switch.1731 OAM Privileged EXEC mode commands Command line prompt in the Privileged EXEC mode is as follows: console# Table 5.8/0/1.4094) gi_port: (1. routing is based on the database of learned MAC addresses (FDB)...4094. . enter values separated by commas or enter the starting and ending values separated by a hyphen ’-’. group: (1.. Set the default value..8/0/1. fo_port: (1. Put the port in isolation mode within the port group.4)..34. MES2348Ethernet Switch Series 67 . vlan_list: (2.

8/0/1.8/0/1.-----------------. D fo1/0/1-4.. in the privatevlan-edge community... S-Static.-----------------. Po1-8 2 2 S 3 3 S 4 4 S 5 5 S 6 6 S 8 8 S Show source ports and multicast traffic receivers in VLAN 4: console# show vlan multicast-tv vlan 4 Source ports : te0/1 Receiver ports: te0/2..24).8) Show port or port group configuration.----------------. MES3324..8) Show port status: in Private VLAN Edge mode. fo_port: (1.36. EXEC mode commands Command show vlan multicast-tv vlan vlan_id show vlan protocols-groups show vlan macs-groups show interfaces switchport {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group} show interfaces protected­ports [gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port| port-channel group|detailed] Value vlan_id: (1.. te_port: (1.8/0/1.4094) - Action Show source ports and multicast traffic receivers in the current VLAN. MES2348Ethernet Switch Series 68 .8/0/1.. console# show vlan protocols-groups Encapsulation Protocol Group Id ------------.---------------- MES5324.24).4). te_port: (1.---------------1 1 te1/0/1-24. R-Radius Assigned VLAN..48). Show information on MAC address groups...---------------. gi_port: (1. gi_port: (1. fo_port: (1. MES2324. Show information on protocol groups. group: (1.tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group | detailed] group: (1.4).te0/8  Show information on protocol groups. V-Voice VLAN Vlan Name Tagged Ports UnTagged Ports Created by ---. G-GVRP..8/0/1. group: (1.te0/4.8/0/1....8) EXEC mode commands Command line prompt in the EXEC mode is as follows: console# Table 5.gi1/0/1.48)... Source ports can both send and receive multicast traffic. Examples of command usage  Show information on all VLANs: console# show vlan Created by: D-Default.

T-Guest VLAN. MES2348Ethernet Switch Series 69 . MES2324.0x800 (IP) 0x806 (ARP) 0x86dd (IPv6)  Ethernet Ethernet Ethernet 1 1 3 Show TenGigabitEthernet 0/1 port configuration: console# show interfaces switchport TengigabitEthernet 0/1 Added by: D-Default.----------. tengigabitethernet.B. MES3324. G-GVRP.-------------------------------Classification rules: Protocol based VLANs: Group ID Vlan ID -----------. console# configure console(config)# interface ipA.-------------------------------. or vlan devices. R-Radius Assigned VLAN.------- IP interface configuration An IP interface is created when an IP address is assigned to the interfaces of any of gigabitethernet. S-Static.------Mac based VLANs: Group ID Vlan ID -----------. oob.---------------1 1 Untagged D 2 2 Tagged S 3 3 Tagged S 4 4 Tagged S 5 5 Tagged S 6 6 Tagged S 8 8 Tagged S 28 28 Tagged S Forbidden VLANS: Vlan Name ---. port-channel.D console(config-ip)# This mode is available from the configuration mode and designed for configuration of IP interface parameters. Command line prompt in the IP interface configuration mode is as follows. MES5324.C. fortygigabitethernet. VVoice VLAN Port : te1/0/1 Port Mode: Trunk Gvrp Status: disabled Ingress Filtering: true Acceptable Frame Type: admitAll Ingress UnTagged VLAN ( NATIVE ): 1 Protected: Disabled Port is member in: Vlan Name Egress rule Added by ---.

Enable forwarding of broadcast UDP packets to the specific address.destination IP address for packets forwarding. – IP interface configuration mode commands Command Value/Default value directed-broadcast -/disabled no directed-broadcast helper-addressip_address ip_address: A.ip_address .1 /24 console(config-if)#exit console(config)# interface ip 100.0.37.1 console(config-ip)#directed-broadcast MES5324.B. Disable forwarding of broadcast UDP packages. Examples of command usage  Enable the directed-broadcast function: console# configure console(config)#interface PortChannel 1 console(config-if)#ip address 100. . MES2348Ethernet Switch Series 70 .Table 5.0. Disable IP directed-broadcast packet translation.C.0.D no helperaddressip_address Action Enable IP directed-broadcast packet translation into standard broadcast packet and enable its transmission via the selected interface. MES2324. MES3324.0.

8) Action Show the list of selective qinq rules. Ethernet and Port-Channel interface (interface range) configuration mode commands Command line prompt in the configuration interface configuration mode is as follows: console# configure console(config)# interface{gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port|oob|port-channelgroup|range{…}} console(config-if)# Table 5. MES2324.39. Creates a ‘permit’ rule to transmit all ingress packets with the ingress_vlan_idouter tag.. vlan_id (1. EXEC mode commands Command show selective-qinq show selective-qinq interface{gigabitethernet gi_port | tengigabitethernet te_port | Value gi_port: (1. vlan_id: (1.4).8/0/1... MES3324.. the rule will be applied to all ingress packets that are not processed by other rules ('default rule'). Create a ‘deny’ rule to drop tag ingress packets with theingress_vlan_id outer tag. MES2348Ethernet Switch Series 71 .38. ... substitute Customer VLAN..5.4094) Creates a rule to replace theingress_vlan_idouter stamp of ingress packets with vlan_id. The command without the ingress vlan parameter will delete the default rule. group: (1. all ingress packets will be transmitted without changes.4094). vlan_id: (1-4094) Remove the selective qinq rule list for egress packets. MES5324. If ingress_vlan_id is not specified.9 Selective Q-in-Q This function uses configured filtering rules based on internal VLAN numbers (Customer VLAN) to add and external SPVLAN (Service Provider's VLAN). all ingress packets will be dropped.... the rule will be applied to all ingress packets. te_port: (1.4094) Remove the selected selective qinq rule for ingress packets. the rule will apply by default.4094) Action Create a rule that will add the second stamp vlan_id to a packet with the outer stampingress_vlan_id.. EXEC mode commands Command line prompt in the EXEC mode is as follows: console# Table 5.. A list of traffic processing rules is created for the device. and block traffic. Ifingress_vlan_idis not set. Ifingress_vlan_idis not set.24).4094) ingress_vlan_id: (1.4094) ingress_vlan_id: (1..4094).8/0/1.. ingress_vlan_id: (1.48). Ifingress_vlan_id is not set.8/0/1.. vlan_id: (1. Show the list of selective qinq rules for the selected port. If ingress_vlan_idis not specified. fo_port: (1.4094) ingress_vlan_id: (1.Ethernet interface (interface range) configuration mode commands Command selective-qinq list ingress add_vlan vlan_id [ingress_vlan ingress_vlan_id] selective-qinq list ingress deny [ingress_vlan ingress_vlan_id] selective-qinq list ingress permit [ingress_vlan ingress_vlan_id] selective-qinq list ingress override_vlan vlan_id [ingress_vlan ingress_vlan_id] selective-qinq list egress override_vlan vlan_id [ingress_vlan ingress_vlan_id] no selective-qinq list ingress [ingress_vlan vlan_id] no selective-qinq list egress ingress_vlan vlan_id Value vlan_id: (1.. ingress_vlan_id:(1.4094) Creates a rule to replace theingress_vlan_id outer stamp of egress packets with vlan_id.

MES2324. MES3324. console# show selective-qinq Direction Interface Rule type Vlan ID Classification by Parameter --------.---------------.fortygigabitethernet fo_port | port-channel group} Examples of command usage  Create a rule that will replace the outer stamp 11 of the ingress packet with 10.-------. console# configure console(config)# interface tengigabitethernet 1/0/1 console(config-if)# selective-qinq list ingress override vlan 10 ingress­vlan 11 console(config-if)# end  Show the list of created selective qinq rules.--------.--------------. MES2348Ethernet Switch Series 72 .-----------------ingress te0/1 override_vlan 10 ingress_vlan 11 MES5324.

Enable unicast traffic control.traffic volume as a percentage of the interface bandwidth..registered .8/0/1. Enable broadcast traffic control. Disable broadcast traffic control.48).. MES2324. . the interface may be disabled (shutdown).41. or a record is added to log (trap). .level . MES3324. the interface may be disabled level: (1. or a record is added to log (trap).. A storm can occur if there are looped segments in the Ethernet network. EXEC mode commands Command show stormcontrolinterface [gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port] Value gi_port: (1... Ethernet interface configuration mode commands Command storm-control multicast [registered | unregistered]{level level | kbps kbps} [trap] [shutdown] Value/Default value level: (1. te_port: (1. kbps: (1. .traffic volume. kbps: (1. .registered traffic.traffic volume as a percentage of the interface bandwidth..traffic volume.. Examples of command usage MES5324. which causes delays and network resources overloads.unregistered traffic. fo_port: (1. ..4) Action Show broadcast storm control configuration for the selected port or all ports. no storm-control broadcast EXEC mode commands Command line prompt in the EXEC mode is as follows: console# Table 5.24).traffic volume as a percentage of the interface bandwidth. The switch measures the transfer rate of received broadcast. If broadcast traffic is detected..10000000) (shutdown).8/0/1.kbps . multicast or unknown unicast traffic on the ports with enabled broadcast storm control and drops packets if the transfer rate exceeds the maximum value. kbps: (1.traffic volume.10000000) no storm-control multicast storm-control unicast {level level | kbps kbps} [trap][shutdown] no storm-control unicast storm-control broadcast {level level | kbps kbps} [trap][shutdown] Action (shutdown) . Disable multicast traffic control.100).10 Broadcast Storm Control Broadcast storm occurs as a result of excessive amount of broadcast messages transmitted simultaneously via a single network port.kbps .8/0/1.kbps . MES2348Ethernet Switch Series 73 . .40.unregistered . the interface may be disabled level: (1-100). If multicast traffic is detected.5.100)...level . Ethernet interface configuration mode commands Command line prompt in the Ethernet or port group interface configuration mode is as follows: console(config-if)# Table 5. or a record is added to log (trap).10000000) Enable multicast traffic control: .level . Disable unicast traffic control. . If unicast traffic is detected.

000 kbps for broadcast traffic.42. 70% for unicast traffic. MES2348Ethernet Switch Series 74 .a load balance mechanism based on MAC address. MES2324.src-dst-mac .add a port to a channel with LACP in active mode. Set the transfer rate for controlled traffic: 5. To add an interface into a group. Command line prompt in the Ethernet interface configuration mode is as follows: console(config-if)# Table 5. MES3324. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console# configure console(config)# Table 5. you have to restore the default interface settings if they were modified. 30% of the bandwidth for multicast traffic. multicast or unicast traffic control for Ethernet interface no. . mode: (on. Remove an Ethernet interface from a port group. You can add interfaces into a link aggregation group in the Ethernet interface configuration mode only. The switch interprets the port group as a single logical port.src-dst-mac-ip .a load balance mechanism based on MAC address and IP address. Ethernet interface configuration mode commands Command channel-group group mode mode Value group: (1.11 Link Aggregation Groups (LAG) The switches support up to 8 Ethernet interfaces in one LAG port group and 8 LAG groups on a standalone device or device stack. Global configuration mode commands Command port-channel load-balance {src-dst-mac-ip | src­dst­mac} Value Action -/src-dst-mac Specify load balance mechanism for an aggregated port group. see the corresponding configuration section. Command line prompt in the EXEC mode is as follows: MES5324.. For description of LACP group. . auto) no channel-group Action Add an Ethernet interface to a port group: . Two port group operation modes are supported: static group and LACP group. Each port group should include Ethernet interfaces operating at the same speed in full-duplex mode. Aggregation of ports into group will increase bandwidth between the communicating devices and adds resiliency.Enable broadcast. 3. console# configure console(config)# interface TengigabitEthernet 0/3 console(config-if)# storm-control broadcast kbps 5000 shutdown console(config-if)# storm-control multicast level 30 trap console(config-if)# storm-control unicast level 70 trap 5.43. .add a port to a channel without LACP.8).on .auto .

use command ‘channel-group {group} mode auto’ in the configuration mode of the interface. the priority of links in an aggregated linkset is not specified.long . To enable an interface to operate in a static group. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5. . For static groups.65535)/1 Action Set the system priority. 5. Ethernet interface configuration mode commands Command Value/Default value lacp timeout {long | short} The ‘long’ value is used by default..11.2 LACP link aggregation protocol Key function of the Link Aggregation Control Protocol (LACP) is to aggregate multiple physical links into a single link.1 Static link aggregation groups Static LAG groups are used to aggregate multiple physical links into a single link. MES3324.44. LACP allows for traffic transmission via aggregated links according to the defined priorities.8) Action Show information about a channel group. MES2348Ethernet Switch Series 75 . Set the Ethernet interface priority. Global configuration mode commands Command lacp system-priority value no lacp system-priority Value/Default value value: (1. 5. use command 'channel-group {group} mode on' in the configuration mode of the interface. MES2324.long timeout. Set the default value.short timeout..short . which increases link bandwidth and adds resiliency. Set the default value. EXEC mode commands MES5324.console> Table 5.46. . EXEC mode commands Command Value show interfaces port­channel [group] group: (1.65535)/1 Action Set LACP administrative timeout. Set the default value. Ethernet interface configuration mode commands Command line prompt in the Ethernet interface configuration mode is as follows: console(config-if)# Table 5.11.45. To enable an interface to operate via LACP. no lacp timeout lacp port-priority value no lacp port-priority value: (1.. Link aggregation increases link bandwidth and adds resiliency.

port group or VLAN interface configuration mode commands Command line prompt in the Ethernet..48). MES2324. Ethernet. subnet mask.24). te_port: (1. MES3324.12 IPv4 addressing configuration This section describes commands used to configure IP addressing static parameters: IP address. see the corresponding configuration sections. fo_port: (1. prefix-length: (8 .Command line prompt in the EXEC mode is as follows: console# Table 5. .show protocol operation state. port group or VLAN interface configuration mode is as follows: console(config-if)# Table 5. priorities 12 and 13 for ports 3 and 4 respectively. the command displays all information.show protocol operation statistics. . Set the system priority to 6.parameters .8) Action Show information on LACP for an Ethernet interface. MES5324. .show protocol configuration parameters.. console# configure console(config)# lacp system-priority 6 console(config)# interface port-channel 1 console(config-if)# speed 10000 console(config-if)# exit console(config)# interface TengigabitEthernet 1/0/3 console(config-if)# speed 10000 console(config-if)# channel-group 1 mode auto console(config-if)# lacp port-priority 12 console(config-if)# exit console(config)# interface TengigabitEthernet 1/0/4 console(config-if)# speed10000 console(config-if)# channel-group 1 modeauto console(config-if)# lacpport-priority 13 console(config-if)# exit 5.. Obtain the IP address for the interface from the DHCP server.. Examples of command usage  Create the first LACP port group that includes two Ethernet interfaces 3 and 4..protocol-state . default gateway. If additional parameters are not used.statistics . MES2348Ethernet Switch Series 76 .48. Ethernet interface configuration mode commands Command ip address ip_address {mask | prefix_length} no ip address [ip_address] ip address dhcp no ip address dhcp Value Action Set an IP address and subnet mask to a specific interface. 30) - Remove an IP address of the interface.47..4). EXEC mode commands Command show lacp {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port} [parameters | statistics | protocol-state] show lacp port-channel[group] Value/Default value gi_port: (1. Show information on LACP for a port group. Group operation transfer rate is 1000Mbps.. group: (1. For DNS and ARP configuration.8/0/1.8/0/1. Disable the use of DHCP to obtain the IP address for the selected interface.8/0/1..

... The maximum number of ports and addresses per device it 128.Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5. Specify 0. EXEC mode commands Command line prompt in the EXEC mode is as follows: console> Table 5. . Remove the default gateway address. Privileged EXEC mode commands Command line prompt in the Privileged EXEC mode is as follows: console# Table 5. * . MES2324.. . MES5324..8) vlan_id: (1..8/0/1. group: (1. tun_id: (1.0.udp_port_list ... Enable forwarding of broadcast UDP packets to the specific address.selects all IP interfaces of the device. fo_port: (1. Global configuration mode commands Command ip default-gateway ip_address no ip default-gateway ip helper-address {ip_interface | all} ip_address [udp_port_list] Value -/default gateway is not defined -/disabled no ip helper-address {ip_interface | all} ip_address Action Specify the default gateway address for the switch.0.force-autoconfig ..8/0/1.the IP address of the interface.48).the list of UDP ports. vlan_id: (1.158) characters renew dhcp {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port |vlan vlan_id | port­channel group | oob} [force­autoconfig] show ip helper-address gi_port: (1.8). ...ip_address .48).8/0/1. . MES3324.50. Disable forwarding for the selected interfaces.4).8/0/1.24)..8/0/1. EXEC mode commands Command Value show ip interface [gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group | loopback | tunnel tun_id | gi_port: (1. group: (1..8/0/1. Privileged EXEC mode commands Command Value clear host {* | word} word: (1. te_port: (1..0 to disable forwarding.download the configuration from the TFTP server when IP address is updated. te_port: (1.ip_interface .16).49.. Show the broadcast UDP packet forwarding table. .51.4). fo_port: (1.delete all entries.24). Broadcast traffic directed to the ports from the list will be forwarded. MES2348Ethernet Switch Series 77 ..4094) Action Show IP addressing configuration for a specific interface.destination IP address for packets forwarding.. Send an IP update request to the DHCP server.4094) - Action Delete all interface/IP address mapping entries received via DHCP from the memory..all .

Privileged EXEC mode commands Command line prompt in the Privileged EXEC mode is as follows: console# Table 5.52. Ethernet interface configuration mode commands Command Value/Default value green-ethernet energy­detect no green-ethernet energy­detect green-ethernet short-reach Action Enable the power saving mode for the interface. fo_port: (1. MES3324. Privileged EXEC mode commands Command Value show green-ethernet [gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | gi_port: (1.vlan vlan_id | oob] 5.. Enable the power saving mode based on the cable length.8/0/1.. Interface configuration mode commands Command line prompt in the Ethernet interface configuration mode is as follows: console(config-if)# Table 5. -/enabled Disable the power saving mode for the interface. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5.8/0/1. MES2348Ethernet Switch Series 78 .24).54. te_port: (1. MES2324. -/enabled -/enabled no green-ethernet short­reach Disable the power saving mode for low data activity ports.4). Action Show green-ethernet statistics.. Global configuration mode commands Command Value/Default value green-ethernet energy­detect no green-ethernet energy­detect green-ethernet short-reach Action Enable the power saving mode for low data activity ports. Disable the power saving mode based on the cable length.53. MES5324.48)...8/0/1. Enable the power saving mode for the ports connect devices with the cable length less than the threshold value defined by command green-ethernet short-reach threshold.13 Green Ethernet configuration Green Ethernet is a technology that reduces the device power consumption by disabling power supply to unused electric ports and changing the levels of transmitted signals according to the cable length.. -/enabled no green-ethernet short­reach Disable the power saving mode based on the cable length.

For example. In addition to a larger address space. e. MES3324.---. use the following format in the command syntax for IPv6Z addresses: <ipv6-link-local-address>%<interface-name> where interface-name . since IPv6 is planned to replace IPv4 addressing completely.14.8/0/1.4) If the value of a single group or multiple sequential groups in an IPv6 address are zeros. MES2348Ethernet Switch Series 79 . these groups may be omitted.07W out of maximum 0. MES5324. IPv6 protocol has an extended address space of 128 bit instead of 32 bit in IPv4. simplifies routing tables and boosts router performance by using neighbour discovery. 0000.14 IPv6 addressing configuration 5.. Two 2 separated zero groups cannot be omitted because of the ambiguity of the resulting address.. IPv6 has a hierarchical addressing scheme. Local IPv6 addresses (IPv6Z) are assigned to the interfaces.. FE40:0000:0000:0000:0000:0000:AD21:FE43 address can be shortened to FE40::AD21:FE43.g.1 IPv6 protocol The switch supports IPv6 protocol. - Examples of command usage  Show green-ethernet statistics: console# show green-ethernet detailed Energy-Detect mode: Disabled Short-Reach mode: Disabled Power Savings: 82% (0..detailed] green-ethernet power-meter reset Reset the power meter readings. provides route aggregation.------on off off on off off on off off on off off on off off on off off VCT Cable Length ---------- 5.8/0/1.24) | fortygigabitethernet (1.------on off on off on off on off on off on off Short-Reach Admin Force Oper Reason ----..40W) Cumulative Energy Saved: 0 [Watt*Hour] Short-Reach cable length threshold: 50m Port -------te1/0/1 te1/0/2 te1/0/3 te1/0/4 te1/0/5 te1/0/6 Energy-Detect Admin Oper Reason ----. Ipv6 support is an essential feature. An IPv6 address is 8 blocks separated by a colon with each block having 16 bit represented as 4 hexadecimal number.8/0/1.----..the name of the interface: interface-name = vlan<integer> | ch<integer> |<physical-port-name> integer = <decimal-number> | <integer><decimal-number> decimal-number = 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 physical-port-name = gigabitethernet(1.24) | tengigabitethernet (1.---. MES2324.

group: (1. Global configuration mode commands Command ipv6 default-gateway {ipv6_address | tunnel tunnel_id} no ipv6 default-gateway {ipv6_address | tunnel tunnel_id} ipv6 neighbor ipv6_address {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group | vlan vlan_id} mac_address no ipv6 neighbor [ipv6_address] [gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group | vlan vlan_id] ipv6 icmp error-interval milliseconds [bucketsize] no ipv6 icmp error-interval ipv6 route prefix/prefix_length {gateway | tunnel tun_id}[metric] no ipv6 route prefix/prefix_length [gateway | tunnel tun_id] ipv6 unicast-routing no ipv6 unicast-routing Value/Default value Action Set the default IPv6 gateway local address. Add a static IPv6 route .64) if eui-64 is used)) Action Enable IPv6 support for the interface. MES2348Ethernet Switch Series 80 .128) ((0.. Port-Channel) configuration mode commands Command line prompt in the interface configuration mode is as follows: console (config-if)# Table 5. Disable forwarding of unicast packets. Interface (VLAN. Enable forwarding of unicast packets. .8/0/1. .ipv6_address – IPv6 address. tun_id: (1. Port-channel) Command ipv6 enable noipv6 enable ipv6 addressipv6_address/prefix_length[eui64] [anycast] Value/Default value -/disabled prefix-length: (0.48).4094) milliseconds: (0. prefix_length: (0. Delete a static IPv6 route.gateway – the gateway for target network access.mac_address – МАС address..ipv6_address . MES3324. tunnel_id: (1... which represents by the 64 least significant bits of the IPv6 address.prefix – destination network. te_port: (1..8/0/1. each block MES5324.24). Set the ICMPv6 rate limiting. MES2324. . Remove static mapping between the neighbour MAC address and its IPv6 address.. Set the default value.2147483647)/100. A MAC address is divided into two 24-bit parts separated by the FFFE constant. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5. fo_port: (1..16) Remove the default IPv6 gateway settings.IPv6 address assigned to the interface (8 blocks separated by a colon. VLAN.8) vlan_id: (1. .55.. bucketsize: (1.EUI-64 is an identifier created based on the interface MAC address.200)/10 prefix: X:X:X:X::X. Create an IPv6 address on the interface..16). . Disable IPv6 support for the interface..65535)/1 -/disabled Setstaticmappingbetween the neighbour MAC address and its IPv6 address.. Interface configuration mode commands (Ethernet. gi_port: (1.8/0/1.4)..56. metric: (1.prefix_length – netmask prefix (the number of units in the mask)...128). Ethernet...

Set the local IPv6 address for the interface.the identifier created based on the interface MAC address. Specify MLD version for the interface. Specify the number of demand messages sent via the interface to the device when IPv6 address duplication (collision) is detected. MES2348Ethernet Switch Series Value Action gi_port: (1.4)..8/0/1..600)/1 no ipv6 nd dad attempts ipv6 unreachables -/enabled no ipv6 unreachables ipv6 mld version version no ipv6 mld version version: (1. te_port: (1.prefix_length .48). EXEC mode commands Command line prompt in the EXEC mode is as follows: console# Table 5.2)/2 Enable automatic IPv6 address configuration for the interface. addresses are not defined. MES2324. Clear the cache that contains the information on neighbour IPv6 devices. no ipv6 address [ipv6_address/prefix_length] [eui-64] ipv6 address autoconfig By default.. automatic configuration is enabled.8/0/1. Set the default value. . Remove an IPv6 address from the interface..8/0/1. te_port: Show IPv6 protocol settings for 81 . a decimal number representing the number of most significant bits of the address comprising the prefix. Return the default value. .8/0/1. fo_port: (1.indicates that the specified address is an anycast address.anycast .8).has 16 bits of data represented as 4 hexadecimal numbers).. vlan_id: (1.48). Addresses are configured depending on prefixes received in Router Advertisement messages. Most significant bits of the local IP addresses in IPv6 FE80:: Remove the local IPv6 address.. Disable ICMPv6 Destination Unreachable messages for packet transmission to a specific interface. Information on static entries will remain...58. Set the default value.24). Privileged EXEC mode commands Command show ipv6 neighbors{ipv6_address | gigabitethernetgi_port| tengigabitethernette_port| fortygigabitethernet fo_port |portchannelgroup| vlan vlan_id} clear ipv6 neighbors Value/Default value gi_port: (1.. ...4094) - Action Show information from the cache on the neighbour IPv6 devices. MES3324.eui-64 .57. group: (1. Set the default value. EXEC mode commands Command show ipv6 interface [brief | gigabitethernetgi_port|tengigabitethernette_port|fortygigabitethernet fo_port |portchannelgroup |loopback|tunneltun_id|vlanvlan_id] MES5324. written in 64 lease significant bits of the IPv6 address. Privileged EXEC mode commands Command line prompt in the Privileged EXEC mode is as follows: console# Table 5..IPv6 prefix length. no ipv6 address autoconfig ipv6 address ipv6_address/prefix_length link-local Default value for a local address: (FE80::EUI64) no ipv6 address [ipv6_address/prefixlength link-local] ipv6 nd dad attemptsattempts_number (0.

.4094) gi_port: (1.show ipv6 route [summary |local |connected | static |ospf |icmp |nd | ipv6_address/ipv6_prefix |interface{gigabitethernet gi_port |tengigabitethernette_port|fortygigabitethernetfo_port |port-channelgroup |loopback|tunneltun_id|vlanvlan id}] (1..15.. If a domain name does not have a dot...8). Disable the use of DNS.8/0/1. tun_id: (1. Local DNS functions...4). vlan_id: (1. no ip host name name: (1.158) characters Delete static mapping between node names and IP addresses.16).. The database of network node domain names and corresponding IP addresses is stored on DNS servers.24). no ip domain name Remove the default domain name.8/0/1. the dot will be appended to it followed by the domain name specified in the command.8/0/1.4). group: (1.] no ip nameserver{server1_ipv4_address | server1_ipv6_address | server1_ipv6z_address} [server2_address] [. 5.. tun_id: (1. ip host name address1 [address2 … address4] Specify static mapping between network node names and IP addresses.. fo_port: (1.. add the mapping to the cache.59. MES2348Ethernet Switch Series 82 .15 Protocol configuration 5.48).. You can define up to four IP addresses. Global configuration mode commands Command ip domain lookup no ip domain lookup ip name-server {server1_ipv4_address | server1_ipv6_address |server1_ipv6z_address} [server2_address][. Set IPv4/IPv6 addresses for available DNS servers.] Value/Default value -/enabled Action Enable the use of DNS. ip domain name name name: (1. group: (1.8/0/1... te_port: (1.. MES3324.1 DNS configuration The key task of DNS is to request the network node (host) IP address by its domain name. Показывает таблицу IPv6маршрутов.. vlan_id: (1.158) characters Specify the default domain name which will be used by the application to correct invalid domain names (domain names without a dot). MES2324..8/0/1.16).. fo_port: (1.... MES5324. Remove and IP address of the DNS server from the list of available servers.8).. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5.4094) a specific interface.24).

Set the default value.35 and 192.mes has the IP address 192.8) vlan_id: (1... static and cached mappings between node names and IP addresses. fo_port: (1. gi_port: (1.. DNS server list..16. EXEC mode commands Value/Default value Command clear host {name |*} name: (1.158) characters Action Delete the mapping entry between the node name and IP address in the cache or delete all entries (*).16.2 ARP configuration ARP (Address Resolution Protocol) is a link layer protocol used for deriving the MAC address from the IP address contained in the request.D hw_address format: H.16.158) characters show hosts[name] name: (1.168. Enable ARP request proxy mode for the switch. Set the dynamic entry timeout in the ARP table (in seconds).48).16. . te_port: (1.B.8/0/1. Disable ARP request proxy mode for the switch. .8/0/1. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5.168.hw_address– MAC address.8/0/1. When network node name is specified.ip_address– IP address..61.168. Privileged EXEC mode commands MES5324.24).H H:H:H:H:H:H H-H-H-H-H-H.C.EXEC mode commands Command line prompt in the EXEC mode is as follows: console# Table 5.16. group: (1.15. Global configuration mode commands Command arp ip_addresshw_ address[gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group | vlan vlan_id |oob] no arp ip_address[gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port| port-channel group |vlan vlan_id | oob] arp timeout sec no arp timeout ip arp proxy disable no ip arp proxy disable Value/Default value ip_addr format: A.4)..H. Example use of commands Use DNS servers 192. Show default domain name.39 5.60... MES3324. the command will display the corresponding IP address..mes 192. MES2324. Remove a static mapping entry between IP and MAC addresses from the ARP table for a specified interface.168.38 console(config)# ip domain name mes Specify static mapping: network node eltex..35 192.38 and set mes as the default domain name: сonsole# configure console(config)# ip name-server 192.168.16.168. MES2348Ethernet Switch Series 83 .39: сonsole# configure console(config)# ip host eltex.4094) sec: (1-40000000)/60000 seconds -/disabled Action Add a static mapping entry between IP and MAC addresses to the ARP table for a specified interface.

63.8/0/1.Command line prompt in the Privileged EXEC mode is as follows: console# Table 5.MAC address. Interface configuration mode commands Command Value/Default value ip proxy-arp no ip proxy-arp arp timeout sec -/disabled sec: (1-40000000) no arp timeout Action Enable ARP request proxy mode on the interface.168. MES2348Ethernet Switch Series 84 . MES2324. filter by IP.--------------vlan 1 te0/12 192.D mac_address format: H. filter by interface . fo_port: (1. Restore the default value (globally)..62.H or H:H:H:H:H:H or HH-H-H-H-H gi_port: (1. filter by MAC. (This command is available to privileged users only. Show global ARP configuration and interface ARP configuration. МАС address 0:0:C:40:F:BC.168.168. . group: (1.. - Interface configuration mode commands Command line prompt in the interface configuration mode is as follows: console(config-if)# Table 5.--------------.4). Privileged EXEC mode commands Command Value/Default value Action - Delete all dynamic entries from the ARP table.1 02:00:2a:00:04:95 dynamic MES5324.32 00-00-0c-40-0f-bc tengigabitethernet 1/0/2 сonsole(config)# exit сonsole# arp timeout 12000  Show the ARP table: сonsole# show arp VLAN Interface IP address HW address status --------------------. MES3324.48).------------------. Disable ARP request proxy mode on the interface. set dynamic entry timeout in the ARP cache to 12.8/0/1.. Specify the dynamic entry timeout in the ARP table (in seconds) on the interface.8/0/1.000 seconds: сonsole# configure console(config)# arp 192.C..B.32.25...16.16.8) show arp configuration Show ARP cache entries: All entries.. Example use of commands Add a static entry to the ARP cache: IP address 192.24).mac_address .H.IP address. te_port: (1.) clear arp-cache show arp [ip-address ip_address][mac-address mac_addres][gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port­channel group | oob] ip_address format: A.ip_address .

VLAN creation and registration is enabled on the interface. Disable dynamic VLAN modification or creation for the interface.. fo_port: (1. MES3324.8/0/1.8/0/1. Global configuration mode commands Command Value/Default value gvrp enable no gvrp enable -/disabled Action Enable GVRP for the switch. The switch obtains information on the missing VLANs and adds it to the database.3 GVRP configuration GARP VLAN Registration Protocol (GVRP).66. Ethernet interface and interface group configuration mode commands Command Value/Default value gvrp enable no gvrp enable gvrp vlan-creation-forbid no gvrp vlan­creation­forbid gvrp registration-forbid no gvrp registration-forbid -/disabled -/enabled Be default. Disable GVRP on the interface. Ethernet or port group interface (interface range) configuration mode commands Command line prompt in the Ethernet or port group interface configuration mode is as follows: console# configure console(config)# interface{gigabitethernetgi_port |tengigabitethernette_port |fortygigabitethernetfo_port |portchannelgroup} console(config-if)# Table 5.48). MES2348Ethernet Switch Series 85 .15. Set the default value. Cancel registration of all VLANs and disable creation or registration of new VLANs on the interface. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5. Enable dynamic VLAN modification or creation for the interface. te_port: (1. Action Enable GVRP on the interface.4).24)...8/0/1..5. group: (1. MES2324.65. Privileged EXEC mode commands Command line prompt in the Privileged EXEC mode is as follows: console# Table 5... This protocol is used to distribute VLAN identifiers in the network.8) Action Clear collected GVRP statistics. The basic function of GVRP protocol is used to discover information on VLAN networks that are not in the database upon receiving GVRP messages.. EXEC mode commands Command line prompt in the EXEC mode is as follows: console> MES5324. Privileged EXEC mode commands Command Value clear gvrp statistics [gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group] gi_port: (1.64. Disable GVRP for the switch.

Set the time interval between loopback frames.. gi_port: (1. Ethernet or port group interface (interface range) configuration mode commands Command line prompt in the Ethernet or port group interface configuration mode is as follows: console# configure console(config)# interface {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channelgroup} console(config-if)# Table 5.15. Ethernet interface and interface group configuration mode commands Command loopback-detection enable no loopback-detection enable Value/Default value -/disabled Action Enable loopback detection mechanism on a port.8/0/1. MES2324.8) Show collected GVRP statistics for a specific interface or for all interfaces. Global configuration mode commands Command loopback-detection enable no loopback-detection enable loopback-detection intervalseconds no loopback-detection interval Value/Default value Action Enable loopback detection mechanism for the switch.4 Loopback detection mechanism This mechanism allows the device to detect loopback ports.4)..8/0/1. MES3324. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5.Table 5. Show GVRP error statistics for a specific interface or for all interfaces. The switch detects port loopbacks by sending a frame with the destination address that match one of the device MAC addresses. . EXEC mode commands Command line prompt in the EXEC mode is as follows: console# MES5324. EXEC mode commands Command Value show gvrp configuration [gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group |detailed] show gvrp statistics [gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group] show gvrp errorstatistics[gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group] Action Show GVRP configuration for a specific interface or for all interfaces.. MES2348Ethernet Switch Series 86 . te_port: (1. -/disabled seconds: (10-60)/30 seconds Restore the default value.68.48).69.. fo_port: (1.. Restore the default value. group: (1.8/0/1... Restore the default value.time interval between LBD frames.24). 5.67.seconds .

. Set the time interval for listening and learning states before switching to the forwarding mode.40)/20 seconds Set the interval for broadcasting 'Hello' messages to the communicating switches. MES2324.. Switches exchange configuration messages using frames in a specific format and selectively enable or disable traffic transmission to ports. Set the method for defining the path cost. Set the default value. group: (1. RSTP.30)/15 seconds Action Enable STP on the switch. Set the default value. (1.10)/2 seconds -/denied (6.. Disable protection that disables the interface when a BPDU packet is received..stp—IEEE 802. Each instance may contain multiple VLAN groups. MES5324. MSTP) The main task of STP (Spanning Tree Protocol) is to convert an Ethernet network with multiple links into a spanning tree loop-free topology.8/0/1..5 STP family (STP.15. prior_val: (0. EXEC mode commands Command Value show loopback-detection [gigabitethernetgi_port|tengigabitethernet te_port |fortygigabitethernet fo_port |portchannelgroup|detailed] gi_port: (1.70.mstp—IEEE 802. 5... . . Enable protection that disables any interface when a BPDU packet is received. Rapid STP (RSTP) is the enhanced version of STP that enables faster convergence of a network to a spanning tree topology and provides higher stability. 5.1S Multiple Spanning Tree Protocol.1W Rapid Spanning Tree Protocol.8)...48). Action Show the state of the loopback detection mechanism. Set the lifetime of the STP spanning tree. RSTP configuration Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5.rstp—IEEE 802. Set the default value. Global configuration mode commands Command spanning-tree no spanning-tree spanning-tree mode {stp | rstp | mstp} Value/Default value -/enabled -/RSTP no spanning-tree mode spanning-tree forward-time seconds no spanning-tree forward­time spanning-tree hello-time seconds no spanning-tree hello-time spanning-tree loopback­guard no spanning-tree loopback­guard spanning-tree max-age seconds no spanning-tree max-age spanning-tree priority prior_val no spanning-tree priority spanning-tree pathcost (4. Set the priority of the STP spanning tree. MES2348Ethernet Switch Series 87 .15. MSTP configures required number of spanning trees independent on the number of VLAN groups on the switch.1D Spanning Tree Protocol. Set the default value.. Set STP operation mode. te_port: (1. one drawback of MSTP it that all MSTP switches should have the same VLAN group configuration. Set the default value.1 STP.8/0/1.. However.5.4)..Table 5. fo_port: (1.8/0/1.24). MES3324. Multiple STP (MSTP) is the most recent implementation of STP that supports VLAN. Disable STP on the switch.71.61440)/32768 -/short Priority value must be divisible by 4096.

Set the default value.72..1) >= Max-Age >= 2*(Hello-Time + 1).. Set the cost based on the port transfer rate and the method of determining path cost. no spanning-tree pathcost method spanning-tree bpdu {filtering | flooding} Set the default value.add 3 second delay before entering the transmission mode.200000000)/seeTable 5. priority: (0.240)/128 no spanning-tree port­priority spanning-tree portfast [auto] Set the default value. Disable protection that disables the interface when a BPDU packet is received. Set the cost of a path through this interface.untagged BPDU packets are transmitted and MES5324. MES3324. hello-time. Enable immediate transition into the transmission mode when the link is established. . . 'shared' for a half-duplex port no spanning-tree link-type spanning-tree bpdu {filtering | flooding} - Enable protection that disables the interface when a BPDU packet is received. Set the interface priority in the STP spanning tree. before the timer expires. . Set the default value.flooding . max-age. . . This protection prohibits the interface to be the root port of the switch. Set the RSTP state to 'forwarding' and defines the link type for a given port: .method{long|short} .65535.auto. . make sure that: 2*(Forward-Delay . see Table Ошибка! Источник ссылки не найден. Priority value must be divisible by 16.shared.long – cost value in the range 1.cost – path cost. Ethernet or port group interface configuration mode commands Command line prompt in the Ethernet or port group interface configuration mode is as follows: console(config-if)# Table 5. -/flooding no spanning-tree bpdu Set the BPDU packet processing mode by the interface on which STP is disabled.69 spanning-tree port-priority priority Action Disable STP on the interface.point to point. .filtering – BPDU packets are filtered on the interface on which STP is disabled. Ethernet or port group interface configuration mode commands Command spanning-tree disable no spanning-tree disable spanning-tree cost cost no spanning-tree cost Value/Default value -/enabled (1. Enable STP on the interface. Set the default value. Set the BPDU packet processing mode by the interface on which STP is disabled.filtering .. -/protection disabled -/'point-to-point' for a duplex port. If you set the STP parameters forward-time.point-to-point ..200000000.short – cost value in the range 1. .BPDU packets are filtered on the interface on which STP is disabled. MES2324.shared . Enable root protection for all STP spanning trees for the selected port.flooding – untagged BPDU packets are transmitted and tagged packets are filtered on the interface on which STP is disabled. MES2348Ethernet Switch Series 88 . -/disabled no spanning-tree portfast spanning-tree guard root -/protection disabled no spanning-tree guard root spanning-tree bpduguard {enable | disable} no spanning-tree bpduguard spanning-tree link-type {point-to-point | shared} Specify the mode in which the port immediately switches to transmission mode when the link is established..

.24).48)... group: (1.. fo_port: (1. te_port: (1.. Restart STP tree recalculation. fo_port: (1. MES2324.73.8/0/1.. Privileged EXEC mode commands Command Value/Default value show spanning-tree [gigabitethernet gi_port|tengigabitethernet te_port | fortygigabitethernet fo_port |portchannel group] show spanning-tree detail [active | blockedports] clear spanning-tree detected­protocols [interface {gigabitethernet gi_port|tengigabitethernet te_port | fortygigabitethernetfo_port|portchannel group}] Action Show STP state.24). Default path cost (spanning-tree cost) Method for defining the path cost. gi_port: (1...74.8).8/0/1.8/0/1.48).4).8/0/1... fo_port: (1.8/0/1..8/0/1.4). group: (1. Action Show BPDU packet processing mode for the interfaces. Set the default value.. te_port: (1.8/0/1.2 MSTP configuration Global configuration mode commands Command line prompt in the global configuration mode is as follows: MES5324.75. group: (1. EXEC mode commands Command Value show spanning-tree bpdu [gigabitethernet gi_port|tengigabitethernet te_port | fortygigabitethernet fo_port |portchannel group | detailed] gi_port: (1.8/0/1. Interface Long Short Port-channel TenGigabit Ethernet (10000 Mbps) 20000 4 2000000 100 FortyGigabit Ethernet (40000 Mbps) 2000000 100 Gigabit Ethernet (1000 Mbps) 2000000 100 Privileged EXEC mode commands Command line prompt in the Privileged EXEC mode is as follows: console# Table 5. Restarts the protocol migration process..8). te_port: (1.4) - gi_port: (1.tagged packets are filtered on the interface on which STP is disabled.8). MES2348Ethernet Switch Series 89 . Show the detailed information on STP configuration.15... 5. information on active or blocked ports.. MES3324.5...8/0/1. EXEC mode commands Command line prompt in the EXEC mode is as follows: console# Table 5..48)..24).. no spanning-tree bpdu Table 5.

Show the current or pending MST configuration. . Set the default value. . Remove the MST configuration name.console(config)# Table 5..65535. priority: (0.65535)/0 no revision show{current|pending} exit abort - Action Create a mapping between MSTP instance and VLAN groups.15). If the packet has gone through the maximum hop count.instance-id .cost value in the range 1.. . Set the default value. (1.switch priority. Disable STP on the switch.long .. Set the MST configuration name. Save configuration and exit MSTP configuration mode. ..MST configuration name. MES2324. .200000000.32) characters no name revisionvalue value: (0. Discard configuration and exit MSTP configuration mode. Set the priority of the current switch over other switches that use the same MSTP instance.vlan-range . Global configuration mode commands Command Value/Default value spanning-tree no spanning-tree spanning-tree mode {stp | rstp | mstp} no spanning-tree mode spanning-tree pathcost method{long|short} -/enabled Action Enable STP on the switch.maximum number of transit portions for BPDU packets. MES2348Ethernet Switch Series 90 .. .instance_id . it will be dropped on the next hop. - Enter the MSTP configuration mode.. Set the default value. vlan_range: (1.cost value in the range 1. MES3324.VLAN group number.. MSTP configuration mode commands Command instance instance_idvlan vlan_range no instance instance_idvlan vlan_range namestring Value/Default value instance_id:(1.value . Ethernet or port group interface configuration mode commands Command line prompt in the Ethernet or port group interface configuration mode is as follows: console(config-if)# MES5324.string .MST configuration revision number.15). . . Remove the mapping between an MSTP instance and VLAN groups. Set STP operation mode.MSTP instance identifier.77.40)/20 no spanning-tree mst max­hops spanning-tree mst configuration Set the maximum hop count for a BPDU packet required for the tree formation and keeping the information on its structure. MSTP configuration mode commands Command line prompt in the MSTP configuration mode is as follows: console# configure console (config)# spanning-tree mst configuration console (config-mst)# Table 5.4094) string: (1.priority . Priority value must be divisible by 4096.61440)/32768 no spanning-tree mst instance_id priority spanning-tree mst max­hops hop_count Set the default value.MST instance.. -/RSTP -/short no spanning-tree pathcost method spanning-tree mst instance_id priority priority instance_id: (1..short .hop_count . Set the MST configuration revision number.76. Set the default value. . Set the method for defining the path cost.

8/0/1.instance-id -MSTP instance identifier..78.blockedports show information about blocked ports..6 Show STP configuration. This protection prohibits the interface to be the root port of the switch.. Priority value must be divisible by 16.200000000) spanning-tree port-priority priority priority: (0.8/0/1.interface priority..4094). see Table Ошибка! Источник ссылки не найден. .. . Set the default value. cost: (1. Set the interface priority in an MSTP instance.cost – path cost. fo_port: (1..48)...instance_id MSTP instance identifier. . priority: (0. information on active or blocked ports.64). te_port: (1..show information about active ports..4094) MES5324. Set the cost based on the port transfer rate and the method of determining path cost. Set the interface priority in the MSTP root spanning tree.instance_id MSTP instance 91 .MSTP instance identifier. MES2348Ethernet Switch Series Show detailed information on STP configuration..24). MES3324. Privileged EXEC mode commands Command line prompt in the Privileged EXEC mode is as follows: console# Table 5. .4094).priority .. Ethernet or port group interface configuration mode commands Command Value/Default value spanning-tree guard root -/protection disabled no spanning-tree guard root spanning-tree mst instance_id port-priority priority instance_id: (1. .. 5. Set the default value.240)/128 no spanning-tree port­priority Set the cost of path through the selected interface for a specific MSTP instance. Set the default value..79. Priority value must be divisible by 16. instance_id: (1. group: (1.240)/128 no spanning-tree mst instance_id port-priority spanning-tree mst instance_id cost cost no spanning-tree mst instance_id cost Action Enable root protection for all STP spanning trees for the selected port.8) instance_id: (1.active .4). .Table 5. EXEC mode commands Command Value Action show spanning-tree [gigabitethernetgi_port|tengigabitethernette_port|fortygigabitethernet fo_port |portchannelgroup][instanceinstance_id] gi_port: (1..8/0/1. MES2324.15. . -instance-id . show spanning-tree detail [active | blockedports] [instanceinstance_id] instance_id: (1.

2 100 Dsbl Dsbl No te1/0/5 disabled 128. The STP tree is recalculated.5 100 Dsbl Dsbl No te1/0/6 enabled 128.--------.1000 4 Dsbl Dsbl No - MES5324.showspanning-tree mst­configuration - clear spanning-tree detected­protocols interface {gigabitethernetgi_port|tengigabitethernette_port|fortygigabitethernetfo_port |portchannelgroup} gi_port: (1.6 4 Frw Desg Yes P2P (RSTP) te1/0/7 enabled 128. notification 5 hello 5.-------..Nbr Cost Sts Role PortFast Type --------.-------. max age 38. Restarts the protocol migration process.1 100 Dsbl Dsbl No te1/0/2 disabled 128. group: (1.8/0/1.. spanning tree lifetime to 38 seconds.---. set the RSTP spanning tree priority to 12288.-------. fo_port: (1.4)..48)... Show information the configured MSTP instances. MES2324. MES2348Ethernet Switch Series 92 .7 100 Dsbl Dsbl No te1/0/8 enabled 128.8/0/1. MES3324.. 'Hello' broadcast message transmission interval to 5 seconds. Show STP configuration: console(config)# console(config)# console(config)# console(config)# console(config)# console(config)# console(config)# spanning-tree spanning-tree spanning-tree spanning-tree spanning-tree spanning-tree exit mode rstp priority 12288 forward-time 20 hello-time 5 max-age 38 console# show spanning-tree Spanning tree enabled mode RSTP Default port cost method: short Loopback guard: Disabled Root ID Priority Address This switch Hello Time 32768 a8:f9:4b:7b:e0:40 is the root 5 sec Max Age 38 sec Forward Delay 20 sec Number of topology changes 0 last change occurred 23:45:41 ago Times: hold 1.24). forward-time interval to 20 seconds.49 100 Dsbl Dsbl No Po1 enabled 128.----------------te1/0/1 enabled 128. te_port: (1.-----.8) identifier.9 100 Dsbl Dsbl No gi1/0/1 enabled 128.8/0/1. topology change 58. forward delay 20 Interfaces Name State Prio.. Examples of command usage  Enable STP support.8 100 Dsbl Dsbl No te1/0/9 enabled 128.

Thus. LLDP-Timer * LLDP-HoldMultiplier) Set the default value. Set the default value. Disable the switch to use LLDP. Minimum amount of time for the LLDP port to wait before LLDP reinitialization.80.. Set the default value.32768)/30 seconds number: (2.. MES2348Ethernet Switch Series 93 . Thus.8192)/2 seconds no lldp tx-delay lldp lldpdu {filtering | flooding} -/filtering no lldp lldpdu lldp med fast-start repeat­count number number: (1. .flooding . Action Enable the switch to use LLDP. streaming-video..number . MES3324.25* LLDP-Timer. .vlan_id .10)/4 no lldp hold-multiplier lldp reinit seconds no lldp reinit lldp tx-delay seconds seconds: (1.filtering .10)/3 no lldp med fast-start repeat-count lldp med network-policy numberapplication[vlanvlan_id][vlantype{tagged|untagged}][uppriority][dscpvalue] number: (1. This value will be transmitted to the receiving side in the LLDP update packets.32). . Set the default value. video-conferencing. Specify how frequently the device will send LLDP information updates. Specify a rule for the network-policy parameter (device network policy). such as: device name and description. the LLDP packet lifetime is calculated by the formula: TTL = min(65535.sequential number of a network policy rule. the master computer can model the network topology based on this information. application: (voice.LLDP packets are filtered if LLDP is disabled on the switch .. Set the number of PDU LLDP repetitions for quick start defined by LLDP-MED. video-signaling). etc. MES2324. .application . It is recommended that this delay be less than 0. voice-signaling. Specify the LLDP packet processing mode when LLDP is disabled on the switch: .10)/2 seconds seconds: (1. Information that LLDP gathers is stored on devices and can be requested by the master computer via SNMP. This parameter is optional for the LLDP MED protocol extension.tagged/untagged . The switches support transmission of both standard and optional parameters. softphone-voice.VLAN identifier for this rule.15. and should be an increment for the LLDP timer. Specify the delay between the subsequent LLDP packet transmissions caused by the changes of values or status in the local LLDP MIB database.main function defined for this network policy rule.5. Global configuration mode commands Command lldp run no lldp run lldp timer seconds no lldp timer lldp hold-multipliernumber Value/Default value -/enabled seconds: (5.. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5. MAC/PHY information. guest-voice. guest-voice-signaling.. Specify the amount of time for the receiver to keep LLDP packets before dropping them. Set the default value.7 LLDP configuration The main function of Link Layer Discovery Protocol (LLDP) is the exchange of information about status and specifications between network devices.specify whether the VLAN MES5324. port name and description.LLDP packets are transmitted if LLDP is disabled on the switch Set the default value.

Specify the control address announced on the interface.seconds .4).enable .4094). . If the Ethernet interface or port group interface belongs to VLAN.pvid . MES3324.vlan_id: (0.add/remove PPVID.. vlan_id: (1. Remove the created rule for the network-policy parameter.1 {pvid [enable | disable] | ppvid {add | remove} ppv_id | vlanname {add | remove} vlan_id} lldp optional-tlv 802. the system will choose the start IP address from the dynamic IP address range. . You can pass up to 5 optional TLV to the command.7).C. this VLAN address will not be included into the list of available control addresses.. priority: (0.enable.48). If dynamic addresses are not available. sys-cap. ppvid: (1-4094).24). Specify the maximum LLDP notification transfer rate. Enable LLDP MED protocol extension.vlan-name .D gi_port: (1.1 pvid lldp management-address {ip_address | none | automatic [gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group | vlan vlan_id]} no lldp management-address lldp notification {enable | disable} no lldp notifications lldp med enable [tlv_list] Value/Default value By default. Enable the interface to receive packets via LLDP.set a static IP address. fo_port: (1. . Remove the control IP address.priority . 802.. Enable/disable LLDP notifications on the interface. the system chooses the start IP address from the available static IP address range. Value) to be included into the LLDP packet by the device. By default. Action Enable packet transmission via LLDP on the interface. Set the default value.4095).time period during which the device can send at most one notification.protocol .8). . . Disable the interface to receive packets via LLDP. Disable packet transmission via LLDP on the interface.63) no lldp med network-policy number lldp notifications interval seconds seconds: (5. 802. You can include one to three special TLV. optional TLVs are not included. . tvl_list: (network-policy.ppvid . Specify which optional TLV fields to be included into the LLDP packet by the device. automatic {gigabitethernet | tengigabitethernet fortygigabitethernet | port-channel | vlan} – specifies that the system selects the control address automatically from the configured addresses of a given interface.indicates that the address is not announced. 802.the priority of this rule (used on the second layer of OSI model).8/0/1. Ethernet interface configuration mode commands Command lldp transmit no lldp transmit lldp receive no lldp receive lldp optional-tlvtlv_list no lldp optional-tlv lldp optional-tlv 802.. Specify which optional TLV fields (Type.. If there are multiple IP addresses. LLDP notifications are disabled. . ip-address format: A.interface PVID.. can be used in both directions. tvl_list: (port-desc.add/remove VLAN number. inventory)/LLDP MED protocol extension is disabled. By default. .8/0/1..1x | lacp | gvrp} no lldp optional-tlv 802. Set the default value.. MES5324.81.DSCP value used by this rule. -ip_address . group: (1..disable .automatic . Set the default value. te_port: (1. location. By default.3600)/5 seconds no lldp notifications interval used by this rule is tagged or untagged.disable.B. Ethernet interface configuration mode commands: Command line prompt in the Ethernet interface configuration mode is as follows: console(config-if)# Table 5..1 protocol {add | remove} {stp | rstp | mstp | pause | 802. Set the default value.8/0/1.add/remove a specific protocol.3-mac-phy. value: (0..value . MES2348Ethernet Switch Series 94 . Length.. sysname.3-lag. the control address is defined automatically.none . vlan_id: (2-4094). MES2324. .3-max-frame-size)/By default optional TLV are not included in the packet. .indicates that the system automatically chooses the control address from all IP addresses of the switch. sys-desc. .

MES2348Ethernet Switch Series 95 .. Remove the network-policy rule from this interface. Show information on the neighbour devices on which LLDP is enabled..1X..48)....address in ANSI/TIA 1057 format. Show TLVs LLDP restart state.4) Action Clear the address table of discovered neighbour devices and start a new packet exchange cycle via LLDP MED. LLDP packets are sent and received via ports blocked by STP. The LLDP packets received through a port group are saved individually by these port groups. Privileged EXEC mode commands Command clear lldp table [gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port |oob] show lldp configuration [gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port |oob|detailed] show lldp med configuration [gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port |oob|detailed] show lldp local {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port| oob} show lldp local tlvs-overloading [gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | oob] show lldp neighbors [gigabitethernet gi_port | tengigabitethernet te_port | Value/Default value gi_port: (1.8/0/1..8/0/1.24).24)..8/0/1. If the port is controlled via 802.48). MES2324... te_port: (1.24)...coordinate .8/0/1.4) gi_port: (1. Enable/disable sending LLDP MED notifications about topology changes. Command line prompt in the Privileged EXEC mode is as follows: console# Table 5. fo_port: (1.160) bytes ecs_elin_data: (10. Remove location parameter settings...enable– enable notifications... Show LLDP configuration of all physical interfaces of the device or on specific interfaces only. ..rule number.4) gi_port: (1.8/0/1.. MES5324.device administrative address.specify the rule. MES3324. Privileged EXEC mode commands All commands are available for privileged users only..civic_address_data . .. fo_port: (1. te_port: (1.8/0/1. LLDP works only with authorized ports. .24). Specify the device location for LLDP ('location' parameter value of the LLDP MED protocol).8/0/1. .remove ..remove the rule. fo_port: (1. fo_port: (1..4) gi_port: (1. LLDP operation is independent from the STP state on the port.8/0/1.ecs-elin_data ... te_port: (1..48).address in the coordinate system. . te_port: (1. Show LLDP information announced by this port.48).8/0/1.48)... fo_port: (1.24). .add .. Show LLDP MED protocol extension configuration for all physical interfaces or specific interfaces only.8/0/1.48).do not send notifications..number .lldp med network-policy {add | remove} number number: (1-32) no lldp med network-policy lldp med location {coordinate coordinate |civic-address civic_address_data |ecs-elin ecs_elin_data} no lldp med location {coordinate | civic-address | ecs-elin} lldp med notification topology-change {enable | disable} coordinate: 16 bytes civic_address_data: (6.8/0/1. ... te_port: (1...4) gi_port: (1..8/0/1..8/0/1.8/0/1.8/0/1.25) bytes -/denied no lldp med notifications topology-change Specify the network-policy rule for this interface.82.8/0/1.8/0/1.. te_port: (1.4) gi_port: (1. fo_port: (1. LLDP sends different messages to each port of the group. Set the default value... -disable .24).8/0/1.

SC None Disabled te1/0/8 Rx and Tx SN. fo_port: (1.10..48).. te_port: (1. Optional TLVs TLV options Possible values: PD – Port description.--------------te1/0/7 Rx and Tx SN. SD – System description. Add the control address 10..24).4) Examples of command usage Set the following TLV fields for the te1/0/10 port: port-description. SC – System capablities.10. Time-To-Live) for the receiver to keep LLDP packets before dropping them: TTL = Timer * Hold multiplier. Hold multiplier Specify the amount of time (TTL.70 View LLDP configuration: console# show lldp configuration LLDP state: Enabled Timer: 30 Seconds Hold multiplier: 4 Reinit delay: 4 Seconds Tx delay: 2 Seconds Notifications Interval: 5 Seconds LLDP packets handling: Filtering Chassis ID: mac-address Port State Optional TLVs Address Notifications --------.. SD 10.70 Disabled Table 5.10. MES2348Ethernet Switch Series 96 . Address Device address sent in LLDP messages. State Port operation mode for LLDP..-------------------. MES2324. Result description Field Description Timer Specify how frequently the device will send LLDP updates.10.10. console(config)# configure console(config)# interface tengigabitethernet 1/0/10 console(config-if)# lldp optional-tlvport-desc sys-name sys-desc console(config-if)# lldp management-address10. gi_port: (1. systemdescription.----------------.8/0/1. MES5324.----------.fortygigabitethernet fo_port | oob] show lldp statistics [gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port |oob|detailed] Show LLDP statistics.8/0/1. Notifications Specify whether LLDP notifications are enabled or disabled.8/0/1.10. SC None Disabled te1/0/10 Rx and Tx PD.83. system-name. SC None Disabled te1/0/9 Rx and Tx SN. MES3324. Port Port number. Tx delay Specify the delay between the subsequent LLDP frame transmissions initiated by changes of values or status.. Reinit delay Specify the minimum amount of time for the port to wait before sending the next LLDP message.70 for this interface. SN – System name.

Port ID Neighbour device port identifier. 100BASE-TX half duplex mode. Management address Device management address. Result description Field Description Port Port number. Port description Neighbour device port description. MES5324. R – Router.704C. D – DOCSIS cable device. Capabilities This field describes the device type: B – Bridge. System name Device system name.---------------------1 ts-7800-2 B 1 ts-7800-2 B 9 ts-7900-1 B.704C. W – WLAN Access Point.704C.73FB Port ID System Name Capabilities -------. R 1 ts-7900-2 W console# show lldp neighbors tengigabitethernet 1/0/20 Device ID: 02:10:11:12:13:00 Port ID: gi0/23 Capabilities: B System Name: sandbox2 System description: 24-port 10/100/1000 Ethernet Switch Port description: Ethernet Interface Time To Live: 112 802. r – Repeater. H – Host. 10BASE-T half duplex mode Operational MAU type: Unknown Table 5. O – Other. MES3324. 10BASE-T full duplex mode.704C. Auto-negotiation status Specify if the automatic port mode identification support is enabled.73FE 0060.Show information on neighbour devices: console# show lldp neighbors Port --------te0/1 te0/2 te0/3 te0/4 Device ID ---------------0060. Device ID Name or MAC address of the neighbour device. MES2324.73FC 0060. System description Neighbour device description. Auto-negotiation Advertised Capabilities Specify the modes supported by automatic port discovery function. 100BASE-TX full duplex mode.3 MAC/PHY Configuration/Status Auto-negotiation support: Supported Auto-negotiation status: Enabled Auto-negotiation Advertised Capabilities: 1000BASE-T full duplex.84. T – Telephone. MES2348Ethernet Switch Series 97 . Auto-negotiation support Specify if the automatic port mode identification is supported.73FD 0060.

Operational MAU type Working MAU type of the device. MES2348Ethernet Switch Series 98 . MES5324. MES2324. MES3324.

oui . MES3324. OUI 00:E0:BB 00:03:6B 00:E0:75 00:D0:1E 00:01:E3 00:60:B9 00:0F:E2 00:09:6E Manufacturer 3COM Cisco Veritel Pingtel Siemens NEC/ Philips Huawei-3COM Avaya Voice VLAN can be activated on ports operating in the trunk and general modes.4094) word: (1. disable the voice vlan function on all ports.. DHCP server reply contains Option 132 (VLAN ID) which allows the device to perform automatic VLAN assignment for traffic marking (Voice VLAN)..OUI description. the first 24 bits of the MAC address). Voice VLAN is automatically assigned for a port when it receives a frame with OUI from the Voice VLAN table. VoIP equipment frame classification is based on the sender's OUI (Organizationally Unique Identifier. When the port is identified as a Voice VLAN port.word . If there were no frames with OUI of VoIP equipment within a specific time period. Set COS to mark the frames belonging to Voice VLAN. Set the VLAN identifier for Voice VLAN Remove the VLAN identifier for Voice VLAN Before you can remove the VLAN identifier. Allow you to edit OUI table. . the voice vlan will be removed from this port. Restore the default value. Ethernet interface configuration mode commands MES5324. Restore the default value.85. MES2348Ethernet Switch Series 99 . The list of OUI of major VoIP equipment manufacturers. Voice VLAN is used in the following cases: VoIP equipment is configured to send tagged packets with the Voice VLAN ID configured on the switch. Remove all user changes made to the OUI table.5.first 3 bytes of the MAC address . You can specify QoS attributes of VoIP frames for traffic prioritization. VoIP equipment sends untagged DHCP requests.16 Voice VLAN Voice VLAN allows allocating VoIP equipment into a separate VLAN.43200)/1440 no voice vlan aging­timeout voice vlan cos cos [remark] no voice vlan cos voice vlan id vlan_id no voice vlan id voice vlan oui-table {add oui | remove oui} [word] cos: (0-7)/6 vlan_id: (1.. Global configuration mode commands Command Value/Default value voice vlan aging-timeout timeout timeout: (1. MES2324.32) characters no voice vlan oui-table Action Set a timeout for the port that belongs to the voice-vlan. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5. this port is added to VLAN as a tagged port.

Enable transmission of all multicast packets on the port... fo_port: (1.17. gi_port: (1.remove . Restore the default value.”.8/0/1..8) gi_port: (1..mac-group . te_port: (1.8/0/1.multicast transmission with filtering based on VLAN and the recipient's address in IPv4 format. -ipv4-group . group: (1..8/0/1.. Remove a multicast MAC address from the table. .8/0/1.48).24). Disable Voice VLAN for the port.mac_multicast_address .add .multicast transmission with filtering based on VLAN and the sender's address in IPv4 format Set the default value.remove port(s) from the banned list.8/0/1. VLAN interface configuration mode commands Command Value/Default value bridge multicast mode {macgroup|ipv4-group|ipv4-srcgroup} -/mac-group no bridge multicast mode bridge multicast address {mac_multicast_address | ip_multicast_address} [{add |remove} {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group}] no bridge multicast address {mac_multicast_address | ip_multicast_address } bridge multicast forbidden address {mac_multicast_address | ip_multicast_address} [{add |remove} {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group}] no bridge multicast forbidden address {mac_multicast_address | ip_multicast_address } bridge multicast forward-all {add |remove}{gigabitethernet gi_port: (1.add ports/aggregated ports to the list of ports which MES5324. . Remove a 'deny' rule for a multicast MAC address. te_port: (1.ip_multicast_address . .ip-src-group . . Ethernet interface configuration mode commands Command Value/Default value voice vlan enable no voice vlan enable voice vlan cos mode {src | all} no voice vlan cos mode -/disabled -/src Action Enable Voice VLAN for the port.ip_multicast_address .multicast IP address.8/0/1.48).. VLAN interface configuration mode commands Command line prompt in the VLAN interface configuration mode is as follows: console(config-if)# Table 5..Command line prompt in the Ethernet or port group interface configuration mode is as follows: console(config-if)# Table 5. Deny the connection of the port(s) to a multicast IPv6 address (MAC address).add .4).8) Description Specify the multicast data transmission mode. ...86.8/0/1..24)... .mac_multicast_address . MES2348Ethernet Switch Series 100 .multicast IP address. Interfaces must be separated by “–” and “. group: (1. te_port: (1..”.8/0/1. Add a multicast MAC address to the multicast addressing table and statically add or remove interfaces to/from the group.add port(s) into the banned list..1 Multicast addressing rules These commands are used to set multicast addressing rules on the link and network layers of the OSI network model.48). MES3324.. Interfaces must be separated by “–” and “.add – add a static subscription to a multicast MAC address of a range of Ethernet ports or port groups.24).remove the static subscription to a multicast MAC address.multicast transmission based on VLAN and MAC addresses. . ..4). 5. .remove . ..87.multicast MAC address. MES2324.17 Multicast addressing 5. fo_port: (1.multicast MAC address. Enable traffic marking for all frames or for the source only. .

gi_port: (1.8/0/1. . MES2348Ethernet Switch Series 101 . .....8/0/1.remove .ip_address ....48)..remove . .4).24).source IP address..multicast transmission based on VLAN and MAC addresses.add . .ip-src-group . MES3324.remove .ip_multicast_address . group: (1.add . fo_port: (1. .8/0/1.8) Prohibit the port to dynamically join a multicast group. Restore the default value.”.8/0/1.add ...add ports to the source IP address group.ip_address . You have to register multicast groups prior to defining prohibited ports. te_port: (1.source IP address. . .ip_multicast_address .. group: (1.. te_port: (1...ip-group .8/0/1. .multicast IP address. .4). fo_port: (1.multicast transmission with filtering based on VLAN and the recipient address in IPv6 format. ports are allowed to dynamically join a multicast group. Register IP address in the multicast addressing table and statically add/remove interfaces to/from the group.multicast IP address. Interfaces must be separated by “–” and “.8/0/1.remove the port group/aggregated ports from the a 'deny' rule.remove . Interfaces must be separated by “–” and “. .48). .. fo_port: (1. te_port: (1.. gi_port: (1. fo_port: (1.remove . Restore the default value..add ports/aggregated ports to the list of ports which are not allowed to transmit all multicast packets. . Set the multicast data transmission mode for IPv6 multicast packets. Set the default value.ip_multicast_address .48)..8/0/1.48)..8/0/1.24)... Restore the default value.8) gi_port: (1.8/0/1.8) Prohibit the port to dynamically join a multicast group.gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group} no bridge multicast forward-all bridge multicast forbidden forward-all {add |remove}{gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group} no bridge multicast forbidden forward-all bridge multicast ip-address ip_multicast_address {add | remove} {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group} no bridge multicast ip-address ip_multicast_address bridge multicast forbidden ip­address ip_multicast_address {add | remove} {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group} no bridge multicast forbidden ip-address ip_multicast_address bridge multicast source ip_address group ip_multicast_address {add | remove} {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group} no bridge multicast source ip_address group ip_multicast_address bridge multicast forbidden source ip_address group ip_multicast_address {add | remove} {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group} no bridge multicast forbidden source ip_address group ip_multicast_address bridge multicast ipv6 mode {mac-group | ip-group | ip­src­group} fo_port: (1..multicast IP address.8) By default. te_port: (1. By default. gi_port: (1.add . MES5324. . transmission of all multicast packets is denied.4). .. Disable adding/removal of mappings between the user IP address and a multicast address in the multicast addressing table for a specific port. Restore the default value. fo_port: (1.8/0/1. MES2324.8/0/1.remove . Remove a multicast IP address from the table. Restore the default value.. .remove ports from the group of the source IP address..multicast IP address.. gi_port: (1.4). .”.mac-group .remove port(s) from the banned list.48).8/0/1. . group: (1..8/0/1.prohibit adding ports to the source IP address group..ip_multicast_address .”. group: (1..add port(s) into the banned list.8) -/mac-group no bridge multicast ipv6 mode are allowed to transmit all multicast packets. .24).. group: (1.multicast transmission with filtering based on VLAN and the sender address in IPv6 format.8/0/1..remove ports from the group.”. .8). .24). Set the mapping between the user IP address and a multicast address in the multicast addressing table and statically add/remove interfaces to/from the group. group: (1.24).8/0/1. Interfaces must be separated by “–” and “.. te_port: (1..8/0/1.4)...add . Interfaces must be separated by “–” and “.4).disable port removal from the source IP address group.remove the port group/aggregated ports from the a 'permit' rule..add ports to the group..

bridge multicast ipv6
ip­address
ipv6_multicast_address {add |
remove}
{gigabitethernet gi_port |
tengigabitethernet te_port |
fortygigabitethernet fo_port |
port-channel group}
no bridge multicast ipv6
ip­address
ipv6_multicast_address
bridge multicast ipv6
forbidden ip-address
ipv6_multicast_address {add |
remove}
{gigabitethernet gi_port |
tengigabitethernet te_port |
fortygigabitethernet fo_port |
port-channel group}
no bridge multicast ipv6
forbidden ip-address
ipv6_multicast_address
bridge multicast ipv6 source
ipv6_address group
ipv6_multicast_address {add |
remove}
{gigabitethernet gi_port |
tengigabitethernet te_port |
fortygigabitethernet fo_port |
port-channel group}
no bridge multicast ipv6
source ipv6_address group
ipv6_multicast_address
bridge multicast ipv6
forbidden source ipv6_address
group ipv6_multicast_address
{add | remove}
{gigabitethernet gi_port |
tengigabitethernet te_port |
fortygigabitethernet fo_port |
port-channel group}
no bridge multicast ipv6
forbidden source ipv6_address
group ipv6_multicast_address

gi_port: (1..8/0/1..48);
te_port: (1..8/0/1..24);
fo_port: (1..8/0/1..4);
group: (1..8)

Register multicast IPv6 address in the multicast addressing
table and statically add/remove interfaces to/from the group.
- ipv6_multicast_address - multicast IP address;
- add - add ports to the group;
- remove - remove ports from the group;
Interfaces must be separated by “–” and “,”.

Remove a multicast IP address from the table.

gi_port: (1..8/0/1..48);
te_port: (1..8/0/1..24);
fo_port: (1..8/0/1..4);
group: (1..8)

Deny the connection of the port(s) to a multicast IPv6 address.
- ipv6_multicast_address - multicast IP address;
- add - add port(s) into the banned list;
- remove - remove port(s) from the banned list;
Interfaces must be separated by “–” and “,”.

Restore the default value.

gi_port: (1..8/0/1..48);
te_port: (1..8/0/1..24);
fo_port: (1..8/0/1..4);
group: (1..8)

gi_port: (1..8/0/1..48);
te_port: (1..8/0/1..24);
fo_port: (1..8/0/1..4);
group: (1..8)

Set the mapping between the user IPv6 address and a
multicast address in the multicast addressing table and
statically add/remove interfaces to/from the group.
- ipv6_address - source IP address;
- ipv6_multicast_address - multicast IP address;
- add - add ports to the source IP address group;
- remove - remove ports from the group of the source IP
address;
Restore the default value.

Disable adding/removal of mappings between the user IPv6
address and a multicast address in the multicast addressing
table for a specific port.
- ipv6_address - source IPv6 address;
- ipv6_multicast_address - multicast IPv6 address;
- add - prohibit adding ports to the source IPv6 address group;
- remove - disable port removal from the source IPv6 address
group;
Restore the default value.

Ethernet or port group interface (interface range) configuration mode commands
Command line prompt in the Ethernet or port group interface configuration mode is as follows:
console# configure
console(config)#
interface{fortygigabitethernetfo_port|tengigabitethernette_port|gigabiteth
ernetgi_port| port-channelgroup | range {…}}
console(config-if)#

Table 5.88. Ethernet interface and interface group configuration mode commands
Command
bridge multicast
unregistered {forwarding
|filtering}
no bridge multicast
unregistered

Value/Default value

-/forwarding

Description
Set a forwarding rule for packets received from unregistered
multicast addresses.
- forwarding - forward unregistered multicast packets;
- filtering - filter unregistered multicast packets;
Set the default value.

MES5324, MES2324, MES3324, MES2348Ethernet Switch Series

102

Global configuration mode commands
Command line prompt in the global configuration mode is as follows:
console(config)#

Table 5.89. Global configuration mode commands
Command
bridge multicast filtering
no bridge multicast filtering
mac address-table aging­time
seconds
no mac address-table agingtime
mac address-table learning
vlan vlan_id
no mac address-table
learning vlan vlan_id
mac address-table static
mac_address vlan vlan_id
interface
{gigabitethernet gi_port |
tengigabitethernet te_port |
fortygigabitethernet fo_port |
port-channel group}
[permanent |
delete­on­reset |
delete­on­timeout | secure]

no mac address-table static
[mac_address] vlan vlan_id
bridge multicast
reserved­address
mac_multicast_address
{ethernet-v2 ethtype | llc
sap | llc-snap pid ] {discard |
bridge}

Value/Default value
-/disabled
seconds: (10..630)/300
seconds

vlan_id: (1..4094,
all)/Enabled by default

vlan_id: (1..4094);
gi_port: (1..8/0/1..48);
te_port: (1..8/0/1..24);
fo_port: (1..8/0/1..4);
group: (1..8)

ethtype: (0x0600..0xFFFF)
sap: (0..0xFFFF)
pid: (0..0xFFFFFFFFFF)

no bridge multicast
reserved­address
mac_multicast_address
[ethernet-v2 ethtype | llc
sap | llc-snap pid]

Description
Enable multicast address filtering.
Disable multicast address filtering.
Specify MAC address aging time globally in the table.
Set the default value.
Enable MAC address learning in the current VLAN.
Disable MAC address learning in the current VLAN.
Add the source MAC address into the multicast addressing
table.
-mac_address – МАС address
-vlan_id - VLAN number
-permanent – this MAC address can only be deleted with a no
bridge address command;
-delete-on-reset - the address will be deleted after the switch
is restarted;
- delete-on-timeout - the address will be deleted after a
timeout;
- secure - the address can only be deleted with the no bridge
address command or when the port returns to the learning
mode (no port security).
Remove a MAC address from the multicast addressing table.
Specify what will be done with multicast packets from the
reserved address.
- mac_multicast_address - multicast MAC address;
- ethtype- Ethernet v2 packet type;
- sap - LLC packet type;
- pid - LLC-Snap packet type;
-discard – drop packets;
- bridge - bridge packet transmission mode;

Set the default value.

Privileged EXEC mode commands
Command line prompt in the Privileged EXEC mode is as follows:
console#

Table 5.90. Privileged EXEC mode commands
Command

Value

clear mac address-table
{dynamic | secure} [interface
{gigabitethernet gi_port |
tengigabitethernet te_port |
fortygigabitethernet fo_port |

gi_port: (1..8/0/1..48);
te_port: (1..8/0/1..24);
fo_port: (1..8/0/1..4);
group: (1..8)

Description
Remove static/dynamic entries from
addressing table.
- dynamic - remove dynamic entries;
- secure - remove static entries;

MES5324, MES2324, MES3324, MES2348Ethernet Switch Series

the

multicast

103

port-channel group}]

EXEC mode commands
Command line prompt in the EXEC mode is as follows:
console>

Table 5.91. EXEC mode commands
Command

Value

Description

show mac address-table [dynamic | static | secure]
[vlan vlan_id][interface{gigabitethernet gi_port |
tengigabitethernet te_port |
fortygigabitethernet fo_port | port-channel
group}][address mac_address]

gi_port:
(1..8/0/1..48);
te_port:
(1..8/0/1..24);
fo_port:
(1..8/0/1..4);
group: (1..8);
vlan_id: (1..4094)
gi_port:
(1..8/0/1..48);
te_port:
(1..8/0/1..24);
fo_port:
(1..8/0/1..4);
group: (1..8);
vlan_id: (1..4094)

Show the MAC address table for the
selected interface or for all interfaces.
- dynamic - show dynamic entries only;
- static - show static entries only;
- secure - show secure entries only;
- vlan_id - VLAN ID.
- mac-address – MAC address

show mac address-table count [vlan
vlan_id][interface {gigabitethernet gi_port |
tengigabitethernet te_port | fortygigabitethernet
fo_port | port-channel group}]

show bridge multicast address-table [vlan
vlan_id][address {mac_multicast_address |
ipv4_multicast_address
|ipv6_multicast_address}][format{ip|mac}]
[source{ipv4_source_address |
ipv6_source_address}]
vlan_id: (1..4094)

show bridge multicast address-table static [vlan
vlan_id][address {mac_multicast_address |
ipv4_multicast_address |
ipv6_multicast_address][sourceipv4_source_address
|ipv6_source_address][all | mac | ip]

vlan_id: (1..4094)

show bridge multicast filtering vlan_id
vlan_id: (1..4094)
show bridge multicast
unregistered[gigabitethernet gi_port |
tengigabitethernet te_port | fortygigabitethernet

gi_port:
(1..8/0/1..48);
te_port:

MES5324, MES2324, MES3324, MES2348Ethernet Switch Series

Show the number of entries in the MAC
address table for the selected interface or
for all interfaces.
- vlan_id - VLAN ID.

Show the multicast address table for the
selected interface or for all VLAN interfaces
(this command is available to privileged
users only).
- vlan_id - VLAN ID.
- mac_multicast_address - multicast MAC
address;
- ipv4_multicast_address - multicast IPv4
address;
- ipv6_multicast_address - multicast IPv6
address;
- ip - show by IP addresses;
- mac - show by MAC addresses;
- ipv4_source_address - source IPv4 address;
- ipv6_source_address - source IPv6 address.
Show the static multicast address table for
the selected interface or for all VLAN
interfaces.
- vlan_id - VLAN ID.
- mac_multicast_address - multicast MAC
address;
- ipv4_multicast_address - multicast IPv4
address;
- ipv6_multicast_address - multicast IPv6
address;
- ipv4_source_address - source IPv4 address;
- ipv6_source_address - source IPv6 address;
- ip - show by IP addresses;
- mac - show by MAC addresses;
- all - show the entire table;
Show multicast address filter configuration
for the selected VLAN.
- vlan_id - VLAN ID.
Show filter configuration for unregistered
multicast addresses.

104

fo_port | port-channel group]

(1..8/0/1..24);
fo_port:
(1..8/0/1..4);
group: (1..8)

show bridge multicast mode [vlanvlan_id]
vlan_id: (1..4094)
show bridge multicast reserved-addresses

-

Show multicast addressing mode for the
selected interface or for all VLAN interfaces.
- vlan_id - VLAN ID.
Show the rules defined for multicast
reserved addresses.

Examples of command usage

Enable multicast address filtering on the switch. Set the MAC address aging time to 450
seconds, enable forwarding of unregistered multicast packets on the switch port 11.

console # configure
console(config) # mac address-table aging-time 450
console(config) # bridge multicast filtering
console(config) # interface tengigabitethernet 1/0/11
console(config-if) # bridge multicast unregistered forwarding
console# show bridge multicast address-table format ip
Vlan
---1
19
19

IP/MAC Address
----------------------224-239.130|2.2.3
224-239.130|2.2.8
224-239.130|2.2.8

type
----dynamic
static
dynamic

Ports
------------------te0/1, te0/2
te0/1-8
te0/9-11

Forbidden ports for multicast addresses:
Vlan
---1
19

IP/MAC Address
------------------224-239.130|2.2.3
224-239.130|2.2.8

Ports
------------------te0/8
te0/8

5.17.2 IGMP snooping function
IGMP Snooping is used in multicast networks. The main task of IGMP Snooping is to provide
multicast traffic only for those ports that requested it.
IGMP Snooping can be used only in a static VLAN group. The following IGMP versions are
supported: IGMPv1, IGMPv2, IGMPv3.
To activate IGMP Snooping, you must enable the 'bridge multicast filtering' function (see
Section 'Multicast addressing rules').
Identification of ports to which multicast routers are connected is based on the following events:




IGMP requests are received through the port;
The port received Protocol Independent Multicast (PIM/PIMv2) protocol packets;
The port received multicast routing packets of Distance Vector Multicast Routing Protocol
(DVMRP) protocol;
The port received MRDISC protocol packets;
The port received Multicast Open Shortest Path First (MOSPF) protocol packets.

Global configuration mode commands

MES5324, MES2324, MES3324, MES2348Ethernet Switch Series

105

ip_multicast_address . gi_port: (1. te_port: (1.8/0/1.Command line prompt in the global configuration mode is as follows: console(config)# Table 5..vlan_id . fo_port: (1. te_port: (1..4094).8).. Set the IGMP version for IGMP query generation. Disable automatic identification of ports with connected multicast routers for this VLAN group.4094) The function is disabled by default. MES2348Ethernet Switch Series 106 .”.24). . no ip igmp snooping vlan vlan_id ip igmp snooping vlan vlan_id static ip_multicast_address [interface {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group}] no ip igmp snooping vlan vlan_id static ip_address [interface {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group}] ip igmp snooping vlan vlan_id mrouter learn pim-dvmrp no ip igmp snooping vlan vlan_id mrouter learn pim­dvmrp ip igmp snooping vlan vlan_id mrouter interface {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group} no ip igmp snooping vlan vlan_id mrouter interface {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group} ip igmp snooping vlan vlan_id forbiddenmrouter interface {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group} no ip igmp snooping vlan vlan_id forbidden mrouter interface {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group} ip igmp snooping vlan vlan_id querier no ip igmp snooping vlan vlan_id querier ip igmp snooping vlan vlan_id querier version{2 | 3} vlan_id: (1.. fo_port: (1.48)..92.. Enable igmp-query generation by the switch in this VLAN.. MES5324. . vlan_id: (1. dynamic) as a port with a connected multicast router. Indicated that a multicast router is not connected to the port.4). te_port: (1. MES3324. group: (1..24). Register multicast IP address in the multicast addressing table and statically add group interfaces for the current VLAN.8/0/1..4094).. Enable IGMP Snooping on the switch for this VLAN interface..48).. vlan_id: (1.4)..multicast IP address... vlan_id: (1.8/0/1.vlan_id . group: (1.. MES2324. Remove the prohibition of identify this port as a port with a connected multicast router.VLAN ID. .8).... gi_port: (1.vlan_id . Prohibit port identification (static.... Enable IGMP Snooping on the switch. .8/0/1. group: (1.8/0/1. -/query generation is disabled -/IGMPv3 Remove a multicast IP address from the table. .4094). fo_port: (1. vlan_id: (1. Enable automatic identification of ports with connected multicast routers for this VLAN group..VLAN ID.8/0/1. Global configuration mode commands Command Value Action ip igmp snooping no ip igmp snooping ip igmp snooping vlan vlan_id The function is disabled by default.48).8/0/1..VLAN ID.8). gi_port: (1.4094) Enabled by default vlan_id: (1.vlan_id ...24).4094). Specify the port to which a multicast router for the selected VLAN is connected. Disable IGMP Snooping on the switch for this VLAN interface..vlan_id . Disable IGMP Snooping on the switch. .VLAN ID. Disable igmp-query generation by the switch in this VLAN. Interfaces must be separated by “–” and “.8/0/1.4).VLAN ID.8/0/1.

Set the default value. if the IP address is configured for the VLAN. Set the default value. Set the maximum query response time. ip igmp snooping vlan vlan_id immediate-leave vlan_id: (1.. Enable IGMP Snooping Immediate-Leave process for the current VLAN.4094) -/disabled no ip igmp snooping vlan vlan_id immediate-leave Specify the source IP address for IGMP querier.25500)/1000 ms Set the default value. VLAN interface configuration mode commands Command Value/Default value ip igmp robustness count count: (1.. Set the default value. MES3324.7)/robustness variable value Specify the number of queries sent before the switch will determine that there are no multicast participants on this port. count: (1. seconds: (5. MES2324.no ip igmp snooping vlan vlan_id querier version ip igmp snooping vlan vlan_id querier address ip_address no ip igmp snooping vlan vlan_id querier address Set the default value.7)/2 no ip igmp robustness ip igmp query-interval seconds no ip igmp query-interval ip igmp query­max­response­time seconds no ip igmp query­max­response-time ip igmp last­member­query­count count no ip igmp last­member­query-count ip igmp last­member­query­interval milliseconds no ip igmp last­member­query-interval seconds: (30. the stability value should be increased. Disable forwarding of IGMP queries from customer VLANs to Multicast Vlan and multicast traffic to customer VLANs for the interface which is in 'access' mode. it will be used as the IGMP Snooping Querier source address. Ethernet interface configuration mode commands Command Value/Default value Action vlan_id: (1.the device that sends IGMP requests. switchport access multicast-tv vlan vlan_id no switchport access multicast-tv vlan EXEC mode commands MES5324.. Disable IGMP Snooping Immediate-Leave process for the current VLAN. Querier . VLAN interface configuration mode commands Command line prompt in the VLAN configuration mode is as follows: console(config-if)# Table 5. Specify the timeout after which the system will send basic queries to check the activity of multicast group participants. Set the default value. Specify the query interval for the last participant..4094)..4094) Enable forwarding of IGMP queries from customer VLANs to Multicast Vlan and multicast traffic to customer VLANs for the interface which is in 'access' mode. By default. If data loss occurs in the link. milliseconds: (100..20)/10 s Set the default value.93. MES2348Ethernet Switch Series 107 .94.. vlan_id: (1. The port will be immediately deleted from the IGMP group after an IGMP leave message is received. Ethernet interface (interface range) configuration mode commands Command line prompt in the interface configuration mode is as follows: console(config-if)# Table 5.18000)/125 s Action Specify IGMP stability value..

gi_port: (1..8).8/0/1. -/disabled vlan_id: (1.. Global configuration mode commands Command ipv6 mld snooping [vlan vlan_id] no ipv6 mld snooping [vlan vlan_id] ipv6 mld snooping vlan vlan_id static ipv6_multicast_address [interface {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group}] no ipv6 mld snooping vlan vlan_id static ipv6_multicast_address[interface {gigabitethernet gi_port | Value vlan_id: (1. MLD snooping is a multicast-constraining mechanism that minimises the amount of multicast traffic in IPv6 networks. EXEC mode commands Command Value/Default value show ip igmp snooping mrouter [interface vlan_id] show ip igmp snooping interface vlan_id show ip igmp snooping groups [vlan vlan_id][ip­multicast-address ip_multicast_address][ip­addressip_address] show ip igmp snooping cpe vlans [vlan vlan_id] vlan_id: (1.multicast IPv6 address. Examples of command usage Enable IGMP snooping on the switch.24)..”. Action Enable MLD snooping. .4094) vlan_id: (1.. Command line prompt in the EXEC mode is as follows: console# Table 5.. console# configure console (config)# ip igmp snooping console (config-if)# ip igmp snooping vlan 6 mrouter learn pim-dvmrp console (config)# interface vlan 6 console (config-if)# ip igmp snooping query-interval 100 console (config-if)# ip igmp robustness 4 console (config-if)# ip igmp query-max-response-time15 5. fo_port: (1.4094). Set the stability value to 4..3 MLD snooping is a multicast traffic control protocol for IPv6 networks. Show information on learned multicast groups.48)....4094) Show the table of mappings between customer VLAN equipment and TV VLAN. te_port: (1. vlan_id: (1.17.4094) vlan_id: (1. Interfaces must be separated by “–” and “. Show IGMP-snooping information for this interface.4094) Action Show information on learned multicast routers in the selected VLAN group.. Enable automatic identification of ports with connected multicast routers for VLAN 6.96.. Set the IGMP query interval to 100 seconds. Register a multicast IPv6 address in the multicast addressing table and statically add/remove interfaces from the group for the current VLAN.. MES3324. MES5324. Disable MLD snooping.95.All commands are available to the privileged user only.4).ipv6_multicast_address . MES2324. group: (1. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5. Set the maximum query response time to 15 seconds.8/0/1.8/0/1.. MES2348Ethernet Switch Series 108 . Remove a multicast IP address from the table.4094).

.18000)/125 seconds value: (5. Restore the default value. Restore the default value. Ethernet interface (interface range). Do not learn the ports connected to the mrouter by MLDquery packets. fo_port: (1..8). Disable igmp-query requests... -/enabled Remove the rule that prohibits registration of listed ports as MLD mrouter.48)... Restore the default value..4094) -/disabled -/disabled Remove mrouter ports. Disable MLD Snooping Immediate-Leave process for the current VLAN. vlan_id: (1.tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group}] ipv6 mld snooping vlan vlan_id forbidden mrouter interface {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group} no ipv6 mld snooping vlan vlan_id forbidden mrouter interface {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group} ipv6 mld snooping vlan vlan_id mrouter learn pim­dvmrp no ipv6 mld snooping vlan vlan_id mrouter learn pim­dvmrp ipv6 mld snooping vlan vlan_id mrouter interface {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group} no ipv6 mld snooping vlan vlan_id mrouter interface {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group} Ipv6 mld snooping vlan vlan_id immediate-leave no ipv6 mld snooping vlan vlan_id immediate-leave ipv6 mld snooping querier no ipv6 mld snooping querier Add a rule that prohibits registration of listed ports as MLD mrouter. te_port: (1. Specify the maximum response delay that will be used to calculate the maximum response delay code..8/0/1. gi_port: (1.4094).8/0/1.48). Enable igmp-query requests. Ethernet. vlan_id: (1.. port group or VLAN interface configuration mode is as follows: console(config-if)# Table 5. Specify the interval for sending basic MLD queries. group: (1...24). MES2348Ethernet Switch Series 109 . MES5324.25500)/1000 ms value: (30.8/0/1...4). gi_port: (1.8/0/1.20)/10 seconds Action Specify the maximum response delay of the last group participant that will be used to calculate the maximum response delay code (Max Response Code). port group or VLAN interface configuration mode commands Command ipv6 mld last­member­query-interval interval no ipv6 mld last­member­query-interval ipv6 mld query­intervalvalue no ipv6 mld query-interval ipv6 mld query­max­responsetimevalue no ipv6 mld query- Value/Default value interval: (100. MES2324.. Add a list of mrouter ports. port group or VLAN interface (interface range) configuration mode commands Command line prompt in the Ethernet. vlan_id: (1... group: (1.. vlan_id: (1.4094).4094).24).. fo_port: (1..4). MES3324.8/0/1. Enable MLD Snooping Immediate-Leave process for the current VLAN.8).8/0/1. te_port: (1... Learn the ports connected to the mrouter by MLD-query packets.97.

. EXEC mode commands Command show ipv6 mld snooping groups [vlan vlan_id] [address ipv6_multicast_address] [source ipv6 _address] show ipv6 mld snooping interface vlan_id show ipv6 mld snooping mrouter [interface vlan_id] Value vlan_id: (1. EXEC mode commands Command line prompt in the EXEC mode is as follows: console# Table 5. 5.multicast IPv6 address. With IGMP Proxy. MES2324. the devices that outside of the network of the multicast server will be able to connect to multicast groups.G) and include (*.4094) Action Show information about the registered groups according to filter parameters defined in the command.7)/2 no ipv6 mld robustness ipv6 mld versionversion Version: (1. Restore the default value.max­response-time ipv6 mld robustnessvalue value: (1.IGMP Proxy is not supported on LAG groups.2)/2 no ipv6 mld version Specify the robustness value. Restore the default value. If data loss occurs in the link. only exclude (*. Routing is implemented between the uplink interface and the downlink interfaces.4094) vlan_id: (1.4 IGMP Proxy multicast routing function IGMP Proxy multicast routing function uses the IGMP to enable simplified routing of multicast data between the networks.G) queries are processed on the downlink interfaces. Specify the protocol version operating on the current interface. the robustness value should be increased. Show information about MLD snooping configuration for the current VLAN.. IGMP Proxy restrictions: . MES2348Ethernet Switch Series 110 . the switch acts as a multicast server and processes IGMP messages from the devices connected to those interfaces.4094) vlan_id: (1..98. .Only one uplink interface can be defined. Show information about the mrouter ports.. .When V3 version of IGMP is used. The switch acts as a regular multicast client on the uplink interface and generates its own IGMP messages.17.ipv6_multicast_address . . MES3324. IGMP Proxy supports up to 512 downlink interfaces. .source IPv6 address. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# MES5324. On downlink interfaces. IGMP Proxy supports up to 1024 multicast groups..ipv6_address .

te_port: (1..8). VLAN interface configuration mode commands Command line prompt in the VLAN configuration mode is as follows: console(config-if)# Table 5.8/0/1. MES2324.99.multicast IP address.24).4094). .101. vlan_id: (1. group: (1... Command Value/Default value ip igmp-proxy {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group | vlan vlan_id} gi_port: (1.8/0/1. MES2348Ethernet Switch Series 111 .brief description of each record in the multicast routing table.8/0/1.8) Action This command allows you to view multicast group lists. .. VLAN and port group configuration mode commands. -/Disabled by default Disable multicast data routing on configured interfaces.summary . EXEC mode commands Command Value/Default value show ip mroute [ip_multicast_address [ip_address]] [summary] - show ip igmp-proxy interface [vlan vlan_id | gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group] vlan_id: (1.. gi_port: (1. EXEC mode commands Command line prompt in the EXEC mode is as follows: console# Table 5. te_port: (1.. -ip_address– source IP address.48)..48). You can select a group by group address or multicast data source address. Ethernet interface. console#show ip igmp-proxy interface * .. fo_port: (1..4094) Action A configured interface is a downlink interface.Table 5.8/0/1.100. fo_port: (1.. Information about the status of IGMP-proxy for specific interfaces.4).. group: (1. MES3324.8/0/1..8/0/1. This command assigns the associated uplink interface used in routing.ip_multicast_address .24).4).the switch is the Querier on the interface IP Forwarding is enabled IP Multicast Routing is enabled IGMP Proxy is enabled Global Downstream interfaces protection is enabled SSM Access List Name: Interface vlan5 vlan30 Type upstream downstream Interface Protection default MES5324..... Global configuration mode commands Command Value/Default value ip multicast-routing igmp­proxy no ip multicast-routing igmp-proxy Action Enable multicast data routing on configured interfaces.

no ipv6 pim bsr-candidate ip pim rpaddressunicast_address [multicast_subnet] no ip pim rpaddressunicast_address [multicast_subnet] ipv6 pim rpaddressipv6_unicast_addre ss [ipv6_multicast_ subnet] Action - . IPv4 multicast routing configuration. It uses unicast routing to verify RPF. Delete a static RP or RP for a specific subnetwork. Disable this parameter.subnet mask.priority_num . .multicast . . creating an RP list for each multicast group and sending it with a domain. .ipv6_unicast_ addr IPv6 address.. Routers perform this verification to ensure loop-free forwarding of multicast traffic. acc_list: (0.32)/30. MES2324.priority. Border Gateway Protocol) rather than creates its own network topology. Filter PIM registration messages for IPv6.a standard ACL list of multicast prefixes. Enable multicast routing and PIM for IPv6 on all interfaces.mask . Specify the device as a BSR (bootstrap router) candidate..192)/0.32) characters.mask . .multicast subnetwork. PIM relies on traditional routing protocols (such as. . mask: (8..18 Multicast routing. Disable multicast routing and PIM for IPv6. Disable this parameter. BSR (bootsrtap router) is a mechanism for gathering information about RP candidates. Global configuration mode commands Command ip multicast-routing pim no ip multicast-routing pim ipv6 multicast-routing pim no ipv6 multicast-routing pim ip pim accept-register listacc_list no ip pim acceptregisterlist ipv6 pim accept-register listacc_list no ipv6 pim acceptregisterlist ip pim bsrcandidateip_address[mask] [prioritypriority_num] no ip pim bsr-candidate ipv6 pim bsrcandidateipv6_address[ma sk][prioritypriority_num] Value/Default value -/Disabled by default -/Disabled by default acc_list: (0.ipv6_address . . .acc_list . Disable multicast routing and PIM.5. . Create a static rendezvous Point (RP). Disable this parameter. MES2348Ethernet Switch Series 112 ..102. Create a static rendezvous Point (RP). optionally specify a multicast subnetwork for this RP. priority_num: (0.priority.ipv6_multicast_ subnet .a valid IP address of the switch. Disable this parameter.128)/126. .unicast_addr .192)/0. MES3324. Filter PIM registration messages.32) characters.G).IP address. . Delete a static RP or RP for a specific subnetwork. PIM protocol Protocol-Independent Multicast protocols for IP networks were created to address the problem of multicast routing.subnet mask... .a standard ACL list of multicast prefixes. Specify the device as a BSR (bootstrap router) candidate.multicast subnetwork. MES5324.priority_num .acc_list . - no ipv6 pim rpaddressipv6_unicast_addre Enable multicast routing and PIM protocol on all interfaces. optionally specify a multicast subnetwork for this RP.a valid IPv6 address of the switch. priority_num: (0. RP (rendezvous point) is a rendezvous point where multicast source are registered and create a route from source S (self) to group G: (S. mask: (8.ip_address . Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5.

Disable this parameter.specify a multicast subnetwork.0/8.candidate priority. no ip pim ssm[rangemulticast_subnet |default] ipv6 pim ssm{rangeipv6_multicast_s ubnet | default} - no ipv6 pim ssm[rangeipv6_multicast_s ubnet |default] ipv6 pim rp-embedded no ipv6 pim rp-embedded Create a Rendezvous Point (RP) candidate. . .. . . Disable this parameter. Specify a sending period for hello packets. secs: (1.32) characters. Disable this parameter. Stop sending BSR messages from an interface. Disable extended functions of a rendezvous point (RP). secs: (1. . priority: (0.multicast subnetwork. Specify a multicast subnetwork .acc_list .103.unicast_addr . Return the default value. Disable PIM on an interface.priority . . .sec .. .0.priority ..16383)/60 seconds. Specify a multicast subnetwork .16383)/60 seconds. -priority . . acc_list: (0.a standard ACL list of multicast prefixes. .specify a range in FF3E::/32.the priority to determine which switch will be a DR router. .specify a range in 232.192)/192.candidate priority. MES3324..ipv6_unicast_addr . Return the default value.0. . interval: (1.specify a multicast subnetwork..join or prune messages sending interval.a standard ACL list of multicast prefixes.secs . .secs-message sending period.default ..Ipv6 address.default .32) characters.IP address. Return the default value.4294967294)/1 no ip (ipv6) pim dr-priority ip ip (ipv6) pim hello­intervalsecs no ip (ipv6) pim hello­interval ip (ipv6) pim join­prune­interval interval no ip (ipv6) pim join­prune­interval secs: (1.acc_list .. Create a Rendezvous Point (RP) candidate. Specify the priority in selecting a DR router.18000)/60 seconds Specify a time period during which the switch will send join or prune messages.ipv6_multicast_subnet . MES2348Ethernet Switch Series 113 .message sending period. The switch that has the highest value will be a DR router. Ethernet interface configuration mode commands Command ip (ipv6) pim no ip (ipv6) pim ip (ipv6) pim bsr-border no ip pim bsr-border ip (ipv6) pim drprioritypriority Value/Default value -/enabled -/disabled priority: (0.18000)/30 seconds Action Enable PIM on an interface. .multicast_subnet . Ethernet interface configuration mode commands Command line prompt is as follows: console(config-if)# Table 5. -/enabled Enable extended functions of a rendezvous point (RP).ss [ipv6_multicast_subnet] ip pim rpcandidateunicast_address [group-list acc_list] [priority priority] [interval secs] no ip pim rpcandidateunicast_address ipv6 pim rpcandidateipv6_unicast_add ress [group-list acc_list] [priority priority] [interval secs] no ipv6 pim rpcandidateipv6_unicast_add ress ip pim ssm{rangemulticast_subnet | default} acc_list: (0.multicast subnetwork. Disable this parameter.. MES2324. priority: (0.hello packet sending period. Disable this parameter.range . MES5324.interval ..range .192)/192.

group: (1.displays all interfaces on which PIM is enabled. console# configure console(config)# ip multicast-routing console(config)# ip pim rp-address 1.ip (ipv6) pim neighbor­filteracc_list no ip (ipv6) pim neighbor­filter acc_list: (0...8/0/1. Routing protocol should be pre-configured.104.. Example use of commands Basic configuration of PIM SM with a static RP (1. . Show the status of RP candidates.. MES3324.. fo_port: (1.8/0/1. MES2348Ethernet Switch Series 114 .1.32) characters.1. Display the PIM counters.group-address – the address of the group.8/0/1..state-on . fo_port: (1. vlan_id: (1..8)...24). group: (1.. Disable this parameter. Filter incoming PIM messages.state-off .48). Show the table of binding multicast groups..8/0/1.48).4094).. EXEC mode commands Command line prompt in the EXEC mode is as follows: console# Table 5. te_port: (1.8/0/1. .4).4).8/0/1.1. vlan_id: (1. Display information on learned RP candidates..1).1 MES5324..display all interfaces on which PIM is disabled.8).the list of addresses to filter.. .24). gi_port: (1. Show information about PIM neighbours. ...4094) - Show information about PIM interfaces: .acc_list . Display information on BSR. te_port: (1.1. MES2324.RP_addr – IP-address. EXEC mode commands Command show ip (ipv6) pim rp mapping[RP_addr] show ip (ipv6) pim neighbor[detail] [gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group| vlan vlan_id] show ip (ipv6) pim interface[gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group | vlan vlan_id |state-on | state­off] show ip (ipv6) pim groupmap[group_address] show ip (ipv6) pim counters show ip (ipv6) pim bsr election show ip (ipv6) pim bsr rp-cache show ip (ipv6) pim bsr candidate-rp clear ip (ipv6) pim counters Value/Default value - Action Show active RPs linked to routing information. gi_port: (1. Reset PIM counters to zero.

use a RADIUS server list for authentication.19 Control functions 5. Authentication .local .encrypted password (for MES5324. the access to the console will always be open. -/By default the check is conducted against the local database (aaa authentication enable authorization default local) no aaa authentication enable authorization {default| list_name} enable password password [encrypted] [level level] no enable password [level level] username name{nopassword | password password | password encrypted encrypted_password}[priveligedlevel] level: (1.encrypted_password .user resource consumption monitoring.username.tacacs . the switch uses AAA mechanism (Authentication.105. method_list: (enable. Method description (method_list): . The SSH mechanism is used for data encryption.64) characters encrypted_password: (1.the process of defining specific privileges for the existing account (already authorized) in the system. MES3324. none. . The list is created with by following command: aaa authentication login list_namemethod_list.15)/1. .159) characters name: (1. password: (0.. you should always define the required minimum of settings for the specified authentication method.default .name ..use the following authentication methods.password. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5.... .the process of matching with the existing account in the security system.password . Accounting .5.. . . line.line . . local.radius .privilege level.privilege level.64) characters Action Specify authentication method for logging in. an encrypted password copied from another device). .enable . Authorization. . List usage: aaa authentication login list-name To prevent the loss of access. MES2348Ethernet Switch Series 115 . .use a local username database for authentication. If authentication method is not defined.level .use a password for authentication.19. Accounting).1 AAA mechanism To ensure system security. . Add a user to the local database.20) characters password: (1. Remove the entry for the corresponding privilege level. Global configuration mode commands Command Value/Default value aaa authentication enable authorization {default| list_name}method_list list_name: (1.the name of authentication method list that is activated when the user logs in. Set the password to control user access privilege.password. radius). .encrypted password (for example.level .use a TACACS server list for authentication.do not use authentication. tacacs. Authorization (access level verification) . .encrypted .use a terminal password for authentication. Set the default value.12) characters. MES2324.none . .password . .list_name .

use the 'none' method. Enable accounting for 802. and will be disabled when the user logs out. in the multiple hosts mode—only for authenticated users (see 802. Calling-Station-ID (31) Yes Yes User IP address. Set the default value. To grant the client access to the device. Table 5. an encrypted password copied from another device).107. corresponding to the start and stop values in RADIUS messages (for RADIUS protocol message parameters. corresponding to the start and stop values in RADIUS messages (for RADIUS protocol message parameters. Remove a user from the local database. MES2324.1x sessions Attribute User-Name (1) Attribute presence in Start message Attribute presence in Stop message Yes Yes Description User identification. start/stop messages are sent for all users.105). see Table 5. Acct-Terminate-Cause (49) No Yes The reason why the session is closed. Acct-Session-ID (44) Yes Yes Unique accounting identifier. for the users logged in with a terminal password.. Disable accounting for CLI commands. Enable accounting for control sessions. Accounting will be enabled when the user logs in.level: (1. Acct-Session-Time (46) No Yes Show how long the user is connected to the system. RADIUS protocol accounting message attributes for control sessions Attribute presence in Start message Attribute presence in Stop message User-Name (1) Yes Yes User identification. In the multiple sessions mode. see Table 5. even if all authentication methods failed. MES2348Ethernet Switch Series 116 . Attribute Description Table 5.15) no username name aaa accounting login start­stop group {radius | tacacs+} -/Accounting is disabled by default. Called-Station-ID (30) Yes Yes The IP address of the switch used for control sessions. MES5324.1x sessions. MES3324.1x Section). Class (25) Yes Yes An arbitrary value included in all session accounting messages. NAS-IP-Address (4) Yes Yes The IP address of the switch used for Radius server sessions.106. accounting is disabled. no aaa accounting dot1x start-stop group radius example. RADIUS protocol accounting message attributes for 802. and will be disabled when the user logs out. Accounting will be enabled when the user logs in. Accounting is enabled only for the users logged in with their username and password. no aaa accounting login start-stop aaa accounting dot1x start­stop group radius -/Accounting is disabled by default. Acct-Authentic (45) Yes Yes Specify the method for client authentication.105).

Calling-Station-ID (31) Yes Yes User IP address. Called-Station-ID (30) Yes Yes IP address of the switch.109.use the default list created by the 'aaa authentication login default' command. Set the default value. Specify the user authentication method when privilege level is escalated for console.use the list created by the 'aaa authentication login list_name' command. . Remove the terminal password. Acct-Authentic (45) Yes Yes Specify the method for client authentication.12) characters no enable authentication password password [encrypted] password: (0.NAS-IP-Address (4) Yes Yes The IP address of the switch used for Radius server sessions. an encrypted password copied from another device). . telnet.12) characters no login authentication enable authentication {default|list_name} list_name: (1. Class (25) Yes Yes An arbitrary value included in all session accounting messages. ssh. NAS-Port (5) Yes Yes The switch port the user is connected to. Terminal configuration mode commands Command Value/Default value login authentication {default|list_name} list_name: (1. .encrypted password (for example. MES2324.encrypted .list_name—use the list created by the 'aaa authentication login list_name' command...list_name . . MES2348Ethernet Switch Series 117 . EXEC mode commands MES5324. MES3324.108. . Set the default value. telnet. Terminal configuration mode commands Command line prompt in the terminal configuration mode is as follows: console(config-line)# Table 5. Privileged EXEC mode commands Command show authentication methods show users accounts Value/Default value - Action Show information about switch authentication methods.default . ssh. Acct-Terminate-Cause (49) No Yes The reason why the session is closed. Privileged EXEC mode commands Command line prompt in the Privileged EXEC mode is as follows: console# Table 5.default . Specify the terminal password. Acct-Session-ID (44) Yes Yes Unique accounting identifier.159) characters no password Action Specify the log-in authentication method for console.use the default list created by the 'aaa authentication login default' command. Nas-Port-Type (61) Yes Yes Show the client port type. Acct-Session-Time (46) No Yes Show how long the user is connected to the system.. Show local user database and their privileges.

. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5.priority . Set the default value. Global configuration mode commands Command radius-server host {ip_address | hostname} [auth­port auth_port] [acct­portacct_port][timeout timeout] [retransmit retries] [deadtime time] [key secret_key] [priority priority] [usage type] no radius-server host {ip_address |hostname} radius-server key [key] no radius-server key radius-server timeout timeout no radius-server timeout radius-server retransmit retries Value/Default value hostname: (1.. Thus.65535)/0....2000)/0 min vlan_id: (1. Set the default value.111.110..auth_port .4094). . authorization and accounting. type: (login. acct_port: (0. Specify the default server response interval. Specify the default number of attempts to discover a RADIUS server from the list of servers.. EXEC mode commands Command show accounting Value/Default value - Action Show information about configured accounting methods. . a search for the next priority server from the server list will be performed. If the server is not found. If timeout.19.server response timeout. the current RADIUS server uses the values configured with the following commands.acct_port .15).128) characters/default key is an empty string timeout: (1. MES2324. Set the default time in minutes the RADIUS client of the switch will not poll unavailable servers.RADIUS server network name.time in minutes the RADIUS client of the switch will not poll unavailable servers. Action Add the selected server into the list of RADIUS servers used. Specify the default authentication and encryption key for RADIUS data exchange between the device and RADIUS environment. Set the default value.65535)/1813. Remove the selected server from the list of RADIUS servers used.x. secret_key parameters are not specified in the command.IPv4 or IPv6 address of the RADIUS server. timeout: (1. .retries . time (0. MES2348Ethernet Switch Series 118 .30)/3 seconds retries: (1.30) seconds retries: (1.Command line prompt in the EXEC mode is as follows: console> All commands from this section are available to the privileged users only. Set the default value.secret_key .15)/3 no radius-server retransmit radius-server deadtime deadtime no radius-server deadtime radius-server host deadtime: (0...number of attempts to search for a RADIUS server.time .3 priority: (0.timeout ..port number for sending authentication data.65535)/1812.. . the higher the server priority). retries.2000) minutes secret_key: (0.2 RADIUS RADIUS is used for authentication. . .RADIUS server priority (the lower the value. all)/ all key: (0.. MES3324. dot1. Optimize RADIUS server query time when some servers are unavailable. 5.hostname . Table 5.the type of usage of the RADIUS server.158) characters auth_port: (0. . RADIUS provides more secure access to network resources and the switch itself. . . . Specify a device interface whose IP address will be used as the MES5324. RADIUS server uses a user database that contains authentication data for each user.19.port number for sending accounting data.128) characters 5. time.type .ip_address ..authentication and encryption key for RADIUS data exchange.

RADIUS server configuration.48). gi_port: (1.Dead.8/0/1.16. Add a RADIUS server located in the network node with the following parameters: IP address 192. MES2348Ethernet Switch Series 119 .8).16).----192. server access attempts . Delete a device interface..10 minutes.secret.source­interface {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group | loopback | tunnel tun_id | vlan vlan id} no radius-server host source­interface radius-server host source­interface-ipv6 {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group | loopback | tunnel tun_id | vlan vlan id} no radius-server host source­interface-ipv6 gi_port: (1. Privileged EXEC mode commands Command Value/Default value Action - Show RADIUS server configuration parameters (this command is available to privileged users only). group: (1. user information. console# configure console (config)# radius-server console (config)# radius-server console (config)# radius-server console (config)# radius-server console (config)# radius-server  timeout5 retransmit5 deadtime10 key secret host196. Privileged EXEC mode commands Command line prompt in the Privileged EXEC mode is as follows: console# Table 5.----.168....168....4).... default source address in the RADIUS messages.168.8/0/1..Prio.8/0/1.112.8/0/1.16.16.3 auth-port1645retransmit2 Show RADIUS server configuration parameters console# show radius-servers IP address Port Auth --------------. te_port: (1. fo_port: (1.5. Usage Out rans Time -----.8/0/1. vlan_id: (1. group: (1..8/0/1. MES3324. te_port: (1. Specify a device interface whose IPv6 address will be used as the default source address in the RADIUS messages.4). show radius-servers show radius server {statistics |group |accounting | configuration | rejected | secret | user} Example use of commands  Set global values for the following parameters: server reply interval .2.24)..48).. MES2324.8).. tun_id: (1. Delete a device interface.3 1645 port Acct ----1813 TimeRet. time the switch RADIUS client will not poll unavailable servers .3..24).-----..4094). tun_id: (1. secret key . server authentication port 1645.----Global 2 Global 0 all MES5324.16). - Show Radius statistics.5 seconds. fo_port: (1.-----. RADIUS server discovery attempts .

MES3324. MES2324.Global values -------------TimeOut : 5 Retransmit : 5 Deadtime : 10 Source IPv4 interface : Source IPv6 interface : MES5324. MES2348Ethernet Switch Series 120 .

Set the default value.4).TACACS server network name. timeout: (1..65535)/49. secret_key parameters are not specified in the command.16). Set the default value.hostname . .timeout .server response timeout. TACACS+ provides the following services: Authentication.5.authentication and encryption key for TACACS data exchange.128) characters priority: (0. tun_id: (1... an authorization session will start using the verified username..4 TACACS+ TACACS+ provides a centralized authentication system for managing user access to the device that ensures compatibility with RADIUS and other authentication mechanisms. tacacs-server host {ip_address | hostname} [single-connection] [port­number port] [timeout timeout] [keysecret_key] [prioritypriority] no tacacs-server host {ip_address | hostname} tacacs-server key key no tacacs-server key tacacs-server timeout timeout no tacacs-server timeout tacacs-server host source­interface{gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group | loopback | tunnel tun_id | vlan vlan id} no tacacs-server host source­interface key: (0.single-connection .8/0/1. MES2348Ethernet Switch Series 121 . Remove the selected server from the list of TACACS servers used.. Used when the user logs in with the usernames and his/her passwords...8/0/1. Delete a device interface.48). gi_port: (1.19.4094)..30)/5 seconds vlan_id: (1.priority . If authentication is successful.IP address of the TACACS server. . Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5.. Specify the default server response interval. group: (1.24). the server will also verify user privileges. Authorization.8/0/1.port number for data exchange with the TACACS server. . .30) seconds secret_key: (0.TACACS server priority (the lower the value.8) If timeout. the current TACACS server uses the values configured with the following commands. Add the selected server into the list of TACACS servers used. Specify the default authentication and encryption key for TACACS data exchange between the device and TACACS environment.port . the higher the server priority). MES2324.restrict the number of connection for data exchange with the TACACS server to one at a time. te_port: (1. . fo_port: (1..... Used when the user logs in. MES3324... EXEC mode commands Command line prompt in the EXEC mode is as follows: console# MES5324.65535)/0.158) characters port: (0. Specify a device interface whose IP address will be used as the default source address for message exchange with the TACACS server..113. . Global configuration mode commands Command Value/Default value Action hostname: (1.ip_address .128) characters/default key is an empty string timeout: (1. .secret_key .

. The device supports SNMPv1.19.view_name .g. The character ‘*’ can be used to specify a subtree family: 1.5 Simple network management protocol (SNMP) SNMP provides means for monitoring and management of network devices and applications through the control information exchange between agents located on the network devices and managers located on management stations.255.include . system. which should be previously defined by the snmp-server group command.255.IPv4 address mask that defines source address bits to be compared to the specified IP address. Specify the community string value for SNMP data exchange.prefix_length .20) characters ipv4_address format: A.ipv4_address.D ipv6_address format: X:X:X:X::X.. Enable SNMP support..read-only access.server name.su .30) characters no snmp-server communitycommunity[ipv4_a ddress | ipv6_address | ipv6z_address] snmp-server viewview_name OID{included | excluded} view_name: (1.MIB object identifier represented as an ASN. prefix-length: (1.exclude .158) characters Action Show TACACS+ server configuration and statistics.3.*. . Remove the view rule for SNMP. Specify objects available to the community. MES5324. Disable SNMP support.114.B. Specify the objects available to the community. . Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5.ip_address . SNMPv3. dod). ipv6z_address – IP-address of the device.32)/32. . MES2324.3.OID .C. The switches can use SNMP for remote control and monitoring of the device. . ..4. view_name: (1.30) characters.number of bits that comprise the IPv4 address prefix. e. . ipv6z_address format: X:X:X:X::X%<ID>. .30) characters no snmp-server view Create or edit the SNMP view rule.community string (password) for access via SNMP.specify the name for the SNMP view rule.255. . the rule that allows or prohibits the access by the browsing server to OID.IP address of the TACACS server.1 tree (string type 1.read-write access.hostname .community . SNMPv2. MES3324. mask: -/255. MES2348Ethernet Switch Series 122 . . 5..rw . . may include reserved words.6. gateways.administrator access.. terminal servers) that create management communications between network management stations and network agents.specify the name of the group. Remove community string parameters.Table 5. EXEC mode commands Command show tacacs [ip_address | hostname] Value host_name: (1.2. community: (1. Global configuration mode commands Command Value/Default value Action snmp-server server no snmp-server server snmp-server communitycommunity[ro | rw | su][ipv4_address | ipv6_address | ipv6z_address][mask mask |prefix prefix_length]] [viewview_name] snmp-server community­groupcommunity group_name[ipv4_address | ipv6_address | ipv6z_address][maskmask|pre fixprefix_length] SNMP support is enabled by default.2). . the rule should be previously defined by the snmp-server view command.OID is excluded from the browsing rule.. group_name: (1. .115. routers. ipv6_address.mask .OID is included in the browsing rule. .group_name . SNMP defines a network as a collection of network management stations and network elements (hosts.ro .

trap SNMPv2.. v2.the name of the view rule that is only allowed to read the SNMP agent of the switch. .OID .32) characters.3.. -engineid_string ... dod.8/0/1.confirmation timeout after which an ‘inform’ message will be re-send.community .4094).8/0/1.noauth – do not specify the packet authenticity.20) characters group_name: (1.OID is included in the filtering rule. Create an SNMPv3 user.158) characters community: (1. e.. may include reserved words. . .SNMPv1/2c community string for notification message transmission.SNMP filter name. . . auth. MES3324. Specify the settings for ‘inform’ and ‘trap’ notification message transmission to the SNMP server. . te_port: (1. filter-name: (1.filter_name .. Remove the settings for ‘inform’ and ‘trap’ notification message transmission to the SNMPv1/v2/v3 server.the name of the view rule that is allowed to enter data and to configure the content of the SNMP agent of the switch.grou_pname – group name. ..30) characters no snmp-server filter filter_name[OID] snmp-server host {ipv4_address | ipv6_address |hostname}[trap s | informs][version {1 |2c|3 {noauth | auth | priv}] {community |username}[udpportport] [filterfilter_name] [timeoutseconds] [retriesretries] no snmp-server host {ipv4_address | ipv6_address |hostname} [traps | informs] snmp-server engineidlocal{engineid_string| default} no snmp-server engineidlocal snmp-server source­interface {traps | informs} {gigabitethernetgi_port| tengigabitethernette_port|for hostname: (1. Create or edit an SNMP filter rule that filters ‘inform’ and ‘trap’ messages sent to the SNMP server.g.name of the SNMP device. Specify a device interface whose IP address will be used as the default source address for message exchange with the SNMP server..300)/15...255)/3 engineid_string: (5. Create the local SNMP device identifier engineID..write_view .2. .noauth. .username .. MES5324.. . . . gi_port: (1. MES2324. The character ‘*’ can be used to specify a subtree family: 1.number of attempts to send an ‘inform’ message if no confirmation is received.24). v2. fo_port: (1. engine ID will be created automatically based on the device MAC address..user_name – user name. Remove an SNMPv3 user. v3 – SNMP v1.3..65535)/162.30) characters filter-name: (1.20) characters username: (1.6... .2).the name of the view rule that can specify the ‘inform’ and ‘trap’ SNMP agent messages.20) characters port: (1.include . auth – authentication w/o encryption.MIB object identifier represented as an ASN.UDP port of the SNMP server.30) characters notify_view: (1. . MES2348Ethernet Switch Series 123 .read_view .32) characters vlan_id: (1.4).specify the packet authenticity with encryption.priv ...30) characters seconds: (1. Remove the local SNMP device identifier engine ID.auth– specify the packet authenticity w/o encryption. .4.port . .write_view: (1.v1.viewname [OID] snmp-server groupgroup_name{v1 | v2 | v3 {noauth | auth | priv} [notifynotify_view]} [read read_view] [write write_view] no snmp-server group groupname{v1 | v2 | v3 [noauth | auth | priv]} snmp-server user user_name group_name {v1 | v2c |v3[remote {ip_address|host}]} no snmp-server user user_name {v1 | v2c |v3[remote {ip_address|host}]} snmp-server filter filter_nameOID {included|excluded} group_name: (1. priv – authentication type for SNMP v3 (noauth – w/o authentication.. v3 security model.version – define the ‘trap’ message type: trap SNMPv1. system.retries .32) characters user_name: (1.default .SNMPv3 user name for authentication.*. trap SNMPv3.8/0/1.. .48). .OID is excluded from the filtering rule.seconds .1 tree (string type 1. Remove an SNMP group.32) characters read_view: (1. Create an SNMP group or mapping table between SNMP users and SNMP view rules. Remove an SNMP filter rule.. . . priv – authentication with encryption).when this setting is used.notify_view . .exclude . retries: (0.

158) characters. The same for IPv6. Delete a device interface.16). group: (1. Ethernet interface (interface range) configuration mode commands Command line prompt in the Ethernet interface configuration mode is as follows: console(config-if)# Table 5. group: (1.. hostname: (1. Remove the remote SNMP device identifier engine ID.24). name.variable name. MES2324. Ethernet interface configuration mode commands Command Value/Default value Action -/enabled Enable SNMP trap message transmission when the port state changes. Set the variables in the switch MIB database..116. MES3324..48).variable_name . engineid_string: (5..name.. -/enabled -/enabled -/enabled -/enabled text: (1... Delete a device interface. value .. gi_port: (1... Disable sending SNMP trap messages.. -engineid_string .. Allow messages to be sent to a non-authenticated trap server. Disable SNMP trap message transmission when the port state changes.tygigabitethernet fo_port |por t-channelgroup | loopback | tunnel tun_id | vlanvlan id} no snmp-server source­interface [traps | informs] snmp-server source­interface­ipv6 {traps | informs} {gigabitethernet gi_port| tengigabitethernette_port|for tygigabitethernetfo_port |port-channelgroup | loopback | tunnel tun_id | vlanvlan id} no snmp-server sourceinterface-ipv6 [traps | informs] snmp-server engineid remote {ipv4_address | ipv6_address | hostname} engineid_string no snmp-server engineID remote {ipv4_address | ipv6_address | hostname} snmp-server enable traps no snmp-server enable traps snmp-server enable traps ospf no snmp-server enable traps ospf snmp-server enable traps ipv6 ospf no snmp-server enable traps ipv6 ospf snmp-server trap authentication no snmp-server trap authentication snmp-server contact text no snmp-server contact snmp-server location text no snmp-server location snmp-server set variable_namename1 value1[name2 value2 … ] tun_id: (1.160) characters text: (1. Disable sending SNMP trap messages.8). te_port: (1.8/0/1.the name of the SNMP device. .4094). value should be specified as per specification Create the remote SNMP device identifier engine ID. Remove device location information. vlan_id: (1.. Remove device contact information. Enable sending SNMP trap messages of the OSPF protocol (IPv6). tun_id: (1. fo_port: (1.4). snmp trap link-status no snmp trap link-status Privileged EXEC mode commands Command line prompt in the Privileged EXEC mode is as follows: MES5324. . Prohibit sending messages to a non-authenticated trap server.160) characters variable_name..8/0/1.32) characters.mappings 'name-value'.8). Enable SNMP trap message support. Enable sending SNMP trap messages of the OSPF protocol. Disable SNMP trap message support. Specify device location information. Specify device contact information..16). MES2348Ethernet Switch Series 124 .8/0/1.

startup: (rising. log. MES2324.create a table entry and send an SNMP trap. The main difference between RMON and SNMP is the nature of the information being collected.event description.Table 5.do not create a notification. -desc_text .30) characters Action Show SNMP connection status.118.index..the absolute value of the selected 125 .event index that is used for crossing the falling threshold.variable part identifier of the OID object. The data collected by RMON describes the traffic between the network nodes.index.rising threshold. fthreshold: (0. .127) characters name: string no rmon event index rmon alarm indexmib_object_id interval rthreshold fthreshold revent fevent [typetype][startupdirection][ownername] index: (1.send an SNMP trap.2147483647).create a table entry. ..type -type of notification generated by the device for this event: none .19. type: (absolute.. falling.30) characters filter-name: (1. mib_object_id: valid OID: interval: (1. MES2348Ethernet Switch Series Action Configure events used in the remote monitoring system. . .65535)..30) characters user_name: (1.event index. Configure alarm event trigger criteria.127) characters desc_text: (0.mib_object_id . log . log-trap). revent: (1. -name .interval .alarm event index.fthreshold . -com_text . fevent: (0. Show SNMP groups. Global configuration mode commands Command Value/Default value rmon event indextype [community com_text][descriptiondesc_text][ownername] index: (1..65535). Information collected by the agent is transmitted to the network management application. ....SNMP community string for trap transmission. .falling threshold. Privileged EXEC mode commands Command show snmp show snmp engineID show snmp views [view_name] show snmp groups[group_name] show snmp filters[filter_name] show snmp users[user_name] Value/Default value view_name: (1.. 5. Show the local SNMP device identifier engineID.2147483647) seconds rthreshold: (0.type .2147483647)... log-trap .117. MES5324.method for selecting variables and calculating values to be compared with the thresholds: absolute . . Show SNMP View rules. rising-falling)/risingfalling.event creator name..event index that is used for crossing the rising threshold.65535).6 Remote network monitoring protocol (RMON) Network monitoring protocol (RMON) is the extension of the SNMP that provides better network traffic management capabilities. MES3324. type: (none.fevent . trap .revent . delta)/absolute. Show SNMP users.rthreshold . Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5. . com_text: (0. . Show SNMP filters..30) characters group_name: (1. trap. . Remove an event used in the remote monitoring system.65535).time period when data is collected and compared to the rising and falling thresholds.

generate a single alarm event for the rising and/or falling threshold if the selected variable value in the first control interval is above or equal to the rising threshold/below or equal to the falling threshold. MES3324.rising . MES2324.name .32767)/100 no rmon table-size {history|log} variable will be compared to the threshold at the end point of the control interval..history .index of the required statistics group. A new value will take effect after the switch is restarted. .119.maximum number of rows in the entry table.index .alarm event creator name. interval: (1.startup . .. EXEC mode commands Command line prompt in the EXEC mode is as follows: console> MES5324. . . .. . .160) characters bucket-num: (1. Remove an alarm event trigger criterion. Ethernet interface and interface group configuration mode commands Command rmon collection stats index [owner name] [buckets bucket_num] [interval interval] no rmon collection stats index Value Action index: (1.65535). log_entries: (20.event generation instruction in the first control interval.generate a single alarm event for the falling threshold if the selected variable value in the first control interval is below or equal to this threshold.statistics group owner.3600)/1800 seconds Enable history by statistics groups for the remote monitoring database (MIB)..50)/50. Specify the maximum size for RMON tables. delta .name: string no rmon alarm index rmon table-size {historyhist_entries|loglog_entries} hist_entries: (20.falling .owner .interval . name: (0. .bucket_num .log ..value associated with the number of cells for statistics group history collection. .. Set the default value. Specify alarm event generation rules for the first control interval by comparing the selected variable with one or both thresholds: .the value of the variable selected in the last selection will be deducted from the current value and the difference will be compared to the thresholds (the difference between the variable values at the start and end points of the control interval).polling interval for history collection.generate a single alarm event for the rising threshold if the selected variable value in the first control interval is above or equal to this threshold. MES2348Ethernet Switch Series 126 . .32767)/270. Ethernet or port group interface (interface range) configuration mode commands Command line prompt in the Ethernet or port group interface configuration mode is as follows: console(config-if)# Table 5.maximum number of rows in the history table.rising-falling . Disable history by statistics groups for the remote monitoring database (MIB).

8/0/1. with a length of 64 to 1518 bytes inclusively.event index. gi_port: (1.show history for the requested time period..65535) Show information on the requested statistics groups.. MES2324.errors . broadcast.8/0/1. .requested statistics group. . and multicast packets)..2147483647) seconds show rmon alarm-table show rmon alarm index index: (1. Show RMON Ethernet statistics history. Examples of command usage  Show statistics of the 10th Ethernet interface: сonsole# show rmon statistics tengigabitethernet 1/0/10 Port te0/10 Dropped: 8 Octets: 878128 Packets: 978 Broadcast: 7 Multicast: 1 CRC Align Errors: 0 Collisions: 0 Undersize Pkts: 0 Oversize Pkts: 0 Fragments: 0 Jabbers: 0 64 Octets: 98 65 to 127 Octets: 0 128 to 255 Octets: 0 256 to 511 Octets: 0 512 to 1023 Octets: 491 1024 to 1518 Octets: 389 Table 5. but with checksum bits). fo_port: (1. ...120.period .show performance (bandwidth) counters. . .8/0/1.Table 5.throughput .4).. Broadcast The number of broadcast packets received (valid packets only).8) index: (1.index .alarm event index. Show the RMON remote monitoring entry table. that have invalid checksum with an integer number of bytes (frame check sequence validation errors. Show the configuration for alarm events..24)..index. EXEC mode commands Command Value show rmon statistics{gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group} show rmon collection stats [gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group] show rmon history index {throughput | errors | other} [period period] Action Show the statistics for the Ethernet or port group interface used for remote monitoring..65535) show rmon events show rmon log[index] index: (0. Show the RMON remote monitoring event table. Show the summary table for alarm events. . MES5324. -index .65535). group: (1. Result description Parameter Description Dropped The number of detected events when packets were dropped. MES3324. te_port: (1.other . period: (1. FCS) or with a non-integer number of bytes (alignment errors). Collisions The estimated number of collisions for this Ethernet segment.48). MES2348Ethernet Switch Series 127 . Packets The number of packets received (including bad.121. Multicast The number of multicast packets received (valid packets only).show break and collision counters.show error counters. Octets The number of data bytes (including bad packet bytes) received from the network (w/o frame bits.. CRC Align Errors The number of packets received..

----------------. but with checksum bits). but with checksum bits).-------. with a length of 128 to 255 bytes inclusively (w/o frame bits. but with checksum bits).  Show bandwidth counters for statistics group 1: console# show rmon history1 throughput Sample set: 1 Owner: MES Interface: gi0/1 Interval: 1800 Requested samples: 50 Granted samples: 50 Maximum table size: 100 Time Octets Packets MES5324. MES2324. 128 to 255 Octets The number of packets received (including bad packets). with a length of 1024 to 1518 bytes inclusively (w/o frame bits. that have invalid checksum with an integer number of bytes (frame check sequence validation errors. Oversize Pkts The number of packets received. 65 to 127 Octets The number of packets received (including bad packets). with a length of 256 to 511 bytes inclusively (w/o frame bits. but with checksum bits). Result description Parameter Description Index Index that uniquely identifies the entry. with a length of more than 1518 bytes (w/o frame bits. MES2348Ethernet Switch Series Broadcast Multicast % 128 . but with checksum bits). 64 Octet The number of packets received (including bad packets). MES3324. FCS) or with a non-integer number of bytes (alignment errors).--------------.------------------1 te0/8 300 50 50 Eltex Table 5. with a length of 65 to 127 bytes inclusively (w/o frame bits. with a length of more than 1518 bytes (w/o frame bits.122.  Show information on the statistics group for port 8: сonsole# show rmon collection stats tengigabitethernet 1/0/8 Index Interface Interval Requested Samples Granted Samples Owner ----. but with checksum bits). Interface Ethernet interface where the poll is performed. but formed correctly in other respects. Owner Entry owner. with a length of less than 64 bytes (w/o frame bits. with a length of 512 to 1023 bytes inclusively (w/o frame bits. Interval Time interval in seconds between the polls. Jabbers The number of packets received. with 64-byte length (w/o frame bits. but with checksum bits). but with checksum bits). Fragments The number of packets received. but formed correctly in other respects. 256 to 511 Octets The number of packets received (including bad packets).Undersize Pkts The number of packets received. Requested Samples Requested number of counts that can be saved. with a length of less than 64 bytes (w/o frame bits. that have invalid checksum with an integer number of bytes (frame check sequence validation errors. but with checksum bits). Granted Samples Allowed (remaining) number of counts that can be saved. but with checksum bits).--------. 512 to 1023 Octets The number of packets received (including bad packets). FCS) or with a non-integer number of bytes (alignment errors). 1024 to 1518 Octets The number of packets received (including bad packets).

but formed correctly in other respects. Packets The number of packets received (including bad packets) during the entry generation period. Undersize Pkts The number of packets received during the entry generation period.3.1. with a length of less than 64 bytes (w/o frame bits.2. FCS) or with a non-integer number of bytes (alignment errors). CRC Align The number of packets received during the entry generation period. MES3324. Dropped The number of detected events when the packets were dropped during the entry generation period. but with checksum bits). forwarded to broadcast addresses. with a length of more than 1518 bytes (w/o frame bits.1.Nov 10 2009 18:38:00 204595549 278562 2893 675218.1.2.2. FCS) or with a non-integer number of bytes (alignment errors). Collisions The estimated number of collisions for this Ethernet segment during the entry generation period. but with checksum bits). FCS) or with a non-integer number of bytes (alignment errors). with a length of less than 64 bytes (w/o frame bits.6.1.-------------------------1 1. that have invalid checksum with an integer number of bytes (frame check sequence validation errors.3. Broadcast The number of good packets received during the entry generation period.6. Oversize Pkts The number of packets received during the entry generation period.67% Table 5. but with checksum bits).123. Bandwidth is estimated up to a thousandth of one percent. but with checksum bits). MES2324. Multicast The number of good packets received during the entry generation period. that have invalid frame check sequence with an integer number of bytes (frame check sequence errors. with a length of 64 to 1518 bytes inclusively. with a length of more than 1518 bytes (w/o frame bits.1 2 1. but formed correctly in other respects.2. Jabbers The number of packets received the entry generation period.  Show the alarm signal summary table: console# show rmon alarm-table Index OID ----. Result description Parameter Description Time Entry creation date and time.10.1.1 Owner ------CLI Manager MES5324. that have invalid checksum with an integer number of bytes (frame check sequence validation errors. forwarded to multicast addresses. Octets The number of data bytes (including bad packet bytes) received from the network (w/o frame bits.2.10. but with checksum bits).2. Utilization An estimated average bandwidth of the physical layer for this interface during the entry generation period. Fragments The number of packets received the entry generation period.1. MES2348Ethernet Switch Series 129 .

if the method is delta.the value of the variable selected in the last selection will be deducted from the current value and the difference will be compared to the thresholds (the difference between the variable values at the start and end points of the control interval). Falling Threshold Falling threshold value.10. MES5324. delta .3.6. When the selected variable value is less than the threshold in the previous control interval and is greater or equal to threshold value in the current control interval.1.1. MES2324. Last Sample Value The value of the variable in the last control interval.2.generate a single alarm event for the falling threshold if the selected variable value in the first control interval is below or equal to this threshold.1. rising-falling . When the selected variable value is greater than the threshold in the previous control interval and is less or equal to threshold value in the current control interval. Specify alarm event generation rules for the first control interval by comparing the selected variable with one or both thresholds.125. Startup Alarm Event generation instruction in the first control interval. Controlled variable OID User that created the entry. absolute .124.1 Last sample Value: 878128 Interval: 30 Sample Type: delta Startup Alarm: rising Rising Threshold: 8700000 Falling Threshold: 78 Rising Event: 1 Falling Event: 1 Owner: CLI Table 5.Table 5.  Show alarm events configuration with index 1: console# show rmon alarm 1 Alarm 1 ------OID: 1. MES2348Ethernet Switch Series 130 . If the default variable selection method is absolute.generate a single alarm event for the rising and/or falling threshold if the selected variable value in the first control interval is above or equal to the rising threshold/below or equal to the falling threshold. the value is equal to the absolute value of the variable. a single event is generated.2. rising .the absolute value of the selected variable will be compared to the threshold at the end point of the control interval. falling . Interval Time interval in seconds when data is collected and compared to upper and lower thresholds. Result description Parameter Index OID Owner Description Index that uniquely identifies the entry. a single event is generated.generate a single alarm event for the rising threshold if the selected variable value in the first control interval is above or equal to this threshold.2. Result description Parameter Description OID Controlled variable OID. it will be the difference between the variable values at the start point and end point of the control interval. Sample Type The method for selecting variables and calculating values to be compared with the thresholds. MES3324. Rising Threshold Rising threshold value.

Description Comment that describes the event. Falling Event Event index used when the falling threshold is crossed. Result description Parameter Description Index Index that uniquely identifies the event. console# show rmon log Maximum table size: 100 Event Description --------------1 Errors Time -------------------Nov 10 2009 18:48:33 Table 5.  Show the RMON remote monitoring event table. If no events has been generated. This is achieved by creating access control lists (ACL). trap . Global configuration mode commands Command line prompt in the global configuration mode is as follows: MES5324. Time Event creation time.7 ACL access lists for device management Switch firmware allows enabling and disabling access to device management via specific ports or VLAN groups. MES2348Ethernet Switch Series 131 .---------Errors Log High Broadcast Log-Trap router Owner Last time sent -------------------------CLINov 10 2009 18:47:17 Manager Nov 10 2009 18:48:48 Table 5. Type The type of notification generated by the device for this event: none .create table entry and send an SNMP trap. Result description Parameter Description Index Index that uniquely identifies the entry. Description Comment that describes the event.create a table entry. MES2324. log . Show the RMON remote monitoring entry table.19. Owner User that created the event. log-trap . 5. Community SNMP community string for trap transmission. MES3324. this value will be equal to zero.127.Rising Event Event index used when the rising threshold is crossed. сonsole# show rmon events Index ----1 2 Description Type Community -------------------.do not create a notification. Owner User that created the entry.126. Last time sent Time and date of the last event generation.send an SNMP trap.

32) characters no management access­class Action Create an access control list. Remove a device management restriction defined by a specific access list. Remove an access control list.8/0/1.. service access type.4). http.4094 ) service: (telnet..service access type..4). Access control list configuration mode commands Command Value Action permit[gigabitethernet gi_port|tengigabitethernette_port|fortygigabitethernet fo_port |portchannelgroup | oob | vlan vlan_id] [service service] gi_port: (1... fo_port: (1.130. https.console-only . te_port: (1.. ssh).48). https..128.24)..24). vlan_id(1. MES3324. ssh) gi_port: (1. http. MES2324. vlan_id: (1. .. te_port: (1.8/0/1.129.. Privileged EXEC mode commands Command line prompt in the Privileged EXEC mode is as follows: console# Table 5.. Activate a specific access list. Privileged EXEC mode commands Command show management access-list Value/Default value name: (1. Global configuration mode commands Command management accesslistname no management accesslistname management access-class {console-only|name} Value name: (1.. Enter the access control list configuration mode.32) characters Action Show access control lists..8/0/1..console(config)# Table 5.. group: (1. . Access control list configuration mode commands Command line prompt in the access control list configuration mode is as follows: console(config)# management access-listeltex_manag console (config-macl)# Table 5. MES2348Ethernet Switch Series 132 . Restrict device management by a specific access list.8).8/0/1. fo_port: (1. Define the ‘permit’ condition for the access control list. snmp. snmp... group: (1.8/0/1. service: (telnet.8/0/1.device management is available via the console only. permitip-source{ipv4_address|ipv6_address/prefix_length}[mask{mask | prefix_length}][gigabitethernetgi_port|tengigabitethernette_port|fortygigabitethernetfo_port |port-channelgroup | oob | vlan vlan_id][service service] deny[gigabitethernet gi_port |tengigabitethernette_port|fortygigabitethernetfo_port |portchannelgroup| oob | vlan vlan_id][service service] denyip-source{ipv4_address |ipv6_address/prefix_length} [mask{mask | prefix_length}] [gigabitethernetgi_port|tengigabitethernette_port|fortygigabitethernetfo_port|portchannelgroup | oob | vlan vlan_id] [service service] Specify a restricting criterion for an ACL. MES5324.32) characters name: (1..4094)..8).48).

and private-key pair for SSH service. MES2324.24).. If one of the keys has been already created.131. group: (1. Enable password authentication mode.65535)/22 gi_port: (1. Set the interface for SSH session using IPv6.8/0/1. By default. te_port: (1.8/0/1. SSH server is enabled by default.16). Disable the use of a public key for incoming SSH sessions.8). HTTP and FTP These commands are used to configure access servers that manage switches. Global configuration mode commands Command ip telnet server no ip telnet server ip ssh server Value/Default value Action Telnet server is enabled by default.4094) Delete the interface.1 Telnet. vlan_id: (1. Disable password authentication mode.. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5. 5. Disable remote device configuration via SSH.19. no ip ssh server ip ssh portport_number no ip ssh port ipv6 ssh-client source­interface {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group | loopback | tunnel tun_id | vlan vlan_id} no ipv6 ssh-client source­interface ip ssh pubkey-auth no ip ssh pubkey-auth ip ssh password-auth no ip ssh password-auth crypto key pubkey-chain ssh port-number (1. After the key has been generated (by the “crypto key generate rsa” and “crypto key generate dsa” commands). the server will return to the operation mode.8. MES3324.. the system will prompt to overwrite it.48).. tun_id: (1.and private-key pair for SSH service. the system will prompt to overwrite it.8 Access configuration 5. public key is not allowed. Enable remote device configuration via SSH. If one of the keys has been already created. Set the default value. Disable remote device configuration via Telnet. Generate a DSA public.. MES2348Ethernet Switch Series 133 . Disabled by default By default..4). Generate an RSA public.[name] show management access-class - Show information on the active access control lists. TELNET and SSH support allows remote connection to the switch for monitoring and configuration purposes.... Enable remote device configuration via Telnet.8/0/1.19. fo_port: (1. crypto key generate dsa crypto key generate rsa crypto key import dsa crypto key import rsa - Enable the use of a public key for incoming SSH sessions. SSH server will be kept in stand-by condition until the encryption key is generated. Enter the public key configuration mode.. TCP port used by the SSH server. SSH. Import a DSA key pair Import an RSA key pair MES5324. the key is not created.

Public key configuration mode commands Command Value user-keyusername {rsa | dsa} username: (1. The keys generated by the “crypto key generate rsa” and “crypto key generate dsa” commands are saved in the secure configuration file.key part.133.132.key fingerprint in hex format.key_string .bubble-babble . Command line prompt in the EXEC mode is as follows: console# Table 5. MES2324. MES2348Ethernet Switch Series Action Show SSH server configuration and active incoming SSH sessions.username . Remove the public key for a specific user. key fingerprint is in hex format. Show public SSH keys saved on the switch. 134 .48) characters no user-keyusername Action Enter the individual public key generation mode. EXEC mode commands Command show ip ssh show crypto key pubkey­chain ssh [usernameusername][fingerprint{bubble­babble|hex}] Value/Default value username: (1. key-string key-string row key_string - EXEC mode commands Commands from this section are available to the privileged users only.hex . . . MES3324. type the “key-string row” command without any characters.132. The key is entered line by line.. Public key configuration mode commands Command line prompt in the public key configuration mode is as follows: console# configure console(config)# crypto key pubkey-chain ssh console(config-pubkey-chain)# Table 5.key fingerprint in Bubble Babble code. Individual public key generation mode commands Command Value Action - Create the public key for a specific user. Create the public key for a specific user.generate an RSA key..dsa .generate a DSA key.crypto certificate {1 | 2} generate - Generate an SSL certificate.rsa . .48) characters By default. To notify the system that the key is entered. .remote client name. MES5324. . . Command line prompt in the individual public key generation mode is as follows: console# configure console(config)# crypto key pubkey-chain ssh console(config-pubkey-chain)# user-key eltex rsa console(config-pubkey-key)# Table 5.

Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5. 115200)/115200 baud Specify the local console access rate (the command is available only in local console configuration mode). Terminal configuration mode commands Command line prompt in the terminal configuration mode is as follows: console# configure console(config)# line {console|telnet|ssh} console(config-line)# Table 5. Enable the use of public keys. MES2348Ethernet Switch Series 135 .19.59)/0 seconds.. remote console. 57600.. Terminal configuration mode commands Command speedbps no speed autobaud Value/Default value Action bps: (2400. 19200. Enable automatic configuration of the local console access rate (the command is available only in local console configuration mode). MES5324. MES2324. seconds: (0. Create an RSA key for the eltex user: console# configure console(config)# ip ssh server console(config)# ip ssh pubkey-auth console(config)# crypto key pubkey-chain ssh console(config-pubkey-chain)# user-key eltex rsa console(config-pubkey-key)# key-string AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWlAl4kpqIw9GBRonZQZxjHKcqKL6rMlQ+ZNXf ZSkvHG+QusIZ/76ILmFT34v7u7ChFAE+Vu4GRfpSwoQUvV35LqJJk67IOU/zfwOl1gkTwml75Q R9gHujS6KwGN2QWXgh3ub8gDjTSqmuSn/Wd05iDX2IExQWu08licglk02LYciz+Z4TrEU/9FJx wPiVQOjc+KBXuR0juNg5nFYsY0ZCk0N/W9a/tnkm1shRE7Di71+w3fNiOA6w9o44t6+AINEICB CCA4YcF6zMzaT1wefWwX6f+Rmt5nhhqdAtN/4oJfce166DqVX1gWmNzNR4DYDvSzg0lDnwCAC8 Qh Fingerprint: a4:16:46:23:5a:8d:1d:b5:37:59:eb:44:13:b9:33:e9 5.show crypto key mypubkey [rsa|dsa] show crypto certificate [1 | 2] - Show public SSH keys of the switch. MES3324. -/enabled no autobaud exectimeoutminutes[seconds] minutes:(0.8. If the user doesn't input anything during this interval. Disable automatic configuration of the local console access rate.134. Specify the interval the system waits for user input. the console exits. Telnet or secure remote console. SSH).65535)/10 min. Examples of command usage Enable SSH server on the switch.2 Terminal configuration commands Terminal configuration commands are used for the local and remote console configuration. 9600. 38400. Set the default value.135. Global configuration mode commands Command line {console | telnet | ssh} Value/Default value Action - Enter the mode of the corresponding terminal (local console. Show SSL certificates for the HTTPS server.

EXEC mode commands Command show line[console |telnet |ssh] Value/Default value - Action Show the terminal parameters. EXEC mode commands Command line prompt in the EXEC mode is as follows: console# Table 5.136. MES2348Ethernet Switch Series 136 . MES3324. MES2324. MES5324.no exec-timeout Set the default value.

facility .importance level for messages sent to a SYSLOG server..registration of messages related to file copy operations. level: (see Table 6. . Store authentication. . . Enable file system events registration.132.. . Enable transmission of alarm and debug messages with the selected importance level to the log file.IPv4 or IPv6 address of the SYSLOG server. New buffer size value will take effect after the device is restarted. . Enable transmission of alarm and debug messages with the selected importance level to the internal buffer.132. Seven types of events are logged: emergencies. Disable syslog message aggregation.20 Alarm log.1000)/200 no logging buffered size logging file [level] no logging file level: (seeTable 5. -/registration is enabled host: (1.registration of messages related to file delete and rename operations. -ip_address .copy .131.text . MES2348Ethernet Switch Series 137 . .the service transmitted in messages.137.level .SYSLOG server network name.delete-rename . debug and error messages will be output in the console. Disable transmission of alarm and debug messages to the internal buffer. Disable transmission of alarm and debug messages to the console. Enable transmission of alarm and debug messages with the selected importance level to the console. Public key configuration mode commands)/informational logging buffered size size size: (20.SYSLOG server description. authorization and accounting (AAA) events in the log. alerts.host . Disable transmission of alarm and debug messages to the log file. notifications. facility: (local0. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5. Do not store authentication. MES5324.port number for sending messages via SYSLOG. critical and non-critical errors. Set the default value. MES2324.port . SYSLOG protocol System logs are used to record device event history and manage events in real time. authorization and accounting (AAA) events in the log.. Enable alarm and debug message transmission to a remote SYSLOG server. MES3324. Global configuration mode commands Command Value/Default value logging on no logging on logging host {ip_address | host} [port port] [severity level] [facility facility] [description text] no logging host {ip_address | host} logging console [level] no logging console logging buffered [severity_level] no logging buffered Enable debug and error message registration. no file-system logging {copy | delete-rename} logging aggregation on no logging aggregation on Action Disable debug and error message registration When registration is disabled.5. Public key configuration mode commands)/informational severity_level: (see Table 5.101)..7)/local7 text: (1. informational and debug messages. Change the number of messages stored in the internal buffer. -/disabled Enable syslog message aggregation control.158) characters port: (1.65535)/514. Global configuration mode commands)/errors aaa logging login no aaa logging login -/enabled file-system logging {copy | delete-rename} Registration is enabled by default. warnings. Remove the selected server from the list of SYSLOG servers.64) characters level: (see Table 5.. Disable file system events registration. .

Message importance type Message importance type Description Emergencies A critical error has occurred in the system.139. Notifications System notifications. Informational Information messages of the system. MES2348Ethernet Switch Series 138 . MES3324. Each message has its own importance level.logging aggregation agingtime sec no logging aggregation aging-time Specify grouped syslog message lifetime. alert and debug messages stored in the internal buffer. Log view command in the Privileged EXEC mode Value/Default value Action clear logging clear logging file show logging file show logging Command - show syslog-servers - Delete all messages from the internal buffer. Privileged EXEC mode commands Command line prompt in the Privileged EXEC mode is as follows: console# Table 5. sec: (15.101 lists message types in descending order of importance level. Table 5. Debugging Debug messages provide information for correct system configuration. Table 6.138. alert and debug messages stored in the log file. Warnings A warning.. the system may not operate properly. non-emergency message. MES2324. Alerts Immediate action is required. Delete all messages from the log file. non-emergency message. Errors An error has occurred in the system. Show log state. Critical A critical error has occurred in the system. Show remote syslog server settings. - Example use of commands  Enable error message registration in the console: console# configure console (config)# logging on console (config)# logging consoleerrors  Clear the log file: console# clear loggingfile Clear Logging File [y/n]y MES5324.3600)/300 seconds Set the default value. Show log state.

. MES2348Ethernet Switch Series Action Enable monitoring function on the interface. group: (1. This interface will be the controlling port for the monitored port specified in the command. fo_port: (1. Table 5. te_port: (1. the Return the default value...48)..8) MES5324. fo_port – 139 .8/0/1.network . MES3324. priority: (0. MES2324. – – – – The controlling port has the following restrictions: The port cannot act as a monitored and controlling port at the same time.8/0/1. vlan_id: (1.allow exchange of data.141..4).21 Port mirroring (monitoring) Port mirroring function is used for network traffic management by forwarding copies of ingress and/or egress packets from the single or multiple monitored ports to the controlling port. te_port. Global configuration mode commands Command Value/Default value port monitor mode {monitor-only | network} -/monitor-only no port monitor mode port monitor remote vlan vlan_id [cos priority] [tx | rx] no port monitor remote vlan vlan_id Action Specify port operation mode ..ingress frames on port are dropped. – Monitored ports have the following restrictions: The port cannot act as a monitored and controlling port at the same time... There should be no IP interface set for this port.8/0/1. Remove the VLAN for remote monitoring.4094). Ethernet interface configuration mode commands Command line prompt in the Ethernet interface configuration mode is as follows: console(config-if)# These commands cannot be executed in Ethernet interface range configuration mode. gi_port. Commands available in the Ethernet interface configuration mode Command Value/Defaul t value port monitor {remote|gigabitethernetgi_port|tengigabitethernette_port|fortygigabitethernet fo_port | vlan vlan_id} [rx | tx] gi_port: (1.140.24).5.. GVRP must be disabled for this port. The port cannot belong to a port group.7)/0 Identification of the VLAN for remote monitoring to which the packets from monitored interfaces will be mirrored.monitor-only . Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5. .

TX notReady Disabled MES5324.-------te1/0/18 te1/0/13 RX.copy packets received by the monitored port . user priority 0 TX: VLAN 5. Monitoring function can be configured on two ports simultaneously . .copy packets sent by the monitored port When the rx/tx parameter is not specifie d. Examples of command usage  Specify Ethernet interface 13 as the controlling interface for Ethernet interface 18. EXEC mode commands Command Value/Default value show ports monitor - Action Show information on monitored and controlling ports. Disable monitoring function on the interface. all packets will be copied from the monitored port. console# configure console(config)# interface tengigabitethernet1/0/13 console(config-if)# port monitortengigabitethernet1/0/18  Show information about monitored and controlling ports.------.142.---------------. user priority 0 Source Port Destination Port Type Status RSPAN ----------. no port monitor {remote|gigabitethernetgi_port|tengigabitethernette_port|fortygigabitethernetfo_port |vlan vlan_id} EXEC mode commands Command line prompt in the EXEC mode is as follows: console> Table 5.controlled port. Transfer all traffic from interface 18 to interface 13. MES2324. MES3324.rx . MES2348Ethernet Switch Series 140 .tx . console# show ports monitor Port monitor mode: monitor-only RSPAN configuration RX: VLAN 5.---------.

48).rate .5..byte .256)/128 bytes no sflow flow-sampling sflow counters-sampling sec id sec: (15.. .ipv4_address.id . Delete sflow statistics server address. Specify the maximum interval between successful packet samples.id . .143. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5. MES2324. id: (0. bytes:(20.port number.4).8/0/1.24). Total sampling rate is calculated as 1/rate*current_speed. Global configuration mode commands Command Value/Default value Action sflow receiverid{ipv4_address | ipv6_address | ipv6z_address | url} [portport][max-datagramsizebyte] id: (1. byte:positive integer value/1400 ipv4_address format: A. group: (1.url .sflow server number.maximum quantity of bytes that will be copied from a packet sample.. Ethernet interface configuration mode commands Command Value/Default value sflow flow-sampling rate id [max-header-size bytes] rate: (1024.. ipv6z_address format: X:X:X:X::X%<ID>. . Disable sample counter for the port. .158) characters Specify sflow statistics server address.sec . ipv6_address.8). . fo_port: (1....B.host domain name. url: (1. .. vlan_id: (1. seconds.port . 5535)/6343.bytes .C.8). . .22 sFlow function sFlow is a technology that allows monitoring of traffic in packet data networks by partially sampling traffic for the subsequent encapsulation into special messages and sending them to the statistics server..107374823)..8) no sflow counters- Action Specify the average packet sampling rate. ipv6z_address – IP-address. port: (1.the number of sflow server (set by the sflow receiver command in the global configuration mode).. te_port: (1. MES2348Ethernet Switch Series 141 .86400) seconds.. MES5324.average packet sampling rate.sflow server number. MES3324. Disable sample counter for the port.maximum sampling interval..4094) gi_port: (1.. no sflow receiverid sflow receiver{source­interface|sour ce­interfaceipv6}{gigabitethernetgi_port|t engigabitethernette_port|fort ygigabitethernet fo_port |portchannelgroup | loopback | tunneltun_id | vlan vlan_id| oob} no sflow receiver source­interface Specify a device interface whose IP address will be used as the default source address for statistics collection.8/0/1. .. id: (0..8) Delete the explicitly specified interface whose address is used to send sflow statistics Ethernet interface configuration mode commands Command line prompt in the Ethernet interface configuration mode is as follows: console# configure console(config)# interface{gigabitethernetgi_port |tengigabitethernette_port |fortygigabitethernetfo_port} console(config-if)# Table 5.8/0/1.id .D ipv6_address format: X:X:X:X::X. .144.maximum quantity of bytes that can be sent in a single data packet.

show sflow statistics [gigabitethernetgi_port|tengigabitethernette_port|fortygigabitethernetfo_port] Examples of command usage  Assign the IP address 10. You can test the following parameters: For electrical interfaces: cable length distance to the fault^ break or short-circuit For 1G and 10G optical interfaces: power supply parameters (voltage and current) output optical power receiving optical power.145.8/0/1...1 of server 1 to collect sflow statistics.4) Show sflow settings. Clear sFlow statistics.sampling EXEC mode commands Command line prompt in the EXEC mode is as follows: console> Table 5.8/0/1. 5.48).1 console(config)# interface range tengigabitethernet 1/0/1-24 console(config-if-range)# sflow flowing-sample 1 10240 console (config-if)# sflow counters-sampling 240 1 5. the command will clear all sFlow statistics counters. console# configure console(config)# sflow receiver 1 10.23.23 Physical layer diagnostics functions Network switches are equipped with the hardware and software tools for diagnostics of physical interfaces and communication lines. MES2324. MES2348Ethernet Switch Series 142 .80. te_port: (1.. EXEC mode commands Command show sflow configuration [gigabitethernetgi_port|tengigabitethernette_port|fortygigabitethernetfo_port] clear sflow statistics [gigabitethernetgi_port|tengigabitethernette_port|fortygigabitethernetfo_port] Value/Default value Action gi_port: (1..8/0/1..0. Show sFlow statistics.24). If the interface is not specified. Set the average packet sampling rate to 10240 kbps and the maximum interval between successful sampling to 240 seconds for the interfaces te1/0/1-te1/0/24. MES3324.1 Copper-wire cable diagnostics Privileged EXEC mode commands Command line prompt in the Privileged EXEC mode is as follows: console> MES5324.0.. fo_port: (1.80.

..147.148. If the parameters fall outside of the allowable limits.8/0/1. fo_port: (1.8/0/1.4).....8/0/1.48).. The switch periodically polls optical interface parameters and compares them to the threshold values defined by the transceiver manufacturer.. te_port: (1.48).8/0/1.. MES3324.8/0/1. fo_port: (1. MES2324. MES2348Ethernet Switch Series 143 .. Copper-wire cable diagnostics commands Command Value show cable-diagnostics tdr [interface {gigabitethernet gi_port|tengigabite thernette_port|fortygigabitethernet fo_port}] gi_port: (1. EXEC mode commands Command line prompt in the EXEC mode is as follows: console> Table 5. MES5324..8/0/1. the switch will generate warning and alarm messages. Show optical transceiver diagnostics results. Examples of command usage:  Test gi1/0/1 port: console# test cable-diagnostics tdr interface gigabitethernet 1/0/1 5324#test cable-diagnostics tdr interface gi0/1 .24).. You can set up automatic monitoring of communication line condition.8/0/1. te_port: (1... fo_port: (1. Cable on port gi1/0/1 is good 5.8/0/1. Copper-wire cable diagnostics commands Command Value Action test cable-diagnostics tdr interface {gigabitethernet gi_port|tengigabitethernette_port |fortygigabitethernetfo_port} gi_port: (1.Table 5. Action Shows the results of the last virtual cable testing for a specific interface...23. Perform virtual cable testing for the selected interface. Optical transceiver diagnostics command Command Value Action show fiber-ports optical­transceiver [interface {gigabitethernetgi_port|tengigabitethernet te_port |fortygigabitethernet fo_port}] gi_port: (1.4).8/0/1.48).. te_port: (1.4).146.. Command line prompt in the EXEC mode is as follows: console> Table 5.24).2 Optical transceiver diagnostics Diagnostics allows the user to estimate the current condition of the optical transceiver and optical communication line.24)..

0 33. MES2324.Measured TX bias current Output Power . LOS Loss of signal.-----.Not Available. Current Transmission current deviation.------.Not Supported.Measured TX output power in milliWatts Input Power .72 No Temp . Regular diagnostics compares measured values of these parameters with the allowed values and outputs the results on the display (W. W – warning.------.Warning. N/S . W . E.Internally measured supply voltage Current . Detailed diagnostics outputs measured values for Temp. Diagnostics and parameter comparison results: N/A – not available.value is good MES5324. OK).error OK .Examples of command usage: sw1# show fiber-ports optical-transceiver interfaceFortygigabitEthernet 0/1 Port Temp [C] Voltage Current Output [Volt] [mA] Power [mWatt] ----------. Current. MES2348Ethernet Switch Series 144 . N/S – not supported. Voltage Transceiver power voltage. E – Error Table 5.149. Input Power Input receiver power (mW). E. Output Power Output transmission power (mW). Optical transceiver diagnostics parameters Parameter Value Temp Transceiver temperature. MES3324. Power parameters on the display.------fo1/0/1 0 0.--1.Measured RX received power in milliWatts LOS .41 N/S Input LOS Power [mWatt] ------.Loss of signal N/A .Internally measured transceiver temperature Voltage . Voltage.

150. The Locked Port security function saves the list of learned MAC addresses into the configuration file. Ethernet or port group interface (interface range) configuration mode commands Command line prompt in the Ethernet or port group interface configuration mode is as follows: console(config-if)# Table 5. or the port goes down. H:H:H:H:H:H.packets with unknown source MAC addresses will be forwarded.H. no port security routed secure-address mac_address MAC address format: H. Learning of the maximum number of addresses for the port is enabled.freq . .24 Security functions 5. The port security function is based on identification of the MAC address permitted to access the switch. Block new address learning feature for the interface. This command is similar to the port security discard command. MES2348Ethernet Switch Series 145 . .packets with unknown source MAC addresses will be dropped.1000000) seconds Specify the SNMP trap message generation frequency when unauthorized packets arrive. Thus. Block new address learning feature for the interface. protection mechanism will be activated to perform one of the following actions: unauthorized ingress packets on the blocked port will be forwarded.5. MES3324. no port security max Set the default value.H. block the port and protect it from packets with unknown MAC addresses. MES2324. so this list is restored after the device is restarted. dropped.max-addresses .remove the current dynamically learned addresses associated with this interface.discard-shutdown . HHHHHH port security{forward | discard | discard­shutdown} [trapfreq] port securitytrapfreq port security mode{max­addresses | lock} Remove the protected MAC address. Repeated learning and ageing is enabled.discard . port security max num num: (1.. MAC addresses can be configured manually or learned by the switch. -/lock Enable the MAC address learning restriction mode on the interface. Ethernet interface and interface group configuration mode commands Command Value/Default value port security -/disabled no port security Action Enable the security feature for the interface. MES5324.forward .1000000) seconds Enable the security feature for the interface. port security routed secure-address mac_address Specify the protected MAC address. .. freq: (1.256)/1 Specify the maximum number of addresses that can be learned by the port.the SNMP trap messages generation frequency when receiving unauthorized packets. freq: (1. .1 Port security functions For improved security. when the blocked port receives a packet and the packet's source MAC address is not associated with this port. . the switch allows the user to configure specific ports in such a manner that only specific devices can access the switch through this port..packets with unknown source MAC addresses will be dropped and the port disabled. After the required addresses are learned.24. Packets with unknown source MAC addresses will be dropped. Disable security functions on the interface. There is a restriction on the number of learned MAC addresses for the port protected by the security function.

fo_port: (1.8/0/1...lock .8/0/1. Set a restriction for learning addresses to 1 address.4).8/0/1.save the current dynamically learned addresses associated with the interface into a file and deny new address learning and ageing of already learned addresses.8/0/1.4).8) Show security function settings for the selected interface..48).24).8/0/1.. group: (1. group: (1. show ports security addresses {gigabitethernetgi_port|tengigabitethernette_port|fortygigabitethernetfo_port | port-channelgroup | detailed} set interface active {gigabitethernetgi_port|tengigabitethernette_port|fortygigabitethernetfo_port | port-channelgroup} gi_port: (1.48). MES2324. block the new address learning feature for the interface and drop packets with unknown source MAC address. Save learned address to a file.. MES3324. fo_port: (1...8) gi_port: (1.24).151. EXEC mode commands Command line prompt in the EXEC mode is as follows: console> Table 5. te_port: (1.....8/0/1. Examples of command usage  Enable the security feature for Ethernet interface 15.. fo_port: (1... no port security mode Set the default value..8/0/1. te_port: (1.... group: (1.48). Activate the interface disabled by the port security function (this command is available to privileged users only)....24). EXEC mode commands Command Value Action show ports security {gigabitethernetgi_port|tengigabitethernette_port|fortygigabitethernet fo_port | port-channelgroup|detailed} gi_port: (1.8/0/1.8) Show current dynamic addresses for the blocked ports. After the MAC address is learned. console(config-if)# port securitydiscard console(config-if)# port security mode lock MES5324. MES2348Ethernet Switch Series 146 .. console# configure console(config)# interface tengigabitethernet 1/0/15 console(config-if)# port security console(config-if)# port security max 1  Connect the client to a port and learn the MAC address.8/0/1.4). te_port: (1.

. Ethernet interface configuration mode commands Command Value/Default value dot1x port-control {auto | force-authorized | force­unauthorized} [time­range time] -/force-authorized time: (1. Enable repeated client authentication checks (reauthentication). The second authentication method is used only when the first authentication method fails.1X interfaces. Ethernet interface configuration mode commands Command line prompt in the Ethernet interface configuration mode is as follows: console(config-if)# EAP (Extensible Authentication Protocol) performs remote client authentication and defines the authentication method. If this parameter is not specified.. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5.24.1X to change client state from authorized to unauthorized and visa versa . MES5324.24.1X authentication on the interface.2 Port-based client authentication (802. Specify the period between repeated authentication checks.32) no dot1x port-control dot1x reauthentication no dot1x reauthentication -/repeated authentication checks are disabled dot1x timeout reauth­period period period: (300.force-unauthorized .2. .disable 802. MES2348Ethernet Switch Series 147 .153.1x standard enables authentication of switch users via the external server using the port that the client is connected to. Specify one or two AAA methods on the IEEE 802.use a RADIUS server list for user authentication. Global configuration mode commands Command Value/Default value dot1x system­auth­control no dot1x system­auth­control aaa authentication dot1x default {none | radius} [none | radius] -/disabled -/radius no aaa authentication dot1x default Action Enable 802.1x standard) 5.5.force-authorized . Enable manual monitoring of the port authorization state. MES3324.1X authentication mode on the switch.. .1 Basic authentication Authentication based on 802. Only authenticated and authorized users will be able to send and receive the data. Disable 802.time . Port user authentication is performed by a RADIUS server via EAP (Extensible Authentication Protocol).152. All client authentication attempts are ignored.1X authentication on the interface. Set the default value.1X authentication mode on the switch. MES2324. the switch will not provide the authentication service for this port. The port will switch to the authorized state without authentication. Set the default value. . the port will not be authorized.do not perform authentication.use 802. Disable repeated client authentication checks (reauthentication).time interval.radius . .changes the port state to unauthorized.4294967295)/3600 Action Configure 802.none . Table 5.auto .

48)..8/0/1.10)/2 no dot1x max-req dot1x timeout supp­timeout period no dot1x timeout supp­timeout dot1x timeout server­timeout period no dot1x timeout server­timeout dot1x timeout silence­period period no dot1x timeout silence­period Set the default value.....8/0/1.4).65535)/30 seconds Specify the period during which the switch will wait for the response to the request or EAP identification from the client before re-sending the request.24).. Set the default value. Show active authenticated 802.1X state for the switch or selected interface. te_port: (1..no dot1x timeout reauth­period dot1x timeout quiet-period period seconds period: (10.... Set the default value. Show 802..4).160) characters gi_port: (1. show dot1x interface {gigabitethernetgi_port|tengigabitethernette_port|fortygigabitethernetfo_port | oob} show dot1x users [username username] show dot1x statistics interface {gigabitethernetgi_port|tengigabitethernette_port|fortygigabitethernetfo_port | oob} username: (1.1X statistics for the selected interface.8/0/1.1X.. gi_port: (1. MES2348Ethernet Switch Series 148 .. Show 802.8/0/1. Specify the period between repeated requests to the EAP client. period: (60.8/0/1. During this period. Examples of command usage MES5324.4).... period: (1.. Privileged EXEC mode commands Command line prompt in the Privileged EXEC mode is as follows: console# Table 5.. Set the default value. Privileged EXEC mode commands Command Value Action dot1x re-authenticate [gigabitethernetgi_port|tengigabitethernette_port|fortygigabitethernet fo_port | oob] gi_port: (1. Set the default value. MES3324. Specify the maximum number of attempts for sending request to the EAP client before initiating new authentication process.24).65535)/30 seconds no dot1x timeout tx-period dot1x max-req count count: (1.65535)/30 seconds Specify a period during which the switch will wait for a response from the authentication server.65535)/60 seconds no dot1x timeout quiet­period dot1x timeout tx-period period Specify the period during which the switch will remain in the silent state after an unsuccessful authentication attempt. Set the default value.48)... MES2324.8/0/1.8/0/1..24). fo_port: (1.1X switch users. fo_port: (1. period: (30..65535) seconds/not set Set the client idle timeout after which the client becomes unauthorized. Set the default value.8/0/1.. te_port: (1.8/0/1.. te_port: (1. the switch will not accept nor initiate any authentication messages. fo_port: (1.48).154.. Enable manual reauthentication of the port specified in the command or all ports supporting 802. period: (1.

Username 802. Down. Quiet period The period during which the switch will remain in the silent state after an unsuccessful authentication attempt. MES2324. Use RADIUS server for client authentication checks on IEEE 802.1X authentication mode on the switch. Oper mode Port operation mode: Authorized. Auto. Admin mode 802. MES5324. Server timeout The period during which the switch will wait for a response from the authentication server. Supplicant timeout The period between repeated requests to the EAP client. Description of command results Parameter Description Port Port number. Enable 802. Tx period The period during which the switch will wait for the response to the request or EAP identification from the client before re-sending the request. Use 802. Max req The maximum number of attempts for sending request to the EAP client before initiating new authentication process.1X-Based Parameters Tx period: 30 sec Supplicant timeout: 30 sec Max req: 2 Authentication success: 0 Authentication fails: 0 Table 5. MES2348Ethernet Switch Series 149 . the last successfully authorized user name for the port is shown. console# configure console(config)# dot1x system-auth-control console(config)# aaa authentication dot1x default radius console(config)# interface tengigabitethernet 1/0/8 console(config-if)# dot1x port-controlauto  Show 802. Reauth Control Re-authentication control. If the port is authorized.155.1X authentication mode: Force-auth. the current user name is shown.1X username.1x authentication mode on Ethernet interface 8.1X interfaces. for Ethernet interface 8. Unauthorized. MES3324. Force-unauth.1X state for the switch. console# show dot1x interface tengigabitethernet1/0/8 Authentication is enabled Authenticating Servers: Radius Unauthenticated VLANs: Authentication failure traps are disabled Authentication success traps are disabled Authentication quiet traps are disabled te1/0/8 Host mode: multi-host Port Administrated Status: auto Guest VLAN: disabled Open access: disabled Server timeout: 30 sec Port Operational Status: unauthorized* * Port is down or not present Reauthentication is disabled Reauthentication period: 3600 sec Silence period: 0 sec Quiet period: 60 sec Interfaces 802. Reauth Period The period between repeated authentication checks. If the port is not authorized.

console# show dot1x statistics interface tengigabitethernet 1/0/8 EapolFramesRx: 12 EapolFramesTx: 8 EapolStartFramesRx: 1 EapolLogoffFramesRx: 1 EapolRespIdFramesRx: 4 EapolRespFramesRx: 6 EapolReqIdFramesTx: 3 EapolReqFramesTx: 5 InvalidEapolFramesRx: 0 EapLengthErrorFramesRx: 0 LastEapolFrameVersion: 1 LastEapolFrameSource: 00:00:02:56:54:38 Table 5. EapolFramesTx The number of valid EAPOL packets of any type sent by the current authenticator.Session Time The time the user is connected to the device. Filter ID Filter group identifier. Authentication fails The number of messages about unsuccessful authentication received from the server. EapolRespFramesRx The number of EAPOL response packets (except for Resp/Id) received by the current authenticator. EapLengthErrorFramesRx The number of EAPOL packets with an incorrect length received by the current authenticator. InvalidEapolFramesRx The number of EAPOL packets with unrecognised type received by the current authenticator. EapolRespIdFramesRx The number of EAPOL Resp/Id packets received by the current authenticator. MES2348Ethernet Switch Series 150 . MES2324. VLAN VLAN group assigned to the user. MES5324.1X for Ethernet interface 8.  Show statistics on 802. EapolReqIdFramesTx The number of EAPOL Resp/Id packets sent by the current authenticator. Mac address User MAC address. EapolLogoffFramesRx The number of EAPOL Logoff packets received by the current authenticator. Description of command results Parameter Description EapolFramesRx The number of valid EAPOL (Extensible Authentication Protocol over LAN) packets of any type received by the current authenticator. State The current value of the authentication state machine and output state machine. EapolReqFramesTx The number of EAPOL request packets (except for Resp/Id) sent by the current authenticator. Authentication success The number of messages about successful authentication received from the server. LastEapolFrameSource Source MAC address received in the last packet.156. LastEapolFrameVersion EAPOL version received in the last packet. EapolStartFramesRx The number of EAPOL Start packets received by the current authenticator. Authentication Method Established session authentication method. MES3324. Termination Cause The reason why the session is closed.

multiple clients. for the port in General mode. the PVID VLAN may be not authenticated (in this case only tagged packets can be received in an unauthorized state). Enable ‘trap’ message transmission when the client successfully passes MAC address authentication based on 802.157.1x authentication mode activation (or port activation) and adding the port to a guest VLAN.. There are two authentication options: the first option is when the port-based authentication requires that a single client be authenticated so that all clients will have access to the system (multiple hosts mode).158. Set the default value. Specify the action to be performed when the device whose MAC address differs from the client's MAC address attempts to access the interface. . the source address is not learned. Enable ‘trap’ message transmission when the client fails MAC address authentication based on 802.packets whose MAC address differs from the client's MAC address are forwarded. .multi-host .5.1X port. . you can authenticate multiple clients connected to the port.2. The native VLAN of a trunk port cannot be unauthenticated.single host.1x standard.1x standard. Set the default value. Ethernet interface configuration mode commands Command line prompt in the Ethernet interface configuration mode is as follows: console(config-if)# Table 5. MES2324. However.24. the access to network resources will be denied for every connected hosts.. Set the default value. Global configuration mode commands Command Value/Default value dot1x guest-vlan timeout timeout timeout: (30.2 Advanced authentication With advanced dot1x settings. If the port fails authentication in the multiple hosts mode.multi-sessions – multiple sessions. MES3324. The access port cannot be a member of an unauthenticated VLAN. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5.restrict .180)/ no dot1x guest-vlan timeout dot1x traps authentication success -/disabled no dot1x traps authentication success dot1x traps authentication failure no dot1x traps authentication failure -/disabled Action Specify the timeout between 802. . MES2348Ethernet Switch Series 151 . MES5324. and the second option is when all clients connected to the port must be authenticated (multiple sessions mode).single-host .1000000)/1 seconds Action Allow one or multiple clients to be present on an authorized 802. Ethernet interface configuration mode commands Command dot1x host-mode {multi­host | single-host | multi-sessions} dot1x violationmode{restrict | protect | shutdown}[trapfreq] Value/Default value -/ multi-host -/protect freq: (1. Advanced settings also include administration of guest VLANs that can be accessed by the users that are not authenticated.

VLAN is not configured as a guest VLAN no dot1x guest-vlan Action Allow access to the current VLAN for unauthorized users. MES3324.10)/0 no dot1x max­login­attempts Allow unauthorized users of this interface to access the guest VLAN. Privileged EXEC mode commands Command line prompt in the Privileged EXEC mode is as follows: console# MES5324.shutdown . the port will automatically join the guest VLAN when it is unauthorized and leave the guest VLAN when it passes authorization. VLAN interface configuration mode commands Command dot1x auth-not-req no dot1x auth-not-req dot1x guest-vlan Value Unauthorized user access is denied by default. Set the maximum number of hosts to be authenticated.mac . Enable authentication . Disable authentication based on user MAC addresses.159.4294967295) num: (0.packets whose MAC address differs from the client's MAC address are dropped. The device should have at least one configured guest VLAN (dot1x guest-vlan command in the VLAN interface settings). . . 3. MES2324. Set the number of incorrect logins that may be entered before the client is blocked. Allow unauthorized users of this interface to access the guest VLAN.-protect . VLAN configuration mode commands Command line prompt in the VLAN interface configuration mode is as follows: console(config-if)# Table 5. .Re-authentication function must be enabled.enable authentication based on MAC addresses.port is turned down. Return the default value. MES2348Ethernet Switch Series 152 .freq . 0 . .. packets whose MAC address differs from the client's MAC address are dropped.802.web . .. Specify the guest VLAN. Deny access to the current VLAN for unauthorized users. If the guest VLAN is specified and allowed. -/access denied no dot1x guest-vlan enable dot1x authentication [mac |802. .1x – enable 802.1x | web] -/disabled no dot1x authentication dot1x max-hosts hosts no dot1x max-hosts dot1x max-login-attempts num hosts: (1.the SNMP trap messages generation frequency when receiving unauthorized packets. no dot1x single­host­violation dot1x guest-vlan enable Set the default value.enable Web-based authentication . Deny unauthorized users of this interface access the guest VLAN.There must be no static MAC address bindings. Set the default value. To use these functions.1x based authentication. The command is ignored in the multiple hosts mode.Guest VLAN must be enabled when authentication based on MAC address is used. the port must not be a static member of the guest VLAN.no limit Return the default value.

According to this option. DHCP server provides an IP address (IP address range) and other parameters to the switch port. The device discovers DHCP servers in the network and allows them to be used only via trusted interfaces. 5.4) username: string show dot1x locked clients - show dot1x statistics interface {gigabitethernet gi_port |tengigabitethernet te_port |fortygigabitethernet fo_port | oob} - Action Setting up the 802. The device also controls client access to DHCP servers using a mapping table. use the 'ip dhcp relay enable' command in the global configuration mode (see the appropriate section of the operation manual). It is used to establish mapping between IP addresses and switch ports and ensure protection from attacks via DHCP. MES3324. Enterprise number – 0089c1 Device MAC address In order to use Option 82. MES5324. DHCP Option 82 is used to inform DHCP server about the DHCP Relay Agent and the port a particular request came from. forcing DHCP server to report all available addresses..1x protocol on the interfaces (this command is available to privileged uses only). the DHCP Relay agent provides an IP address and sends other required data to the client.48). Show unauthorized clients that were blocked due to timeout.. Show authorized clients. Privileged EXEC mode commands Command Value show dot1x interface {gigabitethernet gi_port |tengigabitethernet te_port |fortygigabitethernet fo_port | oob} show dot1x users [username] gi_port: (1..Table 5.8/0/1. port number) added a DHCP Relay agent mode in the form of a DHCP request received from the client..3 DHCP management and Option 82 DHCP (Dynamic Host Configuration Protocol) is a network protocol that allows the client to request IP address and other parameters required for the proper operations in a TCP/IP network. When the necessary data is received from the server. fo_port: (1. The switch firmware features the DHCP snooping function that ensures device protection from attacks via DHCP.1X statistics on the interfaces. Show 802.160.161. MES2324.. and from the server side by spoofing.8/0/1. te_port: (1.8/0/1. Option 82 field format Field Circuit ID Remote agent ID Information sent Device hostname string in the following format: eth <stacked/slotid/interfaceid>:<vlan> The last byte is the number of the port that the device sending a DHCP request is connected to. DHCP is used by hackers to attack devices from the client side..24. To enable DHCP relay agent function. Option 82 contains additional information (device name. the device must have DHCP relay agent function enabled.24). Table 5. MES2348Ethernet Switch Series 153 .

MES3324.164. Enable DHCP management for a specific VLAN. ingress DHCP packets with Option 82 from untrusted ports are blocked. Prohibit adding Option 82 to DHCP messages.To ensure the correct operation of DHCP snooping feature. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5. use the 'ip dhcp snooping trust' command in the interface configuration mode. Allow the device to add Option 82 to DHCP messages. MES2348Ethernet Switch Series 154 . To add a port to the trusted port list. Backup file is not used -/enabled Action Enable DHCP management for the switch. Disable the use of a DHCP management backup file (database). Enable the use of a DHCP management backup file (database). Option 82 field format in custom mode Field Information sent Circuit ID Length (1 byte) Circuit ID type Length (1 byte) VLAN (2 bytes) Module number (1 byte) Port number (1 byte) Remote agent ID Length (1 byte) MES5324. Deny ingress DHCP packets with Option 82 from untrusted ports. Disable DHCP management for a specific VLAN. all other switch ports should be deemed as 'untrusted'. Disable DHCP management for the switch. Enable verification of client and source MAC addresses received in a DHCP packet on untrusted ports. all DHCP servers used must be connected to trusted switch ports.. Global configuration mode commands Command ip dhcp snooping no ip dhcp snooping ip dhcp snooping vlan vlan_id no ip dhcp snooping vlan vlan_id ip dhcp snooping information option allowed­untrusted no ip dhcp snooping information option allowed­untrusted ip dhcp snooping verify no ip dhcp snooping verify ip dhcp snooping database no ip dhcp snooping database ip dhcp information option no ip dhcp information option Value/Default value -/disabled vlan_id: (1. Table 5.4094)/disabled By default. MES2324. Disable verification of client and source MAC addresses received in a DHCP packet on untrusted port. Verification is enabled by default. To ensure proper protection. Allow egress DHCP packets with Option 82 from untrusted ports. Option 82 field format as per TR-101 recommendations Field Circuit ID Remote agent ID Information sent Device hostname string in the following format: eth <stacked/slotid/interfaceid>:<vlan> The last byte is the number of the port that the device sending a DHCP request is connected to.162.163. Enterprise number – 0089c1 Device MAC address Table 5.

infinity ... MES2348Ethernet Switch Series 155 . te_port: (1.4294967295) seconds no ip dhcp snooping binding mac_address vlan_id clear ip dhcp snooping database - Action Add the mapping between the client MAC address and the VLAN group and IP address for the selected interface to the DHCP management file (database)...8/0/1..167.24)..4).. MES3324...entry timeout.seconds .8/0/1.8/0/1.8/0/1. . group: (1.8) Action Show DHCP Option 82 usage information. te_port: (1. seconds: (10. Remove the mapping entry between the client MAC address and VLAN group from the DHCP management file (database). Clear the DHCP management file (database).8).... Remove the interface from the trusted interface list when DHCP management is used. Show DHCP management function configuration. EXEC mode commands Command line prompt in the EXEC mode is as follows: console# Table 5.8/0/1.. group: (1. The timer will be reset upon receiving an update request from the client (this command is available to privileged users only).48). MES5324.48).. DHCP traffic of a trusted interface is deemed as safe and is not controlled.166. Add the interface into the trusted interface list when DHCP management is used. EXEC mode commands Command show ip dhcp information option show ip dhcp snooping [gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group] Value gi_port: (1. Privileged EXEC mode commands Command ip dhcp snooping binding mac_address vlan_idip_address {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group}expiry {seconds | infinite} Value gi_port: (1.165. .entry timeout is unlimited. MES2324.Remote ID type (1 byte) Length (1 byte) Switch MAC address Ethernet or port group interface (interface range) configuration mode commands Command line prompt in the Ethernet or port group interface configuration mode is as follows: console(config-if)# Table 5. Ethernet interface and interface group configuration mode commands Command Default value Action The interface is not trusted by default.24).8/0/1.4). This entry will be valid for the timeout specified in the command unless the client sends an update request to the DHCP server. ip dhcp snooping trust no ip dhcp snooping trust Privileged EXEC mode commands Command line prompt in the Privileged EXEC mode is as follows: console# Table 5. fo_port: (1. fo_port: (1..

fo_port: (1.8/0/1. MES3324. MES2324. Global configuration mode commands Command Value Action The function is disabled by default.show ip dhcp snooping binding [mac­address mac_address] [ip­address ip_address ] [vlan vlan_id] [gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port­channel group] Show mappings from the DHCP management file (database).8/0/1.8/0/1. vlan_id: (1.. Disable client IP address protection function for the entire switch.24.. Enable client IP address protection function for the entire switch.. Thus. Given that the IP address protection feature uses DHCP snooping mapping tables. 5 DHCP snooping database: enabled Option 82 on untrusted port is allowed Verification of hwaddr field is enabled Interface ----------te0/17 Trusted -----------yes 5. it makes sense to use it after enabling and configuring DHCP snooping.4094) Examples of command usage  Enable the use of DHCP Option 82. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5. IP Source Guard must be enabled for the interface and globally. IP Source Guard eliminates IP address spoofing in packets.168.4).. console# configure console(config)# ip dhcp relay enable console(config)# ip dhcp information option  Show all mappings from the DHCP management file (database)..4 Client IP address protection (IP-source Guard) IP address protection function (IP Source Guard) filters the traffic received from the interface based on DHCP snooping table and IP Source Guard static mappings. gi_port: (1.24). te_port: (1.48). group: (1.. ip source-guard no ip source-guard MES5324...8). console# show ip dhcp snooping DHCP snooping is globally enabled DHCP snooping is configured on following VLANs: 2. MES2348Ethernet Switch Series 156 .

4094).4). ip source-guard tcam locate EXEC mode commands Command line prompt in the EXEC mode is as follows: console# Table 5.. fo_port: (1. Disable client IP address protection feature on the interface.. MES5324...8). This command is available to privileged users only..4094).24).. EXEC mode commands Command show ip source-guard configuration [gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | portchannel group] show ip source-guard status [macaddress mac_address] [ip-address ip_address ] [vlan vlan_id] [gigabitethernet gi_port | tengigabitethernet te_port | Value gi_port: (1. vlan_id: (1. MES3324.169. group: (1.8/0/1. Remove a static entry from the mapping table.. and VLAN group.8) gi_port: (1..ip source-guard binding mac_address vlan_idip_address {gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group} no ip source-guard binding mac_address vlan_id ip source-guard tcam retries­freq {seconds|never} Create an entry with a mapping between the client's IP and MAC address and VLAN group for the specified interface. gi_port: (1.8/0/1.8/0/1.. fo_port: (1. te_port: (1.4).8/0/1.24)... Ethernet interface and interface group configuration mode commands Command ip source-guard no ip source-guard Value Action This feature is disabled by default... MES2324. IP address. This command shows the status of IP address protection for the specified interface.24). Specify the device access rate to internal resources when saving inactive secured IP addresses into the memory.8/0/1.... Privileged EXEC mode commands Command line prompt in the Privileged EXEC mode is as follows: console# Table 5.. Action This command shows IP address protection configuration for the selected (or all) device interfaces.. Set the default value. te_port: (1.8/0/1.8).. group: (1. vlan_id: (1.170..8/0/1. MAC address. group: (1.48).. Privileged EXEC mode commands Command Value Action - Manually start access to internal resources to store inactive secured IP addresses into the memory..deny storing inactive secured IP addresses into the memory. . Enable client IP address protection feature on the interface.8/0/1.48).never .600)/60 seconds no ip source-guard tcam retries-freq Ethernet or port group interface (interface range) configuration mode commands Command line prompt in the Ethernet or port group interface configuration mode is as follows: console(config-if)# Table 5. seconds: (10.8/0/1.. fo_port: (1. te_port: (1.171.4). MES2348Ethernet Switch Series 157 .48)..

MES3324. Examples of command usage  Show IP address protection configuration for all interfaces. MES2348Ethernet Switch Series 158 . MES2324.fortygigabitethernet fo_port | portchannel group] show ip source-guard inactive - Command shows inactive sender IP addresses. MES5324.

168. Source MAC address: ARP requests and responses are checked for correspondence between the MAC address in the Ethernet header and the source MAC address in the ARP content. Interface --------te0/4 te0/21 te0/22  State -----Enabled Enabled Enabled Enable IP address protection for traffic filtering based on DHCP snooping mapping table and IP Source Guard static mappings. Global configuration mode commands Command ip arp inspection no ip arp inspection ip arp inspection vlan vlan_id no ip arp inspection vlan vlan_id ip arp inspection validate Value/Default value Action The function is disabled by default.14 tengigabitethernet 1/0/12 5.. the port will not respond to ARP requests. it must also be untrusted for DHCP snooping.704A.168.. Otherwise.16. Disable ARP Inspection. If a port is configured as untrusted for the ARP Inspection feature. Enable ARP Inspection based on DHCP snooping mapping database in the selected VLAN group. ARP inspection is based on static mappings between specific IP and MAC addresses for a VLAN group. Untrusted ports are checked for correspondence between IP and MAC addresses. - MES5324.4094).172.ABAF 3 192. MES2324. MES3324. Destination MAC address: ARP responses are checked for correspondence between the MAC address in the Ethernet header and the target MAC address in the ARP content. ARP-spoofing). MES2348Ethernet Switch Series 159 . vlan_id: (1. IP address: ARP packet content is checked for incorrect IP addresses. Enable specific checks for ARP inspection.14.5 ARP Inspection ARP Inspection feature ensures protection from attacks via ARP (e. The function is disabled by default.console# show ip source-guard configuration IP source guard is globally enabled.g.24. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5. MAC address 00:60:70:4A:AB:AF. Disable ARP Inspection based on DHCP snooping mapping database in the selected VLAN group. The interface in the 3rd VLAN group: console# configure console(config)# ip dhcp snooping console(config)# ip source-guard console(config)# ip source-guard binding 0060.16. and the mapping between MAC and IP addresses for this port should be static. Enable ARP Inspection. Create a static entry in the mapping table Ethernet interface 12: client IP address 192.

group: (1.. MES5324. ip arp inspection trust no ip arp inspection trust ARP list configuration mode commands Command line prompt in the ARP list configuration mode appears as follows: console# configure console(config)# ip arp inspection listcreate spisok console(config-arp-list)# Table 5.infinite . MES2348Ethernet Switch Series 160 .175. Remove the interface from the list of trusted interfaces when ARP inspection is enabled.24). Add the interface into the list of trusted interfaces when ARP inspection is enabled... te_port: (1. MES3324.4). ip arp inspection list create name no ip arp inspection list create name ip arp inspection list assign vlan_id no ip arp inspection list assign vlan_id ip arp inspection logging interval {seconds|infinite} 1. Ethernet or port group interface (interface range) configuration mode commands Command line prompt in the Ethernet or port group interface configuration mode is as follows: console(config-if)# Table 5.32) characters Assign a list of static ARP mappings to the selected VLAN.. name: (1. Create a list of static ARP mappings.8/0/1.do not generate the log messages. Ethernet interface and interface group configuration mode commands Command Default value Action The interface is not trusted by default. .174. ARP list configuration mode commands Command Value/Default value ip ip_address mac-address mac_address no ip ip_address mac­address mac_address Action Add a static mapping between IP and MAC address.4094) seconds: (0.set '0' to generate messages immediately. Enter ARP list configuration mode. Remove a list of static ARP mappings.. Set the default value. EXEC mode commands Command line prompt in the EXEC mode is as follows: console# Table 5.. EXEC mode commands Command show ip arp inspection [gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group] show ip arp inspection list Value gi_port: (1.86400)/5 seconds no ip arp inspection logging interval Unassign a list of static ARP mappings to the selected VLAN.. Specify the minimum interval between ARP information messages sent to the log.8/0/1.. fo_port: (1. Show lists of static IP and MAC address matchings (this command is available to privileged users only). MES2324.173. - Remove a static mapping between IP and MAC address.48). 2.no ip arp inspection validate Disable specific checks for ARP inspection.8/0/1. ARP traffic through a trusted interface is deemed as safe and is not controlled. .8) - Action Show ARP Inspection configuration for the selected interface/all interfaces. vlan_id: (1...

Option 82).4094) Show statistics for the following packet types processed by the ARP feature: .176.70AB.168. MES2324.. When the switch receives a response from the server. DHCP Relay agent adds extra options to the client DHCP requests (e.98 0060. Specify the IP address of an available DHCP server for the DHCP Relay agent. Global configuration mode commands Command ip dhcp relay enable no ip dhcp relay enable ip dhcp relay address ip_address no ip dhcp relay address [ip_address] Value Action The agent is disabled by default.168. DHCP Relay agent transfers DHCP packets from the client to the server and back if the DHCP server and the client are located in different networks.forwarded packets . MES3324.98mac-address0060. it sends it to the client.16.168.4094) clear ip arp inspection statistics [vlan vlan_id] vlan_id: (1. Remove an IP address from the list of DHCP servers for the DHCP Relay agent.. forwards them to the server on behalf of the client (leaving request options with parameters required by the client and adding its own options according to the configuration).CCCD console(config-ARP-list)# exit console(config)# ip arp inspection list assign11 spisok  Show the lists of static IP and MAC address mappings: console# show ip arp inspection list List name: servers Assigned to VLANs: 11 IP ARP -----------------------------------192. Disable DHCP Relay agent feature for the switch. DHCP Relay agent operating principle for the switch: the switch receives DHCP requests from the client.16. MES2348Ethernet Switch Series 161 . Assign the 'spisok' static ARP matching list to VLAN 11: console# configure console(config)# ip arp inspection list create spisok console(config-ARP-list)# ip192. You can configure up to 8 servers. IP-address: 192. Examples of command usage  Enable ARP Inspection and add the a static mapping to the 'spisok' list: MAC address: 00:60:70:AB:CC:CD.98. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5. Enable DHCP Relay agent feature for the switch. Also.dropped packets .16.25 DHCP Relay features The switches support DHCP Relay agent functions.g.show ip arp inspection statistics [vlan vlan_id] vlan_id: (1. MES5324.CCCD 5.70AB.IP/MAC failures Clear ARP Inspection statistics.

VLAN and Ethernet interface configuration mode commands Command ip dhcp relay enable no ip dhcp relay enable Value/Default value The agent is disabled by default. Action Enable DHCP Relay agent feature on the interface.16.177. Servers: 192. MES3324. MES2324. MES2348Ethernet Switch Series 162 .178.38 Relay agent Information option is Enabled MES5324. Disable DHCP Relay agent feature on the interface. EXEC mode commands Command show ip dhcp relay Value/Default value Action - Show the DHCP Relay agent feature configuration for the switch and for interfaces separately. Examples of command usage  Show DHCP Relay agent feature status: console# show ip dhcp relay DHCP relay is Enabled DHCP relay is not configured on any vlan.VLAN interface configuration mode commands Command line prompt in the VLAN interface configuration mode is as follows: console# configure console(config)# interfacevlanvlan_id console(config-if)# Table 5. and the list of available servers.168. EXEC mode commands Command line prompt in the EXEC mode is as follows: console# Table 5.

MES5324.mac_address . .low-address . . Remove reserved IP addresses. DHCP server static addresses configuration mode commands Command line prompt in the DHCP server static address configuration mode is as follows: console# configure console(config)# ip dhcp pool hostname console(config-dhcp)# Table 5. MES2348Ethernet Switch Series 163 . Remove the name of the DHCP client.name .5.32) characters Action Manual IP address backup for a DHCP client. .name of the DHCP address pool. . Enter the DHCP server static address configuration mode. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5. Global configuration mode commands Command ip dhcp server no ip dhcp server ip dhcp pool host name no ip dhcp pool host name Value/Default value -/disabled name: (1.the IP address which will be assigned to the client's physical address. .МАС address.32) characters no ip dhcp excluded­address low_address [high_address] Action Enable the DHCP server function for the switch.NIC physical address (identifier).ip_address .179. Delete a DHCP pool with the specified name..mask/prefix_length .32) characters ip dhcp pool network name no ip dhcp pool network name ip dhcp excluded-address low_address [high_address] name: (1.. MES3324.180. and automatically provides them to subscribers. Delete a configuration of the DHCP client with the specified name.id . . the switches can operate with the DHCP Relay. Ethernet switches can operate in both modes: DHCP client (obtaining an IP address from a DHCP server) and DHCP server. MES2324. Specify the IP addresses which will not be assigned to DHCP clients by the DHCP server.subnet mask / prefix length. Enter the DHCP address pool configuration mode. . If the DHCP server is disabled.high-address . Configuration mode commands Command address ip_address {mask | prefix_length} {client­identifier id | hardware-address mac_address} no address client-name name no client-name Value - name: (1. Specify the name of the DHCP client. Disable the DHCP server function for the switch.26 DHCP Server Configuration DHCP server performs centralised management of network addresses and corresponding configuration parameters. This avoid having to manually configure network devices and reduces errors. Remove an IP address from the list of exceptions that cannot be assigned to DHCP clients.the last IP address of the range.the first IP address of the range..

the last IP address of the range. Specify the name of the file which is used for boot load of MES5324.ip_address_list .IP address of the subnet number.infinite . no default-router dns-server ip_address_list The list of DNS servers is not defined by default.32) characters The list of WINS servers is not defined by default. Set the default value.low_address .ip_address_list . . . Define the domain name for DHCP clients. MES2348Ethernet Switch Series 164 .the number of hours. The IP address of the router and the client must be in the same subnetwork.128) Action Define the default list of routers for a DHCP client. Configuration mode commands Command Value address {network_number | low low_address high high_address} {mask | prefix_length} - no address lease {days [hours [minutes]] | infinite} -/1 day no lease Action Set the subnet number and subnet mask for the address poll of the DHCP server. . . Remove a DHCP address pool configuration. Set the default value. . Set the default value. .minutes . Set the default value.182.list of IP addresses of the routers. . Define the list of WINS servers available to DHCP clients.hours .days . . . no netbios-node-type next-server ip_address no next-server next-server-name name name: (1.m-node .181.. .64) characters no next-server-name bootfile filename filename: (1. can contain up to 8 space-delimited entries.list of IP addresses of WINS server. can contain up to 8 space-delimited entries. no dns-server domain-name domain no domain-name netbios-name-server ip_address_list domain: (1.broadcast node. Set the default value. Define the type of the NetBIOS Microsoft node for DHCP clients: . can contain up to 8 space-delimited entries.DHCP Server Pool configuration mode commands Command line prompt in the DHCP server pool configuration mode is as follows: console# configure console(config)# ip dhcp pool networkname console(config-dhcp)# Table 5. MES3324.subnet mask / prefix length..the number of days. Set the default value. Lease period for the IP address which is assigned by DHCP. . The command is used to inform DHCP client about the address of the server (TFTP as a rule) with the boot file.ip_address_list .. The command is used to inform DHCP client about the name of the server with the boot file.network_number .p-node .mask/prefix_length . Configuration mode commands Command Value/Default value default-router ip_address_list The list of routers is not defined by default. .high_address . Define the list of DNS servers available to DHCP clients. no netbios-name-server netbios-node-type {b-node | p­node | m-node | h-node} The type of the NetBIOS node is not defined by default.the number of minutes.b-node .h-node . Set the default value.the first IP address of the range.mixed node. .point-to-point. DHCP server pool and DHCP server static addresses configuration mode commands Command line prompt is as follows: console(config-dhcp)# Table 5. MES2324. . Set the default value.list of IP addresses of DNS server.the lease period is not limited.hybrid node.

.name .168.IP address assigned by the DHCP server. int_val: (0. Display configuration for static addresses of the DHCP server: .168.the code of a DHCP server option.ip_address_list . Define the list of time servers available to DHCP clients...ip_address . Display statistics of the DHCP server.0 console(config-dhcp)# domain-nametest.code .183.32) characters show ip dhcp pool network [name] name: (1. .name of the DHCP address pool.255).255.* .45.255.characters no bootfile time-server ip_address_list The list of servers is not defined by default.1 MES5324. false). MES2324.ascii_string .hex_string .160) characters. . and status of the IP addresses.client IP address.168. console# console# configure console(config)# ip dhcp pool networktest console(config-dhcp)# address192. Display the IP addresses which are mapped to the client physical addresses as well as the lease period.112. . MES3324. Display DHCP server configuration.45. can contain up to 8 space-delimited entries. .delete all records. bool_val: (true.45. no option code the DHCP client.an ASCII string.. MES2348Ethernet Switch Series 165 .a hex string. Display configuration for the DHCP address pool of the DHCP server: . Privileged EXEC mode commands Command Value clear ip dhcp binding {ip_address | *} - show ip dhcp show ip dhcp excluded­addresses show ip dhcp pool host [ip_address | name] name: (1. Display the IP addresses which will not be assigned to DHCP clients by the DHCP server. Set the default value.ru. . desc: (1. default gateway – 192.name . assignment method. Privileged EXEC mode commands Command line prompt in the Privileged EXEC mode is as follows: console# Table 5. Remove DHCP server options. ..the list of IP addresses..name of the DHCP address pool.0 255.168.45.45.160) characters. Examples of command usage  Configure the test DHCP pool and specify the following parameters for the DHCP client: domain name – test. Set the default value.4294967295). -bool_val – Boolean value.1 and default DNS server – 192.168.32) characters show ip dhcp binding [ip_address] show ip dhcp server statistics - - Action Delete entries from the table of correspondence between physical addresses and the addresses taken from the pool and assigned by the DHCP server: . .112 console(config-dhcp)# default-router192.list of IP addresses of time servers. no time-server option code {boolean bool_val | integer int_val | ascii ascii_string | ip[-list] ip_address_list | hex {hex_string | none}} [description desc] code: (0..ru console(config-dhcp)# dns-server192. Configures DHCP server options.ip_address . ascii_string: (1.integer – an integer.ip_address_list .

which may be either an Ethernet interface or a port group. ACLs for IPv6. MES2348Ethernet Switch Series 166 . Remove a MAC-based ACL.time_name . MES3324. Command line prompt in the Ethernet or port group interface configuration mode is as follows: console(config-if)# MES5324. Remove an existing time-range configuration.27 ACL Configuration ACL (Access Control List) is a table that defines filtration rules for ingress and egress traffic based on IP and MAC addresses. no time-range time_name Enter the time-range configuration mode and define time periods for the access list. no mac access-list extended access_list time-range time_name time_name: (0. Two lists of the same type can not be used for the same interface. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console (config)# Table 5. A MAC-based ACL can not be used with both IPv6 and IPv4 lists at the same time.32) characters... MES2324. The ACL creation and modification commands are available in the global configuration mode. no ip access-list extended access_list ipv6 access-list access_list Remove an IPv4 ACL. IPv4 and MAC addresses must have different names. protocols. associate it with an interface. TCP/UDP ports specified in the packets. ACL creation and modification commands Command Value Action ip access-list extended access_list Create a new advanced IPv4 ACL and enter its configuration mode (if the does not exist) or enter the configuration mode of a previously created list. IPv6 and IPv4 lists can be used simultaneously in one physical interface. Remove an IPv6 ACL. no ipv6 access-list access_list mac access-list extended access_list Create a new advanced IPv6 ACL and enter its configuration mode (if the list does not exist) or enter the configuration mode of a previously created list.32) characters. Create a new MAC-based ACL and enter its configuration mode (if the list does not exist) or the configuration mode of a previously created list. To activate an ACL list. Ethernet or port group interface configuration mode commands.5. access_list: (0. .the name of the time-range settings profile.184.

.. group: (1.8/0/1.. MES3324.48). vlan_id: (1. vlan_id: (1.. EXEC mode commands Command line in the EXEC mode appears as follows: console# Table 5. te_port: (1. gi_port: (1.8)..8/0/1.4).8/0/1. Remove a list from the interface..24). gi_port: (1.32) characters. MES5324. gi_port: (1.. Display ACL counters.8).. vlan_id: (1.4094).187.8/0/1..32) characters..8/0/1. group: (1.48). ACL display commands Command show access-lists [access_list] show access-lists time­range­active [access_list] show interfaces access-lists [gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group | vlan vlan_id] clear access-lists counters [gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group | vlan vlan_id] show interfaces access-lists trapped packets [gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group | vlan vlan_id] Value access_list: (0.. Display active ACLs created on a switch.. MES2324.48)... Privileged EXEC mode commands Command line in the Privileged EXEC mode appears as follows: console# Table 5. Command service-acl input access_list no service-acl input Value Action access_list: (0. te_port: (1.. group: (1.4094). ACL display commands Command show time-range [time_name] Value - Action Display the time-range configuration. Reset all ACL counters or ACL counters for the specified interface.8). fo_port: (1...24).. Action Display ACLs created on the switch. Displays ACLs assigned to interfaces. te_port: (1. The command that assigns an ACL to an interface. fo_port: (1. This command specifies binds the specified list to an interface in the settings of that physical interface.. fo_port: (1..24)..8/0/1.8/0/1.186. MES2348Ethernet Switch Series 167 .4094).8/0/1..8/0/1..185.Table 5.4).4)....

information-reply. “1” indicates an ignored bit. mobileregistration-request. This field is used to specify the protocol value (or all protocols) which will be used to filter traffic. ipv6:icmp. IGMP message type Type of IGMP messages used for IGMP packets filtering.5. the mask can be used to specify an IP network that will be filtered out. eigrp. execute the following command: console# console# configure console(config)# ip access-list extendedEltexAL console(config-ip-al)# Table 5. timestamp-reply. The mask defines the bits of the IP address which should be ignored. l2tp. The bit mask applied to the source IP address of the packet. The following protocol values are available: icmp. precedence IP priority Define the priority of IP traffic: (0-7). In order to create an IPv4-based ACL and enter its configuration mode.27.0.255. icmp_type icmp_code igmp_type - Type of ICMP messages used for ICMP packets filtering. traceroute. rdp. domain_namerequest. mobile-host-redirect. echo-request. or the numeric value of the protocol number (0–255). time_name Name of the time-range configuration profile Specify configuration of time periods. gre. idpr. igmp. ipv6:frag. use the following command:ip access-list extended access-list. photuris. Specify the value of the diffserv DSCP field. ip. or the numeric value of the message type (0–255). “1” indicates an ignored bit. ipv6:rout. Possible message codes for theicmp_code field:(0 – 255). ipinip. to create an ACL named EltexAL. destination-unreachable. ah. For example. rsvp. time-exceeded. Address mask of the destination The bit mask applied to the destination IP address of the packet.e. redirect. ospf. The mask defines the bits of the IP address which should be ignored. timestamp. the last 16 bits of the IP address will be ignored. source-quench.0. Create a ‘deny’ filtering rule in the ACL. i. idrp. destination_wildcard vlan Vlan ID dscp The DSCP field in the L3 header Specify the Vlan this rule will apply to. MES5324. datagram-conversion-error. parameter-problem. ipip. router-advertisement. the mask should be set to 0. hmp. ipv6. domain_name-reply. For example.255. skip. isis. egp.0 IP to a filtering rule. address-mask-request. mobile-registration-reply. Possible message codes for the igmp_type field:host-query. esp. address-mask-reply. tcp. Main command parameters Parameter permit deny Value Permit action Deny action protocol Protocol source Source address source_wildcard Address mask of the source destination Action Create a ‘permit’ filtering rule in the ACL.1 IPv4-based ACL Configuration This section provides description of main parameters and their values for IPv4-based ACL configuration commands.165. MES2348Ethernet Switch Series 168 . udp.188. igp. MES2324. routersolicitation. Destination address Specify the destination IP address of the packet. Possible message codes for thedscp field: (0 – 63). alternatehost-address. information-request. Specify the source IP address of the packet. In order to add IP network 195. pim. specify the value ip. ICMP message code Code of ICMP messages used for ICMP packets filtering. This mask is used similarly to the source_wildcard mask. To match all protocols. MES3324. Possible message codes for the icmp_type field:echo-reply.

+ack. +syn. For an UDP port: biff (512). +rst. tftp (69). The lower the index. daytime (13). echo (7 ). lpd (515). pim. dnsix (90). MES2324. TCP flags If you want to filter by a specific flag. finger (79). time (37). As soon as at least one entry has been added to the ACL. tacacs-ds (49). The packets that meet the entry's conditions will be processed by the switch. Add a permit filtering entry for the IP. netbios-ns (137). host-report-v2. chargen (19). MES3324. The name of the user templates list Specify the user templates list that will be used to recognize packets. kshell (544). pop2 (109). Message log Enable message log registration when a packet corresponding to the entry is received. pop3 (110). klogin (543).647. host-report-v3 or the numeric value of the message type (0–255). Add a permit filtering entry for the ICMP. snmptrap (162).host-report. rip (520). +fin. put "+" before it. -rst. Record priority The index indicates position of the rule in a list and its priority. domain (53). the last entry is set by default to “deny any any any”. discard (9). on500isakmp (4500). -syn and -fin. mobile-ip (434). smtp (25). ntp (123). nameserver (42). Disable a port Disable the port when receiving a packet from it that satisfies the conditions of a deny command that describes that field. cisco-trace. dvmrp. bootps (67). otherwise put "-". drip (3949). syslog (514). The packets that meet the entry's conditions will be processed by the switch. Configuration commands for IP-based ACLs Command permit protocol{any | source source_wildcard}{any | destination destination_wildcard} [dscp dscp | precedence precedence][time­range time_name] [ace-priority index] permit ip{any | source_ip source_ip_wildcard}{any | destination_ip destination_ip_wildcard} [dscp dscp | precedence precedence][time­range range_name] [ace-priority index] permit icmp {any | source source_wildcard}{any | destination destination_wildcard}{any | icmp_type} {any | icmp_code} [dscp dscp | ip-precedence precedence] [time­range time_name] [acepriority index] [offset-list offset_list_name] [vlan vlan_id] MES5324. discard (9). If you use multiple flags for filtering. destination_port UDP/TCP destination port source_port UDP/TCP source port list_of_flags disable_port log_input offset_list_name Possible values for the TCP port field: bgp (179). sunrpc (111). ftp-data (20). whois (43). talk (517). use parameter “any”. syslog (514). Possible flags: +urg. Or a numeric value (0–65535). The packets that meet the entry's conditions will be processed by the switch. uucp (117).189. -urg. Every ACL may have its own templates list. talk (517). which ignores all packets that do not meet the ACL conditions. the higher the priority. For example: +fin-ack. netbios-dgm (138). -ack. hostname (42). irc (194). bootpc (68). Table 5.147. sunrpc (1110. ftp (21). -psh. ace-priority In order to select the complete range of parameters except dscp and ip-precedence.483. they are joined in one line without spaces. nntp (119). domain (53). hostleave-v2. MES2348Ethernet Switch Series Action Add a permit filtering entry for a protocol. time (37). +psh. Possible values are from 1 to 2. telnet (23). tacacs-ds (49). who (513). echo (7). snmp (161). gopher (70). www (80). xdmcp (177). 169 .

If the disable-port keyword is specified. The packets that meet the entry's conditions will be processed by the switch. If the loginput keyword is specified. Add a permit filtering entry for the UDP. If the log-input keyword is specified. MES2348Ethernet Switch Series Add a permit filtering entry for the IGMP. The packets that meet the entry's conditions will be processed by the switch. The packets that meet the entry's conditions will be blocked by the switch. the physical interface receiving the packet will be disabled. If the log-input keyword is specified. If the disable-port keyword is specified. the physical interface receiving the packet will be disabled. If the disableport keyword is specified. The packets that meet the entry's conditions will be blocked by the switch. MES3324.permit igmp {any | source source_wildcard}{any | destination destination_wildcard}[igmp_type] [dscp dscp | precedence precedence] [time­range time_name] [ace­priority index] permit tcp{any | source source_wildcard }{any | source_port}{any | destination destination_wildcard}{any | destination_port} [dscp dscp | precedence precedence] [match­all list_of_flags] [time-range time_name] [ace­priority index] permit udp{any |source source_wildcard} {any | source_port}{any | destination destination_wildcard} {any | destination_port} [dscp dscp | precedence precedence] [time­range time_name] [ace-priority index] deny protocol{any | source source_wildcard}{any | destination destination_wildcard}[dscp dscp| precedence precedence] [time­range time_name] [disable­port | log­input] [ace-priorityindex] deny ip{any | source_ip source_ip_wildcard}{any | destination_ip destination_ip_wildcard}[dscp dscp| precedence precedence] [time­range range_name] [disable­port | log­input] [ace-priority index] deny icmp {any | source source_wildcard}{any | destination destination_wildcard}{any | icmp_type}{any | icmp_code} [dscp dscp | precedence precedence] [time­range time_name] [disable­port | log­input] [ace-priority index] MES5324. Add a deny filtering entry for the ICMP. MES2324. a message will be sent to the system log. The packets that meet the entry's conditions will be blocked by the switch. the physical interface receiving the packet will be disabled. Add a deny filtering entry for the IP. Add a deny filtering entry for a protocol. The packets that meet the entry's conditions will be processed by the switch. a message will be sent to the system log. Add a permit filtering entry for the TCP. a message will be sent to the 170 .

If the log-input keyword is specified. If the disableport keyword is specified.2 IPv6 ACL Configuration This section provides description of main parameters and their values for IPv6-based ACL configuration commands. the physical interface receiving the packet will be disabled.system log. For example. If the loginput keyword is specified. the physical interface receiving the packet will be disabled. The packets that meet the entry's conditions will be blocked by the switch. 5. a message will be sent to the system log. a message will be sent to the system log. a message will be sent to the system log. use the following command:ipv6 access-listaccess-list. The packets that meet the entry's conditions will be blocked by the switch. If the disable-port keyword is specified. In order to create an IPv6-based ACL and enter its configuration mode. the physical interface receiving the packet will be disabled. to create the MESipv6 ACL. The packets that meet the entry's conditions will be blocked by the switch. MES3324. deny igmp {any | source source_wildcard}{any | destination destination_wildcard}[igmp_type] [dscp dscp | precedence precedence] [time­range time_name] [ace-priority index] [disable-port | log-input] deny tcp{any |source source_wildcard}{any | source_port}{any | destination destination_wildcard}{any | destination_port} [dscp dscp | precedence precedence] [match­all list_of_flags] [time-range time_name] [ace-priority index] [disable-port | log-input] deny udp{any |source source_wildcard} {any | source_port}{any | destination destination_wildcard} {any | destination_port} [dscp dscp | precedence precedence] [time­range time_name] [ace-priority index] [disable-port | log-input] Add a deny filtering entry for the IGMP. If the loginput keyword is specified.27. Add a deny filtering entry for the TCP. If the disableport keyword is specified. Add a deny filtering entry for UDP. MES2348Ethernet Switch Series 171 . the following commands should be executed: console# console# configure console(config)# ipv6 access-list MESipv6 console(config-ipv6-al)# MES5324. MES2324.

-urg. talk (517). tcp (6). If you want to filter by a specific flag. nd-ns (135).Table 5. Or a numeric value (0–65535). rip (520). finger (79). For an UDP port: biff (512). It is used to filter ICMP packets. udp. tcp. domain (53). pop3 (110). As soon as at least one entry has been added to the ACL. www (80). time-exceeded (3). Specify configuration of time periods. tacacs-ds (49). drip (3949). telnet (23). gopher (70). Protocol source_prefix/length destination_prefix/length dscp Source address and its length Destination address and its length The DSCP field in the L3 header IP priority Name of the time-range configuration profile precedence time_name icmp_type ICMP message type icmp_code destination_port ICMP message code UDP/TCP destination port source_port UDP/TCP source port list_of_flags TCP flags disable-port log-input ace-priority Disable a port Message log Rule index It is used to filter ICMP packets. netbios-dgm (138). tacacs-ds (49). -syn and -fin. router-advertisement (134). specify the value ipv6. Possible flags: +urg. otherwise put "-". parameter-problem (4). sunrpc (111). smtp (25). chargen (19). tftp (69). mld-done (132). MES2348Ethernet Switch Series 172 . bootpc (68). discard (9). nntp (119). snmp (161). discard (9). pop2 (109). talk (517). kshell (544). Possible values for the TCP port field: bgp (179). mobile-ip (434). +ack. packet-too-big (2). echo (7). Specify the priority of IP traffic: (0-7). The lower the index. hostname (42). echo (7 ). on500isakmp (4500). Define the IPv6 address and prefix length (0–128) (the number of the most significant bits in the address) of the packet destination. Create a ‘deny’ filtering rule in the ACL. routersolicitation (133). MES2324.190. ftp-data (20). +psh. klogin (543). Define the IPv6 address and prefix length (0–128) (the number of the most significant bits in the address) of the packet source. time (37). lpd (515). -ack. syslog (514). +fin. dnsix (90). MES3324. echo-reply (129). use parameter “any”. Disable the port when receiving a packet from it that satisfies the conditions of a deny command that describes that field. irc (194). Possible message codes and values for the icmp_type field:destination-unreachable (1). the following entries are added at the end of the list: permit-icmp any any nd-ns any permit-icmp any any nd-na any deny ipv6 any any MES5324. mldv2-report (143). nameserver (42). put "+" before it. Enable message logging upon receiving a packet that matches the entry. The following protocol values are available: icmp. daytime (13). domain (53). mld-query (130). In order to select the complete range of parameters except dscp and ip-precedence. sunrpc (1110. Possible message codes for thedscp field: (0 – 63). the higher the priority of the rule. ftp (21). netbios-ns (137). ndna (136). Specify the value of the diffserv DSCP field. ntp (123). -psh. who (513). This field is used to specify the protocol value (or all protocols) which will be used to filter traffic. or the protocol number – icmp (58). syslog (514). xdmcp (177). bootps (67). -rst. To match all protocols. Main command parameters Parameter permit deny protocol Value Action Permit Deny Create a ‘permit’ filtering rule in the ACL. (1-2147483647). echo-request (128). whois (43). time (37). mldreport (131). +syn. snmptrap (162). uucp (117). Rule index in the table. udp (17). +rst. Possible field values (0–255).

IPv6-based ACL configuration commands Command permit protocol{any | source_prefix/length} {any | destination_prefix/length} [dscp dscp | precedence precedence][time­range time_name][ace-priority index] permit icmp {any | source_prefix/length} {any | destination_prefix/length} {any | icmp_type}{any | icmp_code} [dscp dscp| precedence precedence][time­range time_name] [ace-priority index] permit tcp {any | source_prefix/length} {any | source_port}{any | destination_prefix/length}{any | destination_port} [dscp dscp | precedence precedence][time­range time_name] [match­all list_of_flags] [ace-priority index] permit udp {any | source_prefix/length} {any | source_port}{any | destination_prefix/length}{any | destination_port} [dscp dscp | precedence precedence][time­range time_name] [ace-priority index] deny protocol{any | source_prefix/length} {any | destination_prefix/length} [dscp dscp | precedence precedence][time­range time_name][disable­port | log­input][ace-priority index] deny icmp {any | source_prefix/length} {any | destination_prefix/length}{any | icmp_type}{any|icmp_code} [dscp dscp| precedence precedence][time­range time_name][disable­port | log­input] [ace-priority index] deny tcp {any | source_prefix/length} {any | source_port}{any | destination_prefix/length} {any | destination_port} [dscp dscp | precedence precedence] [match­all list_of_flags] [time­range time_name] [disable­port | log­input] [ace-priority index] deny udp {any | source_prefix/length} {any | source_port}{any | destination_prefix/length} {any | destination_port} [dscp dscp | precedence precedence] [match­all list_of_flags] [time­range time_name] [disable­port | log­input] [ace-priority index] Action Add a permit filtering entry for a protocol. The packets that meet the entry's conditions will be blocked by the switch. Add a permit filtering entry for the UDP. MES2324. a message will be sent to the system log. If the disable-port keyword is specified. If the disable-port keyword is specified. If the log-input keyword is specified.The first two of these entries enable search of neighbour IPv6 devices with the help of ICMPv6. a message will be sent to the system log. Table 5. If the disable-port keyword is specified. The packets that meet the entry's conditions will be processed by the switch. the physical interface receiving the packet will be disabled. The packets that meet the entry's conditions will be blocked by the switch. If the disable-port keyword is specified. MES5324. 5. Add a deny filtering entry for a protocol. MES2348Ethernet Switch Series 173 . Add a permit filtering entry for the ICMP. The last entry ignores all packets that do not meet the ACL conditions. Add a deny filtering entry for the ICMP. The packets that meet the entry's conditions will be blocked by the switch. Add a deny filtering entry for the TCP. If the log-input keyword is specified. Add a deny filtering entry for UDP. the physical interface receiving the packet will be disabled. The packets that meet the entry's conditions will be processed by the switch. If the log-input keyword is specified. Add a permit filtering entry for the TCP. MES3324.27. If the log-input keyword is specified. The packets that meet the entry's conditions will be processed by the switch. The packets that meet the entry's conditions will be processed by the switch. The packets that meet the entry's conditions will be blocked by the switch. the physical interface receiving the packet will be disabled.191. a message will be sent to the system log. a message will be sent to the system log.3 MAC-based ACL Configuration This section provides description of main parameters and their values for MAC-based ACL configuration commands. the physical interface receiving the packet will be disabled.

0. the last entry is set by default to “deny any any”. eth_type disable-port eth_type: (0. The lower the index. “1” indicates an ignored bit. use the following command: mac access-list extendedaccess-list. which ignores all packets that do not meet the ACL conditions.647). thus. and 1 is 001.7) A bit mask applied to the class of service (CoS) of the packets being filtered. As soon as at least one entry has been added to the ACL.FF. e. CoS can be either 110 (6) or 111 (7)).4095) cos: (0. MES5324.In order to create a MAC-based ACL and enter its configuration mode. Specify the destination MAC address of the packet. This mask is used similarly to the source_wildcard mask. i.0xFFFF) - log-input Log messages time_name Name of the time-range configuration profile ace-priority Rule index The index indicates position of the rule in the table. “1” indicates an ignored bit.193.0.. Enable message logging upon receiving a packet that matches the entry. vlan_id: (0. Define MAC address of the packet source. the CoS field should have value 6 or 7 and the mask field should have value 1 (the binary form of 7 is 111.хх. specify the mask 0. Create a ‘deny’ filtering rule in the ACL. the last bit will be ignored. use parameter “any”. VLAN subnetwork for packets filtering. Table 5. “1” indicates an ignored bit. Ethernet type in hex form for the packets being filtered. For example. MES3324. For example. The packets that meet the entry's conditions will be processed by the switch. Disable the port when receiving a packet from it that satisfies the conditions of a deny command. execute the following command: console# console# configure console(config)# mac access-list extended MESmac console(config-mac-al)# Table 5.. For example.483.FF. the higher the priority (1 to 2.. MAC-based ACL configuration commands Command permit {any | source sourcewildcard}{any | destination destination_wildcard} [vlan vlan_id] [cos cos cos_wildcard] [eth_type] [time-range time_name] [ace­priorityindex] Action Add a permit filtering entry. MES2348Ethernet Switch Series 174 . destination destination_wildcard vlan_id cos cos_wildcard Destination address A bit mask applied to the destination MAC address of the packet. Specify configuration of time periods. The mask specifies the bits of the MAC address which should be ignored. The mask specifies the bits of the CoS that should be ignored. the mask can be used to specify an MAC address range that will be filtered out. to create an ACL named MESmac. The bit mask applied to the source MAC address of the packet. According to the mask the last 32 bits of the MAC address will not be used in analysis.147. Main command parameters Parameter permit deny source source_wildcard Value Action Permit Deny Source address Create a ‘permit’ filtering rule in the ACL. The mask specifies the bits of the MAC address which should be ignored.0. MES2324.хх to a filtering rule. In order to select the complete range of parameters except dscp and ip-precedence. Class of service (CoS) for packets filtering. In order to add all MAC addresses beginning from 00:00:02:AA. in order to use CoS 6 and 7 in a filtering rule.192.

All frames exceeding the threshold will be dropped.2000) packets per second. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console (config)# Table 5. .filter out TCP packets with destination port 2140 and source port 1024. Delete a 'deny' rule.filter out UDP packets with destination port 31337 and source port 1024.194. If the log-input keyword is specified. Specify a threshold for syn requests for a specific IP address/network. Restore the default value.invasor-trojan . MES3324. Drop/allow certain types of traffic that is commonly used by malware: .fragmented . broadcast.ICMP traffic.stacheldraht .28 DoS attack protection configuration This type of commands is used to block certain common types of DoS attacks. MES2324. Ethernet or port group interface configuration mode commands.filter out TCP packets with source port 16660. . MES2348Ethernet Switch Series 175 .fragmented packets. If the disable-port keyword is specified. 5. Disable the security-suite command class. Enable the security-suite command class. Configuration commands for interface protection from DoS attacks.syn packets.deny {any | source sourcewildcard}{any | destination destination_wildcard} [vlan vlan_id] [cos cos cos_wildcard] [eth_type] [time-range time_name] [disable-port | log-input] [ace­priority index] Add a deny filtering entry. multicast). mask: mask in the form of IP address or prefix Action Creates a rule denying traffic that match the criteria.. mask: mask in the form of IP address or prefix rate: (199.back-orifice-trojan .195. the physical interface receiving the packet will be disabled. . . a message will be sent to the system log. . MES5324. DoS attack protection configuration commands Parameter security-suite deny martian-addresses [reserved] {add | remove} ip_address security-suite deny syn-fin security-suite dos protect {add | remove} {stacheldraht |invasor­trojan | back­orifice-trojan} security-suite enable no security-suite enable Value ip_address: IP address - - -/disabled Action Block frames with invalid (Martian) IP source addresses (loopback. The packets that meet the entry's conditions will be blocked by the switch.icmp . Command security-suite deny {fragmented | icmp | syn} {add | remove} {any | ip_address [mask]} no security-suite deny {fragmented | icmp | syn} security-suite dos syn­attack rate{any | ip_address [mask]} no security-suite dos syn-attack{any | ip_address [mask]} Value ip_address: IP address. ip_address: .syn . Command line prompt in the Ethernet or port group interface configuration mode is as follows: console (config-if)# Table 5. Drops tcp packets that have both SYN and FIN flags.IP address.

Delete the template assignment before deleting the strategy template with the following command: no police aggregate aggregate-policer- MES5324. Applicable only for the QoS advanced mode. A configuration template cannot be deleted if it is used in the policy map strategy. .32) characters no policy-map policy_map_name qos aggregatepoliceraggregate_policer_n ame committed_rate_kbps excess_burst_byte [exceed­action {drop | policed-dscp-transmit}] 1.32) characters The match-all option is used by default Action Enable QoS in the switch. . the first correct rule of the list will be used..1 QoS Configuration Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5. 2. Applicable only for the QoS advanced mode.the average traffic rate. The list of criteria may have one or two rules.any criterion from this list can be met.policed-dscp-transmit . Enter the traffic classification strategy configuration mode. By default.32) characters. e. Enter the traffic classification criteria configuration mode.committed burst size in bytes. MES2348Ethernet Switch Series 176 . no class-map class_map_name policy-map policy_map_name Remove a list of traffic classification criteria. This method may cause some issues with high traffic conditions because the device will ignore all packets which are not included into the FIFO queue buffer. Algorithm's parameters are the incoming rate (CIR) of markers to the "bucket" (CIR) and the "bucket" size (CBS).QoS basic mode. Remove a traffic classification rule. 2.QoS advanced configuration mode that provides all QoS configuration commands.29 Quality of Services (QoS) All ports of the switch use the FIFO principles for queuing packets: first in .first out.29. such packets will be permanently lost. .if the "bucket" is full. .all criteria from this list must be met.committed-burst-byte . This rate is assured for data transmission. 1.basic .. This can be solved by organizing queues by traffic priority. . i.19.match-any .advanced . 5..196. Global configuration mode commands Command Value/Default value qos [basic| advanced] -/basic classmapclass_map_name[matc h-all | match-any] class_map_name: (1. the DSCP value will be overwritten. . MAC). Create a list of criteria for traffic classification.173. MES3324.match-all . Create a traffic classification strategy. The “marked bucket” algorithm is used to reduce the bandwidth.57982058) kbps. excess_burst_byte: (3000. The algorithm decides whether to send or drop the packet.960) bytes Define a configuration template that limits bandwidth while guaranteeing a certain data transfer rate.committed-rate-kbps . The QoS mechanism (Quality of Service) implemented in the switches allows organisation of 8 queues by packet priority depending on the type of transferred data. the policy-map value is set to DSCP = 0 for IP packets and CoS = 0 for tagged packets. If it has two rules that specify different ACL types (IP. .5.. . policy_map_name: (1.a packet will be drop if the "bucket" is full. committed_rate_kbps: (3..drop . Only one traffic classification strategy per direction is supported. aggregate_policer_name: (1. MES2324.

. Example: 0: all queues are equal. Set the default value. Set the default value. The changes will take effect after the device is restarted. queue 4 DSCP: (32-39).dscp_list . Specify the transmit queue weights used in the WRR (Weighted Round Robin) mechanism. Applicable only for the QoS advanced mode. . If N is not 0. Applicable for the qos basic mode only. Set the default value.queue 1 CoS = 2 .weight 8 no wrr-queue bandwidth priority-queue out num­of­queues number_of_queues weight: (0.define a new DSCP value.dscp .63) The table of repeated marking is empty by default. The WRR weight will be ignored for a priority queue. .8) The default algorithm for queue processing is “strict priority”. Enable WRTD. Delete a channel rate configuration template.63) dscp-mark-down: (0...dscp_list . Set the default values.. MES3324. no priority-queue out num­of­queues qos wrr-queue wrtd WRTD is disabled by default. 1: 7 lowest queues will be used in WRR. the 7th and the 8th ones will not. Set the number of priority queues.. . queue 6 DSCP: (48-55).queue 3 CoS = 3. MES2348Ethernet Switch Series 177 .queue 7 CoS = 7 . the 8th one will not. queue 3 DSCP: (24-31).queue 2 CoS = 0 . i. DSCP values remain the same for all ingress packets. MES2324. no qos wrr-queue wrtd qos map policed-dscp dscp_list to dscp_mark_down dscp-list: (0.. Set correspondence between DSCPs of ingress packets and queues. Set the switch trusted mode in the QoS basic mode (CoS or DSCP). no qos map policed-dscp [dscp_list] qos map dscp-queue dscp_list to queue_id dscp-list: (0.8).queue 4 CoS = 4 .define up to 8 DSCP values separated by spaces.8) Default values: DSCP: (0–7).cos . number-of-queues: (0. Disable WRTD. queue 2 DSCP: (16-23).255)/1 The default weight of any queue is 1..name. . queue 7 DSCP: (56-63).63) queue-id: (1.e. queue 8 no qos map dscp-queue [dscp_list] qos trust cos­dscp} {cos|dscp | -/cos Define CoS values for outgoing traffic queues. Populate the table of DSCP remarking. Applicable only for the QoS advanced mode. . no qos aggregate-policer aggregate_policer_name wrr-queue cosmapqueue_id cos1…cos8 no wrr-queue cos-map [queue_id] queue-id: (1.sets classification of ingress IP packets by DSCP and non-IP packets by CoS.queue 8 wrr-queue bandwidthweight1. queue 1 DSCP: (8-15).cos-dscp .define up to 8 DSCP values separated by spaces. cos1…cos8: (0.queue 5 CoS = 5 . MES5324. Set the default values. then N highest queues will be considered as priority queues (WRR will be ignored). 2: 6 lowest queues will be considered in WRR.queue 6 CoS = 6 . queue 5 DSCP: (40-47). The default values: CoS = 1 . The default CoS value is used for untagged packets.sets DSCP classification of ingress packets.7).. Set new DSCP value for ingress packets with specified DSCPs..sets CoS classification of ingress packets..dscp_mark_down .

. rate: (3.Traffic classification criteria configuration mode commands Command Value match access-group acl_name acl_name: (1..e. Set the default values. The table of changes allows DSCP values of IP packets to be reset to new values. DSCP values remain the same for all ingress packets. Remove a traffic classification criterion. out-dscp: (0. Commands for traffic classification strategy edit mode Command Value class class_map_name [access-group acl_name] class_map_name: (1. .define traffic filtering rules according to the classification ACL. Applicable for the qos basic mode only.VLAN number.57982058) kbps. Specify traffic filtering rules according to the classification ACL. The table of DSCP changes can be used only for ingress traffic on trusted ports.burst . Traffic classification strategy configuration mode commands Command line prompt of the traffic classification strategy configuration mode is as follows: console# configure console(config)# policy-map policy-map-name console(config-pmap)# Table 5.out-dscp . Applicable only for the QoS advanced mode.rate .. .. i. Disable the use of the DSCP changes.63).. .19173960) bytes/128 kb Set the default values.32) characters no match access-group acl_name Action Add a traffic classification criterion. .. Applicable for the qos basic mode only..in-dscp .average traffic rate (CIR).acl_name . Apply the table of DSCP changes to the set of DSCP-trusted ports. Set a rate limiting for the specified VLAN.committed burst size in bytes..32) characters acl_name: (1. Populate the table of DSCP remarking.198.no qos trust qos dscp-mutation - no qos dscp-mutation qos map dscp-mutation in_dscp to out_dscp no qos map dscp-mutation [in_dscp] rate-limit vlan vlan_id rate burst no rate-limit vlan vlan_id in-dscp: (0.197.. .vlan_id . burst: (3000. MES3324. The optional 'access-group' parameter is mandatory for creating a new classification rule.32) characters Action Define a traffic classification rule and enter the policy-map class configuration mode. use the service- MES5324. . Remove the rate limiting. In order to use the policy-map strategy configuration for an interface.define up to 8 DSCP values separated by spaces.63) The table of changes is empty by default.define up to 8 DSCP values separated by spaces. Traffic classification criteria configuration mode commands Command line prompt of the traffic classification criteria configuration mode is as follows: console# configure console(config)# class-mapclass-map-name[match-all | match-any] console(config-cmap)# Table 5.4094). MES2324. Set new DSCP values for ingress packets with specified DSCPs. MES2348Ethernet Switch Series 178 . vlan_id: (1.

committed_rate_kbps .. MES2348Ethernet Switch Series 179 . the rate of token arrival to the "bucket" (CIR) and the "bucket" size (CBS). Assigns a configuration template to a traffic classification rule that limits bandwidth while guaranteeing a certain data transfer rate.drop . Applicable only for the QoS advanced mode.policed-dscp-transmit . Remove a class-map traffic classification rule from the policymap strategy. The algorithm decides whether to send or drop the packet.committed burst size in bytes. MES3324. MES2324. the DSCP value will be overwritten. committed-burst-byte: (3000. Commands of the classification rule configuration mode Command Value trust By default..a packet will be dropped if the bucket is full. new-cos: (0. no trust set {dscp new_dscp|queue queue_id|cosnew_cos} new-dscp: (0. Set new values for an IP packet.19173960) bytes aggregate-policer-name: (1.committed_burst_byte . . Limit bandwidth to a specific transfer rate. queue-id: (1. no class class_map_name Classification rule configuration mode commands Command line prompt in the classification rules configuration mode is as follows: console# configure console(config)# policy-map policy-map-name console(config-pmap)# class class-map-name [access-group acl-name] console(config-pmap-c)# Table 5.12582912) kbps. The “marked bucket” algorithm is used to reduce the bandwidth.policy command in the interface configuration mode. Set the default value.. This rate is assured for data transmission. .63).32) characters police agregate aggregate_policer_name no police Action Defines the trusted mode for a certain type of traffic as per global trusted mode. The policy-map strategies that use the ‘set‘ and ‘trust’ commands or have an ACL classification are assigned only to outgoing interfaces. Remove a channel rate configuration template from the traffic classification rule... The ‘set’ and ‘trust’ commands are mutually exclusive for the same policy-map strategy. Applicable only for the QoS advanced mode.the average traffic rate.8).. Applicable only for the QoS advanced mode. .7) no set policecommitted_rate_kbps committed_burst_byte [exceedaction{drop|policed-dscptransmit}] committed-rate-kbps: (3.199. the trusted mode is not set.if the bucket is full. Delete new values of an IP packet. Ethernet or port group interface configuration mode commands Command line prompt in the Ethernet or port group interface configuration mode is as follows: console(config-if)# MES5324. Applicable only for the QoS advanced mode. .

committed burst size in bytes. Set the default value. Command service-policy {input|output} policy_map_name noservice-policy {input | output} traffic-shape committed_rate [committed_burst] no traffic-shape traffic-shape queue queue_idcommitted_rate [committed_burst] no traffic-shape queue queue_id qos trust Value Action Assign a traffic classification strategy to an interface.average traffic rate.. kbps. MES2324. Display the trust mode in the basic mode. Applicable for the qos basic mode only..769. committed-rate: (36. policy_map_name: (1.10000000) kbps.8/0/1.. . Valid for the qos advanced mode only. . queues WRR weight.19173960) bytes/128 kb qos cos default_cos Set CoS as the default value for a port to (the CoS value that is used for all untagged traffic on the interface). committedburst:(4096.. -/enabled no qos trust rate-limit rate [burstburst] no rate-limit Disable the basic QoS for the interface. group: (1.1000000) kbps. Display interface QoS parameters. Remove a traffic rate limit for the transmit queue through the interface.committed_burst .gi_port . . MES2348Ethernet Switch Series 180 . kbps. .committed_rate .16762902) bytes queue-id: (0.1000000) kbps.average traffic rate.port group number.committed burst size in bytes...buffer settings for interface queues. ... Ethernet or port group interface configuration mode commands..VLAN number. Display traffic classification rules. fo_port: (1. Display average rate and bandwidth limit configurations for traffic classification rules.8/0/1.. queue class of service.. committed-rate: (64. Remove a traffic shaping for an interface.7)/0 no qos cos EXEC mode commands Command line prompt in the EXEC mode is as follows: console# Table 5.. EXEC mode commands Command show qos show class-map [class_map_name] show policy-map [policy_map_name] show qos aggregate­policer[aggregate_policer_name] show qos interface [buffers | queuing | policers | shapers][gigabitethernet gi_port | tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group | vlan vlan_id] Value/Default value class_map_name: (1.fo_port .Ethernet g1 interface number.Ethernet interface XG1-XG24 number.vlan_id . . .group .traffic classification strategies configured MES5324. .buffers . committed-burst: (4096. Applicable only for the QoS advanced mode..8/0/1. Set the rate limiting..queueing ...te_port .queue processing algorithm (WRR or EF).. rate: (100. te_port: (1.200. . burst: (3000.32) characters Remove a traffic classification strategy from an interface.Ethernet XLG1-XLG4 interface number.Table 5.committed_rate .32) characters policy_map_name: (1. .32) characters gi_port: (1.020) bytes Set a traffic shaping for an interface.policers . vlan_id: (1.. Limit traffic rate for the transmit queue through the interface. . Remove the rate limiting.32) characters aggregate-policer-name: (1. . MES3324. Applicable only for the QoS advanced mode.48).8)..8).201.16..committed_burst .24). and EF priority.4094) Action Display the QoS mode configured for the device. Enable the basic QoS for the interface. Display lists of criteria used for traffic classification.4). default_cos(0.

32) characters QoS statistics is disabled by default. show qos map [dscp­queue| dscp-dp| policed-dscp| dscp­mutation] - Examples of command usage  Enable the QoS advanced mode. Enable QoS statistics for transmit queues. Divide traffic into queues: the first queue is for DSCP 12 packets. te_port: (1.202...2). gi_port: (1. Disable QoS statistics on bandwidth limits.000 bytes. The eighth one is a priority queue.dscp-dp . Command qos statistics aggregate­policer aggregate_policer_name no qos statistics aggregate­policer aggregate_policer_name qos statistics queuesset {queue | all} {dp|all}{gigabitethernet gi_port | tengigabitethernet Value/Default value Action Enable QoS statistics on bandwidth limits. . .8/0/1. . MES5324.8).table of correspondence between DSCP and queues.policed-dscp .define drop priority.set . Use the strategy for Ethernet 14 and 16 interfaces.table of DSCP remarking. the second one is for DSCP 16 packets. .for the interface. MES2324.define a set of counters.dscp-queue . Create a traffic classification strategy for ACL that allows transfer of TCP packets with DSCP 12 and 16 and sets the following rate limitations: average rate 1000 kbps.24). . set: (1. console# console# configure console(config)# ip access-list tcp_ena console(config-ip-al)# permit tcp any any dscp 12 console(config-ip-al)# permit tcp any any dscp 16 console(config-ip-al)# exit console(config)# qos advanced console(config)# qos map dscp-queue 12 to 1 console(config)# qos map dscp-queue 16 to 2 console(config)# priority-queue out num-of-queues 1 console(config)# policy-map traffic console(config-pmap)# class class1 access-group tcp_ena console(config-pmap-c)# police1000 200000 exceed-actiondrop console(config-pmap-c)# exit console(config-pmap)# exit console(config)# interface tengigabitethernet 1/0/14 console(config-if)# service-policy input console(config-if)# exit console(config)# interface tengigabitethernet 1/0/16 console(config-if)# service-policy input console(config-if)# exit console(config)# 5.specifies the transmit queue.DSCP-to-DSCP changes table. queue: (1. .8/0/1. Global configuration mode commands. low).queue .shapers .traffic shaping. . .. MES3324..table of correspondence between DSCP tags and drop priority (DP).. dp: (high.dp .48)..dscp-mutation . Display information on fields replacement in packets which are used by QoS.. threshold 200. MES2348Ethernet Switch Series 181 .2 QoS Statistics Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5.29. aggregate-policername:(1.

policy-map_name . Global configuration mode commands Command Value/Default value Action prefix_length: (0. distance (1. Default value: set 1: all priorities.. low drop priority. EXEC mode commands Command line prompt in the EXEC mode is as follows: console# Table 5.204.netmask prefix (the number of units in the mask). Command qos statistics policer policy_map_name class_map_name no qos statistics policer policy_map_name class_map_name Value policy_map_name: (1..7. MES2348Ethernet Switch Series 182 . Ethernet or port group interface configuration mode commands Command line prompt in the Ethernet or port group interface configuration mode is as follows: console(config-if)# Table 5. Disable QoS statistics for the interface. Display QoS statistics. all queues. 172. . .traffic classification strategy.class_map_name .prohibits routing to the target network via all gateways.30...30 Routing protocol configuration 5.route weight.32). Action Enables QoS statistics for the interface. Routing is performed without using any routing protocols.list of criteria used for traffic classification. Ethernet interface configuration mode commands. . Disable QoS statistics for outgoing queues.4). Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# Table 5. EXEC mode commands.prefix – target network (e.g.0).. Delete a rule from the static routing table.255)/1 Create a static routing rule. MES2324. MES3324. .distance .1 Static Routing Configuration Static routing is a type of routing when paths are specified in an explicit form when configuring the router. ip route prefix {mask|prefix_length}{gateway [metricdistance]|reject­route} ip route prefix MES5324.reject-route .205. high drop priority.203.8/0/1.0.gateway – the gateway for target network access. .32) characters QoS statistics is disabled by default.32) characters class_map_name: (1. . . all queues.prefix_length .te_port | fortygigabitethernet fo_port|all} no qos statistics queues set fo_port: (1. . 5. set 2: all priorities. Command Value/Default value clear qos statistics show qos statistics - Action Clear QoS statistics.mask – network mask (in decimal system format)..

1. 5.{mask|prefix_length}{gateway |reject­route} EXEC mode commands Command line prompt in the EXEC mode is as follows: console# Table 5. Vlan 1 Indicates the interface which is used by the route to the network.0/24 is directly connected.3.0. MES2348Ethernet Switch Series 183 .9.1.connected.9.0. 00:39:08 Indicates the time of last update of the route (hours. the lower the reliability of the source).30. EXEC mode commands Command Value/Default value Action - Display routing table which satisfies the specified criteria. 19:51:18.1.2 RIP Configuration RIP (Routing Information Protocol) is an internal protocol that allows routers to dynamically update routing information by requesting it from the neighbour routers. – static – static route specified in the routing table. the RIP sends periodic updates between neighbours thus building a network topology.2 Indicates IP address of the next router on the route to the network. second value is a metric of the route. via 10. [5/2] First value in brackets stands for administrative distance (degree of reliability of a router. minutes.2. Backup Not Active S 172.0/24 [5/2] via 10.1. 10. Vlan 12 S 10.2.e. S – Static (static route specified in the routing table). seconds). Description of command result Field Description С Display a route origin: C .1. Vlan 12 Table 5. 17:19:18.2.1/32 [5/3] via 10.Connected (the route is taken from directly connected and running interface).0.0. show ip route[connected | static | address ip_address [mask|prefix_length][longerprefixes]] Examples of command usage  Display the routing table: console# show ip route Maximum Parallel Paths: 2 (4 after reset) Codes: C .1.static C 10. The switch supports RIP v2.0/24 [5/3] via 10. i. – connected – connected route. MES3324.1.206. S .0.0/24 Network address. MES2324. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# MES5324.9.1.207.1. the higher the value. As a distance-vector protocol. Vlan 1 S 10. a route taken from directly connected and running interface. This is very simple protocol based on the application of the distance-vector routing. Each update contains information about distance to all networks.

Enable routing via RIP on this interface. offset: (1.208. . match: (internal. Restore the default value. Forbids announcing of static routes via RIP.B.B.15. Global configuration mode commands Command Value/Default value router rip no router rip - Action Enter to RIP configuration mode.metric transparent – means that metrics from routing table will be used.15)/1 no default-metric network A. RIP configuration mode commands Command Value/Default value default-metric [metric] metric: (1. Remove RIP global configuration. Set the default value. Disable routing via RIP.15)/1.announce routes after they are filtered by the specified route-map. transparent)/1. MES3324. Set the default value.32) characters -/enabled -/enabled -/route is not generated Action Specify the metric value that will be used when announcing routes that are obtained by other routing protocols.type . To set the default value. Disable routing updates..D: Interface IP address no redistribute {static | connected} [metric transparent] redistribute ospf [metric metric| match type | route-map route_map_name] shutdown no shutdown passive-interface no passive-interface default-information originate no default-information originate metric: (1. .15)/1 metric: (1. Specify the IP of the interface which will be involved in routing. Enable routing updates. IP interface configuration mode commands Command line prompt is as follows: console(config-if)# Table 5.C. Enable routing via RIP.209.announce only for the specified types of OSPF routes. do not specify this parameter. .D redistribute {static | connected } [metric transparent] A. Set the default value.prohibits the use of metrics from routing table. external-2).no parameters – means that default-metric will be used when announcing a route. Remove the IP of the interface that will be involved in routing. Set the default value. . Add offset to the metric.B.route-map_name . Allow announcing of OSPF routes via RIP. IP interface configuration mode commands Command ip rip shutdown no ip rip shutdown ip rip passive-interface no ip rip passive-interface ip rip offset offset no ip rip offset ip rip default-information originate metric no ip rip default­information Value/Default value -/enabled Sending updates is disabled by default.D no network A. Allow announcing of routes via RIP.C. Disable sending updates in the interface. external1.metric transparent . Assign a metric to a default router transmitted via RIP. MES2324.C. .. Generate default route.. MES2348Ethernet Switch Series 184 ..Table 5. RIP configuration mode commands Command line prompt is as follows: console(config-rip)# Table 5.. MES5324.210. The function is disabled by default Action Disable routing via RIP on this interface. route_map_name: (1.

23.3 OSPF and OSPFv3 configuration OSPF (Open Shortest Path First) — dynamic routing protocolthat is based on a link-state technology and uses Dijkstra's algorithm to find the shortest route.16.database – information about RIP settings. . Assign a standard IP ACL to filter announced routes. An OSPF instance is configured by specifying its ID (process_id). Set the default value.23..peers – information of a network member.OSPF Protocol is a protocol of an internal gateway (IGP). Privileged EXEC mode commands Command line prompt in the Privileged EXEC mode is as follows: console# Table 5.32) characters Set the default value. Enable authentication in RIP and define its type: . Example use of commands Enable RIP for subnetwork 172.1 сonsole(config-rip)# interface ip 172. The device supports multiple independent instances of OSPF processes operating simultaneously. Privileged EXEC mode commands Command show ip rip [database | statistics | peers] Value - Action View information about RIP routing: . .1) and MD5 authentication via mykeys set of keys: сonsole# сonsole# configure сonsole(config)# router rip сonsole(config-rip)# network 172.32) characters Set the default value. Set the default value.16. Specify a set of keys that can be used for authentication. OSPF protocol distributes information on available routes betweenroutersin a singleautonomous system..16.30.23.16) characters acl_name: (1. key_chain: (1. .0 (IP address on switch 172.16..originate ip rip authentication mode {text | md5} no ip rip authentication mode ip rip authentication key­chain key_chain no ip rip authentication key-chain ip rip authentication-key clear_text no ip rip authentication­key ip rip distribute-list access acl_name no ip rip distribute-list Authentication is disabled by default. MES3324.text – clear text authentication.23. Specify a key for a clear text authentication.211.statistics – statistics.1 сonsole(config-if)# ip rip authentication mode md5 сonsole(config-if)# ip rip authentication key-chain mykeys 5. MES2324. MES2348Ethernet Switch Series 185 .md5 – MD5 authentications. Global configuration mode commands Command line prompt in the global configuration mode is as follows: console(config)# MES5324. clear_text: (1.

212. .Table 5.metric .nssa-only . -inter-as .import subnetworks. .set the value of nssa-only for all imported routes. MES5324.65535)/1 no router ospf [process_id] ipv6 router ospf [process_id] no ipv6 router ospf [process_id] ipv6 distance ospf {inter­as |intra-as} distance process_id: (1. .for external autonomous systems -intra-as .metric-type type-2 import with a stamp 'OSPF external 2'.metric . name: (1.. Disable a specific function Import static routes to OSPF.65535)/1 distance: (1.. OSPF process mode commands Command line request in the OSPF process configuration mode: console(router_ospf_process)# console(ipv6 router_ospf_process)# Table 5..match internal . Enable routing via OSPFv3 protocol.. . . .255) characters no redistribute connected [metric metric] [route-map name] [subnets] redistribute static [metric metric] [route-map name] [subnets] metric: (1.name .match external-1 .65535).255) no ipv6 distance ospf {inter-as |intra-as} Action Enable routing via OSPF.32) characters. MES2348Ethernet Switch Series 186 . Disable routing via OSPFv3 protocol..set the metric for imported routes.subnets . no redistribute ospf [id] [nssa-only] [metric metric] [metric-type {type-1 | type2}] [route-map name] [match {internal | external-1 | Action Allow announcing of connected routes: .255) characters no redistribute static [metric metric ] [route-map name] [subnets] redistribute ospf id [nssa­only] [metric metric] [metric-type {type-1 | type2}] [route-map name] [match {internal | external-1 | external-2}] [subnets] id: (1. . OSPF process configuration mode commands Command Value/Default value redistribute connected [metric metric] [route-map name ] [subnets] metric: (1..213.import routes of the 'OSPF external 2' type.allows you to import subnetworks. Specify the process ID. Set administrative distance for OSPF and OSPFv3 routes.match external-2 .metric-type type-1 – import with a stamp 'OSPF external 1'.. Disable a specific function.65535). . . Import routes from one OSPF process to another OSPF process: .apply the specified import policy that allows filtering and changes in imported routes.apply the import policy that allows filtering and changes in imported routes. . MES2324. Disable a specific function. .set the metric for imported routes.65535). Specify the process ID.name .subnets . Disable routing via OSPF.name . name: (0.65535).inside an autonomous system Return default values.import routes within an area. metric: (1. name: (1. Global configuration mode commands Command Value/Default value router ospf [process_id] process_id: (1. .a metric for imported routes..allows you to import subnetworks.. MES3324..metric .subnets .the name of the import policy that allows filtering and changes in imported routes.import routes of the 'OSPF external 1' type. .

D [shutdown] no network ip addr default-metric metric no default-metric area A. Assign router ID that uniquely identifies the router within an autonomous system.B.allows you to import subnetworks.without authentication.D virtual-link A.transmit-delay .dead-interval .C.C.D stub [no­summary] no area A.C.D no router-id A.C.D: router ID in the IPv4 address format A.256) characters A.C. Create summary route on the area boundary (for IPv4).D nssa [no­summary] [translator­stability­interval interval] [translatorrole{always|candidate}] no area A.65535) A. Delete a virtual connection.B.metric .B. Enable authentication for all interfaces for a given area (for IPv4): .B.C.constant forced mode. . .D nssa area A..C.authentication with encryption. -translator-role .D metric: (1.C.C.C.null . Disable authentication. -candidate .B.D [hello-interval secs] [retransmit-interval secs] [transmit-delay secs] [dead­interval secs] [null | message-digest] [key-chain word] no area A.do not accept information about external summary routes inside the NSSA area. . (for IPv4) Set the default value.C. -/disabled A. word: (1. Set the default value. Set the default value.C.D network ip_addrareaA.B.B.set the hello interval. Set the default value.subnets .a metric for imported routes.interval – set the time interval (in seconds) during which the translator will continue to operate after detecting that another edge router became a translator.B..B.name .set the translator mode on the router (translation Type-7 LSA to Type-5 LSA): -always .C.message-digest . . A.D authentication [message-digest] no area A.set the delay..D [hello-interval secs] [retransmit-interval secs] [transmit-delay secs] [dead­interval secs] [null | message-digest] [key-chain word] area A. Set the NSSA type for the specified area.B.D virtual-link A.B. Set the “stub” type for the specified area. Set the metric for an OSPF route.C.D: router ID in the IPv4 address format ip_addr: A..D stub area A. Enable compatibility with RFC 1583 (for IPv4 only) Disable compatibility with RFC 1583.D default-cost area A. Create virtual connection from the main area to other remote areas for which there are areas in between.D: router ID in the IPv4 address format.word .C.C.the name of the import policy that allows filtering and changes in imported routes.65535) seconds.D default-costcost no area A. Delete the IP address of the interface. .C. cost: positive integer A.C. . Secs: (1.do not send information about external summary routes. .no-summary . Enable (disable) an instance of OSPF on the IP interface (for IPv4). . no redistribute rip [metric metric ] [route-map name] [subnets] compatible rfc1583 no compatible rfc1583 router-id A.B.B.D: router ID in the IPv4 address format.participation in translation selection mode.C.C.D: router ID in the Import routes from RIP to OSPF.D range -/enabled A. Disable the function. An area is a set of networks and routers that have the same ID.retransmit-interval .B.hello-interval .C.D: router ID in the IPv4 address format.B.B. Disable a specific function.C.B.B.C.C. interval: positive integer.set the interval between repeated transmission.no-summary . name: (1. .D: router ID in IPv4 address format.B. .B.with MD5 encryption. ..B.B. MES3324. MES5324. MES2324. Set the cost of a summary route used for stub and NSSA areas. .D authentication [message­digest] area A.65535).B.external-2}] [subnets] redistribute rip [metric metric ] [route-map name] [subnets] metric: (1.set the dead interval.B. MES2348Ethernet Switch Series 187 .255) characters.message-digest . .password for authentication.

Set the default value.D mask: E.D filter-list prefix prefix_list in no area A..D: router ID in the IPv4 address format..B. MES2348Ethernet Switch Series 188 .null – do not use authentication. Set the default value.C.B.32) characters Authentication is disabled by default key: (1. Remove a filter that applies to routes announced from the specified area to other areas (for IPv4). Set the default value. Set the time interval in seconds after which the router sends the next hello-package from the interface.D filter-list prefix prefix_list in area A.255)/1 Action Disable routing via OSPF on the interface. prefix_list: (1.key-chain – name of the set of keys created by the “key chain” command. Enable authentication in OSPF and specify its type: . IP interface configuration mode commands Command line prompt is as follows: console(config-ip)# Table 5.. -/enabled shutdown no shutdown -/enabled .do not announce the created route. Set the password for authentication of the neighbours available through the current interface. Enable an OSPF process.C.32) characters A. minimal – 1 sec interval: (1.B.C.B. dead-interval equals 4 hello packet intervals.D: router ID in the IPv4 address format. Specify the channel status metric that represents the “value” of data transfer via the link. Set the default value.network_address mask [advertise | not-advertise] no area A..This password will be added as an authentication key to the header of each OSPF packet going to that network.F.C...B.D filter-list prefix prefix_list out area A. Set the time interval in seconds after which the neighbour will be considered as “dead”.65535) seconds.announce the created route.advertise . This interval must be a multiple of hello-interval.B.G.8) characters no ip ospf authentication­key ip ospf cost cost cost: (1. MES3324. Set a filter that applies to routes announced to the specified area from other areas (for IPv4).D range network_address mask area A.D filter-list prefix prefix_list out no area A.H A. Assign priority of the router which is used for selection of DR MES5324.C.B.214.message-digest – MD5 authentication.B..B.32) characters A. Disable an OSPF process for an area. . Set the default value.C. .C.C. Set a filter that applies to routes announced from the specified area to other areas (for IPv4).not-advertise .D shutdown no area A.D shutdown IPv4 address format. . Disable an OSPF process.C.B.. Enable routing via OSPF on the interface. prefix_list: (1.65535)/10 seconds -/enabled -/disabled priority: (0. Allow IP interface to exchange protocol messages with neighbours. Prohibit an IP interface from exchanging protocol messages with neighbours via the specified physical interface. MES2324.D: router ID in the IPv4 address format.C. Disable MTU verification. IP interface configuration mode commands Command ip ospf shutdown no ip ospf shutdown ip ospf authentication[key­chain key_chain|null |messagedigest] no ip ospf authentication [key-chain] ip ospf authentication-key key Value/Default value -/enabled key_chain: (1. Remove a filter that applies to routes announced to the specified area from other areas (for IPv4).B. Delete the password. As a rule.C. Enable an OSPF process for an area. Delete a summary route. network_address: A.65535)/10 no ip ospf cost ip ospf dead-interval {interval |minimal} no ip ospf dead-interval ip ospf hello-interval interval no ip ospf hello-interval ip ospf mtu-ignore no ip ospf mtu-ignore ip ospf passive-interface no ip ospf passive-interface ip ospf priority priority interval: (1.

Assign priority of the router which is used for selection of DR and BDR.key-chain – name of the set of keys created by the “key chain” command. Set the IPv6 address of the neighbour.65535)/10 no ipv6 ospf cost ipv6 ospf dead-interval interval no ipv6 ospf dead-interval ipv6 ospf hello-interval interval no ipv6 ospf hello-interval ipv6 ospf mtu-ignore no ipv6 ospf mtu-ignore ipv6 ospf neighbor {ipv6_address} ipv6 ospf neighbor {ipv6_address} Ipv6 ospf priority priority interval: (1.65536). Specify the channel status metric that represents the “value” of data transfer via the link. Set the default value. Specify an approximate time in seconds required to transfer a channel status packet. Set the default value. Enable routing via OSPFv3 protocol on the interface. .. MES2324. Set the time interval in seconds after which the router sends the next hello-package from the interface. Enable authentication in OSPF and specify its type: . dead-interval equals 4 hello packet intervals.65535)/1 seconds and BDR.text – clear text authentication. Set the default value.65535)/5 seconds no ipv6 ospf retransmit­interval ipv6 ospf transmit-delay delay no ip ospf transmit-delay delay: (1.. Database Description package or Link State Request packages). Table 5. Set the default value. Specify an approximate time in seconds required to transfer a channel status packet. Set the default value.65535)/1 seconds Action Disable routing via OSPFv3 on the interface. This interval must be a multiple of hello-interval. MES3324... Set the default value.g..215.no ip ospf priority ip ospf retransmit-interval interval interval: (1.255)/1 no ipv6 ospf priority ipv6 ospf retransmit-interval interval interval: (1. As a rule.65535) seconds interval: (1. Privileged EXEC mode commands Command line prompt in the Privileged EXEC mode is as follows: console# MES5324... Set the default value. Specify a time interval in seconds after which the router resends a package for which it hasn’t received a delivery confirmation (e. VLAN and Ethernet interface configuration mode commands Command ipv6 ospf shutdown no ipv6 ospf shutdown ipv6 ospf process area area [shutdown] Value/Default value -/enabled process: (1. Set the default value. Enable (disable) an OSPF process for a specific area. Set the default value.65535)/10 seconds -/disabled - priority: (0... area: router ID in the IPv4 address format Ipv6 ospf cost cost cost: (1. MES2348Ethernet Switch Series 189 . Set the default value. Delete the IPv6 address of the neighbour. Set the time interval in seconds after which the neighbour will be considered as “dead”.65535)/5 seconds no ip ospf retransmit­interval ip ospf transmit-delay delay no ip ospf transmit-delay delay: (1. Disable MTU verification.

. MES2324.65535)..65535) Display the status of an OSPF protocol database. MES3324.... If it is available. A. This is achieved by joining IP interfaces of the group of routers into one virtual interface which will be used as the default gateway for the computers of the network.4 Configuration of Virtual Router Redundancy Protocol (VRRP) VRRP is designed for backup of routers acting as default gateways.8). Display configuration of all OSPF interfaces.24). show {ip | ipv6} ospf [process_id] neighbor process_id: (1. group: (1..16) show {ip | ipv6} ospf [process_id] database [router | summary | as­summary] process_id: (1.. te_port: (1. MES2348Ethernet Switch Series 190 .65536) Display OSPF configurations. it always becomes a VRRP master.65536) show {ip | ipv6} ospf [process_id] interface {gigabitethernetgi_port|tengigabitethernette_port |fortygigabitethernet fo_port |portchannelgroup|vlan vlan_id|tunnel tunnel_id} process_id: (1..65536) show ip ospf [process_id] neighbor A.30.8/0/1.B.4094). the rest of routers in the group are designed for backup (VRRP backup). Privileged EXEC mode commands Command show {ip | ipv6} ospf [process_id] Value Action process_id: (1. tunnel_id: (1. fo_port: (1. Display information about OSPF neighbours with a specific address.Table 5. VRRP master is selected as per RFC 5798. Display parameters and the current status of virtual links: 5. a new master is selected. vlan_id: (1.D process_id: (1. On a channel layer the reserved interfaces have MAC address 00:00:5E:00:01:XX...D: IPадрес соседа show {ip | ipv6} ospf [process_id] interface process_id: (1.. Display configuration of a specific OSPF interface.. Ethernet.C.B. VLAN.C.8/0/1.4). Only one physical router can route the traffic on a virtual IP interface (VRRP master). The maximum number of VRRP processes is 50. The highest priority belongs to router with own IP address which matches the virtual one. where XX is the number of the VRRP (VRID) group. Display information about OSPF neighbours. VLAN and port group interface configuration mode is as follows: MES5324.216..65535) show {ip | ipv6} ospf virtual­links [process_id] process_id: (1..48). port group interface configuration mode commands: Command line prompt in the Ethernet..8/0/1. If the current master becomes unavailable. gi_port: (1..65536).

Received VRRPv2 messages are processed by the router.. Delete description of a VRRP router.support for VRRPv3 defined in RFC5798.255) vrrp vrid preempt vrid: (1. The router which is owner of the IP address of the router will take the role of a master regardless of the settings in this command. Specify the interval between master router announcements. RFC5798). MES2348Ethernet Switch Series 191 . Set the default value.. Set the default value. then all IP addresses of the virtual router are removed.254). Specify supported version of VRRP. Modes 2 and 2 and 3 will be supported in future versions of the firmware. it is rounded off down to closest seconds for VRRP Version 2 and to closest hundredths second (10 milliseconds) for VRRP Version 3.2 . Enabled by default no vrrp vrid preempt vrrp vrid priority priority no vrrp vrid priority vrrp vrid shutdown no vrrp vrid shutdown vrrp vrid source-ip ip_address no vrrp vrid source-ip vrrp vrid timers advertise {seconds | msec milliseconds} no vrrp vrid timers advertise [msec] vrrp vrid version {2 | 3 | 2&3} vrid: (1.support for VRRPv2 defined in RFC3768.. Privileged EXEC mode commands All commands are available for privileged users only. Delete the IP address of a VRRP. . with backward compatibility with VRRPv2. Specify the IP address of a VRRP router.. MES3324.. MES2324.. By default: disabled vrid: (1.. port group interface configuration mode commands Command vrrp vrid description text no vrrp vrid description vrrp vrid ip ip_address no vrrp vrid ip [ip_address ] Value/Default value vrid: (1.160 digits). Only VRRPv2 announcements are sent. without compatibility with VRRPv2 (8.. te_port: (1. By default: 1 sec -/3 no vrrp vrid version Action Add goal description or use for a VRRP router with the vrid identifier. Set the default value.217. text: (1.255).255).console(config-if)# Table 5. 100 for the rest vrid: (1. By default: 0. . and as a result of which the virtual router vrid will be removed from the device.0 seconds: (1. priority: (1.8/0/1. If the interval is set in milliseconds. Set the VRRP router priority. Ethernet. VLAN. By default: 255 for the owner of the IP address. MES5324. Set the default value.3 .0.40950).4. If no parameters are given.255). milliseconds: (50.. Set the default value. Received VRRPv3 messages are rejected by the router..support for VRRPv3 defined in RFC5798. .8/0/1. Show brief or detailed information for all or one configured virtual VRRP router.2&3 .. Disable VRRP on this interface Enable VRRP on this interface Set of the real VRRP address that will be used as the IP address of the sender for VRRP messages.255). Only VRRPv3 announces are sent.. Privileged EXEC mode commands Command Value/Default value Action show vrrp [all|brief|interface {gigabitethernet gi_port | gi_port: (1.24).48). Only VRRP version 3 is supported.218.255)...0.40). Received VRRPv2 messages are rejected by the router. Command line prompt in the Privileged EXEC mode is as follows: console# Table 5. Enable the mode in which a backup router with higher priority will try to take the role of a master from the current master router with lower priority. vrid: (1. VRRPv2 and VRRPv3 announce are sent.

. vlan_id: (1.tengigabitethernet te_port | fortygigabitethernet fo_port | port-channel group | vlan vlan_id}] fo_port: (1.brief .4094) . console(config-vlan)# interface vlan 10 console(config-if)# ip address 10.10. Examples of command usage  Set IP address 10.000 sec Preemption enabled Priority is 255 MES5324.4).1 /24 console(config-if)# vrrp 1 ip 10. MES3324.. use this address as address of virtual protocol of the router.8).0.0(default) Virtual MAC address is 00:00:5e:00:01:01 Advertisement interval is 1.1(down) Source IP address is 0.10... Enable VRRP on the VLAN interface.show brief information about all virtual routers.10. MES2348Ethernet Switch Series 192 .1 to VLAN 10.10.10.0.10. group: (1. MES2324.10. .1 console(config-if)# no vrrp 1 shutdown  Show VRRP configuration: console# show vrrp Interface: vlan 10 Virtual Router 1 Virtual Router name Supported version VRRPv3 State is Initializing Virtual IP addresses are 10.10.show information about all virtual routers including disabled ones.all .8/0/1.

To enter Startup menu it is required to interrupt loading by pressing the <Esc> or <Enter> keys within first two seconds after the autoload message appears (when POST procedure is finished). The time delay can be increased with the help of console commands Table 6. MES2324. The computer with a running TFTP server should be accessible by the switch (can be checked by executing the command ‘ping A. it allows the user to connect to the device without a password. MES2348Ethernet Switch Series 193 .6 SERVICE MENU.1. during next connection to the device. ==== Press Enter To Continue ==== <3> To exit from the menu and boot the device. Startup Menu [1] Restore Factory Defaults [2] Password Recovery Procedure [3] Back Enter your choice or press 'ESC' to exit: To exit the menu and boot the device press <3>or <esc>. MES3324. such as resetting to factory default configuration and password recovery.C. where A. press [enter] key. Reset to default configuration.D is IP address of the computer). Back 6.2 Updating firmware from TFTP server A TFTP Server shall be launched and configured on the computer from which the firmware will be downloaded. press <2>. If within 15 seconds (default value) no menu option is selected then loading of the device will continue.B.C. To recover password. press <Enter> or <Esc>.B.D’ on the switch. This procedure is used to recover a lost password. Startup menu description No <1> <2> Name RestoreFactoryDefaults Password Recovery Procedure Description This procedure is used to remove device configuration. Firmware can be updated by privileged user only. Current password will be ignored! To return to Startup menu. the password will be ignored. MES5324. CHANGE OF FIRMWARE 6.1 Startup Menu The Startup menu is used to perform specific operations. The server must have a permission to read bootloader and/or firmware files.

0.10.ros 26-Feb-2016 11:08:53 %COPY-N-TRAP: The copy operation was completed successfully Copy: 20644469 bytes copied in 00:00:59 [hh:mm:ss] The new firmware will be active after the reboot of the switch. this command is applied to the master device. If the device number is not specified. To view the current firmware version on the device.2. enter the show bootvar command: console#show bootvar Active-image: flash://system/images/mes5324-401.1 System firmware update The device loads from the system firmware file which is stored in the flash memory.source URL tftp://10. enter the show version command: console#show version Active-image: flash://system/images/mes5324-401.ros Version: 4.10.ros Version: 4. During the update a new firmware file is saved in an allocated area of memory.1/mes5324-401.10. To view information about the firmware and their activities.0. MES2348Ethernet Switch Series 194 . Command format: boot system tftp://tftp_ip_address/[directory/]filename Examples of command usage: console# boot system tftp://10.6.0. MES3324.ros Version: 4.10. When booting up.0.ros destination URL flash:// system/images/mes5324-401.1 MD5 Digest: b66fd2211e4ff7790308bafa45d92572 Date: 26-Feb-2016 Time: 11:08:56 Firmware update procedure: Copy the new firmware file to the device to the allocated memory area.1 MD5 Digest: 0534f43d80df854179f5b2b9007ca886 Date: 01-Mar-2016 Time: 17:17:31 Inactive-image: flash://system/images/_mes5324-401. MES2324.1/mes5324-401. the device launches an active system firmware file.1 MD5 Digest: b66fd2211e4ff7790308bafa45d92572 Date: 26-Feb-2016 Time: 11:08:56 MES5324.1 MD5 Digest: 0534f43d80df854179f5b2b9007ca886 Date: 01-Mar-2016 Time: 17:17:31 Inactive-image: flash://system/images/_mes5324-401.ros 26-Feb-2016 11:07:54 %COPY-I-FILECPY: Files Copy .ros Version: 4.

console# reload This command will reset the whole system and disconnect your current session. MES3324. MES5324. Do you want to continue (y/n) [n]? Confirm reboot by entering “y”. MES2324. MES2348Ethernet Switch Series 195 .

let us consider the case with three switches joined into a ring topology. 50.168. For simplicity.20.40.30. EXAMPLE OF DEVICE USAGE AND CONFIGURATION Configuration of multiple spanning trees (MSTP) MSTP is used to create multiple spanning trees for separate VLAN groups on the local network switches. a common configuration template is created.1 /24 console(config-if)# exit console(config)# spanning-tree mode mst console(config)# interface range TengigabitEthernet 1/0/1-2 console(config-if)# switchport mode trunk console(config-if)# switchport trunk allowed vlan add10. multiple MSTP trees are rebuilt.50. Below you can find a diagram illustrating logic topology of the network.APPENDIX A. Below you can find the configuration processes for the switches.50.20. MES2324. The switches are joined into a ring using ports te1 and te2. 60 joined in the second copy. 20. Let the vlan 10. which mitigates the consequences of the failure. 50. Creating a template and configuring the first switch console# configure console(config)# vlan database console(config-vlan)# vlan10. It is required that the traffic of VLAN 10. MES3324. 20.60 console(config-if)# exit MES5324.40. 30 be joined in the first copy of MSTP andthe vlan 40. Figure 25. MES2348Ethernet Switch Series 196 . 30 is transferred directly between the first and second switch. 60 is transmitted via transit through switch 3.30. which allows you to balance load. Let's assign switch 2 as the root one for the internal spanning tree (IST) where service information is transmitted. 1. and the traffic of VLAN 40. For faster configuration.60 console(config-vlan)# exit console(config)# interface vlan 1 console(config-if)# ip address192. Configuration of the multiple spanning tree protocol When one of the switches fails or the link is broken.16. This template is uploaded to a TFTP server and later is used for configuration of all switches.

MES2348Ethernet Switch Series 197 . 201 and 202: console# show running-config vlan database vlan 100-102.60 console(config-mst)# exit console(config)# do write console(config)# spanning-tree mst1priority0 console(config)# exit console#copy running-config tftp://10. In this case.conf Configuring selective-qinq Adding SVLAN This example of switch configuration demonstrates how a SVLAN 20 stamp can be added to all VLANs except for VLAN 27. Below is a switch configuration that replaces VLAN 100. it is convenient to use CVLAN spoofing function to replace typical VLANs with VLAN for the required direction.10. there is a typical configuration of access level switches.50.27 exit ! interface tengigabitethernet1/0/5 switchport mode general switchport general allowed vlan add 27 tagged switchport general allowed vlan add 20 untagged switchport general ingress-filtering disable selective-qinq list ingress permit ingress_vlan 27 selective-qinq list ingress add_vlan 20 exit Substitution of CVLAN In transportation networks the tasks of VLAN spoofing are not uncommon (for example. but user traffic. MES3324.1/mstp.30 console(config-mst)# instance2vlan40. console# show running-config vlan database vlan 20.200-202 selective-qinq list egress override_vlan 100 ingress_vlan 200 selective-qinq list egress override_vlan 101 ingress_vlan 201 selective-qinq list egress override_vlan 102 ingress_vlan 202 exit MES5324.10. MES2324. VOIP and control traffic needs to be transmitted in various VLANs to different directions).20.console(config)# spanning-tree mst configuration console(config-mst)# name sandbox console(config-mst)# instance1vlan10.200-202 exit ! interface tengigabitethernet 1/0/1 switchport mode trunk switchport trunk allowed vlan add 100-102. 101 and 102 by 200.

0 MES5324.1000.1200 console(config-vlan)#exit 3. Configure VLAN users (VID 100-124). that switch must have a source port for multicast traffic configured. MES3324. e. Multicast-TV VLAN allows for reducing carrier network load by eliminating duplication of multicast data.255. Configure user ports: console(config)#interface rangete1/0/10-24 console(config-if)# switchport mode access console(config-if)# switchport access vlan100 console(config-if)# switchport access multicast-tv vlan1000 console(config-if)# bridge multicast unregistered filtering console(config-if)#exit 4.255. Configure a control interface: console(config)# interface vlan1200 console(config-if)# ip address192. In addition. add group association: console(config)# console(config)# console(config)# console(config)# console(config)# console(config)# console(config)# … console(config)# ip ip ip ip ip ip ip igmp igmp igmp igmp igmp igmp igmp snooping snooping snooping snooping snooping snooping snooping vlan1000 vlan1000querier vlan100 vlan101 vlan102 vlan103 ip igmp snooping vlan124 6. Configure an uplink port by allowing transfer of multicast traffic.1000. Enable filtering of multicast data: console(config)#bridge multicast filtering 2. multicast-tv VLAN (VID 1000). control VLAN (VID 1200): console(config)#vlan database console(config-vlan)#vlan100-124. Application of the function assumes that user ports operate in the "access" or "customer" mode and belong to any VLAN except for a multicast-tv VLAN. when providing IPTV services. user traffic and control: console(config)# interfacete1/0/1 console(config-if)# switchport mode trunk console(config-if)# switchport trunk allowed vlan add100-124.g.100 255. Users can only receive multicast traffic from multicast-tv VLAN and cannot transfer data in this VLAN.Configuring a multicast-TV VLAN The Multicast-TV VLAN function makes it possible to use one VLAN in carrier network to transfer multicast traffic and deliver it to users even if they are not members of this VLAN.1200 console(config-if)#exit 5.168. which must be a member of multicast-tv VLAN.33. Configuration example of the port in the access operation mode 1. MES2324. Configure IGMP snooping globally and on interfaces. MES2348Ethernet Switch Series 198 .

168. MES3324.255. Configure IGMP snooping globally and on interfaces.1200 console(config-vlan)#exit 3. MES2324.100 255. Configure a user port: console(config)#interface te1/0/1 console(config-if)#switchport mode customer console(config-if)#switchport customer vlan100 console(config-if)#switchport customer multicast-tv vlan add1000. multicast-tv VLAN (VID 1000.1001 console(config-if)#exit 4.1200 console(config-if)#exit 5. 1.1000-1001. user traffic and control: console(config)# interfacete1/0/10 console(config-if)# switchport mode trunk console(config-if)# switchport trunk allowed vlan add100. Configure an uplink port by allowing transfer of multicast traffic.console(config-if)# exit Configuration example of the port in the customer mode This type of connection can be used to mark users’ IGMP reports of specific VLANs (CVLANs) with specific outer stamps (SVLAN).33. add marking rules for user IGMP reports: console(config)# console(config)# console(config)# console(config)# ip ip ip ip igmp igmp igmp igmp snooping snooping vlan100 snooping map cpe vlan5multicast-tv vlan1000 snooping map cpe vlan 6multicast-tv vlan1001 6. control VLAN (VID 1200): console(config)#vlan database console(config-vlan)#vlan100.0 console(config-if)# exit MES5324.1000-1001. MES2348Ethernet Switch Series 199 . Configure a control interface: console(config)# interface vlan1200 console(config-if)# ip address192. 1001). Configure user VLANs (VID 100).255. Enable filtering of multicast data: console(config)#bridge multicast filtering 2.

CONSOLE CABLE Figure 26.APPENDIX B. MES3324. MES2324. Console cable connection MES5324. MES2348Ethernet Switch Series 200 .

ru/support/knowledge Download centre: http://eltex.nsk. please contact the Service Centre: Russian Federation. MES2348Ethernet Switch Series 201 . 630020.nsk. review our knowledge base. website to find technical documentation and firmware for our products.ru/support/downloads MES5324. Novosibirsk.nsk. equipment. 29 Phone: +7(383) 274-47-87 +7(383) 272-83-31 E-mail: techsupp@eltex. MES3324.ru Technical forum: http://eltex.nsk.ru Visit the Eltex Ltd. Okruzhnaya st. fill in an interactive request or consult Service centre engineers on the technical forum: Official web-site: http://eltex.ru/forum Knowledge base: http://eltex.nsk. MES2324.TECHNICAL SUPPORT SERVICE For technical assistance in issues related to operation of Eltex Ltd.