FTOS Command Reference for the S-Series€¦ · FTOS Command Reference for the S-Series ... and clients, and preventing DoS attacks and IP spoofing. IP source guard prevents IP spoofing

FTOS Command Referencefor the S-SeriesVersion 7.8.1.0 March 11, 2009 Edition 3

Copyright 2009 Force10 Networks®All rights reserved. Printed in the USA. February 2009.Force10 Networks® reserves the right to change, modify, revise this publication without notice. TrademarksForce10 Networks® and E-Series® are registered trademarks of Force10 Networks, Inc. Force10, the Force10 logo, E1200, E600, E600i, E300, C300, EtherScale, TeraScale, and FTOS are trademarks of Force10 Networks, Inc. All other brand and product names are registered trademarks or trademarks of their respective holders.Statement of ConditionsIn the interest of improving internal design, operational function, and/or reliability, Force10 Networks reserves the right to make changes to products described in this document without notice. Force10 Networks does not assume any liability that may occur due to the use or application of the product(s) described herein.USA Federal Communications Commission (FCC) StatementThis equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC rules. These limits are designated to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy. If it is not installed and used in accordance to the instructions, it may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to take whatever measures necessary to correct the interference at their own expense.Properly shielded and grounded cables and connectors must be used in order to meet FCC emission limits. Force10 Networks is not responsible for any radio or television interference caused by using other than recommended cables and connectors or by unauthorized changes or modifications in the equipment. Unauthorized changes or modification could void the user’s authority to operate the equipment.This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.Canadian Department of Communication StatementThe digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications. Attention: Le present appareil numerique n’ emet pas de perturbations radioelectriques depassant les normes applicables aux appareils numeriques de la Class A prescrites dans le Reglement sur les interferences radioelectriques etabli par le ministere des Communications du Canada. European Union EMC Directive Conformance StatementThis product is in conformity with the protection requirements of EU Council Directive 89/336/EEC on the approximation of the laws of the Member States relating to electromagnetic compatibility. Force 10 Networks can not accept responsibility for any failure to satisfy the protection requirements resulting from a non-recommended modification of this product, including the fitting of non-Force10 option cards.This product has been tested and found to comply with the limits for Class A Information Technology Equipment according to CISPR 22/European Standard EN 55022. The limits for Class A equipment were derived for commercial and industrial environments to provide reasonable protection against interference with licensed communication equipment.

VCCI Compliance for Class A Equipment (Japan)

This is Class A product based on the standard of the Voluntary Control Council For Interference by Information Technology Equipment (VCCI). If this equipment is used in a domestic environment, radio disturbance may arise. When such trouble occurs, the user may be required to take corrective actions.\

=

Warning: This device is a Class A product. In a domestic environment, this device can cause radio interference, in which case, the user may be required to take appropriate measures.

Danger: AC Power cords are for use with Force10 Networks equipment only, do not use Force10 Networks AC Power cords with any unauthorized hardware.

FTOS Command Reference, version 7.8.1.0 3

This chapter contains the following sections:

• S-Series Features Introduced in FTOS 7.8.1.0 on page 3• Features Introduced in FTOS 7.7.1.0 on page 7• S-Series Support in FTOS on page 8• Revisions in this Edition on page 13

Listed below are the major new features in FTOS 7.8.1.0:

S-Series Features Introduced in FTOS 7.8.1.0RIP: The FTOS RIPv1/v2 feature set is now available on the S-Series. Scalability and performance differences exist due to differences in the hardware architecture of each platform.

IGMPv1/v2 Snooping on Stack Units: FTOS 7.6.1.0 introduced IGMPv1/v2 snooping on S-Series standalone and stack master units. In FTOS 7.8.1.0, IGMPv1/v2 snooping is now also supported on stack member units.

OSPF Graceful Restart: The full FTOS OSPF graceful restart functionality, as defined in RFC 3623, is now available on the S-Series. Previous versions of FTOS supported helper mode.

Hardware Serviceability and Diagnostic CLI Commands: The FTOS serviceability feature set for hardware diagnostics and debugging is extended to the S-Series. CLI commands to display and clear forwarding path and ASIC statistics for troubleshooting hardware problems are now available to debug potential hardware problems. This feature is also available in FTOS 7.7.1.1.

Watchdog Timer: A hardware watchdog mechanism is introduced to automatically reboot an S-Series system that is unresponsive. This is a last resort mechanism intended to prevent a manual power cycle, and can be enabled on a standalone or stack of units. This feature is also available in FTOS 7.7.1.1.

CPU and Memory Utilization SNMP OIDs for Stack Units: The S-Series manageability feature set is extended with SNMP OIDs in the FORCE10-SS-CHASSIS-MIB to poll the CPU and memory utilization on stack units. FTOS 7.7.1.0 supported OIDs for standalone and stack master units.

New Features

4 New Features

10/100Base-T Copper SFP Support on the S25P: The S-Series S25P now supports 10/100/1000Base-T on copper SFPs (catalog # GP-SFP2-1T). Previous versions of FTOS supported 1000Base-T on the S25P.

Show Software Trace Files on Stack Members: The FTOS serviceability feature set on the S-Series is extended with the show trace stack-unit command, which shows software trace logs on stack units. Software traces are used to debug potential software problems without disrupting a running system. This feature is also available in FTOS 7.7.1.1.

Secure DHCP - DHCP Snooping: DHCP snooping is a component of the FTOS secure DHCP suite of enterprise security features for establishing the legitimacy of DHCP servers and clients, and preventing DoS attacks and IP spoofing. DHCP snooping builds and maintains a DHCP binding table and then validates all DHCP packets against this table.

Private VLAN: Private VLANs (PVLANs) extend the FTOS security suite by virtualizing a shared VLAN into subdomains identified by a primary and secondary VLAN pair. Each primary VLAN supports multiple secondary community or isolated VLANs. Devices on community VLANs can communicate with each other via member ports, while devices on isolated VLANs cannot. The FTOS private VLAN implementation is based on RFC 3069. See Chapter 3, Private VLAN Commands, on page 511.

Secure DHCP — DHCP Relay Agent with Option 82: The DHCP relay agent with option 82 is a component of the FTOS secure DHCP suite of enterprise security features for establishing the legitimacy of DHCP servers and clients, and preventing DoS attacks and IP spoofing. RFC 3046 specifies option 82, which enables the DHCP relay agent (FTOS device) to include information about itself and the client when forwarding DHCP requests from a DHCP client to a DHCP server. The DHCP server uses the relay agent information to identify a client and assign an IP address based on the interface, rather than the client's MAC address.

Secure DHCP — IP Source Guard: IP source guard is a component of the FTOS secure DHCP suite of enterprise security features for establishing the legitimacy of DHCP servers and clients, and preventing DoS attacks and IP spoofing. IP source guard prevents IP spoofing by snooping DHCP traffic and then only permitting the IP addresses that were allocated with DHCP on the port to access the network.

Longer Names for ACLs and Routing Policies: FTOS now allows names of ACLs, policy maps, and route maps to be up to 140 characters long. FTOS versions prior to 7.8.1.0 supported a maximum length of 16 characters.

OSPF Fast Convergence: The FTOS OSPF implementation is optimized further to improve convergence time, and also features new commands that can be used to control LSA origination and processing.

Multi-process OSPF: Multi-process OSPF provides an option for creating multiple OSPF processes on a single router with separate databases. This feature can be used to virtualize a physical topology into logical routing domains, which can each support different routing and security policies. FTOS supports 28 processes on the E-Series, six processes on the C-Series, and three processes on the S-Series.

QoS Policy Scalability Optimizations: The QoS policy manager is optimized to use hardware tables more efficiently. A single copy of each policy is now written into CAM, which is used by all physical ports sharing the same policy.


IPv6 Routing: The FTOS IPv6 routing feature set is extended to S-Series switch/routers with IPv6 static routing, QoS policies, ACLs, and management features.

Programmable (S,G) Expiry Timer: By default, all PIM-SM (S,G) entries expire in 210 seconds. For some multicast applications it is desirable that certain (S,G) pairs be retained for an extended period of time, even in the absence of an active source. The command ip pim sparse-mode sg-expiry-timer is added to configure the expiry time globally for all sources, or for a specific set of (S,G) pairs defined by an access list. This feature was also introduced in FTOS 7.7.1.1.

SNMP Set Configuration Copy of Startup to Running: The enterprise-specific FORCE10-COPY-CONFIG-MIB supports SNMP set requests. FTOS 7.8.1.0 extends this MIB with support for copying the startup-config file to the running-config.

ignore-case"Option for the grep CLI Command: The grep CLI command to search for a pattern in CLI output is extended with the ignore-case option to ignore case distinctions. See Filtering show Commands on page 61.

Multiple Tagging Support on VLAN Stacking Trunk Ports: The FTOS VLAN stacking implementation on the C-Series and S-Series now supports forwarding of VLAN stack and 802.1Q VLAN frames on the same port, allowing users greater flexibility when deploying VLAN stacking. See Chapter 1, VLAN Stacking, on page 421.

Port-Based Rate Policing on Layer 3 Interfaces: The FTOS QoS features set on the C-Series and S-Series is extended to support port-based rate policing on Layer 3 interfaces. Previous versions of FTOS supported this feature on Layer 2 interfaces.. See QOS-POLICY-OUTrate-police on page 752.

User-configurable Buffer Settings for Control Queues: Buffer tuning commands are used to change the default way a switch/router allocates packet buffers from its available memory, which help to prevent packet drops during a temporary burst of traffic. This feature is enhanced to support configuring custom buffering for control plane queues. This feature was also introduced in FTOS 7.7.1.1. See Buffer Tuning on page 890.

sFlow SNMP Set Configuration: The FTOS implementation of the sFlow MIB is enhanced to support sFlow configuration via SNMP sets.

IP Multicast Policies: The FTOS IP multicast policy feature set is extended to the C-Series and S-Series. These platforms now support policies to limit the number of groups, neighbors, and multicast routes.

C/S - Ethernet Flow Control: IEEE 802.3x pause frames are a control frame that can be used to throttle input on an interface if a device is overwhelmed by traffic. The interface CLI command flowcontrol to enable pause frames is now supported on the C-Series and S-Series switch/routers. Pause frames were ignored in previous versions of FTOS on these platforms. This feature was also introduced in FTOS 7.7.1.1.

Save to File Option for CLI Show Commands: The FTOS "show" commands are extended with a save option to save output to a file on flash for later use. See Filtering show Commands on page 61.

Digital Optical Monitoring (DOM) on Qualified Force10 SFP and SFP+ Optical Media Modules: The FTOS serviceability feature set is enhanced to support Digital Optical Monitoring (DOM) on qualified Force10 SFP and SFP+ optical media modules. DOM enables

6 New Features

users to view real-time media module parameters for monitoring and troubleshooting. The show interfaces transceiver output is augmented with diagnostic fields for all platforms. See show interfaces transceiver on page 336.

Show LLDP System Name in CLI Commands: FTOS will now show system names in LLDP CLI show commands. Previous versions of FTOS displayed the chassis ID (for example, 00:01:e8:0d:b6:d6) in place of the system name. This feature was also introduced in FTOS 7.7.1.1.

VU#472363/CVE-2008-2476 IPv6 Neighbor Discovery Corruption of Routing Table: The FTOS IPv6 implementation is modified to drop invalid ND packets, which prevents forwarding table corruption as described in this vulnerability report. This change was also introduced in FTOS 7.7.1.1.

VU#800113/CVE-2008-1447 Multiple DNS Implementations Vulnerable to Cache Poisoning: The DNS client functionality in FTOS is enhanced so that DNS lookups now use random source UDP ports and random transaction IDs, to prevent spoofed DNS responses from being accepted. The DNS client is only enabled if the ip domain-lookup command is present in the configuration. This change was also introduced in FTOS 7.7.1.1.

Offline Diagnostics on Stacking Units: Offline diagnostics extend the FTOS serviceability feature set for diagnostics and debugging on S-Series stack units. Diagnostics are started and monitored from the FTOS CLI. Test results, including detailed statistics for all tests, are then displayed via the CLI. FTOS 7.7.1.0 introduced offline diagnostics on standalone and stack master units. The S-Series Debug chapter contains several more versions of the show hardware command, along with associated versions of the clear hardware command, all introduced in FTOS 7.7.1.1. See:

• clear hardware system-flow on page 896• show hardware layer2 acl on page 897• show hardware layer3 on page 897• show hardware stack-unit on page 897• show hardware system-flow on page 903

Stack Link Integrity Monitoring: S-Series units in a stacked configuration now monitor the integrity of stack ports, and disable any stack port that flaps five times within 10 seconds. Log messages appear on the console of the units that detect the flapping port. This feature was also introduced in FTOS 7.7.1.1.

Enhanced Stack Reset Log Messages: The FTOS stacking feature is extended with more descriptive log messages when a stack unit is reset.

Reset the Standby Unit in a Stack: The S-Series stacking feature set now supports the ability to reset the standby unit by running the reset command from the standby unit.


Network Boot Option: The S-Series manageability feature set is enhanced to support booting over the network using TFTP, to allow users more flexibility in managing software images and versions on standalone units. See Chapter 18, BOOT_USER Mode.

Format the Flash Filesystem: The FTOS CLI command to format the flash: file system is now available on S-Series standalone, stack master and standby units. This feature is also available in FTOS 7.7.1.1.

User-configurable Buffer Profile Templates: Buffer configuration commands are used to change the way a switch/router allocates packet buffers from its available memory, which helps to prevent packet drops during a temporary burst of traffic. The buffer configuration feature is enhanced with several profile templates that make changing the buffer allocation simpler.

Save Task Exception Information: The FTOS serviceability feature set on the S-Series now saves exception information when there is an IPC communications failure on the master or standby unit. This enhancement will help to debug potential IPC problems faster and with less disruption to running systems. This feature is also available in FTOS 7.7.1.1.

Show Boot Code Version on Stack Units: The boot code version of a stack unit is now displayed in the "show system stack-unit" CLI command for easier system software and inventory management.

Test CAM Capacity: The "test cam-usage" CLI command is now available on the S-Series. Running this command before applying a QoS policy will show if there is enough room in CAM to accommodate the policy.

Visual Indication of Master and Standby Status: The stacking LED display on each member of a stack will now indicate if the unit is the master or standby next to the stack unit number, so that these units can be identified visually. This feature is also available in FTOS 7.7.1.1.

New Password Recovery Mechanism: The S-Series password recovery mechanism is changed to function more similar to the way it does on the E-Series and C-Series.

Features Introduced in FTOS 7.7.1.0Listed below are the new features in FTOS 7.7.1.0. The features are separated into the following categories, with a secondary sort by platform:

• High Availability on page 9• Layer 2 on page 9• Layer 3 on page 10• Management on page 11• System on page 11

8 New Features

S-Series Support in FTOS This is the first generally available version of FTOS that contains support for the S-Series line of Force10 switch/routers. In general, the level and type of support for the S-Series line is a major subset of the support for the C-Series line.

Switch Architecture Represented in FTOS Commands

The S-Series line has a more closed architecture than the C-Series and E-Series, so some architectural concepts represented in FTOS commands designed for those switches do not pertain to the S-Series. For example, command parameters for fan trays, line cards, RPMs (Route Processor Modules), and SFMs (Switch Fabric Modules) are not relevant to the S-Series.

So, commands containing keywords not relevant to the S-Series, such as linecard, rpm, and sfm, but are otherwise useful for the S-Series, are split into two commands — one with those keywords for the C-Series and E-Series, the other, without those keywords, for the S-Series.

In some of those S-Series commands, a new parameter — stack-unit unit-ID — is introduced in this FTOS version. The parameter enables you to designate a particular S-Series stack member (unit IDs 0 to 7). For example, see the command show system (S-Series) on page 125.

Port Pipe

The one exception to the separation in architectural concepts between S-Series and the C-Series and E-Series is the concept of the Port-Pipe. The Port-Pipe is a standard concept in the C-Series and E-Series nomenclature, but it is new to SFTOS users.

For S-Series running FTOS, the Port-Pipe concept is being applied to the Forwarding Processor (FP), which routes traffic between ports. The S25N, S25P, and S25V models have one FP, and therefore, one Port-Pipe. The S50N and S50V models have two FPs, reflected in FTOS commands as two Port-Pipes. Port-Pipe 1 controls ports 1–24; Port-Pipe 2 controls ports 25–48, plus each Port-Pipe controls two of the potential 10Gig XFPs in the back of the switch. This information can help you both to understand show command output that contains Port-Pipe information, and to help you to allocate ports so that traffic is more balanced across the FPs. For example, see the show ip cam stack-unit command in Chapter 8, IP Routing Commands, on page 567.

For details on FTOS features available for the S-Series, see the feature introductions in each chapter, and the individual command statements. For more, see the FTOS on S-Series Release Notes and the FTOS Configuration Guide.


New Features in FTOS 7.7.1.0

High Availability

S-Series• Auto-Reboot Support on S-Series: A command has been added to disable automatic

reboots if an S-Series unit experiences an unrecoverable fault and crashes. If automatic reboots are disabled, debugging information can be collected before manually rebooting the unit.

• Network Application Core Dump: The FTOS application core dump feature is now available on the S-Series. Core dumps save critical exception information for debugging and are an important part of the FTOS serviceability feature set. For example, a task crash on the CPU generates an application core dump that can be analyzed to provide information on why the task crashed.Note: FTOS 7.7.1.0 supports network application core dump only on a stand-alone unit.

• Offline Diagnostics: Offline diagnostics extend the FTOS serviceability feature set for diagnostics and debugging on the S-Series. Diagnostics are started and monitored from the FTOS CLI. Test results, including detailed statistics for all tests, are then displayed via the CLI. See Chapter 17, S-Series Debugging and Diagnostics, on page 887.Note: FTOS 7.7.1 supports these commands only on the stack master (management unit).

• Features introduced in FTOS 7.6.1:• show processes cpu and show processes memory commands• Display command history and clear command history log: See show

command-history on page 108 in Chapter 3, Control and Monitoring.• redundancy disable-auto-reboot and show redundancy commands

Layer 2

S-Series• 802.1X Guest VLAN and Authentication Fail VLAN: The FTOS 802.1X feature

components that support guest and authentication fail VLANs are now available on the S-Series.

• IGMP Snooping: See IGMP Snooping Commands on page 857.• LLDP: The FTOS Link Layer Discovery Protocol (LLDP) feature is available on the

S-Series. LLDP provides an industry-standard solution for the discovery of network elements, their configuration information, and how they are connected to each other.

• LLDP-MED: LLDP-MED (Media Endpoint Discovery) defines a set of organizally-specific IEEE 802.1AB TLV extensions and a related MIB module for exchanging information between VoIP endpoints and IEEE 802 networking infrastructure elements. See LLDP-MED on page 364.

10 New Features

• Redundant Pairs: The redundant pairs feature provides an alternative to running STP on Ethernet networks, and supports link redundancy while preventing loops. A pair of interfaces are configured as a primary and a backup interface. Use the switchport backup command. See switchport on page 343 in Chapter 12, Interface Commands, on page 297.

• STP: See Chapter 4, Spanning Tree Protocol, on page 521.• Features introduced in FTOS 7.6.1:

• ACLs (Layer 2): See Chapter 2, Access Control Lists, on page 429.• GARP VLAN Registration Protocol (GVRP): Chapter 17, GARP VLAN Registration

(GVRP), on page 409.• Layer 2 interfaces (port, LAG, VLAN): See Chapter 12, Interface Commands, on

page 297.• LACP: See Chapter 15, LACP, on page 387.• Layer 2 MAC addressing: See Chapter 16, Layer 2 Commands, on page 393.• PVST+: See Chapter 5, PVST+, on page 531.• RSTP: See Chapter 6, RSTP, on page 543.• MSTP: See Chapter 7, MSTP, on page 553.• Shared LAG State Tracking within a Chassis: See the commands• group on page 346 and port-channel failover-group on page 348 in Chapter 12,

Interface Commands.• Stackable VLANs (VLAN-Stacking): See Chapter 1, VLAN Stacking, on page 421.• Storm Control: See Chapter 11, Storm Control, on page 289.• Syslog: See Chapter 6, SNMP and Syslog, on page 159.• VLANs (including Native VLANs): See Chapter 12, Interface Commands, on page

297.

Layer 3

S-Series• 31-Bit Prefix Support on Point-to-Point Ethernet Interfaces: A 31-bit IP prefix length,

described in RFC 3021, allows the use of only two IP addresses on a point-to-point Ethernet interface, conserving IP address space. Previously, four IP addresses (a /30) or unnumbered interfaces for point-to-point links were required.

• NIC Teaming: The FTOS NIC teaming feature is now available on the S-Series. NIC teaming allows servers to be connected to the network using multiple NICs.

• Multiple network interface cards in a server can be represented by one MAC address and one IP Address in order to provide transparent redundancy, balancing, and to fully utilize network adapter resources. Use the mac-address-table station-move refresh-arp command (see mac-address-table station-move refresh-arp on page 396 in Chapter 16, Layer 2 Commands, on page 393).

• OSPF Graceful Restart Helper Only Role: The FTOS OSPF graceful restart "helper mode" functionality, as defined in RFC 3623, can now be explicitly configured on the S-Series. The "graceful-restart role helper-only" command limits an FTOS switch/router to performing the helper role and disables graceful restart.

• Features introduced in FTOS 7.6.1:• IP Routing: Now supported on S-Series. See Chapter 8, IP Routing Commands, on

page 567.


• VRRP: Now supported on S-Series. See Chapter 9, Virtual Router Redundancy Protocol (VRRP) Commands, on page 609.

• OSPF: Now supported on S-Series. See Chapter 12, Open Shortest Path First (OSPFv2 and OSPFv3), on page 763.

Management

S-Series• AAA Authentication Key Length Extended to 42 Characters: FTOS now allows keys

used for RADIUS and TACACS+ authentication to be up to 42 characters long. FTOS versions prior to 7.7.1 supported a maximum length of 25 characters.

• Application Core Dump: The FTOS application core dump feature is now available on the S-Series. Core dumps save critical exception information for debugging and are an important part of the FTOS serviceability feature set. For example, a task crash on the CPU generates an application core dump that can be analyzed to provide information on why the task crashed.

• sFlow: The FTOS sFlow feature is now available on the S-Series. sFlow is defined in RFC 3176 and is a protocol for monitoring traffic in Layer 2 and Layer 3 networks. See Chapter 13, sFlow Commands, on page 835.

• Strong Encryption (MD5) for Local Passwords: Strong encryption of username passwords using the MD5 hash algorithm is now supported, in addition to the DES algorithm.

• Username Field Extension to 63 Characters: The username command used to configure local authentication is extended to support names of up to 63 characters. See username on page 253.

• TFTP and SCP Support: TFTP and SCP are now available, in addition to FTP, as protocols for software upgrades on the S-Series. See Chapter 2, File Management, on page 109.

• Features introduced in FTOS 7.6.1:• 802.1x authentication: Traditional 802.1X and 802.1X with dynamic VLAN

assignment. When the authentication succeeds, the switch will either enable the port in its configured VLAN (traditional 802.1X) or in the VLAN that the RADIUS server identifies.

• AAA Security (including RADIUS and TACACS+): See Chapter 10, Security Commands, on page 235.

• DHCP Client: See Chapter 8, IP Routing Commands, on page 567.• Display command history: See show command-history on page 108.

System

12 New Features

S-Series• Bandwidth Managements: The FTOS QoS feature to assign a minimum bandwidth is

now available on the S-Series. Bandwidth management can be used to assign a minimum bandwidth guarantee to a class or queue.

• Set the CX4 Cable Length Command: The CLI command cx4-cable-length can be used to adjust the signal strength on CX4 10 GbE interfaces to match the length of the cable that is connected. See cx4-cable-length on page 301.

• Conversion Procedure from FTOS to SFTOS: S-Series S50N, S50V and S25P switch/routers running FTOS now support a mechanism to reinstall SFTOS, if they previously ran SFTOS. Changing operating systems requires a reboot and reconfiguration. SFTOS is not supported on S-Series switch/routers that were shipped with FTOS

• Conversion Procedure from SFTOS to FTOS: S-Series switch/routers running SFTOS now support a mechanism to load FTOS images. The S-Series can run either FTOS or SFTOS, and requires a reboot and reconfiguration to switch between operating systems. FTOS is supported on the S50N, S50V, and S25 platforms.

• Egress Rate Shaping: Enable per-queue rate shaping on egress. Egress rate shaping is now available on the S-Series as part of the FTOS QoS feature set. Rate shaping can be applied a port, or to one of the four hardware queues on a port, to constrain the egress traffic to a given rate. See Chapter 11, Quality of Service, on page 739.

• Filesystem Enhancements: The FTOS file system driver on the S-Series has been optimized, and provides improved file system performance for flash read and write operations. The format flash command is now available on the S-Series. See format flash (S-Series) on page 112.

• Flow-based DSCP Marking: The QoS feature set has been extended to allow greater flexibility when using "class-map" policies. Matching is supported with ACLs, and DSCP or IP precedence values to allow flow-based classification and queuing. See Chapter 11, Quality of Service, on page 739.

• LLDP VLAN Name TLV for Interoperation with Avaya Phones: The FTOS Power over Ethernet (PoE) feature set has been enhanced with additional LLDP-MED features required to deploy VoIP phone systems. The VLAN Name TLV enables FTOS to interoperate with Avaya IP phones which must receive "voice" in the VLAN name. See Chapter 13, LLDP, on page 355.

• Power over Ethernet (PoE): The FTOS Power over Ethernet (PoE) feature is now supported on the S-Series. PoE (IEEE 802.3af) enables power to be transmitted to Ethernet devices over the signal pairs of an Unshielded Twisted Pair (UTP) cable.

S-Series-only commands include user-set power priority and power budget. See Chapter 13, LLDP, on page 355 and Chapter 16, Power Over Ethernet (PoE), on page 879.

• Port Monitoring With Multiple Session and Multiple Monitored Port Support: The FTOS Port Monitoring feature is extended to support the S-Series. The Port Monitoring feature is extended with support for up to five monitored source interfaces to one monitoring destination interface and support for up to five monitoring groups at one time. See Chapter 7, Port Monitoring, on page 191.

• S25N: FTOS now supports the S-Series S25N 24-port 10/100/1000Base-T switch/router (S25-01-GE-24T).

• S25V: FTOS now supports the S-Series S25V 24-port 10/100/1000Base-T switch/router with PoE (S25-01-GE-24V). See Chapter 16, Power Over Ethernet (PoE), on page 879.

• Stacking: Using the FTOS stacking feature, multiple S-Series switch units can be interconnected with stacking interfaces. The stack becomes manageable as a single switch through a stack member that is designated as the management unit. FTOS


stacking includes a high availability element, enabling a backup unit to immediately assume control of a stack if the management unit goes down or is removed from the stack. See Chapter 4, S-Series Stacking Commands, on page 137. Note that this chapter contains commands, such as reset and redundancy force-failover, that have C-Series and E-Series analogs in other chapters.

• The reset stack-unit command can now also run directly on the standby unit (master backup) of an S-Series stack. See reset stack-unit on page 138.

• TDR: The Time Domain Reflectometer (TDR) is a key fault isolation tool in the FTOS serviceability feature set, and is now supported on the S-Series. The TDR can be used to detect open or short conditions in cables connected to 10/100/1000Base-T ports. See Time Domain Reflectometer (TDR) on page 352.

• User Configurable Buffer Allocation: Buffer tuning commands are used to change the default way a switch/router allocates packet buffers from its available memory, and helps prevent packet drops during a temporary burst of traffic. See Chapter 17, S-Series Debugging and Diagnostics, on page 887.

• Strong Encryption (MD5) for Local Passwords: Strong encryption of username passwords using the MD5 hash algorithm is now supported, in addition to the DES algorithm.

Revisions in this EditionIn addition to changes in this book for features described above, the following changes have been made in the document:

• The snmp ifmib ifalias long command is documented from previous FTOS versions. See snmp ifmib ifalias long on page 163.

14 New Features


New Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

S-Series Features Introduced in FTOS 7.8.1.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Features Introduced in FTOS 7.7.1.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

S-Series Support in FTOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8New Features in FTOS 7.7.1.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Layer 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Layer 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

Revisions in this Edition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

PrefaceAbout this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Information Symbols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Related Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Chapter 1CLI Basics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Accessing the Command Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Multiple Configuration Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Navigating the Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Obtaining Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Using the Keyword No . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Filtering show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Displaying All Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62Filtering Command Output Multiple Times . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Command Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62EXEC Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63EXEC Privilege Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63CONFIGURATION Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63INTERFACE Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63LINE Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64TRACE-LIST Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Contents

16

MAC ACCESS LIST Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64IP ACCESS LIST Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65ROUTE-MAP Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65PREFIX-LIST Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65AS-PATH ACL Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65IP COMMUNITY LIST Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66REDIRECT-LIST Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66SPANNING TREE Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Per-VLAN SPANNING TREE Plus Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66RAPID SPANNING TREE Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67MULTIPLE SPANNING TREE Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67PROTOCOL GVRP Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67PROTOCOL FVRP Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67ROUTER OSPF Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67ROUTER RIP Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68ROUTER ISIS Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68ROUTER BGP Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Chapter 2File Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Basic File Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69cd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71dir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72format flash (S-Series) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72logging coredump server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73rename . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74show file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74show file-systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75show os-version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76show running-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78show startup-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81upgrade (S-Series management unit) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Chapter 3Control and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

banner exec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86banner login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87banner motd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88clear alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89clear command history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89


clear line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89configure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90debug cpu-traffic-stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90debug ftpserver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91do . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93enable xfp-power-updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94exec-banner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94exec-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96ftp-server enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96ftp-server topdir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97ftp-server username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98ip ftp password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99ip ftp source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99ip ftp username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100ip telnet server enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101ip telnet source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101ip tftp source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103motd-banner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105send . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106service timestamps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106show alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107show command-history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108show cpu-traffic-stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109show debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110show environment (S-Series version) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111show inventory (S-Series version) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113show memory (S-Series version) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114show processes cpu (S-Series version) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115show processes ipc flow-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119show processes memory (S-Series version) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122show software ifm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124show system (S-Series) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125show tech-support (S-Series version) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131terminal length . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

18

traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132undebug all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134write . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

Chapter 4S-Series Stacking Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

redundancy disable-auto-reboot (S-Series version) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138redundancy force-failover stack-unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138reset stack-unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138show redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139show system stack-ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140stack-unit priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142stack-unit provision . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143stack-unit renumber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143upgrade system stack-unit (S-Series stack member) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

Chapter 5RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

rmon alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146rmon collection history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147rmon collection statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148rmon event . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148rmon hc-alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149show rmon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150show rmon alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150show rmon events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152show rmon hc-alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153show rmon history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154show rmon log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155show rmon statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

Chapter 6SNMP and Syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160show snmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160show snmp engineID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161show snmp group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162show snmp user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162snmp ifmib ifalias long . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163snmp-server community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164snmp-server contact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165snmp-server enable traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166


snmp-server engineID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167snmp-server group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168snmp-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169snmp-server location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171snmp-server trap-source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172snmp-server user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173snmp-server view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175snmp trap link-status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

Syslog Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176clear logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177default logging buffered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177default logging console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178default logging monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178default logging trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179logging buffered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180logging console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180logging facility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181logging history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183logging history size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183logging monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184logging on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184logging source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185logging synchronous . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186logging trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187show logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187show logging driverlog stack-unit (S-Series) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189terminal monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

Chapter 7Port Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191monitor session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192show config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193show monitor session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193show running-config monitor session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

Chapter 8Time Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

calendar set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198clock read-calendar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

20

clock set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199clock summer-time date . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200clock summer-time recurring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201clock timezone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202clock update-calendar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203debug ntp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204ntp authenticate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204ntp authentication-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205ntp broadcast client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206ntp disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206ntp server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206ntp source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207ntp trusted-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208ntp update-calendar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209show calendar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209show clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210show ntp associations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211show ntp status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

Chapter 9Router Information Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

auto-summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216clear ip rip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216debug ip rip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217default-information originate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217default-metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219distance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219distribute-list in . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220distribute-list out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220ip poison-reverse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221ip rip receive version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222ip rip send version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222ip split-horizon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223maximum-paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225offset-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225output-delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226passive-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227redistribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227redistribute ospf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228router rip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229


show config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229show ip rip database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230show running-config rip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231timers basic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

Chapter 10Security Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

AAA Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235aaa accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236aaa accounting suppress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237show accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

Authorization and Privilege . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239aaa authorization commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239aaa authorization exec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240privilege level (CONFIGURATION mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240privilege level (LINE mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

Authentication and Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242aaa authentication enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242aaa authentication login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243access-class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245enable password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245enable restricted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246enable secret . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247login authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249password-attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250service password-encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251show privilege . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251show users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252timeout login response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254debug radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255ip radius source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255radius-server deadtime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256radius-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256radius-server key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258radius-server retransmit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258radius-server timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259

TACACS+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259

22

debug tacacs+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260ip tacacs source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260tacacs-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261tacacs-server key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

Port Authentication (802.1X) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263dot1x authentication (Configuration) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263dot1x authentication (Interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264dot1x auth-fail-vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264dot1x auth-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265dot1x guest-vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265dot1x max-eap-req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266dot1x port-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267dot1x quiet-period . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267dot1x reauthentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268dot1x reauth-max . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268dot1x server-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269dot1x supplicant-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269dot1x tx-period . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270show dot1x interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270

SSH Server and SCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271crypto key generate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272debug ip ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273ip scp topdir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273ip ssh authentication-retries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274ip ssh connection-rate-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274ip ssh hostbased-authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275ip ssh key-size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275ip ssh password-authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276ip ssh pub-key-file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276ip ssh rhostsfile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277ip ssh rsa-authentication (Config) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278ip ssh rsa-authentication (EXEC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279ip ssh server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279show crypto . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280show ip ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281show ip ssh client-pub-keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282show ip ssh rsa-authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283

Secure DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284clear ip dhcp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284ip dhcp relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285ip dhcp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285


ip dhcp snooping database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285ip dhcp snooping binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286ip dhcp snooping database renew . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287ip dhcp snooping trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287ip dhcp source-address-validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287ip dhcp snooping vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288show ip dhcp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

Chapter 11Storm Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289show storm-control broadcast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289show storm-control multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290show storm-control unknown-unicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291storm-control broadcast (Configuration) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292storm-control broadcast (Interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293storm-control multicast (Configuration) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294storm-control multicast (Interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295storm-control unknown-unicast (Configuration) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295storm-control unknown-unicast (Interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296

Chapter 12Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297

Basic Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297clear counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299clear dampening . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300cx4-cable-length . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301dampening . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303disable-on-sfm-failure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304duplex (10/100 Interfaces) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304flowcontrol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307interface loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308interface null . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309interface range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310interface range macro (define) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312interface range macro name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313interface vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314keepalive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316mtu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318negotiation auto . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319

24

portmode hybrid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322rate-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323show config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324show config (from INTERFACE RANGE mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324show interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325show interfaces configured . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326show interfaces dampening . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327show interfaces description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329show interfaces phy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330show interfaces stack-unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332show interfaces status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333show interfaces switchport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334show interfaces transceiver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336show range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341speed (for 10/100/1000 interfaces) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342switchport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343

Port Channel Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344channel-member . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346interface port-channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346minimum-links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348port-channel failover-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348show config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349show interfaces port-channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349

Time Domain Reflectometer (TDR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352tdr-cable-test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353show tdr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353

Chapter 13LLDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355

advertise dot1-tlv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356advertise dot3-tlv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356advertise management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357clear lldp counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357clear lldp neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358debug lldp interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360hello . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361multiplier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361protocol lldp (Configuration) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .