100% found this document useful (1 vote)

1K views

Enterasys B5 Manual

Switch B5 Cli Reference

Uploaded by

casadorio2002

Available Formats

Download as PDF, TXT or read online on Scribd

100% found this document useful (1 vote)

1K views

Enterasys B5 Manual

Switch B5 Cli Reference

Uploaded by

casadorio2002

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 714

Enterasys B5

Stackable Switches

CLI Reference
Firmware Version 6.42.xx.xxxx or Higher

P/N 9034525-02

Notice
EnterasysNetworksreservestherighttomakechangesinspecificationsandotherinformationcontainedinthisdocumentand
itswebsitewithoutpriornotice.ThereadershouldinallcasesconsultEnterasysNetworkstodeterminewhetheranysuch
changeshavebeenmade.
Thehardware,firmware,orsoftwaredescribedinthisdocumentissubjecttochangewithoutnotice.
INNOEVENTSHALLENTERASYSNETWORKSBELIABLEFORANYINCIDENTAL,INDIRECT,SPECIAL,OR
CONSEQUENTIALDAMAGESWHATSOEVER(INCLUDINGBUTNOTLIMITEDTOLOSTPROFITS)ARISINGOUTOF
ORRELATEDTOTHISDOCUMENT,WEBSITE,ORTHEINFORMATIONCONTAINEDINTHEM,EVENIFENTERASYS
NETWORKSHASBEENADVISEDOF,KNEWOF,ORSHOULDHAVEKNOWNOF,THEPOSSIBILITYOFSUCH
DAMAGES.
EnterasysNetworks,Inc.
50MinutemanRoad
Andover,MA01810
2011EnterasysNetworks,Inc.Allrightsreserved.
PartNumber: 903452502 January2011
ENTERASYS,ENTERASYSNETWORKS,ENTERASYSSECURENETWORKS,ENTERASYSNETSIGHT,WEBVIEW,andany
logosassociatedtherewith,aretrademarksorregisteredtrademarksofEnterasysNetworks,Inc.intheUnitedStatesandother
countries.ForacompletelistofEnterasystrademarks,seehttp://www.enterasys.com/company/trademarks.aspx.
Allotherproductnamesmentionedinthismanualmaybetrademarksorregisteredtrademarksoftheirrespectivecompanies.
DocumentationURL:https://extranet.enterasys.com/downloads/

Version:

Information in this guide refers to Enterasys B5 firmware version 6.42.xx.xxxx or

higher.

Enterasys Networks, Inc. Firmware License Agreement

BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT,
CAREFULLY READ THIS LICENSE AGREEMENT.
Thisdocumentisanagreement(Agreement)betweentheenduser(You)andEnterasysNetworks,Inc.,onbehalf
ofitselfanditsAffiliates(ashereinafterdefined)(Enterasys)thatsetsforthYourrightsandobligationswithrespect
totheEnterasyssoftwareprogram/firmware(includinganyaccompanyingdocumentation,hardwareormedia)
(Program)inthepackageandprevailsoveranyadditional,conflictingorinconsistenttermsandconditions
appearingonanypurchaseorderorotherdocumentsubmittedbyYou.Affiliatemeansanyperson,partnership,
corporation,limitedliabilitycompany,otherformofenterprisethatdirectlyorindirectlythroughoneormore
intermediaries,controls,oriscontrolledby,orisundercommoncontrolwiththepartyspecified.ThisAgreement
constitutestheentireunderstandingbetweentheparties,withrespecttothesubjectmatterofthisAgreement.The
Programmaybecontainedinfirmware,chipsorothermedia.
BYINSTALLINGOROTHERWISEUSINGTHEPROGRAM,YOUREPRESENTTHATYOUAREAUTHORIZEDTO
ACCEPTTHESETERMSONBEHALFOFTHEENDUSER(IFTHEENDUSERISANENTITYONWHOSEBEHALF
YOUAREAUTHORIZEDTOACT,YOUANDYOURSHALLBEDEEMEDTOREFERTOSUCHENTITY)AND
THATYOUAGREETHATYOUAREBOUNDBYTHETERMSOFTHISAGREEMENT,WHICHINCLUDES,
AMONGOTHERPROVISIONS,THELICENSE,THEDISCLAIMEROFWARRANTYANDTHELIMITATIONOF
LIABILITY.IFYOUDONOTAGREETOTHETERMSOFTHISAGREEMENTORARENOTAUTHORIZEDTO
ENTERINTOTHISAGREEMENT,ENTERASYSISUNWILLINGTOLICENSETHEPROGRAMTOYOUANDYOU
AGREETORETURNTHEUNOPENEDPRODUCTTOENTERASYSORYOURDEALER,IFANY,WITHINTEN
(10)DAYSFOLLOWINGTHEDATEOFRECEIPTFORAFULLREFUND.
IFYOUHAVEANYQUESTIONSABOUTTHISAGREEMENT,CONTACTENTERASYSNETWORKS,LEGAL
DEPARTMENTAT(978)6841000.
YouandEnterasysagreeasfollows:
1. LICENSE. Youhavethenonexclusiveandnontransferablerighttouseonlytheone(1)copyoftheProgram
providedinthispackagesubjecttothetermsandconditionsofthisAgreement.
2. RESTRICTIONS. ExceptasotherwiseauthorizedinwritingbyEnterasys,Youmaynot,normayYoupermitany
thirdpartyto:
(a) Reverseengineer,decompile,disassembleormodifytheProgram,inwholeorinpart,includingforreasons
oferrorcorrectionorinteroperability,excepttotheextentexpresslypermittedbyapplicablelawandtothe
extentthepartiesshallnotbepermittedbythatapplicablelaw,suchrightsareexpresslyexcluded.
InformationnecessarytoachieveinteroperabilityorcorrecterrorsisavailablefromEnterasysuponrequest
anduponpaymentofEnterasysapplicablefee.
(b) IncorporatethePrograminwholeorinpart,inanyotherproductorcreatederivativeworksbasedonthe
Program,inwholeorinpart.
(c) Publish,disclose,copyreproduceortransmittheProgram,inwholeorinpart.
(d) Assign,sell,license,sublicense,rent,lease,encumberbywayofsecurityinterest,pledgeorotherwisetransfer
theProgram,inwholeorinpart.
(e) Removeanycopyright,trademark,proprietaryrights,disclaimerorwarningnoticeincludedonorembedded
inanypartoftheProgram.
3. APPLICABLELAW. ThisAgreementshallbeinterpretedandgovernedunderthelawsandinthestateand
federalcourtsoftheCommonwealthofMassachusettswithoutregardtoitsconflictsoflawsprovisions.Youacceptthe
personaljurisdictionandvenueoftheCommonwealthofMassachusettscourts.Noneofthe1980UnitedNations
ConventionontheLimitationPeriodintheInternationalSaleofGoods,andtheUniformComputerInformation
TransactionsActshallapplytothisAgreement.
4. EXPORTRESTRICTIONS. YouunderstandthatEnterasysanditsAffiliatesaresubjecttoregulationbyagencies
oftheU.S.Government,includingtheU.S.DepartmentofCommerce,whichprohibitexportordiversionofcertain
technicalproductstocertaincountries,unlessalicensetoexporttheproductisobtainedfromtheU.S.Governmentor
anexceptionfromobtainingsuchlicensemayberelieduponbytheexportingparty.
IftheProgramisexportedfromtheUnitedStatespursuanttotheLicenseExceptionCIVundertheU.S.Export
AdministrationRegulations,YouagreethatYouareacivilenduseroftheProgramandagreethatYouwillusethe
Programforcivilendusesonlyandnotformilitarypurposes.

IftheProgramisexportedfromtheUnitedStatespursuanttotheLicenseExceptionTSRundertheU.S.Export
AdministrationRegulations,inadditiontotherestrictionontransfersetforthinSection1or2ofthisAgreement,You
agreenotto(i)reexportorreleasetheProgram,thesourcecodefortheProgramortechnologytoanationalofa
countryinCountryGroupsD:1orE:2(Albania,Armenia,Azerbaijan,Belarus,Cambodia,Cuba,Georgia,Iraq,
Kazakhstan,Laos,Libya,Macau,Moldova,Mongolia,NorthKorea,thePeoplesRepublicofChina,Russia,Tajikistan,
Turkmenistan,Ukraine,Uzbekistan,Vietnam,orsuchothercountriesasmaybedesignatedbytheUnitedStates
Government),(ii)exporttoCountryGroupsD:1orE:2(asdefinedherein)thedirectproductoftheProgramorthe
technology,ifsuchforeignproduceddirectproductissubjecttonationalsecuritycontrolsasidentifiedontheU.S.
CommerceControlList,or(iii)ifthedirectproductofthetechnologyisacompleteplantoranymajorcomponentofa
plant,exporttoCountryGroupsD:1orE:2thedirectproductoftheplantoramajorcomponentthereof,ifsuch
foreignproduceddirectproductissubjecttonationalsecuritycontrolsasidentifiedontheU.S.CommerceControl
ListorissubjecttoStateDepartmentcontrolsundertheU.S.MunitionsList.
5. UNITEDSTATESGOVERNMENTRESTRICTEDRIGHTS. TheenclosedProgram(i)wasdevelopedsolelyat
privateexpense;(ii)containsrestrictedcomputersoftwaresubmittedwithrestrictedrightsinaccordancewithsection
52.22719(a)through(d)oftheCommercialComputerSoftwareRestrictedRightsClauseanditssuccessors,and(iii)in
allrespectsisproprietarydatabelongingtoEnterasysand/oritssuppliers.ForDepartmentofDefenseunits,the
ProgramisconsideredcommercialcomputersoftwareinaccordancewithDFARSsection227.72023anditssuccessors,
anduse,duplication,ordisclosurebytheU.S.Governmentissubjecttorestrictionssetforthherein.
6. DISCLAIMEROFWARRANTY. EXCEPTFORTHOSEWARRANTIESEXPRESSLYPROVIDEDTOYOUIN
WRITINGBYENTERASYS,ENTERASYSDISCLAIMSALLWARRANTIES,EITHEREXPRESSORIMPLIED,
INCLUDINGBUTNOTLIMITEDTOIMPLIEDWARRANTIESOFMERCHANTABILITY,SATISFACTORY
QUALITY,FITNESSFORAPARTICULARPURPOSE,TITLEANDNONINFRINGEMENTWITHRESPECTTOTHE
PROGRAM.IFIMPLIEDWARRANTIESMAYNOTBEDISCLAIMEDBYAPPLICABLELAW,THENANYIMPLIED
WARRANTIESARELIMITEDINDURATIONTOTHIRTY(30)DAYSAFTERDELIVERYOFTHEPROGRAMTO
YOU.
7. LIMITATIONOFLIABILITY. INNOEVENTSHALLENTERASYSORITSSUPPLIERSBELIABLEFORANY
DAMAGESWHATSOEVER(INCLUDING,WITHOUTLIMITATION,DAMAGESFORLOSSOFBUSINESS,
PROFITS,BUSINESSINTERRUPTION,LOSSOFBUSINESSINFORMATION,SPECIAL,INCIDENTAL,
CONSEQUENTIAL,ORRELIANCEDAMAGES,OROTHERLOSS)ARISINGOUTOFTHEUSEORINABILITYTO
USETHEPROGRAM,EVENIFENTERASYSHASBEENADVISEDOFTHEPOSSIBILITYOFSUCHDAMAGES.
THISFOREGOINGLIMITATIONSHALLAPPLYREGARDLESSOFTHECAUSEOFACTIONUNDERWHICH
DAMAGESARESOUGHT.
THECUMULATIVELIABILITYOFENTERASYSTOYOUFORALLCLAIMSRELATINGTOTHEPROGRAM,
INCONTRACT,TORTOROTHERWISE,SHALLNOTEXCEEDTHETOTALAMOUNTOFFEESPAIDTO
ENTERASYSBYYOUFORTHERIGHTSGRANTEDHEREIN.
8. AUDITRIGHTS. YouherebyacknowledgethattheintellectualpropertyrightsassociatedwiththeProgramare
ofcriticalvaluetoEnterasys,and,accordingly,Youherebyagreetomaintaincompletebooks,recordsandaccounts
showing(i)licensefeesdueandpaid,and(ii)theuse,copyinganddeploymentoftheProgram.Youalsograntto
Enterasysanditsauthorizedrepresentatives,uponreasonablenotice,therighttoauditandexamineduringYour
normalbusinesshours,Yourbooks,records,accountsandhardwaredevicesuponwhichtheProgrammaybedeployed
toverifycompliancewiththisAgreement,includingtheverificationofthelicensefeesdueandpaidEnterasysandthe
use,copyinganddeploymentoftheProgram.Enterasysrightofexaminationshallbeexercisedreasonably,ingood
faithandinamannercalculatedtonotunreasonablyinterferewithYourbusiness.Intheeventsuchauditdiscovers
noncompliancewiththisAgreement,includingcopiesoftheProgrammade,usedordeployedinbreachofthis
Agreement,YoushallpromptlypaytoEnterasystheappropriatelicensefees.Enterasysreservestheright,tobe
exercisedinitssolediscretionandwithoutpriornotice,toterminatethislicense,effectiveimmediately,forfailureto
complywiththisAgreement.Uponanysuchtermination,YoushallimmediatelyceasealluseoftheProgramandshall
returntoEnterasystheProgramandallcopiesoftheProgram.
9. OWNERSHIP. Thisisalicenseagreementandnotanagreementforsale.Youacknowledgeandagreethatthe
Programconstitutestradesecretsand/orcopyrightedmaterialofEnterasysand/oritssuppliers.Youagreeto
implementreasonablesecuritymeasurestoprotectsuchtradesecretsandcopyrightedmaterial.Allright,titleand
interestinandtotheProgramshallremainwithEnterasysand/oritssuppliers.Allrightsnotspecificallygrantedto
YoushallbereservedtoEnterasys.

iii

10. ENFORCEMENT. YouacknowledgeandagreethatanybreachofSections2,4,or9ofthisAgreementbyYoumay

causeEnterasysirreparabledamageforwhichrecoveryofmoneydamageswouldbeinadequate,andthatEnterasys
maybeentitledtoseektimelyinjunctiverelieftoprotectEnterasysrightsunderthisAgreementinadditiontoanyand
allremediesavailableatlaw.
11. ASSIGNMENT. Youmaynotassign,transferorsublicensethisAgreementoranyofYourrightsorobligations
underthisAgreement,exceptthatYoumayassignthisAgreementtoanypersonorentitywhichacquiressubstantially
allofYourstockassets.EnterasysmayassignthisAgreementinitssolediscretion.ThisAgreementshallbebinding
uponandinuretothebenefitoftheparties,theirlegalrepresentatives,permittedtransferees,successorsandassignsas
permittedbythisAgreement.Anyattemptedassignment,transferorsublicenseinviolationofthetermsofthis
AgreementshallbevoidandabreachofthisAgreement.
12. WAIVER. AwaiverbyEnterasysofabreachofanyofthetermsandconditionsofthisAgreementmustbein
writingandwillnotbeconstruedasawaiverofanysubsequentbreachofsuchtermorcondition.Enterasysfailureto
enforceatermuponYourbreachofsuchtermshallnotbeconstruedasawaiverofYourbreachorpreventenforcement
onanyotheroccasion.
13. SEVERABILITY. IntheeventanyprovisionofthisAgreementisfoundtobeinvalid,illegalorunenforceable,the
validity,legalityandenforceabilityofanyoftheremainingprovisionsshallnotinanywaybeaffectedorimpaired
thereby,andthatprovisionshallbereformed,construedandenforcedtothemaximumextentpermissible.Anysuch
invalidity,illegality,orunenforceabilityinanyjurisdictionshallnotinvalidateorrenderillegalorunenforceablesuch
provisioninanyotherjurisdiction.
14. TERMINATION. EnterasysmayterminatethisAgreementimmediatelyuponYourbreachofanyoftheterms
andconditionsofthisAgreement.Uponanysuchtermination,YoushallimmediatelyceasealluseoftheProgramand
shallreturntoEnterasystheProgramandallcopiesoftheProgram.

Contents
About This Guide
Using This Guide ........................................................................................................................................... xxix
Structure of This Guide .................................................................................................................................. xxix
Related Documents ....................................................................................................................................... xxxi
Conventions Used in This Guide ................................................................................................................... xxxi
Getting Help .................................................................................................................................................. xxxii

Chapter 1: Introduction
Enterasys B5 CLI Overview ............................................................................................................................ 1-1
Switch Management Methods ........................................................................................................................ 1-1
Factory Default Settings ................................................................................................................................. 1-2
Using the Command Line Interface ................................................................................................................ 1-6
Starting a CLI Session ............................................................................................................................. 1-6
Logging In ................................................................................................................................................ 1-7
Navigating the Command Line Interface .................................................................................................. 1-8

Chapter 2: Configuring Switches in a Stack

About Enterasys B5 Switch Operation in a Stack ........................................................................................... 2-1
Installing a New Stackable System of Up to Eight Units ................................................................................ 2-2
Installing Previously-Configured Systems in a Stack ..................................................................................... 2-3
Adding a New Unit to an Existing Stack ......................................................................................................... 2-3
Creating a Virtual Switch Configuration .......................................................................................................... 2-3
Considerations About Using Clear Config in a Stack ..................................................................................... 2-4
Stacking Configuration and Management Commands ................................................................................... 2-5
Purpose .................................................................................................................................................... 2-5
Commands ............................................................................................................................................... 2-5
show switch ........................................................................................................................................ 2-5
show switch switchtype ...................................................................................................................... 2-6
show switch stack-ports...................................................................................................................... 2-7
set switch ............................................................................................................................................ 2-8
set switch copy-fw .............................................................................................................................. 2-9
set switch description ......................................................................................................................... 2-9
set switch movemanagement ........................................................................................................... 2-10
set switch member............................................................................................................................ 2-10
clear switch member......................................................................................................................... 2-11

Chapter 3: Basic Configuration

Quick Start Setup Commands ........................................................................................................................ 3-1
Setting User Accounts and Passwords .......................................................................................................... 3-2
Purpose .................................................................................................................................................... 3-2
Commands ............................................................................................................................................... 3-2
show system login .............................................................................................................................. 3-3
set system login .................................................................................................................................. 3-4
clear system login ............................................................................................................................... 3-4
set password ...................................................................................................................................... 3-5
set system password length ............................................................................................................... 3-6
set system password aging ................................................................................................................3-6
set system password history .............................................................................................................. 3-7
show system lockout .......................................................................................................................... 3-7
set system lockout .............................................................................................................................. 3-8

Setting Basic Switch Properties ...................................................................................................................... 3-9

Purpose .................................................................................................................................................... 3-9
Commands ............................................................................................................................................... 3-9
show ip address................................................................................................................................ 3-10
set ip address ................................................................................................................................... 3-10
clear ip address ................................................................................................................................ 3-11
show ip protocol................................................................................................................................ 3-12
set ip protocol ................................................................................................................................... 3-12
show ip route .................................................................................................................................... 3-13
show system..................................................................................................................................... 3-13
show system hardware..................................................................................................................... 3-15
show system utilization..................................................................................................................... 3-16
set system utilization ........................................................................................................................ 3-17
clear system utilization ..................................................................................................................... 3-17
set system temperature .................................................................................................................... 3-18
clear system temperature ................................................................................................................. 3-19
show time ......................................................................................................................................... 3-20
set time ............................................................................................................................................. 3-20
show summertime ............................................................................................................................ 3-21
set summertime ................................................................................................................................ 3-21
set summertime date ........................................................................................................................ 3-22
set summertime recurring ................................................................................................................. 3-22
clear summertime ............................................................................................................................. 3-23
set prompt......................................................................................................................................... 3-24
show banner motd ............................................................................................................................ 3-24
set banner motd................................................................................................................................ 3-25
clear banner motd............................................................................................................................. 3-25
show version..................................................................................................................................... 3-26
set system name .............................................................................................................................. 3-27
set system location ........................................................................................................................... 3-27
set system contact............................................................................................................................ 3-28
set width ........................................................................................................................................... 3-28
set length .......................................................................................................................................... 3-29
show logout ...................................................................................................................................... 3-29
set logout ......................................................................................................................................... 3-30
show console .................................................................................................................................... 3-30
set console baud .............................................................................................................................. 3-31
Downloading a Firmware Image ................................................................................................................... 3-31
Downloading from a TFTP Server .......................................................................................................... 3-32
Downloading via the Serial Port ............................................................................................................. 3-32
Reverting to a Previous Image ............................................................................................................... 3-33
Reviewing and Selecting a Boot Firmware Image ........................................................................................ 3-34
Purpose .................................................................................................................................................. 3-34
Commands ............................................................................................................................................. 3-34
show boot system ............................................................................................................................. 3-34
set boot system ................................................................................................................................ 3-35
Starting and Configuring Telnet .................................................................................................................... 3-36
Purpose .................................................................................................................................................. 3-36
Commands ............................................................................................................................................. 3-36
show telnet ....................................................................................................................................... 3-36
set telnet ........................................................................................................................................... 3-37
telnet................................................................................................................................................. 3-37
Managing Switch Configuration and Files .................................................................................................... 3-38
Configuration Persistence Mode ............................................................................................................ 3-38
Purpose .................................................................................................................................................. 3-38
Commands ............................................................................................................................................. 3-38
vi

show snmp persistmode ................................................................................................................... 3-39

set snmp persistmode ...................................................................................................................... 3-40
save config ....................................................................................................................................... 3-40
dir...................................................................................................................................................... 3-41
show file............................................................................................................................................ 3-42
show config....................................................................................................................................... 3-43
configure ........................................................................................................................................... 3-44
copy .................................................................................................................................................. 3-44
delete................................................................................................................................................ 3-45
show tftp settings.............................................................................................................................. 3-45
set tftp timeout .................................................................................................................................. 3-46
clear tftp timeout ............................................................................................................................... 3-47
set tftp retry....................................................................................................................................... 3-47
clear tftp retry.................................................................................................................................... 3-48
Clearing and Closing the CLI ........................................................................................................................ 3-48
Purpose .................................................................................................................................................. 3-48
Commands ............................................................................................................................................. 3-48
cls (clear screen) .............................................................................................................................. 3-48
exit .................................................................................................................................................... 3-49
Resetting the Switch ..................................................................................................................................... 3-49
Purpose .................................................................................................................................................. 3-49
Commands ............................................................................................................................................. 3-49
reset.................................................................................................................................................. 3-50
clear config ....................................................................................................................................... 3-50
Using and Configuring WebView .................................................................................................................. 3-51
Purpose .................................................................................................................................................. 3-51
Commands ............................................................................................................................................. 3-51
show webview .................................................................................................................................. 3-52
set webview ...................................................................................................................................... 3-52
show ssl............................................................................................................................................ 3-53
set ssl ............................................................................................................................................... 3-53
Gathering Technical Support Information ..................................................................................................... 3-54
Purpose .................................................................................................................................................. 3-54
Command ............................................................................................................................................... 3-54
show support .................................................................................................................................... 3-54

Chapter 4: Configuring System Power and PoE

Power Management ....................................................................................................................................... 4-1
Management of PoE Power to PDs ......................................................................................................... 4-1
Commands ..................................................................................................................................................... 4-2
show inlinepower ................................................................................................................................ 4-2
set inlinepower threshold.................................................................................................................... 4-3
set inlinepower trap ............................................................................................................................ 4-4
set inlinepower detectionmode ........................................................................................................... 4-4
show port inlinepower ......................................................................................................................... 4-5
set port inlinepower ............................................................................................................................ 4-6
set inlinepower management.............................................................................................................. 4-7

Chapter 5: Transmit Queue Monitoring Configuration

Transmit Queue Monitoring Overview ............................................................................................................ 5-1
Commands ..................................................................................................................................................... 5-1
set txqmonitor ..................................................................................................................................... 5-2
set txqmonitor downtime..................................................................................................................... 5-2
set txqmonitor minrate ........................................................................................................................ 5-3
set txqmonitor threshold ..................................................................................................................... 5-3

vii

clear txqmonitor .................................................................................................................................. 5-4

show txqmonitor ................................................................................................................................. 5-5
show txqmonitor flowcontrol ............................................................................................................... 5-6
show txqmonitor port .......................................................................................................................... 5-6

Chapter 6: Discovery Protocol Configuration

Configuring CDP ............................................................................................................................................. 6-1
Purpose .................................................................................................................................................... 6-1
Commands ............................................................................................................................................... 6-1
show cdp ............................................................................................................................................ 6-2
set cdp state ....................................................................................................................................... 6-3
set cdp auth ........................................................................................................................................ 6-4
set cdp interval ................................................................................................................................... 6-4
set cdp hold-time ................................................................................................................................ 6-5
clear cdp ............................................................................................................................................. 6-5
show neighbors .................................................................................................................................. 6-6
Configuring Cisco Discovery Protocol ............................................................................................................ 6-7
Purpose .................................................................................................................................................... 6-7
Commands ............................................................................................................................................... 6-7
show ciscodp ...................................................................................................................................... 6-7
show ciscodp port info ........................................................................................................................ 6-8
set ciscodp status ............................................................................................................................... 6-9
set ciscodp timer................................................................................................................................. 6-9
set ciscodp holdtime ......................................................................................................................... 6-10
set ciscodp port ................................................................................................................................ 6-10
clear ciscodp..................................................................................................................................... 6-12
Configuring Link Layer Discovery Protocol and LLDP-MED ........................................................................ 6-13
Overview ................................................................................................................................................ 6-13
Configuration Tasks ............................................................................................................................... 6-13
Commands ............................................................................................................................................. 6-14
show lldp........................................................................................................................................... 6-15
show lldp port status......................................................................................................................... 6-15
show lldp port trap ............................................................................................................................ 6-16
show lldp port tx-tlv........................................................................................................................... 6-17
show lldp port location-info ............................................................................................................... 6-17
show lldp port local-info .................................................................................................................... 6-18
show lldp port remote-info ................................................................................................................ 6-21
show lldp port network-policy ........................................................................................................... 6-22
set lldp tx-interval.............................................................................................................................. 6-23
set lldp hold-multiplier ....................................................................................................................... 6-24
set lldp trap-interval .......................................................................................................................... 6-24
set lldp med-fast-repeat .................................................................................................................... 6-25
set lldp port status ............................................................................................................................ 6-25
set lldp port trap................................................................................................................................ 6-26
set lldp port med-trap........................................................................................................................ 6-26
set lldp port location-info................................................................................................................... 6-27
set lldp port tx-tlv .............................................................................................................................. 6-28
set lldp port network-policy ............................................................................................................... 6-29
clear lldp ........................................................................................................................................... 6-31
clear lldp port status ......................................................................................................................... 6-31
clear lldp port trap ............................................................................................................................. 6-32
clear lldp port med-trap..................................................................................................................... 6-32
clear lldp port location-info................................................................................................................ 6-33
clear lldp port network-policy ............................................................................................................ 6-33
clear lldp port tx-tlv ........................................................................................................................... 6-34

viii

Chapter 7: Port Configuration

Port Configuration Summary .......................................................................................................................... 7-1
Port String Syntax Used in the CLI .......................................................................................................... 7-1
Reviewing Port Status .................................................................................................................................... 7-2
Purpose .................................................................................................................................................... 7-2
Commands ............................................................................................................................................... 7-2
show port ............................................................................................................................................ 7-3
show port status ................................................................................................................................. 7-3
show port counters ............................................................................................................................. 7-4
clear port counters.............................................................................................................................. 7-6
show port cablestatus......................................................................................................................... 7-6
Disabling / Enabling and Naming Ports .......................................................................................................... 7-7
Purpose .................................................................................................................................................... 7-7
Commands ............................................................................................................................................... 7-7
set port disable ................................................................................................................................... 7-8
set port enable.................................................................................................................................... 7-8
show port alias.................................................................................................................................... 7-9
set port alias ....................................................................................................................................... 7-9
Setting Speed and Duplex Mode .................................................................................................................. 7-11
Purpose .................................................................................................................................................. 7-11
Commands ............................................................................................................................................. 7-11
show port speed ............................................................................................................................... 7-11
set port speed................................................................................................................................... 7-12
show port duplex .............................................................................................................................. 7-12
set port duplex .................................................................................................................................. 7-13
Enabling / Disabling Jumbo Frame Support ................................................................................................. 7-14
Purpose .................................................................................................................................................. 7-14
Commands ............................................................................................................................................. 7-14
show port jumbo ............................................................................................................................... 7-14
set port jumbo................................................................................................................................... 7-15
clear port jumbo ................................................................................................................................ 7-15
Setting Auto-Negotiation and Advertised Ability ........................................................................................... 7-16
Purpose .................................................................................................................................................. 7-16
Commands ............................................................................................................................................. 7-16
show port negotiation ....................................................................................................................... 7-16
set port negotiation ........................................................................................................................... 7-17
show port advertise .......................................................................................................................... 7-17
set port advertise .............................................................................................................................. 7-18
clear port advertise ........................................................................................................................... 7-19
show port mdix ................................................................................................................................. 7-20
set port mdix ..................................................................................................................................... 7-20
Setting Flow Control ..................................................................................................................................... 7-22
Purpose .................................................................................................................................................. 7-22
Commands ............................................................................................................................................. 7-22
show flowcontrol ............................................................................................................................... 7-22
set flowcontrol................................................................................................................................... 7-22
Setting Port Link Traps and Link Flap Detection .......................................................................................... 7-24
Purpose .................................................................................................................................................. 7-24
Commands ............................................................................................................................................. 7-24
show port trap................................................................................................................................... 7-24
set port trap ...................................................................................................................................... 7-25
show linkflap ..................................................................................................................................... 7-25
set linkflap globalstate ...................................................................................................................... 7-28
set linkflap portstate.......................................................................................................................... 7-28
set linkflap interval ............................................................................................................................ 7-29

set linkflap action .............................................................................................................................. 7-29

clear linkflap action ........................................................................................................................... 7-30
set linkflap threshold......................................................................................................................... 7-30
set linkflap downtime ........................................................................................................................ 7-31
clear linkflap down ............................................................................................................................ 7-31
clear linkflap...................................................................................................................................... 7-32
show newaddrtrap ............................................................................................................................ 7-33
set newaddrtrap................................................................................................................................ 7-33
Configuring Broadcast Suppression ............................................................................................................. 7-35
Purpose .................................................................................................................................................. 7-35
Commands ............................................................................................................................................. 7-35
show port broadcast ......................................................................................................................... 7-35
set port broadcast............................................................................................................................. 7-36
clear port broadcast.......................................................................................................................... 7-36
Port Mirroring ................................................................................................................................................ 7-38
Mirroring Features .................................................................................................................................. 7-38
Remote Port Mirroring ............................................................................................................................ 7-38
Configuring SMON MIB Port Mirroring ................................................................................................... 7-39
Purpose .................................................................................................................................................. 7-40
Commands ............................................................................................................................................. 7-40
show port mirroring........................................................................................................................... 7-40
set port mirroring .............................................................................................................................. 7-41
clear port mirroring ........................................................................................................................... 7-42
set mirror vlan ................................................................................................................................... 7-42
clear mirror vlan ................................................................................................................................ 7-43
Link Aggregation Control Protocol (LACP) ................................................................................................... 7-44
LACP Operation ..................................................................................................................................... 7-44
LACP Terminology ................................................................................................................................. 7-45
Enterasys B5 Usage Considerations ..................................................................................................... 7-45
Commands ............................................................................................................................................. 7-46
show lacp.......................................................................................................................................... 7-47
set lacp ............................................................................................................................................. 7-48
set lacp asyspri................................................................................................................................. 7-49
set lacp aadminkey........................................................................................................................... 7-49
clear lacp .......................................................................................................................................... 7-50
set lacp static.................................................................................................................................... 7-50
clear lacp static ................................................................................................................................. 7-51
set lacp singleportlag........................................................................................................................ 7-52
clear lacp singleportlag..................................................................................................................... 7-52
show port lacp .................................................................................................................................. 7-53
set port lacp ...................................................................................................................................... 7-54
clear port lacp ................................................................................................................................... 7-56
Configuring Protected Ports ......................................................................................................................... 7-58
Protected Port Operation ....................................................................................................................... 7-58
Commands ............................................................................................................................................. 7-58
set port protected.............................................................................................................................. 7-58
show port protected .......................................................................................................................... 7-59
clear port protected........................................................................................................................... 7-59
set port protected name.................................................................................................................... 7-60
show port protected name ................................................................................................................ 7-60
clear port protected name................................................................................................................. 7-61

Chapter 8: SNMP Configuration

SNMP Configuration Summary ...................................................................................................................... 8-1
SNMPv1 and SNMPv2c ........................................................................................................................... 8-2

SNMPv3 ................................................................................................................................................... 8-2

About SNMP Security Models and Levels ............................................................................................... 8-2
Using SNMP Contexts to Access Specific MIBs ...................................................................................... 8-3
Configuration Considerations ................................................................................................................... 8-3
Reviewing SNMP Statistics ............................................................................................................................ 8-3
Purpose .................................................................................................................................................... 8-3
Commands ............................................................................................................................................... 8-4
show snmp engineid........................................................................................................................... 8-4
show snmp counters........................................................................................................................... 8-5
Configuring SNMP Users, Groups, and Communities .................................................................................... 8-8
Purpose .................................................................................................................................................... 8-8
Commands ............................................................................................................................................... 8-8
show snmp user ................................................................................................................................. 8-8
set snmp user ..................................................................................................................................... 8-9
clear snmp user ................................................................................................................................ 8-11
show snmp group ............................................................................................................................. 8-11
set snmp group ................................................................................................................................. 8-12
clear snmp group .............................................................................................................................. 8-13
show snmp community ..................................................................................................................... 8-13
set snmp community......................................................................................................................... 8-14
clear snmp community...................................................................................................................... 8-15
Configuring SNMP Access Rights ................................................................................................................ 8-15
Purpose .................................................................................................................................................. 8-15
Commands ............................................................................................................................................. 8-16
show snmp access ........................................................................................................................... 8-16
set snmp access............................................................................................................................... 8-18
clear snmp access............................................................................................................................ 8-19
Configuring SNMP MIB Views ...................................................................................................................... 8-19
Purpose .................................................................................................................................................. 8-19
Commands ............................................................................................................................................. 8-19
show snmp view ............................................................................................................................... 8-20
show snmp context........................................................................................................................... 8-21
set snmp view................................................................................................................................... 8-21
clear snmp view................................................................................................................................ 8-22
Configuring SNMP Target Parameters ......................................................................................................... 8-23
Purpose .................................................................................................................................................. 8-23
Commands ............................................................................................................................................. 8-23
show snmp targetparams ................................................................................................................. 8-23
set snmp targetparams..................................................................................................................... 8-24
clear snmp targetparams.................................................................................................................. 8-25
Configuring SNMP Target Addresses .......................................................................................................... 8-26
Purpose .................................................................................................................................................. 8-26
Commands ............................................................................................................................................. 8-26
show snmp targetaddr ...................................................................................................................... 8-26
set snmp targetaddr.......................................................................................................................... 8-27
clear snmp targetaddr....................................................................................................................... 8-28
Configuring SNMP Notification Parameters ................................................................................................. 8-29
About SNMP Notify Filters ..................................................................................................................... 8-29
Purpose .................................................................................................................................................. 8-29
Commands ............................................................................................................................................. 8-29
show snmp notify .............................................................................................................................. 8-30
set snmp notify ................................................................................................................................. 8-31
clear snmp notify .............................................................................................................................. 8-31
show snmp notifyfilter ....................................................................................................................... 8-32
set snmp notifyfilter........................................................................................................................... 8-33
clear snmp notifyfilter........................................................................................................................ 8-33
xi

show snmp notifyprofile .................................................................................................................... 8-34

set snmp notifyprofile........................................................................................................................ 8-35
clear snmp notifyprofile..................................................................................................................... 8-35
Creating a Basic SNMP Trap Configuration ................................................................................................. 8-36
Example ................................................................................................................................................. 8-37
Configuring the SNMP Management Interface ............................................................................................. 8-38
Purpose .................................................................................................................................................. 8-38
Commands ............................................................................................................................................. 8-38
show snmp interface......................................................................................................................... 8-38
set snmp interface ............................................................................................................................ 8-38
clear snmp interface ......................................................................................................................... 8-40

Chapter 9: Spanning Tree Configuration

Spanning Tree Configuration Summary ......................................................................................................... 9-1
Overview: Single, Rapid, and Multiple Spanning Tree Protocols ............................................................. 9-1
Spanning Tree Features .......................................................................................................................... 9-2
Loop Protect ............................................................................................................................................. 9-2
Configuring Spanning Tree Bridge Parameters .............................................................................................. 9-3
Purpose .................................................................................................................................................... 9-3
Commands ............................................................................................................................................... 9-4
show spantree stats............................................................................................................................ 9-5
set spantree........................................................................................................................................ 9-7
show spantree version........................................................................................................................ 9-7
set spantree version ........................................................................................................................... 9-8
clear spantree version ........................................................................................................................ 9-9
show spantree bpdu-forwarding ......................................................................................................... 9-9
set spantree bpdu-forwarding........................................................................................................... 9-10
show spantree bridgeprioritymode ................................................................................................... 9-10
set spantree bridgeprioritymode ....................................................................................................... 9-11
clear spantree bridgeprioritymode .................................................................................................... 9-11
show spantree mstilist ...................................................................................................................... 9-12
set spantree msti .............................................................................................................................. 9-12
clear spantree msti ........................................................................................................................... 9-13
show spantree mstmap .................................................................................................................... 9-13
set spantree mstmap ........................................................................................................................ 9-14
clear spantree mstmap ..................................................................................................................... 9-14
show spantree vlanlist ...................................................................................................................... 9-15
show spantree mstcfgid .................................................................................................................... 9-15
set spantree mstcfgid ....................................................................................................................... 9-16
clear spantree mstcfgid .................................................................................................................... 9-16
set spantree priority .......................................................................................................................... 9-17
clear spantree priority ....................................................................................................................... 9-17
set spantree hello ............................................................................................................................. 9-18
clear spantree hello .......................................................................................................................... 9-18
set spantree maxage ........................................................................................................................ 9-19
clear spantree maxage ..................................................................................................................... 9-20
set spantree fwddelay....................................................................................................................... 9-20
clear spantree fwddelay.................................................................................................................... 9-21
show spantree backuproot ............................................................................................................... 9-21
set spantree backuproot ................................................................................................................... 9-22
clear spantree backuproot ................................................................................................................ 9-22
show spantree tctrapsuppress.......................................................................................................... 9-23
set spantree tctrapsuppress ............................................................................................................. 9-23
clear spantree tctrapsuppress .......................................................................................................... 9-24
set spantree protomigration .............................................................................................................. 9-24

xii

show spantree spanguard ................................................................................................................ 9-25

set spantree spanguard .................................................................................................................... 9-25
clear spantree spanguard ................................................................................................................. 9-26
show spantree spanguardtimeout .................................................................................................... 9-27
set spantree spanguardtimeout ........................................................................................................ 9-27
clear spantree spanguardtimeout ..................................................................................................... 9-28
show spantree spanguardlock .......................................................................................................... 9-28
clear / set spantree spanguardlock................................................................................................... 9-29
show spantree spanguardtrapenable ............................................................................................... 9-29
set spantree spanguardtrapenable ................................................................................................... 9-30
clear spantree spanguardtrapenable ................................................................................................ 9-30
show spantree legacypathcost ......................................................................................................... 9-31
set spantree legacypathcost............................................................................................................. 9-31
clear spantree legacypathcost .......................................................................................................... 9-32
show spantree autoedge .................................................................................................................. 9-32
set spantree autoedge...................................................................................................................... 9-32
clear spantree autoedge................................................................................................................... 9-33
Configuring Spanning Tree Port Parameters ............................................................................................... 9-34
Purpose .................................................................................................................................................. 9-34
Commands ............................................................................................................................................. 9-34
set spantree portadmin..................................................................................................................... 9-34
clear spantree portadmin.................................................................................................................. 9-35
show spantree portadmin ................................................................................................................. 9-35
show spantree portpri ....................................................................................................................... 9-36
set spantree portpri........................................................................................................................... 9-36
clear spantree portpri........................................................................................................................ 9-37
show spantree adminpathcost .......................................................................................................... 9-38
set spantree adminpathcost ............................................................................................................. 9-38
clear spantree adminpathcost .......................................................................................................... 9-39
show spantree adminedge ............................................................................................................... 9-39
set spantree adminedge ................................................................................................................... 9-40
clear spantree adminedge ................................................................................................................ 9-40
show spantree operedge .................................................................................................................. 9-41
Configuring Spanning Tree Loop Protect Parameters .................................................................................. 9-42
Purpose .................................................................................................................................................. 9-42
Commands ............................................................................................................................................. 9-42
set spantree lp .................................................................................................................................. 9-43
show spantree lp .............................................................................................................................. 9-43
clear spantree lp ............................................................................................................................... 9-44
show spantree lplock ........................................................................................................................ 9-44
clear spantree lplock......................................................................................................................... 9-45
set spantree lpcapablepartner .......................................................................................................... 9-46
show spantree lpcapablepartner ...................................................................................................... 9-46
clear spantree lpcapablepartner ....................................................................................................... 9-47
set spantree lpthreshold ................................................................................................................... 9-47
show spantree lpthreshold................................................................................................................ 9-48
clear spantree lpthreshold ................................................................................................................ 9-48
set spantree lpwindow ...................................................................................................................... 9-49
show spantree lpwindow .................................................................................................................. 9-49
clear spantree lpwindow ................................................................................................................... 9-50
set spantree lptrapenable ................................................................................................................. 9-50
show spantree lptrapenable ............................................................................................................. 9-51
clear spantree lptrapenable .............................................................................................................. 9-51
set spantree disputedbpduthreshold ................................................................................................ 9-52
show spantree disputedbpduthreshold ............................................................................................. 9-53
clear spantree disputedbpduthreshold ............................................................................................. 9-53
xiii

show spantree nonforwardingreason ............................................................................................... 9-54

Chapter 10: 802.1Q VLAN Configuration

VLAN Configuration Summary ..................................................................................................................... 10-1
Port String Syntax Used in the CLI ........................................................................................................ 10-1
Creating a Secure Management VLAN .................................................................................................. 10-2
Viewing VLANs ............................................................................................................................................. 10-3
Purpose .................................................................................................................................................. 10-3
Command ............................................................................................................................................... 10-3
show vlan.......................................................................................................................................... 10-3
Creating and Naming Static VLANs ............................................................................................................. 10-5
Purpose .................................................................................................................................................. 10-5
Commands ............................................................................................................................................. 10-5
set vlan ............................................................................................................................................. 10-5
set vlan name ................................................................................................................................... 10-6
clear vlan .......................................................................................................................................... 10-6
clear vlan name ................................................................................................................................ 10-7
Assigning Port VLAN IDs (PVIDs) and Ingress Filtering .............................................................................. 10-8
Purpose .................................................................................................................................................. 10-8
Commands ............................................................................................................................................. 10-8
show port vlan .................................................................................................................................. 10-8
set port vlan ...................................................................................................................................... 10-9
clear port vlan ................................................................................................................................... 10-9
show port ingress-filter ................................................................................................................... 10-10
set port ingress-filter ....................................................................................................................... 10-11
show port discard ........................................................................................................................... 10-11
set port discard ............................................................................................................................... 10-12
Configuring the VLAN Egress List .............................................................................................................. 10-13
Purpose ................................................................................................................................................ 10-13
Commands ........................................................................................................................................... 10-13
show port egress ............................................................................................................................ 10-13
set vlan forbidden ........................................................................................................................... 10-14
set vlan egress ............................................................................................................................... 10-15
clear vlan egress ............................................................................................................................ 10-15
show vlan dynamicegress .............................................................................................................. 10-16
set vlan dynamicegress .................................................................................................................. 10-17
Setting the Host VLAN ................................................................................................................................ 10-18
Purpose ................................................................................................................................................ 10-18
Commands ........................................................................................................................................... 10-18
show host vlan................................................................................................................................ 10-18
set host vlan ................................................................................................................................... 10-18
clear host vlan ................................................................................................................................ 10-19
Enabling/Disabling GVRP (GARP VLAN Registration Protocol) ................................................................ 10-20
About GARP VLAN Registration Protocol (GVRP) .............................................................................. 10-20
Purpose ................................................................................................................................................ 10-21
Commands ........................................................................................................................................... 10-21
show gvrp ....................................................................................................................................... 10-22
show garp timer .............................................................................................................................. 10-22
set gvrp........................................................................................................................................... 10-23
clear gvrp ........................................................................................................................................ 10-24
set garp timer.................................................................................................................................. 10-25
clear garp timer............................................................................................................................... 10-25

xiv

Chapter 11: Policy Classification Configuration

Policy Classification Configuration Summary ............................................................................................... 11-1
Configuring Policy Profiles ............................................................................................................................ 11-2
Purpose .................................................................................................................................................. 11-2
Commands ............................................................................................................................................. 11-2
show policy profile ............................................................................................................................ 11-2
set policy profile ................................................................................................................................ 11-4
clear policy profile ............................................................................................................................. 11-5
Configuring Classification Rules ................................................................................................................... 11-6
Purpose .................................................................................................................................................. 11-6
Commands ............................................................................................................................................. 11-6
show policy rule ................................................................................................................................ 11-6
show policy capability ....................................................................................................................... 11-8
set policy rule.................................................................................................................................. 11-10
clear policy rule............................................................................................................................... 11-12
clear policy all-rules ........................................................................................................................ 11-13
Assigning Ports to Policy Profiles ............................................................................................................... 11-14
Purpose ................................................................................................................................................ 11-14
Commands ........................................................................................................................................... 11-14
set policy port ................................................................................................................................. 11-14
clear policy port .............................................................................................................................. 11-15
Configuring Policy Class of Service (CoS) ................................................................................................. 11-16
About Policy-Based CoS Configurations .............................................................................................. 11-16
About CoS-Based Flood Control .......................................................................................................... 11-18
Commands ........................................................................................................................................... 11-19
set cos state ................................................................................................................................... 11-19
show cos state................................................................................................................................ 11-20
clear cos state ................................................................................................................................ 11-20
set cos settings............................................................................................................................... 11-21
clear cos settings ............................................................................................................................ 11-22
show cos settings ........................................................................................................................... 11-22
set cos port-config .......................................................................................................................... 11-23
show cos port-config....................................................................................................................... 11-24
clear cos port-config ....................................................................................................................... 11-25
set cos port-resource irl .................................................................................................................. 11-26
set cos port-resource flood-ctrl ....................................................................................................... 11-27
show cos port-resource .................................................................................................................. 11-28
clear cos port-resource irl ............................................................................................................... 11-29
clear cos port-resource flood-ctrl .................................................................................................... 11-30
set cos reference ............................................................................................................................ 11-30
show cos reference ........................................................................................................................ 11-31
clear cos reference ......................................................................................................................... 11-32
show cos unit.................................................................................................................................. 11-33
clear cos all-entries......................................................................................................................... 11-33
show cos port-type ......................................................................................................................... 11-34

Chapter 12: Port Priority Configuration

Port Priority Configuration Summary ............................................................................................................ 12-1
Configuring Port Priority ............................................................................................................................... 12-2
Purpose .................................................................................................................................................. 12-2
Commands ............................................................................................................................................. 12-2
show port priority .............................................................................................................................. 12-2
set port priority.................................................................................................................................. 12-3
clear port priority............................................................................................................................... 12-3

Configuring Priority to Transmit Queue Mapping ......................................................................................... 12-4

Chapter 13: IGMP Configuration

IGMP Overview ............................................................................................................................................ 13-1
About IP Multicast Group Management ................................................................................................. 13-1
About Multicasting .................................................................................................................................. 13-2
Configuring IGMP at Layer 2 ........................................................................................................................ 13-2
Purpose .................................................................................................................................................. 13-2
Commands ............................................................................................................................................. 13-2
show igmpsnooping .......................................................................................................................... 13-3
set igmpsnooping adminmode.......................................................................................................... 13-3
set igmpsnooping interfacemode...................................................................................................... 13-4
set igmpsnooping groupmembershipinterval .................................................................................... 13-4
set igmpsnooping maxresponse ....................................................................................................... 13-5
set igmpsnooping mcrtrexpiretime.................................................................................................... 13-6
set igmpsnooping add-static ............................................................................................................. 13-6
set igmpsnooping remove-static ....................................................................................................... 13-7
show igmpsnooping static ................................................................................................................ 13-7
show igmpsnooping mfdb ................................................................................................................. 13-8
clear igmpsnooping .......................................................................................................................... 13-9
Configuring IGMP on Routing Interfaces .................................................................................................... 13-10
Purpose ................................................................................................................................................ 13-10
Commands ........................................................................................................................................... 13-10
ip igmp ............................................................................................................................................ 13-10
ip igmp enable ................................................................................................................................ 13-11
ip igmp version ............................................................................................................................... 13-11
show ip igmp interface .................................................................................................................... 13-12
show ip igmp groups....................................................................................................................... 13-13
ip igmp query-interval ..................................................................................................................... 13-13
ip igmp query-max-response-time .................................................................................................. 13-14
ip igmp startup-query-interval ......................................................................................................... 13-14
ip igmp startup-query-count ............................................................................................................13-15
ip igmp last-member-query-interval ................................................................................................ 13-15
ip igmp last-member-query-count ................................................................................................... 13-16
ip igmp robustness ......................................................................................................................... 13-16

Chapter 14: Logging and Network Management

Configuring System Logging ........................................................................................................................ 14-1
Purpose .................................................................................................................................................. 14-1
Commands ............................................................................................................................................. 14-1
show logging server.......................................................................................................................... 14-2
set logging server ............................................................................................................................. 14-3
clear logging server .......................................................................................................................... 14-4
show logging default......................................................................................................................... 14-4

xvi

set logging default ............................................................................................................................ 14-5

clear logging default ......................................................................................................................... 14-6
show logging application .................................................................................................................. 14-6
set logging application ...................................................................................................................... 14-7
clear logging application ................................................................................................................... 14-9
show logging local ............................................................................................................................ 14-9
set logging local.............................................................................................................................. 14-10
clear logging local........................................................................................................................... 14-10
show logging buffer ........................................................................................................................ 14-11
show logging interface.................................................................................................................... 14-11
set logging interface ....................................................................................................................... 14-12
clear logging interface .................................................................................................................... 14-13
Monitoring Network Events and Status ...................................................................................................... 14-14
Purpose ................................................................................................................................................ 14-14
Commands ........................................................................................................................................... 14-14
history ............................................................................................................................................. 14-14
show history.................................................................................................................................... 14-15
set history ....................................................................................................................................... 14-15
ping................................................................................................................................................. 14-16
show users ..................................................................................................................................... 14-16
disconnect ...................................................................................................................................... 14-17
show netstat ................................................................................................................................... 14-17
Managing Switch Network Addresses and Routes ..................................................................................... 14-19
Purpose ................................................................................................................................................ 14-19
Commands ........................................................................................................................................... 14-19
show arp ......................................................................................................................................... 14-19
set arp............................................................................................................................................. 14-20
clear arp.......................................................................................................................................... 14-21
traceroute ....................................................................................................................................... 14-21
show mac ....................................................................................................................................... 14-22
show mac agetime.......................................................................................................................... 14-23
set mac agetime ............................................................................................................................. 14-24
clear mac agetime .......................................................................................................................... 14-24
set mac algorithm ........................................................................................................................... 14-25
show mac algorithm........................................................................................................................ 14-25
clear mac algorithm ........................................................................................................................ 14-26
set mac multicast ............................................................................................................................ 14-26
clear mac address .......................................................................................................................... 14-27
show mac unreserved-flood ........................................................................................................... 14-28
set mac unreserved-flood ............................................................................................................... 14-28
Configuring Simple Network Time Protocol (SNTP) ................................................................................... 14-29
Purpose ................................................................................................................................................ 14-29
Commands ........................................................................................................................................... 14-29
show sntp ....................................................................................................................................... 14-29
set sntp client.................................................................................................................................. 14-31
clear sntp client............................................................................................................................... 14-31
set sntp server ................................................................................................................................ 14-32
clear sntp server ............................................................................................................................. 14-32
set sntp poll-interval........................................................................................................................ 14-33
clear sntp poll-interval..................................................................................................................... 14-33
set sntp poll-retry ............................................................................................................................ 14-34
clear sntp poll-retry ......................................................................................................................... 14-34
set sntp poll-timeout ....................................................................................................................... 14-35
clear sntp poll-timeout .................................................................................................................... 14-35
set timezone ................................................................................................................................... 14-36
show sntp interface......................................................................................................................... 14-37
xvii

set sntp interface ............................................................................................................................ 14-37

clear sntp interface ......................................................................................................................... 14-38
Configuring Node Aliases ........................................................................................................................... 14-39
Purpose ................................................................................................................................................ 14-39
Commands ........................................................................................................................................... 14-39
show nodealias config .................................................................................................................... 14-39
set nodealias .................................................................................................................................. 14-40
clear nodealias config ..................................................................................................................... 14-41

Chapter 15: RMON Configuration

RMON Monitoring Group Functions ............................................................................................................. 15-1
Design Considerations ................................................................................................................................. 15-2
Statistics Group Commands ......................................................................................................................... 15-3
Purpose .................................................................................................................................................. 15-3
Commands ............................................................................................................................................. 15-3
show rmon stats ............................................................................................................................... 15-4
set rmon stats ................................................................................................................................... 15-4
clear rmon stats ................................................................................................................................ 15-5
History Group Commands ............................................................................................................................ 15-6
Purpose .................................................................................................................................................. 15-6
Commands ............................................................................................................................................. 15-6
show rmon history ............................................................................................................................ 15-6
set rmon history ................................................................................................................................ 15-7
clear rmon history ............................................................................................................................. 15-7
Alarm Group Commands .............................................................................................................................. 15-9
Purpose .................................................................................................................................................. 15-9
Commands ............................................................................................................................................. 15-9
show rmon alarm .............................................................................................................................. 15-9
set rmon alarm properties............................................................................................................... 15-10
set rmon alarm status ..................................................................................................................... 15-11
clear rmon alarm............................................................................................................................. 15-12
Event Group Commands ............................................................................................................................ 15-13
Purpose ................................................................................................................................................ 15-13
Commands ........................................................................................................................................... 15-13
show rmon event ............................................................................................................................ 15-13
set rmon event properties ............................................................................................................... 15-14
set rmon event status ..................................................................................................................... 15-15
clear rmon event............................................................................................................................. 15-15
Filter Group Commands ............................................................................................................................. 15-17
Commands ........................................................................................................................................... 15-17
show rmon channel ........................................................................................................................ 15-17
set rmon channel ............................................................................................................................ 15-18
clear rmon channel ......................................................................................................................... 15-19
show rmon filter .............................................................................................................................. 15-19
set rmon filter .................................................................................................................................. 15-20
clear rmon filter ............................................................................................................................... 15-21
Packet Capture Commands ....................................................................................................................... 15-22
Purpose ................................................................................................................................................ 15-22
Commands ........................................................................................................................................... 15-22
show rmon capture ......................................................................................................................... 15-22
set rmon capture............................................................................................................................. 15-23
clear rmon capture.......................................................................................................................... 15-24

xviii

Chapter 16: DHCP Server Configuration

DHCP Overview ........................................................................................................................................... 16-1
DHCP Relay Agent ................................................................................................................................ 16-1
DHCP Server ......................................................................................................................................... 16-1
Configuring a DHCP Server ................................................................................................................... 16-2
Configuring General DHCP Server Parameters ........................................................................................... 16-3
Purpose .................................................................................................................................................. 16-3
Commands ............................................................................................................................................. 16-3
set dhcp ............................................................................................................................................ 16-4
set dhcp bootp .................................................................................................................................. 16-4
set dhcp conflict logging ................................................................................................................... 16-5
show dhcp conflict ............................................................................................................................ 16-5
clear dhcp conflict............................................................................................................................. 16-6
set dhcp exclude............................................................................................................................... 16-7
clear dhcp exclude............................................................................................................................ 16-7
set dhcp ping .................................................................................................................................... 16-8
clear dhcp ping ................................................................................................................................. 16-8
show dhcp binding............................................................................................................................ 16-9
clear dhcp binding ............................................................................................................................ 16-9
show dhcp server statistics............................................................................................................. 16-10
clear dhcp server statistics ............................................................................................................. 16-11
Configuring IP Address Pools ..................................................................................................................... 16-12
Manual Pool Configuration Considerations .......................................................................................... 16-12
Purpose ................................................................................................................................................ 16-12
Commands ........................................................................................................................................... 16-12
set dhcp pool .................................................................................................................................. 16-13
clear dhcp pool ............................................................................................................................... 16-14
set dhcp pool network..................................................................................................................... 16-14
clear dhcp pool network.................................................................................................................. 16-15
set dhcp pool hardware-address .................................................................................................... 16-15
clear dhcp pool hardware-address ................................................................................................. 16-16
set dhcp pool host .......................................................................................................................... 16-16
clear dhcp pool host ....................................................................................................................... 16-17
set dhcp pool client-identifier .......................................................................................................... 16-17
clear dhcp pool client-identifier ....................................................................................................... 16-18
set dhcp pool client-name............................................................................................................... 16-19
clear dhcp pool client-name............................................................................................................16-19
set dhcp pool bootfile...................................................................................................................... 16-20
clear dhcp pool bootfile................................................................................................................... 16-20
set dhcp pool next-server ............................................................................................................... 16-21
clear dhcp pool next-server ............................................................................................................16-21
set dhcp pool lease......................................................................................................................... 16-22
clear dhcp pool lease...................................................................................................................... 16-22
set dhcp pool default-router ............................................................................................................16-23
clear dhcp pool default-router......................................................................................................... 16-23
set dhcp pool dns-server ................................................................................................................ 16-24
clear dhcp pool dns-server ............................................................................................................. 16-24
set dhcp pool domain-name ........................................................................................................... 16-25
clear dhcp pool domain-name ........................................................................................................ 16-25
set dhcp pool netbios-name-server ................................................................................................ 16-26
clear dhcp pool netbios-name-server ............................................................................................. 16-26
set dhcp pool netbios-node-type .................................................................................................... 16-27
clear dhcp pool netbios-node-type ................................................................................................. 16-27
set dhcp pool option ....................................................................................................................... 16-28
clear dhcp pool option .................................................................................................................... 16-29

xix

show dhcp pool configuration ......................................................................................................... 16-29

Chapter 17: DHCP Snooping and Dynamic ARP Inspection

DHCP Snooping Overview ........................................................................................................................... 17-1
DHCP Message Processing ................................................................................................................... 17-1
Building and Maintaining the Database .................................................................................................. 17-2
Rate Limiting .......................................................................................................................................... 17-3
Basic Configuration ................................................................................................................................ 17-3
DHCP Snooping Commands ........................................................................................................................ 17-4
set dhcpsnooping ............................................................................................................................. 17-4
set dhcpsnooping vlan...................................................................................................................... 17-5
set dhcpsnooping database write-delay ........................................................................................... 17-5
set dhcpsnooping trust ..................................................................................................................... 17-6
set dhcpsnooping binding ................................................................................................................. 17-7
set dhcpsnooping verify .................................................................................................................... 17-7
set dhcpsnooping log-invalid ............................................................................................................ 17-8
set dhcpsnooping limit ...................................................................................................................... 17-9
show dhcpsnooping ........................................................................................................................ 17-10
show dhcpsnooping database ........................................................................................................ 17-11
show dhcpsnooping port................................................................................................................. 17-11
show dhcpsnooping binding ........................................................................................................... 17-12
show dhcpsnooping statistics ......................................................................................................... 17-13
clear dhcpsnooping binding ............................................................................................................17-14
clear dhcpsnooping statistics.......................................................................................................... 17-14
clear dhcpsnooping database......................................................................................................... 17-14
clear dhcpsnooping limit ................................................................................................................. 17-15
Dynamic ARP Inspection Overview ............................................................................................................ 17-16
Functional Description .......................................................................................................................... 17-16
Basic Configuration .............................................................................................................................. 17-18
Example Configuration ......................................................................................................................... 17-19
Dynamic ARP Inspection Commands ........................................................................................................ 17-20
set arpinspection vlan ..................................................................................................................... 17-20
set arpinspection trust .................................................................................................................... 17-21
set arpinspection validate ............................................................................................................... 17-22
set arpinspection limit ..................................................................................................................... 17-23
set arpinspection filter..................................................................................................................... 17-24
show arpinspection access-list ....................................................................................................... 17-24
show arpinspection ports................................................................................................................ 17-25
show arpinspection vlan ................................................................................................................. 17-26
show arpinspection statistics .......................................................................................................... 17-26
clear arpinspection validate ............................................................................................................17-27
clear arpinspection vlan .................................................................................................................. 17-28
clear arpinspection filter.................................................................................................................. 17-29
clear arpinspection limit .................................................................................................................. 17-30
clear arpinspection statistics........................................................................................................... 17-31

Chapter 18: Preparing for Router Mode

Pre-Routing Configuration Tasks ................................................................................................................. 18-1
Example ................................................................................................................................................. 18-2
Enabling Router Configuration Modes .......................................................................................................... 18-2

Chapter 19: IP Configuration

Configuring Routing Interface Settings ......................................................................................................... 19-1
Purpose .................................................................................................................................................. 19-1
Commands ............................................................................................................................................. 19-1
xx

show interface .................................................................................................................................. 19-2

interface............................................................................................................................................ 19-2
show ip interface............................................................................................................................... 19-4
ip address ......................................................................................................................................... 19-5
no shutdown ..................................................................................................................................... 19-6
no ip routing...................................................................................................................................... 19-6
show running-config ......................................................................................................................... 19-7
Reviewing and Configuring the ARP Table .................................................................................................. 19-8
Purpose .................................................................................................................................................. 19-8
Commands ............................................................................................................................................. 19-8
show ip arp ....................................................................................................................................... 19-8
arp .................................................................................................................................................... 19-9
ip proxy-arp..................................................................................................................................... 19-10
arp timeout...................................................................................................................................... 19-11
clear arp-cache ............................................................................................................................... 19-11
Configuring Broadcast Settings .................................................................................................................. 19-12
Purpose ................................................................................................................................................ 19-12
Commands ........................................................................................................................................... 19-12
ip directed-broadcast ...................................................................................................................... 19-12
ip forward-protocol.......................................................................................................................... 19-13
ip helper-address ............................................................................................................................ 19-14
Reviewing IP Traffic and Configuring Routes ............................................................................................. 19-15
Purpose ................................................................................................................................................ 19-15
Commands ........................................................................................................................................... 19-15
show ip route .................................................................................................................................. 19-15
ip route............................................................................................................................................ 19-16
ping................................................................................................................................................. 19-17
traceroute ....................................................................................................................................... 19-17
Configuring ICMP Redirects ....................................................................................................................... 19-18
Purpose ................................................................................................................................................ 19-18
Commands ........................................................................................................................................... 19-18
ip icmp redirect enable ................................................................................................................... 19-18
show ip icmp redirect...................................................................................................................... 19-19

Chapter 20: IPv4 Routing Protocol Configuration

Configuring RIP ........................................................................................................................................... 20-1
RIP Configuration Task List and Commands ......................................................................................... 20-1
Router Configuration Commands ........................................................................................................... 20-2
router rip ........................................................................................................................................... 20-2
distance ............................................................................................................................................ 20-3
no auto-summary.............................................................................................................................. 20-4
split-horizon poison........................................................................................................................... 20-4
passive-interface .............................................................................................................................. 20-5
receive-interface ............................................................................................................................... 20-6
redistribute........................................................................................................................................ 20-6
Interface Configuration Commands ....................................................................................................... 20-7
ip rip enable ...................................................................................................................................... 20-7
ip rip send version ............................................................................................................................ 20-8
ip rip receive version......................................................................................................................... 20-8
ip rip authentication-key.................................................................................................................... 20-9
ip rip message-digest-key................................................................................................................. 20-9
Configuring IRDP ........................................................................................................................................ 20-11
Purpose ................................................................................................................................................ 20-11
Commands ........................................................................................................................................... 20-11
ip irdp enable .................................................................................................................................. 20-11

xxi

ip irdp maxadvertinterval ................................................................................................................ 20-12

ip irdp minadvertinterval ................................................................................................................. 20-12
ip irdp holdtime ............................................................................................................................... 20-13
ip irdp preference............................................................................................................................ 20-13
ip irdp broadcast ............................................................................................................................. 20-14
show ip irdp .................................................................................................................................... 20-14

Chapter 21: IPv6 Management

Chapter 22: Authentication and Authorization Configuration

Overview of Authentication and Authorization Methods ............................................................................... 22-1
RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment ...................................................... 22-3
Setting the Authentication Login Method ...................................................................................................... 22-4
Purpose .................................................................................................................................................. 22-4
Commands ............................................................................................................................................. 22-4
show authentication login ................................................................................................................. 22-4
set authentication login..................................................................................................................... 22-5
clear authentication login.................................................................................................................. 22-5
Configuring RADIUS ..................................................................................................................................... 22-6
Purpose .................................................................................................................................................. 22-6
Commands ............................................................................................................................................. 22-6
show radius ...................................................................................................................................... 22-6
set radius .......................................................................................................................................... 22-8
clear radius ....................................................................................................................................... 22-9
show radius accounting .................................................................................................................. 22-10
set radius accounting...................................................................................................................... 22-11
clear radius accounting................................................................................................................... 22-12
show radius interface...................................................................................................................... 22-12
set radius interface ......................................................................................................................... 22-13
clear radius interface ...................................................................................................................... 22-14
Configuring 802.1X Authentication ............................................................................................................. 22-15
Purpose ................................................................................................................................................ 22-15
Commands ........................................................................................................................................... 22-15
show dot1x ..................................................................................................................................... 22-15
show dot1x auth-config................................................................................................................... 22-17
set dot1x ......................................................................................................................................... 22-18
set dot1x auth-config ...................................................................................................................... 22-19
clear dot1x auth-config ................................................................................................................... 22-20
show eapol ..................................................................................................................................... 22-21
set eapol ......................................................................................................................................... 22-23
clear eapol ...................................................................................................................................... 22-23

xxii

Configuring MAC Authentication ................................................................................................................ 22-25

Purpose ................................................................................................................................................ 22-25
Commands ........................................................................................................................................... 22-25
show macauthentication ................................................................................................................. 22-25
show macauthentication session .................................................................................................... 22-27
set macauthentication..................................................................................................................... 22-28
set macauthentication password .................................................................................................... 22-28
clear macauthentication password ................................................................................................. 22-29
set macauthentication port ............................................................................................................. 22-29
set macauthentication portinitialize................................................................................................. 22-30
set macauthentication portquietperiod............................................................................................ 22-30
clear macauthentication portquietperiod......................................................................................... 22-31
set macauthentication macinitialize ................................................................................................ 22-31
set macauthentication reauthentication .......................................................................................... 22-32
set macauthentication portreauthenticate.......................................................................................22-32
set macauthentication macreauthenticate ...................................................................................... 22-33
set macauthentication reauthperiod ...............................................................................................22-33
clear macauthentication reauthperiod ............................................................................................ 22-34
set macauthentication significant-bits ............................................................................................. 22-35
clear macauthentication significant-bits .......................................................................................... 22-35
Configuring Multiple Authentication Methods ............................................................................................. 22-37
About Multiple Authentication Types .................................................................................................... 22-37
About Multi-User Authentication ........................................................................................................... 22-37
Commands ........................................................................................................................................... 22-37
show multiauth................................................................................................................................ 22-38
set multiauth mode ......................................................................................................................... 22-39
clear multiauth mode ...................................................................................................................... 22-39
set multiauth precedence ............................................................................................................... 22-40
clear multiauth precedence ............................................................................................................22-40
show multiauth port ........................................................................................................................ 22-41
set multiauth port ............................................................................................................................ 22-41
clear multiauth port ......................................................................................................................... 22-42
show multiauth station .................................................................................................................... 22-43
show multiauth session .................................................................................................................. 22-43
show multiauth idle-timeout ............................................................................................................22-44
set multiauth idle-timeout................................................................................................................ 22-45
clear multiauth idle-timeout............................................................................................................. 22-46
show multiauth session-timeout ..................................................................................................... 22-46
set multiauth session-timeout ......................................................................................................... 22-47
clear multiauth session-timeout ...................................................................................................... 22-48
Configuring User + IP Phone Authentication .............................................................................................. 22-48
Configuring VLAN Authorization (RFC 3580) ............................................................................................. 22-49
Purpose ................................................................................................................................................ 22-49
Commands ........................................................................................................................................... 22-49
set vlanauthorization....................................................................................................................... 22-50
set vlanauthorization egress ........................................................................................................... 22-50
clear vlanauthorization.................................................................................................................... 22-51
show vlanauthorization ................................................................................................................... 22-51
Configuring Policy Maptable Response ...................................................................................................... 22-52
Operational Description ........................................................................................................................ 22-53
Commands ........................................................................................................................................... 22-54
show policy maptable ..................................................................................................................... 22-54
set policy maptable......................................................................................................................... 22-55
clear policy maptable...................................................................................................................... 22-56
Configuring MAC Locking ........................................................................................................................... 22-57
Purpose ................................................................................................................................................ 22-57
xxiii

Commands ........................................................................................................................................... 22-58

show maclock ................................................................................................................................. 22-58
show maclock stations.................................................................................................................... 22-59
set maclock enable......................................................................................................................... 22-60
set maclock disable ........................................................................................................................ 22-61
set maclock..................................................................................................................................... 22-61
clear maclock.................................................................................................................................. 22-62
set maclock static ........................................................................................................................... 22-63
clear maclock static ........................................................................................................................ 22-63
set maclock firstarrival .................................................................................................................... 22-64
clear maclock firstarrival ................................................................................................................. 22-65
set maclock agefirstarrival .............................................................................................................. 22-65
clear maclock agefirstarrival ........................................................................................................... 22-66
set maclock move ........................................................................................................................... 22-66
set maclock trap ............................................................................................................................. 22-67
Configuring Port Web Authentication (PWA) .............................................................................................. 22-68
About PWA ........................................................................................................................................... 22-68
Purpose ................................................................................................................................................ 22-68
Commands ........................................................................................................................................... 22-68
show pwa........................................................................................................................................ 22-69
set pwa ........................................................................................................................................... 22-70
show pwa banner ........................................................................................................................... 22-71
set pwa banner ............................................................................................................................... 22-71
clear pwa banner ............................................................................................................................ 22-72
set pwa displaylogo ........................................................................................................................ 22-72
set pwa ipaddress........................................................................................................................... 22-73
set pwa protocol ............................................................................................................................. 22-73
set pwa guestname ........................................................................................................................ 22-74
clear pwa guestname ..................................................................................................................... 22-74
set pwa guestpassword .................................................................................................................. 22-75
set pwa gueststatus........................................................................................................................ 22-75
set pwa initialize ............................................................................................................................. 22-76
set pwa quietperiod ........................................................................................................................ 22-76
set pwa maxrequest ....................................................................................................................... 22-77
set pwa portcontrol ......................................................................................................................... 22-77
show pwa session .......................................................................................................................... 22-78
set pwa enhancedmode ................................................................................................................. 22-79
Configuring Secure Shell (SSH) ................................................................................................................. 22-80
Purpose ................................................................................................................................................ 22-80
Commands ........................................................................................................................................... 22-80
show ssh status .............................................................................................................................. 22-80
set ssh ............................................................................................................................................ 22-80
set ssh hostkey............................................................................................................................... 22-81
Configuring Access Lists ............................................................................................................................ 22-82
Purpose ................................................................................................................................................ 22-82
Commands ........................................................................................................................................... 22-82
show access-lists............................................................................................................................ 22-82
access-list (standard) ..................................................................................................................... 22-83
access-list (extended)..................................................................................................................... 22-84
ip access-group .............................................................................................................................. 22-86

Chapter 23: TACACS+ Configuration

show tacacs...................................................................................................................................... 23-2
set tacacs ......................................................................................................................................... 23-3
show tacacs server........................................................................................................................... 23-3

xxiv

set tacacs server .............................................................................................................................. 23-4

clear tacacs server ........................................................................................................................... 23-5
show tacacs session......................................................................................................................... 23-6
set tacacs session ............................................................................................................................ 23-7
clear tacacs session ......................................................................................................................... 23-8
show tacacs command ..................................................................................................................... 23-9
set tacacs command......................................................................................................................... 23-9
show tacacs singleconnect............................................................................................................. 23-10
set tacacs singleconnect ................................................................................................................ 23-10
show tacacs interface ..................................................................................................................... 23-11
set tacacs interface......................................................................................................................... 23-11
clear tacacs interface...................................................................................................................... 23-12

Chapter 24: sFlow Configuration

Overview ....................................................................................................................................................... 24-1
Using sFlow in Your Network ................................................................................................................. 24-1
Definitions .............................................................................................................................................. 24-2
sFlow Agent Functionality ...................................................................................................................... 24-2
Sampling Mechanisms ........................................................................................................................... 24-2
Example Configuration ........................................................................................................................... 24-4
Commands ................................................................................................................................................... 24-4
show sflow receivers ........................................................................................................................ 24-5
set sflow receiver owner ................................................................................................................... 24-7
set sflow receiver ip .......................................................................................................................... 24-7
set sflow receiver maxdatagram ....................................................................................................... 24-8
set sflow receiver port....................................................................................................................... 24-9
clear sflow receiver........................................................................................................................... 24-9
set sflow port poller......................................................................................................................... 24-10
show sflow pollers .......................................................................................................................... 24-11
clear sflow port poller...................................................................................................................... 24-12
set sflow port sampler..................................................................................................................... 24-12
show sflow samplers ...................................................................................................................... 24-13
clear sflow port sampler.................................................................................................................. 24-14
set sflow interface ........................................................................................................................... 24-14
show sflow interface ....................................................................................................................... 24-15
clear sflow interface ........................................................................................................................ 24-16
show sflow agent ............................................................................................................................ 24-17

Appendix A: Policy and Authentication Capacities

Policy Capacities ............................................................................................................................................A-1
Authentication Capacities ...............................................................................................................................A-2

Index
Figures
1-1
1-2
1-3
1-4
1-5
1-6
10-1

Enterasys B5 Startup Screen ............................................................................................................. 1-6

Sample CLI Defaults Description........................................................................................................ 1-8
Performing a Keyword Lookup ........................................................................................................... 1-8
Performing a Partial Keyword Lookup ................................................................................................ 1-9
Scrolling Screen Output...................................................................................................................... 1-9
Abbreviating a Command ................................................................................................................. 1-10
Example of VLAN Propagation via GVRP ...................................................................................... 10-21

xxv

Tables
1-1
1-2
1-3
3-1
3-2
3-3
3-4
3-5
4-1
4-2
4-3
6-1
6-2
6-3
6-4
6-5
7-1
7-2
7-3
7-4
7-5
7-6
7-7
8-1
8-2
8-3
8-4
8-5
8-6
8-7
8-8
8-9
8-10
8-11
9-1
10-1
10-2
10-3
11-1
11-2
11-3
14-1
14-2
14-3
14-4
14-5
14-6
14-7
14-8
15-1
15-2
15-3
18-1
18-2

xxvi

Default Settings for Basic Switch Operation ....................................................................................... 1-2

Default Settings for Router Operation ................................................................................................ 1-4
Basic Line Editing Commands.......................................................................................................... 1-10
Required CLI Setup Commands......................................................................................................... 3-1
Optional CLI Setup Commands.......................................................................................................... 3-2
show system lockout Output Details................................................................................................... 3-8
show system Output Details ............................................................................................................. 3-14
show version Output Details ............................................................................................................. 3-26
PoE Powered Device Classes ............................................................................................................ 4-1
show inlinepower Output Details ........................................................................................................ 4-3
show port inlinepower Output Details ................................................................................................. 4-5
show cdp Output Details..................................................................................................................... 6-2
show ciscodp Output Details .............................................................................................................. 6-8
show ciscodp port info Output Details ................................................................................................ 6-9
show lldp port local-info Output Details ............................................................................................ 6-19
show lldp port remote-info Output Display........................................................................................ 6-22
show port status Output Details.......................................................................................................... 7-4
show port counters Output Details ..................................................................................................... 7-5
show port cablestatus Output Details ................................................................................................. 7-7
show linkflap parameters Output Details .......................................................................................... 7-27
show linkflap metrics Output Details................................................................................................. 7-27
LACP Terms and Definitions ............................................................................................................ 7-45
show lacp Output Details.................................................................................................................. 7-48
SNMP Security Levels........................................................................................................................ 8-3
show snmp engineid Output Details ................................................................................................... 8-4
show snmp counters Output Details ................................................................................................... 8-6
show snmp user Output Details.......................................................................................................... 8-9
show snmp group Output Details ..................................................................................................... 8-12
show snmp access Output Details ................................................................................................... 8-17
show snmp view Output Details ....................................................................................................... 8-21
show snmp targetparams Output Details ......................................................................................... 8-24
show snmp targetaddr Output Details .............................................................................................. 8-27
show snmp notify Output Details ...................................................................................................... 8-30
Basic SNMP Trap Configuration....................................................................................................... 8-36
show spantree Output Details ............................................................................................................ 9-6
Command Set for Creating a Secure Management VLAN ............................................................... 10-2
show vlan Output Details.................................................................................................................. 10-4
show gvrp configuration Output Details .......................................................................................... 10-23
show policy profile Output Details .................................................................................................... 11-3
show policy rule Output Details ........................................................................................................ 11-8
Valid Values for Policy Classification Rules ................................................................................... 11-11
show logging server Output Details.................................................................................................. 14-3
show logging application Output Details........................................................................................... 14-7
Mnemonic Values for Logging Applications...................................................................................... 14-8
show netstat Output Details............................................................................................................ 14-18
show arp Output Details ................................................................................................................. 14-20
show mac Output Details................................................................................................................ 14-23
show sntp Output Details................................................................................................................ 14-30
show nodealias config Output Details ............................................................................................ 14-40
RMON Monitoring Group Functions and Commands ....................................................................... 15-1
show rmon alarm Output Details .................................................................................................... 15-10
show rmon event Output Details .................................................................................................... 15-14
Enabling the Switch for Routing ....................................................................................................... 18-2
Router CLI Configuration Modes ...................................................................................................... 18-2

19-1
19-2
20-1
22-1
22-2
22-3
22-4
22-5
22-6
22-7
22-8
23-1
24-1
24-2
A-1
A-2

show ip interface Output Details ....................................................................................................... 19-4

show ip arp Output Details ............................................................................................................... 19-9
RIP Configuration Task List and Commands ................................................................................... 20-1
show radius Output Details............................................................................................................... 22-7
show eapol Output Details.............................................................................................................. 22-22
show macauthentication Output Details ......................................................................................... 22-26
show macauthentication session Output Details ............................................................................ 22-27
show vlanauthorization Output Details ........................................................................................... 22-52
show maclock Output Details ......................................................................................................... 22-59
show maclock stations Output Details............................................................................................ 22-60
show pwa Output Details................................................................................................................ 22-69
show tacacs Output Details .............................................................................................................. 23-2
sFlow Definitions .............................................................................................................................. 24-2
show sflow receivers Output Descriptions ........................................................................................ 24-6
Policy Capacities ................................................................................................................................A-1
Authentication Capacities ...................................................................................................................A-2

xxvii

xxviii

About This Guide

WelcometotheEnterasysB5CLIReference.Thismanualexplainshowtoaccessthedevices
CommandLineInterface(CLI)andhowtouseittoconfigureEnterasysB5switchdevices.

Important Notice
Depending on the firmware version used in your Enterasys B5 device, some features described in
this document may not be supported. Refer to the Release Notes for your device to determine
which features are supported.

Using This Guide

AgeneralworkingknowledgeofbasicnetworkoperationsandanunderstandingofCLI
managementapplicationsishelpfulbeforeconfiguringthedevice.
Thismanualdescribeshowtodothefollowing:

AccesstheswitchCLI.

UseCLIcommandstoperformnetworkmanagementanddeviceconfigurationoperations

EstablishandmanageVirtualLocalAreaNetworks(VLANs).

Establishandmanagestaticanddynamicallyassignedpolicyclassifications.

Establishandmanagepriorityclassification.

Configuresecurityprotocols,including802.1XandRADIUS,SSHv2,MAClocking,andMAC
authentication.

Structure of This Guide

Theguideisorganizedasfollows:
Chapter 1,Introduction,providesanoverviewofthetasksthatcanbeaccomplishedusingthe
CLIinterface,anoverviewoflocalmanagementrequirements,anoverviewofthedevicesfactory
defaultsettings,andinformationaboutusingtheCommandLineInterface(CLI).
Chapter 2,ConfiguringSwitchesinaStack,providesinformationabouthowtoconfigureand
managestackedswitches.
Chapter 3,BasicConfiguration,provideshowtosetbasicsystemproperties,howtodownloada
firmwareimage,howtoconfigureWebViewandTelnet,howtomanageconfigurationfiles,how
tosettheloginpassword,andhowtoexittheCLI.
Chapter 4,ConfiguringSystemPowerandPoE,describesthecommandsusedtoreviewandset
systempowerandPoEparametersondevicesthatofferPoweroverEthernet.
Chapter 5,TransmitQueueMonitoringConfiguration,describesthecommandsusedtomonitor
transmitqueuesand,ifaqueueisfoundtobestalled,totakecorrectiveaction.
Chapter 6,DiscoveryProtocolConfigurationprovideshowtoconfigurediscoveryprotocols
supportedbythedevice.

Enterasys B5 CLI Reference

xxix

Structure of This Guide

Chapter 7,PortConfiguration,describeshowtoreviewandconfigureconsoleportsettings,and
howtoenableordisableswitchportsandconfigureswitchportsettings,includingportspeed,
duplexmode,autonegotiation,flowcontrol,portmirroring,linkaggegationandbroadcast
suppression.
Chapter 8,SNMPConfiguration,describeshowtoconfigureSNMPusersandusergroups,access
rights,targetaddresses,andnotificationparameters.
Chapter 9,SpanningTreeConfiguration,describeshowtoreviewandsetSpanningTreebridge
parametersforthedevice,includingbridgepriority,hellotime,maximumagingtimeandforward
delay;andhowtoreviewandsetSpanningTreeportparameters,includingportpriorityandpath
costs.ConfiguringtheSpanGuardandLoopProtectfunctionsisalsodescribed.
Chapter 10,802.1QVLANConfiguration,describeshowtocreatestaticVLANs,selectthemode
ofoperationforeachport,establishVLANforwarding(egress)lists,routeframesaccordingto
VLANID,displaythecurrentportsandporttypesassociatedwithaVLANandprotocol,createa
securemanagementVLAN,andconfigureportsonthedeviceasGVRPawareports.
Chapter 11,PolicyClassificationConfiguration,describeshowtocreate,changeorremoveuser
rolesorprofilesbasedonbusinessspecificuseofnetworkservices;howtopermitordenyaccess
tospecificservicesbycreatingandassigningclassificationruleswhichmapuserprofilestoframe
filteringpolicies;howtoclassifyframestoaVLANorClassofService(CoS);andhowtoassignor
unassignportstopolicyprofilessothatonlyportsactivatedforaprofilewillbeallowedto
transmitframesaccordingly.
Chapter 12,PortPriorityConfiguration,describeshowtosetthetransmitpriorityofeachport
andconfigurearatelimitforagivenportandlistofpriorities.
Chapter 13,IGMPConfiguration,describeshowtoconfigureInternetGroupManagement
Protocol(IGMP)settingsformulticastfiltering.
Chapter 14,LoggingandNetworkManagement,describeshowtoconfigureSyslog,howto
managegeneralswitchsettings,howtomonitornetworkeventsandstatus,andhowtoconfigure
SNTPandnodealiases.
Chapter 15,RMONConfiguration,describeshowtouseRMON(RemoteNetworkMonitoring),
whichprovidescomprehensivenetworkfaultdiagnosis,planning,andperformancetuning
informationandallowsforinteroperabilitybetweenSNMPmanagementstationsandmonitoring
agents.
Chapter 16,DHCPServerConfiguration,describeshowtoreviewandconfigureDHCPserver
parameters,howtoreviewandconfigureDHCPaddresspools,andhowtodisplayDHCPserver
information.
Chapter 17,DHCPSnoopingandDynamicARPInspection,describestwosecurityfeatures
DHCPsnooping,whichmonitorsDHCPmessagesbetweenaDHCPclientandDHCPserverto
filterharmfulDHCPmessagesandtobuildadatabaseofauthorizedaddressbindings,and
DynamicARPinspection,whichusesthebindingsdatabasecreatedbytheDHCPsnooping
featuretorejectinvalidandmaliciousARPpackets.
Chapter 18,PreparingforRouterMode,providesinformationaboutroutermodesandhowto
activatealicense.
Chapter 19,IPConfiguration,describeshowtoenableIProutingforroutermodeoperation,how
toconfigureIPinterfacesettings,howtoreviewandconfiguretheroutingARPtable,howto
reviewandconfigureroutingbroadcasts,andhowtoconfigureIProutes.
Chapter 20,IPv4RoutingProtocolConfiguration,describeshowtoconfigureIPv4routingand
routingprotocols,includingRIPandIRDP.
Chapter 21,IPv6Management,describeshowtomanageIPv6atLayer2.Theseswitchlevel
commandsallowyoutoenableordisabletheIPv6managementfunction,toconfigureanddisplay
theIPv6hostaddressandIPv6gatewayfortheswitch,andtodisplayIPv6statusinformation.
xxx

About This Guide

Chapter 24,sFlowConfiguration, providesinformationaboutthecommandsusedtoconfigure

andmonitorthesFlowsystem.
Appendix A,PolicyandAuthenticationCapacities,liststhepolicyandauthenticationcapacities
oftheEnterasysB5asofthedatethisdocumentwaspublished.

Related Documents
ThefollowingEnterasysNetworksdocumentsmayhelpyoutosetup,control,andmanagethe
device:

EnterasysFirmwareFeatureGuides

EnterasysB5HardwareInstallationGuide

RedundantPowerSystemQuickReferences

Documentslistedabove,canbeobtainedfromtheWorldWideWebinAdobeAcrobatPortable
DocumentFormat(PDF)atthefollowingwebsite:
https://extranet.enterasys.com/downloads/

Conventions Used in This Guide

Thefollowingconventionsareusedinthetextofthisdocument:
Convention

Description

Bold font

Indicates mandatory keywords, parameters or keyboard keys.

italic font

Indicates complete document titles.

Courier font

Used for examples of information displayed on the screen.

Courier font in italics

Indicates a user-supplied value, either required or optional.

[]

Square brackets indicate an optional value.

{}

Braces indicate required values. One or more values may be required.

A vertical bar indicates a choice in values.

[x | y | z]

Square brackets with a vertical bar indicate a choice of a value.

{x | y | z}

Braces with a vertical bar indicate a choice of a required value.

[x {y | z} ]

A combination of square brackets with braces and vertical bars indicates a

required choice of an optional value.

Enterasys B5 CLI Reference

xxxi

Getting Help

Thefollowingiconsareusedinthisguide:

Note: Calls the readers attention to any item of information that may be of special importance.

Caution: Contains information essential to avoid damage to the equipment.

Precaucin: Contiene informacin esencial para prevenir daar el equipo.
Achtung: Verweit auf wichtige Informationen zum Schutz gegen Beschdigungen.

Getting Help
Foradditionalsupportrelatedtothisswitchordocument,contactEnterasysNetworksusingone
ofthefollowingmethods:
World Wide Web

http://www.enterasys.com/support

Phone

1-800-872-8440 (toll-free in U.S. and Canada)

or 1-978-684-1000
For the Enterasys Networks Support toll-free number in your country:
http://www.enterasys.com/support

Internet mail

[email protected]
To expedite your message, type [SWITCHING] in the subject line.

To send comments or suggestions concerning this document to the Technical Publications Department:
[email protected]
Make sure to include the document Part Number in the email message.

BeforecallingEnterasysNetworks,havethefollowinginformationready:

xxxii

YourEnterasysNetworksservicecontractnumber

Adescriptionofthefailure

Adescriptionofanyaction(s)alreadytakentoresolvetheproblem(forexample,changing
modeswitchesorrebootingtheunit)

TheserialandrevisionnumbersofallinvolvedEnterasysNetworksproductsinthenetwork

Adescriptionofyournetworkenvironment(forexample,layout,cabletype)

Networkloadandframesizeatthetimeoftrouble(ifknown)

Theswitchhistory(forexample,haveyoureturnedtheswitchbefore,isthisarecurring
problem?)

AnypreviousReturnMaterialAuthorization(RMA)numbers

About This Guide

1
Introduction
ThischapterprovidesanoverviewoftheEnterasysB5suniquefeaturesandfunctionality,an
overviewofthetasksthatmaybeaccomplishedusingtheCLIinterface,anoverviewofwaysto
managetheswitch,factorydefaultsettings,andinformationabouthowtousetheCommandLine
Interfacetoconfiguretheswitch.
For information about...

Refer to page...

Enterasys B5 CLI Overview

1-1

Switch Management Methods

1-1

Factory Default Settings

1-2

Using the Command Line Interface

1-6

Enterasys B5 CLI Overview

TheEnterasysNetworksEnterasysB5CLIinterfaceallowsyoutoperformavarietyofnetwork
managementtasks,includingthefollowing:

UseCLIcommandstoperformnetworkmanagementandswitchconfigurationoperations.

Downloadanewfirmwareimage.

AssignIPaddressandsubnetmask.

Selectadefaultgateway.

EstablishandmanageVirtualLocalAreaNetworks(VLANs).

Establishandmanagepolicyprofilesandclassifications.

Establishandmanagepriorityclassification.

Configuresecurityprotocols,including802.1XandRADIUS,SSHv2,PWA,MAClocking,and
MACauthentication.

Switch Management Methods

TheEnterasysB5switchcanbemanagedusingthefollowingmethods:

LocallyusingaVTtypeterminalconnectedtotheconsoleport.

RemotelyusingaVTtypeterminalconnectedthroughamodem.

RemotelyusinganSNMPmanagementstation.

InbandthroughaTelnetconnection.

InbandusingtheEnterasysNetSightmanagementapplication.
Enterasys B5 CLI Reference

1-1

Factory Default Settings

RemotelyusingWebView,EnterasysNetworksembeddedwebserverapplication.

TheInstallationGuideforyourEnterasysB5deviceprovidessetupinstructionsforconnectinga
terminalormodemtotheswitch.

Factory Default Settings

ThefollowingtableslistfactorydefaultsettingsavailableontheEnterasysB5switch.
Table 1-1

Default Settings for Basic Switch Operation

Feature

Default Setting

Switch Mode Defaults

CDP discovery protocol

Auto enabled on all ports.

CDP authentication code

Set to 00-00-00-00-00-00-00-00

CDP hold time

Set to 180 seconds.

CDP interval

Transmit frequency of CDP messages set to 60 seconds.

Cisco discovery protocol

Auto enabled on all ports.

Cisco DP hold time

Set to 180 seconds.

Cisco DP interval timer

Set to 60 seconds.

Community name

Public.

Console (serial) port

required settings

Baud rate: 9600

Data bits: 8
Flow control: disabled
Stop bits: 1
Parity: none

1-2

Introduction

DHCP server

Disabled.

EAPOL

Disabled.

EAPOL authentication
mode

When enabled, set to auto for all ports.

GARP timer

Join timer set to 20 centiseconds; leave timer set to 60 centiseconds; leaveall

timer set to 1000 centiseconds.

GVRP

Globally enabled. Disabled per port.

History buffer size

20 lines.

IEEE 802.1 authentication

Disabled.

IGMP snooping

Disabled. When enabled, query interval is set to 260 seconds and response
time is set to 10 seconds.

IP mask and gateway

Subnet mask set to 0.0.0.0; default gateway set to 0.0.0.0.

IP routes

No static routes configured.

Jumbo frame support

Enabled on all ports.

Link aggregation control

protocol (LACP)

Globally enabled. Disabled per port.

Link aggregation admin

key

Set to 32768 for all ports.

Factory Default Settings

Table 1-1

Default Settings for Basic Switch Operation (Continued)

Feature

Default Setting

Link aggregation flow

regeneration

Disabled.

Link aggregation system

priority

Set to 32768 for all ports.

Link aggregation outport

algorithm

Set to DIP-SIP.

Lockout

Set to disable Read-Write and Read-Only users, and to lockout the default
admin (Super User) account for 15 minutes, after 3 failed login attempts.

Logging

Syslog port set to UDP port number 514. Logging severity level set to 6
(significant conditions) for all applications.

MAC aging time

Set to 300 seconds.

MAC locking

Disabled (globally and on all ports).

Passwords

Set to an empty string for all default user accounts. User must press ENTER
at the password prompt to access CLI.

Password aging

Disabled.

Password history

No passwords are checked for duplication.

Policy classification

Classification rules are automatically enabled when created.

Port auto-negotiation

Enabled on all ports.

Port advertised ability

Maximum ability advertised on all ports.

Port broadcast suppression Enabled and set to limit broadcast packets to 14,881 per second on all switch
ports.
Port duplex mode

Set to half duplex, except for 100BASE-FX and 1000BASE-X, which is set to
full duplex.

Port enable/disable

Enabled.

Port priority

Set to 0.

Port speed

Set to 10 Mbps, except for 1000BASE-X, which is set to 1000 Mbps, and
100BASE-FX, which is set to 100 Mbps.

Port trap

All ports are enabled to send link traps.

Power over Ethernet port

admin state

Administrative state is on (auto).

Priority classification

Classification rules are automatically enabled when created.

RADIUS client

Disabled.

RADIUS last resort action

When the client is enabled, set to Challenge.

RADIUS retries

When the client is enabled, set to 3.

RADIUS timeout

When the client is enabled, set to 20 seconds.

Rate limiting

Disabled (globally and on all ports).

SNMP

Enabled.

SNTP

Disabled.

Spanning Tree

Globally enabled and enabled on all ports.

Enterasys B5 CLI Reference

1-3

Factory Default Settings

Table 1-1

Default Settings for Basic Switch Operation (Continued)

Feature

Default Setting

Spanning Tree edge port

administrative status

Edge port administrative status begins with the value set to false initially after
the device is powered up. If a Spanning Tree BDPU is not received on the
port within a few seconds, the status setting changes to true.

Spanning Tree edge port

delay

Enabled.

Spanning Tree forward

delay

Set to 15 seconds.

Spanning Tree hello

interval

Set to 2 seconds.

Spanning Tree ID (SID)

Set to 0.

Spanning Tree maximum

aging time

Set to 20 seconds.

Spanning Tree port priority

All ports with bridge priority are set to 128 (medium priority).

Spanning Tree priority

Bridge priority is set to 32768.

Spanning Tree topology

change trap suppression

Enabled.

Spanning Tree version

Set to mstp (Multiple Spanning Tree Protocol).

SSH

Disabled.

System baud rate

Set to 9600 baud.

System contact

Set to empty string.

System location

Set to empty string.

System name

Set to empty string.

Terminal

CLI display set to 80 columns and 24 rows.

Timeout

Set to 5 minutes.

User names

Login accounts set to ro for Read-Only access; rw for Read-Write access;

and admin for Super User access.

VLAN dynamic egress

Disabled on all VLANs.

VLAN ID

All ports use a VLAN identifier of 1.

Host VLAN

Default host VLAN is 1.

Notallofthefollowingroutingfeaturesareavailableonallplatforms.ChecktheReleaseNotesfor
yourspecificplatformsfordetails.
Table 1-2

1-4

Introduction

Default Settings for Router Operation

Output...

What it displays...

Access groups (IP security)

None configured.

Access lists (IP security)

None configured.

Area authentication (OSPF)

Disabled.

Area default cost (OSPF)

Set to 1.

Area NSSA (OSPF)

None configured.

Factory Default Settings

Table 1-2

Default Settings for Router Operation (Continued)

Output...

What it displays...

Area range (OSPF)

None configured.

ARP table

No permanent entries configured.

ARP timeout

Set to 14,400 seconds.

Authentication key (RIP and OSPF)

None configured.

Authentication mode (RIP and OSPF)

None configured.

Dead interval (OSPF)

Set to 40 seconds.

Disable triggered updates (RIP)

Triggered updates allowed.

Distribute list (RIP)

No filters applied.

DVMRP

Disabled. Metric set to 1.

Hello interval (OSPF)

Set to 10 seconds for broadcast and point-to-point networks. Set

to 30 seconds for non-broadcast networks.

ICMP

Enabled for echo-reply and mask-reply modes.

IP-directed broadcasts

Disabled.

IP forward-protocol

Enabled with no port specified.

IP interfaces

Disabled with no IP addresses specified.

IRDP

Disabled on all interfaces. When enabled, maximum

advertisement interval is set to 600 seconds, minimum
advertisement interval is set to 450 seconds, holdtime is set to
1800 seconds, and address preference is set to 0.

MD5 authentication (OSPF)

Disabled with no password set.

MTU size

Set to 1500 bytes on all interfaces.

OSPF

Disabled.

OSPF cost

Set to 10 for all interfaces.

OSPF network

None configured.

OSPF priority

Set to 1.

Passive interfaces (RIP)

None configured.

Proxy ARP

Enabled on all interfaces.

Receive interfaces (RIP)

Enabled on all interfaces.

Retransmit delay (OSPF)

Set to 1 second.

Retransmit interval (OSPF)

Set to 5 seconds.

RIP receive version

Set to accept both version 1 and version 2.

RIP send version

Set to version 1.

RIP offset

No value applied.

SNMP

Enabled.

Split horizon

Enabled for RIP packets without poison reverse.

Stub area (OSPF)

None configured.

Telnet

Enabled.

Enterasys B5 CLI Reference

1-5

Using the Command Line Interface

Table 1-2

Default Settings for Router Operation (Continued)

Output...

What it displays...

Telnet port (IP)

Set to port number 23.

Timers (OSPF)

SPF delay set to 5 seconds. SPF holdtime set to 10 seconds.

Transmit delay (OSPF)

Set to 1 second.

VRRP

Disabled.

Using the Command Line Interface

Starting a CLI Session
Connecting Using the Console Port
ConnectaterminaltothelocalconsoleportasdescribedinyourEnterasysB5InstallationGuide.
Thestartupscreen,Figure 11,willdisplayontheterminal.YoucannowstarttheCommandLine
Interface(CLI)by

usingadefaultuseraccount,asdescribedinUsingaDefaultUserAccountonpage 17,or

usinganadministrativelyassigneduseraccountasdescribedinUsinganAdministratively
ConfiguredUserAccountonpage 17.

Figure 1-1

Enterasys B5 Startup Screen

Username:admin
Password:
Enterasys Enterasys B5
Command Line Interface
Enterasys Networks, Inc.
50 Minuteman Rd.
Andover, MA 01810-1008 U.S.A.
Phone: +1 978 684 1000
E-mail: [email protected]
WWW: http://www.enterasys.com
(c) Copyright Enterasys Networks, Inc. 2011
Chassis Serial Number:
Chassis Firmware Revision:

041800249041
6.42.xx.xxxx

B5(su)->

Connecting Using Telnet

OncetheEnterasysB5devicehasavalidIPaddress,youcanestablishaTelnetsessionfromany
TCP/IPbasednodeonthenetwork.ForinformationaboutsettingtheswitchsIPaddress,referto
setipaddressonpage 310.
ToestablishaTelnetsession:

1-6

Introduction

Using the Command Line Interface

TelnettotheswitchsIPaddress.

Enterlogin(username)andpasswordinformationinoneofthefollowingways:

Iftheswitchsdefaultloginandpasswordsettingshavenotbeenchanged,followthe
stepslistedinUsingaDefaultUserAccountonpage 17,or

Enteranadministrativelyconfiguredusernameandpassword.

ThenoticeofauthorizationandthepromptdisplaysasshowninFigure 11.
ForinformationaboutconfiguringTelnetsettings,refertoStartingandConfiguringTelneton
page 336.
RefertotheinstructionsincludedwiththeTelnetapplicationforinformationaboutestablishinga
Telnetsession.

Logging In
Bydefault,theEnterasysB5switchisconfiguredwiththreeuserloginaccountsrofor
ReadOnlyaccess,rwforReadWriteaccess,andadminforsuperuseraccesstoallmodifiable
parameters.Thedefaultpasswordissettoablankstring.Forinformationonchangingthese
defaultsettings,refertoSettingUserAccountsandPasswordsonpage 32.

Using a Default User Account

IfthisisthefirsttimeyouareloggingintotheEnterasysB5switch,orifthedefaultuseraccounts
havenotbeenadministrativelychanged,proceedasfollows:
1.

Attheloginprompt,enteroneofthefollowingdefaultusernames:

roforReadOnlyaccess.

rwforReadWriteaccess.

adminforSuperUseraccess.

PressENTER.ThePasswordpromptdisplays.

LeavethisstringblankandpressENTER.Theswitchinformationandpromptdisplaysas
showninFigure 11.

Using an Administratively Configured User Account

Iftheswitchsdefaultuseraccountsettingshavebeenchanged,proceedasfollows:
1.

Attheloginprompt,enteryouradministrativelyassignedusernameandpressENTER.

AtthePasswordprompt,enteryourpasswordandpressENTER.

ThenoticeofauthorizationandthepromptdisplaysasshowninFigure 11.
Note: Users with Read-Write (rw) and Read-Only access can use the set password command
(page 3-5) to change their own passwords. Administrators with Super User (su) access can use
the set system login command (page 3-4) to create and change user accounts, and the set
password command to change any local account password.

Enterasys B5 CLI Reference

1-7

Using the Command Line Interface

Navigating the Command Line Interface

Getting Help with CLI Syntax
TheEnterasysB5switchallowsyoutodisplayusageandsyntaxinformationforindividual
commandsbytypinghelpor?afterthecommand.

CLI Command Defaults Descriptions

EachcommanddescriptioninthisguideincludesasectionentitledDefaultswhichcontains
differentinformationfromthefactorydefaultsettingsontheswitchdescribedinTable 11.The
sectiondefinesCLIbehavioriftheuserentersacommandwithouttypingoptionalparameters
(indicatedbysquarebrackets[]).Forcommandswithoutoptionalparameters,thedefaults
sectionlistsNone.Forcommandswithoptionalparameters,thissectiondescribeshowtheCLI
respondsiftheuseroptstoenteronlythekeywordsofthecommandsyntax.Figure 12provides
anexample.
Figure 1-2

Sample CLI Defaults Description

Syntax
show port status [port-string]

Defaults
Ifportstringisnotspecified,statusinformationforallportswillbedisplayed.

CLI Command Modes

EachcommanddescriptioninthisguideincludesasectionentitledModewhichstateswhether
thecommandisexecutableinAdmin(SuperUser),ReadWrite,orReadOnlymode.Userswith
ReadOnlyaccesswillonlybepermittedtoviewReadOnly(show)commands.UserswithRead
Writeaccesswillbeabletomodifyallmodifiableparametersinsetandshowcommands,aswell
asviewReadOnlycommands.AdministratorsorSuperUserswillbeallowedallReadWriteand
ReadOnlyprivileges,andwillbeabletomodifylocaluseraccounts.TheEnterasysB5switch
indicateswhichmodeauserisloggedinasbydisplayingoneofthefollowingprompts:

Admin:B5(su)>

ReadWrite:B5(rw)>

ReadOnly:B5(ro)>

Performing Keyword Lookups

Enteringaspaceandaquestionmark(?)afterakeywordwilldisplayallcommandsbeginning
withthekeyword.Figure 13showshowtoperformakeywordlookupfortheshowsnmp
command.Inthiscase,fouradditionalkeywordsareusedbytheshowsnmpcommand.Entering
aspaceandaquestionmark(?)afteranyoftheseparameters(suchasshowsnmpcommunity)
willdisplayadditionalparametersnestedwithinthesyntax.
Figure 1-3

Performing a Keyword Lookup

B5(su)->show snmp ?
community
notify
targetaddr
targetparams

1-8

Introduction

SNMP
SNMP
SNMP
SNMP

v1/v2c
notify
target
target

community name configuration

configuration
address configuration
parameters configuration

Using the Command Line Interface

Enteringaquestionmark(?)withoutaspaceafterapartialkeywordwilldisplayalistof
commandsthatbeginwiththepartialkeyword.Figure 14showshowtousethisfunctionforall
commandsbeginningwithco:
Figure 1-4

Performing a Partial Keyword Lookup

B5(rw)->co?
configure
B5(su)->co

copy

Note: At the end of the lookup display, the system will repeat the command you entered without the
?.

Displaying Scrolling Screens

IftheCLIscreenlengthhasbeensetusingthesetlengthcommandasdescribedonpage329,CLI
outputrequiringmorethanonescreenwilldisplay--More-- toindicatecontinuingscreens.To
displayadditionalscreenoutput:

PressanykeyotherthanENTERtoadvancetheoutputonescreenatatime.

PressENTERtoadvancetheoutputonelineatatime.

TheexampleinFigure 15showshowtheshowmaccommandindicatesthatoutputcontinueson
morethanonescreen.
Figure 1-5

Scrolling Screen Output

B5(su)->show mac
MAC Address
FID
Port
Type
---------------------------------------------------------00-00-1d-67-68-69
1
host
Management
00-00-02-00-00-00
1
ge.1.2
Learned
00-00-02-00-00-01
1
ge.1.3
Learned
00-00-02-00-00-02
1
ge.1.4
Learned
00-00-02-00-00-03
1
ge.1.5
Learned
00-00-02-00-00-04
1
ge.1.6
Learned
00-00-02-00-00-05
1
ge.1.7
Learned
00-00-02-00-00-06
1
ge.1.8
Learned
00-00-02-00-00-07
1
ge.1.9
Learned
00-00-02-00-00-08
1
ge.1.10
Learned
--More--

Abbreviating and Completing Commands

TheEnterasysB5switchallowsyoutoabbreviateCLIcommandsandkeywordsdowntothe
numberofcharactersthatwillallowforauniqueabbreviation.Figure 16showshowto
abbreviatetheshownetstatcommandtoshnet.

Enterasys B5 CLI Reference

1-9

Using the Command Line Interface

Figure 1-6

Abbreviating a Command

B5(su)->sh net
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address
Foreign Address
----- ------ ------ --------------------- --------------------TCP
0
0 10.21.73.13.23
134.141.190.94.51246
TCP
0
275 10.21.73.13.23
134.141.192.119.4724
TCP
0
0 *.80
*.*
TCP
0
0 *.23
*.*
UDP
0
0 10.21.73.13.1030
134.141.89.113.514
UDP
0
0 *.161
*.*
UDP
0
0 *.1025
*.*
UDP
0
0 *.123
*.*

State
------ESTABLISHED
ESTABLISHED
LISTEN
LISTEN

Basic Line Editing Commands

TheCLIsupportsEMACslikelineeditingcommands.Table 13listssomecommonlyused
commands.
Table 1-3

1-10

Introduction

Basic Line Editing Commands

Key Sequence

Command

Ctrl+A

Move cursor to beginning of line.

Ctrl+B

Move cursor back one character.

Ctrl+D

Delete a character.

Ctrl+E

Move cursor to end of line.

Ctrl+F

Move cursor forward one character.

Ctrl+H

Delete character to left of cursor.

Ctrl+I or TAB

Complete word.

Ctrl+K

Delete all characters after cursor.

Ctrl+N

Scroll to next command in command history (use the CLI history command to
display the history).

Ctrl+P

Scroll to previous command in command history.

Ctr1+Q

Resume the CLI process.

Ctr1+S

Pause the CLI process (for scrolling).

Ctrl+T

Transpose characters.

Ctrl+U or Ctrl+X

Delete all characters before cursor.

Ctrl+W

Delete word to the left of cursor.

Ctrl+Y

Restore the most recently deleted item.

2
Configuring Switches in a Stack
ThischapterprovidesinformationaboutconfiguringEnterasysB5switchesinastack.
For information about ...

Refer to page ...

About Enterasys B5 Switch Operation in a Stack

2-1

Installing a New Stackable System of Up to Eight Units

2-2

Installing Previously-Configured Systems in a Stack

2-3

Adding a New Unit to an Existing Stack

2-3

Creating a Virtual Switch Configuration

2-3

Considerations About Using Clear Config in a Stack

2-4

Stacking Configuration and Management Commands

2-5

About Enterasys B5 Switch Operation in a Stack

TheEnterasysB5productsarestackableswitchesthatcanbeadaptedandscaledtohelpmeet
yournetworkneeds.Theseswitchesprovideamanagementplatformanduplinktoanetwork
backboneforastackedgroupofuptoeightEnterasysB5switches.

Note: B5 switches can only be stacked with other B5 switches.

Onceinstalledinastack,theswitchesbehaveandperformasasingleswitchproduct.Assuch,
youcanstartwithasingleunitandaddmoreunitsasyournetworkexpands.Youcanalsomix
differentproductsinthefamilyinasinglestacktoprovideadesiredcombinationofporttypes
andfunctionstomatchtherequirementsofindividualapplications.Inallcases,astackofunits
performsasonelargeproduct,andismanagedasasinglenetworkentity.
WhenswitchesareinstalledandconnectedasdescribedinyourEnterasysB5InstallationGuide,
thefollowingoccursduringinitialization:

Theswitchthatwillmanagethestackisautomaticallyestablished.Thisisknownasthe
managerswitch.

Allotherswitchesareestablishedasmembersinthestack.

Thehierarchyoftheswitchesthatwillassumethefunctionofbackupmanagerisalso
determinedincasethecurrentmanagermalfunctions,ispowereddown,orisdisconnected
fromthestack.

Theconsoleportonthemanagerswitchremainsactiveforoutofband(local)switch
management,buttheconsoleportoneachmemberswitchisdeactivated.Thisenablesyouto

Enterasys B5 CLI Reference

2-1

Installing a New Stackable System of Up to Eight Units

settheIPaddressandsystempasswordusingasingleconsoleport.Noweachswitchcanbe
configuredlocallyusingonlythemanagersconsoleport,orinbandusingaremotedeviceand
theCLIsetofcommandsdescribedinthissection.
Onceastackiscreated(morethanoneswitchisinterconnected),thefollowingprocedureoccurs:
1.

Bydefault,unitIDsarearbitrarilyassignedonafirstcome,firstservedbasis.

UnitIDsaresavedagainsteachmodule.Then,everytimeaboardispowercycled,itwill
initializewiththesameunitID.Thisisimportantforportspecificinformation(forexample:
ge.4.12isthe12thGigabitEthernetportonUnit#4).

Themanagementelectionprocessusesthefollowingprecedencetoassignamanagement
switch:
a.

Previouslyassigned/electedmanagementunit

Managementassignedpriority(values115)

Hardwarepreferencelevel

d. HighestMACAddress
Usethefollowingrecommendedprocedureswheninstallinganewstackablesystemoraddinga
newunittoanexistingstack.

Important
The following procedures assume that all units have a clean configuration from manufacturing. When adding
a new unit to an already running stack, it is also assumed that the new unit is using the same firmware image
version as other units in the stack.

Installing a New Stackable System of Up to Eight Units

Usethefollowingprocedureforinstallinganewstackofuptoeightunitsoutofthebox.
1.

Beforeapplyingpower,makeallphysicalconnectionswiththestackcablesasdescribedin
yourEnterasysB5InstallationGuide.

Onceallofthestackcableshavebeenconnected,individuallypoweroneachunitfromtopto
bottom.
Notes: Ensure that each switch is fully operational before applying power to the next switch.
Since unit IDs are assigned on a first-come, first-served basis, this will ensure that unit IDs are
ordered sequentially.
Once unit IDs are assigned, they are persistent and will be retained during a power cycle to any or
all of the units.

2-2

(Optional)Ifdesired,changethemanagementunitusingthesetswitchmovemanagement
commandasdescribedinsetswitchmovemanagementonpage210.

Oncethedesiredmasterunithasbeenselected,resetthesystemusingtheresetcommand
(page350).

Afterthestackhasbeenconfigured,youcanusetheshowswitchunitcommand(page25)to
physicallyidentifyeachunit.Whenyouenterthecommandwithaunitnumber,theMGR
LEDofthespecifiedswitchwillblinkfor10seconds.ThenormalstateofthisLEDisofffor
memberunitsandsteadygreenforthemanagerunit.

Configuring Switches in a Stack

Installing Previously-Configured Systems in a Stack

Ifmemberunitsinastackhavebeenpreviousmembersofadifferentstack,youmayneedto
configuretherenumberingofthestackasfollows:
1.

Stacktheunitsinthemethoddesired,andconnectthestackcables.

Poweruponlytheunityouwishtobemanager.

Oncethemanagementunitispoweredup,logintotheCLI,andusetheshowswitch
commandasdescribedinshowswitchonpage25todisplaystackinginformation.

Clearanyswitcheswhicharelistedasunassignedusingtheclearswitchmember
commandasdescribedinclearswitchmemberonpage211.

Powerupthememberofthestackyouwishtobecomeunit2.Oncethesecondunitisfully
powered,theCOMsessionoftheCLIwillstatethatanewCPUwasadded.

Usetheshowswitchcommandtoredisplaystackinginformation.
a.

Ifthenewmemberdisplaysasunit2,youcanproceedtorepeatthisstepwiththenext
unit.

Ifthenewmemberdisplaysadifferentunitnumber,youmust:
(1) Renumberthestackusingthesetswitchrenumbercommandasdescribedinset
switchonpage28,then
(2) Cleartheoriginalunitnumberusingtheclearswitchmembercommand.

RepeatStep6untilallmembershavebeenrenumberedintheorderyoudesire.

Afterthestackhasbeenreconfigured,youcanusetheshowswitchunitcommand(show
switchonpage25)tophysicallyconfirmtheidentityofeachunit.Whenyouenterthe
commandwithaunitnumber,theMGRLEDofthespecifiedswitchwillblinkfor10seconds.
ThenormalstateofthisLEDisoffformemberunitsandsteadygreenforthemanagerunit.

Adding a New Unit to an Existing Stack

Usethefollowingprocedureforinstallinganewunittoanexistingstackconfiguration.This
procedureassumesthatthenewunitbeingaddedhasacleanconfigurationfrommanufacturing
andisrunningthesamefirmwareimageversionasotherunitsinthestack.
1.

Ensurethatpowerisoffonthenewunitbeinginstalled.

Useoneofthefollowingmethodstocompletestackcableconnections:

Iftherunningstackusesadaisychaintopology,makethestackcableconnectionsfrom
thebottomofthestacktothenewunit(thatis,STACKDOWNportfromthebottomunit
oftherunningstacktotheSTACKUPportonthenewunit).

Iftherunningstackusesaringstacktopology,breaktheringandmakethestackcable
connectionstothenewunittoclosethering.

Applypowertothenewunit.

Creating a Virtual Switch Configuration

YoucancreateaconfigurationforaEnterasysB5switchbeforeaddingtheactualphysicaldevice
toastack.Thispreconfigurationfeatureincludesconfiguringprotocolsontheportsofthevirtual
switch.

Enterasys B5 CLI Reference

2-3

Considerations About Using Clear Config in a Stack

Tocreateavirtualswitchconfigurationinastackenvironment:
1.

Displaythetypesofswitchessupportedinthestack,usingtheshowswitchswitchtype
command(page26).

Usingtheoutputoftheshowswitchswitchtypecommand,determinetheswitchindex(SID)
ofthemodelofswitchbeingconfigured.

Addthevirtualswitchtothestackusingthesetswitchmembercommand(page210).Use
theSIDoftheswitchmodel,determinedinthepreviousstep,andtheunitIDthatyouwantto
assigntothisswitchmember.

Proceedtoconfiguretheportsofthevirtualswitchasyouwoulddoforphysicallypresent
devices.

B5(su)->set vlan create 555

B5(su)->clear vlan egress 1 ge.2.1
B5(su)->set port vlan ge.2.1 555 untagged
B5(su)->show port vlan ge.2.1
ge.2.1 is set to 555
Note: If you preconfigure a virtual switch and then add a physical switch of a different type to the
stack as that unit number, any configured functionality that cannot be supported on the physical
switch will cause a configuration mismatch status for that device and the ports of the new device will
join detached. You must clear the mismatch before the new device will properly join the stack.

Considerations About Using Clear Config in a Stack

Whenusingtheclearconfigcommand(page350)toclearconfigurationparametersinastack,it
isimportanttorememberthefollowing:

UseclearconfigtoclearconfigparameterswithoutclearingstackunitIDs.Thiscommand
WILLNOTclearstackparametersortheIPaddressandavoidstheprocessofrenumbering
thestack.

Useclearconfigallwhenitisnecessarytoclearallconfigparameters,includingstackunit
IDsandswitchpriorityvalues.ThiscommandwillnotcleartheIPaddressnorwillitremove
anappliedadvancedfeaturelicense.

UseclearipaddresstoremovetheIPaddressofthestack.

Useclearlicensetoremoveanappliedlicensefromaswitch.

Configurationparametersandstackinginformationcanalsobeclearedonthemasterunitonly
byselectingtherestoreconfigurationtofactorydefaultsoptionfromthebootmenuonswitch
startup.Thisselectionwillleavestackingprioritiesonallotherunits.

2-4

Configuring Switches in a Stack

Stacking Configuration and Management Commands

Purpose
Toreview,individuallyconfigureandmanageswitchesinaEnterasysB5stack.

Commands
For information about...

Refer to page...

show switch

2-5

show switch switchtype

2-6

show switch stack-ports

2-7

set switch

2-8

set switch copy-fw

2-9

set switch description

2-9

set switch movemanagement

2-10

set switch member

2-10

clear switch member

2-11

show switch
Usethiscommandtodisplayinformationaboutoneormoreunitsinthestack.

Syntax
show switch [status] [unit]

Parameters
status

(Optional)Displayspowerandadministrativestatusinformationforone
ormoreunitsinthestack.

unit

(Optional)Specifiestheunit(s)forwhichinformationwilldisplay.

Defaults
Ifnotspecified,statusandotherconfigurationinformationaboutallunitswillbedisplayed.

Mode
Switchcommand,readonly.

Usage
Afterastackhasbeenconfigured,youcanusethiscommandtophysicallyconfirmtheidentityof
eachunit.Whenyouenterthecommandwithaunitnumber,theMGRLEDofthespecified
switchwillblinkfor10seconds.ThenormalstateofthisLEDisoffformemberunitsandsteady
greenforthemanagerunit.

Enterasys B5 CLI Reference

2-5

show switch switchtype

Examples
Thisexampleshowshowtodisplayinformationaboutallswitchunitsinthestack:
B5(rw)->show switch
Management
Switch
Status
------ -----------1
Mgmt Switch
2
Stack Member
3
Stack Member
4
Stack Member
5
Stack Member
6
Stack Member
7
Stack Member
8
Stack Member

Preconfig
Model ID
------------B5G124-24
B5G124-24
B5G124-24
B5G124-24
B5G124-24
B5G124-24
B5G124-24
B5G124-24

Plugged-in
Model ID
------------B5G124-24
B5G124-24
B5G124-24
B5G124-24
B5G124-24
B5G124-24
B5G124-24
B5G124-24

Switch
Code
Status
Version
--------------------- -------OK
06.42.xx.xxxx
OK
06.42.xx.xxxx
OK
06.42.xx.xxxx
OK
06.42.xx.xxxx
OK
06.42.xx.xxxx
OK
06.42.xx.xxxx
OK
06.42.xx.xxxx
OK
06.42.xx.xxxx

Thisexampleshowshowtodisplayinformationaboutswitchunit1inthestack:
B5(ro)->show switch 1
Switch
Management Status
Hardware Management Preference
Admin Management Preference
Switch Type
Preconfigured Model Identifier
Plugged-in Model Identifier
Switch Status
Switch Description
Detected Code Version
Detected Code in Flash
Detected Code in Back Image
Up Time

1
Management Switch
Unassigned
Unassigned
B5G124-24
B5G124-24
B5G124-24
OK
Enterasys Networks, Inc. B5 -- Model
B5G124-24
06.42.xx.xxxx
03.01.20
02.01.37
0 days 6 hrs 37 mins 54 secs

Thisexampleshowshowtodisplaystatusinformationforswitchunit1inthestack:
B5(ro)->show switch status 1
Switch
Switch Status
Admin State
Power State
Inserted Switch:
Model Identifier
Description
Configured Switch:
Model Identifier
Description

1
Full

B5G124-24
Enterasys Networks, Inc. B5 -- Model
B5G124-24
B5G124-24
Enterasys Networks, Inc. B5 -- Model
B5G124-24

show switch switchtype

Usethiscommandtodisplayinformationaboutsupportedswitchtypesinthestack.

Syntax
show switch switchtype [switchindex]

2-6

Configuring Switches in a Stack

show switch stack-ports

Parameters
switchindex

(Optional)Specifiestheswitchindex(SID)oftheswitchtypetodisplay.

Defaults
None.

Mode
Switchcommand,readonly.

Examples
Thisexampleshowshowtodisplayswitchtypeinformationaboutallswitchesinthestack:
B5(su)->show switch switchtype
SID
--1
2
3
4
5
6
7
8

Switch Model ID
-------------------------------B5G124-24
B5G124-24P2
B5G124-48
B5G124-48P2
B5K125-24
B5K125-24P2
B5K125-48
B5K125-48P2

Mgmt
Pref
---1
1
1
1
1
1
1
1

Code
Version
--------0xa08378
0xa08378
0xa08378
0xa08378
0xa08378
0xa08378
0xa08378
0xa08378

ThisexampleshowshowtodisplayswitchtypeinformationaboutSID1:
B5(su)->show switch switchtype 1
Switch Type
Model Identifier
Switch Description
Management Preference
Expected Code Version

0xb5121001
B5G124-24
Enterasys Networks, Inc. B5 -- Model
B5G124-24
1
0xa08378

Supported Cards:
Slot
Card Index (CID)
Model Identifier

0
1
B5G124-24

show switch stack-ports

Usethiscommandtodisplayvariousdataflowanderrorcountersonstackports.

Syntax
show switch stack-ports [unit]

Parameters
unit

(Optional)SpecifiestheswitchunitID,anintegerrangingfrom1to8.

Enterasys B5 CLI Reference

2-7

set switch

Defaults
None.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaydataanderrorinformationonstackports:
B5(ro)->show switch stack-ports
------------TX-------------- ------------RX----------Data
Error
Data
Error
Stacking
Rate
Rate
Total
Rate
Rate
Total
Switch
Port
(Mb/s) (Errors/s) Errors
(Mb/s) (Errors/s) Errors
------ ---------- ------ ---------- ---------- ------ ---------- -------1
Up
0
0
0
0
0
0
Down
0
0
0
0
0
0

set switch
UsethiscommandtoassignaswitchID,tosetaswitchspriorityforbecomingthemanagement
switchifthepreviousmanagementswitchfails,ortochangetheswitchunitIDforaswitchinthe
stack.

Syntax
set switch {unit [priority value | renumber newunit]}

Parameters
unit

Specifiesaunitnumberfortheswitch.Valuecanrangefrom1to8.

priorityvalue

Specifiesapriorityvaluefortheunit.Validvaluesare1to15withhigher
valuesassigninghigherpriority.

renumbernewunit

Specifiesanewnumberfortheunit.
Note: This number must be a previously unassigned unit ID number.

Defaults
None.

Mode
Switchcommand,readwrite.

Examples
Thisexampleshowshowtoassignpriority3toswitch5:
B5(su)->set switch 5 priority 3

Thisexampleshowshowtorenumberswitch5toswitch7:
B5(su)->set switch 5 renumber 7

2-8

Configuring Switches in a Stack

set switch copy-fw

Usethiscommandtoreplicatethecodeimagefilefromthemanagementswitchtoother
switch(es)inthestack.

Syntax
set switch copy-fw [destination-system unit]

Parameters
destinationsystem (Optional)Specifiestheunitnumberofunitonwhichtocopythe
unit
managementimagefile.

Defaults
Ifdestinationsystemisnotspecified,themanagementimagefilewillbereplicatedtoallswitches
inthestack.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoreplicatethemanagementimagefiletoallswitchesinthestack:
B5(su)->set switch copy-fw
Are you sure you want to copy firmware? (y/n) y
Code transfer completed successfully.

set switch description

Usethiscommandtoassignanametoaswitchinthestack.

Syntax
set switch description unit description

Parameters
unit

Specifiesaunitnumberfortheswitch.

description

Specifiesatextdescriptionfortheunit.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoassignthenameFirstUnittoswitchunit1inthestack:
B5(su)->set switch description 1 FirstUnit

Enterasys B5 CLI Reference

2-9

set switch movemanagement

Usethiscommandtomovemanagementswitchfunctionalityfromoneswitchtoanother.

Syntax
set switch movemanagement fromunit tounit

Parameters
fromunit

Specifiestheunitnumberofthecurrentmanagementswitch.

tounit

Specifiestheunitnumberofthenewlydesignatedmanagementswitch.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtomovemanagementfunctionalityfromswitch1toswitch2:
B5(su)->set switch movemenagement 1 2
Moving stack management will unconfigure entire stack including all interfaces.
Are you sure you want to move stack management? (y/n) y

set switch member

Usethiscommandtoaddavirtualmembertoastack.Thisallowsyoutopreconfigureaswitch
beforethephysicaldeviceisactuallyaddedtothestack.

Syntax
set switch member unit switch-id

Parameters
unit

Specifiesaunitnumberfortheswitch.

switchid

SpecifiesaswitchID(SID)fortheswitch.SIDscanbedisplayedwiththe
showswitchswitchtypecommand.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
RefertoCreatingaVirtualSwitchConfigurationonpage23formoreinformationabouthowto
addavirtualswitchtoastack.

2-10

Configuring Switches in a Stack

clear switch member

Example
Thisexampleshowshowtospecifyaswitchasunit1withaswitchIDof1:
B5(su)->set switch member 1 1

clear switch member

Usethiscommandtoremoveamemberentryfromthestack.

Syntax
clear switch member unit

Parameters
unit

Specifiestheunitnumberoftheswitch.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoremovetheswitch5entryfromthestack:
B5(su)->clear switch member 5

Enterasys B5 CLI Reference

2-11

clear switch member

2-12

Configuring Switches in a Stack

3
Basic Configuration
Atstartup,theEnterasysB5switchisconfiguredwithmanydefaultsandstandardfeatures.This
chapterdescribeshowtocustomizebasicsystemsettingstoadapttoyourworkenvironment.
For information about...

Refer to page...

Quick Start Setup Commands

3-1

Setting User Accounts and Passwords

3-2

Setting Basic Switch Properties

3-9

Downloading a Firmware Image

3-31

Reviewing and Selecting a Boot Firmware Image

3-34

Starting and Configuring Telnet

3-36

Managing Switch Configuration and Files

3-38

Clearing and Closing the CLI

3-48

Resetting the Switch

3-49

Using and Configuring WebView

3-51

Gathering Technical Support Information

3-54

Quick Start Setup Commands

ThetablesinthissectionprovideaquickreferencefortheCLIcommandsneededtobeginbasic
B5switchoperation.Table 31liststasksandtheirassociatedCLIcommandsrequiredforsetting
uptheswitchwiththelatestfirmware.Table 32listsoptionalCLIcommandsthatwillhelpyou
performadditionalbasicconfigurationontheswitch.Refertothepageslistedformore
informationabouteachcommand.
Table 3-1

Required CLI Setup Commands

Step Task

Refer to
page...

CLI commands

Set a new password.

set password [username]

3-5

Set the switch IP address.

set ip address ip-address [mask

ip-mask] [gateway ip-gateway]

3-10

Download, activate, and verify new

firmware on the switch using TFTP
copy.

copy tftp://tftp_server_ip_address/
filename system:image

3-44

set boot system filename

3-35

show version

3-26

Enterasys B5 CLI Reference

3-1

Setting User Accounts and Passwords

Table 3-2

Optional CLI Setup Commands

Refer to
page...

Task

CLI commands

Save the active configuration.

save config

3-40

Enable or disable SSH.

set ssh enable | disable

15-52

Enable or disable Telnet.

set telnet {enable | disable} [inbound |

outbound | all]

3-37

Enable or disable HTTP

management (WebView).

set webview {enable | disable}

3-52

Enable or disable SNMP port link

traps.

set port trap port-string {enable | disable}

7-25

Set the per port broadcast limit

set port broadcast port-string threshold-value

7-36

Configure a VLAN.

set vlan create vlan-id

10-5

set port vlan port-string vlan-id modify-egress

10-9

Set a Syslog server IP and

severity

set logging server index ip-addr ip-addr

severity severity state enable

10-9

Configure and enable a RADIUS

server.

set radius server index ip-addr

port [secret-value]{realm {management-access |
any | network-access}

15-4

set radius enable

15-4

Setting User Accounts and Passwords

Purpose
Tochangetheswitchsdefaultuserloginandpasswordsettings,andtoaddnewuseraccounts
andpasswords.

Commands
For information about...

3-2

Refer to page...

show system login

3-3

set system login

3-4

clear system login

3-4

set password

3-5

set system password length

3-6

set system password aging

3-6

set system password history

3-7

show system lockout

3-7

set system lockout

3-8

Basic Configuration

show system login

Usethiscommandtodisplayuserloginaccountinformation.

Syntax
show system login

Parameters
None.

Defaults
None.

Mode
Switchcommand,superuser.

Example
Thisexampleshowshowtodisplayloginaccountinformation.Inthiscase,switchdefaultshave
notbeenchanged:
B5(su)->show system login
Password history size: 0
Password aging
: disabled
Username

Access

State

admin
ro
rw

super-user
read-only
read-write

enabled
enabled
enabled

Table 31providesanexplanationofthecommandoutput.
Table 3-1

show system login Output Details

Output Field

What It Displays...

Password history size

Number of previously used user login passwords that will be checked for
duplication when the set password command is executed. Configured with set
system password history (page 3-7).

Password aging

Number of days user passwords will remain valid before aging out. Configured
with set system password aging (page 3-6).

Username

Login user names.

Access

Access assigned to this user account: super-user, read-write or read-only.

State

Whether this user account is enabled or disabled.

Enterasys B5 CLI Reference

3-3

set system login

Usethiscommandtocreateanewuserloginaccount,ortodisableorenableanexistingaccount.
TheEnterasysB5switchsupportsupto16useraccounts,includingtheadminaccount,which
cannotbedeleted.

Syntax
set system login username {super-user | read-write | read-only} {enable | disable}

Parameters
username

Specifiesaloginnameforaneworexistinguser.Thisstringcanbea
maximumof80characters,althoughamaximumof16charactersis
recommendedforproperviewingintheshowsystemlogindisplay.

superuser|
readwrite|
readonly

Specifiestheaccessprivilegesforthisuser.

enable|disable

Enablesordisablestheuseraccount.

Defaults
None.

Mode
Switchcommand,superuser.

Usage
Loginaccounts,includingtheadminuseraccount,canbelockedoutaftermultiplefailedattempts
tologintothesystem.Refertoshowsystemlockoutonpage37andsetsystemlockouton
page38formoreinformationaboutlockoutparameters.
Iftheadminuseraccounthasbeenlockedout,youmustwaituntiltheconfiguredlockouttime
periodhasexpiredoryoucanpowercycletheswitchtorebootit,whichwillreenabletheadmin
useraccount.

Example
Thisexampleshowshowtoenableanewuseraccountwiththeloginnamenetopswithsuper
useraccessprivileges:
B5(su)->set system login netops super-user enable

clear system login

Usethiscommandtoremovealocalloginuseraccount.

Syntax
clear system login username

Parameters
username

Specifiestheloginnameoftheaccounttobecleared.
Note: The default admin (su) account cannot be deleted.

3-4

Basic Configuration

set password

Defaults
None.

Mode
Switchcommand,superuser.

Example
Thisexampleshowshowtoremovethenetopsuseraccount:
B5(su)->clear system login netops

set password
UsethiscommandtochangesystemdefaultpasswordsortosetanewloginpasswordontheCLI.

Syntax
set password [username]

Parameters
username

(Onlyavailabletouserswithsuperuseraccess.)Specifiesasystemdefault
orauserconfiguredloginaccountname.Bydefault,theEnterasysB5
switchprovidesthefollowingaccountnames:
roforReadOnlyaccess.
rwforReadWriteaccess.
adminforSuperUseraccess.(ThisaccesslevelallowsReadWriteaccess
toallmodifiableparameters,includinguseraccounts.)

Defaults
None.

Mode
Switchcommand,readwrite.
Switchcommand,superuser.

Usage
ReadWriteuserscanchangetheirownpasswords.
SuperUsers(Admin)canchangeanypasswordonthesystem.
Ifyouforgetthepasswordfortheadminuseraccount,youcanresetthepasswordtothedefault
passwordvaluebypressingthepasswordresetbuttonontheswitch.

Examples
ThisexampleshowshowasuperuserwouldchangetheReadWritepasswordfromthesystem
default(blankstring):
B5(su)->set password rw
Please enter new password: ********
Please re-enter new password: ********

Enterasys B5 CLI Reference

3-5

set system password length

Password changed.
B5(su)->

ThisexampleshowshowauserwithReadWriteaccesswouldchangehispassword:
B5(rw)->set password
Please enter old password: ********
Please enter new password: ********
Please re-enter new password: ********
Password changed.
B5(rw)->

set system password length

Usethiscommandtosettheminimumuserloginpasswordlength.

Syntax
set system password length characters

Parameters
characters

Specifiestheminimumnumberofcharactersforauseraccountpassword.
Validvaluesare0to40.

Defaults
None.

Mode
Switchcommand,superuser.

Example
Thisexampleshowshowtosettheminimumsystempasswordlengthto8characters:
B5(su)->set system password length 8

set system password aging

Usethiscommandtosetthenumberofdaysuserpasswordswillremainvalidbeforeagingout,or
todisableuseraccountpasswordaging.

Syntax
set system password aging {days | disable}

Parameters
days

Specifiesthenumberofdaysuserpasswordswillremainvalidbefore
agingout.Validvaluesare1to365.

disable

Disablespasswordaging.

Defaults
None.

3-6

Basic Configuration

set system password history

Mode
Switchcommand,superuser.

Example
Thisexampleshowshowtosetthesystempasswordagetimeto45days:
B5(su)->set system password aging 45

set system password history

Usethiscommandtosetthenumberofpreviouslyuseduserloginpasswordsthatwillbechecked
forpasswordduplication.Thispreventsduplicatepasswordsfrombeingenteredintothesystem
withthesetpasswordcommand.

Syntax
set system password history size

Parameters
size

Specifiesthenumberofpasswordscheckedforduplication.Validvalues
are0to10.

Defaults
None.

Mode
Switchcommand,superuser.

Example
Thisexampleshowshowtoconfigurethesystemtocheckthelast10passwordsforduplication
B5(su)->set system password history 10

show system lockout

Usethiscommandtodisplaysettingsforlockingoutusersafterfailedattemptstologintothe
system.

Syntax
show system lockout

Parameters
None.

Defaults
None.

Mode
Switchcommand,superuser.
Enterasys B5 CLI Reference

3-7

set system lockout

Example
Thisexampleshowshowtodisplayuserlockoutsettings.Inthiscase,switchdefaultshavenot
beenchanged:
B5(su)->show system lockout
Lockout attempts: 3
Lockout time:
15 minutes.

Table 33providesanexplanationofthecommandoutput.Thesesettingsareconfiguredwiththe
setsystemlockoutcommand(setsystemlockoutonpage38).
Table 3-3

show system lockout Output Details

Output Field

What It Displays...

Lockout attempts

Number of failed login attempts allowed before a read-write or read-only users

account will be disabled.

Lockout time

Number of minutes the default admin user account will be locked out after the
maximum login attempts.

set system lockout

Usethiscommandtosetthenumberoffailedloginattemptsbeforelockingout(disabling)aread
writeorreadonlyuseraccount,andthenumberofminutestolockoutthedefaultadminsuper
useraccountaftermaximumloginattempts.

Syntax
set system lockout {[attempts attempts] [time time]}

Parameters
attemptsattempts

Specifiesthenumberoffailedloginattemptsallowedbeforeareadwrite
orreadonlyusersaccountwillbedisabled.Validvaluesare1to10.The
defaultvalueis3attempts.

timetime

Specifiesthenumberofminutesthedefaultadminuseraccountwillbe
lockedoutafterthemaximumloginattempts.Validvaluesare0to60.The
defaultvalueis15minutes.

Defaults

3attempts

15minutes

Mode
Switchcommand,superuser.

Usage
Onceauseraccountislockedout,itcanonlybereenabledbyasuperuserwiththesetsystem
logincommand(page34).
Ifthedefaultadminsuperuseraccounthasbeenlockedout,youcanwaituntilthelockouttime
hasexpiredoryoucanresettheswitchinordertoreenabletheadminaccount.

3-8

Basic Configuration

Setting Basic Switch Properties

Example
Thisexampleshowshowtosetloginattemptsto5andlockouttimeto30minutes:
B5(su)->set system lockout attempts 5 time 30

Setting Basic Switch Properties

Purpose
TodisplayandsetthesystemIPaddressandotherbasicsystem(switch)properties.

Commands
For information about...

Refer to page...

show ip address

3-10

set ip address

3-10

clear ip address

3-11

show ip protocol

3-12

set ip protocol

3-12

show ip route

3-13

show system

3-13

show system hardware

3-15

show system utilization

3-16

set system utilization

3-17

clear system utilization

3-17

set system temperature

3-18

clear system temperature

3-19

show time

3-20

set time

3-20

show summertime

3-21

set summertime

3-21

set summertime date

3-22

set summertime recurring

3-22

clear summertime

3-23

set prompt

3-24

show banner motd

3-24

set banner motd

3-25

clear banner motd

3-25

show version

3-26

Enterasys B5 CLI Reference

3-9

show ip address

For information about...

Refer to page...

set system name

3-27

set system location

3-27

set system contact

3-28

set width

3-28

set length

3-29

show logout

3-29

set logout

3-30

show console

3-30

set console baud

3-31

show ip address
UsethiscommandtodisplaythesystemIPaddressandsubnetmask.

Syntax
show ip address

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaythesystemIPaddressandsubnetmask:
B5(su)->show ip address
Name
---------------host

Address
---------------10.42.13.20

Mask
---------------255.255.0.0

set ip address
UsethiscommandtosetthesystemIPaddress,subnetmaskanddefaultgateway.
Note: The B5 does not support the ability for a user to configure the host's gateway to be a local
routed interface IP. The host's gateway must exist on a different device in the network if one is
configured.

Syntax
set ip address ip-address [mask ip-mask] [gateway ip-gateway]

3-10

Basic Configuration

clear ip address

Parameters
ipaddress

SetstheIPaddressforthesystem.ForEnterasysB5systems,thisistheIP
addressofthemanagementswitchasdescribedinAboutEnterasysB5
SwitchOperationinaStackonpage21.

maskipmask

(Optional)Setsthesystemssubnetmask.

gatewayipgateway

(Optional)Setsthesystemsdefaultgateway(nexthopdevice).

Defaults
Ifnotspecified,ipmaskwillbesettothenaturalmaskoftheipaddressandipgatewaywillbesetto
theipaddress.

Mode
Switchcommand,readwrite.

Usage
Parametersmustbeenteredintheordershown(hostIP,thenmask,thengateway)forthe
commandtobeaccepted.

Example
ThisexampleshowshowtosetthesystemIPaddressto10.1.10.1withamaskof255.255.128.0:
B5(su)->set ip address 10.1.10.1 mask 255.255.128.0

clear ip address
UsethiscommandtoclearthesystemIPaddress.

Syntax
clear ip address

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoclearthesystemIPaddress:
B5(rw)->clear ip address

Enterasys B5 CLI Reference

3-11

show ip protocol

show ip protocol
UsethiscommandtodisplaythemethodusedtoacquireanetworkIPaddressforswitch
management.

Syntax
show ip protocol

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaythemethodusedtoacquireanetworkIPaddress:
B5(su)->show ip protocol
System IP address acquisition method: dhcp

set ip protocol
UsethiscommandtospecifytheprotocolusedtoacquireanetworkIPaddressforswitch
management.

Syntax
set ip protocol {bootp | dhcp | none}

Parameters
bootp

SelectsBOOTPastheprotocoltousetoacquirethesystemIPaddress.

dhcp

SelectsDHCPastheprotocoltousetoacquirethesystemIPaddress.

none

NoprotocolwillbeusedtoacquirethesystemIPaddress.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtosetthemethodusedtoacquireanetworkIPaddresstoDHCP.
B5(su)->set ip protocol dhcp

3-12

Basic Configuration

show ip route

show ip route
UsethiscommandtodisplaytheIProutetable.

Syntax
show ip route

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
Thisexampleshowstheoutputofthiscommand.
B5(ro)->show ip route
INET route table
Destination
0.0.0.0/0
127.0.0.1
192.168.0.0/24
192.168.0.101

Gateway
192.168.0.1
127.0.0.1
127.0.0.1
127.0.0.1

Flags
UG
UH
UC
UH

Use
13
0
2
0

If
Metric
host
5
lo0
5
host
5
lo0
5

show system
Usethiscommandtodisplaysysteminformation,includingcontactinformation,powerandfan
traystatusanduptime.

Syntax
show system

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaysysteminformation:
B5(su)->show system

Enterasys B5 CLI Reference

3-13

show system

System contact:
System location:
System name:
Switch 1
-------PS1-Status
---------Ok

PS2-Status
---------Not Installed and/or Not Operating

Fan Group 1-Status

-----------------Ok

Fan Group 2-Status

-----------------Ok

Fan Group 3-Status

-----------------Ok

Fan Group 4-Status

-----------------Not Installed

Temp-Alarm
----------off
Temp alarm max threshold: 100%
Temp alarm trap: disabled
Temp alarm syslog: disabled
Thermal Sensor
-------------Power Supply
System
Uptime d,h:m:s
-------------1,0:18:54

Table 3-4

3-14

Thermal Threshold
----------------92%
91%
Logout
------0 min

show system Output Details

Output

What It Displays...

System contact

Contact person for the system. Default of a blank string can be changed with the
set system contact command (set system contact on page 3-28).

System location

Where the system is located. Default of a blank string can be changed with the
set system location command (set system location on page 3-27).

System name

Name identifying the system. Default of a blank string can be changed with the
set system name command (set system name on page 3-27).

Switch x

Indicates the switch position in the stack. When multiple switches are in a stack,
information for each switch is displayed.

PS1-Status

Operational status for the primary power supply.

PS2-Status

Operational status for the secondary power supply, if installed.

Fanx-Status

Operational status of the fan(s).

Temp-Alarm

Indicates status of temperature alarm on, off. The status will show NA (not
available) on switches that do not support this functionality.

Temp alarm max

threshold

The temperature alarm threshold expressed as a percentage of the maximum

rated. The default value is 100%.

Temp alarm trap

Indicates whether the sending of temperature alarm traps is enabled or disabled.

The default is disabled.

Basic Configuration

show system hardware

Table 3-4

show system Output Details (Continued)

Output

What It Displays...

Temp alarm syslog

Indicates whether temperature alarm syslog messages are enabled or disabled.

The default is disabled.

Thermal Sensor/Thermal Threshold

Lists the type of thermal sensor (power supply, system) and the percentage of
thermal threshold reached for that sensor. The status will show NA (not available) on switches that do not support this functionality.

Uptime d,h:m:s

System uptime.

Logout

Time an idle console or Telnet CLI session will remain connected before timing
out. Default of 5 minutes can be changed with the set logout command (set
logout on page 3-30).

show system hardware

Usethiscommandtodisplaythesystemshardwareconfiguration.

Syntax
show system hardware

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaythesystemshardwareconfiguration.Pleasenotethatthe
informationyouseedisplayedmaydifferfromthisexample.
B5(su)->show system hardware
SLOT 1 HARDWARE INFORMATION
--------------------------Model:
Serial Number:
Vendor ID:
Base MAC Address:
Hardware Version:
FirmWare Version:
Boot Code Version:

777777777777
0xbc00
00:11:88:B1:76:C0
BCM56514 REV 1
01.00.00.0052
01.00.42

Enterasys B5 CLI Reference

3-15

show system utilization

Usethiscommandtodisplaydetailedinformationabouttheprocessorrunningontheswitch,or
theoverallmemoryusageoftheFlashandSDRAMstoragedevicesontheunit,ortheprocesses
runningontheswitch.Onlythememoryusageinthemasterunitofastackisshown.

Syntax
show system utilization {cpu | storage | process}

Parameters
cpu

Displayinformationabouttheprocessorrunningontheswitch.

storage

Displayinformationabouttheoverallmemoryusageontheswitch.

process

Displayinformationabouttheprocessesrunningontheswitch.

Defaults
None.

Mode
Switchcommand,readonly.

Examples
ThisexampleshowshowtodisplaythesystemsCPUutilization:
B5(ro)->show system utilization cpu
CPU Utilization Threshold Traps enable: Threshold = 80.0%
Total CPU Utilization:
Switch
CPU
5 sec
1 min
5 min
----------------------------------------------1
1
50%
49%
49%

Thisexampleshowshowtodisplaythesystemsoverallmemoryusage:
B5(ro)->show system utilization storage
Storage Utilization:
Type
Description
Size(Kb)
Available (Kb)
--------------------------------------------------------------RAM
RAM device
262144
97173
Flash
Images, Config, Other
31095
8094

Thisexampleshowshowtodisplayinformationabouttheprocessesrunningonthesystem.Only
partialoutputisshown.
B5(ro)->show system utilization process
Switch:1
CPU:1
TID
Name
5Sec
1Min
5Min
---------------------------------------------------------c157930 ipMapForwardingTask
3.60%
3.02%
3.48%
cc70000 RMONTask
0.00%
0.00%
0.00%
ccb0b60 SNMPTask
34.80%
34.06%
31.78%
d4847a0 tEmWeb
0.00%
0.03%
0.01%
3-16

Basic Configuration

set system utilization

d4ca360
dec8600
eb74120
eb7fbc8
f00c9a0
f027648
f034858

hapiRxTask
lvl7TaskUtilMonitorTas
bcmRX
bcmLINK.0
bcmTX
bcmCNTR.0
bcmL2X.0

3.20%
0.40%
2.00%
0.40%
0.00%
0.00%
0.00%

4.80%
0.40%
2.91%
0.22%
0.33%
0.00%
0.02%

5.00%
0.40%
4.48%
0.32%
0.53%
0.03%
0.04%

set system utilization

UsethiscommandtosetthethresholdforsendingCPUutilizationnotificationmessages.

Syntax
set system utilization threshold threshold

Parameters
thresholdthreshold

Specifiesathresholdvaluein1/10ofapercent.Validrangeis1to1000.
Avalueof0disablesutilizationnotificationmessages.

Defaults
Thedefaultthresholdvalueis80%.

Mode
Switchcommand,readwrite.

Usage
ThiscommandsetsthepercentageofsystemCPUutilitizationthatwillcauseatrapnotificationto
besent.Afterthethresholdhasbeenexceeded,additionalnotificationswillbesentonceaminute
untiltheutilizationhasdroppedbackbelowthethreshold.

Example
ThisexamplesetstheCPUutilizationthresholdto75%.
B5(rw)->set system utilization threshold 750

clear system utilization

UsethiscommandtoresettheCPUutilizationthresholdtothedefaultof80%.

Syntax
clear system utilization

Parameters
None.

Defaults
Thedefaultthresholdvalueis80%.

Enterasys B5 CLI Reference

3-17

set system temperature

Mode
Switchcommand,readwrite.

Example
ThisexampleresetstheCPUutilizationthresholdtothedefault.
B5(rw)->show system utilization cpu
CPU Utilization Threshold Traps enable: Threshold = 75.0%
Total CPU Utilization:
Switch
CPU
5 sec
1 min
5 min
------------------------------------------------1
1
10%
10%
10%
B5(rw)->clear system utilization
B5(rw)->show system utilization cpu
CPU Utilization Threshold Traps enable: Threshold = 80.0%
Total CPU Utilization:
Switch
CPU
5 sec
1 min
5 min
------------------------------------------------1
1
14%
11%
10%

set system temperature

Usethiscommandtosetthesystemhightemperaturethresholdlimitandthehightemperature
alertparameters,ontheplatformsthatsupportthisfeature.

Syntax
set system temperature {[syslog enable | disable] [trap enable | disable]
[overtemp-threshold value]}

Parameters
syslogenable|
disable

Enablesordisableslogginghightemperaturealertstothesystemlog
whenthesystemtransitionsintoanalarmstate.

trapenable|disable

EnablesordisablessendinghightemperaturealertsbymeansofSNMP
trapswhenthesystemtransitionsintoanalarmstate.

overtempthreshold
value

Setsthethermalthresholdasapercentageofthemaximumratedforthe
specificplatform.Valuecanrangefrom0to100%.

Defaults
Syslogalertsaredisabledbydefault.
Trapalertsaredisabledbydefault.
Overtempthresholdis100%bydefault.

Mode
Switchcommand,readwrite.
3-18

Basic Configuration

clear system temperature

Usage
Ontheplatformsthatsupportthisfeature,temperaturesensorsarelocatedinseveraldifferent
locationswithinthedevice.Thresholdcalibrationshavebeencalculatedseparatelyforeach
platform.Thethermalovertempthresholdisthehighwatermarkthat,whenreached,triggersan
alerttowarnthesystemadministratorthatthedeviceisoperatingathightemperatures.
Whenahightemperaturealertconditionoccurs,theCPULEDonthefrontpaneloftheswitch
willflashred.Inaddition,ifenabled,asyslogmessagewillbeloggedand/oranSNMPtrapwill
besent.
Thevaluessetwiththiscommandcanbeviewedwiththeshowsystemcommand.

Example
ThefollowingexampleenablessendingSNMPtrapsandsetstheovertempthresholdto60%.
B5(su)->set system temperature trap enable overtemp-threshold 60

clear system temperature

Usethiscommandtoresetsystemhightemperatureparameterstotheirdefaultvalues,onthe
platformsthatsupportthisfeature.

Syntax
clear system temperature

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
Thiscommandresetsallthehightemperatureparameterstotheirdefaultvalues:

Syslogalertsaredisabledbydefault.

Trapalertsaredisabledbydefault.

Overtempthresholdis100%bydefault.

Example
Thisexampleresetsallhightemperatureparameterstotheirdefaults.
B5(su)->clear system temperature

Enterasys B5 CLI Reference

3-19

show time

show time
Usethiscommandtodisplaythecurrenttimeofdayinthesystemclock.

Syntax
show time

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaythecurrenttime.Theoutputshowsthedayoftheweek,
month,day,andthetimeofdayinhours,minutes,andsecondsandtheyear:
B5(su)->show time
THU SEP 05 09:21:57 2002

set time
Usethiscommandtochangethetimeofdayonthesystemclock.

Syntax
set time [mm/dd/yyyy] [hh:mm:ss]

Parameters
[mm/dd/yyyy]
[hh:mm:ss]

Setsthetimein:
month,day,yearand/or
24hourformat
Atleastonesetoftimeparametersmustbeentered.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtosetthesystemclockto7:50a.m:
B5(su)->set time 7:50:00

3-20

Basic Configuration

show summertime

show summertime
Usethiscommandtodisplaydaylightsavingstimesettings.

Syntax
show summertime

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaydaylightsavingstimesettings:
B5(su)->show summertime
Summertime is Enabled and set to ''
Start : SUN MAR 14 02:00:00
End
: SUN NOV 7 02:00:00
Offset: 60 minutes (1 hours 0 minutes)
Recurring: yes, starting at 2:00 of the second Sunday of March and ending at 2:00
of the first Sunday of November

set summertime
Usethiscommandtoenableordisablethedaylightsavingstimefunction.

Syntax
set summertime {enable | disable} [zone]

Parameters
enable|disable

Enablesordisablesthedaylightsavingstimefunction.

zone

(Optional)Appliesanametothedaylightsavingstimesettings.

Defaults
Ifazonenameisnotspecified,nonewillbeapplied.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtoenabledaylightsavingstimefunction:
B5(su)->set summertime enable

Enterasys B5 CLI Reference

3-21

set summertime date

Usethiscommandtoconfigurespecificdatestostartandstopdaylightsavingstime.These
settingswillbenonrecurringandwillhavetoberesetannually.

Syntax
set summertime date start_month start_date start_year start_hr_min end_month
end_date end_year end_hr_min [offset_minutes]

Parameters
start_month

Specifiesthemonthoftheyeartostartdaylightsavingstime.

start_date

Specifiesthedayofthemonthtostartdaylightsavingstime.

start_year

Specifiestheyeartostartdaylightsavingstime.

start_hr_min

Specifiesthetimeofdaytostartdaylightsavingstime.Formatishh:mm.

end_month

Specifiesthemonthoftheyeartoenddaylightsavingstime.

end_date

Specifiesthedayofthemonthtoenddaylightsavingstime.

end_year

Specifiestheyeartoenddaylightsavingstime.

end_hr_min

Specifiesthetimeofdaytoenddaylightsavingstime.Formatishh:mm.

offset_minutes

(Optional)Specifiestheamountoftimeinminutestooffsetdaylight
savingstimefromthenondaylightsavingstimesystemsetting.Valid
valuesare11440.

Defaults
Ifanoffsetisnotspecified,nonewillbeapplied.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtosetadaylightsavingstimestartdateofApril4,2004at2a.m.andan
endingdateofOctober31,2004at2a.m.withanoffsettimeofonehour:
B5(su)->set summertime date April 4 2004 02:00 October 31 2004 02:00 60

set summertime recurring

Usethiscommandtoconfigurerecurringdaylightsavingstimesettings.Thesesettingswillstart
andstopdaylightsavingstimeatthespecifieddayofthemonthandhoureachyearandwillnot
havetoberesetannually.

Syntax
set summertime recurring start_week start_day start_month start_hr_min end_week
end_day end_month end_hr_min [offset_minutes]

3-22

Basic Configuration

clear summertime

Parameters
start_week

Specifiestheweekofthemonthtorestartdaylightsavingstime.Valid
valuesare:first,second,third,fourth,andlast.

start_day

Specifiesthedayoftheweektorestartdaylightsavingstime.

start_hr_min

Specifiesthetimeofdaytorestartdaylightsavingstime.Formatis
hh:mm.

end_week

Specifiestheweekofthemonthtoenddaylightsavingstime.

end_day

Specifiesthedayoftheweektoenddaylightsavingstime.

end_hr_min

Specifiesthetimeofdaytoenddaylightsavingstime.Formatishh:mm.

offset_minutes

(Optional)Specifiestheamountoftimeinminutestooffsetdaylight
savingstimefromthenondaylightsavingstimesystemsetting.Valid
valuesare11440.

Defaults
Ifanoffsetisnotspecified,nonewillbeapplied.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowsetdaylightsavingstimetorecurstartingonthefirstSundayofAprilat
2a.m.andendingthelastSundayofOctoberat2a.m.withanoffsettimeofonehour:
B5(su)->set summertime recurring first Sunday April 02:00 last Sunday October
02:00 60

clear summertime
Usethiscommandtoclearthedaylightsavingstimeconfiguration.

Syntax
clear summertime

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoclearthedaylightsavingstimeconfiguration:
B5(su)->clear summertime

Enterasys B5 CLI Reference

3-23

set prompt

set prompt
Usethiscommandtomodifythecommandprompt.

Syntax
set prompt prompt_string

Parameters
prompt_string

Specifiesatextstringforthecommandprompt.
Note: A prompt string containing a space in the text must be enclosed in quotes as
shown in the example below.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtosetthecommandprompttoSwitch1:
B5(su)->set prompt Switch 1
Switch 1(su)->

show banner motd

Usethiscommandtoshowthebannermessageofthedaythatwilldisplayatsessionlogin.

Syntax
show banner motd

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaythebannermessageoftheday:
B5(rw)->show banner motd
This system belongs to XYZ Corporation.
Use of this system is strictly limited to authorized personnel.

3-24

Basic Configuration

set banner motd

Usethiscommandtosetthebannermessageofthedaydisplayedatsessionlogin.
Note: Banner message text must be enclosed in beginning and ending double quotation marks.
The message itself cannot contain any additional double quotation marks.

Syntax
set banner motd message

Parameters
message

Specifiesamessageoftheday.Thisisatextstringthatneedstobein
doublequotesifanyspacesareused.Usea\nforanewlineand\tfora
tab(eightspaces).

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtosetthemessageofthedaybannertoread:Thissystembelongsto
XYZCorporation.Useofthissystemisstrictlylimitedtoauthorizedpersonnel.
B5(rw)->set banner motd "\tThis system belongs to XYZ Corporation.\nUse of this
system is strictly limited to authorized personnel."

clear banner motd

Usethiscommandtoclearthebannermessageofthedaydisplayedatsessionlogintoablank
string.

Syntax
clear banner motd

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Enterasys B5 CLI Reference

3-25

show version

Example
Thisexampleshowshowtoclearthemessageofthedaybannertoablankstring:
B5(rw)->clear banner motd

show version
Usethiscommandtodisplayhardwareandfirmwareinformation.RefertoDownloadinga
FirmwareImageonpage331forinstructionsonhowtodownloadafirmwareimage.

Syntax
show version

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplayversioninformation.Pleasenotethatyoumayseedifferent
informationdisplayed,dependingonthetypeofhardware.
B5(su)->show version
Copyright (c) 2007 by Enterasys Networks, Inc.
Model
-------------B5G124-48P

Serial #
----------------001188021035

Versions
------------------Hw:BCM5665 REV 17
Bp:01.00.29
Fw:6.42.xx.xxxx
BuFw:03.01.13
PoE:500_3

Table 35providesanexplanationofthecommandoutput.
Table 3-5

show version Output Details

Output Field

What It Displays...

Model

Switchs model number.

Serial #

Serial number of the switch.

Versions

Hw: Hardware version number.

Bp: BootPROM version.
Fw: Current firmware version number.
BuFw: Backup firmware version number.
PoE: Power over Ethernet driver version. (Displays only for PoE switches.)

3-26

Basic Configuration

set system name

Usethiscommandtoconfigureanameforthesystem.

Syntax
set system name [string]

Parameters
string

(Optional)Specifiesatextstringthatidentifiesthesystem.
Note: A name string containing a space in the text must be enclosed in quotes as
shown in the example below.

Defaults
Ifstringisnotspecified,thesystemnamewillbecleared.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtosetthesystemnametoInformationSystems:
B5(su)->set system name Information Systems

set system location

Usethiscommandtoidentifythelocationofthesystem.

Syntax
set system location [string]

Parameters
string

(Optional)Specifiesatextstringthatindicateswherethesystemis
located.
Note: A location string containing a space in the text must be enclosed in quotes
as shown in the example below.

Defaults
Ifstringisnotspecified,thelocationnamewillbecleared.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtosetthesystemlocationstring:
B5(su)->set system location Bldg N32-04 Closet 9

Enterasys B5 CLI Reference

3-27

set system contact

Usethiscommandtoidentifyacontactpersonforthesystem.

Syntax
set system contact [string]

Parameters
string

(Optional)Specifiesatextstringthatcontainsthenameofthepersonto
contactforsystemadministration.
Note: A contact string containing a space in the text must be enclosed in quotes as
shown in the example below.

Defaults
Ifstringisnotspecified,thecontactnamewillbecleared.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtosetthesystemcontactstring:
B5(su)->set system contact Joe Smith

set width
Usethiscommandtosetthenumberofcolumnsfortheterminalconnectedtotheswitchsconsole
port.

Syntax
set width screenwidth [default]

Parameters
screenwidth

Setsthenumberofterminalcolumns.Validvaluesare50to150.

default

(Optional)Makesthissettingpersistentforallfuturesessions(writtento
NVRAM).

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
ThenumberofrowsofCLIoutputdisplayedissetusingthesetlengthcommandasdescribedin
setlengthonpage329.

3-28

Basic Configuration

set length

Example
Thisexampleshowshowtosettheterminalcolumnsto50:
B5(su)->set width 50

set length
UsethiscommandtosetthenumberoflinestheCLIwilldisplay.Thiscommandispersistent
(writtentoNVRAM).

Syntax
set length screenlength

Parameters
screenlength

SetsthenumberoflinesintheCLIdisplay.Validvaluesare0,which
disablesthescrollingscreenfeaturedescribedinDisplayingScrolling
Screensonpage19,andfrom5to512.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtosettheterminallengthto50:
B5(su)->set length 50

show logout
Usethiscommandtodisplaythetime(inseconds)anidleconsoleorTelnetCLIsessionwill
remainconnectedbeforetimingout.

Syntax
show logout

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Enterasys B5 CLI Reference

3-29

set logout

Example
ThisexampleshowshowtodisplaytheCLIlogoutsetting:
B5(su)->show logout
Logout currently set to: 10 minutes.

set logout
Usethiscommandtosetthetime(inminutes)anidleconsoleorTelnetCLIsessionwillremain
connectedbeforetimingout.

Syntax
set logout timeout

Parameters
timeout

Setsthenumberofminutesthesystemwillremainidlebeforetimingout.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtosetthesystemtimeoutto10minutes:
B5(su)->set logout 10

show console
Usethiscommandtodisplayconsolesettings.

Syntax
show console [baud] [bits] [flowcontrol] [parity] [stopbits]

Parameters
baud

(Optional)Displaystheinput/outputbaudrate.

bits

(Optional)Displaysthenumberofbitspercharacter.

flowcontrol

(Optional)Displaysthetypeofflowcontrol.

parity

(Optional)Displaysthetypeofparity.

stopbits

(Optional)Displaysthenumberofstopbits.

Defaults
Ifnoparametersarespecified,allsettingswillbedisplayed.

3-30

Basic Configuration

set console baud

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplayallconsolesettings:
B5(su)->show console
Baud
Flow
Bits
------ ------- ---9600
Disable 8

StopBits
---------1

Parity
-----none

set console baud

Usethiscommandtosettheconsoleportbaudrate.

Syntax
set console baud rate

Parameters
rate

Setstheconsolebaudrate.Validvaluesare:1200,2400,4800,9600,19200,38400,
57600,and115200.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtosettheconsoleportbaudrateto19200:
B5(su)->set console baud 19200

Downloading a Firmware Image

YoucanupgradetheoperationalfirmwareintheEnterasysB5switchwithoutphysicallyopening
theswitchorbeinginthesamelocation.Therearetwowaystodownloadfirmwaretotheswitch:

ViaTFTPdownload.ThisprocedureusesaTFTPserverconnectedtothenetworkand
downloadsthefirmwareusingtheTFTPprotocol.FordetailsonhowtoperformaTFTP
downloadusingthecopycommand,refertocopyonpage344.Forinformationonsetting
TFTPtimeoutandretryparameters,refertosettftptimeoutonpage346andsettftp
retryonpage347.

Viatheserial(console)port.Thisprocedureisanoutofbandoperationthatcopiesthe
firmwarethroughtheserialporttotheswitch.Itshouldbeusedincaseswhenyoucannot
connecttheswitchtoperformtheinbandcopydownloadprocedureviaTFTP.Serialconsole
downloadhasbeensuccessfullytestedwiththefollowingapplications:

TeraTermProVersion2.3

Enterasys B5 CLI Reference

3-31

Downloading a Firmware Image

Anyotherterminalapplicationsmayworkbutarenotexplicitlysupported.
TheB5switchallowsyoutodownloadandstoredualimages.Thebackupimagecanbe
downloadedandselectedasthestartupimagebyusingthecommandsdescribedinthissection.

Downloading from a TFTP Server

ToperformaTFTPdownload,proceedasfollows:
1.

Ifyouhavenotalreadydoneso,settheswitchsIPaddressusingthesetipaddresscommand
asdetailedinsetipaddressonpage310.

Downloadanewimagefileusingthecopycommandasdetailedincopyonpage344.

Downloading via the Serial Port

Todownloadswitchfirmwareviatheserial(console)port,proceedasfollows:
1.

Withtheconsoleportconnected,poweruptheswitch.Amessagesimilartothefollowing
displays:
Version 01.00.29 05-09-2005
Computing MD5 Checksum of operational code...
Select an option. If no selection in 2 seconds then
operational code will start.
1 - Start operational code.
2 - Start Boot Menu.
Select (1, 2):2
Password: *************

Beforethebootupcompletes,type2toselectStartBootMenu.Useadministratorforthe
Password.

Note: The Boot Menu password administrator can be changed using boot menu option 11.

Boot Menu Version 01.00.29 05-09-2005

Options available
1 - Start operational code
2 - Change baud rate
3 - Retrieve event log using XMODEM (64KB).
4 - Load new operational code using XMODEM
5 - Display operational code vital product data
6 - Run Flash Diagnostics
7 - Update Boot Code
8 - Delete operational code
9 - Reset the system
10 - Restore Configuration to factory defaults (delete config files)
11 - Set new Boot Code password
[Boot Menu] 2

3.
3-32

Type2.Thefollowingbaudrateselectionscreendisplays:

Basic Configuration

Downloading a Firmware Image

1
2
3
4
5
6
7
8
0

1200
2400
4800
9600
19200
38400
57600
115200
no change

Type8tosettheswitchbaudrateto115200.Thefollowingmessagedisplays:
Setting baud rate to 115200, you must change your terminal baud rate.

Settheterminalbaudrateto115200andpressENTER.

Fromthebootmenuoptionsscreen,type4toloadnewoperationalcodeusingXMODEM.
WhentheXMODEMtransferiscomplete,thefollowingmessageandheaderinformationwill
display:
[Boot Menu] 4
Ready to receive the file with XMODEM/CRC....
Ready to RECEIVE File xcode.bin in binary mode
Send several Control-X characters to cCKCKCKCKCKCKCK
XMODEM transfer complete, checking CRC....
Verified operational code CRC.
The following Enterasys Header is in the image:
MD5 Checksum....................fe967970996c4c8c43a10cd1cd7be99a
Boot File Identifier............0x0517
Header Version..................0x0100
Image Type......................0x82
Image Offset....................0x004d
Image length....................0x006053b3
Ident Strings Length............0x0028
Ident Strings...................
<platform specific>
Image Version Length............0x7
Image Version Bytes.............0x30 0x2e 0x35 0x2e 0x30 0x2e 0x34 (0.5.0.4)

Fromthebootmenuoptionsscreen,type2todisplaythebaudrateselectionscreenagain.

Type4settheswitchbaudrateto9600.Thefollowingmessagedisplays:
Setting baud rate to 9600, you must change your terminal baud rate.

Settheterminalbaudrateto9600andpressENTER.

10. Fromthebootmenuoptionsscreen,type1tostartthenewoperationalcode.Amessage
similartothefollowingdisplays:
Operational Code Date: Tue Jun 29 08:34:05 2004
Uncompressing.....

Reverting to a Previous Image

Intheeventthatyouneedtodowngradetoapreviousversionofcode,youcandosoby
completingthefollowingstepsasdescribedinthischapter.

Enterasys B5 CLI Reference

3-33

Reviewing and Selecting a Boot Firmware Image

Caution: Before reverting to a previous image, always back up your configuration by saving it to a
file (show config outfile on page 3-43). You can then copy the file to a remote location (copy on
page 3-44).

Note: You will not be able to peform these steps remotely unless you have remote console support.

Saveyourrunningconfigurationwiththesaveconfigcommand.

Makeacopyofthecurrentconfigurationwiththeshowconfigoutfileconfigs/filename
command.Usethedircommandtoconfirmthatthefilewascreated.

Ifdesired,copythefiletoaremoteTFTPserverwiththecopycommand:
copyconfigs/filenametftp://server_ipaddr/filename

Loadyourpreviousversionofcodeonthedevice,asdescribedinDownloadingaFirmware
Image(page 331).

Setthisolderversionofcodetobethebootcodewiththesetbootsystemcommand(page3
35).Whenthesystemasksifyouwanttoresetthedevice,specifyno(n).

Reloadthesavedconfigurationontothedevicewiththeconfigurecommand,describedon
page344.

Rebootthesystemusingtheresetcommand(page350).
Caution: If you do not follow the steps above, you may lose remote connectivity to the switch.

Reviewing and Selecting a Boot Firmware Image

Purpose
Todisplayandsettheimagefiletheswitchloadsatstartup.TheB5switchallowsyouto
downloadandstoreabackupimage,whichcanbeselectedasthestartupimagebyusingthe
commandsdescribedinthissection.

Commands
For information about...

Refer to page...

show boot system

3-34

set boot system

3-35

show boot system

Usethiscommandtodisplaythefirmwareimagetheswitchloadsatstartup.

Syntax
show boot system

3-34

Basic Configuration

set boot system

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaytheswitchsbootfirmwareimage:
B5(su)->show boot system
Current system image to boot: bootfile

set boot system

Usethiscommandtosetthefirmwareimagetheswitchloadsatstartup.

Syntax
set boot system filename

Parameters
filename

Specifiesthenameofthefirmwareimagefile.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
Thiscommandallowsyoutosetthefirmwareimagetobeloadedatstartup.Youcanchooseto
resetthesystemtousethenewfirmwareimageimmediately,oryoucanchoosetoonlyspecifythe
newimagetobeloadedthenexttimetheswitchisrebooted.
YoucanusethedircommandtodisplaytheActiveimageandtheBootimage,whichwillbe
theimageloadedatthenextsystemreboot.
Note: If you are changing the firmware image to a version earlier than the current version, refer to
Reverting to a Previous Image on page 3-33 for the correct steps to follow.

Example
Thisexampleshowshowtosetthebootfirmwareimagefiletobeusedatthenextrebootofthe
system,byansweringntotheprompt.ThedircommandisthenexecutedtodisplaytheActive
andBootimages.
B5(su)->set boot system b5_06.42.03.0007
This command can optionally reset the system to boot the new image.

Enterasys B5 CLI Reference

3-35

Starting and Configuring Telnet

Do you want to reset now (y/n) [n]?n

B5(su)->dir
Images:
==================================================================
Filename:
b5-series_06.42.00.0026 (Active)
Version:
06.42.00.0026
Size:
9405440 (bytes)
Date:
Fri Jul 18 12:48:35 2008
CheckSum:
f1626ccf10d8f48cd6c3e79ab602342a
Compatibility: <platform specific>
Filename:
Version:
Size:
Date:
CheckSum:
Compatibility:

b5-series_06.42.03.0007 (Boot)
06.42.03.0007
8290304 (bytes)
Fri May 9 11:35:27 2008
9f820d79239f10890442f8ff1f2bc914
<platform specific>

Starting and Configuring Telnet

Purpose
ToenableordisableTelnet,andtostartaTelnetsessiontoaremotehost.TheEnterasysB5switch
allowsatotaloffourinboundand/oroutboundTelnetsessiontorunsimultaneously.

Commands
For information about...
show telnet

3-36

set telnet

3-37

telnet

3-37

show telnet
UsethiscommandtodisplaythestatusofTelnetontheswitch.

Syntax
show telnet

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.
3-36

Refer to page...

Basic Configuration

set telnet

Example
ThisexampleshowshowtodisplayTelnetstatus:
B5(su)->show telnet
Telnet inbound is currently: ENABLED
Telnet outbound is currently: ENABLED

set telnet
UsethiscommandtoenableordisableTelnetontheswitch.

Syntax
set telnet {enable | disable} [inbound | outbound | all]

Parameters
enable|disable

EnablesordisablesTelnetservices.

inbound|
outbound|all

(Optional)Specifiesinboundservice(theabilitytoTelnettothisswitch),
outboundservice(theabilitytoTelnettootherdevices),orall(both
inboundandoutbound).

Defaults
Ifnotspecified,bothinboundandoutboundTelnetservicewillbeenabled.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtodisableinboundandoutboundTelnetservices:
B5(su)->set telnet disable all
Disconnect all telnet sessions and disable now (y/n)? [n]: y
All telnet sessions have been terminated, telnet is now disabled.

telnet
UsethiscommandtostartaTelnetconnectiontoaremotehost.TheEnterasysB5switchallowsa
totaloffourinboundand/oroutboundTelnetsessiontorunsimultaneously.

Syntax
telnet host [port]

Parameters
host

SpecifiesthenameorIPaddressoftheremotehost.

port

(Optional)Specifiestheserverportnumber.

Defaults
Ifnotspecified,thedefaultportnumber23willbeused.

Enterasys B5 CLI Reference

3-37

Managing Switch Configuration and Files

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtostartaTelnetsessiontoahostat10.21.42.13:
B5(su)->telnet 10.21.42.13

Managing Switch Configuration and Files

Configuration Persistence Mode
Thedefaultstateofconfigurationpersistencemodeisauto,whichmeansthatwhenCLI
configurationcommandsareentered,orwhenaconfigurationfilestoredontheswitchis
executed,theconfigurationissavedtoNVRAMautomaticallyatthefollowingintervals:

Onastandaloneunit,theconfigurationischeckedeverytwominutesandsavediftherehas
beenachange.

Onastack,theconfigurationissavedacrossthestackevery30minutesiftherehasbeena
change.

IfyouwanttosavearunningconfigurationtoNVRAMmoreoftenthantheautomaticintervals,
executethesaveconfigcommandandwaitforthesystemprompttoreturn.Aftertheprompt
returns,theconfigurationwillbepersistent.
Youcanchangethepersistencemodefromautotomanualwiththesetsnmppersistmode
command.Ifthepersistencemodeissettomanual,configurationcommandswillnotbe
automaticallywrittentoNVRAM.Althoughtheconfigurationcommandswillactivelymodifythe
runningconfiguration,theywillnotpersistacrossaresetunlessthesaveconfigcommandhas
beenexecuted.
Note: When your device is configured for manual SNMP persistence mode, and you attempt to
change the boot system image, the device will not prompt you to save changes or warn you that
changes will be lost.

Purpose
TosetandviewthepersistencemodeforCLIconfigurationcommands,manuallysavethe
runningconfiguration,view,manage,andexecuteconfigurationfilesandimagefiles,andsetand
viewTFTPparameters.

Commands

3-38

For information about...

Refer to page...

show snmp persistmode

3-39

set snmp persistmode

3-40

save config

3-40

dir

3-41

show file

3-42

Basic Configuration

show snmp persistmode

For information about...

Refer to page...

show config

3-43

configure

3-44

copy

3-44

delete

3-45

show tftp settings

3-45

set tftp timeout

3-46

clear tftp timeout

3-47

set tftp retry

3-47

clear tftp retry

3-48

show snmp persistmode

Usethiscommandtodisplaytheconfigurationpersistencemodesetting.

Syntax
show snmp persistmode

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Usage
Bydefault,themodeissettoautosave,whichautomaticallysavesconfigurationchangesat
specificintervals.Ifthemodeissettomanual,configurationcommandsareneverautomatically
saved.Inordertomakeconfigurationchangespersistentwhenthemodeismanual,thesave
configcommandmustbeissuedasdescribedinConfigurationPersistenceModeonpage338.

Example
Thisexampleshowshowtodisplaytheconfigurationpersistencemodesetting.Inthiscase,
persistencemodeissettomanual,whichmeansconfigurationchangesarenotbeing
automaticallysaved.
B5(su)->show snmp persistmode
persistmode is manual

Enterasys B5 CLI Reference

3-39

set snmp persistmode

Usethiscommandtosettheconfigurationpersistencemode,whichdetermineswhetheruser
definedconfigurationchangesaresavedautomatically,orrequireissuingthesaveconfig
command.SeeConfigurationPersistenceModeonpage338formoreinformation.

Syntax
set snmp persistmode {auto | manual}

Parameters
auto

Setstheconfigurationpersistencemodetoautomatic.Thisisthedefault
state.

manual

Setstheconfigurationpersistencemodetomanual.Inordertomake
configurationchangespersistent,thesaveconfigcommandmustbe
issuedasdescribedinsaveconfigonpage340.Thismodeisusefulfor
revertingbacktooldconfigurations.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtosettheconfigurationpersistencemodetomanual:
B5(su)->set snmp persistmode manual

save config
Usethiscommandtosavetherunningconfiguration.Ifapplicable,thiscommandwillsavethe
configurationtoallswitchmembersinastack.

Syntax
save config

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtosavetherunningconfiguration:
B5(su)->save config

3-40

Basic Configuration

dir

dir
Usethiscommandtolistconfigurationandimagefilesstoredinthefilesystem.

Syntax
dir [filename]

Parameters
filename

(Optional)Specifiesthefilenameordirectorytolist.

Defaults
Iffilenameisnotspecified,allfilesinthesystemwillbedisplayed.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtolistalltheconfigurationandimagefilesinthesystem.Thedisplay
indicateswhichimagefileistheActivefileandwhichimagefileistheBootfilethatwillbeused
thenexttimethesystemreboots.
B5(su)->dir
Images:
==================================================================
Filename:
b5-series_06.42.00.0029 (Active)
Version:
06.42.00.0029
Size:
9411584 (bytes)
Date:
Fri Aug 1 06:55:23 2008
CheckSum:
6126a7aadfdf05150afb6eca51982302
Compatibility: <platform specific>
Filename:
Version:
Size:
Date:
CheckSum:
Compatibility:

b5-series_06.42.00.0030 (Boot)
06.42.00.0030
9411584 (bytes)
Fri Aug 8 08:44:04 2008
627938b785fa7fdb8eed74672af1edcc
<platform specific>

Files:
================================
configs:
base_may
base_apr
base_july
base_june
logs:
current.log

Size
========
22629
22629
20581
20581
2065

Enterasys B5 CLI Reference

3-41

show file

show file
Usethiscommandtodisplaythecontentsofafile.

Syntax
show file filename

Parameters
filename

Specifiesthenameofthefiletodisplay.

Defaults
None.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplayatextfilenamedmyconfigintheconfigs/directory.Note
thatonlyaportionofthefileisshowninthisexample.
B5(rw)->show file configs/myconfig
...
17 : #snmp
18 :
19 : set snmp access ro security-model v1 exact read All notify All nonvolatile
20 :
21 : set snmp access ro security-model v2c exact read All notify All nonvolatile
22 :
23 : set snmp access public security-model v1 exact read All write All notify All
nonvolatile
24 :
25 : set snmp access public security-model v2c exact read All write All notify All
nonvolatile
26 :
27 : set snmp access public security-model usm exact read All write All notify All
nonvolatile
28 :
29 : set snmp community :xxxxxxxxxxx:
30 :
31 : set snmp group ro user ro security-model v1
32 :
33 : set snmp group public user public security-model v1
34 :
35 : set snmp group ro user ro security-model v2c
36 :
37 : set snmp group public user public security-model v2c
38 :
39 : set snmp group public user public security-model usm
40 :
41 : set snmp user public authentication md5 :xxxxxxxxx: encryption des privacy
:xxxxxxxxxx:
42 :
43 : set snmp view viewname All subtree 1
44 :
45 : !

3-42

Basic Configuration

show config

show config
Usethiscommandtodisplaythesystemconfigurationorwritetheconfigurationtoafile.

Syntax
show config [all | facility] [outfile {configs/filename}]

Parameters
all

(Optional)Displaysdefaultandnondefaultconfigurationsettings.

facility

(Optional)Specifiestheexactnameofonefacilityforwhichtoshow
configuration.Forexample,enterroutertoshowonlyrouter
configuration.

outfile

(Optional)Specifiesthatthecurrentconfigurationwillbewrittentoatext
fileintheconfigs/directory.

configs/filename

Specifiesafilenameintheconfigs/directorytodisplay.

Defaults
Bydefault,showconfigwilldisplayallnondefaultconfigurationinformationforallfacilities.

Mode
Switchcommand,readonly.

Usage
Theseparatefacilitiesthatcanbedisplayedbythiscommandareidentifiedinthedisplayofthe
currentconfigurationbya#precedingthefacilityname.Forexample,#portindicatesthefacility
nameport.

Examples
Thisexampleshowshowtowritethecurrentconfigurationtoafilenamedsave_config2:
B5(rw)->show config all outfile configs/save_config2

Thisexampleshowshowtodisplayconfigurationforthefacilityport.
B5(rw)->show config port
This command shows non-default configurations only.
Use 'show config all' to show both default and non-default configurations.
begin
!
#***** NON-DEFAULT CONFIGURATION *****
!
!
#port
set port jumbo disable ge.1.1
!
end

Enterasys B5 CLI Reference

3-43

configure

configure
Usethiscommandtoexecuteapreviouslydownloadedconfigurationfilestoredontheswitch.

Syntax
configure filename [append]

Parameters
filename

Specifiesthepathandfilenameoftheconfigurationfiletoexecute.

append

(Optional)Appendstheconfigurationfilecontentstothecurrent
configuration.Thisisequivalenttotypingthecontentsoftheconfigfile
directlyintotheCLIandcanbeused,forexample,tomakeincremental
adjustmentstothecurrentconfiguration.

Defaults
Ifappendisnotspecified,thecurrentrunningconfigurationwillbereplacedwiththecontentsof
theconfigurationfile,whichwillrequireanautomatedresetofthechassis.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoexecutetheJan1_2004.cfgconfigurationfile:
B5(su)->configure configs/Jan1_2004.cfg

copy
UsethiscommandtouploadordownloadanimageoraCLIconfigurationfile.

Syntax
copy source {destination | system:image}

Parameters
source

Specifieslocationandnameofthesourcefiletocopy.Optionsarealocalfile
pathintheconfigsorlogsdirectory,ortheURLofaTFTP,SecureFTP(SFTP),
orSecureCopy(SCP)server.

destination

Specifieslocationandnameofthedestinationwherethefilewillbecopied.
Optionsarealocalfilepathintheconfigsdirectory,ortheURLofaTFTP,
SFTP,orSCPserver.

system:image

Therequireddestinationofanimagefile.
Note: Only TFTP can be used to download an image file.

Defaults
None.

3-44

Basic Configuration

delete

Mode
Switchcommand,readwrite.

Usage
SFTPandSCPcanonlybeusedtotransferconfigurationfilesorthelogs/current.logfile.You
cannotuseSFTPorSCPtodownloadimages(system:image).

Examples
ThisexampleshowshowtodownloadanimageviaTFTP:
B5(su)->copy tftp://10.1.192.34/version01000

system:image

Thisexampleshowshowtodownloadaconfigurationfiletotheconfigsdirectory:
B5(su)->copy tftp://10.1.192.1/Jan1_2004.cfg

configs/Jan1_2004.cfg

ThisexampleshowshowtouploadaconfigurationfilefromtheconfigsdirectoryusingSFTP.
B5(su)->copy configs/Jan1_2009.cfg

sftp://user:[email protected]/Jan1_2009.cfg

delete
UsethiscommandtoremoveanimageoraCLIconfigurationfilefromtheswitch.

Syntax
delete filename

Parameters
filename

Specifiesthelocalpathnametothefile.Validdirectoriesare/imagesand
/configs.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
Usethedircommand(page341)todisplaycurrentimageandconfigurationfilenames.

Example
ThisexampleshowshowtodeletetheJan1_2004.cfgconfigurationfile:
B5(su)->delete configs/Jan1_2004.cfg

show tftp settings

UsethiscommandtodisplayTFTPsettingsusedbytheswitchduringdatatransfersusingTFTP.

Syntax
show tftp settings
Enterasys B5 CLI Reference

3-45

set tftp timeout

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Usage
TheTFTPtimeoutvaluecanbesetwiththesettftptimeoutcommand.TheTFTPretryvaluecan
besetwiththesettftpretrycommand.

Example
Thisexampleshowstheoutputofthiscommand.
B5(ro)->show tftp settings
TFTP packet timeout (seconds): 2
TFTP max retry: 5

set tftp timeout

UsethiscommandtoconfigurehowlongTFTPwillwaitforareplyofeitheranacknowledgement
packetoradatapacketduringadatatransfer.

Syntax
set tftp timeout seconds

Parameters
seconds

Specifiesthenumberofsecondstowaitforareply.Thevalidrangeis
from1to30seconds.Defaultvalueis2seconds.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexamplesetsthetimeoutperiodto4seconds.
B5(rw)->set tftp timeout 4

3-46

Basic Configuration

clear tftp timeout

UsethiscommandtoresettheTFTPtimeoutvaluetothedefaultvalueof2seconds.

Syntax
clear tftp timeout

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoclearthetimeoutvaluetothedefaultof2seconds.
B5(rw)-> clear tftp timeout

set tftp retry

UsethiscommandtoconfigurehowmanytimesTFTPwillresendapacket,eitheran
acknowledgementpacketoradatapacket.

Syntax
set tftp retry retry

Parameters
retry

Specifiesthenumberoftimesapacketwillberesent.Thevalidrangeis
from1to1000.Defaultvalueis5retries.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexamplesetstheretrycountto3.
B5(rw)->set tftp retry 3

Enterasys B5 CLI Reference

3-47

clear tftp retry

UsethiscommandtoresettheTFTPretryvaluetothedefaultvalueof5retries.

Syntax
clear tftp retry

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtocleartheretryvaluetothedefaultof5retries.
B5(rw)-> clear tftp retry

Clearing and Closing the CLI

Purpose
TocleartheCLIscreenortocloseyourCLIsession.

Commands
For information about...
cls

3-48

exit

3-49

cls (clear screen)

UsethiscommandtoclearthescreenforthecurrentCLIsession.

Syntax
cls

Parameters
None.

Defaults
None.

3-48

Refer to page...

Basic Configuration

exit

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtocleartheCLIscreen:
B5(su)->cls

exit
UseeitherofthesecommandstoleaveaCLIsession.

Syntax
exit

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Usage
Bydefault,switchtimeoutoccursafter15minutesofuserinactivity,automaticallyclosingyour
CLIsession.Usethesetlogoutcommand(page330)tochangethisdefault.

Example
ThisexampleshowshowtoexitaCLIsession:
B5(su)->exit

Resetting the Switch

Purpose
Toresetoneormoreswitches,andtocleartheuserdefinedconfigurationparameters.

Commands
For information about...

Refer to page...

reset

3-50

clear config

3-50

Enterasys B5 CLI Reference

3-49

reset

reset
Usethiscommandtoresettheswitchwithoutlosinganyuserdefinedconfigurationsettings.

Syntax
reset [unit]

Parameters
unit

(Optional)Specifiesaunittobereset.

Defaults
IfnounitIDisspecified,theentiresystemwillbereset.

Mode
Switchcommand,readwrite.

Usage
AEnterasysB5switchcanalsoberesetwiththeRESETbuttonlocatedonitsfrontpanel.For
informationonhowtodothis,refertotheEnterasysB5InstallationGuideshippedwithyour
switch.

Examples
Thisexampleshowshowtoresetthesystem:
B5(su)->reset
Are you sure you want to reload the stack? (y/n) y
Saving Configuration to stacking members
Reloading all switches.

Thisexampleshowshowtoresetunit1:
B5(su)->reset 1
Are you sure you want to reload the switch? (y/n) y
Reloading switch 1.
This switch is manager of the stack.
STACK: detach 3 units

clear config
Usethiscommandtocleartheuserdefinedconfigurationparameters.

Syntax
clear config [all]

Parameters
all

3-50

Basic Configuration

(Optional)Clearsuserdefinedconfigurationparameters(andstackunit
numbersandpriorities,ifapplicable).

Using and Configuring WebView

Defaults
Ifallisnotspecified,stackingconfigurationparameterswillnotbecleared.

Mode
Switchcommand,readwrite.

Usage
Whenusingtheclearconfigcommandtoclearconfigurationparametersinastack,itisimportant
torememberthefollowing:

UseclearconfigtoclearconfigurationparameterswithoutclearingstackunitIDs.This
commandWILLNOTclearstackparametersandavoidstheprocessofrenumberingthe
stack.

Useclearconfigallwhenitisnecessarytoclearallconfigurationparameters,includingstack
unitIDs(ifapplicable)andswitchpriorityvalues.

UsetheclearipaddresscommandtocleartheIPaddress.

Configurationparametersandstackinginformationcanalsobeclearedonthemasterunitonlyby
selectingoption10(restoreconfigurationtofactorydefaults)fromthebootmenuonswitch
startup.Thisselectionwillleavestackingprioritiesonallotherunits,ifapplicable.

Example
Thisexampleshowshowtoclearconfigurationparameters(includingstackingparameters,if
applicable):
B5(su)->clear config all

Using and Configuring WebView

Purpose
Bydefault,WebView(TheEnterasysNetworksembeddedwebserverforswitchconfiguration
andmanagementtasks)isenabledonTCPportnumber80ontheEnterasysB5switch.Youcan
verifyWebViewstatus,andenableordisableWebViewusingthecommandsdescribedinthis
section.WebViewcanalsobesecurelyusedoverSSLport443,ifSSLisenabledontheswitch.By
default,SSLisdisabled.
TouseWebView,typetheIPaddressoftheswitchinyourbrowser.TouseWebViewoverSSL,
typeinhttps://thentheIPaddressoftheswitch.Forexample,https://172.16.2.10.

Commands
For information about...

Refer to page...

show webview

3-52

set webview

3-52

show ssl

3-53

set ssl

3-53

Enterasys B5 CLI Reference

3-51

show webview

show webview
UsethiscommandtodisplayWebViewstatus.

Syntax
show webview

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayWebViewstatus:
B5(rw)->show webview
WebView is Enabled.

set webview
UsethiscommandtoenableordisableWebViewontheswitch.

Syntax
set webview {enable [ssl-only] | disable}

Parameters
enable|disable

EnableordisableWebViewontheswitch.

sslonly

(Optional)EnablesWebViewwithSSLonly.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
WhenyouenableWebViewwithoutusingthesslonlyoption,HTTPcanbeusedtoaccess
WebView.Ifyouenablewiththesslonlyoption,onlyHTTPScanbeusedtoaccessWebView.Use
thesetsslcommandtoenableSSL(andHTTPS)ontheswitch.
Refertosetsslonpage 353forinformationaboutenablinganddisablingSSLontheswitch.
ItisgoodpracticeforsecurityreasonstodisableHTTPaccessontheswitchwhenfinished
configuringwithWebView,andthentoonlyenableWebViewontheswitchwhenchangesneedto
bemade.

3-52

Basic Configuration

show ssl

Example
ThisexampleshowshowtodisableWebViewontheswitch:ssl
B5(rw)->set webview disable

show ssl
UsethiscommandtodisplaySSLstatus.

Syntax
show ssl

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaySSLstatus:
B5(rw)->show ssl
SSL status: Enabled

set ssl
UsethiscommandtoenableordisabletheuseofWebViewoverSSLport443.Bydefault,SSLis
disabledontheswitch.Thiscommandcanalsobeusedtoreinitializethehostkeythatisusedfor
encryption.

Syntax
set ssl {enabled | disabled | reinitialize | hostkey reinitialize}

Parameters
enabled|disabled

EnablesordisablestheabilitytouseWebViewoverSSL.

reinitialize

StopsandthenrestartstheSSLprocess.

hostkeyreinitialize

StopsSSL,regeneratesnewkeys,andthenrestartsSSL.

Defaults
Bydefault,SSLisdisabledontheswitch.

Mode
Switchcommand,readwrite.

Enterasys B5 CLI Reference

3-53

Gathering Technical Support Information

Example
ThisexampleshowshowtoenableSSL:
B5(rw)->set ssl enabled

Gathering Technical Support Information

Purpose
Togathercommontechnicalsupportinformation.

Command
For information about...
show support

Refer to page...
3-54

show support
Usethiscommandtodisplayswitchinformationfortroubleshooting.

Syntax
show support

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Usage
Thiscommandinitiatesanumberofshowcommandstoeasilygatherbasicinformationfroman
installeddevice.Tousethiscommand,setyourconsoletocapturetheoutputtoafilefirst,before
executingthecommand,sincetheoutputisextensive.
Outputfromthefollowingcommandsisgatheredbythiscommand:

3-54

showversion

showloggingbuffer

showportstatus

showsystemutilizationprocess

showsystemutilizationstorage

showconfig

Basic Configuration

show support

Example
Thereisnodisplayexamplebecausetheoutputofthiscommandisquitelengthy.

Enterasys B5 CLI Reference

3-55

show support

3-56

Basic Configuration

4
Configuring System Power and PoE
Important Notice
The commands in this section apply only to PoE-equipped devices. Consult the Installation Guide for your
product to determine if it is PoE-equipped.

ThecommandsinthischapterallowyoutoreviewandsetsystempowerandPoE(Powerover
Ethernet)parameters,includingthepoweravailabletothesystem,theusagethresholdforeach
module,whetherornotSNMPtrapmessageswillbesentwhenpowerstatuschanges,andper
portPoEsettings.
Formoreextensiveconfigurationinformation,refertotheConfiguringPoweroverEthernet
ManagementfeatureguideontheEnterasysNetworkswebsite:https://extranet.enterasys.com/
downloads/

Power Management
Management of PoE Power to PDs
ForeachPoEcapablemodule,youcanconfigurehowitsPoEcontrollermakespoweravailableto
attachedpowereddevices(PDs).Onapermodulebasis,youcanconfigure:

Realtimemode,inwhichthePoEcontrollercalculatesthepowerneededbyaPDbasedon
theactualpowerconsumptionoftheattacheddevices.

Classmode,inwhichthePoEcontrollermanagespowerbasedontheIEEE802.3af/.3at
definitionoftheclasslimitsadvertisedbytheattacheddevices,withtheexceptionthatfor
class0andclass4devices,actualpowerconsumptionwillalwaysbeused.Inthismode,the
maximumamountofpowerrequiredbyadeviceintheadvertisedclassisreservedforthe
port,regardlessoftheactualamountofpowerbeingusedbythedevice.

PowermanagementtoPDsisconfiguredwiththecommandsetinlinepowermanagement
(page 47).PoEclassesaredefinedas:
Table 4-1

PoE Powered Device Classes

Class

Power Output at Port

Power Range Used by Device

15.4 watts

0.44 to 12.95 watts

4.0 watts

0.44 to 3.84 watts

7.0 watts

3.84 to 6.49 watts

15.4 watts

6.49 to 12.95 watts

Enterasys B5 CLI Reference

4-1

Commands

Table 4-1

PoE Powered Device Classes

Class

Power Output at Port

Power Range Used by Device

34 watts (802.3at)

12.95 to 25.5 watts (802.3at)

Reserved (802.3af)

Treat as class 0 (802.3af)

Commands
For information about...

Refer to page...

show inlinepower

4-2

set inlinepower threshold

4-3

set inlinepower trap

4-4

set inlinepower detectionmode

4-4

show port inlinepower

4-5

set port inlinepower

4-6

set inlinepower management

4-7

show inlinepower
Usethiscommandtodisplaysystempowerproperties.

Syntax
show inlinepower

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaysystempowerproperties:
B5(su)->show inlinepower
Detection Mode
: auto
Unit
---1

Status
-----auto

Power(W)
------375

Consumption(W) Usage(%)
------------- -------0.00
0.00

Table 42providesanexplanationofthecommandoutput.

4-2

Configuring System Power and PoE

Threshold(%)
-----------80

Trap
Mgmt Mode
-----------enable realtime

set inlinepower threshold

Table 4-2

show inlinepower Output Details

Output

What It Displays...

Detection Mode

Displays the PD detection mode used by the switch. The detection mode can be
configured with the command set inlinepower detectionmode (page 4-4).

Unit

Number of PoE-capable module.

Status

Whether the PoE administrative state is off (disabled) or auto (on). This state is not
configurable.

Power (W)

Units available power wattage.

Consumption (W)

Units power wattage consumed.

Usage (%)

Units percentage of total system PoE power usage.

Threshold (%)

Units alloted percentage of total PoE power available in the system. The threshold
can be configured with the command set inlinepower threshold (page 4-3).

Trap

Whether PoE trap messaging is enabled or disabled on this unit. Trap messaging
can be configured with the command set inlinepower trap (page 4-4).

Mgmt Mode

Specifies the power management mode of the module, either realtime or class.
Power management mode is configured with the command set inlinepower
management (page 4-7).

set inlinepower threshold

Usethiscommandtosetthepowerusagethresholdonaspecifiedunitormodule.

Syntax
set inlinepower threshold usage-threshold module-number

Parameters
usagethreshold

Specifiesapowerthresholdasapercentageofavailablesystempower.
Validvaluesare11to100.

modulenumber

Specifiesthemoduleorunitonwhichtosetthepowerthreshold.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
ThethresholdisexpressedasapercentageoftheavailablePoEpower.Whenthisthresholdis
reached,atrapwillbesentiftrapsareenabledwiththesetinlinepowertrapcommand.

Example
Thisexampleshowshowtosetthepowerthresholdto90onmodule/unit1:
B5(su)->set inlinepower threshold 90 1

Enterasys B5 CLI Reference

4-3

set inlinepower trap

UsethiscommandtoenableordisablethesendingofanSNMPtrapmessageforaunitormodule
wheneverthestatusofitsportschanges,orwhenevertheunitspowerusagethresholdiscrossed.

Syntax
set inlinepower trap {disable | enable} module-number

Parameters
disable|enable

Disablesorenablesinlinepowertrapmessaging.

modulenumber

Specifiesthemoduleorunitonwhichtodisableorenabletrapmessaging.

Defaults
Sendingoftrapsisdisabledbydefault.

Mode
Switchcommand,readwrite.

Usage
Themodulesorunitspowerusagethresholdmustbesetusingthesetinlinepowerthreshold
commandasdescribedonpage43.

Example
Thisexampleshowshowtoenableinlinepowertrapmessagingonmodule1:
B5(su)->set inlinepower trap enable 1

set inlinepower detectionmode

UsethiscommandtospecifythemethodtheswitchwillusetodetectPDs(powereddevices)
connectedtoitsports.

Syntax
set inlinepower detectionmode {auto | ieee)

Parameters
auto

Specifiesthattheswitchwillusethestandard802.3afdetectionmethod
first.Ifthatfails,thentheswitchwillusethelegacy(pre802.3af
standard)capacitancemethodofdetection.

ieee

Specifiesthattheswitchwillonlyusethestandard802.3afdetection
method.

Defaults
Defaultdetectionmodeisauto.

Mode
Switchcommand,readwrite.

4-4

Configuring System Power and PoE

show port inlinepower

Usage
ThiscommandisusedtospecifyhowtheswitchshoulddetectPDsconnectedtoitsports.ThePoE
hardwareintheswitchescanusetheIEEEstandard802.3af(resistorbased)methodora
proprietarymethodusingcapacitordetection.
Ifautoisconfigured,theswitchwillfirstusetheIEEEresistorbaseddetectionmethod,andifthat
fails,theswitchwillusethecapacitorbaseddetectionmethod.Ifieeeisconfigured,onlytheIEEE
resistorbaseddetectionmethodwillbeused.

Example
ThisexamplesetstheswitchsPDdetectionmodetoIEEEstandard802.3afonly.
B5(su)->set inlinepower detectionmode ieee

show port inlinepower

UsethiscommandtodisplayinformationaboutportsontheswitchsupportingPoE.

Syntax
show port inlinepower [port-string]

Parameters
portstring

(Optional)DisplaysinformationforspecificPoEport(s).

Defaults
Ifnoportstringisspecified,informationforallPoEportswillbedisplayed.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayPoEinformationforportge.2.1.Inthiscase,theports
administrativestate,PoEpriorityandclasshavenotbeenchangedfromdefaultvalues:
B5(su)->show port inlinepower ge.2.1
Port

Type

Admin

Oper

Priority

------- ----- ------ ----------------ge.2.1

auto

Table 4-3

Searching

-------Low

Class

Power(W)

-----

-------- ---------- -------------

Capability

802.3at

Power Select

802.3at

show port inlinepower Output Details

Output Field

What it Displays

Port

The port being displayed in this row.

Type

A text string describing the type of device connected to the port, set with the set
port inlinepower command.

Admin

The ports PoE administrative state, off (disabled) or auto (on). Can be set with
the set port inlinepower command.

Enterasys B5 CLI Reference

4-5

set port inlinepower

Table 4-3

show port inlinepower Output Details (Continued)

Output Field
Oper

What it Displays
The operational mode of the port. Values displayed can be:
Searching no device is connected to the port.
Delivering Power power being delivered to connected device.
Over Budget connected device requires more power than the switch can
allocate to that port.
Overload connected device consumed more power than it was allowed.
Other Fault another PoE error has been detected, such as a short on the
PoE load, error with PoE signaling, general error detection.

Priority

The ports priority for PoE allocation. Values can be critical (highest), high or
low. Can be set with the set port inlinepower command.

Class

The PoE class of the connected powered device.

Power (W)

The amount of power being delivered to the port.

Capability

Whether the port is able to support 802.3af devices only or 802.3at (and also
802.3af) devices. Can be set with the set port inlinepower command.

Power Select

If a port is capable of supporting 802.3at and 802.3af devices, this field displays
the power level the port is supplying either 802.3af or 802.3at.

set port inlinepower

UsethiscommandtoconfigurePoEparametersononeormoreports.

Syntax
set port inlinepower port-string {[admin {off | auto}] [capability {802.3af |
802.3at}] [priority {critical | high | low}] [type type]}

Parameters
portstring

Specifiestheport(s)onwhichtoconfigurePoE.

adminoff|auto

(Optional)SetsthePoEadministrativestatetooff(disabled)orauto(on).
Whenyousettheadminstatetooff,PoEpowerisdisabledonthatport.

capability802.3af| (Optional)Setsthesporttosupporteither802.3afpowerlevelor802.3at
802.3at
andalso802.3afpowerlevels.
prioritycritical|
high|low

(Optional)Setstheport(s)priorityforthePoEallocationalgorithmto
critical(highest),highorlow.

typetype

(Optional)Specifiesastringdescribingthetypeofdeviceconnectedtoa
port.Thestringcanbeamaximumof20characters.

Defaults
Atleastoneoftheoptionalparametersmustbeentered.

Mode
Switchcommand,readwrite.

4-6

Configuring System Power and PoE

set inlinepower management

Usage
Ifthecapabilityofaportissetto802.3at,theportwillautomaticallydetectthepowerlevel
requiredbytheattachedpowereddeviceanddelivertherequiredlevel.
IfyouwanttodisablePoEonanRJ45portthatissharedwithacombofiberport,usethe
commandsetinlinepowerportstringadminoff.

Example
ThisexampleshowshowtoenablePoEonportge.3.1withcriticalpriority:
B5(su)->set port inlinepower ge.3.1 admin auto priority critical

set inlinepower management

Usethiscommandtoconfigurehowpowerismadeavailabletoattachedpowereddevices,ona
permodulebasis.Powercanbemadeavailablebasedontheclassofthedeviceorbasedonthe
actualpowerbeingconsumedwhenthedevicepowersup.

Syntax
set inlinepower management {class | realtime} [module-number]

Parameters
class

Specifiesthatpowerneedsshouldbecalculatedbasedontheclassofthe
PoEdevice.

realtime

Specifiesthatpowerneedsshouldbecalculatedbasedontheactual
powerbeingconsumedbythePoEdevicewhenitpowersup.

modulenumber

(Optional)Specifiesthatthiscommandshouldapplyonlytotheslot
identified.

Defaults
Realtime.
Ifamodulenumberisnotspecified,allmodulesareconfigured.

Mode
Switchcommand,readwrite.

Usage
ForeachPoEcapablemodule,youcanconfigurehowitsPoEcontrollermakespoweravailableto
attachedpowereddevices(PDs).
Inrealtimemode,thePoEcontrollercalculatesthepowerneededbyaPDbasedontheactual
powerconsumptionoftheattacheddevices.
Inclassmode,thePoEcontrollermanagespowerbasedontheIEEE802.3af/.3atdefinitionofthe
classlimitsadvertisedbytheattacheddevices.Notethatforclass0andclass4devices,actual
powerconsumptionwillalwaysbeused.Inclassmode,themaximumamountofpowerrequired
byadeviceintheadvertisedclassisreservedfortheport,regardlessoftheactualamountof
powerbeingusedbythedevice.
RefertoManagementofPoEPowertoPDsonpage 41formoreinformation.Usetheshow
inlinepowercommandtodisplaythecurrentmanagementmodeforeachmoduleslot.

Enterasys B5 CLI Reference

4-7

set inlinepower management

Example
Thefollowingexamplesetsthepowermanagementmodetorealtimeonslot1,thendisplaysthe
currentconfigurationwiththeshowinlinepowercommand.
B5(su)->set inlinepower management realtime 1
B5(su)->show inlinepower
Detection Mode
: auto
Unit
---1

4-8

Status
-----auto

Power(W)
-------480

Consumption(W)
-------------0.00

Configuring System Power and PoE

Usage(%)
-------0.00

Threshold(%)
-----------80

Trap
---disable

Mgmt Mode
--------realtime

5
Transmit Queue Monitoring Configuration
Thischapterdescribesthecommandsusedtomonitorandmanagetransmitqueues.
For information about...

Refer to page...

Transmit Queue Monitoring Overview

5-1

Commands

5-1

Transmit Queue Monitoring Overview

Thecommandsdescribedinthischaptercanbeusedtomonitortransmitqueuesand,ifaqueueis
foundtobestalled,totakecorrectiveaction.
Stalledtransmitqueuesmaybecausedbyaduplexmismatch,hardwareerror,orbyexcessive
pauseframes.Excessivepauseframesarenotexpectedundernormalconditionsbutmaybethe
resultofasoftorhardfailureonanattacheddevice,orevenadeliberatedenialofserviceattack.
Transmitqueuemonitoringperiodicallysampleseachportstransmitqueuedepths(totalpackets
queued)andtransmitcounters.toidentifystalledportsandfreetheresourcestieduponthe
associatedtransmitqueues.Thisfeatureallowsyoutoconfigureaminimumnumberoftransmits
forasampleperiodandtosetlevelsforthenumberofconsecutivefailuresthatwilltrigger
differentlevelsofcorrectiveactions.
Correctiveactionsthatcanbeconfiguredincludelogging,discardingreceivedpauseframes,and
disablingtheport.Theabilitytopausetheswitchistreatedasaprivilegeifanattacheddevice
violatesthatprivilege,itspauseframescanbeignored.Whenaswitchportisinthediscarding
pausestate,theportwillbeallowedtotransmit(includingWakeonLANmagicpackets).The
portretainsitsabilitytotransmititsownpauseframes,andtheattacheddeviceisstillallowedthe
normalswitchingofpackets.Becausedisablingaportanddiscardingpauseframesisapunitive
action,aportrestoreintervaldowntimeisprovided.Attheendofthedowntimeinterval,all
disabledportswillhavecompletefunctionalityrestored.Inaddition,anychangeinaportslink
stateclearsthatportsfailurecountandrestorestheporttonormaloperation.

Commands
For information about...

Refer to page...

set txqmonitor

5-2

set txqmonitor downtime

5-2

set txqmonitor minrate

5-3

set txqmonitor threshold

5-3

Enterasys B5 CLI Reference

5-1

Transmit Queue Monitoring Configuration

set txqmonitor

For information about...

Refer to page...

clear txqmonitor

5-4

show txqmonitor

5-5

show txqmonitor flowcontrol

5-6

show txqmonitor port

5-6

set txqmonitor
Usethiscommandtoenableordisabletransmitqueuemonitoringontheswitch.Transmitqueue
monitoringisenabledbydefault.

Syntax
set txqmonitor {enable | disable}

Parameters
enable|disable

Enablesordisablestransmitqueuemonitoringontheswitch.
Monitoringisenabledbydefault.

Defaults
Monitoringisenabledbydefault.

Mode
Switchcommand,readwrite.

Example
Thisexampledisablestransmitqueuemonitoringontheswitch.
B5(su)-> set txqmonitor disable

set txqmonitor downtime

Usethiscommandtoconfigurethetimeinterval,inseconds,thatportsdisabledbythetransmit
queuemonitoringfeatureremaindisabled.

Syntax
set txqmonitor downtime seconds

Parameters
seconds

Specifiesthedowntimeinseconds.Avalueof0willsetthedowntimeto
forever,meaningthatdisabledportswillremaindisableduntilcleared
manuallyoruntiltheirnextlinkstatetransition.
Thedefaultvalueis0.

5-2

set txqmonitor minrate

Transmit Queue Monitoring Configuration

Defaults
Thedefaultvalueis0,meaningthatdisabledportswillremaindisableduntilclearedmanuallyor
untiltheirnextlinkstatetransition.

Mode
Switchcommand,readwrite.

Usage
Whenthedowntimeisconfiguredas0,disabledportscanbemanuallyenabledusingtheclear
txqmonitordowncommand(page54).

Example
Thisexamplesetsthedowntimeto3600seconds.
B5(su)-> set txqmonitor downtime 3600

set txqmonitor minrate

Usethiscommandtosettheminimumrate(inpacketspersecond)oftransmittedpacketsina
samplinginterval.

Syntax
set txqmonitor minrate rate

Parameters
rate

Thenumberofpacketspersecondthatmustbetransmittedper
samplinginterval,ifpacketsexistontheportstransmitqueues.
Thedefaultvalueis1packetpersecond.

Defaults
Onepacketpersecond.

Mode
Switchcommand,readwrite.

Example
Thisexamplesetstheminimumrateofpacketspersecondpersamplingintervalto6.
B5(su)-> set txqmonitor minrate 6

set txqmonitor threshold

Usethiscommandtosetthetransmitqueuemonitoringthresholdlevelsfortriggeringactions
appliedtoastalledport.

Syntax
set txqmonitor threshold { [logging | ignorepause | disableinterface] value }

Enterasys B5 CLI Reference

5-3

Transmit Queue Monitoring Configuration

clear txqmonitor

Parameters
logging

Specifiestheloggingtriggerlevel.

ignorepause

Specifiesthediscardreceivedpauseframestriggerleve.l

disableinterface

Specifiestheportdisabletriggerlevel.

value

Thenumberofsuccessivefailedsampleintervalsthatwilltriggeran
action.Avalueof0disablestheassociatedaction.

Defaults
logging:2sequentialfailures
ignorepause:5sequentialfailures
disableinterface:10sequentialfailures

Mode
Switchcommand,readwrite.

Example
Thisexamplesetsthedisableinterfacethresholdto6sequentialfailedsampleintervals.
B5(su)-> set txqmonitor threshold disableinterface 6

clear txqmonitor
Usethiscommandtorestorealltransmitqueuemonitoringoptionstotheirdefaultvalues.

Syntax
clear txqmonitor { all | globalstate | ignorepause [port-string] |
down [port-string] | threshhold | downtime | minrate }

Parameters
all

Clearalltransmitqueuemonitoringoptionstotheirdefaultvalues.

globalstate

Cleartheglobalstatetothedefaultofenabled.

ignorepause
[portstring]

Restoreportsinthediscardingpauseframestatetothedefaultofnot
discardingpauseframes.
Optionally,restoreonlyspecifiedportorports.

down[portstring]

Reenableportsdisabledbytransmitqueuemonitoring.
Optionally,enableonlyspecifiedportorports.

5-4

threshold

Clearalltriggerthresholdstodefaultvalues.Seesettxqmonitor
thresholdfordefaultvalues.

downtime

Clearthedowntimevaluetothedefaultof0,meaningthatdisabled
portswillremaindisableduntilclearedmanuallyoruntiltheirnextlink
statetransition.

minrate

Clearthenumberofpacketspersecondthatmustbetransmittedper
samplingintervaltothedefaultvalueof1packetpersecond.

show txqmonitor

Transmit Queue Monitoring Configuration

Defaults
Ifportstringisnotspecifiedwiththeignorepauseordownparameters,allportswillbecleared.

Mode
Switchcommand,readwrite.

Example
Thisexamplereenablesportge.1.1thatwasdisabledbytransmitqueuemonitoring.
B5(su)-> clear txqmonitor down ge.1.1

show txqmonitor
Usethiscommandtodisplayinformationabouttransmitqueuemonitoring.

Parameters
downports

(Optional)Liststheportsdisabledbytransmitqueuemonitoring.

downtime

(Optional)Displaysthecurrentlyconfigureddowntimeintervalin
seconds.

globalstate

(Optional)Displaystheglobalstateoftransmitqueuemonitoring,
eitherenabledordisabled.

ignorepause

(Optional)Displaystheportscurrentlydiscardingreceivedpause
frames.

minrate

(Optional)Displaysthecurrentlyconfiguredminimumacceptable
transmitratepersamplingperiod.

operstatus

(Optional)Displaystheoperationalstatusofallportsrelativeto
transmitqueuemonitoring.Portsareeitheroperationalordisabled.

threshold

(Optional)Displaythecurrentlyconfiguredtriggervaluesfortransmit
queuemonitoringcorrectiveactions.

Defaults
Ifnoparameterisspecified,alltransmitqueuemonitoringinformationisdisplayed.

Mode
Switchmode,readonly.

Examples
Thisexampledisplaystheglobalstateoftransmitqueuemonitoring.
B5(su)-> show txqmonitor globalstate
txqmonitor enabled

Thisexampledisplaysthecurrentlyconfiguredtriggervalues.
B5(su)->show txqmonitor threshold
Enterasys B5 CLI Reference

5-5

Transmit Queue Monitoring Configuration

show txqmonitor flowcontrol

logging

ignorepause

disableinterface

show txqmonitor flowcontrol

Usethiscommandtodisplaytheflowcontrolinformationforoneormoreports.

Syntax
show txqmonitor flowcontrol [port-string]

Parameters
portstring

(Optional)Specifiestheportorportsforwhichtodisplayflowcontrol
information.

Defaults
Ifnoportstringisspecified,flowcontrolinformationforallportsisdisplayed.

Mode
Switchmode,readonly.

Usage
Thiscommanddisplayscountersfortransmittedandreceivedpauseframesperport.

Example
Thisexampleshowsthethepauseframecountsforports1through3.
B5(su)->show txqmonitor flowcontrol ge.1.1-3
port
--------

TX Pause Count

RX Pause Count

---------------

--------------

ge.1.1

ge.1.2

ge.1.3

146

show txqmonitor port

Usethiscommandtodisplaytransmitqueuemonitoringinformationforoneormoreports.

Syntax
show txqmonitor port [port-string]

Parameters
portstring

(Optional)Specifiestheportsforwhichtodisplayinformation.

Defaults
Ifportstringisnotspecified,informationforallportsisdisplayed.

5-6

show txqmonitor port

Transmit Queue Monitoring Configuration

Mode
Switchmode,readonly.

Usage
Thiscommanddisplaystransmitqueuemonitoringinformationaboutports,including:

Statuswhethertheportisoperatingnormally,orignoringreceivedpauseframes,or
disabledduetotransmitqueuemonitoringcorrectiveaction

Transmitqueuesamplingcountsthenumberofconsecutivesamplesshowingstalled
transmitqueues,andthetotalnumberofsamplesshowingstalledqueues.

Examples
Thisexampledisplaystransmitqueuemonitoringinformationforports1through3.Theoutput
showsthatportge.1.2iscurrentlyignoringreceivedpauseframesandportge.1.3isdisableddue
to10consecutivemonitoringsamplesshowingastalledtransmitqueue.
B5(su)->show txqmonitor port ge.1.1-3
port

status

consecutive

total

samples stalled

--------

ge.1.1

normal

----------------0

-----------------0

ge.1.2

ignorepause

ge.1.3

down

Enterasys B5 CLI Reference

5-7

Transmit Queue Monitoring Configuration

5-8

show txqmonitor port

6
Discovery Protocol Configuration
Thischapterdescribeshowtoconfigurediscoveryprotocols.Formoreextensiveconfiguration
information,refertotheConfiguringNeighborDiscoveryfeatureguideontheEnterasys
Networkswebsite:https://extranet.enterasys.com/downloads/
For information about...

Refer to page...

Configuring CDP

6-1

Configuring Cisco Discovery Protocol

6-7

Configuring Link Layer Discovery Protocol and LLDP-MED

6-13

Configuring CDP
Purpose
ToreviewandconfiguretheEnterasysCDPdiscoveryprotocol.Thisprotocolisusedtodiscover
networktopology.Whenenabled,thisprotocolallowsEnterasysdevicestosendperiodicPDUs
aboutthemselvestoneighboringdevices.

Commands
ThecommandsusedtoreviewandconfiguretheCDPdiscoveryprotocolarelistedbelow.
For information about...

Refer to page...

show cdp

6-2

set cdp state

6-3

set cdp auth

6-4

set cdp interval

6-4

set cdp hold-time

6-5

clear cdp

6-5

show neighbors

6-6

Enterasys B5 CLI Reference

6-1

show cdp

show cdp
UsethiscommandtodisplaythestatusoftheCDPdiscoveryprotocolandmessageintervalon
oneormoreports.

Syntax
show cdp [port-string]

Parameters
portstring

(Optional)DisplaysCDPstatusforaspecificport.Foradetaileddescription
ofpossibleportstringvalues,refertoPort String Syntax Used in the CLIon
page71.

Defaults
Ifportstringisnotspecified,allCDPinformationwillbedisplayed.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayCDPinformationforportsge.1.1throughge.1.9:
B5(su)->show cdp ge.1.1-9
CDP Global Status
CDP Version Supported
CDP Hold Time
CDP Authentication Code
CDP Transmit Frequency

:auto-enable
:30 hex
:180
:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 hex
:60

Port
Status
----------------ge.1.1
auto-enable
ge.1.2
auto-enable
ge.1.3
auto-enable
ge.1.4
auto-enable
ge.1.5
auto-enable
ge.1.6
auto-enable
ge.1.7
auto-enable
ge.1.8
auto-enable
ge.1.9
auto-enable

Table 61providesanexplanationofthecommandoutput.
Table 6-1

6-2

show cdp Output Details

Output Field

What It Displays...

CDP Global Status

Whether CDP is globally auto-enabled, enabled or disabled. The default state of

auto-enabled can be reset with the set cdp state command. For details, refer to set
cdp state on page 6-3.

CDP Versions
Supported

CDP version number(s) supported by the switch.

CDP Hold Time

Minimum time interval (in seconds) at which CDP configuration messages can be
set. The default of 180 seconds can be reset with the set cdp hold-time command.
For details, refer to set cdp hold-time on page 6-5.

Discovery Protocol Configuration

set cdp state

Table 6-1

show cdp Output Details (Continued)

Output Field

What It Displays...

CDP Authentication
Code

Authentication code for CDP discovery protocol. The default of 00-00-00-00-00-0000-00 can be reset using the set cdp auth command. For details, refer to set cdp
auth on page 6-4.

CDP Transmit
Frequency

Frequency (in seconds) at which CDP messages can be transmitted. The default of
60 seconds can be reset with the set cdp interval command. For details, refer to set
cdp interval on page 6-4.

Port

Port designation. For a detailed description of possible port-string values, refer to

Port String Syntax Used in the CLI on page 7-1.

Status

Whether CDP is enabled, disabled or auto-enabled on the port.

set cdp state

UsethiscommandtoenableordisabletheCDPdiscoveryprotocolononeormoreports.

Syntax
set cdp state {auto | disable | enable} [port-string]

Parameters
auto|disable|
enable

Autoenables,disablesorenablestheCDPprotocolonthespecifiedport(s).
Inautoenablemode,whichisthedefaultmodeforallports,aport
automaticallybecomesCDPenableduponreceivingitsfirstCDPmessage.

portstring

(Optional)EnablesordisablesCDPonspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage71.

Defaults
Ifportstringisnotspecified,theCDPstatewillbegloballyset.

Mode
Switchcommand,readwrite.

Examples
ThisexampleshowshowtogloballyenableCDP:
B5(su)->set cdp state enable

ThisexampleshowshowtoenabletheCDPforportge.1.2:
B5(su)->set cdp state enable ge.1.2

ThisexampleshowshowtodisabletheCDPforportge.1.2:
B5(su)->set cdp state disable ge.1.2

Enterasys B5 CLI Reference

6-3

set cdp auth

UsethiscommandtosetaglobalCDPauthenticationcode.

Syntax
set cdp auth auth-code

Parameters
authcode

SpecifiesanauthenticationcodefortheCDPprotocol.Thiscanbeupto16
hexadecimalvaluesseparatedbycommas.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
TheauthenticationcodevaluedeterminesaswitchsCDPdomain.Iftwoormoreswitcheshave
thesameCDPauthenticationcode,theywillbeenteredintoeachothersCDPneighbortables.If
theyhavedifferentauthenticationcodes,theyareindifferentdomainsandwillnotbeentered
intoeachothersCDPneighbortables.
Aswitchwiththedefaultauthenticationcode(16nullcharacters)willrecognizeallswitches,no
matterwhattheirauthenticationcode,andenterthemintoitsCDPneighbortable.

Example
ThisexampleshowshowtosettheCDPauthenticationcodeto1,2,3,4,5,6,7,8:
B5(su)->set cdp auth 1,2,3,4,5,6,7,8:

set cdp interval

Usethiscommandtosetthemessageintervalfrequency(inseconds)oftheCDPdiscovery
protocol.

Syntax
set cdp interval frequency

Parameters
frequency

SpecifiesthetransmitfrequencyofCDPmessagesinseconds.Validvalues
arefrom5to900seconds.

Defaults
None.

Mode
Switchcommand,readwrite.

6-4

Discovery Protocol Configuration

set cdp hold-time

Example
ThisexampleshowshowtosettheCDPintervalfrequencyto15seconds:
B5(su)->set cdp interval 15

set cdp hold-time

UsethiscommandtosettheholdtimevalueforCDPdiscoveryprotocolconfigurationmessages.

Syntax
set cdp hold-time hold-time

Parameters
holdtime

SpecifiestheholdtimevalueforCDPmessagesinseconds.Validvaluesare
from15to600.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtosetCDPholdtimeto60seconds:
B5(su)->set cdp hold-time 60

clear cdp
UsethiscommandtoresetCDPdiscoveryprotocolsettingstodefaults.

Syntax
clear cdp {[state] [port-state port-string] [interval] [hold-time] [auth-code]}

Parameters
state

(Optional)ResetstheglobalCDPstatetoautoenabled.

portstateportstring

(Optional)Resetstheportstateonspecificport(s)toautoenabled.

interval

(Optional)Resetsthemessagefrequencyintervalto60seconds.

holdtime

(Optional)Resetstheholdtimevalueto180seconds.

authcode

(Optional)Resetstheauthenticationcodeto16bytesof00(000000
0000000000).

Defaults
Atleastoneoptionalparametermustbeentered.

Enterasys B5 CLI Reference

6-5

show neighbors

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoresettheCDPstatetoautoenabled:
B5(su)->clear cdp state

show neighbors
ThiscommanddisplaysNeighborDiscoveryinformationforeithertheCDPorCiscoDP
protocols.

Syntax
show neighbors [port-string]

Parameters
portstring

(Optional)SpecifiestheportorportsforwhichtodisplayNeighbor
Discoveryinformation.

Defaults
Ifnoportisspecified,allNeighborDiscoveryinformationisdisplayed.

Mode
Switchcommand,readonly.

Usage
ThiscommanddisplaysinformationdiscoveredbyboththeCDPandtheCiscoDPprotocols.

Example
ThisexampledisplaysNeighborDiscoveryinformationforallports.
B5(su)->show neighbors
Port
Device ID
Port ID
Type
Network Address
-----------------------------------------------------------------------------ge.1.1
00036b8b1587
12.227.1.176
ciscodp
12.227.1.176
ge.1.6
0001f496126f
140.2.3.1
ciscodp
140.2.3.1
ge.1.6
00-01-f4-00-72-fe
140.2.4.102
cdp
140.2.4.102
ge.1.6
00-01-f4-00-70-8a
140.2.4.104
cdp
140.2.4.104
ge.1.6
00-01-f4-c5-f7-20
140.2.4.101
cdp
140.2.4.101
ge.1.6
00-01-f4-89-4f-ae
140.2.4.105
cdp
140.2.4.105
ge.1.6
00-01-f4-5f-1f-c0
140.2.1.11
cdp
140.2.1.11
ge.1.19
0001f400732e
165.32.100.10
ciscodp
165.32.100.10

6-6

Discovery Protocol Configuration

Configuring Cisco Discovery Protocol

Purpose
ToreviewandconfiguretheCiscodiscoveryprotocol.Discoveryprotocolsareusedtodiscover
networktopology.Whenenabled,theyallowCiscodevicestosendperiodicPDUsabout
themselvestoneighboringdevices.Specifically,thisfeatureenablesrecognizingPDUsfromCisco
phones.Atableofinformationaboutdetectedphonesiskeptbytheswitchandcanbequeriedby
thenetworkadministrator.

Commands
ThecommandsusedtoreviewandconfiguretheCiscodiscoveryprotocolarelistedbelow.Refer
alsotoshowneighborsonpage66.
For information about...

Refer to page...

show ciscodp

6-7

show ciscodp port info

6-8

set ciscodp status

6-9

set ciscodp timer

6-9

set ciscodp holdtime

6-10

set ciscodp port

6-10

clear ciscodp

6-12

show ciscodp
UsethiscommandtodisplayglobalCiscodiscoveryprotocolinformation.

Syntax
show ciscodp

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayglobalCiscoDPinformation.
B5(su)->show ciscodp
CiscoDP :Enabled
Timer :5
Holdtime (TTl): 180
Enterasys B5 CLI Reference

6-7

show ciscodp port info

Device ID : 001188554A60
Last Change : WED NOV 08 13:19:56 2006

Table 62providesanexplanationofthecommandoutput.
Table 6-2

show ciscodp Output Details

Output Field

What It Displays...

CiscoDP

Whether Cisco DP is globally enabled or disabled. Auto indicates that Cisco DP will
be globally enabled only if Cisco DP PDUs are received.
Default setting of auto-enabled can be reset with the set ciscodp status command.

Timer

The number of seconds between Cisco discovery protocol PDU transmissions. The
default of 60 seconds can be reset with the set ciscodp timer command.

Holdtime

Number of seconds neighboring devices will hold PDU transmissions from the
sending device. Default value of 180 can be changed with the set ciscodp holdtime
command.

Device ID

The MAC address of the switch.

Last Change

The time that the last Cisco DP neighbor was discovered.

show ciscodp port info

UsethiscommandtodisplaysummaryinformationabouttheCiscodiscoveryprotocolononeor
moreports.

Syntax
show ciscodp port info [port-string]

Parameters
portstring

(Optional)DisplaysCiscoDPinformationforaspecificport.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage71.

Defaults
Ifportstringisnotspecified,CiscoDPinformationforallportswillbedisplayed.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayCiscoDPinformationforGigabitEthernetport1inslot1.
B5(su)->show ciscodp port info ge.1.1
port
state
vvid
trusted
cos
---------------------------------------------ge.1.1
enable
none
yes
0

Table 63providesanexplanationofthecommandoutput.

6-8

Discovery Protocol Configuration

set ciscodp status

Table 6-3

show ciscodp port info Output Details

Output Field

What It Displays...

Port

Port designation. For a detailed description of possible port-string values, refer to

Port String Syntax Used in the CLI on page 7-1.

State

Whether Cisco DP is enabled, disabled or auto-enabled on the port. Default state of

enabled can be changed using the set ciscodp port command.

vvid

Whether a voice VLAN ID has been set on this port. Default of none can be changed
using the set ciscodp port command.

trusted

The trust mode of the port. Default of trusted can be changed using the set ciscodp
port command.

cos

The Class of Service priority value for untrusted traffic. The default of 0 can be
changed using the set ciscodp port command.

set ciscodp status

UsethiscommandtoenableordisabletheCiscodiscoveryprotocolgloballyontheswitch.

Syntax
set ciscodp state {auto | disable | enable}

Parameters
auto

GloballyenableonlyifCiscoDPPDUsarereceived.

disable

GloballydisableCiscodiscoveryprotocol.

enable

GloballyenableCiscodiscoveryprotocol.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtogloballyenableCiscoDP:
B5(su)->set ciscodp state enable

set ciscodp timer

UsethiscommandtosetthenumberofsecondsbetweenCiscodiscoveryprotocolPDU
transmissions.

Syntax
set ciscodp timer seconds

Enterasys B5 CLI Reference

6-9

set ciscodp holdtime

Parameters
seconds

SpecifiesthenumberofsecondsbetweenCiscoDPPDUtransmissions.
Validvaluesarefrom5to254seconds.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtosettheCiscoDPtimerto120seconds.
B5(su)->set ciscodp timer 120

set ciscodp holdtime

Usethiscommandtosetthetimetolive(TTL)forCiscodiscoveryprotocolPDUs.Thisisthe
amountoftime,inseconds,neighboringdeviceswillholdPDUtransmissionsfromthesending
device.

Syntax
set ciscodp holdtime hold-time

Parameters
holdtime

SpecifiesthetimetoliveforCiscoDPPDUs.Validvaluesarefrom10to255
seconds.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtosetCiscoDPholdtimeto180seconds:
B5(su)->set ciscodp hold-time 180

set ciscodp port

Usethiscommandtosetthestatus,voiceVLAN,extendedtrustmode,andCoSpriorityfor
untrustedtrafficfortheCiscoDiscoveryProtocolononeormoreports.

Syntax
set ciscodp port {[status {disable | enable}] [vvid {vlan-id | none | dot1p |
untagged}] [trusted {yes | no}] [cos value]} port-string

6-10

Discovery Protocol Configuration

set ciscodp port

Parameters
status

SetstheCiscoDPportoperationalstatus.

disable

DoesnottransmitorprocessCiscoDPPDUs.

enable

TransmitsandprocessesCiscoDPPDUs.

vvid

SetstheportvoiceVLANforCiscoDPPDUtransmission.

vlanid

SpecifiestheVLANID,range14093.

none

NovoiceVLANwillbeusedinCiscoDPPDUs.Thisisthedefault.

dot1p

Instructsattachedphonetosend802.1ptaggedframes.

untagged

Instructsattachedphonetosenduntaggedframes.

trusted

Setstheextendedtrustmodeontheport.

yes

Instructsattachedphonetoallowthedeviceconnectedtoittotransmit
trafficcontaininganyCoSorLayer2802.1pmarking.Thisisthedefault
value.

Instructsattachedphonetooverwritethe802.1ptagoftraffic
transmittedbythedeviceconnectedtoitto0,bydefault,ortothevalue
configuredwiththecosparameter.

cosvalue

Instructsattachedphonetooverwritethe802.1ptagoftraffic
transmittedbythedeviceconnectedtoitwiththespecifiedvalue,when
thetrustmodeoftheportissettountrusted.Valuecanrangefrom0to
7,with0indicatingthelowestpriority.

portstring

Specifiestheport(s)onwhichstatuswillbeset.

Defaults

Status:enabled

VoiceVLAN:none

Trustmode:trusted

CoSvalue:0

Mode
Switchmode,readwrite.

Usage
ThefollowingpointsdescribehowtheCiscoDPextendedtrustsettingsworkontheswitch.

ACiscoDPporttruststatusoftrustedoruntrustedisonlymeaningfulwhenaCiscoIPphone
isconnectedtoaswitchportandaPCorotherdeviceisconnectedtothebackoftheCiscoIP
phone.

ACiscoDPportstateoftrustedoruntrustedonlyaffectstaggedtraffictransmittedbythe
deviceconnectedtotheCiscoIPphone.Untaggedtraffictransmittedbythedeviceconnected
totheCiscoIPphoneisunaffectedbythissetting.

IftheswitchportisconfiguredtoaCiscoDPtruststateoftrusted(withthetrustedyes
parameterofthiscommand),thissettingiscommunicatedtotheCiscoIPphoneinstructingit
toallowthedeviceconnectedtoittotransmittrafficcontaininganyCoSorLayer2802.1p
marking.

Enterasys B5 CLI Reference

6-11

clear ciscodp

IftheswitchportisconfiguredtoaCiscoDPtruststateofuntrusted(trustedno),thissetting
iscommunicatedtotheCiscoIPphoneinstructingittooverwritethe802.1ptagoftraffic
transmittedbythedeviceconnectedtoitto0,bydefault,ortothevaluespecifiedbythecos
parameterofthiscommand.

Thereisaonetoonecorrelationbetweenthevaluesetwiththecosparameterandthe802.1p
valueassignedtoingressedtrafficbytheCiscoIPphone.Avalueof0equatestoan802.1p
priorityof0.Therefore,avalueof7isgiventhehighestpriority.
Note: The Cisco Discovery Protocol must be globally enabled using the set ciscodp status
command before operational status can be set on individual ports.

Examples
ThisexampleshowshowtosettheCiscoDPportvoiceVLANIDto3onportge.1.6andenable
theportoperationalstate.
B5(rw)->set ciscodp port status enable vvid 3 ge.1.6

ThisexampleshowshowtosettheCiscoDPextendedtrustmodetountrustedonportge.1.5and
settheCoSpriorityto1.
B5(rw)->set ciscodp port trusted no cos 1 ge.1.5

clear ciscodp
UsethiscommandtocleartheCiscodiscoveryprotocolbacktothedefaultvalues.

Syntax
clear ciscodp [status | timer | holdtime | {port {status | vvid | trust | cos}
[port-string]}]

Parameters
status

ClearsglobalCiscoDPenablestatustodefaultofauto.

timer

ClearsthetimebetweenCiscoDPPDUtransmissionstodefaultof60
seconds.

holdtime

ClearsthetimetoliveforCiscoDPPDUdatatodefaultof180seconds.

port

ClearstheCiscoDPportconfiguration.

status

Clearstheindividualportoperationalstatustothedefaultofenabled.

vvid

ClearstheindividualportvoiceVLANforCiscoDPPDUtransmission
to0.

trust

Clearsthetrustmodeconfigurationoftheporttotrusted.

cos

ClearstheCoSpriorityforuntrustedtrafficoftheportto0.

portstring

(Optional)Specifiestheport(s)onwhichstatuswillbeset.

Defaults
Ifnoparametersareentered,allCiscoDPparametersareresettothedefaultsgloballyandforall
ports.

Mode
Switchmode,readwrite.
6-12

Discovery Protocol Configuration

Configuring Link Layer Discovery Protocol and LLDP-MED

Examples
ThisexampleshowshowtoclearalltheCiscoDPparametersbacktothedefaultsettings.
B5(rw)->clear ciscodp

ThisexampleshowshowtocleartheCiscoDPstatusonportge.1.5.
B5(rw)->clear ciscodp port status ge.1.5

Configuring Link Layer Discovery Protocol and LLDP-MED

Overview
TheLinkLayerDiscoveryProtocol(LLPD)providesanindustrystandard,vendorneutralwayto
allownetworkdevicestoadvertisetheiridentitiesandcapabilitiesonalocalareanetwork,andto
discoverthatinformationabouttheirneighbors.
LLDPMEDisanenhancementtoLLDPthatprovidesthefollowingbenefits:

AutodiscoveryofLANpolicies,suchasVLANid,802.1ppriority,andDiffServcodepoint
settings,leadingtoplugandplaynetworking

Devicelocationandtopologydiscovery,allowingcreationoflocationdatabasesand,inthe
caseofVoIP,provisionofE911services

ExtendedandautomatedpowermanagementofPoweroverEthernetendpoints

Inventorymanagement,allowingnetworkadministratorstotracktheirnetworkdevicesand
todeterminetheircharacteristics,suchasmanufacturer,softwareandhardwareversions,and
serialorassetnumbers

TheinformationsentbyanLLDPenableddeviceisextractedandtabulatedbyitspeers.The
communicationcanbedonewheninformationchangesoronaperiodicbasis.Theinformation
tabulatedisagedtoensurethatitiskeptuptodate.Portscanbeconfiguredtosendthis
information,receivethisinformation,orbothsendandreceive.
EitherLLDPorLLDPMED,butnotboth,canbeusedonaninterfacebetweentwodevices.A
switchportusesLLDPMEDwhenitdetectsthatanLLDPMEDcapabledeviceisconnectedtoit.
LLDPinformationiscontainedwithinaLinkLayerDiscoveryProtocolDataUnit(LLDPDU)sent
inasingle802.3Ethernetframe.TheinformationfieldsinLLDPDUareasequenceofshort,
variablelength,informationelementsknownasTLVstype,length,andvaluefieldswhere:

Typeidentifieswhatkindofinformationisbeingsent

Lengthindicatesthelengthoftheinformationstringinoctets

Valueistheactualinformationthatneedstobesent

TheLLDPstandardspecifiesthatcertainTLVsaremandatoryintransmittedLLDPDUs,while
othersareoptional.YoucanconfigureonaportspecificbasiswhichoptionalLLDPandLLDP
MEDTLVsshouldbesentinLLDPDUs.

Configuration Tasks
Thecommandsincludedinthisimplementationallowyoutoperformthefollowingconfiguration
tasks:

Enterasys B5 CLI Reference

6-13

Configuring Link Layer Discovery Protocol and LLDP-MED

Step

Task

Command(s)

Configure global system LLDP parameters

set lldp tx-interval

set lldp hold-multiplier
set lldp trap-interval
set lldp med-fast-repeat
clear lldp

Enable/disable specific ports to:

Transmit and process received LLDPDUs

Send LLDP traps
Send LLDP-MED traps

set/clear lldp port status

set/clear lldp port trap
set/clear lldp port med-trap

Configure an ECS ELIN value for specific ports

set/clear lldp port location-info

Configure Network Policy TLVs for specific ports

set/clear lldp port network-policy

Configure which optional TLVs should be sent by

specific ports. For example, if you configured an
ECS ELIN and/or Network Policy TLVs, you must
enable those optional TLVs to be transmitted on
the specific ports.

set/clear lldp tx-tlv

Commands
ThecommandsusedtoreviewandconfiguretheCDPdiscoveryprotocolarelistedbelow.
For information about...

6-14

Refer to page...

show lldp

6-15

show lldp port status

6-15

show lldp port trap

6-16

show lldp port tx-tlv

6-17

show lldp port location-info

6-17

show lldp port local-info

6-18

show lldp port remote-info

6-21

show lldp port network-policy

6-22

set lldp tx-interval

6-23

set lldp hold-multiplier

6-24

set lldp trap-interval

6-24

set lldp med-fast-repeat

6-25

set lldp port status

6-25

set lldp port trap

6-26

set lldp port med-trap

6-26

set lldp port location-info

6-27

set lldp port tx-tlv

6-28

set lldp port network-policy

6-29

Discovery Protocol Configuration

show lldp

For information about...

Refer to page...

clear lldp

6-31

clear lldp port status

6-31

clear lldp port trap

6-32

clear lldp port med-trap

6-32

clear lldp port location-info

6-33

clear lldp port network-policy

6-33

clear lldp port tx-tlv

6-34

show lldp
UsethiscommandtodisplayLLDPconfigurationinformation.

Syntax
show lldp

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayLLDPconfigurationinformation.
B5(ro)->show lldp
Message Tx Interval
Message Tx Hold Multiplier
Notification Tx Interval
MED Fast Start Count

:
:
:
:

Tx-Enabled Ports
Rx-Enabled Ports

: ge.1.1-60; ge.2.1-24; ge.3.1-30; ge.4.1-12;

Trap-Enabled Ports
MED Trap-Enabled Ports

: ge.1.1-60; ge.2.1-24; ge.3.1-30; ge.4.1-12;

30
4
5
3

show lldp port status

UsethiscommandtodisplaytheLLDPstatusofoneormoreports.Thecommandliststheports
thatareenabledtosendandreceiveLLDPPDUs.Portsareenabledordisabledwiththesetlldp
portstatuscommand.

Syntax
show lldp port status [port-string]

Enterasys B5 CLI Reference

6-15

show lldp port trap

Parameters
portstring

(Optional)DisplaysLLDPstatusforoneorarangeofports.

Defaults
Ifportstringisnotspecified,LLDPstatusinformationwillbedisplayedforallports.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayLLDPportstatusinformationforallports.
B5(ro)->show lldp port status
Tx-Enabled Ports

: ge.1.1-60; ge.2.1-24; ge.3.1-30; ge.4.1-12

Rx-Enabled Ports

: ge.1.1-60; ge.2.1-24; ge.3.1-30; ge.4.1-12

show lldp port trap

UsethiscommandtodisplaytheportsthatareenabledtosendanLLDPnotificationwhena
remotesystemchangehasbeendetectedoranLLDPMEDnotificationwhenachangeinthe
topologyhasbeensensed.PortsareenabledtosendLLDPnotificationswiththesetlldpporttrap
commandandtosendLLDPMEDnotificationswiththesetlldpportmedtrapcommand.

Syntax
show lldp port trap [port-string]

Parameters
portstring

(Optional)Displaystheportorrangeofportsthathavebeenenabled
tosendLLDPand/orLLDPMEDnotifications.

Defaults
Ifportstringisnotspecified,LLDPporttrapinformationwillbedisplayedforallports.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayLLDPporttrapinformationforallports.
B5(ro)->show lldp port trap
Trap-Enabled Ports
:
MED Trap-Enabled Ports:

6-16

Discovery Protocol Configuration

show lldp port tx-tlv

UsethiscommandtodisplayinformationaboutwhichoptionalTLVshavebeenconfiguredtobe
transmittedonports.PortsareconfiguredtosendoptionalTLVswiththesetlldpporttxtlv
command.

Syntax
showlldpporttxtlv[portstring]

Parameters
portstring

(Optional)DisplaysinformationaboutTLVconfigurationforoneora
rangeofports.

Defaults
Ifportstringisnotspecified,TLVconfigurationinformationwillbedisplayedforallports.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaytransmitTLVinformationforthreeports.
B5(ro)->show lldp port tx-tlv ge.1.1-3
* Means TLV is supported and enabled on this port
o Means TLV is supported on this port
Means TLV is not supported on this port
Column Pro Id uses letter notation for enable: s-stp, l-lacp, g-gvrp
Ports
------ge.1.1
ge.1.2
ge.1.3

Port
Desc
---*
*
*

Sys
Name
---*
*
*

Sys
Desc
---*
*
*

Sys
Cap
--*
*
*

Mgmt
Addr
---*
*
*

Vlan
Id
---*
*
*

Pro
Id
---slg
slg
slg

MED MED MED MED

Cap Pol Loc PoE
--- --- --- --*
*
*

show lldp port location-info

Usethiscommandtodisplayconfiguredlocationinformationforoneormoreports.Portsare
configuredwithalocationvalueusingthesetlldpportlocationinfocommand.

Syntax
show lldp port location-info [port-string]

Parameters
portstring

(Optional)Displaysportlocationinformationforoneorarangeof
ports.

Enterasys B5 CLI Reference

6-17

show lldp port local-info

Defaults
Ifportstringisnotspecified,portlocationconfigurationinformationwillbedisplayedforall
ports.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplayportlocationinformationforthreeports.
B5(ro)->show lldp port location-info ge.1.1-3
Ports
-------ge.1.1
ge.1.2
ge.1.3

Type
------------ELIN
ELIN
ELIN

Location
------------------------1234567890
1234567890
1234567890

show lldp port local-info

Usethiscommandtodisplaythelocalsysteminformationstoredforoneormoreports.Youcan
usethisinformationtodetectmisconfigurationsorincompatibilitiesbetweenthelocalportand
theattachedendpointdevice(remoteport).

Syntax
show lldp port local-info [port-string]

Parameters
portstring

(Optional)Displayslocalsysteminformationforoneorarangeof
ports.

Defaults
Ifportstringisnotspecified,localsysteminformationwillbedisplayedforallports.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaythelocalsysteminformationstoredforportge.4.1.Table 64
describestheoutputfieldsofthiscommand.
B5(rw)->show lldp port local-info ge.4.1
Local Port : ge.4.1
Local Port Id: ge.4.1
-------------------Port Desc
: ... 1000BASE-TX RJ45 Gigabit Ethernet Frontpanel Port
Mgmt Addr
: 10.21.64.100
Chassis ID : 00-E0-63-93-74-A5
Sys Name
: LLDP PoE test Chassis
Sys Desc
: Enterasys Networks, Inc.
Sys Cap Supported/Enabled
: bridge,router/bridge

6-18

Discovery Protocol Configuration

show lldp port local-info

Auto-Neg Supported/Enabled
Auto-Neg Advertised

: yes/yes
: 10BASE-T, 10BASE-TFD,
100BASE-TX, 100BASE-TXFD,
1000BASE-TFD,
Bpause
Operational Speed/Duplex/Type : 100 full tx
Max Frame Size (bytes)
: 1522
Vlan Id
: 1
LAG Supported/Enabled/Id
: no/no/0
Protocol Id : Spanning Tree v-3 (IEEE802.1s)
LACP v-1
GVRP
Network Policy
(app/tag/vlanId/cos/dscp)

: voice/tagged/10/3/5
voice signaling/tagged/10/3/5
guest voice/tagged/10/3/5
guest voice signaling/tagged/10/3/5
softphone voice/tagged/10/3/5
video conferencing/tagged/10/3/5
streaming video/tagged/10/3/5
video signaling/tagged/10/3/5
: 1234567890123456789012345

ECS ELIN
PoE
PoE
PoE
PoE
PoE
PoE
PoE

Device
Power Source
MDI Supported/Enabled
Pair Controllable/Used
Power Class
Power Limit (mW)
Power Priority

:
:
:
:
:
:
:

PSE device
primary
yes/yes
false/spare
2
15400
high

Table 64describestheinformationdisplayedbytheshowlldpportlocalinfocommand.
Table 6-4

show lldp port local-info Output Details

Output Field

What it Displays...

Local Port

Identifies the port for which local system information is displayed.

Local Port Id

Mandatory basic LLDP TLV that identifies the port transmitting the
LLDPDU. Value is ifName object defined in RFC 2863.

Port Desc

Optional basic LLDP TLV. Value is ifDescr object defined in RFC 2863.

Mgmt Addr

Optional basic LLDP TLV. IPv4 address of host interface.

Chassis ID

Mandatory basic LLDP TLV that identifies the chassis transmitting the
LLDPDU. Value is MAC address of chassis.

Sys Name

Optional basic LLDP TLV. Value is the administratively assigned name for
the system.

Sys Desc

Optional basic LLDP TLV. Value is sysDescr object defined in RFC 3418.

Sys Cap Supported/Enabled

Optional basic LLDP TLV. System capabilities, value can be bridge and/or
router.

Auto-Neg Supported/Enabled

IEEE 802.3 Extensions MAC-PHY Configuration/Status TLV. Autonegotiation supported and enabled settings should be the same on the
two systems attached to the same link.

Auto-Neg Advertised

IEEE 802.3 Extensions MAC-PHY Configuration/Status TLV. Lists the

configured advertised values on the port.

Enterasys B5 CLI Reference

6-19

show lldp port local-info

Table 6-4

6-20

show lldp port local-info Output Details (Continued)

Output Field

What it Displays...

Operational Speed/Duplex/
Type

IEEE 802.3 Extensions MAC-PHY Configuration/Status TLV. Lists the

operational MAU type, duplex, and speed of the port. If the received TLV
indicates that auto-negotiation is supported but not enabled, these values
will be used by the port.

Max Frame Size (bytes)

IEEE 802.3 Extensions Maximum Frame Size TLV. Value indicates

maximum frame size capability of the devices MAC and PHY. In normal
mode, max frame size is 1522 bytes. In jumbo mode, max frame size is
10239 bytes.

Vlan Id

IEEE 802.1 Extensions Port VLAN ID TLV. Value is port VLAN ID (pvid).

LAG Supported/Enabled/Id

IEEE 802.3 Extensions Link Aggregation TLV. Values indicate whether the
link associated with this port can be aggregated, whether it is currently
aggregated, and if aggregated, the aggregated port identifier.

Protocol Id

IEEE 802.1 Extensions Protocol Identity TLV. Values can include

Spanning tree, LACP, and GARP protocols and versions. Only those
protocols enabled on the port are displayed.

Network Policy
(app/tag/vlanId/cos/dscp)

LLDP-MED Extensions Network Policy TLV. For all applications enabled

on the port to be transmitted in a TLV, displays the application name,
VLAN type (tagged or untagged), VLAN Id, and both the Layer 2 and
Layer 3 priorities associated with the application.

ECS ELIN

LLDP-MED Extensions Location Identification TLV. Emergency Call

Services (ECS) Emergency Location Identification Number (ELIN) is
currently the only type supported. Value is the ELIN configured on this
port.

PoE Device

LLDP-MED Extensions Extended Power via MDI TLV. Displayed only

when a port has PoE capabilities. Value is the Power Type of the device.
On a switch port, the value is Power Sourcing Entity (PSE).

PoE Power Source

LLDP-MED Extensions Extended Power via MDI TLV. Displayed only

when a port has PoE capabilities. Value can be primary or backup,
indicating whether the PSE is using its primary or backup power source.

PoE MDI Supported/Enabled

IEEE 802.3 Extensions Power via MDI TLV. Displayed only when a port
has PoE capabilities. Indicates whether sending the Power via MDI TLV is
supported/enabled. Value can be yes or no.

PoE Pair Controllable/Used

IEEE 802.3 Extensions Power via MDI TLV. Displayed only when a port
has PoE capabilities. Indicates whether pair selection can be controlled on
the given port (refer to RFC 3621). Value for Controllable can be true or
false. Value of Used can be signal (signal pairs only are in use) or spare
(spare pairs only are in use).

PoE Power Class

IEEE 802.3 Extensions Power via MDI TLV. Displayed only when a port
has PoE capabilities. Indicates the power class supplied by the port. Value
can range from 0 to 4.

PoE Power Limit (mW)

LLDP-MED Extensions Extended Power via MDI TLV. Displayed only

when a port has PoE capabilities. Indicates the total power the port is
capable of sourcing over a maximum length cable, based on its current
configuration, in milli-Watts.

PoE Power Priority

LLDP-MED Extensions Extended Power via MDI TLV. Displayed only

when a port has PoE capabilities. Indicates the power priority configured
on the port. Value can be critical, high, or low.

Discovery Protocol Configuration

show lldp port remote-info

Usethiscommandtodisplaytheremotesysteminformationstoredforaremotedeviceconnected
toalocalport.Youcanusethisinformationtodetectmisconfigurationsorincompatibilities
betweenthelocalportandtheattachedendpointdevice(remoteport).

Syntax
show lldp port remote-info [port-string]

Parameters
portstring

(Optional)Displaysremotesysteminformationforoneorarangeof
ports.

Defaults
Ifportstringisnotspecified,remotesysteminformationwillbedisplayedforallports.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaytheremotesysteminformationstoredforportge.3.1.The
remotesysteminformationwasreceivedfromanIPphone,whichisanLLDPMEDenabled
device.Table 65describestheoutputfieldsthatareuniquetotheremotesysteminformation
displayedforaMEDenableddevice.
B5(ro)->show lldp port remote-info ge.3.1
Local Port : ge.3.1
Remote Port Id : 00-09-6e-0e-14-3d
--------------------Mgmt Addr
: 0.0.0.0
Chassis ID : 0.0.0.0
Device Type : Communication Device Endpoint (class III)
Sys Name
: AVE0E143D
Sys Cap Supported/Enabled
: bridge,telephone/bridge
Auto-Neg Supported/Enabled
Auto-Neg Advertised

:
:
:
:

yes/yes
10BASE-T, 10BASE-TFD
100BASE-TX, 100BASE-TXFD
pause, Spause

Operational Speed/Duplex/Type : 100/full/TX

Network Policy
(app/tag/vlanId/cos/dscp)

: voice/untagged/0/6/46

Hardware Revision
Firmware Revision
Software Revision
Serial Number
Manufacturer
Model Number

:
:
:
:
:
:

4610D01A
b10d01b2_7.bin
a10d01b2_7.bin
05GM42004348
Avaya
4610

Notethattheinformationfieldsdisplayedbytheshowlldpportremoteinfocommandwillvary,
dependingonthetypeofremotedevicethatisconnectedtotheport.

Enterasys B5 CLI Reference

6-21

show lldp port network-policy

Table 65describestheoutputfieldsthatareuniquetotheremotesysteminformationdatabase.
RefertoTable 64onpage 19fordescriptionsoftheinformationfieldsthatarecommontoboththe
localandtheremotesysteminformationdatabases.
Table 6-5

show lldp port remote-info Output Display

Output Field

What it Displays...

Remote Port Id

Displays whatever port Id information received in the LLDPDU from the remote
device. In this case, the port Id is MAC address of remote device.

Device Type

Mandatory LLDP-MED Capabilities TLV. Displayed only when the port is

connected to an LLDP-MED-capable endpoint device.

Hardware Revision

LLDP-MED Extensions Inventory Management TLV component.

Firmware Revision

LLDP-MED Extensions Inventory Management TLV component.

Software Revision

LLDP-MED Extensions Inventory Management TLV component.

Serial Number

LLDP-MED Extensions Inventory Management TLV component.

Manufacturer

LLDP-MED Extensions Inventory Management TLV component.

Model Number

LLDP-MED Extensions Inventory Management TLV component.

Asset ID

LLDP-MED Extensions Inventory Management TLV component. In the above

example, no asset ID was received from the remote device so the field is not
displayed.

show lldp port network-policy

UsethiscommandtodisplayLLDPportnetworkpolicyconfigurationinformation.Network
policyinformationisconfiguredusingthesetlldpportnetworkpolicycommand.

Syntax
show lldp port network-policy {all | voice | voice-signaling | guest-voice | guestvoice-signaling | softphone-voice | video-conferencing | streaming-video | videosignaling} [port-string]

Parameters

6-22

all

Displaysinformationaboutallnetworkpolicyapplications.

voice

Displaysinformationaboutonlythevoiceapplicationtype.

voicesignaling

Displaysinformationaboutonlythevoicesignalingapplication
type.

guestvoice

Displaysinformationaboutonlytheguestvoiceapplicationtype.

guestvoicesignaling

Displaysinformationaboutonlytheguestvoicesignaling
applicationtype.

softphonevoice

Displaysinformationaboutonlythesoftphonevoiceapplication
type.

videoconferencing

Displaysinformationaboutonlythevideoconferencing
applicationtype.

streamingvideo

Displaysinformationaboutonlythestreamingvideoapplication
type.

videosignaling

Displaysinformationaboutonlythevideosignalingapplication
type.

Discovery Protocol Configuration

set lldp tx-interval

portstring

(Optional)DisplaysinformationaboutLLDPnetworkpolicyfor
oneorarangeofports.

Defaults
Ifportstringisnotspecified,onlynondefaultvalueswillbedisplayedforallportsthathavenon
defaultvaluesconfigured.
Ifaportstringisspecified,thenallvalues,defaultandnondefault,aredisplayedforthespecified
ports.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayallLLDPnetworkpolicyinformationforge.1.1.
B5(ro)->show lldp port network-policy all ge.1.1
Ports
------ge.1.1

Application
--------------------voice
voice signaling
guest voice
guest voice signaling
softphone voice
video conferencing
streaming video
video signaling

State
-------enabled
enabled
enabled
enabled
enabled
enabled
enabled
enabled

Tag
-------untagged
untagged
untagged
untagged
untagged
untagged
untagged
untagged

Vlan-Id
------1
1
1
1
1
1
1
1

Cos
--0
0
0
0
0
0
0
0

Dscp
--0
0
0
0
0
0
0
0

set lldp tx-interval

Usethiscommandtosetthetime,inseconds,betweensuccessiveLLDPframetransmissions
initiatedbychangesintheLLDPlocalsysteminformation.

Syntax
set lldp tx-interval frequency

Parameters
frequency

SpecifiesthenumberofsecondsbetweentransmissionsofLLDP
frames.Valuecanrangefrom5to32,768seconds.Thedefaultis30
seconds.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexamplesetsthetransmitintervalto20seconds.

Enterasys B5 CLI Reference

6-23

set lldp hold-multiplier

B5(rw)->set lldp tx-interval 20

set lldp hold-multiplier

UsethiscommandtosetthetimetolivevalueusedinLLDPframessentbythisdevice.Thetime
toliveforLLDPDUdataiscalculatedbymultiplyingthetransmitintervalbytheholdmultiplier
value.

Syntax
set lldp hold-multiplier multiplier-val

Parameters
multiplierval

Specifiesthemultipliertoapplytothetransmitintervaltodetermine
thetimetolivevalue.Valuecanrangefrom2to10.Defaultvalueis4.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexamplesetsthetransmitintervalto20secondsandtheholdmultiplierto5,whichwill
configureatimetoliveof100tobeusedintheTTLfieldintheLLDPDUheader.
B5(rw)->set lldp tx-interval 20
B5(rw)->set lldp hold-multiplier 5

set lldp trap-interval

UsethiscommandtosettheminimumintervalbetweenLLDPnotificationssentbythisdevice.
LLDPnotificationsaresentwhenaremotesystemchangehasbeendetected.

Syntax
set lldp trap-interval frequency

Parameters
frequency

SpecifiestheminimumtimebetweenLLDPtraptransmissions,in
seconds.Thevaluecanrangefrom5to3600seconds.Thedefault
valueis5seconds.

Defaults
None.

Mode
Switchcommand,readwrite.

6-24

Discovery Protocol Configuration

set lldp med-fast-repeat

Example
ThisexamplesetstheminimumintervalbetweenLLDPtrapsto10seconds.
B5(rw)->set lldp trap-interval 10

set lldp med-fast-repeat

NetworkconnectivitydevicestransmitonlyLLDPTLVsinLLDPDUsuntiltheydetectthatan
LLDPMEDendpointdevicehasconnectedtoaport.Atthatpoint,thenetworkconnectivity
devicestartssendingLLDPMEDTLVsatafaststartrateonthatport.Usethiscommandtosetthe
numberofsuccessiveLLDPDUs(withLLDPMEDTLVs)tobesentforonecompletefaststart
interval.

Syntax
set lldp med-fast-repeat count

Parameters
count

SpecifiesthenumberoffaststartLLDPDUstobesentwhenan
LLDPMEDendpointdeviceisdetected.Valuecanrangefrom1to
10.Defaultis3.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexamplesetsthenumberoffaststartLLDPDUstobesentto4.
B5(rw)->set lldp med-fast-repeat 4

set lldp port status

UsethiscommandtoenableordisabletransmittingandprocessingreceivedLLDPDUsonaport
orrangeofports.

Syntax
set lldp port status {tx-enable | rx-enable | both | disable} port-string

Parameters
txenable

EnablestransmittingLLDPDUsonthespecifiedports.

rxenable

EnablesreceivingandprocessingLLDPDUsfromremotesystemson
thespecifiedports.

both

EnablesbothtransmittingandprocessingreceivedLLDPDUsonthe
specifiedports.

disable

DisablesbothtransmittingandprocessingreceivedLLDPDUsonthe
specifiedports.

Enterasys B5 CLI Reference

6-25

set lldp port trap

portstring

Specifiestheportorrangeofportstobeaffected.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleenablesbothtransmittingLLDPDUsandreceivingandprocessingLLDPDUsfrom
remotesystemsonportsge.1.1throughge.1.6.
B5(rw)->set lldp port status both ge.1.1-6

set lldp port trap

UsethiscommandtoenableordisablesendingLLDPnotifications(traps)whenaremotesystem
changeisdetected.

Syntax
set lldp port trap {enable | disable} port-string

Parameters
enable

EnabletransmittingLLDPtrapsonthespecifiedports.

disable

DisabletransmittingLLDPtrapsonthespecifiedports.

portstring

Specifiestheportorrangeofportstobeaffected.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleenablestransmittingLLDPtrapsonportsge.1.1throughge.1.6.
B5(rw)->set lldp port trap enable ge.1.1-6

set lldp port med-trap

UsethiscommandtoenableordisablesendinganLLDPMEDnotificationwhenachangeinthe
topologyhasbeensensedontheport(thatis,aremoteendpointdevicehasbeenattachedor
removedfromtheport).

Syntax
set lldp port med-trap {enable | disable} port-string

6-26

Discovery Protocol Configuration

set lldp port location-info

Parameters
enable

EnablestransmittingLLDPMEDtrapsonthespecifiedports.

disable

DisablestransmittingLLDPMEDtrapsonthespecifiedports.

portstring

Specifiestheportorrangeofportstobeaffected.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleenablestransmittingLLDPMEDtrapsonportsge.1.1throughge.1.6.
B5(rw)->set lldp port med-trap enable ge.1.1-6

set lldp port location-info

UsethiscommandtoconfigureLLDPMEDlocationinformationonaportorrangeofports.
Currently,onlyEmergencyCallServices(ECS)EmergencyLocationIdentificationNumber(ELIN)
issupported.

Syntax
set lldp port location-info elin elin-string port-string

Parameters
elin

SpecifiesthattheECSELINdataformatistobeused.

elinstring

Specifiesthelocationidentifier.Valuecanbefrom10to25numerical
characters.

portstring

Specifiestheportorrangeofportstobeaffected.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Afteryouconfigurealocationinformationvalue,youmustalsoconfiguretheporttosendthe
LocationInformationTLVwiththesetlldpporttxtlvcommand.Thisexampleconfiguresthe
ELINidentifier5551234567onportsge.1.1throughge.1.6andthenconfigurestheportstosend
theLocationInformationTLV.
B5(rw)->set lldp port location-info 5551234567 ge.1.1-6
B5(rw)->set lldp port tx-tlv med-loc ge.1.1-6

Enterasys B5 CLI Reference

6-27

set lldp port tx-tlv

UsethiscommandtoselecttheoptionalLLDPandLLDPMEDTLVstobetransmittedin
LLDPDUsbythespecifiedportorports.Usetheshowlldpportlocalinfocommandtodisplay
thevaluesoftheseTLVsfortheport.

Syntax
set lldp port tx-tlv {[all] | [port-desc] [sys-name] [sys-desc] [sys-cap] [mgmtaddr] [vlan-id] [stp] [lacp] [gvrp] [mac-phy] [poe] [link-aggr] [max-frame] [medcap] [med-pol] [med-loc] [med-poe]} port-string

Parameters

6-28

all

AddsalloptionalTLVstotransmittedLLDPDUs.

portdesc

PortDescriptionoptionalbasicLLDPTLV.ValuesentisifDescrobject
definedinRFC2863.

sysname

SystemNameoptionalbasicLLDPTLV.Valuesentisthe
administrativelyassignednameforthesystem.

sysdesc

SystemDescriptionoptionalbasicLLDPTLV.ValuesentissysDescr
objectdefinedinRFC3418.

syscap

SystemCapabilitiesoptionalbasicLLDPTLV.Foranetwork
connectivitydevice,valuesentcanbebridgeand/orrouter.

mgmtaddr

ManagementAddressoptionalbasicLLDPTLV.ValuesentisIPv4
addressofhostinterface.

vlanid

PortVLANIDIEEE802.1ExtensionsTLV.ValuesentisportVLAN
ID(PVID).

stp

SpanningTreeinformationdefinedbyProtocolIdentityIEEE802.1
ExtensionsTLV.IfSTPisenabledontheport,valuesentincludes
versionofprotocolbeingused.

lacp

LACPinformationdefinedbyProtocolIdentityIEEE802.1
ExtensionsTLV.IfLACPisenabledontheport,valuesentincludes
versionofprotocolbeingused.

gvrp

GVRPinformationdefinedbyProtocolIdentityIEEE802.1
ExtensionsTLV.IfLACPisenabledontheport,valuesentincludes
versionofprotocolbeingused.

macphy

MACPHYConfiguration/StatusIEEE802.3ExtensionsTLV.Value
sentincludestheoperationalMAUtype,duplex,andspeedofthe
port.

poe

PowerviaMDIIEEE802.3ExtensionsTLV.Valuessentinclude
whetherpairselectioncanbecontrolledonport,andthepowerclass
suppliedbytheport.OnlyvalidforPoEenabledports.

linkaggr

LinkAggregationIEEE802.3ExtensionsTLV.Valuessentindicate
whetherthelinkassociatedwiththisportcanbeaggregated,
whetheritiscurrentlyaggregated,andifaggregated,theaggregated
portidentifier.

maxframe

MaximumFrameSizeIEEE802.3ExtensionsTLV.Valuesent
indicatesmaximumframesizeoftheportsMACandPHY.

Discovery Protocol Configuration

set lldp port network-policy

medcap

LLDPMEDCapabilitiesTLV.Valuesentindicatesthecapabilities
(whetherthedevicesupportslocationinformation,networkpolicy,
extendedpowerviaMDI)andDeviceType(networkconnectivity
device)ofthesendingdevice.

medpol

LLDPMEDNetworkPolicyTLV.Valuessentincludeapplication
name,VLANtype(taggedoruntagged),VLANID,andbothLayer2
andLayer3prioritiesassociatedwithapplication,forallapplications
enabledontheport.Seethesetlldpportnetworkpolicycommand
formoreinformation.

medloc

LLDPMEDLocationIdentificationTLV.ValuesentistheECSELIN
valueconfiguredontheport.Seethesetlldpportlocationinfo
commandformoreinformation.

medpoe

LLDPMEDExtendedPowerviaMDITLV.Valuessentincludethe
PowerLimit(totalpowertheportiscapableofsourcingovera
maximumlengthcable)andthepowerpriorityconfiguredonthe
port.OnlyvalidforPoEenabledports.

portstring

Specifiestheportorrangeofportstobeaffected.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleconfiguresthemanagementaddress,MEDcapability,MEDnetworkpolicy,and
MEDlocationidentificationTLVstobesentinLLDPDUsbyportge.1.1.
B5(rw)->set lldp port tx-tlv mgmt-addr med-cap med-pol med-loc ge.1.1

set lldp port network-policy

UsethiscommandtoconfigureLLDPnetworkpoliciesforasetofapplicationsonaportorrange
ofports.ThepoliciesconfiguredwiththiscommandaresentinLLDPDUsasLLDPMED
NetworkPolicyTLVs.MultipleNetworkPolicyTLVscanbesentinasingleLLDPDU.

Syntax
set lldp port network-policy {all | voice | voice-signaling | guest-voice |
guest-voice-signaling | softphone-voice | video-conferencing | streaming-video |
video-signaling} [state {enable | disable}] [tag {tagged | untagged}]
[vid {vlan-id | dot1p}] [cos cos-value] [dscp dscp-value] port-string

Parameters
all

Configuresallapplications.

voice

Configuresthevoiceapplication.

voicesignaling

Configuresthevoicesignalingapplication.
Thisapplicationwillnotbeadvertisedifthevoiceapplicationis
configuredwiththesameparameters.

Enterasys B5 CLI Reference

6-29

set lldp port network-policy

guestvoice

Configurestheguestvoiceapplication.

guestvoicesignaling

Configurestheguestvoicesignalingapplication.
Thisapplicationwillnotbeadvertisediftheguestvoice
applicationisconfiguredwiththesameparameters.

softphonevoice

Configuresthesoftphonevoiceapplication.

videoconferencing

Configuresthevideoconferencingapplication.

streamingvideo

Configuresthestreamingvideoapplication.

videosignaling

Configuresthevideosignalingapplication.
Thisapplicationwillnotbeadvertisedifthevideoconferencing
applicationisconfiguredwiththesameparameters.

stateenable|disable

(Optional)Enablesordisablesadvertisingtheapplication
informationbeingconfigured.

tagtagged|untagged

(Optional)Indicateswhethertheapplicationbeingconfiguredis
usingataggedoruntaggedVLAN.Ifuntagged,boththeVLANID
andtheCoSpriorityfieldsareignoredandonlytheDSCPvalue
hasrelevance.

vidvlanid|dot1p

(Optional)VLANidentifierfortheport.Thevalueofvlanidcan
rangefrom1to4093.
Usedot1pifthedeviceisusingprioritytaggedframes,meaning
thatonlytheIEEE802.1Dprioritylevelissignificantandthe
defaultPVIDoftheingressportisused.

coscosvalue

(Optional)SpecifiestheLayer2prioritytobeusedforthe
applicationbeingconfigured.Thevaluecanrangefrom0to7.A
valueof0representsuseofthedefaultpriorityasdefinedinIEEE
802.1D.

dscpdscpvalue

(Optional)SpecifiestheDSCPvaluetobeusedtoprovideDiffserv
nodebehaviorfortheapplicationbeingconfigured.Thevaluecan
rangefrom0to63.Avalueof0representsuseofthedefaultDSCP
valueasdefinedinRFC2475.

portstring

Specifiestheportorrangeofportstobeaffected.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
ThisfeatureallowsadministratorstoquicklyprovisionLLDPendpointsviatheswitch.LLDP
clientswillusetheseLLDPnetworkpolicyparametersfortrafficoriginatingfromtheendpoint.
AsdescribedintheANSI/TIAStandardsdocument1057,theNetworkPolicyTLVisintendedfor
usewithapplicationsthathavespecificrealtimenetworkpolicyrequirements,suchasinteractive
voiceand/orvideoservicesandshouldbeimplementedonlyondirectlinksbetweennetwork
connectivitydevicesandendpointdevices.RefertotheANSI/TIAStandardsdocument1057for
descriptionsoftheapplicationtypes.

6-30

Discovery Protocol Configuration

clear lldp

AfteryouconfigureNetworkPolicyTLVs,youmustalsoconfiguretheporttosendtheNetwork
PolicyTLVwiththesetlldpporttxtlvcommand.

Example
ThisexampleconfiguresthevoiceapplicationTLVonportge.2.1andthenconfigurestheportto
sendtheNetworkPolicyTLV.
B5(rw)->set lldp port network-policy voice state enable tag tagged vlan dot1p
ge.2.1
B5(rw)->set lldp port tx-tlv med-pol ge.2.1

clear lldp
UsethiscommandtoreturnLLDPparameterstotheirdefaultvalues.

Syntax
clear lldp {all | tx-interval | hold-multiplier | trap-interval | med-fast-repeat}

Parameters
all

ReturnsallLLDPconfigurationparameterstotheirdefaultvalues,
includingportLLDPconfigurationparameters.

txinterval

ReturnsthenumberofsecondsbetweentransmissionsofLLDP
frames.tothedefaultof30seconds.

holdmultiplier

Returnsthemultipliertoapplytothetransmitintervaltodetermine
thetimetolivevaluetothedefaultvalueof4.

trapinterval

ReturnstheminimumtimebetweenLLSPtraptransmissionstothe
defaultvalueof5seconds.

medfastrepeat

ReturnsthenumberoffaststartLLDPDUstobesentwhenanLLDP
MEDendpointdeviceisdetectedtothedefaultof3.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexamplereturnsthetransmitintervaltothedefaultvalueof30seconds.
B5(rw)->clear lldp tx-interval

clear lldp port status

Usethiscommandtoreturntheportstatustothedefaultvalueofboth(bothtransmittingand
processingreceivedLLDPDUsareenabled).

Syntax
clear lldp port status port-string

Enterasys B5 CLI Reference

6-31

clear lldp port trap

Parameters
portstring

Specifiestheportorrangeofportstobeaffected.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexamplereturnsportge.1.1tothedefaultstateofenabledforbothtransmittingand
processingreceivedLLDPDUs.
B5(rw)->clear lldp port status ge.1.1

clear lldp port trap

UsethiscommandtoreturntheportLLDPtrapsettingtothedefaultvalueofdisabled.

Syntax
clear lldp port trap port-string

Parameters
portstring

Specifiestheportorrangeofportstobeaffected.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexamplereturnsportge.1.1tothedefaultLLDPtrapstateofdisabled.
B5(rw)->clear lldp port trap ge.1.1

clear lldp port med-trap

UsethiscommandtoreturntheportLLDPMEDtrapsettingtothedefaultvalueofdisabled.

Syntax
clear lldp port med-trap port-string

Parameters
portstring

6-32

Discovery Protocol Configuration

Specifiestheportorrangeofportstobeaffected.

clear lldp port location-info

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexamplereturnsportge.1.1tothedefaultLLDPMEDtrapstateofdisabled.
B5(rw)->clear lldp port med-trap ge.1.1

clear lldp port location-info

UsethiscommandtoreturntheportECSELINlocationsettingtothedefaultvalueofnull.

Syntax
clear lldp port location-info elin port-string

Parameters
elin

SpecifiesthattheECSELINlocationinformationvalueshouldbe
cleared.

portstring

Specifiestheportorrangeofportstobeaffected.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexamplereturnsthelocationinformationELINvalueonportge.1.1tothedefaultvalueof
null.
B5(rw)->clear lldp port location-info elin ge.1.1

clear lldp port network-policy

UsethiscommandtoreturnLLDPnetworkpolicyforasetofapplicationsonaportorrangeof
portstodefaultvalues.

Syntax
clear lldp port network-policy {all | voice | voice-signaling | guest-voice |
guest-voice-signaling | softphone-voice | video-conferencing | streaming-video |
video-signaling} {[state] [tag] [vid] [cos] [dscp]} port-string

Parameters
all

Appliescommandtoallapplications.

Enterasys B5 CLI Reference

6-33

clear lldp port tx-tlv

voice

Appliescommandtothevoiceapplication.

voicesignaling

Appliescommandtothevoicesignalingapplication.

guestvoice

Appliescommandtotheguestvoiceapplication.

guestvoicesignaling

Appliescommandtotheguestvoicesignalingapplication.

softphonevoice

Appliescommandtothesoftphonevoiceapplication.

videoconferencing

Appliescommandtothevideoconferencingapplication.

streamingvideo

Appliescommandtothestreamingvideoapplication.

videosignaling

Appliescommandtothevideosignalingapplication.

state

(Optional)Clearsthestateofadvertisingtheapplication
informationbeingconfiguredtodisabled.

tag

(Optional)Clearsthetagvalueoftheapplicationbeingconfigured
tountagged.

vid

(Optional)ClearstheVLANidentifierfortheporttothedefault
valueof1.

cos

(Optional)ClearstheLayer2prioritytobeusedfortheapplication
beingconfiguredtothedefaultvalueof0.(Avalueof0represents
useofthedefaultpriorityasdefinedinIEEE802.1D.)

dscp

(Optional)ClearstheDSCPvaluetobeusedtoprovideDiffserv
nodebehaviorfortheapplicationbeingconfiguredtothedefault
valueof0.(Avalueof0representsuseofthedefaultDSCPvalue
asdefinedinRFC2475.)

portstring

Specifiestheportorrangeofportstobeaffected.

Defaults
Atleastoneapplication(orall)andonepolicyparametermustbespecified.

Mode
Switchcommand,readwrite.

Example
Thisexamplereturnsallnetworkpolicyvaluesforallapplicationsonportge.1.1totheirdefault
values.
B5(rw)->clear lldp port network-policy all state tag vid cos dscp ge.1.1

clear lldp port tx-tlv

UsethiscommandtocleartheoptionalLLDPandLLDPMEDTLVstobetransmittedin
LLDPDUsbythespecifiedportorportstothedefaultvalueofdisabled.

Syntax
clear lldp port tx-tlv {[all] | [port-desc] [sys-name] [sys-desc] [sys-cap] [mgmtaddr] [vlan-id] [stp] [lacp] [gvrp] [mac-phy] [poe] [link-aggr] [max-frame] [medcap] [med-pol] [med-loc] [med-poe]} port-string

6-34

Discovery Protocol Configuration

clear lldp port tx-tlv

Parameters
all

DisablesalloptionalTLVsfrombeingtransmittedinLLDPDUs.

portdesc

DisablesthePortDescriptionoptionalbasicLLDPTLVfrombeing
transmittedinLLDPDUs.

sysname

DisablestheSystemNameoptionalbasicLLDPTLVfrombeing
transmittedinLLDPDUs.

sysdesc

DisablestheSystemDescriptionoptionalbasicLLDPTLVfrombeing
transmittedinLLDPDUs.

syscap

DisablestheSystemCapabilitiesoptionalbasicLLDPTLVfrom
beingtransmittedinLLDPDUs.

mgmtaddr

DisablestheManagementAddressoptionalbasicLLDPTLVfrom
beingtransmittedinLLDPDUs.

vlanid

DisablesthePortVLANIDIEEE802.1ExtensionsTLVfrombeing
transmittedinLLDPDUs.

stp

DisablestheSpanningTreeinformationdefinedbyProtocolIdentity
IEEE802.1ExtensionsTLVfrombeingtransmittedinLLDPDUs.

lacp

DisablestheLACPinformationdefinedbyProtocolIdentityIEEE
802.1ExtensionsTLVfrombeingtransmittedinLLDPDUs.

gvrp

DisablestheGVRPinformationdefinedbyProtocolIdentityIEEE
802.1ExtensionsTLVfrombeingtransmittedinLLDPDUs.

macphy

DisablestheMACPHYConfiguration/StatusIEEE802.3Extensions
TLVfrombeingtransmittedinLLDPDUs.

poe

DisablesthePowerviaMDIIEEE802.3ExtensionsTLVfrombeing
transmittedinLLDPDUs.OnlyvalidforPoEenabledports.

linkaggr

DisablestheLinkAggregationIEEE802.3ExtensionsTLVfrombeing
transmittedinLLDPDUs.

maxframe

DisablestheMaximumFrameSizeIEEE802.3ExtensionsTLVfrom
beingtransmittedinLLDPDUs.

medcap

DisablestheLLDPMEDCapabilitiesTLVfrombeingtransmittedin
LLDPDUs.

medpol

DisablestheLLDPMEDNetworkPolicyTLVfrombeingtransmitted
inLLDPDUs.

medloc

DisablestheLLDPMEDLocationIdentificationTLVfrombeing
transmittedinLLDPDUs.

medpoe

DisablestheLLDPMEDExtendedPowerviaMDITLVfrombeing
transmittedinLLDPDUs.OnlyvalidforPoEenabledports.

portstring

Specifiestheportorrangeofportstobeaffected.

Defaults
None.

Mode
Switchcommand,readwrite.

Enterasys B5 CLI Reference

6-35

clear lldp port tx-tlv

Example
Thisexampledisablesthemanagementaddress,MEDcapability,MEDnetworkpolicy,andMED
locationidentificationTLVsfrombeingsentinLLDPDUsbyportge.1.1.
B5(rw)->clear lldp port tx-tlv mgmt-addr med-cap med-pol med-loc ge.1.1

6-36

Discovery Protocol Configuration

7
Port Configuration
ThischapterdescribesthePortConfigurationsetofcommandsandhowtousethem.
For information about...

Refer to page...

Port Configuration Summary

7-1

Reviewing Port Status

7-2

Disabling / Enabling and Naming Ports

7-7

Setting Speed and Duplex Mode

7-11

Enabling / Disabling Jumbo Frame Support

7-14

Setting Auto-Negotiation and Advertised Ability

7-16

Setting Flow Control

7-22

Setting Port Link Traps and Link Flap Detection

7-24

Configuring Broadcast Suppression

7-35

Port Mirroring

7-38

Link Aggregation Control Protocol (LACP)

7-44

Configuring Protected Ports

7-58

Port Configuration Summary

Port String Syntax Used in the CLI
Commandsrequiringaportstringparameterusethefollowingsyntaxtodesignateporttype,slot
location,andportnumber:
porttype.unit_or_slotnumber.portnumber
Whereporttypecanbe:
fefor100MbpsEthernet
gefor1GbpsEthernet
tgfor10GbpsEthernet
hostforthehostport
vlanforvlaninterfaces
lagforIEEE802.3linkaggregationports
Whereunit_or_slotnumbercanbe:
18forswitchunitsinastack

Enterasys B5 CLI Reference

7-1

Reviewing Port Status

Whereportnumberdependsonthedevice.Thehighestvalidportnumberisdependentonthe
numberofportsinthedeviceandtheporttype.

Port Slot/Unit Parameters Used in the CLI

TheunitparameterisoftenusedinterchangeablywithmoduleinthestandaloneswitchCLI
toindicateamoduleslotlocation.

Examples
Note: You can use a wildcard (*) to indicate all of an item. For example, fe.3.* would represent all
100Mbps Ethernet (fe) ports in slot 3, and ge.3 * would represent all 1-Gigabit Ethernet (ge) ports
in slot 3.

Thisexampleshowstheportstringsyntaxforspecifyingthe1GigabitEthernetport14inunit3.
ge.3.14

Thisexampleshowstheportstringsyntaxforspecifyingall1GigabitEthernetportsinunit3in
thesystem.
ge.3.*

Thisexampleshowstheportstringsyntaxforspecifyingallports(ofanyinterfacetype)inthe
system.
*.*.*

Reviewing Port Status

Purpose
Todisplayoperatingstatus,duplexmode,speed,porttype,andstatisticalinformationabout
trafficreceivedandtransmittedthroughoneorallswitchportsonthedevice.

Commands
For information about...

7-2

Refer to page...

show port

7-3

show port status

7-3

show port counters

7-4

clear port counters

7-6

show port cablestatus

7-6

Port Configuration

show port

show port
Usethiscommandtodisplaywhetherornotoneormoreportsareenabledforswitching.

Syntax
show port [port-string]

Parameters
portstring

(Optional)Displaysoperationalstatusforspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage71.

Defaults
Ifportstringisnotspecified,operationalstatusinformationforallportswillbedisplayed.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplayoperationalstatusinformationforge.3.14:
B5(su)->show port ge.3.14
Port ge.3.14 enabled

show port status

Usethiscommandtodisplayoperatingandadminstatus,speed,duplexmodeandporttypefor
oneormoreportsonthedevice.

Syntax
show port status [port-string]

Parameters
portstring

(Optional)Displaysstatusforspecificport(s).Foradetaileddescriptionof
possibleportstringvalues,refertoPortStringSyntaxUsedintheCLIon
page71.

Defaults
Ifportstringisnotspecified,statusinformationforallportswillbedisplayed.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaystatusinformationforge.1.1andge.1.2:
B5(su)->show port status ge.1.12

Enterasys B5 CLI Reference

7-3

show port counters

Alias
Port
(truncated)
--------- -----------ge.1.47
ge.1.48

Oper
Status
------Down
Up

Admin
Status
------Up
Up

Speed
(bps)
--------N/A
1.0G

Duplex
------N/A
full

Type
-----------RJ45
RJ45

Table 71providesanexplanationofthecommandoutput.
Table 7-1

show port status Output Details

Output Field

What It Displays...

Port

Port designation. For a detailed description of possible port-string values, refer to

Port String Syntax Used in the CLI on page 7-1.

Alias (truncated)

Alias configured for the port. For details on using the set port alias command, refer
to set port alias on page 7-9.

Oper Status

Operating status (up or down).

Admin Status

Whether the specified port is enabled (up) or disabled (down). For details on using
the set port disable command to change the default port status of enabled, refer to
set port disable on page 7-8. For details on using the set port enable command to
re-enable ports, refer to set port enable on page 7-8.

Speed

Operational speed in Mbps or Kbps of the specified port. For details on using the set
port speed command to change defaults, refer to set port speed on page 7-12.

Duplex

Duplex mode (half or full) of the specified port. For details on using the set port
duplex command to change defaults, refer to Setting Auto-Negotiation and
Advertised Ability on page 7-16.

Type

Physical port and interface type.

show port counters

Usethiscommandtodisplayportcounterstatisticsdetailingtrafficthroughthedeviceand
throughallMIB2networkdevices.

Syntax
show port counters [port-string] [switch | mib2]

Parameters
portstring

(Optional)Displayscounterstatisticsforspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage71.

switch|mib2

(Optional)DisplaysswitchorMIB2statistics.Switchstatisticsdetail
performanceoftheEnterasysB5device.MIB2interfacestatisticsdetail
performanceofallnetworkdevices.

Defaults
Ifportstringisnotspecified,counterstatisticswillbedisplayedforallports.
Ifmib2orswitcharenotspecified,allcounterstatisticswillbedisplayedforthespecifiedport(s).

Mode
Switchcommand,readonly.

7-4

Port Configuration

show port counters

Examples
Thisexampleshowshowtodisplayallcounterstatistics,includingMIB2networktrafficand
trafficthroughthedeviceforge.3.1:
B5(su)->show port counters ge.3.1
MIB2 Interface: 1
Port: ge.3.1
No counter discontinuity time
----------------------------------------------------------------MIB2 Interface Counters
----------------------In Octets
In Unicast Pkts
In Multicast Pkts
In Broadcast Pkts
In Discards
In Errors
Out Octets
Out Unicasts Pkts
Out Multicast Pkts
Out Broadcast Pkts
Out Errors

0
0
0
0
0
0
0
0
0
0
0

802.1Q Switch Counters

---------------------Frames Received
Frames Transmitted

0
0

Thisexampleshowshowtodisplayallge.3.1portcounterstatisticsrelatedtotrafficthroughthe
device.
B5(su)->show port counters ge.3.1 switch
Port: ge.3.1

Bridge Port: 2

802.1Q Switch Counters

----------------------Frames Received

Frames Transmitted

Table 72providesanexplanationofthecommandoutput.
Table 7-2

show port counters Output Details

Output Field

What It Displays...

Port

Port designation. For a detailed description of possible port-string values, refer to

Port String Syntax Used in the CLI on page 7-1.

MIB2 Interface

MIB2 interface designation.

Bridge Port

IEEE 802.1D bridge port designation.

MIB2 Interface
Counters

MIB2 network traffic counts

802.1Q Switch
Counters

Counts of frames received, transmitted, and filtered.

Enterasys B5 CLI Reference

7-5

clear port counters

Usethiscommandtoclearportcounterstatisticsforaportorrangeofports.

Syntax
clear port counters [port-string]

Parameters
portstring

(Optional)Specifiestheportorrangeofportstoclearportcounter
statistics.

Defaults
Ifnoportstringisspecified,portcountersareclearedforallports.

Mode
Switchcommand,readwrite

Example
Thisexampleclearstheportcountersforge.3.1.
B5(rw)->clear port counters ge.3.1

show port cablestatus

Usethiscommandtotroubleshootandlocatefaultsincoppercableconnectionsonaperport
basis.Thiscommandisonlyavailableonswitchplatformsthatprovide1GigabitEthernetRJ45
ports.

Syntax
show port cablestatus [port-string]

Parameters
portstring

(Optional)Specifiestheportorportstoshowstatusfor.

Defaults
Ifnoportisspecified,informationaboutallportswillbedisplayed.

Mode
Switchcommand,readonly.

Usage
For1GigabitEthernetRJ45portsonly,thiscommandwilldisplaythestatusoftheportscable
connection(describedinTable 73below),andtheapproximatelengthofthecableattachedtothe
port.Ifyourswitchplatformdoesnotsupport1GERJ45ports,thiscommandwillnotbe
available.
Ifnocableisattachedtotheport,thestatuswillbeOpenandnolengthwillbeshown.Ifthe
portisnota1GERJ45port,thecommandwillreturnastatusofNotSupported.

7-6

Port Configuration

Disabling / Enabling and Naming Ports

Sincerunningthecablediagnosticsmaymomentarilyinterruptpacketflow,awarningmessageis
displayedandyouarepromptedtocontinue.

Example
Thisexampleshowsthecablestatusforportge.1.1.
B5(su)->show port cablestatus ge.1.1
Warning: port(s) will be offline momentarily.
Do you want to continue (y/n) [n]?y
Port
Status
--------- --------ge.1.1
Normal

Length
------3(m)-5(m)

Table 73providesanexplanationofthecommandoutput.
Table 7-3

show port cablestatus Output Details

Output Field

What it displays...

Port

Lists the port designation.

Status

Indicates the status of the port. The value is one of the following:
Normal = normal
Open = no cable attached to port
Short = detection of an inter-pair short
Fail = unknown error or crosstalk
Detach = indicates ports on stack units that are no longer present,
but were previously connected
Not Supported = ports other than 1GE RJ45 ports

Length

Indicates the approximate length of the cable attached to the port.

Disabling / Enabling and Naming Ports

Purpose
Todisableandreenableoneormoreports,andtoassignanaliastoaport.Bydefault,allportsare
enabledatdevicestartup.Youmaywanttodisableportsforsecurityortotroubleshootnetwork
issues.Portsmayalsobeassignedanaliasforconvenience.

Commands
For information about...

Refer to page...

set port disable

7-8

set port enable

7-8

show port alias

7-9

set port alias

7-9

Enterasys B5 CLI Reference

7-7

set port disable

Usethiscommandtoadministrativelydisableoneormoreports.Whenthiscommandis
executed,inadditiontodisablingthephysicalEthernetlink,theportwillnolongerlearnentries
intheforwardingdatabase.

Syntax
set port disable port-string

Parameters
portstring

Specifiestheport(s)todisable.Foradetaileddescriptionofpossibleport
stringvalues,refertoPortStringSyntaxUsedintheCLIonpage71.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtodisablege.1.1:
B5(su)->set port disable ge.1.1

set port enable

Usethiscommandtoadministrativelyenableoneormoreports.

Syntax
set port enable port-string

Parameters
portstring

Specifiestheport(s)toenable.Foradetaileddescriptionofpossibleport
stringvalues,refertoPortStringSyntaxUsedintheCLIonpage71.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoenablege.1.3:
B5(su)->set port enable ge.1.3

7-8

Port Configuration

show port alias

Usethiscommandtodisplaythealiasnameforoneormoreports.

Syntax
show port alias [port-string]

Parameters
portstring

(Optional)Displaysaliasname(s)forspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntax
UsedintheCLIonpage71.

Defaults
Ifportstringisnotspecified,aliasesforallportswillbedisplayed.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplayaliasinformationforports13onslot3:
B5(rw)->show
Port ge.3.1
Port ge.3.2
Port ge.3.3

port alias ge.3.1-3

user
user
Admin

set port alias

Usethiscommandtoassignanaliasnametoaport.

Syntax
set port alias port-string [name]

Parameters
portstring

Specifiestheporttowhichanaliaswillbeassigned.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntax
UsedintheCLIonpage71.

name

(Optional)Assignsanaliasnametotheport.Ifthealiasnamecontains
spaces,thetextstringmustbesurroundedbydoublequotes.Maximum
lengthis60characters.

Defaults
Ifnameisnotspecified,thealiasassignedtotheportwillbecleared.

Mode
Switchcommand,readwrite.

Enterasys B5 CLI Reference

7-9

set port alias

Examples
ThisexampleshowshowtoassignthealiasAdmintoge.3.3:
B5(rw)->set port alias ge.3.3 Admin

Thisexampleshowshowtoclearthealiasforge.3.3:
B5(rw)->set port alias ge.3.3

7-10

Port Configuration

Setting Speed and Duplex Mode

Purpose
ToreviewandsettheoperationalspeedinMbpsandthedefaultduplexmode:Half,forhalf
duplex,orFull,forfullduplexforoneormoreports.

Note: These settings only take effect on ports that have auto-negotiation disabled.

Commands
For information about...

Refer to page...

show port speed

7-11

set port speed

7-12

show port duplex

7-12

set port duplex

7-16

show port speed

Usethiscommandtodisplaythedefaultspeedsettingononeormoreports.

Syntax
show port speed [port-string]

Parameters
portstring

(Optional)Displaysdefaultspeedsetting(s)forspecificport(s).Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage71.

Defaults
Ifportstringisnotspecified,defaultspeedsettingsforallportswilldisplay.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaythedefaultspeedsettingfor1GigabitEthernetport14in
slot 3:
B5(su)->show port speed ge.3.14
default speed is 10 on port ge.3.14.

Enterasys B5 CLI Reference

7-11

set port speed

Usethiscommandtosetthedefaultspeedofoneormoreports.Thissettingonlytakeseffecton
portsthathaveautonegotiationdisabled.

Syntax
set port speed port-string {10 | 100 | 1000}

Parameters
portstring

Specifiestheport(s)forwhichtoaspeedvaluewillbeset.Fora
detaileddescriptionofpossibleportstringvalues,refertoPort
StringSyntaxUsedintheCLIonpage71.

10|100|1000

Specifiestheportspeed.Validvaluesare:10 Mbps,100 Mbps,or

1000 Mbps.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtosetge.3.3toaportspeedof10 Mbps:
B5(su)->set port speed ge.3.3 10

show port duplex

Usethiscommandtodisplaythedefaultduplexsetting(halforfull)foroneormoreports.

Syntax
show port duplex [port-string]

Parameters
portstring

(Optional)Displaysdefaultduplexsetting(s)forspecificport(s).
Foradetaileddescriptionofpossibleportstringvalues,referto
PortStringSyntaxUsedintheCLIonpage71.

Defaults
Ifportstringisnotspecified,defaultduplexsettingsforallportswillbedisplayed.

Mode
Switchcommand,readonly.

7-12

Port Configuration

set port duplex

Example
ThisexampleshowshowtodisplaythedefaultduplexsettingforEthernetport14inslot 3:
B5(su)->show port duplex ge.3.14
default duplex mode is full on port ge.3.14.

set port duplex

Usethiscommandtosetthedefaultduplextypeforoneormoreports.Thiscommandwillonly
takeeffectonportsthathaveautonegotiationdisabled.

Syntax
set port duplex port-string {full | half}

Parameters
portstring

Specifiestheport(s)forwhichduplextypewillbeset.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntax
UsedintheCLIonpage71.

full|half

Setstheport(s)tofullduplexorhalfduplexoperation.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtosetge.1.17tofullduplex:
B5(su)->set port duplex ge.1.17 full

Enterasys B5 CLI Reference

7-13

Enabling / Disabling Jumbo Frame Support

Purpose
Toreview,enable,anddisablejumboframesupportononeormoreports.ThisallowsGigabit
Ethernetportstotransmitframesupto10KBinsize.LAGportscanalsobeconfiguredforjumbo
framesupport.

Commands
For information about...

Refer to page...

show port jumbo

7-14

set port jumbo

7-15

clear port jumbo

7-15

show port jumbo

Usethiscommandtodisplaythestatusofjumboframesupportandmaximumtransmissionunits
(MTU)ononeormoreports.

Syntax
show port jumbo [port-string]

Parameters
portstring

(Optional)Displaysthestatusofjumboframesupportforspecific
port(s).Foradetaileddescriptionofpossibleportstringvalues,referto
PortStringSyntaxUsedintheCLIonpage71.

Defaults
Ifportstringisnotspecified,jumboframesupportstatusforallportswilldisplay.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaythestatusofjumboframesupportforge.1.1:
B5(su)->show port jumbo ge.1.1
Port Number
Jumbo Status
Max Frame Size
------------- --------------- -----------------ge.1.1
Enable
9216

7-14

Port Configuration

set port jumbo

Usethiscommandtoenableordisablejumboframesupportononeormoreports.

Syntax
set port jumbo {enable | disable}[port-string]

Parameters
enable|disable

Enablesordisablesjumboframesupport.

portstring

(Optional)Specifiestheport(s)onwhichtodisableorenablejumbo
framesupport.Foradetaileddescriptionofpossibleportstringvalues,
refertoPortStringSyntaxUsedintheCLIonpage71.

Defaults
Ifportstringisnotspecified,jumboframesupportwillbeenabledordisabledonallports.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoenablejumboframesupportforGigabitEthernetport14inunit/slot
3:
B5(su)->set port jumbo enable ge.3.14

clear port jumbo

Usethiscommandtoresetjumboframesupportstatustoenabledononeormoreports.

Syntax
clear port jumbo [port-string]

Parameters
portstring

(Optional)Specifiestheport(s)onwhichtoresetjumboframe
supportstatustoenabled.Foradetaileddescriptionofpossible
portstringvalues,refertoPortStringSyntaxUsedintheCLIon
page71.

Defaults
Ifportstringisnotspecified,jumboframesupportstatuswillberesetonallports.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoresetjumboframesupportstatusforGigabitEthernetport14inslot 3:
B5(su)->clear port jumbo ge.3.14

Enterasys B5 CLI Reference

7-15

Setting Auto-Negotiation and Advertised Ability

Purpose
Toreview,disableorenableautonegotiation,andtoconfigureportadvertisementforspeedand
duplex.
Duringautonegotiation,theporttellsthedeviceattheotherendofthesegmentwhatits
capabilitiesandmodeofoperationare.Ifautonegotiationisdisabled,theportrevertstothe
valuesspecifiedbydefaultspeed,defaultduplex,andtheportflowcontrolcommands.
Innormaloperation,withallcapabilitiesenabled,advertisedabilityenablesaporttoadvertise
thatithastheabilitytooperateinanymode.Theusermaychoosetoconfigureaportsothatonly
aportionofitscapabilitiesareadvertisedandtheothersaredisabled.

Note: Advertised ability can be activated only on ports that have auto-negotiation enabled.

Commands
For information about...

Refer to page...

show port negotiation

7-16

set port negotiation

7-17

show port advertise

7-17

set port advertise

7-18

clear port advertise

7-19

show port mdix

7-20

set port mdix

7-20

show port negotiation

Usethiscommandtodisplaythestatusofautonegotiationforoneormoreports.

Syntax
show port negotiation [port-string]

Parameters
portstring

(Optional)Displaysautonegotiationstatusforspecificport(s).Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage71.

Defaults
Ifportstringisnotspecified,autonegotiationstatusforallportswillbedisplayed.

7-16

Port Configuration

set port negotiation

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplayautonegotiationstatusfor1GigabitEthernetport14inslot 3:
B5(su)->show port negotiation ge.3.14
auto-negotiation is enabled on port ge.3.14.

set port negotiation

Usethiscommandtoenableordisableautonegotiationononeormoreports.

Syntax
set port negotiation port-string {enable | disable}

Parameters
portstring

Specifiestheport(s)forwhichtoenableordisableautonegotiation.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage71.

enable|disable

Enablesordisablesautonegotiation.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtodisableautonegotiationon1GigabitEthernetport3inslot14:
B5(su)->set port negotiation ge.3.14 disable

show port advertise

Usethiscommandtodisplayportcapabilityandadvertisementasfarasspeedandduplexfor
autonegotiation.

Syntax
show port advertise [port-string]

Parameters
portstring

(Optional)Displaysadvertisedabilityforspecificport(s).Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage71.

Defaults
Ifportstringisnotspecified,advertisementforallportswillbedisplayed.
Enterasys B5 CLI Reference

7-17

set port advertise

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayadvertisementstatusforGigabitports13and14:
B5(su)->show port advertise ge.1.13-14
ge.1.13
capability
advertised
remote
------------------------------------------------10BASE-T
yes
yes
yes
10BASE-TFD
yes
yes
yes
100BASE-TX
yes
yes
yes
100BASE-TXFD
yes
yes
yes
1000BASE-T
no
no
no
1000BASE-TFD
yes
yes
yes
pause
yes
yes
no
ge.1.14
capability
advertised
remote
------------------------------------------------10BASE-T
yes
yes
yes
10BASE-TFD
yes
yes
yes
100BASE-TX
yes
yes
yes
100BASE-TXFD
yes
yes
yes
1000BASE-T
no
no
no
1000BASE-TFD
yes
yes
yes
pause
yes
yes
no

set port advertise

Usethiscommandtoconfigurewhataportwilladvertiseforspeed/duplexcapabilitiesinauto
negotiation.

Syntax
set port advertise {port-string}{10t | 10tfd | 100tx | 100txfd | 1000t | 1000tfd
| pause}

Parameters
portstring

Selecttheportsforwhichtoconfigureadvertisements.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage71.

10t

Advertise10BASEThalfduplexmode.

10tfd

Advertise10BASETfullduplexmode.

100tx

Advertise100BASETXhalfduplexmode.

100txfd

Advertise100BASETXfullduplexmode.

1000t

Advertise1000BASEThalfduplexmode.

1000tfd

Advertise1000BASETfullduplexmode.

pause

AdvertisePAUSEforfullduplexlinks.

Defaults
None.

7-18

Port Configuration

clear port advertise

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoconfigureport1toadvertise1000BASETfullduplex:
B5(su)->set port advertise ge.1.1 1000tfd

clear port advertise

Usethiscommandtoconfigureaporttonotadvertiseaspecificspeed/duplexcapabilitywhen
autonegotiatingwithanotherport.

Syntax
clear port advertise {port-string}{10t | 10tfd | 100tx | 100txfd | 1000t | 1000tfd
| pause}

Parameters
portstring

Clearadvertisementsforspecificport(s).Foradetaileddescriptionof
possibleportstringvalues,refertoPortStringSyntaxUsedinthe
CLIonpage71.

10t

Donotadvertise10BASEThalfduplexmode.

10tfd

Donotadvertise10BASETfullduplexmode.

100tx

Donotadvertise100BASETXhalfduplexmode.

100txfd

Donotadvertise100BASETXfullduplexmode.

1000t

Donotadvertise1000BASEThalfduplexmode.

1000tfd

Donotadvertise1000BASETfullduplexmode.

pause

DonotadvertisePAUSEforfullduplexlinks.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoconfigureport1tonotadvertise10MBcapabilityforauto
negotiation:
B5(su)->clear port advertise ge.1.1 10t 10tfd

Enterasys B5 CLI Reference

7-19

show port mdix

Usethiscommandtodisplaythestatusofcableconnectiontypeconfigurationmodeforoneor
moreports.Switchportscanautomaticallydetectandconfiguretherequiredcabletype,either
straightthrough(MDI)orcrossover(MDIX),ortheportscanbeconfiguredtoonlyallowone
typeofcabletype,eitherMDIorMDIX.

Syntax
show port mdix {all|auto|forced-auto|mdi|mdix} [port-string]

Parameters
all

Displayinformationaboutallports.

auto

Displayinformationabouttheportsconfiguredtoautomatically
determinetherequiredMDI/MDIXmode.

forcedauto

Displayinformationabouttheportsforcedautomaticallytodetermine
therequiredMDI/MDIXmode.

mdi

DisplayinformationabouttheportsconfiguredwithMDIonlymode.

mdix

DisplayinformationabouttheportsconfiguredwithMDIXonlymode.

portstring

(Optional)DisplaytheselectedMDI/MDIXmodeonlyfortheportor
portsspecified.

Defaults
Ifportstringisnotspecified,informationisdisplayedforallports.

Mode
Switchcommand,readonly.

Example
ThisexampledisplaysinformationaboutportsconfiguredforMDIXonlymode.
B5(su)->show port mdix mdix
Port Number
MDIX Mode
------------- -----------------ge.1.27
MDIX
ge.1.28
MDIX

set port mdix

Usethiscommandtoconfigurecableconnectiontypeconfigurationmodeforoneormoreports.

Syntax
set port mdix {auto|forced-auto|mdi|mdix} [port-string]

Parameters

7-20

auto

ConfigureportstoautomaticallydeterminetherequiredMDI/MDIX
mode.Thisisthedefaultcondition.

forcedauto

ForceportstoautomaticallydeterminetherequiredMDI/MDIXmode.

Port Configuration

set port mdix

mdi

ConfigureportstouseMDImodeonly.

mdix

ConfigureportstouseMDIXmodeonly.

portstring

(Optional)Specifytheportorportstoconfigure.

Defaults
Ifportstringisnotentered,allportsontheswitchareconfigured.

Mode
Switchcommand,readwrite.

Usage
Bydefault,Enterasys Networksswitchdevicesareconfiguredtoautomaticallydetectthecable
typeconnection,straightthrough(MDI)orcrossover(MDIX),requiredbythecableconnectedto
theport.YoucanconfigureportstoonlyuseMDIorMDIXconnectionswiththiscommand.
ThiscommandonlyconfiguresEthernetports,andcannotbeusedtoconfigurecomboportson
theswitch.FiberportsalwayshaveastatusofMDIX.

Example
Thisexampleconfiguresportsge.1.1andge.1.2touseMDIXmode.
B5(su)->set port mdix mdix ge.1.1-2

Enterasys B5 CLI Reference

7-21

Setting Flow Control

Purpose
Toreview,enableordisableportflowcontrol.Flowcontrolisusedtomanagethetransmission
betweentwodevicesasspecifiedbyIEEE 802.3xtopreventreceivingportsfrombeing
overwhelmedbyframesfromtransmittingdevices.

Commands
For information about...
show flowcontrol

7-22

set flowcontrol

7-22

show flowcontrol
Usethiscommandtodisplaytheflowcontrolstate.

Syntax
show flowcontrol

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaytheportflowcontrolstate:
B5(su)->show flowcontrol
Flow control status: enabled

set flowcontrol
Usethiscommandtoenableordisableflowcontrol.

Syntax
set flowcontrol {enable | disable}

Parameters
enable|disable

7-22

Refer to page...

Port Configuration

Enablesordisablesflowcontrolsettings.

set flowcontrol

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoenableflowcontrol:
B5(su)->set flowcontrol enable

Enterasys B5 CLI Reference

7-23

Setting Port Link Traps and Link Flap Detection

Purpose
Todisableorreenablelinktraps,displaylinktrapstatus,andtoconfigurethelinkflapping
detectionfunction.Bydefault,allportsareenabledtosendSNMPtrapmessagesindicating
changestotheirlinkstatus(upordown).
Thelinkflapfunctiondetectswhenalinkisgoingupanddownrapidly(alsocalledlink
flapping)onaphysicalport,andtakestherequiredactions(disableport,andeventuallysend
notificationtrap)tostopsuchacondition.Ifleftunresolved,thelinkflappingconditioncanbe
detrimentaltonetworkstabilitybecauseitcantriggerSpanningTreeandroutingtable
recalculation.

Commands
For information about...

Refer to page...

show port trap

7-24

set port trap

7-25

show linkflap

7-25

set linkflap globalstate

7-28

set linkflap portstate

7-28

set linkflap interval

7-29

set linkflap action

7-29

clear linkflap action

7-30

set linkflap threshold

7-30

set linkflap downtime

7-31

clear linkflap down

7-31

clear linkflap

7-32

show newaddrtrap

7-33

set newaddrtrap

7-33

show port trap

UsethiscommandtodisplaywhethertheportisenabledforgeneratinganSNMPtrapmessageif
itslinkstatechanges.

Syntax
show port trap [port-string]

Parameters
portstring

7-24

Port Configuration

(Optional)Displayslinktrapstatusforspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage71.

set port trap

Defaults
Ifportstringisnotspecified,thetrapstatusforallportswillbedisplayed.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtodisplaylinktrapstatusforge.3.1through4:
B5(su)->show port trap ge.3.1-4
Link traps enabled on port ge.3.1.
Link traps enabled on port ge.3.2.
Link traps enabled on port ge.3.3.
Link traps enabled on port ge.3.4.

set port trap

UsethiscommandtoenableofdisableportsforsendingSNMPtrapmessageswhentheirlink
statuschanges.

Syntax
set port trap port-string {enable | disable}

Parameters
portstring

Specifiestheport(s)forwhichtoenableordisableporttraps.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage71.

enable|disable

Enablesordisablessendingtrapmessageswhenlinkstatuschanges.

Defaults
Sendingtrapswhenlinkstatuschangesisenabledbydefault.

Mode
Switchcommand,readwrite.

Example
Thefollowingexampledisablessendingtraponge.3.1.
B5(su)->set port trap ge.3.1 disable

show linkflap
Usethiscommandtodisplaylinkflapdetectionstateandconfigurationinformation.

Syntax
show linkflap {globalstate | portstate | parameters | metrics | portsupported |
actsupported | maximum | downports | action | operstatus | threshold | interval]
| downtime | currentcount | totalcount | timelapsed | violations [port-string]}

Enterasys B5 CLI Reference

7-25

show linkflap

Parameters
globalstate

Displaystheglobalenablestateoflinkflapdetection.

portstate

Displaystheportenablestateoflinkflapdetection.

parameters

Displaysthecurrentvalueofsettablelinkflapdetectionparameters.

metrics

Displayslinkflapdetectionmetrics.

portsupported

Displaysportswhichcansupportthelinkflapdetectionfunction.

actsupported

Displayslinkflapdetectionactionssupportedbysystemhardware.

maximum

Displaysthemaximumallowedlinkdownsper10secondssupported
bysystemhardware.

downports

Displaysportsdisabledbylinkflapdetectionduetoaviolation.

action

Displayslinkflapactionstakenonviolatingport(s).

operstatus

Displayswhetherlinkflaphasdeactivatedport(s).

threshold

Displaysthenumberofallowedlinkdowntransitionsbeforeactionis
taken.

interval

Displaysthetimeperiodforcountinglinkdowntransitions.

downtime

Displayshowlongviolatingport(s)aredeactivated.

currentcount

Displayshowmanylinkdowntransitionsareinthecurrentinterval.

totalcount

Displayshowmanylinkdowntransitionshaveoccurredsincethelast
reset.

timelapsed

Displaysthetimeperiodsincethelastlinkdowneventorreset.

violations

Displaysthenumberoflinkflapviolationssincethelastreset.

portstring

(Optional)Displaysinformationforspecificport(s).

Defaults

Ifnotspecified,informationaboutalllinkflapdetectionsettingswillbedisplayed.

Ifportstringisnotspecified,informationforallportswillbedisplayed.

Mode
Switchmode,readonly.

Usage
Thelinkflapdefaultconditionsareshowninthefollowingtable.

7-26

Linkflap Parameter

Default Condition

Linkflap global state

Disabled

Linkflap port state

Disabled

Linkflap action

None

Linkflap interval

Linkflap maximum allowed link downs per 10 seconds

Linkflap threshold
(number of allowed link down transitions before action is taken)

Port Configuration

show linkflap

Examples
Thisexampleshowshowtodisplaytheglobalstatusofthelinktrapdetectionfunction:
B5(rw)->show linkflap globalstate
Linkflap feature globally disabled

Thisexampleshowshowtodisplayportsdisabledbylinkflapdetectionduetoaviolation:
B5(rw)->show linkflap downports
Ports currently held DOWN for Linkflap violations:
None.

Thisexampleshowshowtodisplaythelinkflapparameterstable:
B5(rw)->show linkflap parameters
Linkflap Port Settable Parameter Table (X
Port
LF Status Actions Threshold
-------- --------- ------- ---------ge.1.1
disabled
....... 10
ge.1.2
enabled
D..S..T 3
ge.1.3
disabled
...S..T 10

means error
Interval
---------5
5
5

occurred)
Downtime
---------300
300
300

Table 74providesanexplanationoftheshowlinkflapparameterscommandoutput.
Table 7-4

show linkflap parameters Output Details

Output Field

What it displays...

Port

Port designation.

LF Status

Link flap enabled state.

Actions

Actions to be taken if the port violates allowed link flap behavior.

D = disabled, S = Syslog entry will be generated, T= SNMP trap
will be generated.

Threshold

Number of link down transitions necessary to trigger the link flap

action.

Interval

Time interval (in seconds) for accumulating link down transitions.

Downtime

Interval (in seconds) port(s) will be held down after a link flap
violation.

Thisexampleshowshowtodisplaythelinkflapmetricstable:
B5(rw)->show linkflap metrics
Port
LinkStatus
CurrentCount
-------- ----------- -----------ge.1.1
operational 0
ge.1.2
disabled
4
ge.1.3
operational 3

TotalCount
---------0
15
3

TimeElapsed Violations
----------- ------------241437
0
147
5
241402
0

Table 75providesanexplanationoftheshowlinkflapmetricscommandoutput.
Table 7-5

show linkflap metrics Output Details

Output Field

What it displays...

Port

Port designation.

LinkStatus

Link status according to the link flap function.

CurrentCount

Link down count accruing toward the link flap threshold.

TotalCount

Number of link downs since system start,

Enterasys B5 CLI Reference

7-27

set linkflap globalstate

Table 7-5

show linkflap metrics Output Details (Continued)

Output Field

What it displays...

TimeElapsed

Time (in seconds) since the last link down event.

Violations

Number of link flap violations on listed ports since system start.

set linkflap globalstate

Usethiscommandtogloballyenableordisablethelinkflapdetectionfunction.

Syntax
set linkflap globalstate {disable | enable}

Parameters
disable|enable

Globallydisablesorenablesthelinkflapdetectionfunction.

Defaults
Bydefault,thefunctionisdisabledgloballyandonallports.

Mode
Switchmode,readwrite.

Usage
Bydefault,thefunctionisdisabledgloballyandonallports.Ifdisabledgloballyafterperport
settingshavebeenconfiguredusingthelinkflapcommands,perportsettingswillberetained.

Example
Thisexampleshowshowtogloballyenablethelinktrapdetectionfunction.
B5(rw)->set linkflap globalstate enable

set linkflap portstate

Usethiscommandtoenableordisablelinkflapmonitoringononeormoreports.

Syntax
set linkflap portstate {disable | enable} [port-string]

Parameters
disable|enable

Disablesorenablesthelinkflapdetectionfunction.

portstring

(Optional)Specifiestheportorportsonwhichtodisableorenable
monitoring.

Defaults
Ifportstringisnotspecified,allportsareenabledordisabled.

7-28

Port Configuration

set linkflap interval

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoenablethelinktrapmonitoringonallports.
B5(rw)->set linkflap portstate enable

set linkflap interval

Usethiscommandtosetthetimeinterval(inseconds)foraccumulatinglinkdowntransitions.

Syntax
set linkflap interval port-string interval-value

Parameters
portstring

Specifiestheport(s)onwhichtosetthelinkflapinterval.

intervalvalue

Specifiesanintervalinseconds.Avalueof0willsettheintervalto
forever.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtosetthelinkflapintervalonportge.1.4to1000seconds.
B5(rw)->set linkflap interval ge.1.4 1000

set linkflap action

Usethiscommandtosetreactionstoalinkflapviolation.

Syntax
set linkflap action port-string {disableInterface | gensyslogentry | gentrap |
all}

Parameters
portstring

Specifiestheport(s)onwhichtosetthelinkflapaction.

disableInterface

Setsthereactionasdisablingtheinterface.

gensyslogentry

Setsthereactionasgeneratingasyslogentry.

gentrap

SetsthereactionasgeneratinganSNMPtrap.

all

Setsthereactionasalloftheabove.

Enterasys B5 CLI Reference

7-29

clear linkflap action

Defaults
None.

Mode
Switchmode,readwrite.

Example
Thisexampleshowshowtosetthelinkflapviolationactiononportge.1.4togeneratingaSyslog
entry.
B5(rw)->set linkflap action ge.1.4 gensyslogentry

clear linkflap action

Usethiscommandtoclearreactionstoalinkflapviolation.

Syntax
clear linkflap action port-string {disableInterface | gensyslogentry | gentrap |
all}

Parameters
portstring

Specifiestheport(s)onwhichtoclearthelinkflapaction.

disableInterface

Clearsthereactionasdisablingtheinterface.

gensyslogentry

Clearsthereactionasgeneratingasyslogentry.

gentrap

ClearsthereactionasgeneratinganSNMPtrap.

all

Clearsthereactionasalloftheabove.

Defaults
Ifportstringisnotspecified,actionswillbeclearedonallports.

Mode
Switchmode,readwrite.

Example
Thisexampleshowshowtoclearthelinkflapviolationactiononportge.1.4togeneratinga
Syslogentry.
B5(rw)->clear linkflap action ge.1.4 gensyslogentry

set linkflap threshold

Usethiscommandtosetthelinkflapactiontriggercount.

Syntax
set linkflap threshold port-string threshold-value

7-30

Port Configuration

set linkflap downtime

Parameters
portstring

Specifiestheport(s)onwhichtosetthelinkflapactiontriggercount.

thresholdvalue

Specifiesthenumberoflinkdowntransitionsnecessarytotriggerthe
linkflapaction.Aminimumof1mustbeconfigured.

Defaults
None.

Mode
Switchmode,readwrite.

Example
Thisexampleshowshowtosetthelinkflapthresholdonportge.1.4to5.
B5(rw)->set linkflap threshold ge.1.4 5

set linkflap downtime

Usethiscommandtosetthetimeinterval(inseconds)oneormoreportswillbehelddownaftera
linkflapviolation.

Syntax
set linkflap downtime port-string downtime-value

Parameters
portstring

Specifiestheport(s)onwhichtosetthelinkflapdowntime.

downtimevalue

Specifiesadowntimeinseconds.Avalueof0willsetthedowntimeto
forever.

Defaults
None.

Mode
Switchmode,readwrite.

Example
Thisexampleshowshowtosetthelinkflapdowntimeonportge.1.4to5000seconds.
B5(rw)->set linkflap downtime ge.1.4 5000

clear linkflap down

Usethiscommandtotogglelinkflapdisabledportstooperational.

Syntax
clear linkflap down [port-string]

Enterasys B5 CLI Reference

7-31

clear linkflap

Parameters
portstring

(Optional)Specifiestheportstomakeoperational.

Defaults
Ifportstringisnotspecified,allportsdisabledbyalinkflapviolationwillbemadeoperational.

Mode
Switchmode,readwrite.

Example
Thisexampleshowshowtomakedisabledportge.1.4operational.
B5(rw)->clear linkflap down ge.1.4

clear linkflap
Usethiscommandtoclearalllinkflapoptionsand/orstatisticsononeormoreports.

Syntax
clear linkflap {all | stats [port-string] | parameter port-string {threshold |
interval | downtime | all}

Parameters
all|stats

Clearsalloptionsandstatistics,orclearsonlystatistics.

parameter

Clearslinkflapparameters.

threshold|interval| Clearslinkflapthreshold,interval,downtimeorallparameters.
downtime|all
portstring

(Optionalunlessparameterisspecified)Specifiestheport(s)onwhich
toclearsettings.

Defaults
Ifportstringisnotspecified,settingsand/orstatisticswillbeclearedonallports.

Mode
Switchmode,readwrite.

Example
Thisexampleshowshowtoclearalllinkflapoptionsonportge.1.4.
B5(rw)->clear linkflap all ge.1.4

7-32

Port Configuration

show newaddrtrap

show newaddrtrap
UsethiscommandtodisplaytheglobalandportspecificstatusofthenewMACaddressestrap
function.

Syntax
show newaddrtrap [port-string]

Parameters
portstring

(Optional)DisplaysthestatusofthenewMACaddressestrapfunction
onspecificports.

Defaults
Ifportstringisnotspecified,thestatusofthenewMACaddressestrapfunctionwillbedisplayed
forallports.

Mode
Switchcommand,readonly.

Usage
Bydefault,thisfunctionisdisabledgloballyandperport.

Example
ThisexampledisplaystheNewAddressTrapstateforports1through5inunit/slot1.
B5(ro)->show newaddrtrap ge.1.1-5
New Address Traps Globally disabled
Port
--------ge.1.1
ge.1.2
ge.1.3
ge.1.4
ge.1.5

Enable State
-----------disabled
disabled
disabled
disabled
disabled

set newaddrtrap
Usethiscommandtoenableordisabletrapmessaging,globallyorononeormoreports,when
newsourceMACaddressesaredetected.

Syntax
set newaddrtrap [port-string] {enable | disable}

Enterasys B5 CLI Reference

7-33

set newaddrtrap

Parameters
portstring

(Optional)EnableordisablethenewMACaddressestrapfunctionon
specificports.

enable|disable

EnableordisablethenewMACaddressestrapfunction.Ifentered
withouttheportstringparameter,enablesordisablesthefunction
globally.Whenenteredwiththeportstringparameter,enablesor
disablesthefunctiononspecificports.

Defaults
Ifportstringisnotspecified,thetrapfunctionissetglobally.

Mode
Switchmode,readwrite.

Usage
ThiscommandenablesanddisablessendingSNMPtrapmessageswhenanewsourceMAC
addressisdetectedbyaport.IftheportisaCDPport,however,trapsfornewsourceMAC
addresseswillnotbesent.
Thedefaultmodeisdisabledgloballyandperport.

Example
Thisexampleenablesthetrapfunctiongloballyandthenonports1through5inunit/slot1.
B5(rw)->set newaddrtrap enable
B5(rw)->set newaddrtrap ge.1.1-5 enable

7-34

Port Configuration

Configuring Broadcast Suppression

Purpose
Toreviewandsetthebroadcastsuppressionthresholdforoneormoreports.Thisfeaturelimits
thenumberofreceivedbroadcastframestheswitchwillacceptperport.Broadcastsuppression
thresholdsapplyonlytobroadcasttrafficmulticasttrafficisnotaffected.Bydefault,abroadcast
suppressionthresholdof14881packetspersecond(pps)willbeused,regardlessofactualport
speed.BroadcastsuppressionprotectsagainstbroadcaststormsandARPsweeps.

Commands
For information about...

Refer to page...

show port broadcast

7-35

set port broadcast

7-36

clear port broadcast

7-36

show port broadcast

Usethiscommandtodisplayportbroadcastsuppressionthresholds.

Syntax
show port broadcast [port-string]

Parameters
portstring

(Optional)Selecttheportsforwhichtoshowbroadcastsuppression
thresholds.Foradetaileddescriptionofpossibleportstringvalues,refer
toPortStringSyntaxUsedintheCLIonpage71.

Defaults
Ifportstringisnotspecified,broadcaststatusofallportswillbedisplayed.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaythebroadcastsuppressionthresholdsforports1through4:
B5(su)->show port broadcast ge.1.1-4
Port
Total BC
Threshold
Packets
(pkts/s)
---------------------------------------ge.1.1
0
50
ge.1.2
0
50
ge.1.3
0
40
ge.1.4
0
14881

Enterasys B5 CLI Reference

7-35

set port broadcast

Usethiscommandtosetthebroadcastsuppressionthreshold,inpacketspersecond,ononeor
moreports.Thissetsathresholdonthebroadcasttrafficthatisreceivedandswitchedouttoother
ports.

Syntax
set port broadcast port-string threshold-val

Parameters
portstring

Selecttheportsforwhichtoconfigurebroadcastsuppressionthresholds.
Foradetaileddescriptionofpossibleportstringvalues,refertoPort
StringSyntaxUsedintheCLIonpage71.

thresholdval

Setsthepacketspersecondthresholdonbroadcasttraffic.Maximum
valueis
148810forFastEthernetports
1488100for1Gigabitports.
14881000for10Gigabitports

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
PerportbroadcastsuppressionishardsettobegloballyenabledontheB5.Ifyouwouldliketo
disablebroadcastsuppression,youcangetthesameresultbysettingthethresholdlimitforeach
porttothemaximumnumberofpacketswhichcanbereceivedpersecondaslistedinthe
parameterssection,above.Thedefaultbroadcastsuppressionthresholdforallportsissetto
14881.

Example
Thisexampleconfiguresports1through5withabroadcastlimitof50pps:
B5(su)->set port broadcast ge.1.1-5 50

clear port broadcast

Usethiscommandtoclearthebroadcastthresholdlimittothedefaultvalueof14881forthe
selectedport.

Syntax
clear port broadcast port-string threshold

Parameters
portstring

7-36

Port Configuration

Selecttheportsforwhichtoclearbroadcastsuppressionthresholds.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage71.

clear port broadcast

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleclearsthebroadcastthresholdlimitto14881ppsforports1through5:
B5(su)->clear port broadcast ge.1.1-5 threshold

Enterasys B5 CLI Reference

7-37

Port Mirroring

Port Mirroring
Caution: Port mirroring configuration should be performed only by personnel who are
knowledgeable about the effects of port mirroring and its impact on network operation.

TheEnterasysB5deviceallowsyoutomirror(orredirect)thetrafficbeingswitchedonaportfor
thepurposesofnetworktrafficanalysisandconnectionassurance.Whenportmirroringis
enabled,oneportbecomesamonitorportforanotherportwithinthedevice(thestack,if
applicable).
Note: An Enterasys Networks Feature Guide document containing an in-depth discussion of port
mirroring configuration is located on the Enterasys Networks web site:
https://extranet.enterasys.com/downloads//

Mirroring Features
TheEnterasysB5devicesupportsthefollowingmirroringfeatures:

Mirroringcanbeconfiguredinamanytooneconfigurationsothatonetarget(destination)
portcanmonitortrafficonupto8sourceports.Onlyonemirrordestinationportcanbe
configuredperstack,ifapplicable.

Bothtransmitandreceivetrafficwillbemirrored.

Adestinationportwillonlyactasamirroringportwhenthesessionisoperationallyactive.

Whenaportmirroriscreated,themirrordestinationportisremovedfromtheegresslistof
VLAN1afterareboot.

MACaddresseswillbelearnedforpacketstaggedwiththemirrorVLANID.Thiswill
preventtheabilitytosnooptrafficacrossmultiplehops.
Caution: Traffic mirrored to a VLAN may contain control traffic. This may be interpreted by the
downstream neighbor as legal control frames. It is recommended that you disable any protocols
(such as Spanning Tree) on inter-switch connections that might be affected .

Remote Port Mirroring

Remoteportmirroringisanextensiontoportmirroringwhichfacilitatessimultaneousmirroring
ofmultiplesourceportsonmultipleswitchesacrossanetworktooneormoreremotedestination
ports.
Remoteportmirroringinvolvesconfigurationofthefollowingportmirroringrelatedparameters:
1.

Configurationofnormalportmirroringsourceportsandonedestinationportonallswitches,
asdescribedabove.

ConfigurationofamirrorVLAN,whichisauniqueVLANonwhichmirroredpackets
traverseacrossthenetwork.ThemirrorVLANhastobeconfiguredonALLswitchesacross
thenetworkalongwhichmirroredtraffictraverses,fromtheswitchwherethesourceports
residetotheswitchwherethemirroredpacketsaresniffedand/orcaptured.

Youmustensurethatswitchesinvolvedareproperlyconfiguredtofacilitatecorrectremoteport
mirroringoperation.Thefollowingpointsinparticularneedtobeobserved:

7-38

Port Configuration

Onthesourceswitch,thecorrectdestinationportmustbechosentoensurethatthereisan
egresspathfromthatporttothedesiredremotedestination(s).

Port Mirroring

Allportsonthepathfromthesourceporttotheremotedestinationmustbemembersofthe
mirrorVLAN.

Onswitchesonthepathfromthesourceporttotheremotedestination,egresstagginghasto
beenabledonpotentialegressportsforthemirrorVLAN.

Withtheintroductionofremoteportmirroring:

ConfiguredmirrordestinationportswillNOTlosetheirswitchingorroutingpropertiesas
theydoonA2,B2,orC2products.

OnswitcheswherethemirrorVLANhasbeenconfigured,anytrafficonthatVLANwillbe
floodedontheVLAN.Itwillneverbeunicast,evenifthesourceaddressofthetrafficasbeen
learnedontheswitch.

Configuring SMON MIB Port Mirroring

Overview
SMONportmirroringsupportallowsyoutoredirecttrafficonportsremotelyusingSMONMIBs.
Thisisusefulfortroubleshootingorproblemsolvingwhennetworkmanagementthroughthe
consoleport,telnet,orSSHisnotfeasible.

Procedures
PerformthefollowingstepstoconfigureandmonitorportmirroringusingSMONMIBobjects.
Tocreateandenableaportmirroringinstance:
1.

OpenaMIBbrowser,suchasNetsightMIBTools

IntheMIBdirectorytree,navigatetotheportCopyEntryfolderandexpandit.

SelecttheportCopyStatusMIB.

EnteradesiredsourceandtargetportintheInstancefieldusingtheformatsource.target.
Forexample,3.2wouldcreatearelationshipwheresourceportge.1.3wouldbemirroredto
targetportge.1.2.
Note: In order to configure a port mirroring relationship, both source and destination interfaces must
be enabled and operational (up).

EnterMIBoption4(createAndGo)andperformanSNMPSetoperation.

(Optional)UsetheCLItoverifytheportmirroringinstancehasbeencreatedandenabledas
showninthefollowingexample:
B5(su)->show port mirroring
Port Mirroring
==============
Source Port
= ge.1.3
Target Port
= ge.1.2
Frames Mirrored = Rx and Tx
Port Mirroring status enabled

Tocreateaportmirroringinstancewithoutautomaticallyenablingit:
1.

Completesteps14above.

EnterMIBoption5(createAndWait)andperformanSNMPSetoperation.

Enterasys B5 CLI Reference

7-39

show port mirroring

(Optional)UsetheCLItoverifytheportmirroringinstancehasbeencreatedsettodisabled
modeasshowninthefollowingexample:
B5(su)->show port mirroring
Port Mirroring
==============
Source Port
= ge.1.3
Target Port
= ge.1.2
Frames Mirrored = Rx and Tx
Port Mirroring status disabled

Whenyouarereadytoenablethisinstance,enterMIBoption1(active)andperformanSNMP
Setoperation.

(Optional)UsetheCLItoverifytheportmirroringinstancehasbeenenabled.

Todeleteaportmirroringinstance:
1.

SelectapreviouslycreatedportmirroringinstanceinyourMIBbrowser.

EnterMIBoption6(destroy)andperformanSNMPSetoperation.

(Optional)UsetheCLItoverifytheportmirroringinstancehasbeendeletedasshowninthe
followingexample:
B5(su)->show port mirroring
No Port Mirrors configured.

Purpose
Toreviewandconfigureportmirroringonthedevice.

Commands
For information about...

Refer to page...

show port mirroring

7-40

set port mirroring

7-41

clear port mirroring

7-42

set mirror vlan

7-42

clear mirror vlan

7-43

show port mirroring

Usethiscommandtodisplaythesourceandtargetportsformirroring,andwhethermirroringis
currentlyenabledordisabledforthoseports.

Syntax
show port mirroring

Parameters
None.

7-40

Port Configuration

set port mirroring

Defaults
None.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplayportmirroringinformation.Inthiscase,ge.1.4isconfigured
asasourceportandge.1.11isatargetandmirroringhasbeenenabledbetweentheseports:
B5(su)->show port mirroring
Port Mirroring
==============
Source Port = ge.1.4
Target Port = ge.1.11
Frames Mirrored = Rx and Tx
Port Mirroring status enabled.

set port mirroring

Usethiscommandtocreateanewmirroringrelationshiportoenableordisableanexisting
mirroringrelationshipbetweentwoports.
Notes: When a port mirror is created, the mirror destination port is removed from VLAN 1s egress
list after a reboot.
"MAC addresses will be learned for packets tagged with the mirror VLAN ID. This will prevent the
ability to snoop traffic across multiple hops.

Syntax
set port mirroring {create | disable | enable} source destination}

Parameters
create|disable|
enable

Creates,disablesorenablesmirroringsettingsonthespecifiedports.By
default,portmirrorsareenabledautomaticallywhencreated.

source

Specifiesthesourceportdesignation.Thisistheportonwhichthetraffic
willbemonitored.Upto8sourceportscanbespecified.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage71.

destination

Specifiesthetargetportdesignation.Thisistheportthatwillduplicateor
mirrorallthetrafficonthemonitoredport.Onlyonedestinationport
canbeconfiguredperstack,ifapplicable.
Foradetaileddescriptionofpossibleportstringvalues,refertoPort
StringSyntaxUsedintheCLIonpage71.

Defaults
Portmirrorsareautomaticallyenabledwhencreatedonthisplatform.

Mode
Switchcommand,readwrite.

Enterasys B5 CLI Reference

7-41

clear port mirroring

Usage
NotethatLAGportsandtheirunderlyingphysicalports,asdescribedinLinkAggregation
ControlProtocol(LACP)onpage744,cannotbemirrored.

Example
Thisexampleshowshowtocreateandenableportmirroringwithge.1.4asthesourceport,and
ge.1.11asthetargetport:
B5(su)->set port mirroring create ge.1.4 ge.1.11

clear port mirroring

Usethiscommandtoclearaportmirroringrelationship.

Syntax
clear port mirroring source destination

Parameters
source

Specifiesthesourceports(upto8ports)ofthemirroringconfigurationto
becleared.Foradetaileddescriptionofpossibleportstringvalues,referto
PortStringSyntaxUsedintheCLIonpage71.

destination

Specifiesthetargetportofthemirroringconfigurationtobecleared.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoclearaportmirroringrelationshipbetweensourceportge.1.4and
targetportge.1.11:
B5(su)->clear port mirroring ge.1.4 ge.1.11

set mirror vlan

AssignsaVLANtobereservedformirroringtr.IfamirroredVLANiscreated,allmirroredtraffic
willegressVLANtagged.AlltrafficonthemirrorVLANwillbeflooded.

Syntax
set mirror vlan vlan-id

Parameters
vlanid

7-42

Port Configuration

SpecifiestheVLANtobeusedforremoteportmirroring.TheIDcan
rangefrom2to4093.

clear mirror vlan

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
RefertoRemotePortMirroringonpage738forinformationaboutconfiguringmirrorVLANs.
UsetheshowportmirroringcommandtodisplaytheVLANsconfiguredforremoteport
mirroring.

Example
ThefollowingexampleassignsaVLANformirroringtrafficandthenshowstheconfiguredport
mirroringwiththeshowportmirrorcommand.
B5(su)->set mirror vlan 2
B5(su)->show port mirroring
Port Mirroring
==============
Source Port
= ge.1.1
Target Port
= ge.1.10
Frames Mirrored = Rx and Tx
Port Mirroring status enabled
Mirror Vlan

= 2

clear mirror vlan

UsethiscommandtocleartheVLANtobereservedformirroringtraffic.

Syntax
clear mirror vlan vlan-id

Parameters
vlanid

SpecifiestheVLANtobecleared.TheIDcanrangefrom2to4093.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThefollowingexampleclearsVLAN2frombeingusedforremoteportmirroring.
B5(su)->clear mirror vlan 2

Enterasys B5 CLI Reference

7-43

Link Aggregation Control Protocol (LACP)

Caution: Link aggregation configuration should only be performed by personnel who are
knowledgeable about Spanning Tree and Link Aggregation, and fully understand the ramifications
of modifications beyond device defaults. Otherwise, the proper operation of the network could be
at risk.

Usingmultiplelinkssimultaneouslytoincreasebandwidthisadesirableswitchfeature,which
canbeaccomplishedifbothsidesagreeonasetofportsthatarebeingusedasaLinkAggregation
Group(LAG).OnceaLAGisformedfromselectedports,problemswithloopingcanbeavoided
sincetheSpanningTreecantreatthisLAGasasingleport.
TheLinkAggregationControlProtocol(LACP)logicallygroupsinterfacestogethertocreatea
greaterbandwidthuplink,orlinkaggregation,accordingtotheIEEE802.3adstandard.This
standardallowstheswitchtodeterminewhichportsareinLAGsandconfigurethem
dynamically.SincetheprotocolisbasedontheIEEE802.3adspecification,anyswitchfromany
vendorthatsupportsthisstandardcanaggregatelinksautomatically.
802.3adLACPaggregationscanalsoberuntoendusers(thatis,aserver)ortoarouter.
FormoreinformationaboutconfiguringLACP,seetheConfiguringLinkAggregationFeature
GuideontheEnterasyswebsite:https://extranet.enterasys.com/downloads/
Note: Earlier (proprietary) implementations of port aggregation referred to groups of aggregated
ports as trunks.

LACP Operation
Foreachaggregatableportinthedevice,LACP:

Maintainsconfigurationinformation(reflectingtheinherentpropertiesoftheindividuallinks
aswellasthoseestablishedbymanagement)tocontrolaggregation.

ExchangesconfigurationinformationwithotherdevicestoallocatethelinktoaLink
AggregationGroup(LAG).
Note: A given link is allocated to, at most, one Link Aggregation Group (LAG) at a time. The
allocation mechanism attempts to maximize aggregation, subject to management controls.

AttachestheporttotheaggregatorusedbytheLAG,anddetachestheportfromthe
aggregatorwhenitisnolongerusedbytheLAG.

Usesinformationfromthepartnerdeviceslinkaggregationcontrolentitytodecidewhether
toaggregateports.

TheoperationofLACPinvolvesthefollowingactivities:

Checkingthatcandidatelinkscanactuallybeaggregated.

ControllingtheadditionofalinktoaLAG,andthecreationofthegroupifnecessary.

Monitoringthestatusofaggregatedlinkstoensurethattheaggregationisstillvalid.

RemovingalinkfromaLAGifitsmembershipisnolongervalid,andremovingthegroupifit
nolongerhasanymemberlinks.

InordertoallowLACPtodeterminewhetherasetoflinksconnecttothesamedevice,andto
determinewhetherthoselinksarecompatiblefromthepointofviewofaggregation,itis
necessarytobeabletoestablish:

7-44

Port Configuration

Link Aggregation Control Protocol (LACP)

Agloballyuniqueidentifierforeachdevicethatparticipatesinlinkaggregation.

Ameansofidentifyingthesetofcapabilitiesassociatedwitheachportandwitheach
aggregator,asunderstoodbyagivendevice.

AmeansofidentifyingaLAGanditsassociatedaggregator.

Note: The path cost of a LAG port will be displayed as zero when it is not an active link.

LACP Terminology
Table 76defineskeyterminologyusedinLACPconfiguration.
Table 7-6

LACP Terms and Definitions

Term

Definition

Aggregator

Virtual port that controls link aggregation for underlying physical ports. Each
Enterasys B5 module provides 6 aggregator ports, which are designated in
the CLI as lag.0.1 through lag.0.6.

LAG

Link Aggregation Group. Once underlying physical ports (for example, ge.x.x)
are associated with an aggregator port, the resulting aggregation will be
represented as one LAG with a lag.x.x port designation.
Enterasys B5 LAGs can have up to 8 associated physical ports.

LACPDU

Link Aggregation Control Protocol Data Unit. The protocol exchanges

aggregation state/mode information by way of a ports actor and partner
operational states. LACPDUs sent by the first party (the actor) convey to the
second party (the actors protocol partner) what the actor knows, both about
its own state and that of its partner.

Actor and Partner

An actor is the local device sending LACPDUs. Its protocol partner is the
device on the other end of the link aggregation. Each maintains current status
of the other via LACPDUs containing information about their ports LACP
status and operational state.

Admin Key

Value assigned to aggregator ports and physical ports that are candidates for
joining a LAG. The LACP implementation on Enterasys B5 devices will use
this value to form an oper key and will determine which underlying physical
ports are capable of aggregating by comparing oper keys. Aggregator ports
allow only underlying ports with oper keys matching theirs to join their LAG.
On Enterasys B5 devices, the default admin key value is 32768.

System Priority

Value used to build a LAG ID, which determines aggregation precedence. If

there are two partner devices competing for the same aggregator, LACP
compares the LAG IDs for each grouping of ports. The LAG with the lower
LAG ID is given precedence and will be allowed to use the aggregator.
Note: Only one LACP system priority can be set on a Enterasys B5 device,
using either the set lacp asyspri command (page 7-49), or the set port lacp
command (page 7-54).

Enterasys B5 Usage Considerations

Bydefault,theglobalLACPstateisgloballyenabled,disabledperport.
AfterenablingLACPonthedesiredports.thedefaultvalueswillresultinthemaximumnumber
ofaggregationspossible.Iftheswitchisplacedinaconfigurationwithitspeersnotrunningthe

Enterasys B5 CLI Reference

7-45

Link Aggregation Control Protocol (LACP)

protocol,nodynamiclinkaggregationswillbeformedandtheswitchwillfunctionnormally(that
is,willblockredundantpaths).Forinformationaboutbuildingstaticaggregations,refertoset
lacpstatic(page 750).
EachEnterasysB5moduleprovidessixvirtuallinkaggregatorports,whicharedesignatedinthe
CLIaslag.0.1throughlag.0.6.EachLAGcanhaveuptoeightassociatedphysicalports.Once
underlyingphysicalports(forexample,fe.x.x,orge.x.x)areassociatedwithanaggregatorport,
theresultingaggregationwillberepresentedasoneLAGwithalag.0.xportdesignation.LACP
determineswhichunderlyingphysicalportsarecapableofaggregatingbycomparingoperational
keys.AggregatorportsallowonlyunderlyingportswithkeysmatchingtheirstojointheirLAG.
LACPusesasystempriorityvaluetobuildaLAGID,whichdeterminesaggregationprecedence.
Iftherearetwopartnerdevicescompetingforthesameaggregator,LACPcomparestheLAGIDs
foreachgroupingofports.TheLAGwiththelowerLAGIDisgivenprecedenceandwillbe
allowedtousetheaggregator.
Thereareafewcasesinwhichportswillnotaggregate:

Anunderlyingphysicalportisattachedtoanotherportonthissameswitch(loopback).

ThereisnoavailableaggregatorfortwoormoreportswiththesameLAGID.Thiscan
happeniftherearesimplynoavailableaggregators,orifnoneoftheaggregatorshavea
matchingadminkeyandsystempriority.

802.1xauthenticationisenabledusingtheseteapolcommand(page 1618)andportsthat
wouldotherwiseaggregatearenot802.1Xauthorized.

TheLACPimplementationontheEnterasysB5devicewillallowuptoeightphysicalportsintoa
LAG.ThedevicewiththelowestLAGIDdetermineswhichunderlyingphysicalportsareallowed
intoaLAGbasedontheportsLAGportpriority.PortswiththelowestLAGportpriorityvalues
areallowedintotheLAGandallotherspeedgroupingsgointoastandbystate.
MultiportLAGswillcontinuetooperateaslongasthereisatleastoneactiveportintheLAG.
Therefore,thereisnoneedtocreatebackupsingleportLAGsortospecificallyassigntheLAGand
allitsphysicalportstotheegresslistoftheLAGsVLAN.
Typically,twoormoreportsarerequiredtoformaLAG.However,youcanenablethecreationof
singleportLAGsasdescribedinsetlacpsingleportlagonpage752.IfasingleportLAGgoes
downandtheswitchstaysup,theswitchwillreconfiguretheLAGtothesameLAGnumberifthe
portcomesbackup.
Note: To aggregate, underlying physical ports must be running in full duplex mode and must be of
the same operating speed.

Commands
For information about...

7-46

Refer to page...

show lacp

7-47

set lacp

7-48

set lacp asyspri

7-49

set lacp aadminkey

7-49

clear lacp

7-50

set lacp static

7-50

clear lacp static

7-51

Port Configuration

show lacp

For information about...

Refer to page...

set lacp singleportlag

7-52

clear lacp singleportlag

7-51

show port lacp

7-53

set port lacp

7-54

clear port lacp

7-56

show lacp
Usethiscommandtodisplayinformationaboutoneormoreaggregatorports.

Syntax
show lacp [port-string]

Parameters
portstring

(Optional)DisplaysLACPinformationforspecificLAGport(s).Valid
portdesignationsarelag.0.16.

Defaults
Ifportstringisnotspecified,linkaggregationinformationforallLAGswillbedisplayed.

Mode
Switchcommand,readonly.

Usage
EachEnterasysB5moduleprovides6virtuallinkaggregatorports,whicharedesignatedinthe
CLIaslag.0.1throughlag.0.6.Onceunderlyingphysicalports(thatis,ge.x.x)areassociatedwith
anaggregatorport,theresultingaggregationwillberepresentedasoneLinkAggregationGroup
(LAG)withalag.x.xportdesignation.

Example
Thisexampleshowshowtodisplaylacpinformationforlag.0.1.Thefollowingtabledescribesthe
outputfields.
B5(su)->show lacp lag.0.1
Global Link Aggregation state: enabled
Single Port LAGs:
disabled
Aggregator: lag.0.1
System Identifier:
System Priority:
Admin Key:
Oper Key:
Attached Ports:

Actor
00:01:F4:5F:1E:20
32768
32768
32768
ge.1.1
ge.1.3

Partner
00:11:88:11:74:F9
32768
0

Table 77providesanexplanationofthecommandoutput.

Enterasys B5 CLI Reference

7-47

set lacp

Table 7-7

show lacp Output Details

Output Field

What It Displays...

Global Link
Aggregation state

Shows if LACP is enabled or disabled on the switch.

Single Port LAGs

Displays if the single port LAG feature has been enabled on the switch. See set lacp
singleportlag on page 7-52 for more about single port LAG.

Aggregator

LAG port designation. Each Enterasys B5 module provides 6 virtual link aggregator
ports, which are designated in the CLI as lag.0.1 through lag.0.6. Once underlying
physical ports (for example, fe.x.x) are associated with an aggregator port, the
resulting Link Aggregation Group (LAG) is represented with a lag.x.x port
designation.

Actor

Local device participating in LACP negotiation.

Partner

Remote device participating in LACP negotiation.

System Identifier

MAC addresses for actor and partner.

System Priority

System priority value which determines aggregation precedence. Only one LACP
system priority can be set on a Enterasys B5 device, using either the set lacp
asyspri command (page 7-49), or the set port lacp command (page 7-54).

Admin Key

Ports assigned key. Enterasys B5 devices provide a default admin key value of
32768 for all LAG ports (lag.0.1 though lag.0.6).

Oper Key

Ports operational key, derived from the admin key. Only underlying physical ports
with oper keys matching the aggregators will be allowed to aggregate.

Attached Ports

Underlying physical ports associated with this aggregator.

set lacp
UsethiscommandtodisableorenabletheLinkAggregationControlProtocol(LACP)onthe
device.

Syntax
set lacp {disable | enable}

Parameters
disable|enable

DisablesorenablesLACP.

Defaults
Bydefault,theglobalLACPstateisenabled,disabledperport.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtodisableLACP:
B5(su)->set lacp disable

7-48

Port Configuration

set lacp asyspri

UsethiscommandtosettheLACPsystempriority.

Syntax
set lacp asyspri value

Parameters
asyspri

SetsthesystemprioritytobeusedincreatingaLAG(LinkAggregation
Group)ID.Validvaluesare0to65535.

value

Specifiesasystempriorityvalue.Validvaluesare0to65535,with
precedencegiventolowervalues.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
LACPusesthisvaluetodetermineaggregationprecedence.Iftherearetwopartnerdevices
competingforthesameaggregator,LACPcomparestheLAGIDsforeachgroupingofports.The
LAGwiththelowerLAGIDisgivenprecedenceandwillbeallowedtousetheaggregator.

Example
ThisexampleshowshowtosettheLACPsystempriorityto1000:
B5(su)->set lacp asyspri 1000

set lacp aadminkey

Usethiscommandtosettheadministrativelyassignedkeyforoneormoreaggregatorports.

Syntax
set lacp aadminkey port-string value

Parameters
portstring

SpecifiestheLAGport(s)onwhichtoassignanadminkey.

value

Specifiesanadminkeyvaluetoset.Validvaluesare0to65535.The
defaultadminkeyvalueis32768.

Defaults
None.

Mode
Switchcommand,readwrite.

Enterasys B5 CLI Reference

7-49

clear lacp

Usage
LACPwillusethisvaluetoformanoperkey.Onlyunderlyingphysicalportswithoperkeys
matchingthoseoftheiraggregatorswillbeallowedtoaggregate.Thedefaultadminkeyvaluefor
allLAGportsis32768.

Example
ThisexampleshowshowtosettheLACPadminkeyto2000forLAGport6:
B5(su)->set lacp aadminkey lag.0.6 2000

clear lacp
UsethiscommandtoclearLACPsystempriorityoradminkeysettings.

Syntax
clear lacp {[asyspri] [aadminkey port-string]}

Parameters
asyspri

Clearssystempriority.

aadminkeyportstring

Resetsadminkeysforoneormoreportstothedefaultvalueof32768.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtocleartheactoradminkeyforLAGport6:
B5(su)->clear lacp aadminkey lag.0.6

set lacp static

Usethiscommandtodisableorenablestaticlinkaggregation,ortoassignoneormoreunderlying
physicalportstoaLinkAggregationGroup(LAG).

Syntax
set lacp static {disable | enable} | lagportstring [key] port-string

Parameters

7-50

disable|enable

Disablesorenablesstaticlinkaggregation.

lagportstring

SpecifiestheLAGaggregatorporttowhichnewportswillbeassigned.

Port Configuration

clear lacp static

key

(Optional)SpecifiesthenewmemberportandLAGportaggregator
adminkeyvalue.Onlyportswithmatchingkeysareallowedto
aggregate.Validvaluesare065535.
Note: This key value must be unique. If ports other than the desired underlying
physical ports share the same admin key value, aggregation will fail or undesired
aggregations will form.

portstring

Specifiesthememberport(s)toaddtotheLAG.Foradetaileddescription
ofpossibleportstringvalues,refertoPortStringSyntaxUsedintheCLI
onpage71.

Defaults
Ifnotspecified,akeywillbeassignedaccordingtothespecifiedaggregator.Forexampleakeyof4
wouldbeassignedtolag.0.4.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoaddportge.1.6totheLAGofaggregatorport6:
B5(su)->set lacp static lag.0.6 ge.1.6

clear lacp static

UsethiscommandtoremovespecificportsfromaLinkAggregationGroup.

Syntax
clear lacp static lagportstring port-string

Parameters
lagportstring

SpecifiestheLAGaggregatorportfromwhichportswillberemoved.

portstring

Specifiestheport(s)toremovefromtheLAG.Foradetaileddescriptionof
possibleportstringvalues,refertoPortStringSyntaxUsedintheCLI
onpage71.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoremovege.1.6fromtheLAGofaggregatorport6:
B5(su)->clear lacp static lag.0.6 ge.1.6

Enterasys B5 CLI Reference

7-51

set lacp singleportlag

UsethiscommandtoenableordisabletheformationofsingleportLAGs.

Syntax
set lacp singleportlag {enable | disable}

Parameters
disable|enable

EnablesordisablestheformationofsingleportLAGs.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
WhensingleportLAGsareenabled,LinkAggregrationGroupscanbeformedwhenonlyone
portisreceivingprotocoltransmissionsfromapartner.Whenthissettingisdisabled,twoormore
portsarerequiredtoformaLAG.
ThissettinghasnoeffectonexistingLAGscreatedwithmultiplememberports.Italsodoesnot
preventpreviouslyformedLAGsfromcomingupaftertheyhavegonedown,aslongasany
previousLAGmemberportscomeupconnectedtothesameswitchasbeforetheLAGwent
down.

Example
ThisexampleenablestheformationofsingleportLAGs:
B5(su)->set lacp singleportlag enable

clear lacp singleportlag

UsethiscommandtoresetthesingleportLAGfunctionbacktothedefaultstateofdisabled.

Syntax
clear lacp singleportlag

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

7-52

Port Configuration

show port lacp

Example
ThisexampleshowshowtoresetthesingleportLAGfunctionbacktodisabled:
B5(su)->clear lacp singleportlag

show port lacp

Usethiscommandtodisplaylinkaggregationinformationforoneormoreunderlyingphysical
ports.

Syntax
show port lacp port port-string {[status {detail | summary}] | [counters]}

Parameters
portportstring

DisplaysLACPinformationforspecificport(s).Foradetaileddescription
ofpossibleportstringvalues,refertoPortStringSyntaxUsedintheCLI
onpage71.

statusdetail|
summary

DisplaysLACPstatusindetailedorsummaryinformation.

counters

DisplaysLACPcounterinformation.

Defaults
None.

Mode
Switchcommand,readonly.

Usage
Statedefinitions,suchasActorAdminStateandPartnerAdminState,areindicatedwithletter
abbreviations.Iftheshowportlacpcommanddisplaysoneormoreofthefollowingletters,it
meansthestateistruefortheassociatedactororpartnerports:

E=Expired

F=Defaulted

D=Distributing(txenabled)

C=Collecting(rxenabled)

S=Synchronized(actorandpartneragree)

G=Aggregationallowed

S/l=Short/LongLACPtimeout

A/p=Active/PassiveLACP

Formoreinformationaboutthesestates,refertosetportlacp(page 754)andtheIEEE802.32002
specification.

Examples
ThisexampleshowshowtodisplaydetailedLACPstatusinformationforportge.1.1
B5(su)-> show port lacp port ge.1.1 status detail
Enterasys B5 CLI Reference

7-53

set port lacp

Port enable state:

PartnerAdminPort:
PartnerOperPort:
PartnerAdminSystemPriority:
PartnerOperSystemPriority:
PartnerAdminPortPriority:
PartnerOperPortPriority:
PartnerAdminKey:
PartnerOperKey:
PartnerAdminState:
PartnerOperState:
PartnerAdminSystemID:
PartnerOperSystemID:

Disabled
1
1
32768
32768
32768
32768
1
1
-----GSA
------SA
00:00:00:00:00:00
00:00:00:00:00:00

ThisexampleshowshowtodisplaysummarizedLACPstatusinformationforportge.1.12:
B5(su)->show port lacp port ge.1.12 status summary
Port
Aggr
Actor System
Partner System
Pri:
System ID: Key:
Pri: System ID:
Key:
ge.1.12
none [(32768,00e0639db587,32768),(32768,000000000000, 1411)]

ThisexampleshowshowtodisplayLACPcountersforportge.1.12:
B5(su)->show port lacp port ge.1.12 counters
Port Instance:
ge.1.12
LACPDUsRx:
11067
LACPDUsTx:
0
IllegalRx:
0
UnknownRx:
0
MarkerPDUsRx:
0
MarkerPDUsTx:
0
MarkerResponsePDUsRx:
0
MarkerResponsePDUsTx:
374

set port lacp

Usethiscommandtosetlinkaggregationparametersforoneormoreports.Thesesettingswill
determinethespecifiedunderlyingphysicalportsabilitytojoinaLAG,andtheiradministrative
stateonceaggregated.

Syntax
set port lacp port port-string {[aadminkey aadminkey] [aadminstate {lacpactive |
lacptimeout | lacpagg | lacpsync | lacpcollect | lacpdist | lacpdef | lacpexpire}]
[aportpri aportpri] [asyspri asyspri] [enable | [disable] [padminkey padminkey]
[padminport padminport] [padminportpri padminportpri] [padminstate {lacpactive |
lacptimeout | lacpagg | lacpsync | lacpcollect | lacpdist | lacpdef | lacpexpire}]
[padminsysid padminsysid] [padminsyspri padminsyspri]

7-54

Port Configuration

set port lacp

Parameters
portportstring

Specifiesthephysicalport(s)onwhichtoconfigureLACP.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage71.

aadminkey
aadminkey

Setstheportsactoradminkey.LACPwillusethisvaluetoformanoper
keyandwilldeterminewhichunderlyingphysicalportsarecapableof
aggregatingbycomparingoperkeys.Aggregatorportsallowonly
underlyingportswithoperkeysmatchingtheirstojointheirLAG.Valid
valuesare165535.Thedefaultkeyvalueis32768.

SetstheportsactorLACPadministrativestatetoallowfor:
lacpactiveTransmittingLACPPDUs.
lacptimeoutTransmittingLACPPDUsevery1sec.vs30sec.(default).
lacpaggAggregationonthisport.
lacpsyncTransitiontosynchronizationstate.
lacpcollectTransitiontocollectionstate.
lacpdistTransitiontodistributionstate.
lacpdefTransitiontodefaultedstate.
lacpexpireTransitiontoexpiredstate.

aportpriaportpri

Setstheportsactorportpriority.Validvaluesare065535,withlower
valuesdesignatinghigherpriority.

asyspriasyspri

Setstheportsactorsystempriority.TheLACPimplementationonthe
EnterasysB5deviceusesthisvaluetodetermineaggregationprecedence
whentherearetwodevicescompetingforthesameaggregator.Valid
valuesare065535,withhigherprecedencegiventolowervalues.
Note: Only one LACP system priority can be set on a Enterasys B5 device, using
either this command, or the set lacp asyspri command (set lacp asyspri on
page 7-49).

enable

(Optional)EnablesLACPDUprocessingonthisport.

disable

(Optional)DisablesLACPDUprocessingonthisport.Bydefault,LACPis
disabledonports.

padminkey
padminkey

Setsadefaultvaluetouseastheportspartneradminkey.Onlyportswith
matchingadminkeysareallowedtoaggregate.Validvaluesare165535.

padminport
padminport

Setsadefaultvaluetouseastheportspartneradminvalue.Validvalues
are165535.

padminportpri
padminportpri

Setsadefaultvaluetouseastheportspartnerportpriority.Validvalues
are065535,withlowervaluesgivenhigherpriority.

Enterasys B5 CLI Reference

7-55

clear port lacp

padminsysid
padminsysid

SetsadefaultvaluetouseastheportspartnersystemID.ThisisaMAC
address.

padminsyspri
padminsyspri

Setsadefaultvaluetouseastheportspartnerpriority.Validvaluesare0
65535,withlowervaluesgivenhigherpriority.

Defaults
Atleastoneparametermustbeenteredperportstring.
Ifenableordisablearenotspecified,port(s)willbeenabledwiththeLACPparametersentered.

Mode
Switchcommand,readwrite.

Usage
LACPcommandsandparametersbeginningwithana(suchasaadminkey)setactorvalues.
Correspondingcommandsandparametersbeginningwithap(suchaspadminkey)set
correspondingpartnervalues.ActorreferstothelocaldeviceparticipatinginLACPnegotiation,
whilepartnerreferstoitsremotedevicepartnerattheotherendofthenegotiation.Actorsand
partnersmaintaincurrentstatusoftheotherviaLACPDUscontaininginformationabouttheir
portsLACPstatusandoperationalstate.

Example
Thisexampleshowshowtosettheactoradminkeyto3555forportge.3.16andenableLACPon
theport:
B5(su)->set port lacp port ge.3.16 aadminkey 3555 enable

clear port lacp

Usethiscommandtoclearlinkaggregationsettingsforoneormoreports.

Syntax
clear port lacp port port-string {[aadminkey] [aportpri] [asyspri] [aadminstate
{lacpactive | lacptimeout | lacpagg | lacpsync | lacpcollect | lacpdist | lacpdef
| lacpexpire | all}] [padminsyspri] [padminsysid] [padminkey] [padminportpri]
[padminport] [padminstate {lacpactive | lacptimeout | lacpagg | lacpsync |
lacpcollect | lacpdist | lacpdef | lacpexpire | all}]}

Parameters

7-56

portportstring

Specifiesthephysicalport(s)onwhichLACPsettingswillbecleared.For
adetaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage71.

aadminkey

Clearsaportsactoradminkey.

aportpri

Clearsaportsactorportpriority.

asyspri

Clearstheportsactorsystempriority.

Port Configuration

clear port lacp

Clearstheportsdefaultpartnerpriorityvalue.

padminsysid

ClearstheportsdefaultpartnersystemID.

padminkey

Clearstheportsdefaultpartneradminkey.

padminportpri

Clearstheportsdefaultpartnerportpriority.

padminport

DeletesapartnerportfromtheLACPconfiguration.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
IfyousetaporttoLACPpassiveusingthecommandclearportlacpport<portstring>
aadminstatelacpactive,thecommandclearportlacpport<portstring>aadminstatelacptimeout
willalsobeaddedtotheconfiguration.Ifyouunsetthefirstcommand,itwillremovethesecond
commandautomaticallyfromtheconfigurationfile.

Example
Thisexampleshowshowtoclearalllinkaggregationparametersforportge.3.16:
B5(su)->clear port lacp port ge.3.16

Enterasys B5 CLI Reference

7-57

Configuring Protected Ports

TheProtectedPortfeatureisusedtopreventportsfromforwardingtraffictoeachother,even
whentheyareonthesameVLAN.Portsmaybedesignatedaseitherprotectedorunprotected.
Portsareunprotectedbydefault.Multiplegroupsofprotectedportsaresupported.

Protected Port Operation

Portsthatareconfiguredtobeprotectedcannotforwardtraffictootherprotectedportsinthe
samegroup,regardlessofhavingthesameVLANmembership.However,protectedportscan
forwardtraffictoportswhichareunprotected(notlistedinanygroup).Protectedportscanalso
forwardtraffictoprotectedportsinadifferentgroup,iftheyareinthesameVLAN.Unprotected
portscanforwardtraffictobothprotectedandunprotectedports.Aportmaybelongtoonlyone
groupofprotectedports.
Thisfeatureonlyappliestoportswithinaswitchorastack.Itdoesnotapplyacrossmultiple
switchesinanetwork.

Commands
For information about...

Refer to page...

set port protected

7-58

show port protected

7-59

clear port protected

7-59

set port protected name

7-60

show port protected name

7-60

clear port protected name

7-61

set port protected

Usethiscommandtospecifyaporttobeprotectedandassigntheporttoagroupofprotected
ports.Aportcanbeassignedtoonlyonegroup.

Syntax
set port protected port-string group-id

Parameters
portstring

Specifiestheportorportstobeprotected.

groupid

Specifiestheidofthegrouptowhichtheportsshouldbeassigned.Idcan
rangefrom0to2.

Defaults
None.

Mode
Switchcommand,readwrite.

7-58

Port Configuration

show port protected

Example
Thisexampleshowshowtoassignportsge.1.1throughge.1.3toprotectedportgroup1:
B5(rw)->set port protected ge.1.1-3 1

show port protected

Usethiscommandtodisplayinformationabouttheportsconfiguredforprotectedmode.

Syntax
show port protected [port-string] | [group-id]

Parameters
portstring

(Optional)Specifiestheportorportsforwhichtodisplayinformation.

groupid

(Optional)Specifiestheidofthegroupforwhichtodisplayinformation.
Idcanrangefrom0to2.

Defaults
Ifnoparametersareentered,informationaboutallprotectedportsisdisplayed.

Mode
Readonly.

Example
Thisexampleshowshowtodisplayinformationaboutallprotectedports:
B5(ro)->show port protected
Group id
Port
GroupName
------------------------------------1
ge.1.1
group1
1
ge.1.2
group1
1
ge.1.3
group1

clear port protected

Usethiscommandtoremoveaportorgroupfromprotectedmode.

Syntax
clear port protected [port-string] | [group-id]

Parameters
portstring

(Optional)Specifiestheportorportstoremovefromprotectedmode.

groupid

(Optional)Specifiestheidofthegrouptoremovefromprotectedmode.
Idcanrangefrom0to2.

Defaults
Ifnoparametersareentered,allprotectedportsandgroupsarecleared.

Enterasys B5 CLI Reference

7-59

set port protected name

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoclearprotectedportsge.1.1throughge.1.3:
B5(rw)->clear port protected ge.1.1-3

set port protected name

Usethiscommandtoassignanametoaprotectedportgroupid.

Syntax
set port protected name group-id name

Parameters
groupid

Specifiestheidofthisgroup.Idcanrangefrom0to2.

name

Specifiesanameforthegroup.Thenamecanbeupto32charactersin
length.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoassignthenamegroup1toprotectedportgroup1:
B5(rw)->set port protected name 1 group1

show port protected name

Usethiscommandtodisplaythenameforthegroupidsspecified.

Syntax
show port protected name group-id

Parameters
groupid

Defaults
None.

Mode
Readonly.
7-60

Port Configuration

Specifiestheidofthegrouptodisplay.Idcanrangefrom0to2.

clear port protected name

Example
Thisexampleshowshowtoshowthenameofprotectedportgroup1:
B5(ro)->show port protected name 1
Group ID
Group Name
----------------------------1
group1

clear port protected name

Usethiscommandtoclearthenameofaprotectedgroup.

Syntax
clear port protected name group-id

Parameters
groupid

Specifiestheidofthegroupforwhichtoclearthename.Idcanrange
from0to2.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoclearthenameofprotectedportgroup1:
B5(rw)->clear port protected name 1

Enterasys B5 CLI Reference

7-61

clear port protected name

7-62

Port Configuration

8
SNMP Configuration
ThischapterdescribestheSimpleNetworkManagementProtocol(SNMP)setofcommandsand
howtousethem.
For information about...

Refer to page...

SNMP Configuration Summary

8-1

Reviewing SNMP Statistics

8-3

Configuring SNMP Users, Groups, and Communities

8-8

Configuring SNMP Access Rights

8-15

Configuring SNMP MIB Views

8-19

Configuring SNMP Target Parameters

8-23

Configuring SNMP Target Addresses

8-26

Configuring SNMP Notification Parameters

8-29

Creating a Basic SNMP Trap Configuration

8-36

Configuring the SNMP Management Interface

8-38

Note: An Enterasys Networks Feature Guide document containing an in-depth discussion of SNMP
configuration is located on the Enterasys Networks web site:
https://extranet.enterasys.com/downloads/

SNMP Configuration Summary

SNMPisanapplicationlayerprotocolthatfacilitatestheexchangeofmanagementinformation
betweennetworkdevices.SNMPenablesnetworkadministratorstomanagenetwork
performance,findandsolvenetworkproblems,andplanfornetworkgrowth.
EnterasysB5devicessupportthreeversionsofSNMP:

Version1(SNMPv1)ThisistheinitialimplementationofSNMP.RefertoRFC1157forafull
descriptionoffunctionality.

Version2(SNMPv2c)ThesecondreleaseofSNMP,describedinRFC1907,hasadditions
andenhancementstodatatypes,countersize,andprotocoloperations.

Version3(SNMPv3)ThisisthemostrecentversionofSNMP,andincludessignificant
enhancementstoadministrationandsecurity.SNMPv3isfullydescribedinRFC2571,
RFC 2572,RFC2573,RFC2574,andRFC2575.

Enterasys B5 CLI Reference

8-1

SNMP Configuration Summary

SNMPv1 and SNMPv2c

ThecomponentsofSNMPv1andSNMPv2cnetworkmanagementfallintothreecategories:

Manageddevices(suchasaswitch).

SNMPagentsandMIBs,includingSNMPtraps,communitystrings,andRemoteMonitoring
(RMON)MIBs,whichrunonmanageddevices.

SNMPnetworkmanagementapplications,suchastheEnterasysNetSightapplication,which
communicatewithagentstogetstatisticsandalertsfromthemanageddevices.

SNMPv3
SNMPv3isaninteroperablestandardsbasedprotocolthatprovidessecureaccesstodevicesby
authenticatingandencryptingframesoverthenetwork.Theadvancedsecurityfeaturesprovided
inSNMPv3areasfollows:

MessageintegrityCollectsdatasecurelywithoutbeingtamperedwithorcorrupted.

AuthenticationDeterminesthemessageisfromavalidsource.

EncryptionScramblesthecontentsofaframetopreventitfrombeingseenbyan
unauthorizedsource.

UnlikeSNMPv1andSNMPv2c,inSNMPv3,theconceptofSNMPagentsandSNMPmanagersno
longerapply.TheseconceptshavebeencombinedintoanSNMPentity.AnSNMPentityconsists
ofanSNMPengineandSNMPapplications.AnSNMPengineconsistsofthefollowingfour
components:

DispatcherThiscomponentsendsandreceivesmessages.

MessageprocessingsubsystemThiscomponentacceptsoutgoingPDUsfromthe
dispatcherandpreparesthemfortransmissionbywrappingtheminamessageheaderand
returningthemtothedispatcher.Themessageprocessingsubsystemalsoacceptsincoming
messagesfromthedispatcher,processeseachmessageheader,andreturnstheenclosedPDU
tothedispatcher.

SecuritysubsystemThiscomponentauthenticatesandencryptsmessages.

AccesscontrolsubsystemThiscomponentdetermineswhichusersandwhichoperations
areallowedaccesstomanagedobjects.

About SNMP Security Models and Levels

AnSNMPsecuritymodelisanauthenticationstrategythatissetupforauserandthegroupin
whichtheuserresides.Asecuritylevelisthepermittedlevelofsecuritywithinasecuritymodel.
ThethreelevelsofSNMPsecurityare:Noauthenticationrequired(NoAuthNoPriv);
authenticationrequired(AuthNoPriv);andprivacy(authPriv).Acombinationofasecuritymodel
andasecurityleveldetermineswhichsecuritymechanismisemployedwhenhandlinganSNMP
frame.Table 81identifiesthelevelsofSNMPsecurityavailableonEnterasysB5devicesand
authenticationrequiredwithineachmodel.

8-2

SNMP Configuration

Reviewing SNMP Statistics

Table 8-1

SNMP Security Levels

Model

Security Level

Authentication

Encryption

How It Works

NoAuthNoPriv

Community string

None

Uses a community string match for

authentication.

v2c

NoAuthNoPriv

Community string

None

Uses a community string match for

authentication.

NoAuthNoPriv

User name

None

Uses a user name match for

authentication.

AuthNoPriv

MD5 or SHA

None

Provides authentication based on

the HMAC-MD5 or HMAC-SHA
algorithms.

authPriv

MD5 or SHA

DES

Provides authentication based on

the HMAC-MD5 or HMAC-SHA
algorithms. Provides DES 56-bit
encryption in addition to
authentication based on the CBCDES (DES-56) standard.

Using SNMP Contexts to Access Specific MIBs

Bydefault,whenoperatingfromtheswitchCLI,EnterasysB5devicesallowaccesstoallSNMP
MIBsorcontexts.AcontextisacollectionofMIBobjects,oftenassociatedwithaparticular
physicalorlogicaldevice.
Ifnooptionalcontextparametersareconfiguredforv1andv2communitynamesandv3user
groups,thesegroupsareabletoaccessallSNMPMIBobjectswheninswitchmode.
SpecifyingacontextparameterwhensettingupSNMPusergroupwouldpermitorrestrictthe
groupsswitchmanagementaccesstotheMIB(s)specifiedbythecontext(MIBobjectID)value.
AllSNMPcontextsknowntothedevicecanbedisplayedusingtheshowsnmpcontextcommand
asdescribedinshowsnmpcontextonpage 821.

Example
ThisexamplepermitsthepowergrouptomanageallMIBsviaSNMPv3:
B5(su)->set snmp access powergroup security-model usm

Configuration Considerations
CommandsforconfiguringSNMPontheEnterasysB5deviceareindependentduringtheSNMP
setupprocess.Forinstance,targetparameterscanbespecifiedwhensettingupoptional
notificationfilterseventhoughtheseparametershavenotyetbeencreatedwiththesetsnmp
targetparamscommand.

Reviewing SNMP Statistics

Purpose
ToreviewSNMPstatistics.

Enterasys B5 CLI Reference

8-3

show snmp engineid

Commands
For information about...

Refer to page...

show snmp engineid

8-4

show snmp counters

8-5

show snmp engineid

UsethiscommandtodisplaytheSNMPlocalengineID.ThisistheSNMPv3engines
administrativelyuniqueidentifier.

Syntax
show snmp engineid

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaySNMPengineproperties:
B5(su)->show snmp engineid
EngineId: 80:00:15:f8:03:00:e0:63:9d:b5:87
Engine Boots
= 12
Engine Time
= 162181
Max Msg Size
= 2048

Table 82providesanexplanationofthecommandoutput.
Table 8-2

8-4

show snmp engineid Output Details

Output Field

What It Displays...

EngineId

String identifying the SNMP agent on the device.

Engine Boots

Number of times the SNMP engine has been started or reinitialized.

Engine Time

Time in seconds since last reboot.

Max Msg Size

Maximum accepted length, in bytes, of SNMP frame.

SNMP Configuration

show snmp counters

UsethiscommandtodisplaySNMPtrafficcountervalues.

Syntax
show snmp counters

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaySNMPcountervalues
B5(su)->show snmp counters
--- mib2 SNMP group counters:
snmpInPkts
= 396601
snmpOutPkts
= 396601
snmpInBadVersions
= 0
snmpInBadCommunityNames = 0
snmpInBadCommunityUses = 0
snmpInASNParseErrs
= 0
snmpInTooBigs
= 0
snmpInNoSuchNames
= 0
snmpInBadValues
= 0
snmpInReadOnlys
= 0
snmpInGenErrs
= 0
snmpInTotalReqVars
= 403661
snmpInTotalSetVars
= 534
snmpInGetRequests
= 290
snmpInGetNexts
= 396279
snmpInSetRequests
= 32
snmpInGetResponses
= 0
snmpInTraps
= 0
snmpOutTooBigs
= 0
snmpOutNoSuchNames
= 11
snmpOutBadValues
= 0
snmpOutGenErrs
= 0
snmpOutGetRequests
= 0
snmpOutGetNexts
= 0
snmpOutSetRequests
= 0
snmpOutGetResponses
= 396601
snmpOutTraps
= 0
snmpSilentDrops
= 0
snmpProxyDrops
= 0
--- USM Stats counters:
usmStatsUnsupportedSecLevels = 0
usmStatsNotInTimeWindows
= 0
usmStatsUnknownUserNames
= 0

Enterasys B5 CLI Reference

8-5

show snmp counters

usmStatsUnknownEngineIDs
usmStatsWrongDigests
usmStatsDecryptionErrors

= 0
= 0
= 0

Table 83providesanexplanationofthecommandoutput.
Table 8-3

8-6

show snmp counters Output Details

Output Field

What It Displays...

snmpInPkts

Number of messages delivered to the SNMP entity from the transport

service.

snmpOutPkts

Number of SNMP messages passed from the SNMP protocol entity to

the transport service.

snmpInBadVersions

Number of SNMP messages delivered to the SNMP entity for an

unsupported SNMP version.

snmpInBadCommunityNames

Number of SNMP messages delivered to the SNMP entity that used an

SNMP community name not known to the entity.

snmpInBadCommunityUses

Number of SNMP messages delivered to the SNMP entity that

represented an SNMP operation not allowed by the SNMP community
named in the message.

snmpInASNParseErrs

Number of ASN.1 (Abstract Syntax Notation) or BER (Basic Encoding

Rules) errors encountered by the SNMP entity when decoding received
SNMP messages.

snmpInTooBigs

Number of SNMP PDUs delivered to the SNMP protocol entity with the
value of the error-status field as tooBig.

snmpInNoSuchNames

Number of SNMP PDUs delivered to the SNMP protocol entity with the
value of the error-status field as noSuchName.

snmpInBadValues

Number of SNMP PDUs delivered to the SNMP protocol entity with the
value of the error-status field as badValue.

snmpInReadOnlys

Number of valid SNMP PDUs delivered to the SNMP protocol entity with
the value of the error-status field as "readOnly."

snmpInGenErrs

Number of SNMP PDUs delivered to the SNMP protocol entity with the
value of the error-status field as "genErr."

snmpInTotalReqVars

Number of MIB objects retrieved successfully by the SNMP protocol

entity as the result of receiving valid SNMP Get-Request and Get-Next
PDUs.

snmpInTotalSetVars

Number of MIB objects altered successfully by the SNMP protocol entity

as the result of receiving valid SNMP Set-Request PDUs.

snmpInGetRequests

Number of SNMP Get-Request PDUs accepted and processed by the

SNMP protocol entity.

snmpInGetNexts

Number of SNMP Get-Next PDUs accepted and processed by the

SNMP protocol entity.

snmpInSetRequests

Number of SNMP Set-Request PDUs accepted and processed by the

SNMP protocol entity.

snmpInGetResponses

Number of SNMP Get-Response PDUs accepted and processed by the

SNMP protocol entity.

snmpInTraps

Number of SNMP Trap PDUs accepted and processed by the SNMP

protocol entity.

snmpOutTooBigs

Number of SNMP PDUs generated by the SNMP protocol entity with the
value of the error-status field as "tooBig."

snmpOutNoSuchNames

Number of SNMP PDUs generated by the SNMP protocol entity with the
value of the error-status as "noSuchName."

SNMP Configuration

show snmp counters

Table 8-3

show snmp counters Output Details (Continued)

Output Field

What It Displays...

snmpOutBadValues

Number of SNMP PDUs generated by the SNMP protocol entity with the
value of the error-status field as "badValue."

snmpOutGenErrs

Number of SNMP PDUs generated by the SNMP protocol entity with the
value of the error-status field as "genErr."

snmpOutGetRequests

Number of SNMP Get-Request PDUs generated by the SNMP protocol

entity.

snmpOutGetNexts

Number of SNMP Get-Next PDUs generated by the SNMP protocol

entity.

snmpOutSetRequests

Number of SNMP Set-Request PDUs generated by the SNMP protocol

entity.

snmpOutGetResponses

Number of SNMP Get-Response PDUs generated by the SNMP

protocol entity.

snmpOutTraps

Number of SNMP Trap PDUs generated by the SNMP protocol entity.

snmpSilentDrops

Number of SNMP Get, Set, or Inform request error messages that were
dropped because the reply was larger than the requestors maximum
message size.

snmpProxyDrops

Number of SNMP Get, Set, or Inform request error messages that were
dropped because the reply was larger than the proxy targets maximum
message size.

usmStatsUnsupportedSec
Levels

Number of packets received by the SNMP engine that were dropped

because they requested a security level that was unknown to the SNMP
engine or otherwise unavailable.

usmStatsNotInTimeWindows

Number of packets received by the SNMP engine that were dropped

because they appeared outside of the authoritative SNMP engine's
window.

usmStatsUnknownUserNames

Number of packets received by the SNMP engine that were dropped

because they referenced a user that was not known to the SNMP
engine.

usmStatsUnknownEngineIDs

Number of packets received by the SNMP engine that were dropped

because they referenced an snmpEngineID that was not known to the
SNMP engine.

usmStatsWrongDigests

Number of packets received by the SNMP engine that were dropped

because they did not contain the expected digest value.

usmStatsDecriptionErrors

Number of packets received by the SNMP engine that were dropped

because they could not be decrypted.

Enterasys B5 CLI Reference

8-7

Configuring SNMP Users, Groups, and Communities

Purpose
ToreviewandconfigureSNMPusers,groups,andv1andv2communities.Thesearedefinedas
follows:

UserApersonregisteredinSNMPv3toaccessSNMPmanagement.

GroupAcollectionofuserswhosharethesameSNMPaccessprivileges.

CommunityAnameusedtoauthenticateSNMPv1andv2users.

Commands
For information about...

Refer to page...

show snmp user

8-8

set snmp user

8-9

clear snmp user

8-11

show snmp group

8-11

set snmp group

8-12

clear snmp group

8-13

show snmp community

8-13

set snmp community

8-14

clear snmp community

8-15

show snmp user

UsethiscommandtodisplayinformationaboutSNMPusers.Thesearepeopleregisteredto
accessSNMPmanagement.

Syntax
show snmp user [list] | [user] | [remote remote] [volatile | nonvolatile | readonly]

Parameters
list

(Optional)DisplaysalistofregisteredSNMPusernames.

user

(Optional)Displaysinformationaboutaspecificuser.

remoteremote

(Optional)DisplaysinformationaboutusersonaspecificremoteSNMP
engine.

volatile|nonvolatile (Optional)Displaysuserinformationforaspecifiedstoragetype.
|readonly

Defaults
Iflistisnotspecified,detailedSNMPinformationwillbedisplayed.

8-8

SNMP Configuration

set snmp user

Ifuserisnotspecified,informationaboutallSNMPuserswillbedisplayed.
Ifremoteisnotspecified,userinformationaboutthelocalSNMPenginewillbedisplayed.
Ifastoragetypeisnotspecified,userinformationforallstoragetypeswillbedisplayed.

Mode
Switchcommand,readonly.

Examples
ThisexampleshowshowtodisplayanSNMPuserlist:
B5(su)->show snmp user list
--- SNMP user information ----- List of registered users:
Guest
admin1
admin2
netops

ThisexampleshowshowtodisplayinformationfortheSNMPguestuser:
(su)->show snmp user guest
--- SNMP user information --EngineId: 00:00:00:63:00:00:00:a1:00:00:00:00
Username
= Guest
Auth protocol
= usmNoAuthProtocol
Privacy protocol
= usmNoPrivProtocol
Storage type
= nonVolatile
Row status
= active

Table 84providesanexplanationofthecommandoutput.
Table 8-4

show snmp user Output Details

Output Field

What It Displays...

EngineId

SNMP local engine identifier.

Username

SNMPv1 or v2 community name or SNMPv3 user name.

Auth protocol

Type of authentication protocol applied to this user.

Privacy protocol

Type of encryption protocol applied to this user.

Storage type

Whether entry is stored in volatile, nonvolatile or read-only memory.

Row status

Status of this entry: active, notInService, or notReady.

set snmp user

UsethiscommandtocreateanewSNMPv3user.

Syntax
set snmp user user [remote remoteid] [encryption {des | aes}] [privacy
privpassword] [authentication {md5 | sha}] [authpassword] [volatile | nonvolatile]

Enterasys B5 CLI Reference

8-9

set snmp user

Parameters
user

SpecifiesanamefortheSNMPv3user.

remoteremoteid

(Optional)RegisterstheuseronaspecificremoteSNMPengine.

encryptiondes|
aes

(Optional)Specifiestheencryptiontypeforthisuser.
AESreferstotheAdvancedEncryptionStandardusinga128bitkeysize.

privacyprivpassword (Optional)Specifiesanencryptionpassword.Minimumof8characters.
Requiredifencryptionisspecified.
authenticationmd5 (Optional)SpecifiestheauthenticationtyperequiredforthisuserasMD5
|sha
orSHA.
authpassword

(Optional)Specifiesapasswordforthisuserwhenauthenticationis
required.Minimumof8characters.

volatile|
nonvolatile

(Optional)Specifiesastoragetypeforthisuserentry.

Defaults
Ifremoteisnotspecified,theuserwillberegisteredforthelocalSNMPengine.
Ifencryptionisnotspecified,noencryptionwillbeapplied.
Ifauthenticationisnotspecified,noauthenticationwillbeapplied.
Ifstoragetypeisnotspecified,nonvolatilewillbeapplied.

Mode
Switchcommand,readwrite.

Usage
Althoughalltheparametersexceptfortheusernameareoptional,ifyouareenteringanyofthe
optionalparameters,itisrecommendedthatyouenterthemintheordershowninthesyntax
statement.

Examples
ThisexampleshowshowtocreateanewSNMPusernamednetops.Bydefault,thisuserwillbe
registeredonthelocalSNMPenginewithoutauthenticationandencryption.Entriesrelatedtothis
userwillbestoredinpermanent(nonvolatile)memory:
B5(su)->set snmp user netops

ThisexamplecreatesanewSNMPusernamedadminwithDESencryptionandMD5
authenticationrequired.Theencryptionpasswordisadmintest1andtheauthentication
passwordisadmintest2.Bydefault,thisuserwillberegisteredonthelocalSNMPengineand
entriesrelatedtothisuserwillbestoredinpermanent(nonvolatile)memory.
B5(su)->set snmp user admin encryption des privacy admintest1 authentication md5
admintest2

8-10

SNMP Configuration

clear snmp user

UsethiscommandtoremoveauserfromtheSNMPv3securitymodellist.

Syntax
clear snmp user user [remote remote]

Parameters
user

SpecifiesanSNMPv3usertoremove.

remoteremote

(Optional)RemovestheuserfromaspecificremoteSNMPengine.

Defaults
Ifremoteisnotspecified,theuserwillberemovedfromthelocalSNMPengine.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoremovetheSNMPusernamedbill:
B5(su)->clear snmp user bill

show snmp group

UsethiscommandtodisplayanSNMPgroupconfiguration.AnSNMPgroupisacollectionof
SNMPv3userswhosharethesameaccessprivileges.

Syntax
show snmp group [groupname groupname] [user user] [security-model {v1 | v2c | usm}]
[volatile | nonvolatile | read-only]

Parameters
groupname
groupname

(Optional)DisplaysinformationforaspecificSNMPgroup.

useruser

(Optional)Displaysinformationaboutuserswithinthespecifiedgroup.

securitymodelv1| (Optional)Displaysinformationaboutgroupsassignedtoaspecific
v2c|usm
securitySNMPmodel.
volatile|
nonvolatile|read
only

(Optional)DisplaysSNMPgroupinformationforaspecifiedstoragetype.

Defaults
Ifgroupnameisnotspecified,informationaboutallSNMPgroupswillbedisplayed.
Ifuserisnotspecified,informationaboutallSNMPuserswillbedisplayed.
Ifsecuritymodelisnotspecified,userinformationaboutallSNMPversionswillbedisplayed.
Ifnotspecified,informationforallstoragetypeswillbedisplayed.

Enterasys B5 CLI Reference

8-11

set snmp group

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaySNMPgroupinformation:
B5(su)->show snmp group
--- SNMP group information --Security model
= SNMPv1
Security/user name
= public
Group name
= Anyone
Storage type
= nonVolatile
Row status
= active
Security model
Security/user name
Group name
Storage type
Row status

=
=
=
=
=

SNMPv1
public.router1
Anyone
nonVolatile
active

Table 85providesanexplanationofthecommandoutput.
Table 8-5

show snmp group Output Details

Output Field

What It Displays...

Security model

SNMP version associated with this group.

Security/user name

User belonging to the SNMP group.

Group name

Name of SNMP group.

Storage type

Whether entry is stored in volatile, nonvolatile or read-only memory.

Row status

Status of this entry: active, notInService, or notReady.

set snmp group

UsethiscommandtocreateanSNMPgroup.ThisassociatesSNMPv3userstoagroupthatshares
commonaccessprivileges.

Syntax
set snmp group groupname user user security-model {v1 | v2c | usm} [volatile |
nonvolatile]

Parameters
groupname

SpecifiesanSNMPgroupnametocreate.

useruser

SpecifiesanSNMPv3usernametoassigntothegroup.

securitymodelv1| SpecifiesanSNMPsecuritymodeltoassigntothegroup.
v2c|usm
volatile|
nonvolatile

(Optional)SpecifiesastoragetypeforSNMPentriesassociatedwiththe
group.

Defaults
Ifstoragetypeisnotspecified,nonvolatilestoragewillbeapplied.

8-12

SNMP Configuration

clear snmp group

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtocreateanSNMPgroupcalledanyone,assignausernamedpublic
andassignSNMPv3securitytothegroup:
B5(su)->set snmp group anyone user public security-model usm

clear snmp group

UsethiscommandtoclearSNMPgroupsettingsgloballyorforaspecificSNMPgroupanduser.

Syntax
clear snmp group groupname user [security-model {v1 | v2c | usm}]

Parameters
groupname

SpecifiestheSNMPgrouptobecleared.

user

SpecifiestheSNMPusertobecleared.

securitymodelv1| (Optional)Clearsthesettingsassociatedwithaspecificsecuritymodel.
v2c|usm

Defaults
If not specified, settings related to all security models will be cleared.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoclearallsettingsassignedtothepublicuserwithintheSNMPgroup
anyone:
B5(su)->clear snmp group anyone public

show snmp community

UsethiscommandtodisplaySNMPcommunitynamesandstatus.InSNMPv1andv2,
communitynamesactaspasswordstoremotemanagement.

Syntax
show snmp community [name]

Parameters
name

(Optional)DisplaysSNMPinformationforaspecificcommunityname.

Defaults
Ifnameisnotspecified,informationwillbedisplayedforallSNMPcommunities.

Enterasys B5 CLI Reference

8-13

set snmp community

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayinformationabouttheSNMPpubliccommunityname.For
adescriptionofthisoutput,refertosetsnmpcommunity(page814).
B5(su)->show snmp community public
--- Configured community strings --Name
Security name
Context
Transport tag
Storage type
Status

=
=
=
=
=
=

*********
public

nonVolatile
active

set snmp community

UsethiscommandtoconfigureanSNMPcommunitygroup.

Syntax
set snmp community community [securityname securityname] [context context]
[transport transport] [volatile | nonvolatile]

Parameters
community

Specifiesacommunitygroupname.

securityname
securityname

(Optional)SpecifiesanSNMPsecuritynametoassociatewiththis
community.

contextcontext

(Optional)Specifiesasubsetofmanagementinformationthiscommunity
willbeallowedtoaccess.Validvaluesarefullorpartialcontextnames.To
reviewallcontextsconfiguredforthedevice,usetheshowsnmpcontext
commandasdescribedinshowsnmpcontextonpage 821.

transporttransport

(Optional)SpecifiesthesetoftransportendpointsfromwhichSNMP
requestwiththiscommunitynamewillbeaccepted.Makesalinktoa
targetaddresstable.

volatile|
nonvolatile

(Optional)Specifiesthestoragetypefortheseentries.

Defaults
Ifsecuritynameisnotspecified,thecommunitynamewillbeused.
Ifcontextisnotspecified,thedefault(NULL)contextisapplied.
Iftransporttagisnotspecified,nonewillbeapplied.
Ifstoragetypeisnotspecified,nonvolatilewillbeapplied.

Mode
Switchcommand,readwrite.

8-14

SNMP Configuration

clear snmp community

Usage
Whenyouconfigureacommunityname,ifyoudontspecifyacontextwiththecontextparameter,
thedefault(NULL)contextisapplied.Ifyouwanttochangeaconfiguredcontextbacktothe
default(NULL)context,enterahyphenasthevalueofthecontextparameter,asshowninthe
Examplesbelow.

Examples
ThisexampleshowshowtosetanSNMPcommunitynamecalledvip.
B5(su)->set snmp community vip

TheexampleshowshowtosetthecontextforSNMPcommunityviptothedefaultNULL
context.
B5(su)->set snmp community vip context -

clear snmp community

UsethiscommandtodeleteanSNMPcommunityname.

Syntax
clear snmp community name

Parameters
name

SpecifiestheSNMPcommunitynametoclear.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtodeletethecommunitynamevip.
B5(su)->clear snmp community vip

Configuring SNMP Access Rights

Purpose
ToreviewandconfigureSNMPaccessrights,assigningviewingprivilegesandsecuritylevelsto
SNMPusergroups.

Enterasys B5 CLI Reference

8-15

show snmp access

Commands
For information about...

Refer to page...

show snmp access

8-16

set snmp access

8-18

clear snmp access

8-19

show snmp access

UsethiscommandtodisplayaccessrightsandsecuritylevelsconfiguredforSNMPoneormore
groups.

Syntax
show snmp access [groupname] [security-model {v1 | v2c | usm}] [noauthentication
| authentication | privacy] [context context] [volatile | nonvolatile | read-only]

Parameters
groupname

(Optional)DisplaysaccessinformationforaspecificSNMPv3group.

securitymodelv1| (Optional)DisplaysaccessinformationforSNMPsecuritymodelversion
v2c|usm
1,2cor3(usm).
noauthentication|
authentication|
privacy

(Optional)Displaysaccessinformationforaspecificsecuritylevel.

contextcontext

(Optional)Displaysaccessinformationforaspecificcontext.Fora
descriptionofhowtospecifySNMPcontexts,refertoUsingSNMP
ContextstoAccessSpecificMIBsonpage 83.

volatile|
nonvolatile|read
only

(Optional)Displaysaccessentriesforaspecificstoragetype.

Defaults
Ifgroupnameisnotspecified,accessinformationforallSNMPgroupswillbedisplayed.
Ifsecuritymodelisnotspecified,accessinformationforallSNMPversionswillbedisplayed.
Ifnoauthentication,authenticationorprivacyarenotspecified,accessinformationforall
securitylevelswillbedisplayed.
Ifcontextisnotspecified,allcontextswillbedisplayed.
Ifvolatile,nonvolatileorreadonlyarenotspecified,allentriesofallstoragetypeswillbe
displayed.

Mode
Switchcommand,readonly.

8-16

SNMP Configuration

show snmp access

Example
ThisexampleshowshowtodisplaySNMPaccessinformation:
B5(su)->show snmp
Group
=
Security model =
Security level =
Read View
=
Write View
=
Notify View
=
Context match
=
Storage type
=
Row status
=

access
SystemAdmin
USM
noAuthNoPriv
All

Group
Security model
Security level
Read View
Write View
Notify View
Context match
Storage type
Row status

NightOperator
USM
noAuthNoPriv
All

=
=
=
=
=
=
=
=
=

All
exact match
nonVolatile
active

Table 86providesanexplanationofthecommandoutput.
Table 8-6

show snmp access Output Details

Output Field

What It Displays...

Group

SNMP group name.

Security model

Security model applied to this group. Valid types are: SNMPv1,

SNMPv2c, and SNMPv3 (User based - USM).

Security level

Security level applied to this group. Valid levels are:

noAuthNoPrivacy (no authentication required)
AuthNoPrivacy (authentication required)
authPriv (privacy -- most secure level)

Read View

Name of the view that allows this group to view SNMP MIB objects.

Write View

Name of the view that allows this group to configure the contents of the
SNMP agent.

Notify View

Name of the view that allows this group to send an SNMP trap message.

Context match

Whether or not SNMP context match must be exact (full context name
match) or a partial match with a given prefix.

Storage type

Whether access entries for this group are stored in volatile, nonvolatile
or read-only memory.

Row status

Status of this entry: active, notInService, or notReady.

Enterasys B5 CLI Reference

8-17

set snmp access

UsethiscommandtosetanSNMPaccessconfiguration.

Syntax
set snmp access groupname security-model {v1 | v2c | usm} [noauthentication |
authentication | privacy] [context context] [exact | prefix] [read read] [write
write] [notify notify] [volatile | nonvolatile]

Parameters
groupname

SpecifiesanameforanSNMPv3group.

securitymodelv1| SpecifiesSNMPversion1,2cor3(usm).
v2c|usm
noauthentication|
authentication|
privacy

(Optional)AppliesSNMPsecuritylevelasnoauthentication,
authentication(withoutprivacy)orprivacy.Privacyspecifiesthat
messagessentonbehalfoftheuserareprotectedfromdisclosure.

contextcontextexact (Optional)Setsthecontextforthisaccessconfigurationandspecifiesthat
|prefix
thematchmustbeexact(matchingthewholecontextstring)oraprefix
matchonly.ContextisasubsetofmanagementinformationthisSNMP
groupwillbeallowedtoaccess.Validvaluesarefullorpartialcontext
names.Toreviewallcontextsconfiguredforthedevice,usetheshow
snmpcontextcommandasdescribedinshowsnmpcontexton
page 821.
readread

(Optional)Specifiesareadaccessview.

writewrite

(Optional)Specifiesawriteaccessview.

notifynotify

(Optional)Specifiesanotifyaccessview.

volatile|
nonvolatile|read
only

(Optional)StoresassociatedSNMPentriesastemporaryorpermanent,or
readonly.

Defaults
Ifsecuritylevelisnotspecified,noauthenticationwillbeapplied.
Ifcontextisnotspecified,accesswillbeenabledforthedefaultcontext.Ifcontextisspecified
withoutacontextmatch,exactmatchwillbeapplied.
Ifreadviewisnotspecifiednonewillbeapplied.
Ifwriteviewisnotspecified,nonewillbeapplied.
Ifnotifyviewisnotspecified,nonewillbeapplied.
Ifstoragetypeisnotspecified,entrieswillbestoredaspermanentandwillbeheldthroughdevice
reboot.

Mode
Switchcommand,readwrite.

Example
ThisexamplepermitsthepowergrouptomanageallMIBsviaSNMPv3:
B5(su)->set snmp access powergroup security-model usm

8-18

SNMP Configuration

clear snmp access

UsethiscommandtocleartheSNMPaccessentryofaspecificgroup,includingitssetSNMP
securitymodel,andlevelofsecurity.

Syntax
clear snmp access groupname security-model {v1 | v2c | usm} [noauthentication |
authentication | privacy] [context context]

Parameters
groupname

SpecifiesthenameoftheSNMPgroupforwhichtoclearaccess.

securitymodelv1| SpecifiesthesecuritymodeltobeclearedfortheSNMPaccessgroup.
v2c|usm
noauthentication|
authentication|
privacy

(Optional)ClearsaspecificsecuritylevelfortheSNMPaccessgroup.

contextcontext

(Optional)ClearsaspecificcontextfortheSNMPaccessgroup.Enter//
toclearthedefaultcontext.

Defaults
Ifsecuritylevelisnotspecified,alllevelswillbecleared.
Ifcontextisnotspecified,nonewillbeapplied.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoclearSNMPversion3accessforthemisgroupviathe
authenticationprotocol:
B5(su)->clear snmp access mis-group security-model usm authentication

Configuring SNMP MIB Views

Purpose
ToreviewandconfigureSNMPMIBviews.SNMPviewsmapSNMPobjectstoaccessrights.

Commands
For information about...

Refer to page...

show snmp view

8-20

show snmp context

8-21

set snmp view

8-21

clear snmp view

8-22

Enterasys B5 CLI Reference

8-19

show snmp view

UsethiscommandtodisplaytheMIBconfigurationforSNMPv3viewbasedaccess(VACM).

Syntax
show snmp view [viewname] [subtree oid-or-mibobject] [volatile | nonvolatile |
read-only]

Parameters
viewname

(Optional)DisplaysinformationforaspecificMIBview.

subtreeoidormibobject

(Optional)DisplaysinformationforaspecificMIBsubtreewhen
viewnameisspecified.

volatile|nonvolatile|
readonly

(Optional)Displaysentriesforaspecificstoragetype.

Defaults
Ifnoparametersarespecified,allSNMPMIBviewconfigurationinformationwillbedisplayed.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaySNMPMIBviewconfigurationinformation:
B5(su)->show snmp view
--- SNMP MIB View information --View Name
= All
Subtree OID
= 1
Subtree mask
=
View Type
= included
Storage type
= nonVolatile
Row status
= active
View Name
Subtree OID
Subtree mask
View Type
Storage type
Row status

=
=
=
=
=
=

All
0.0

View Name
Subtree OID
Subtree mask
View Type
Storage type
Row status

=
=
=
=
=
=

Network
1.3.6.1.2.1

included
nonVolatile
active

Table 87providesanexplanationofthecommandoutput.Fordetailsonusingthesetsnmpview
commandtoassignvariables,refertosetsnmpviewonpage 821.

8-20

SNMP Configuration

show snmp context

Table 8-7

show snmp view Output Details

Output Field

What It Displays...

View Name

Name assigned to a MIB view.

Subtree OID

Name identifying a MIB subtree.

Subtree mask

Bitmask applied to a MIB subtree.

View Type

Whether or not subtree use must be included or excluded for this view.

Storage type

Whether storage is in nonVolatile or Volatile memory

Row status

Status of this entry: active, notInService, or notReady.

show snmp context

UsethiscommandtodisplaythecontextlistconfigurationforSNMPsviewbasedaccesscontrol.

Syntax
show snmp context

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Usage
AnSNMPcontextisacollectionofmanagementinformationthatcanbeaccessedbyanSNMP
agentorentity.ThedefaultcontextallowsallSNMPagentstoaccessallmanagementinformation
(MIBs).Whencreatedusingthesetsnmpaccesscommand(setsnmpaccessonpage 818),other
contextscanbeappliedtolimitaccesstoasubsetofmanagementinformation.

Example
ThisexampleshowshowtodisplayalistofallSNMPcontextsknowntothedevice:
B5(su)->show snmp context
--- Configured contexts:
default context (all mibs)

set snmp view

UsethiscommandtosetaMIBconfigurationforSNMPv3viewbasedaccess(VACM).

Syntax
set snmp view viewname viewname subtree subtree [mask mask] [included | excluded]
[volatile | nonvolatile]

Enterasys B5 CLI Reference

8-21

clear snmp view

Parameters
viewnameviewname SpecifiesanameforaMIBview.
subtreesubtree

SpecifiesaMIBsubtreename.

maskmask

(Optional)Specifiesabitmaskforasubtree.

included|
excluded

(Optional)Specifiessubtreeuse(default)ornosubtreeuse.

volatile|
nonvolatile

(Optional)Specifiestheuseoftemporaryorpermanent(default)storage.

Defaults
Ifnotspecified,maskwillbesetto255.255.255.255
Ifnotspecified,subtreeusewillbeincluded.
Ifstoragetypeisnotspecified,nonvolatile(permanent)willbeapplied.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtosetanSNMPMIBviewtopublicwithasubtreenameof1.3.6.1
included:
B5(su)->set snmp view viewname public subtree 1.3.6.1 included

clear snmp view

UsethiscommandtodeleteanSNMPv3MIBview.

Syntax
clear snmp view viewname subtree

Parameters
viewname

SpecifiestheMIBviewnametobedeleted.

subtree

SpecifiesthesubtreenameoftheMIBviewtobedeleted.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtodeleteSNMPMIBviewpublic:
B5(su)->clear snmp view public 1.3.6.1

8-22

SNMP Configuration

Configuring SNMP Target Parameters

Purpose
ToreviewandconfigureSNMPtargetparameters.Thiscontrolswhereandunderwhat
circumstancesSNMPnotificationswillbesent.Atargetparameterentrycanbeboundtoatarget
IPaddressallowedtoreceiveSNMPnotificationmessageswiththesetsnmptargetaddr
command(setsnmptargetaddronpage 827).

Commands
For information about...

Refer to page...

show snmp targetparams

8-23

set snmp targetparams

8-24

clear snmp targetparams

8-25

show snmp targetparams

UsethiscommandtodisplaySNMPparametersusedtogenerateamessagetoatarget.

Syntax
show snmp targetparams [targetParams] [volatile | nonvolatile | read-only]

Parameters
targetParams

(Optional)Displaysentriesforaspecifictargetparameter.

volatile|nonvolatile|
readonly

(Optional)Displaystargetparameterentriesforaspecificstorage
type.

Defaults
IftargetParamsisnotspecified,entriesassociatedwithalltargetparameterswillbedisplayed.
Ifnotspecified,entriesofallstoragetypeswillbedisplayed.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaySNMPtargetparametersinformation:
B5(su)->show snmp targetparams
--- SNMP TargetParams information --Target Parameter Name
= v1ExampleParams
Security Name
= public
Message Proc. Model
= SNMPv1
Security Level
= noAuthNoPriv
Storage type
= nonVolatile
Row status
= active

Enterasys B5 CLI Reference

8-23

set snmp targetparams

Target Parameter Name

Security Name
Message Proc. Model
Security Level
Storage type
Row status

=
=
=
=
=
=

v2cExampleParams
public
SNMPv2c
noAuthNoPriv
nonVolatile
active

Target Parameter Name

Security Name
Message Proc. Model
Security Level
Storage type
Row status

=
=
=
=
=
=

v3ExampleParams
CharlieDChief
USM
authNoPriv
nonVolatile
active

Table 88providesanexplanationofthecommandoutput.
Table 8-8

show snmp targetparams Output Details

Output Field

What It Displays...

Target Parameter Name

Unique identifier for the parameter in the SNMP target parameters table.
Maximum length is 32 bytes.

Security Name

Security string definition.

Message Proc. Model

SNMP version.

Security Level

Type of security level (auth: security level is set to use authentication

protocol, noauth: security level is not set to use authentication protocol,
or privacy).

Storage type

Whether entry is stored in volatile, nonvolatile or read-only memory.

Row status

Status of this entry: active, notInService, or notReady.

set snmp targetparams

UsethiscommandtosetSNMPtargetparameters,anamedsetofsecurity/authorizationcriteria
usedtogenerateamessagetoatarget.

Syntax
set snmp targetparams paramsname user user security-model {v1 | v2c | usm} messageprocessing {v1 | v2c | v3} [noauthentication | authentication | privacy] [volatile
| nonvolatile]

Parameters
paramsname

SpecifiesanameidentifyingparametersusedtogenerateSNMPmessages
toaparticulartarget.

useruser

SpecifiesanSNMPv1orv2communitynameoranSNMPv3username.
Maximumlengthis32bytes.

securitymodelv1| SpecifiestheSNMPsecuritymodelappliedtothistargetparameteras
v2c|usm
version1,2cor3(usm).
message
SpecifiestheSNMPmessageprocessingmodelappliedtothistarget
processingv1|v2c parameterasversion1,2cor3.
|v3

8-24

SNMP Configuration

clear snmp targetparams

noauthentication|
authentication|
privacy

(Optional)SpecifiestheSNMPsecuritylevelappliedtothistarget
parameterasnoauthentication,authentication(withoutprivacy)or
privacy.Privacyspecifiesthatmessagessentonbehalfoftheuserare
protectedfromdisclosure.

volatile|
nonvolatile

(Optional)Specifiesthestoragetypeappliedtothistargetparameter.

Defaults
None.
Ifnotspecified,securitylevelwillbesettonoauthentication.
Ifnotspecified,storagetypewillbesettononvolatile.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtosetSNMPtargetparametersnamedv1ExampleParamsforauser
namedfredusingversion3securitymodelandmessageprocessing,andauthentication:
B5(su)->set snmp targetparams v1ExampleParams user fred security-model usm
message-processing v3 authentication

clear snmp targetparams

UsethiscommandtocleartheSNMPtargetparameterconfiguration.

Syntax
clear snmp targetparams targetParams

Parameters
targetParams

SpecifiesthenameoftheparameterintheSNMPtargetparameterstable
tobecleared.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoclearSNMPtargetparametersnamedv1ExampleParams:
B5(su)->clear snmp targetparams v1ExampleParams

Enterasys B5 CLI Reference

8-25

Configuring SNMP Target Addresses

Purpose
ToreviewandconfigureSNMPtargetaddresseswhichwillreceiveSNMPnotificationmessages.
AnaddressconfigurationcanbelinkedtooptionalSNMPtransmit,ortarget,parameters(suchas
timeout,retrycount,andUDPport)setwiththesetsnmptargetparamscommand(page824).

Commands
For information about...

Refer to page...

show snmp targetaddr

8-26

set snmp targetaddr

8-27

clear snmp targetaddr

8-28

show snmp targetaddr

UsethiscommandtodisplaySNMPtargetaddressinformation.

Syntax
show snmp targetaddr [targetAddr] [volatile | nonvolatile | read-only]

Parameters
targetAddr

(Optional)Displaysinformationforaspecifictargetaddressname.

volatile|nonvolatile (Optional)Whentargetaddressisspecified,displaystargetaddress
|readonly
informationforaspecificstoragetype.

Defaults
IftargetAddrisnotspecified,entriesforalltargetaddressnameswillbedisplayed.
Ifnotspecified,entriesofallstoragetypeswillbedisplayedforatargetaddress.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaySNMPtargetaddressinformation:
B5(su)->show snmp targetaddr
Target Address Name
= labmachine
Tag List
= v2cTrap
IP Address
= 10.2.3.116
UDP Port#
= 162
Target Mask
= 255.255.255.255
Timeout
= 1500
Retry count
= 4
Parameters
= v2cParams
Storage type
= nonVolatile

8-26

SNMP Configuration

set snmp targetaddr

Row status

= active

Table 89providesanexplanationofthecommandoutput.
Table 8-9

show snmp targetaddr Output Details

Output Field

What It Displays...

Target Address Name

Unique identifier in the snmpTargetAddressTable.

Tag List

Tags a location to the target address as a place to send notifications.

IP Address

Target IP address.

UDP Port#

Number of the UDP port of the target host to use.

Target Mask

Target IP address mask.

Timeout

Timeout setting for the target address.

Retry count

Retry setting for the target address.

Parameters

Entry in the snmpTargetParamsTable.

Storage type

Whether entry is stored in volatile, nonvolatile or read-only memory.

Row status

Status of this entry: active, notInService, or notReady.

set snmp targetaddr

UsethiscommandtoconfigureanSNMPtargetaddress.Thetargetaddressisauniqueidentifier
andaspecificIPaddressthatwillreceiveSNMPnotificationmessagesanddeterminewhich
communitystringswillbeaccepted.ThisaddressconfigurationcanbelinkedtooptionalSNMP
transmitparameters(suchastimeout,retrycount,andUDPport).

Syntax
set snmp targetaddr targetaddr ipaddr param param [udpport udpport] [mask mask]
[timeout timeout] [retries retries] [taglist taglist] [volatile | nonvolatile]

Parameters
targetaddr

SpecifiesauniqueidentifiertoindexthesnmpTargetAddrTable.
Maximumlengthis32bytes.

ipaddr

SpecifiestheIPaddressofthetarget.

paramparam

SpecifiesanentryintheSNMPtargetparameterstable,whichisused
whengeneratingamessagetothetarget.Maximumlengthis32bytes.

udpportudpport

(Optional)SpecifieswhichUDPportofthetargethosttouse.

maskmask

(Optional)SpecifiestheIPmaskofthetarget.

timeouttimeout

(Optional)Specifiesthemaximumroundtriptimeallowedto
communicatetothistargetaddress.Thisvalueisin.01secondsandthe
defaultis1500(15seconds.)

retriesretries

(Optional)Specifiesthenumberofmessageretriesallowedifaresponseis
notreceived.Defaultis3.

Enterasys B5 CLI Reference

8-27

clear snmp targetaddr

taglisttaglist

(Optional)SpecifiesalistofSNMPnotifytagvalues.Thistagsalocation
tothetargetaddressasaplacetosendnotifications.Listmustbeenclosed
inquotesandtagvaluesmustbeseparatedbyaspace(forexample,
tag1tag2).

volatile|
nonvolatile

(Optional)Specifiestemporary(default),orpermanentstorageforSNMP
entries.

Defaults
Ifnotspecified,udpportwillbesetto162.
Ifnotspecified,maskwillbesetto255.255.255.255
Ifnotspecified,timeoutwillbesetto1500.
Ifnotspecified,numberofretrieswillbesetto3.
Iftaglistisnotspecified,nonewillbeset.
Ifnotspecified,storagetypewillbenonvolatile.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoconfigureatrapnotificationcalledTrapSink.Thistrapnotification
willbesenttotheworkstation192.168.190.80(whichistargetaddresstr).Itwillusesecurity
andauthorizationcriteriacontainedinatargetparametersentrycalledv2cExampleParams.For
moreinformationonconfiguringabasicSNMPtrap,refertoCreatingaBasicSNMPTrap
Configurationonpage 836:
B5(su)->set snmp targetaddr tr 192.168.190.80 param v2cExampleParams taglist
TrapSink

clear snmp targetaddr

UsethiscommandtodeleteanSNMPtargetaddressentry.

Syntax
clear snmp targetaddr targetAddr

Parameters
targetAddr

Specifiesthetargetaddressentrytodelete.

Defaults
None.

Mode
Switchcommand,readwrite.

8-28

SNMP Configuration

Configuring SNMP Notification Parameters

Example
ThisexampleshowshowtoclearSNMPtargetaddressentrytr:
B5(su)->clear snmp targetaddr tr

Configuring SNMP Notification Parameters

About SNMP Notify Filters
ProfilesindicatingwhichtargetsshouldnotreceiveSNMPnotificationmessagesarekeptinthe
NotifyFiltertable.Ifthistableisempty,meaningthatnofilteringisassociatedwithanySNMP
target,thennofilteringwilltakeplace.Trapsorinformsnotificationswillbesenttoall
destinationsintheSNMPtargetAddrTablethathavetagsmatchingthosefoundinthe
NotifyTable.
WhentheNotifyFiltertablecontainsprofileentries,theSNMPagentwillfindanyfilterprofile
namethatcorrespondstothetargetparameternamecontainedinanoutgoingnotification
message.Itwillthenapplytheappropriatesubtreespecificfilterwhengeneratingnotification
messages.

Purpose
ToconfigureSNMPnotificationparametersandoptionalfilters.Notificationsareentitieswhich
handlethegenerationofSNMPv1andv2trapsorSNMPv3informsmessagestoselect
managementtargets.Optionalnotificationfiltersidentifywhichtargetsshouldnotreceive
notifications.ForasampleSNMPtrapconfigurationshowinghowSNMPnotificationparameters
areassociatedwithsecurityandauthorizationcriteria(targetparameters)andmappedtoa
managementtargetaddress,refertoCreatingaBasicSNMPTrapConfigurationonpage 836.

Commands
For information about...

Refer to page...

show snmp notify

8-30

set snmp notify

8-31

clear snmp notify

8-31

show snmp notifyfilter

8-32

set snmp notifyfilter

8-33

clear snmp notifyfilter

8-33

show snmp notifyprofile

8-34

set snmp notifyprofile

8-35

clear snmp notifyprofile

8-35

Enterasys B5 CLI Reference

8-29

show snmp notify

UsethiscommandtodisplaytheSNMPnotifyconfiguration,whichdeterminesthemanagement
targetsthatwillreceiveSNMPnotifications.

Syntax
show snmp notify [notify] [volatile | nonvolatile | read-only]

Parameters
notify

(Optional)Displaysnotifyentriesforaspecificnotifyname.

volatile|
nonvolatile|read
only

(Optional)Displaysnotifyentriesforaspecificstoragetype.

Defaults
Ifanotifynameisnotspecified,allentrieswillbedisplayed.
Ifvolatile,nonvolatile,orreadonlyarenotspecified,allstoragetypeentrieswillbedisplayed.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaytheSNMPnotifyinformation:
B5(su)->show snmp notify
--- SNMP notifyTable information --Notify name
= 1
Notify Tag
= Console
Notify Type
= trap
Storage type
= nonVolatile
Row status
= active
Notify name
Notify Tag
Notify Type
Storage type
Row status

=
=
=
=
=

2
TrapSink
trap
nonVolatile
active

Table 810providesanexplanationofthecommandoutput.
Table 8-10

8-30

show snmp notify Output Details

Output Field

What It Displays...

Notify name

A unique identifier used to index the SNMP notify table.

Notify Tag

Name of the entry in the SNMP notify table.

Notify Type

Type of notification: SNMPv1 or v2 trap or SNMPv3 InformRequest

message.

Storage type

Whether access entry is stored in volatile, nonvolatile, or read-only

memory.

Row status

Status of this entry: active, notInService, or notReady.

SNMP Configuration

set snmp notify

UsethiscommandtosettheSNMPnotifyconfiguration.ThiscreatesanentryintheSNMPnotify
table,whichisusedtoselectmanagementtargetswhoshouldreceivenotificationmessages.This
commandstagparametercanbeusedtobindeachentrytoatargetaddressusingthesetsnmp
targetaddrcommand(setsnmptargetaddronpage 827).

Syntax
set snmp notify notify tag tag [trap | inform] [volatile | nonvolatile]

Parameters
notify

SpecifiesanSNMPnotifyname.

tagtag

SpecifiesanSNMPnotifytag.ThisbindsthenotifynametotheSNMP
targetaddresstable.

trap|inform

(Optional)SpecifiesSNMPv1orv2Trapmessages(default)orSNMPv3
InformRequestmessages.

volatile|
nonvolatile

(Optional)Specifiestemporary(default),orpermanentstorageforSNMP
entries.

Defaults
Ifnotspecified,messagetypewillbesettotrap.
Ifnotspecified,storagetypewillbesettononvolatile.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtosetanSNMPnotifyconfigurationwithanotifynameofhelloanda
notifytagofworld.Notificationswillbesentastrapmessagesandstoragetypewill
automaticallydefaulttopermanent:
B5(su)->set snmp notify hello tag world trap

clear snmp notify

UsethiscommandtoclearanSNMPnotifyconfiguration.

Syntax
clear snmp notify notify

Parameters
notify

SpecifiesanSNMPnotifynametoclear.

Defaults
None.

Enterasys B5 CLI Reference

8-31

show snmp notifyfilter

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtocleartheSNMPnotifyconfigurationforhello:
B5(su)->clear snmp notify hello

show snmp notifyfilter

UsethiscommandtodisplaySNMPnotifyfilterinformation,identifyingwhichprofileswillnot
receiveSNMPnotifications.

Syntax
show snmp notifyfilter [profile] [subtree oid-or-mibobject] [volatile |
nonvolatile | read-only]

Parameters
profile

(Optional)Displaysaspecificnotifyfilter.

subtreeoidor
mibobject

(Optional)Displaysanotifyfilterwithinaspecificsubtree.

volatile|
nonvolatile|read
only

(Optional)Displaysnotifyfilterentriesofaspecificstoragetype.

Defaults
Ifnoparametersarespecified,allnotifyfilterinformationwillbedisplayed.

Mode
Switchcommand,readonly.

Usage
SeeAboutSNMPNotifyFiltersonpage 829formoreinformationaboutnotifyfilters.

Example
ThisexampleshowshowtodisplaySNMPnotifyfilterinformation.Inthiscase,thenotifyprofile
pilot1insubtree1.3.6willnotreceiveSNMPnotificationmessages:
B5(su)->show snmp notifyfilter
--- SNMP notifyFilter information --Profile
= pilot1
Subtree
= 1.3.6
Filter type
= included
Storage type
= nonVolatile
Row status
= active

8-32

SNMP Configuration

set snmp notifyfilter

UsethiscommandtocreateanSNMPnotifyfilterconfiguration.Thisidentifieswhich
managementtargetsshouldNOTreceivenotificationmessages,whichisusefulforfinetuningthe
amountofSNMPtrafficgenerated.

Syntax
set snmp notifyfilter profile subtree oid-or-mibobject [mask mask] [included |
excluded] [volatile | nonvolatile]

Parameters
profile

SpecifiesanSNMPfilternotifyname.

subtreeoidor
mibobject

SpecifiesaMIBsubtreeIDtargetforthefilter.

maskmask

(Optional)Appliesasubtreemask.

included|
excluded

(Optional)Specifiesthatsubtreeisincludedorexcluded.

volatile|
nonvolatile

(Optional)Specifiesastoragetype.

Defaults
Ifnotspecified,maskisnotset.
Ifnotspecified,subtreewillbeincluded.
Ifstoragetypeisnotspecified,nonvolatile(permanent)willbeapplied.

Mode
Switchcommand,readwrite.

Usage
SeeAboutSNMPNotifyFiltersonpage 829formoreinformationaboutnotifyfilters.

Example
ThisexampleshowshowtocreateanSNMPnotifyfiltercalledpilot1withaMIBsubtreeIDof
1.3.6:
B5(su)->set snmp notifyfilter pilot1 subtree 1.3.6

clear snmp notifyfilter

UsethiscommandtodeleteanSNMPnotifyfilterconfiguration.

Syntax
clear snmp notifyfilter profile subtree oid-or-mibobject

Enterasys B5 CLI Reference

8-33

show snmp notifyprofile

Parameters
profile

SpecifiesanSNMPfilternotifynametodelete.

subtreeoidor
mibobject

SpecifiesaMIBsubtreeIDcontainingthefiltertobedeleted.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtodeletetheSNMPnotifyfilterpilot1:
B5(su)->clear snmp notifyfilter pilot1 subtree 1.3.6

show snmp notifyprofile

UsethiscommandtodisplaySNMPnotifyprofileinformation.Thisassociatestargetparameters
toanSNMPnotifyfiltertodeterminewhoshouldnotreceiveSNMPnotifications.

Syntax
show snmp notifyprofile [profile] [targetparam targetparam] [volatile |
nonvolatile | read-only]

Parameters
profile

(Optional)Displaysaspecificnotifyprofile.

targetparam
targetparam

(Optional)Displaysentriesforaspecifictargetparameter.

volatile|
nonvolatile|read
only

(Optional)Displaysnotifyfilterentriesofaspecificstoragetype.

Defaults
Ifnoparametersarespecified,allnotifyprofileinformationwillbedisplayed.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaySNMPnotifyinformationfortheprofilenamedarea51:
B5(su)->show snmp notifyprofile area51
--- SNMP notifyProfile information --Notify Profile = area51
TargetParam
= v3ExampleParams
Storage type
= nonVolatile

8-34

SNMP Configuration

set snmp notifyprofile

Row status

= active

set snmp notifyprofile

UsethiscommandtocreateanSNMPnotifyfilterprofileconfiguration.Thisassociatesa
notificationfilter,createdwiththesetsnmpnotifyfiltercommand(setsnmpnotifyfilteron
page 833),toasetofSNMPtargetparameterstodeterminewhichmanagementtargetsshould
notreceiveSNMPnotifications.

Syntax
set snmp notifyprofile profile targetparam targetparam [volatile | nonvolatile]

Parameters
profile

SpecifiesanSNMPfilternotifyname.

targetparam
targetparam

SpecifiesanassociatedentryintheSNMPTargetParamsTable.

volatile|
nonvolatile

(Optional)Specifiesastoragetype.

Defaults
Ifstoragetypeisnotspecified,nonvolatile(permanent)willbeapplied.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtocreateanSNMPnotifyprofilenamedarea51andassociateatarget
parametersentry.
B5(su)->set snmp notifyprofile area51 targetparam v3ExampleParams

clear snmp notifyprofile

UsethiscommandtodeleteanSNMPnotifyprofileconfiguration.

Syntax
clear snmp notifyprofile profile targetparam targetparam

Parameters
profile

SpecifiesanSNMPfilternotifynametodelete.

targetparam
targetparam

SpecifiesanassociatedentryinthesnmpTargetParamsTable.

Defaults
None.

Enterasys B5 CLI Reference

8-35

Creating a Basic SNMP Trap Configuration

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtodeleteSNMPnotifyprofilearea51:
B5(su)->clear snmp notifyprofile area51 targetparam v3ExampleParams

Creating a Basic SNMP Trap Configuration

TrapsarenotificationmessagessentbyanSNMPv1orv2agenttoanetworkmanagementstation,
aconsole,oraterminaltoindicatetheoccurrenceofasignificantevent,suchaswhenaportor
devicegoesupordown,whenthereareauthenticationfailures,andwhenpowersupplyerrors
occur.ThefollowingconfigurationexampleshowshowtouseCLIcommandstoassociateSNMP
notificationparameterswithsecurityandauthorizationcriteria(targetparameters),andmapthe
parameterstoamanagementtargetaddress.
Note: This example illustrates how to configure an SNMPv2 trap notification. Creating an
SNMPv1 or v3 Trap, or an SNMPv3 Inform notification would require using the same commands
with different parameters, where appropriate. Always ensure that v1/v2 communities or v3 users
used for generating traps or informs are pre-configured with enough privileges to access
corresponding MIBs.

CompleteanSNMPv2trapconfigurationonaEnterasysB5deviceasfollows:
1.

CreateacommunitynamethatwillactasanSNMPuserpassword.

CreateanSNMPtargetparametersentrytoassociatesecurityandauthorizationcriteriatothe
usersinthecommunitycreatedinStep1.

VerifyifanyapplicableSNMPnotificationentriesexist,orcreateanewone.Youwillusethis
entrytosendSNMPnotificationmessagestotheappropriatemanagementtargetscreatedin
Step 2.

CreateatargetaddressentrytobindamanagementIPaddressto:

ThenotificationentryandtagnamecreatedinStep3and

ThetargetparametersentrycreatedinStep2.

Table 811showsthecommandsusedtocompleteanSNMPv2trapconfigurationonaEnterasys
B5device.
Table 8-11

8-36

Basic SNMP Trap Configuration

To do this...

Use these commands...

Create a community name.

set snmp community

Create an SNMP target parameters entry.

set snmp targetparams

Verify if any applicable SNMP notification

entries exist.

show snmp notify

Create a new notification entry.

set snmp notify

Create a target address entry.

set snmp targetaddr

SNMP Configuration

Creating a Basic SNMP Trap Configuration

Example
Thisexampleshowshowto:

CreateanSNMPcommunitycalledmgmt.

ConfigureatrapnotificationcalledTrapSink.

Thistrapnotificationwillbesentwiththecommunitynamemgmttotheworkstation
192.168.190.80(whichistargetaddresstr).Itwillusesecurityandauthorizationcriteriacontained
inatargetparametersentrycalledv2cExampleParams.
B5(su)->set snmp community mgmt
B5(su)->set snmp targetparams v2cExampleParams user mgmt
security-model v2c message-processing v2c
B5(su)->set snmp notify entry1 tag TrapSink
B5(su)->set snmp targetaddr tr 192.168.190.80 param v2cExampleParams taglist
TrapSink

How SNMP Will Use This Configuration

Inordertosendatrap/notificationrequestedbyaMIBcode,theSNMPagentrequiresthe
equivalentofatrapdoor,akeytounlockthedoor,andaprocedureforcrossingthe
doorstep.Todetermineifalltheseelementsareinplace,theSNMPagentproceedsasfollows:
1.

Determinesifthekeysfortrapdoorsdoexist.Intheexampleconfigurationabove,the
keythatSNMPislookingforisthenotificationentrycreatedwiththesetsnmpnotify
commandwhich,inthiscase,isakeylabeledentry1.

Searchesforthedoorsmatchingsuchakey.Forexample,theparameterssetfortheentry1key
showsthatitopensonlythedoorTrapSink.

VerifiesthatthespecifieddoorTrapSinkis,infact,available.Inthiscaseitwasbuiltusingthe
setsnmptargetaddrcommand.Thiscommandalsospecifiesthatthisdoorleadstothe
managementstation192.168.190.80,andtheprocedure(targetparams)tocrossthedoorstep
iscalledv2ExampleParams.

Verifiesthatthev2ExampleParamsdescriptionofhowtostepthroughthedooris,infact,
there.Theagentcheckstargetparamsentriesanddeterminesthisdescriptionwasmadewith
thesetsnmptargetparamscommand,whichtellsexactlywhichSNMPprotocoltouseand
whatcommunitynametoprovide.Inthiscase,thecommunitynameismgmt.

Verifiesthatthemgmtcommunitynameisavailable.Inthiscase,ithasbeenconfiguredusing
thesetsnmpcommunitycommand.

Sendsthetrapnotificationmessage.

Enterasys B5 CLI Reference

8-37

Configuring the SNMP Management Interface

Purpose
ToconfigurethesourceIPaddressusedbytheSNMPagentwhengeneratingSNMPtraps.

Commands
For information about...

Refer to page...

show snmp interface

8-38

set snmp interface

8-38

clear snmp interface

8-40

show snmp interface

UsethiscommandtodisplaytheinterfaceusedforthesourceIPaddressoftheSNMPagentwhen
generatingSNMPtraps.

Syntax
show snmp interface

Parameters
None.

Defaults
None.

Mode
Switchmode,readonly.

Example
Thisexampledisplaystheoutputofthiscommand.Inthiscase,theIPaddressassignedto
loopbackinterface1willbeusedasthesourceIPaddressoftheSNMPagent.
B5(rw)->show snmp interface
loopback 1

192.168.10.1

set snmp interface

UsethiscommandtospecifytheinterfaceusedforthesourceIPaddressoftheSNMPagentwhen
generatingSNMPtraps.

Syntax
set snmp interface {loopback loop-ID | vlan vlan-ID}

8-38

SNMP Configuration

set snmp interface

Parameters
loopbackloopID

Specifiestheloopbackinterfacetobeused.ThevalueofloopIDcan
rangefrom0to7.

vlanvlanID

SpecifiestheVLANinterfacetobeused.ThevalueofvlanIDcanrange
from1to4093.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
ThiscommandallowsyoutoconfigurethesourceIPaddressusedbytheSNMPagentwhen
generatingSNMPtraps.Anyofthemanagementinterfaces,includingVLANroutinginterfaces,
canbeconfiguredasthesourceIPaddressusedinpacketsgeneratedbytheSNMPagent.
AninterfacemusthaveanIPaddressassignedtoitbeforeitcanbesetbythiscommand.
Ifnointerfaceisspecified,thentheIPaddressoftheHostinterfacewillbeused.
Ifanonloopbackinterfaceisconfiguredwiththiscommand,applicationpacketegressis
restrictedtothatinterfaceiftheservercanbereachedfromthatinterface.Otherwise,thepackets
aretransmittedoverthefirstavailableroute.Packetsfromtheapplicationserverarereceivedon
theconfiguredinterface.
Ifaloopbackinterfaceisconfigured,andtherearemultiplepathstotheapplicationserver,the
outgoinginterface(gateway)isdeterminedbasedonthebestroutelookup.Packetsfromthe
applicationserverarethenreceivedonthesendinginterface.Ifrouteredundancyisrequired,
therefore,aloopbackinterfaceshouldbeconfigured.

Example
ThisexampleconfiguresanIPaddressonVLANinterface100andthensetsthatinterfaceasthe
SNMPagentsourceIPaddress.
B5(rw)->router(Config-if(Vlan 100))#ip address 192.168.10.1 255.255.255.0
B5(rw)->router(Config-if(Vlan 100))#exit
B5(rw)->router(Config)#exit
B5(rw)->router#exit
B5(rw)->router>exit
B5(rw)->set snmp interface vlan 100

B5(rw)->show snmp interface

vlan 100

192.168.10.1

Enterasys B5 CLI Reference

8-39

clear snmp interface

UsethiscommandtocleartheinterfaceusedforthesourceIPaddressoftheSNMPagentbackto
thedefaultoftheHostinterface.

Syntax
clear snmp interface

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThiscommandreturnstheinterfaceusedforthesourceIPaddressoftheSNMPagentbacktothe
defaultoftheHostinterface.
B5(rw)->show snmp interface
vlan 100

192.168.10.1

B5(rw)->clear snmp interface

B5(rw)->

8-40

SNMP Configuration

9
Spanning Tree Configuration
ThischapterdescribestheSpanningTreeConfigurationsetofcommandsandhowtousethem.
For information about...

Refer to page...

Spanning Tree Configuration Summary

9-1

Configuring Spanning Tree Bridge Parameters

9-3

Configuring Spanning Tree Port Parameters

9-34

Configuring Spanning Tree Loop Protect Parameters

9-42

Caution: Spanning Tree configuration should be performed only by personnel who are very
knowledgeable about Spanning Trees and the configuration of the Spanning Tree Algorithm.
Otherwise, the proper operation of the network could be at risk.

Spanning Tree Configuration Summary

Note: An Enterasys Networks Feature Guide document containing an in-depth discussion of
Spanning Tree configuration is located on the Enterasys Networks web site:
https://extranet.enterasys.com/downloads/

Overview: Single, Rapid, and Multiple Spanning Tree Protocols

TheIEEE802.1DSpanningTreeProtocol(STP)resolvestheproblemsofphysicalloopsina
networkbyestablishingoneprimarypathbetweenanytwodevicesinanetwork.Anyduplicate
pathsarebarredfromuseandbecomestandbyorblockedpathsuntiltheoriginalpathfails,at
whichpointtheycanbebroughtintoservice.

RSTP
TheIEEE802.1wRapidSpanningProtocol(RSTP),anevolutionof802.1D,canachievemuch
fasterconvergencethanlegacySTPinaproperlyconfigurednetwork.RSTPsignificantlyreduces
thetimetoreconfigurethenetworksactivetopologywhenphysicaltopologyorconfiguration
parameterchangesoccur.ItselectsoneswitchastherootofaSpanningTreeconnectedactive
topologyandassignsportrolestoindividualportsontheswitch,dependingonwhetherthatport
ispartoftheactivetopology.
RSTPprovidesrapidconnectivityfollowingthefailureofaswitch,switchport,oraLAN.Anew
rootportandthedesignatedportontheothersideofthebridgetransitiontoforwardingthrough
anexplicithandshakebetweenthem.Bydefault,userportsareconfiguredtorapidlytransitionto
forwardinginRSTP.

Enterasys B5 CLI Reference

9-1

Spanning Tree Configuration Summary

MSTP
TheIEEE802.1sMultipleSpanningTreeProtocol(MSTP)buildsupon802.1DandRSTPby
optimizingutilizationofredundantlinksbetweenswitchesinanetwork.Whenredundantlinks
existbetweenapairofswitchesrunningsingleSTP,onelinkisforwardingwhiletheothersare
blockingforalltrafficflowingbetweenthetwoswitches.Theblockinglinksareeffectivelyused
onlyiftheforwardinglinkgoesdown.MSTPassignseachVLANpresentonthenetworktoa
particularSpanningTreeinstance,allowingeachswitchporttobeinadistinctstateforeachsuch
instance:blockingforoneSpanningTreewhileforwardingforanother.Thus,trafficassociated
withonesetofVLANscantraverseaparticularinterswitchlink,whiletrafficassociatedwith
anothersetofVLANscanbeblockedonthatlink.IfVLANsareassignedtoSpanningTrees
wisely,nointerswitchlinkwillbecompletelyidle,maximizingnetworkutilization.
FordetailsoncreatingSpanningTreeinstances,refertosetspantreemstionpage 912.
FordetailsonmappingSpanningTreeinstancestoVLANs,refertosetspantreemstmapon
page 914.
Note: MSTP and RSTP are fully compatible and interoperable with each other and with legacy
STP 802.1D.

Spanning Tree Features

TheEnterasysB5devicemeetstherequirementsoftheSpanningTreeProtocolsbyperformingthe
followingfunctions:

CreatingasingleSpanningTreefromanyarrangementofswitchingorbridgingelements.

Compensatingautomaticallyforthefailure,removal,oradditionofanydeviceinanactive
datapath.

Achievingportchangesinshorttimeintervals,whichestablishesastableactivetopology
quicklywithminimalnetworkdisturbance.

Usingaminimumamountofcommunicationsbandwidthtoaccomplishtheoperationofthe
SpanningTreeProtocol.

Reconfiguringtheactivetopologyinamannerthatistransparenttostationstransmittingand
receivingdatapackets.

ManagingthetopologyinaconsistentandreproduciblemannerthroughtheuseofSpanning
TreeProtocolparameters.

Note: The term bridge is used as an equivalent to the term switch or device in this document.

Loop Protect
TheLoopProtectfeaturepreventsorshortcircuitsloopformationinanetworkwithredundant
pathsbyrequiringportstoreceivetype2BPDUs(RSTP/MSTP)onpointtopointinterswitch
links(ISLs)beforetheirstatesareallowedtobecomeforwarding.Further,ifaBPDUtimeout
occursonaport,itsstatebecomeslisteninguntilaBPDUisreceived.
Bothupstreamanddownstreamfacingportsareprotected.Whenarootoralternateportlosesits
pathtotherootbridgeduetoamessageageexpirationittakesontheroleofdesignatedport.It
willnotforwardtrafficuntilaBPDUisreceived.Whenaportisintendedtobethedesignatedport
inanISLitconstantlyproposesandwillnotforwarduntilaBPDUisreceived,andwillrevertto

9-2

Spanning Tree Configuration

Configuring Spanning Tree Bridge Parameters

listeningifitfailstogetaresponse.Thisprotectsagainstmisconfigurationandprotocolfailureby
theconnectedbridge.
TheDisputedBPDUmechanismprotectsagainstloopinginsituationswherethereisoneway
communication.AdisputedBPDUisoneinwhichtheflagsfieldindicatesadesignatedroleand
learningandthepriorityvectorisworsethanthatalreadyheldbytheport.IfadisputedBPDUis
received,theportisforcedtothelisteningstate.WhenaninferiordesignatedBPDUwiththe
learningbitsetisreceivedonadesignatedport,itsstateissettodiscardingtopreventloop
formation.NotethattheDisputemechanismisalwaysactiveregardlessoftheconfiguration
settingofLoopProtection.
LoopProtectoperatesasaperport,perMSTinstancefeature.Itshouldbesetoninterswitch
links.Itiscomprisedofseveralrelatedfunctions:

ControlofportforwardingstatebasedonreceptionofagreementBPDUs

ControlofportforwardingstatebasedonreceptionofdisputedBPDUs

Communicatingportnonforwardingstatusthroughtrapsandsyslogmessages

Disablingaportbasedonfrequencyoffailureevents

PortforwardingstateinthedesignatedportisgatedbyatimerthatissetuponBPDUreception.It
isanalogoustothercvdInfoWhiletimertheportuseswhenreceivingrootinformationintheroot/
alternate/backuprole.
TherearetwooperationalmodesforLoopProtectonaport.Iftheportisconnectedtoadevice
knowntoimplementLoopProtect,itusesfullfunctionalmode.Otherwisetheportoperatesin
limitedfunctionalmode.
ConnectiontoaLoopProtectswitchguaranteesthatthealternateagreementmechanismis
implemented.Thismeansthedesignatedportcanrelyonreceivingaresponsetoitsproposal
regardlessoftheroleoftheconnectedport,whichhastwoimportantimplications.First,the
designatedportconnectedtoanonrootportmaytransitiontoforwarding.Second,thereisno
ambiguitywhenatimeouthappens;aLoopProtecteventhasoccurred.
Infullfunctionalmode,whenatype2BPDUisreceivedandtheportisdesignatedandpointto
point,thetimerissetto3timeshelloTime.Inlimitedfunctionalmodethereistheadditional
requirementthattheflagsfieldindicatearootrole.IftheportisaboundaryporttheMSTIsfor
thatportfollowtheCIST,thatis,theMSTIporttimersaresetaccordingtotheCISTporttimer.If
theportisinternaltotheregionthentheMSTIporttimersaresetindependentlyusingthe
particularMSTImessage.
MessageageexpirationandtheexpirationoftheLoopProtecttimerarebothLoopProtectevents.
Anoticelevelsyslogmessageisproducedforeachsuchevent.Trapsmaybeconfiguredtoreport
theseeventsaswell.AsyslogmessageandtrapmaybeconfiguredfordisputedBPDUs.
ItisalsoconfigurabletoforcethelockingofaSID/portfortheoccurrenceofoneormoreevents.
Whentheconfigurednumberofeventshappenwithinagivenwindowoftime,theportisforced
intoblockingandheldthereuntilitismanuallyunlockedviamanagement.

Configuring Spanning Tree Bridge Parameters

Purpose
TodisplayandsetSpanningTreebridgeparameters,includingdevicepriorities,hellotime,
maximumwaittime,forwarddelay,pathcost,andtopologychangetrapsuppression.

Enterasys B5 CLI Reference

9-3

Configuring Spanning Tree Bridge Parameters

Commands
For information about...

9-4

Refer to page...

show spantree stats

9-5

set spantree

9-7

show spantree version

9-7

set spantree version

9-8

clear spantree version

9-9

show spantree bpdu-forwarding

9-9

set spantree bpdu-forwarding

9-10

show spantree bridgeprioritymode

9-10

set spantree bridgeprioritymode

9-11

clear spantree bridgeprioritymode

9-11

show spantree mstilist

9-12

set spantree msti

9-12

clear spantree msti

9-13

show spantree mstmap

9-13

set spantree mstmap

9-14

clear spantree mstmap

9-14

show spantree vlanlist

9-15

show spantree mstcfgid

9-15

set spantree mstcfgid

9-16

clear spantree mstcfgid

9-16

set spantree priority

9-17

clear spantree priority

9-17

set spantree hello

9-18

clear spantree hello

9-18

set spantree maxage

9-19

clear spantree maxage

9-20

set spantree fwddelay

9-20

clear spantree fwddelay

9-21

show spantree backuproot

9-21

set spantree backuproot

9-22

clear spantree backuproot

9-22

show spantree tctrapsuppress

9-23

set spantree tctrapsuppress

9-23

clear spantree tctrapsuppress

9-24

Spanning Tree Configuration

show spantree stats

For information about...

Refer to page...

set spantree protomigration

9-24

show spantree spanguard

9-25

set spantree spanguard

9-25

clear spantree spanguard

9-26

show spantree spanguardtimeout

9-27

set spantree spanguardtimeout

9-27

clear spantree spanguardtimeout

9-28

show spantree spanguardlock

9-28

clear/set spantree spanguardlock

9-29

show spantree spanguardtrapenable

9-29

set spanstree spanguardtrapenable

9-30

clear spanstree spanguardtrapenable

9-30

show spantree legacypathcost

9-31

set spantree legacypathcost

9-31

clear spantree legacypathcost

9-32

show spantree autoedge

9-32

set spantree autoedge

9-32

clear spantree autoedge

9-33

show spantree stats

UsethiscommandtodisplaySpanningTreeinformationforoneormoreports.

Syntax
show spantree stats [port port-string] [sid sid] [active]

Parameters
portportstring

(Optional)Displaysinformationforthespecifiedport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 71.

sidsid

(Optional)DisplaysinformationforaspecificSpanningTreeidentifier.If
notspecified,SID0isassumed.

active

(Optional)DisplaysinformationforportsthathavereceivedSTPBPDUs
sinceboot.

Defaults
Ifportstringisnotspecified,SpanningTreeinformationforallportswillbedisplayed.
Ifsidisnotspecified,informationforSpanningTree0willbedisplayed.
Ifactiveisnotspecifiedinformationforallportswillbedisplayedregardlessofwhetherornot
theyhavereceivedBPDUs.
Enterasys B5 CLI Reference

9-5

show spantree stats

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaythedevicesSpanningTreeconfiguration:
B5(su)->show spantree stats
Spanning tree status
Spanning tree instance
Designated Root MacAddr
Designated Root Priority
Designated Root Cost
Designated Root Port
Root Max Age
Root Hello Time
Root Forward Delay
Bridge ID MAC Address
Bridge ID Priority
Bridge Max Age
Bridge Hello Time
Bridge Forward Delay
Topology Change Count
Time Since Top Change
Max Hops

enabled
0
00-e0-63-9d-c1-c8
0
10000
lag.0.1
20 sec
2 sec
15 sec
00-01-f4-da-5e-3d
32768
20 sec
2 sec
15 sec
7
00 days 03:19:15
20

Table 91showsadetailedexplanationofcommandoutput.
Table 9-1

9-6

show spantree Output Details

Output

What It Displays...

Spanning tree instance

Spanning Tree ID.

Spanning tree status

Whether Spanning Tree is enabled or disabled.

Designated Root MacAddr

MAC address of the designated Spanning Tree root bridge.

Designated Root Port

Port through which the root bridge can be reached.

Designated Root Priority

Priority of the designated root bridge.

Designated Root Cost

Total path cost to reach the root.

Root Max Age

Amount of time (in seconds) a BPDU packet should be considered valid.

Root Hello Time

Interval (in seconds) at which the root device sends BPDU (Bridge Protocol
Data Unit) packets.

Root Forward Delay

Amount of time (in seconds) the root device spends in listening or learning
mode.

Bridge ID MAC Address

Unique bridge MAC address, recognized by all bridges in the network.

Bridge ID Priority

Bridge priority, which is a default value, or is assigned using the set

spantree priority command. For details, refer to set spantree priority on
page 9-17.

Bridge Max Age

Maximum time (in seconds) the bridge can wait without receiving a
configuration message (bridge hello) before attempting to reconfigure.
This is a default value, or is assigned using the set spantree maxage
command. For details, refer to set spantree maxage on page 9-19.

Spanning Tree Configuration

set spantree

Table 9-1

show spantree Output Details (Continued)

Output

What It Displays...

Bridge Hello Time

Amount of time (in seconds) the bridge sends BPDUs. This is a default
value, or is assigned using the set spantree hello command. For details,
refer to set spantree hello on page 9-18.

Bridge Forward Delay

Amount of time (in seconds) the bridge spends in listening or learning

mode. This is a default value, or is assigned using the set spantree
fwddelay command. For details, refer to set spantree fwddelay on
page 9-20.

Topology Change Count

Number of times topology has changed on the bridge.

Time Since Top Change

Amount of time (in days, hours, minutes and seconds) since the last
topology change.

Max Hops

Maximum number of hops information for a particular Spanning Tree

instance may traverse (via relay of BPDUs within the applicable MST
region) before being discarded.

set spantree
UsethiscommandtogloballyenableordisabletheSpanningTreeprotocolontheswitch.

Syntax
set spantree {disable | enable}

Parameters
disable|enable

GloballydisablesorenablesSpanningTree.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtodisableSpanningTreeonthedevice:
B5(su)->set spantree disable

show spantree version

UsethiscommandtodisplaythecurrentversionoftheSpanningTreeprotocolrunningonthe
device.

Syntax
show spantree version

Parameters
None.

Enterasys B5 CLI Reference

9-7

set spantree version

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaySpanningTreeversioninformationforthedevice:
B5(su)->show spantree version
Force Version is mstp

set spantree version

UsethiscommandtosettheversionoftheSpanningTreeprotocoltoMSTP(MultipleSpanning
TreeProtocol),RSTP(RapidSpanningTreeProtocol)ortoSTP802.1Dcompatible.

Syntax
set spantree version {mstp | stpcompatible | rstp}

Parameters
mstp

SetstheversiontoSTP802.1scompatible.

stpcompatible

SetstheversiontoSTP802.1Dcompatible.

rstp

Setstheversionto802.1wcompatible.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
Inmostnetworks,SpanningTreeversionshouldnotbechangedfromitsdefaultsettingofmstp
(MultipleSpanningTreeProtocol)mode.MSTPmodeisfullycompatibleandinteroperablewith
legacySTP802.1DandRapidSpanningTree(RSTP)bridges.Settingtheversiontostpcompatible
modewillcausethebridgetotransmitonly802.1DBPDUs,andwillpreventnonedgeportsfrom
rapidlytransitioningtoforwardingstate.

Example
ThisexampleshowshowtogloballychangetheSpanningTreeversionfromthedefaultofMSTP
toRSTP:
B5(su)->set spantree version rstp

9-8

Spanning Tree Configuration

clear spantree version

UsethiscommandtoresettheSpanningTreeversiontoMSTPmode.

Syntax
clear spantree version

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoresettheSpanningTreeversion:
B5(su)->clear spantree version

show spantree bpdu-forwarding

Use this command to display the Spanning Tree BPDU forwarding mode.

Syntax
show spantree bpdu-forwarding

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaytheSpanningTreeBPDUforwardingmode:
B5(su)->show spantree bpdu-forwarding
BPDU forwarding is disabled.

Enterasys B5 CLI Reference

9-9

set spantree bpdu-forwarding

UsethiscommandtoenableordisableSpanningTreeBPDUforwarding.BydefaultBPDU
forwardingisdisabled.

Syntax
set spantree bpdu-forwarding {disable | enable}

Parameters
disable|enable

DisablesorenablesBPDUforwarding;.

Defaults
BydefaultBPDUforwardingisdisabled.

Mode
Switchcommand,readwrite.

Usage
TheSpanningTreeprotocolmustbedisabled(setspantreedisable)forthisfeaturetotakeeffect.

Example
ThisexampleshowshowtoenableBPDUforwarding:
B5(rw)-> set spantree bpdu-forwarding enable

show spantree bridgeprioritymode

UsethiscommandtodisplaytheSpanningTreebridgeprioritymodesetting.

Syntax
show spantree bridgeprioritymode

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaytheSpanningTreebridgeprioritymodesetting:
B5(rw)->show spantree bridgeprioritymode
Bridge Priority Mode is set to IEEE802.1t mode.

9-10

Spanning Tree Configuration

set spantree bridgeprioritymode

UsethiscommandtosettheSpanningTreebridgeprioritymodeto802.1D(legacy)or802.1t.

Syntax
set spantree bridgeprioritymode {8021d | 8021t}

Parameters
8021d

Setsthebridgeprioritymodetouse802.1D(legacy)values,whichare0
65535.

8021t

Setsthebridgeprioritymodetouse802.1tvalues,whichare0to61440,in
incrementsof4096.Valueswillautomaticallyberoundedupordown,
dependingonthe802.1tvaluetowhichtheenteredvalueisclosest.
Thisisthedefaultbridgeprioritymode.

Defaults
None

Mode
Switchcommand,readwrite.

Usage
Themodeaffectstherangeofpriorityvaluesusedtodeterminewhichdeviceisselectedasthe
SpanningTreerootasdescribedinsetspantreepriority(setspantreepriorityonpage 917).The
defaultfortheswitchistouse802.1tbridgeprioritymode.

Example
Thisexampleshowshowtosetthebridgeprioritymodeto802.1D:
B5(rw)->set spantree bridgeprioritymode 8021d

clear spantree bridgeprioritymode

UsethiscommandtoresettheSpanningTreebridgeprioritymodetothedefaultsettingof802.1t.

Syntax
clear spantree bridgeprioritymode

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Enterasys B5 CLI Reference

9-11

show spantree mstilist

Example
Thisexampleshowshowtoresetthebridgeprioritymodeto802.1t:
B5(rw)->clear spantree bridgeprioritymode

show spantree mstilist

UsethiscommandtodisplayalistofMultipleSpanningTree(MST)instancesconfiguredonthe
device.

Syntax
show spantree mstilist

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayalistofMSTinstances.Inthiscase,SID2hasbeenconfigured:
B5(su)->show spantree mstilist
Configured Multiple Spanning Tree instances:
2

set spantree msti

UsethiscommandtocreateordeleteaMultipleSpanningTreeinstance.

Syntax
set spantree msti sid sid {create | delete}

Parameters
sidsid

SetstheMultipleSpanningTreeID.Validvaluesare14094.
EnterasysB5deviceswillsupportupto4MSTinstances.

create|delete

CreatesordeletesanMSTinstance.

Defaults
None.

Mode
Switchcommand,readwrite.

9-12

Spanning Tree Configuration

clear spantree msti

Example
ThisexampleshowshowtocreateanMSTinstance2:
B5(su)->set spantree msti sid 2 create

clear spantree msti

UsethiscommandtodeleteoneormoreMultipleSpanningTreeinstances.

Syntax
clear spantree msti [sid sid]

Parameters
sidsid

(Optional)DeletesaspecificmultipleSpanningTreeID.

Defaults
Ifsidisnotspecified,allMSTinstanceswillbecleared.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtodeleteallMSTinstances:
B5(su)->clear spantree msti

show spantree mstmap

UsethiscommandtodisplaythemappingofafilteringdatabaseID(FID)toaSpanningTrees.
SinceVLANsaremappedtoFIDs,thisshowstowhichSIDaVLANismapped.

Syntax
show spantree mstmap [fid fid]

Parameters
fidfid

(Optional)DisplaysinformationforspecificFIDs.

Defaults
Iffidisnotspecified,informationforallassignedFIDswillbedisplayed.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaySIDtoFIDmappinginformationforFID1.Inthiscase,no
newmappingshavebeenconfigured:
B5(su)->show spantree mstmap fid 1

Enterasys B5 CLI Reference

9-13

set spantree mstmap

FID:
1

SID:
0

set spantree mstmap

UsethiscommandtomaponeormorefilteringdatabaseIDs(FIDs)toaSID.SinceVLANsare
mappedtoFIDs,thisessentiallymapsoneormoreVLANIDstoaSpanningTree(SID).
Note: Since any MST maps that are associated with GVRP-generated VLANs will be removed from
the configuration if GVRP communication is lost, it is recommended that you only create MST maps
on statically-created VLANs.

Syntax
set spantree mstmap fid [sid sid]

Parameters
fid

SpecifiesoneormoreFIDstoassigntotheMST.Validvaluesare14093,
andmustcorrespondtoaVLANIDcreatedusingthesetvlancommand.

sidsid

(Optional)SpecifiesaMultipleSpanningTreeID.Validvaluesare14094,
andmustcorrespondtoaSIDcreatedusingthesetmsticommand.

Defaults
Ifsidisnotspecified,FID(s)willbemappedtoSpanningTree0.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtomapFID3toSID2:
B5(su)->set spantree mstmap 3 sid 2

clear spantree mstmap

UsethiscommandtomapaFIDbacktoSID0.

Syntax
clear spantree mstmap fid

Parameters
fid

SpecifiesoneormoreFIDstoresetto0.

Defaults
Iffidisnotspecified,allSIDtoFIDmappingswillbereset.

Mode
Switchcommand,readwrite.

9-14

Spanning Tree Configuration

show spantree vlanlist

Example
ThisexampleshowshowtomapFID2backtoSID0:
B5(su)->clear spantree mstmap 2

show spantree vlanlist

UsethiscommandtodisplaytheSpanningTreeID(s)assignedtooneormoreVLANs.

Syntax
show spantree vlanlist [vlan-list]

Parameters
vlanlist

(Optional)DisplaysSIDsassignedtospecificVLAN(s).

Defaults
Ifnotspecified,SIDassignmentwillbedisplayedforallVLANs.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaytheSIDsmappedtoVLAN1.Inthiscase,SIDs2,16and42
aremappedtoVLAN1.Forthisinformationtodisplay,theSIDinstancemustbecreatedusingthe
setspantreemsticommandasdescribedinsetspantreemstionpage 912,andtheFIDsmust
bemappedtoSID 1usingthesetspantreemstmapcommandasdescribedinsetspantree
mstmaponpage 914:
B5(su)->show spantree vlanlist 1
The following SIDS are assigned to VLAN 1: 2 16 42

show spantree mstcfgid

UsethiscommandtodisplaytheMSTconfigurationidentifierelements,includingformatselector,
configurationname,revisionlevel,andconfigurationdigest.

Syntax
show spantree mstcfgid

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Enterasys B5 CLI Reference

9-15

set spantree mstcfgid

Example
ThisexampleshowshowtodisplaytheMSTconfigurationidentifierelements.Inthiscase,the
defaultrevisionlevelof0,andthedefaultconfigurationname(astringrepresentingthebridge
MACaddress)havenotbeenchanged.Forinformationonusingthesetspantreemstcfgid
commandtochangethesesettings,refertosetspantreemstcfgidonpage 916:
B5(su)->show spantree mstcfgid
MST Configuration Identifier:
Format Selector: 0
Configuration Name: 00:01:f4:89:51:94
Revision Level: 0
Configuration Digest: ac:36:17:7f:50:28:3c:d4:b8:38:21:d8:ab:26:de:62

set spantree mstcfgid

UsethiscommandtosettheMSTconfigurationnameand/orrevisionlevel.

Syntax
set spantree mstcfgid {cfgname name | rev level}

Parameters
cfgnamename

SpecifiesanMSTconfigurationname.

revlevel

SpecifiesanMSTrevisionlevel.Validvaluesare065535.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtosettheMSTconfigurationnametomstconfig:
B5(su)->set spantree mstconfigid cfgname mstconfig

clear spantree mstcfgid

UsethiscommandtoresettheMSTrevisionleveltoadefaultvalueof0,andtheconfiguration
nametoadefaultstringrepresentingthebridgeMACaddress.

Syntax
clear spantree mstcfgid

Parameters
None.

Defaults
None.

9-16

Spanning Tree Configuration

set spantree priority

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoresettheMSTconfigurationidentifierelementstodefaultvalues:
B5(su)->clear spantree mstcfgid

set spantree priority

UsethiscommandtosetthedevicesSpanningTreepriority.

Syntax
set spantree priority priority [sid]

Parameters
priority

Specifiesthepriorityofthebridge.Validvaluesarefrom0to61440(in
incrementsof4096),with0indicatinghighestpriorityand61440
lowestpriority.

sid

(Optional)SetsthepriorityonaspecificSpanningTree.Validvalues
are04094.Ifnotspecified,SID 0isassumed.

Defaults
Ifsidisnotspecified,prioritywillbesetonSpanningTree0.

Mode
Switchcommand,readwrite.

Usage
Thedevicewiththehighestpriority(lowestnumericalvalue)becomestheSpanningTreeroot
device.Ifalldeviceshavethesamepriority,thedevicewiththelowestMACaddresswillthen
becometherootdevice.Dependingonthebridgeprioritymode(setwiththesetspantree
bridgeprioritymodecommanddescribedinsetspantreebridgeprioritymodeonpage 911,
somepriorityvaluesmayberoundedupordown.

Example
Thisexampleshowshowtosetthebridgepriorityto4096onSID1:
B5(su)->set spantree priority 4096 1

clear spantree priority

UsethiscommandtoresettheSpanningTreeprioritytothedefaultvalueof32768.

Syntax
clear spantree priority [sid]

Enterasys B5 CLI Reference

9-17

set spantree hello

Parameters
sid

(Optional)ResetsthepriorityonaspecificSpanningTree.Validvalues
are04094.Ifnotspecified,SID 0isassumed.

Defaults
Ifsidisnotspecified,prioritywillberesetonSpanningTree0.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoresetthebridgepriorityonSID1:
B5(su)->clear spantree priority 1

set spantree hello

UsethiscommandtosetthedevicesSpanningTreehellotime,Thisisthetimeinterval(in
seconds)thedevicewilltransmitBPDUsindicatingitisactive.

Syntax
set spantree hello interval

Parameters
interval

Specifiesthenumberofsecondsthesystemwaitsbeforebroadcastinga
bridgehellomessage(amulticastmessageindicatingthatthesystemis
active).Validvaluesare110.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtogloballysettheSpanningTreehellotimeto10seconds:
B5(su)->set spantree hello 10

clear spantree hello

UsethiscommandtoresettheSpanningTreehellotimetothedefaultvalueof2seconds.

Syntax
clear spantree hello

9-18

Spanning Tree Configuration

set spantree maxage

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtogloballyresettheSpanningTreehellotime:
B5(su)->clear spantree hello

set spantree maxage

Usethiscommandtosetthebridgemaximumagingtime.

Syntax
set spantree maxage agingtime

Parameters
agingtime

Specifiesthemaximumnumberofsecondsthatthesystemretainsthe
informationreceivedfromotherbridgesthroughSTP.Validvaluesare6
40.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
Thebridgemaximumagingtimeisthemaximumtime(inseconds)adevicecanwaitwithout
receivingaconfigurationmessage(bridgehello)beforeattemptingtoreconfigure.Alldevice
ports(exceptfordesignatedports)shouldreceiveconfigurationmessagesatregularintervals.
AnyportthatagesoutSTPinformationprovidedinthelastconfigurationmessagebecomesthe
designatedportfortheattachedLAN.Ifitisarootport,anewrootportisselectedfromamong
thedeviceportsattachedtothenetwork.

Example
Thisexampleshowshowtosetthemaximumagingtimeto25seconds:
B5(su)->set spantree maxage 25

Enterasys B5 CLI Reference

9-19

clear spantree maxage

UsethiscommandtoresetthemaximumagingtimeforaSpanningTreetothedefaultvalueof20
seconds.

Syntax
clear spantree maxage

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtogloballyresetthemaximumagingtime:
B5(su)->clear spantree maxage

set spantree fwddelay

UsethiscommandtosettheSpanningTreeforwarddelay.

Syntax
set spantree fwddelay delay

Parameters
delay

Specifiesthenumberofsecondsforthebridgeforwarddelay.Validvalues
are430.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
Theforwarddelayisthemaximumtime(inseconds)therootdevicewillwaitbeforechanging
states(i.e.,listeningtolearningtoforwarding).Thisdelayisrequiredbecauseeverydevicemust
receiveinformationabouttopologychangesbeforeitstartstoforwardframes.Inaddition,each
portneedstimetolistenforconflictinginformationthatwouldmakeitreturntoablockingstate;
otherwise,temporarydataloopsmightresult.

Example
Thisexampleshowshowtogloballysetthebridgeforwarddelayto16seconds:
9-20

Spanning Tree Configuration

clear spantree fwddelay

B5(su)->set spantree fwddelay 16

clear spantree fwddelay

UsethiscommandtoresettheSpanningTreeforwarddelaytothedefaultsettingof15seconds.

Syntax
clear spantree fwddelay

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtogloballyresetthebridgeforwarddelay:
B5(su)->clear spantree fwddelay

show spantree backuproot

UsethiscommandtodisplaythebackuprootstatusforanMSTinstance.

Syntax
show spantree backuproot [sid]

Parameters
sid

(Optional)DisplaybackuprootstatusforaspecificSpanningTree
identifier.Validvaluesare04094.Ifnotspecified,SID0isassumed.

Defaults
IfaSIDisnotspecified,thenstatuswillbeshownforSpanningTreeinstance0.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaythestatusofthebackuprootfunctiononSID0:
B5(rw)->show spantree backuproot
Backup root is set to disable on sid 0

Enterasys B5 CLI Reference

9-21

set spantree backuproot

UsethiscommandtoenableordisabletheSpanningTreebackuprootfunctionontheswitch.

Syntax
set spantree backuproot sid {disable | enable}

Parameters
sid

SpecifiestheSpanningTreeinstanceonwhichtoenableordisablethe
backuprootfunction.Validvaluesare04094.

disable|enable

Enablesordisablesthebackuprootfunction.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
TheSpanningTreebackuprootfunctionisdisabledbydefaultontheEnterasysB5.Whenthis
featureisenabledandtheswitchisdirectlyconnectedtotherootbridge,staleSpanningTree
informationispreventedfromcirculatingiftherootbridgeislost.Iftherootbridgeislost,the
backuprootwilldynamicallyloweritsbridgeprioritysothatitwillbeselectedasthenewroot
overthelostrootbridge.

Example
ThisexampleshowshowtoenablethebackuprootfunctiononSID2:
B5(rw)->set spantree backuproot 2 enable

clear spantree backuproot

UsethiscommandtoresettheSpanningTreebackuprootfunctiontothedefaultstateofdisabled.

Syntax
clear spantree backuproot sid

Parameters
sid

SpecifiestheSpanningTreeonwhichtoclearthebackuproot
function.Validvaluesare04094.

Defaults
None.

Mode
Switchcommand,readwrite.

9-22

Spanning Tree Configuration

show spantree tctrapsuppress

Example
ThisexampleshowshowtoresetthebackuprootfunctiontodisabledonSID2:
B5(rw)->clear spantree backuproot 2

show spantree tctrapsuppress

UsethiscommandtodisplaythestatusoftopologychangetrapsuppressiononRapidSpanning
Treeedgeports.

Syntax
show spantree tctrapsuppress

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaythestatusoftopologychangetrapsuppression:
B5(rw)->show spantree tctrapsuppress
Topology change Trap Suppression is set to enabled

set spantree tctrapsuppress

UsethiscommandtodisableorenabletopologychangetrapsuppressiononRapidSpanningTree
edgeports.

Syntax
set spantree tctrapsuppress {disable | enable}

Parameters
disable|enable

Disablesorenablestopologychangetrapsuppression.

Defaults
None.

Mode
Switchcommand,readwrite.

Enterasys B5 CLI Reference

9-23

clear spantree tctrapsuppress

Usage
Bydefault,RSTPnonedge(bridge)portsthattransitiontoforwardingorblockingcausethe
switchtoissueatopologychangetrap.Whentopologychangetrapsuppressionisenabled,which
isthedevicedefault,edgeports(suchasendstationPCs)arepreventedfromsendingtopology
changetraps.Thisisbecausethereisusuallynoneedfornetworkmanagementtomonitoredge
portSTPtransitionstates,suchaswhenPCsarepoweredon.Whentopologychangetrap
suppressionisdisabled,allports,includingedgeandbridgeports,willtransmittopologychange
traps.

Example
ThisexampleshowshowtoallowRapidSpanningTreeedgeportstotransmittopologychange
traps:
B5(rw)->set spantree tctrapsuppress disable

clear spantree tctrapsuppress

UsethiscommandtoclearthestatusoftopologychangetrapsuppressiononRapidSpanningTree
edgeportstothedefaultstateofenabled(edgeporttopologychangesdonotgeneratetraps).

Syntax
clear spantree tctrapsuppress

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtocleartopologychangetrapsuppressionsetting:
B5(rw)->clear spantree tctrapsuppress

set spantree protomigration

UsethiscommandtoresettheprotocolstatemigrationmachineforoneormoreSpanningTree
ports.WhenoperatinginRSTPmode,thisforcesaporttotransmitMSTPBPDUs.

Syntax
set spantree protomigration <port-string>

Parameters
portstring

9-24

Spanning Tree Configuration

Resettheprotocolstatemigrationmachineforspecificport(s).Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.

show spantree spanguard

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoresettheprotocolstatemigrationmachineonport20:
B5(su)->set spantree protomigration ge.1.20

show spantree spanguard

UsethiscommandtodisplaythestatusoftheSpanningTreeSpanGuardfunction.

Syntax
show spantree spanguard

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaytheSpanGuardfunctionstatus:
B5(su)->show spantree spanguard
Spanguard is disabled

set spantree spanguard

UsethiscommandtoenableordisabletheSpanningTreeSpanGuardfunction.

Syntax
set spantree spanguard {enable | disable}

Parameters
enable|disable

EnablesordisablestheSpanGuardfunction.

Defaults
None.

Enterasys B5 CLI Reference

9-25

clear spantree spanguard

Mode
Switchcommand,readwrite.

Usage
SpanGuardisdesignedtodisable,orlockoutanedgeportwhenanunexpectedBPDUis
received.Theportcanbeconfiguredtobereenabledafterasettimeperiod,oronlyaftermanual
intervention.
Aportcanbedefinedasanedge(user)portusingthesetspantreeadminedgecommand,
describedinsetspantreeadminedgeonpage 940.Aportdesignatedasanedgeportis
expectedtobeconnectedtoaworkstationorotherendusertypeofdevice,andnottoanother
switchinthenetwork.WhenSpanGuardisenabled,ifanonloopbackBPDUisreceivedonan
edgeport,theSpanningTreestateofthatportwillbechangedtoblockingandwillnolonger
forwardtraffic.Theportwillremaindisableduntiltheamountoftimedefinedbysetspantree
spanguardtimeout(setspantreespanguardtimeoutonpage 927)haspassedsincethelastseen
BPDU,theportismanuallyunlocked(setorclearspantreespanguardlock,clear/setspantree
spanguardlockonpage 929),theconfigurationoftheportischangedsoitisnotlongeranedge
port,ortheSpanGuardfunctionisdisabled.
SpanGuardisenabledanddisabledonlyonaglobalbasis(acrossthestack,ifapplicable).By
default,SpanGuardisdisabledandSpanGuardtrapsareenabled.

Example
ThisexampleshowshowtoenabletheSpanGuardfunction:
B5(rw)->set spantree spanguard enable

clear spantree spanguard

UsethiscommandtoresetthestatusoftheSpanningTreeSpanGuardfunctiontodisabled.

Syntax
clear spantree spanguard

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoresetthestatusoftheSpanGuardfunctiontodisabled:
B5(rw)->clear spantree spanguard

9-26

Spanning Tree Configuration

show spantree spanguardtimeout

UsethiscommandtodisplaytheSpanningTreeSpanGuardtimeoutsetting.

Syntax
show spantree spanguardtimeout

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaytheSpanGuardtimeoutsetting:
B5(su)->show spantree spanguardtimeout
Spanguard timeout: 300

set spantree spanguardtimeout

Usethiscommandtosettheamountoftime(inseconds)anedgeportwillremainlockedbythe
SpanGuardfunction.

Syntax
set spantree spanguardtimeout timeout

Parameters
timeout

Specifiesatimeoutvalueinseconds.Validvaluesare0to65535.
Avalueof0willkeeptheportlockeduntilmanuallyunlocked.Thedefault
valueis300seconds.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtosettheSpanGuardtimeoutto600seconds:
B5(su)->set spantree spanguardtimeout 600

Enterasys B5 CLI Reference

9-27

clear spantree spanguardtimeout

UsethiscommandtoresettheSpanningTreeSpanGuardtimeouttothedefaultvalueof300
seconds.

Syntax
clear spantree spanguardtimeout

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoresettheSpanGuardtimeoutto300seconds:
B5(rw)->clear spantree spanguardtimeout

show spantree spanguardlock

UsethiscommandtodisplaytheSpanGuardlockstatusofoneormoreports.

Syntax
show spantree spanguardlock [port-string]

Parameters
portstring

(Optional)Specifiestheport(s)forwhichtoshowSpanGuardlockstatus.
Foradetaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.

Defaults
Ifnoportstringisspecified,theSpanGuardlockstatusforallportsisdisplayed.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaytheSpanGuardlockstatusforge.1.1:
B5(su)->show spantree spanguardlock ge.1.1
Port ge.1.1 is Unlocked

9-28

Spanning Tree Configuration

clear / set spantree spanguardlock

UseeitherofthesecommandstounlockoneormoreportslockedbytheSpanningTree
SpanGuardfunction.WhenSpanGuardisenabled,itlocksportsthatreceiveBPDUswhenthose
portshavebeendefinedasedge(user)ports(asdescribedinsetspantreeadminedgeon
page 940).

Syntax
clear spantree spanguardlock port-string
set spantree spanguardlock port-string

Parameters
portstring

Specifiesport(s)tounlock.Foradetaileddescriptionofpossibleportstring
values,refertoPortStringSyntaxUsedintheCLIonpage 71.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtounlockportge.1.16:
B5(rw)->clear spantree spanguardlock ge.1.16

show spantree spanguardtrapenable

UsethiscommandtodisplaythestateoftheSpanningTreeSpanGuardtrapfunction.

Syntax
show spantree spanguardtrapenable

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaythestateoftheSpanGuardtrapfunction:
B5(ro)->show spantree spanguardtrapenable
Spanguard SNMP traps are enabled

Enterasys B5 CLI Reference

9-29

set spantree spanguardtrapenable

UsethiscommandtoenableordisablethesendingofanSNMPtrapmessagewhenSpanGuard
haslockedaport.

Syntax
set spantree spanguardtrapenable {disable | enable}

Parameters
disable|enable

DisablesorenablessendingSpanGuardtraps.Bydefault,sendingtraps
isenabled.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtodisabletheSpanGuardtrapfunction:
B5(su)->set spantree spanguardtrapenable disable

clear spantree spanguardtrapenable

UsethiscommandtoresettheSpanningTreeSpanGuardtrapfunctionbacktothedefaultstateof
enabled.

Syntax
clear spantree spanguardtrapenable

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoresettheSpanGuardtrapfunctiontoenabled:
B5(rw)->clear spantree spanguardtrapenable

9-30

Spanning Tree Configuration

show spantree legacypathcost

UsethiscommandtodisplaythedefaultSpanningTreepathcostsetting.

Syntax
show spantree legacypathcost

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaythedefaultSpanningTreepathcostsetting.
B5(su)->show spantree legacypathcost
Legacy Path Cost is disabled.

set spantree legacypathcost

Usethiscommandtoenableordisablelegacy(802.1D)pathcostvalues.

Syntax
set spantree legacypathcost {disable | enable}

Parameters
disable

Use802.1t2001valuestocalculatepathcost.

enable

Use802.1d1998valuestocalculatepathcost.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
Bydefault,legacypathcostisdisabled.Enablingthedevicetocalculatelegacypathcostsaffects
therangeofvalidvaluesthatcanbeenteredinthesetspantreeadminpathcostcommand.

Example
Thisexampleshowshowtosetthedefaultpathcostvaluesto802.1D.
B5(rw)->set spantree legacypathcost enable

Enterasys B5 CLI Reference

9-31

clear spantree legacypathcost

UsethiscommandtosettheSpanningTreedefaultvalueforlegacypathcostto802.1tvalues.

Syntax
clear spantree legacypathcost

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleclearsthelegacypathcostto802.1tvalues.
B5(rw)->clear spantree legacypathcost

show spantree autoedge

Usethiscommandtodisplaythestatusofautomaticedgeportdetection.

Syntax
show spantree autoedge

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaythestatusoftheautomaticedgeportdetectionfunction:
B5(rw)->show spantree autoedge
autoEdge is currently enabled.

set spantree autoedge

Usethiscommandtoenableordisabletheautomaticedgeportdetectionfunction.

Syntax
set spantree autoedge {disable | enable}

9-32

Spanning Tree Configuration

clear spantree autoedge

Parameters
disable|enable

Disablesorenablesautomaticedgeportdetection.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtodisableautomaticedgeportdetection:
B5(rw)->set spantree autoedge disable

clear spantree autoedge

Usethiscommandtoresetautomaticedgeportdetectiontothedefaultstateofenabled.

Syntax
clear spantree autoedge

Parameters
None.

Defaults
None.

Mode
Switchcommand,ReadWrite.

Example
Thisexampleshowshowtoresetautomaticedgeportdetectiontoenabled:
B5(rw)->clear spantree autoedge

Enterasys B5 CLI Reference

9-33

Configuring Spanning Tree Port Parameters

Purpose
TodisplayandsetSpanningTreeportparameters.

Commands
For information about...

Refer to page...

set spantree portadmin

9-34

clear spantree portadmin

9-35

show spantree portadmin

9-35

show spantree portpri

9-36

set spantree portpri

9-36

clear spantree portpri

9-37

show spantree adminpathcost

9-38

set spantree adminpathcost

9-38

clear spantree adminpathcost

9-39

show spantree adminedge

9-39

set spantree adminedge

9-39

clear spantree adminedge

9-40

show spantree operedge

9-41

set spantree portadmin

UsethiscommandtodisableorenabletheSpanningTreealgorithmononeormoreports.

Syntax
set spantree portadmin port-string {disable | enable}

Parameters
portstring

Specifiestheport(s)forwhichtoenableordisableSpanningTree.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.

disable|enable

DisablesorenablesSpanningTree.

Defaults
None.

Mode
Switchcommand,readwrite.

9-34

Spanning Tree Configuration

clear spantree portadmin

Example
ThisexampleshowshowtodisableSpanningTreeonge.1.5:
B5(rw)->set spantree portadmin ge.1.5 disable

clear spantree portadmin

UsethiscommandtoresetthedefaultSpanningTreeadminstatustoenableononeormoreports.

Syntax
clear spantree portadmin port-string

Parameters
portstring

Resetsthedefaultadminstatusonspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 71.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoresetthedefaultSpanningTreeadminstatetoenableonge.1.12:
B5(rw)->clear spantree portadmin ge.1.12

show spantree portadmin

UsethiscommandtodisplaythestatusoftheSpanningTreealgorithmononeormoreports.

Syntax
show spantree portadmin [port port-string]

Parameters
portportstring

(Optional)Displaysstatusforspecificport(s).Foradetaileddescriptionof
possibleportstringvalues,refertoPortStringSyntaxUsedintheCLI
onpage 71.

Defaults
Ifportstringisnotspecified,statuswillbedisplayedforallports.

Mode
Switchcommand,readonly.

Enterasys B5 CLI Reference

9-35

show spantree portpri

Example
Thisexampleshowshowtodisplayportadminstatusforge.1.1:
B5(ro)->show spantree portadmin port ge.1.1
Port ge.1.1 has portadmin set to enabled

show spantree portpri

UsethiscommandtoshowtheSpanningTreepriorityforoneormoreports.Portpriorityisa
componentoftheportID,whichisoneelementusedindeterminingSpanningTreeportroles.

Syntax
show spantree portpri [port port-string] [sid sid]

Parameters
portportstring

(Optional)Specifiestheport(s)forwhichtodisplaySpanningTreepriority.
Foradetaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.

sidsid

(Optional)DisplaysportpriorityforaspecificSpanningTreeidentifier.
Validvaluesare04094.Ifnotspecified,SID0isassumed.

Defaults
Ifportstringisnotspecified,portprioritywillbedisplayedforallSpanningTreeports.
Ifsidisnotspecified,portprioritywillbedisplayedforSpanningTree0.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaytheportpriorityforge.2.7:
B5(su)->show spantree portpri port ge.2.7
Port ge.2.7 has a Port Priority of 128 on SID 0

set spantree portpri

UsethiscommandtosetaportsSpanningTreepriority.

Syntax
set spantree portpri port-string priority [sid sid]

9-36

Spanning Tree Configuration

clear spantree portpri

Parameters
portstring

Specifiestheport(s)forwhichtosetSpanningTreeportpriority.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.

priority

SpecifiesanumberthatrepresentsthepriorityofalinkinaSpanningTree
bridge.Validvaluesarefrom0to240(inincrementsof16)with0
indicatinghighpriority.

sidsid

(Optional)SetsportpriorityforaspecificSpanningTreeidentifier.Valid
valuesare04094.Ifnotspecified,SID0isassumed.

Defaults
Ifsidisnotspecified,portprioritywillbesetforSpanningTree0.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtosetthepriorityofge.1.3to240onSID1
B5(su)->set spantree portpri ge.1.3 240 sid 1

clear spantree portpri

UsethiscommandtoresetthebridgepriorityofaSpanningTreeporttoadefaultvalueof128.

Syntax
clear spantree portpri port-string [sid sid]

Parameters
portstring

Specifiestheport(s)forwhichtosetSpanningTreeportpriority.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.

sidsid

(Optional)ResetstheportpriorityforaspecificSpanningTreeidentifier.
Validvaluesare04094.Ifnotspecified,SID0willbeassumed.

Defaults
Ifsidisnotspecified,portprioritywillbesetforSpanningTree0.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoresetthepriorityofge.1.3to128onSID1
B5(su)->clear spantree portpri ge.1.3 sid 1

Enterasys B5 CLI Reference

9-37

show spantree adminpathcost

UsethiscommandtodisplaytheadminpathcostforaportononeormoreSpanningTrees.

Syntax
show spantree adminpathcost [port port-string] [sid sid]

Parameters
portportstring

(Optional)Displaystheadminpathcostvalueforspecificport(s).Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.

sidsid

(Optional)DisplaystheadminpathcostforaspecificSpanningTree
identifier.Validvaluesare04094.Ifnotspecified,SID0willbeassumed.

Defaults
Ifportstringisnotspecified,adminpathcostforallSpanningTreeportswillbedisplayed.
Ifsidisnotspecified,adminpathcostforSpanningTree0willbedisplayed.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaytheadminpathcostforge.3.4onSID1:
B5(su)->show spantree adminpathcost port ge.3.4 sid 1
Port ge.3.4 has a Port Admin Path Cost of 0 on SID 1

set spantree adminpathcost

UsethiscommandtosettheadministrativepathcostonaportandoneormoreSpanningTrees.

Syntax
set spantree adminpathcost port-string cost [sid sid]

Parameters
portstring

Specifiestheport(s)onwhichtosetanadminpathcost.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 71.

cost

Specifiestheportpathcost.Va1idvaluesare0200000000.

sidsid

(Optional)SetstheadminpathcostforaspecificSpanningTreeidentifier.
Validvaluesare04094.Ifnotspecified,SID0willbeassumed.

Defaults
Ifsidisnotspecified,adminpathcostwillbesetforSpanningTree0.

Mode
Switchcommand,readwrite.
9-38

Spanning Tree Configuration

clear spantree adminpathcost

Example
Thisexampleshowshowtosettheadminpathcostto200forge.3.2onSID1:
B5(su)->set spantree adminpathcost ge.3.2 200 sid 1

clear spantree adminpathcost

UsethiscommandtoresettheSpanningTreedefaultvalueforportadminpathcostto0.

Syntax
clear spantree adminpathcost port-string [sid sid]

Parameters
portstring

Specifiestheport(s)forwhichtoresetadminpathcost.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntax
UsedintheCLIonpage 71.

sidsid

(Optional)ResetstheadminpathcostforspecificSpanningTree(s).
Validvaluesare04094.Ifnotspecified,SID0isassumed.

Defaults
Ifsidisnotspecified,adminpathcostwillberesetforSpanningTree0.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoresettheadminpathcostto0forge.3.2onSID1:
B5(su)->clear spantree adminpathcost ge.3.2 sid 1

show spantree adminedge

Usethiscommandtodisplaytheedgeportadministrativestatusforaport.

Syntax
show spantree adminedge [port port-string]

Parameters
portstring

(Optional)Displaysedgeportadministrativestatusforspecific
port(s).Foradetaileddescriptionofpossibleportstringvalues,
refertoPortStringSyntaxUsedintheCLIonpage 71.

Defaults
IfportstringisnotspecifiededgeportadministrativestatuswillbedisplayedforallSpanningTree
ports.

Enterasys B5 CLI Reference

9-39

set spantree adminedge

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaytheedgeportstatusforge.3.2:
B5(su)->show spantree adminedge port ge.3.2
Port ge.3.2 has a Port Admin Edge of Edge-Port

set spantree adminedge

UsethiscommandtosettheedgeportadministrativestatusonaSpanningTreeport.

Syntax
set spantree adminedge port-string {true | false}

Parameters
portstring

Specifiestheedgeport.Foradetaileddescriptionofpossibleportstring
values,refertoPortStringSyntaxUsedintheCLIonpage 71.

true|false

Enables(true)ordisables(false)thespecifiedportasaSpanningTreeedge
port.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
Thedefaultbehavioroftheedgeportadministrativestatusbeginswiththevaluesettofalse
initiallyafterthedeviceispoweredup.IfaSpanningTreeBDPUisnotreceivedontheportwithin
afewseconds,thestatussettingchangestotrue.

Example
Thisexampleshowshowtosetge.1.11asanedgeport:
B5(su)->set spantree adminedge ge.1.11 true

clear spantree adminedge

UsethiscommandtoresetaSpanningTreeporttononedgestatus.

Syntax
clear spantree adminedge port-string

9-40

Spanning Tree Configuration

show spantree operedge

Parameters
portstring

Specifiesport(s)onwhichtoresetedgeportstatus.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 71.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoresetge.1.11asanonedgeport:
B5(su)->clear spantree adminedge ge.1.11

show spantree operedge

UsethiscommandtodisplaytheSpanningTreeedgeportoperatingstatusforaport.

Syntax
show spantree operedge [port port-string]

Parameters
portportstring

Displaysedgeportoperatingstatusforspecificport(s).

Defaults
Ifportstringisnotspecified,edgeportoperatingstatuswillbedisplayedforallSpanningTree
ports.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaytheedgeportstatusforge.2.7:
B5(rw)->show spantree operedge port ge.2.7
Port ge.2.7 has a Port Oper Edge of Edge-Port

Enterasys B5 CLI Reference

9-41

Configuring Spanning Tree Loop Protect Parameters

Purpose
TodisplayandsetSpanningTreeLoopProtectparameters,includingtheglobalparametersof
LoopProtectthreshold,window,enablingtraps,anddisputedBPDUthreshold,aswellasperport
andport/SIDparameters.SeeLoopProtectonpage 92formoreinformationabouttheLoop
Protectfeature.

Commands
For information about...

9-42

Refer to page...

set spantree lp

9-43

show spantree lp

9-43

clear spantree lp

9-44

show spantree lplock

9-44

clear spantree lplock

9-45

set spantree lpcapablepartner

9-46

show spantree lpcapablepartner

9-46

clear spantree lpcapablepartner

9-47

set spantree lpthreshold

9-47

show spantree lpthreshold

9-48

clear spantree lpthreshold

9-48

set spantree lpwindow

9-49

show spantree lpwindow

9-49

clear spantree lpwindow

9-50

set spantree lptrapenable

9-50

show spantree lptrapenable

9-51

clear spantree lptrapenable

9-51

set spantree disputedbpduthreshold

9-52

show spantree disputedbpduthreshold

9-53

clear spantree disputedbpduthreshold

9-53

show spantree nonforwardingreason

9-54

Spanning Tree Configuration

set spantree lp

set spantree lp
UsethiscommandtoenableordisabletheLoopProtectfeatureperportandoptionally,perSID.
TheLoopProtectfeatureisdisabledbydefault.SeeLoopProtectonpage 2.formore
information.

Syntax
set spantree lp port-string {enable | disable} [sid sid]

Parameters
portstring

Specifiesport(s)onwhichtoenableordisabletheLoopProtectfeature.

enable|disable

Enablesordisablesthefeatureonthespecifiedport.

sidsid

(Optional)EnablesordisablesthefeatureforspecificSpanningTree(s).
Validvaluesare04094.Ifnotspecified,SID0isassumed.

Defaults
IfnoSIDisspecified,SID0isassumed.

Mode
Switchcommand,readwrite.

Usage
LoopProtecttakesprecedenceoverperportSTPenable/disable(portAdmin).Normally
portAdmindisabledwouldcauseaporttogoimmediatelytoforwarding.IfLoopProtectis
enabled,thatportshouldgotolisteningandremainthere.
Note: The Loop Protect enable/disable settings for an MSTI port should match those for the CIST
port.

Example
ThisexampleshowshowtoenableLoopProtectonge.2.3:
B5(su)->set spantree lp ge.1.11 enable

show spantree lp
UsethiscommandtodisplaytheLoopProtectstatusperportand/orperSID.

Syntax
show spantree lp [port port-string] [sid sid]

Parameters
portstring

(Optional)Specifiesport(s)forwhichtodisplaytheLoopProtect
featurestatus.

sidsid

(Optional)SpecifiesthespecificSpanningTree(s)forwhichtodisplay
theLoopProtectfeaturestatus.Validvaluesare04094.Ifnot
specified,SID0isassumed.

Enterasys B5 CLI Reference

9-43

clear spantree lp

Defaults
Ifnoportstringisspecified,statusisdisplayedforallports.
IfnoSIDisspecified,SID0isassumed.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayLoopProtectstatusonge.2.3:
B5(su)->show spantree lp port ge.2.3
LoopProtect is disabled on port ge.2.3

, SI

clear spantree lp
UsethiscommandtoreturntheLoopProtectstatusperportandoptionally,perSID,toitsdefault
stateofdisabled.

Syntax
clear spantree lp port-string [sid sid]

Parameters
portstring

Specifiesport(s)forwhichtocleartheLoopProtectfeaturestatus.

sidsid

(Optional)SpecifiesthespecificSpanningTree(s)forwhichtoclearthe
LoopProtectfeaturestatus.Validvaluesare04094.Ifnotspecified,
SID0isassumed.

Defaults
IfnoSIDisspecified,SID0isassumed.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoreturntheLoopProtectstateonge.2.3todisabled:
B5(rw)->clear spantree lp port ge.2.3

show spantree lplock

UsethiscommandtodisplaytheLoopProtectlockstatusperportand/orperSID.Aportcan
becomelockedifaconfigurednumberofLoopProtecteventsoccurduringtheconfigured
windowoftime.Seethesetspantreelpthresholdandsetspantreelpwindowcommands.Oncea
portisforcedintoblocking(locked),itremainslockeduntilmanuallyunlockedwiththeclear
spantreelplockcommand.

Syntax
show spantree lplock [port port-string] [sid sid]

9-44

Spanning Tree Configuration

clear spantree lplock

Parameters
portstring

(Optional)Specifiesport(s)forwhichtodisplaytheLoopProtectlock
status.

sidsid

(Optional)SpecifiesthespecificSpanningTree(s)forwhichtodisplay
theLoopProtectlockstatus.Validvaluesare04094.Ifnotspecified,
SID0isassumed.

Defaults
Ifnoportstringisspecified,statusisdisplayedforallports.
IfnoSIDisspecified,SID0isassumed.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayLoopProtectlockstatusonge.1.1:
B5(rw)->show spantree lplock port ge.1.1
The LoopProtect lock status for port ge.1.1

, SID 0 is UNLOCKED

clear spantree lplock

Usethiscommandtomanuallyunlockablockedportandoptionally,perSID.Thedefaultstateis
unlocked.

Syntax
clear spantree lplock port-string [sid sid]

Parameters
portstring

Specifiesport(s)forwhichtocleartheLoopProtectlock.

sidsid

(Optional)SpecifiesthespecificSpanningTree(s)forwhichtoclearthe
LoopProtectlock.Validvaluesare04094.Ifnotspecified,SID0is
assumed.

Defaults
IfnoSIDisspecified,SID0isassumed.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtoclearLoopProtectlockfromge.1.1:
B5(rw)->show spantree lplock port ge.1.1
The LoopProtect lock status for port ge.1.1
B5(rw)->clear spantree lplock ge.1.1
B5(rw)->show spantree lplock port ge.1.1
The LoopProtect lock status for port ge.1.1

, SID 0 is LOCKED

, SID 0 is UNLOCKED

Enterasys B5 CLI Reference

9-45

set spantree lpcapablepartner

UsethiscommandtospecifyperportwhetherthelinkpartnerisLoopProtectcapable.SeeLoop
Protectonpage 2.formoreinformation.

Syntax
set spantree lpcapablepartner port-string {true | false}

Parameters
portstring

Specifiesport(s)forwhichtoconfigureaLoopProtectcapablelink
partner.

true|false

Specifieswhetherthelinkpartneriscapable(true)ornot(false).

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
ThedefaultvalueforLoopProtectcapablepartnerisfalse.IftheportisconfiguredwithaLoop
Protectcapablepartner(true),thenthefullfunctionalityoftheLoopProtectfeatureisused.Ifthe
valueisfalse,thenthereissomeambiguityastowhetheranActivePartnertimeoutisduetoa
loopprotectioneventorisanormalsituationduetothefactthatthepartnerportdoesnot
transmitAlternateAgreementBPDUs.Therefore,aconservativeapproachistakeninthat
designatedportswillnotbeallowedtoforwardunlessreceivingagreementsfromaportwithroot
role.
Thistypeoftimeoutwillnotbeconsideredaloopprotectionevent.Loopprotectionismaintained
bykeepingtheportfromforwardingbutsincethisisnotconsideredaloopeventitwillnotbe
factoredintolockingtheport.

Example
ThisexampleshowshowtosettheLoopProtectcapablepartnertotrueforge.1.1:
B5(rw)->set spantree lpcapablepartner ge.1.1 true

show spantree lpcapablepartner

UsethiscommandtotheLoopProtectcapabilityofalinkpartnerforoneormoreports.

Syntax
show spantree lpcapablepartner [port port-string]

Parameters
portstring

9-46

Spanning Tree Configuration

(Optional)Specifiesport(s)forwhichtodisplayLoopProtectcapability
foritslinkpartner.

clear spantree lpcapablepartner

Defaults
Ifnoportstringisspecified,LoopProtectcapabilityforlinkpartnersisdisplayedforallports.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaytheLoopProtectpartnercapabilityforge.1.1:
B5(rw)->show spantree lpcapablepartner port ge.1.1
Link partner of port ge.1.1 is not LoopProtect-capable

clear spantree lpcapablepartner

UsethiscommandtoresettheLoopProtectcapabilityofportlinkpartnerstothedefaultstateof
false.

Syntax
clear spantree lpcapablepartner port-string

Parameters
portstring

Specifiesport(s)forwhichtocleartheirlinkpartnersLoopProtect
capability(resettofalse).

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoresettheLoopProtectpartnercapabilityforge.1.1:
B5(rw)->clear spantree lpcapablepartner ge.1.1

set spantree lpthreshold

UsethiscommandtosettheLoopProtecteventthreshold.

Syntax
set spantree lpthreshold value

Parameters
value

Specifiesthenumberofeventsthatmustoccurduringtheevent
windowinordertolockaport/SID.Thedefaultvalueis3events.A
thresholdof0specifiesthatportswillneverbelocked.

Enterasys B5 CLI Reference

9-47

show spantree lpthreshold

Defaults
None.Thedefaulteventthresholdis3.

Mode
Switchcommand,readwrite.

Usage
TheLoopProtecteventthresholdisaglobalintegervariablethatprovidesprotectioninthecaseof
intermittentfailures.Thedefaultvalueis3.Iftheeventcounterreachesthethresholdwithina
givenperiod(theeventwindow),thentheport,forthegivenSID,becomeslocked(thatis,held
indefinitelyintheblockingstate).Ifthethresholdis0,theportsareneverlocked.

Example
ThisexampleshowshowtosettheLoopProtectthresholdvalueto4:
B5(rw)->set spantree lpthreshold 4

show spantree lpthreshold

UsethiscommandtodisplaythecurrentvalueoftheLoopProtecteventthreshold.

Syntax
show spantree lpthreshold

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaythecurrentLoopProtectthresholdvalue:
B5(rw)->show spantree lpthreshold
The Loop Protect event threshold value is 4

clear spantree lpthreshold

UsethiscommandtoreturntheLoopProtecteventthresholdtoitsdefaultvalueof3.

Syntax
clear spantree lpthreshold

Parameters
None.

9-48

Spanning Tree Configuration

set spantree lpwindow

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoresettheLoopProtecteventthresholdtothedefaultof3:
B5(rw)->clear spantree lpthreshold

set spantree lpwindow

UsethiscommandtosettheLoopProtecteventwindowvalueinseconds.

Syntax
set spantree lpwindow value

Parameters
value

Specifiesthenumberofsecondsthatcomprisetheperiodduringwhich
LoopProtecteventsarecounted.Thedefaulteventwindowis180
seconds.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
TheLoopProtectWindowisatimervalue,inseconds,thatdefinesaperiodduringwhichLoop
Protecteventsarecounted.Thedefaultvalueis180seconds.Ifthetimerissetto0,theevent
counterisnotresetuntiltheLoopProtecteventthresholdisreached.Ifthethresholdisreached,
thatconstitutesaloopprotectionevent.

Example
ThisexampleshowshowtosettheLoopProtecteventwindowto120seconds:
B5(rw)->set spantree lpwindow 120

show spantree lpwindow

UsethiscommandtodisplaythecurrentLoopProtecteventwindowvalue.

Syntax
show spantree lpwindow

Enterasys B5 CLI Reference

9-49

clear spantree lpwindow

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaythecurrentLoopProtectwindowvalue:
B5(rw)->show spantree lpwindow
The Loop Protect event window is set to 120 seconds

clear spantree lpwindow

UsethiscommandtoresettheLoopProtecteventwindowtothedefaultvalueof180seconds.

Syntax
clear spantree lpwindow

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoresettheLoopProtecteventwindowtothedefaultof180seconds:
B5(rw)->clear spantree lpwindow

set spantree lptrapenable

UsethiscommandtoenableordisableLoopProtecteventnotification.

Syntax
set spantree lptrapenable {enable | disable}

Parameters
enable|disable

9-50

Spanning Tree Configuration

EnablesordisablesthesendingofLoopProtecttraps.Defaultis
disabled.

show spantree lptrapenable

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
LoopProtecttrapsaresentwhenaLoopProtecteventoccurs,thatis,whenaportgoestolistening
duetonotreceivingBPDUs.Thetrapindicatesport,SIDandloopprotectionstatus.

Example
ThisexampleshowshowtoenablesendingofLoopProtecttraps:
B5(rw)->set spantree lptrapenable enable

show spantree lptrapenable

UsethiscommandtodisplaythecurrentstatusofLoopProtecteventnotification.

Syntax
show spantree lptrapenable

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaythecurrentLoopProtecteventnotificationstatus:
B5(rw)->show spantree lptrapenable
The Loop Protect event notification status is enable

clear spantree lptrapenable

UsethiscommandtoreturntheLoopProtecteventnotificationstatetoitsdefaultstateof
disabled.

Syntax
clear spantree lptrapenable

Parameters
None.

Enterasys B5 CLI Reference

9-51

set spantree disputedbpduthreshold

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoresettheLoopProtecteventnotificationstatetothedefaultof
disabled.
B5(rw)->clear spantree lptrapenable

set spantree disputedbpduthreshold

UsethiscommandtosetthedisputedBPDUthreshold,whichisthenumberofdisputedBPDUs
thatmustbereceivedonagivenport/SIDuntiladisputedBPDUtrapissent.

Syntax
set spantree disputedbpduthreshold value

Parameters
value

SpecifiesthenumberofdisputedBPDUsthatmustbereceivedona
givenport/SIDtocauseadisputedBPDUtraptobesent.
Athresholdof0indicatesthattrapsshouldnotbesent.Thedefault
valueis0.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
AdisputedBPDUisoneinwhichtheflagsfieldindicatesadesignatedroleandlearning,andthe
priorityvectorisworsethanthatalreadyheldbytheport.IfadisputedBPDUisreceivedtheport
isforcedtothelisteningstate.Refertothe802.1Q2005standard,IEEEStandardforLocaland
MetropolitanAreaNetworksVirtualBridgedLocalAreaNetworks,forafulldescriptionofthedispute
mechanism,whichpreventsloopingincasesofonewaycommunication.
ThedisputedBPDUthresholdisanintegervariablethatrepresentsthenumberofdisputed
BPDUsthatmustbereceivedonagivenport/SIDuntiladisputedBPDUtrapissentandasyslog
messageisissued.Forexample,ifthethresholdis10,thenatrapisissuedwhen10,20,30,andso
on,disputedBPDUshavebeenreceived.
Ifthevalueis0,trapsarenotsent.Thetrapindicatesport,SIDandtotalDisputedBPDUcount.
Thedefaultis0.

9-52

Spanning Tree Configuration

show spantree disputedbpduthreshold

Example
ThisexampleshowshowtosetthedisputedBPDUthresholdvalueto5:
B5(rw)->set spantree disputedbpduthreshold 5

show spantree disputedbpduthreshold

UsethiscommandtodisplaythecurrentvalueofthedisputedBPDUthreshold.

Syntax
show spantree disputedbpduthreshold

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaythecurrentdisputedBPDUthreshold:
B5(rw)->show spantree disputedbpduthreshold
The disputed BPDU threshold value is 0

clear spantree disputedbpduthreshold

UsethiscommandtoreturnthedisputedBPDUthresholdtoitsdefaultvalueof0,meaningthat
disputedBPDUtrapsshouldnotbesent.

Syntax
clear spantree disputedbpduthreshold

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoresetthedisputedBPDUthresholdtothedefaultof0:
B5(rw)->clear spantree disputedbpduthreshold

Enterasys B5 CLI Reference

9-53

show spantree nonforwardingreason

Usethiscommandtodisplaythereasonforplacingaportinanonforwardingstateduetoan
exceptionalcondition.

Syntax
show spantree nonforwardingreason port-string [sid sid]

Parameters
portstring

Specifiesport(s)forwhichtodisplaythenonforwardingreason.

sidsid

(Optional)SpecifiesthespecificSpanningTree(s)forwhichtodisplay
thenonforwardingreason.Validvaluesare04094.Ifnotspecified,
SID0isassumed.

Defaults
Ifnoportstringisspecified,nonforwardingreasonisdisplayedforallports.
IfnoSIDisspecified,SID0isassumed.

Mode
Switchcommand,readonly.

Usage
ExceptionalconditionscausingaporttobeplacedinlisteningorblockingstateincludeaLoop
Protectevent,receiptofdisputedBPDUs,andloopbackdetection.

Example
Thisexampleshowshowtodisplaythenonforwardingreasononge.1.1:
B5(rw)->show spantree nonforwardingreason port ge.1.1
on SID 0 is None
The non-forwarding reason for port ge.1.1

9-54

Spanning Tree Configuration

10
802.1Q VLAN Configuration
ThischapterdescribestheEnterasysB5systemscapabilitiestoimplement802.1QvirtualLANs
(VLANs).
For information about...

Refer to page...

VLAN Configuration Summary

10-1

Viewing VLANs

10-3

Creating and Naming Static VLANs

10-5

Assigning Port VLAN IDs (PVIDs) and Ingress Filtering

10-8

Configuring the VLAN Egress List

10-13

Setting the Host VLAN

10-18

Enabling/Disabling GVRP (GARP VLAN Registration Protocol)

10-20

Note: An Enterasys Networks Feature Guide document containing an in-depth discussion of VLAN
configuration is located on the Enterasys Networks web site:
https://extranet.enterasys.com/downloads/

VLAN Configuration Summary

VirtualLANsallowthenetworkadministratortopartitionnetworktrafficintologicalgroupsand
controltheflowofthattrafficthroughthenetwork.Oncethetrafficand,ineffect,theusers
creatingthetraffic,areassignedtoaVLAN,thenbroadcastandmulticasttrafficiscontained
withintheVLANanduserscanbeallowedordeniedaccesstoanyofthenetworksresources.
Also,someoralloftheportsonthedevicecanbeconfiguredasGVRPports,whichenableframes
receivedwithaparticularVLANIDandprotocoltobetransmittedonalimitednumberofports.
ThiskeepsthetrafficassociatedwithaparticularVLANandprotocolisolatedfromtheotherparts
ofthenetwork.
Note: The device can support up to 1024 802.1Q VLANs. The allowable range for VLAN IDs is 1
to 4093. As a default, all ports on the device are assigned to VLAN ID 1, untagged.

Port String Syntax Used in the CLI

ForinformationonhowtodesignateVLANsandportnumbersintheCLIsyntax,refertoPort
StringSyntaxUsedintheCLIonpage 71.

Enterasys B5 CLI Reference

10-1

VLAN Configuration Summary

Creating a Secure Management VLAN

Bydefaultatstartup,thereisoneVLANconfiguredontheEnterasysB5device.ItisVLANID1,
theDEFAULTVLAN.Thedefaultcommunityname,whichdeterminesremoteaccessforSNMP
management,issettopublicwithreadwriteaccess.
IftheEnterasysB5deviceistobeconfiguredformultipleVLANs,itmaybedesirabletoconfigure
amanagementonlyVLAN.ThisallowsastationconnectedtothemanagementVLANtomanage
thedevice.Italsomakesmanagementsecurebypreventingconfigurationviaportsassignedto
otherVLANs.
TocreateasecuremanagementVLAN,youmust:
Step

Task

Refer to page...

Create a new VLAN.

10-5

Set the PVID for the desired switch port to the VLAN created in Step 1.

10-9

Add the desired switch port to the egress list for the VLAN created in
Step 1.

10-15

Assign host status to the VLAN.

10-18

Set a private community name and access policy.

8-14

ThecommandsusedtocreateasecuremanagementVLANarelistedinTable 101.Thisexample
assumesthemanagementstationisattachedtoge.1.1andwantsuntaggedframes.
Theprocessdescribedherewouldberepeatedoneverydevicethatisconnectedinthenetworkto
ensurethateachdevicehasasecuremanagementVLAN.
Table 10-1

Command Set for Creating a Secure Management VLAN

To do this...

Use these commands...

Create a new VLAN and confirm settings.

set vlan create 2 (set vlan on page 10-5)

(Optional) show vlan 2 (show vlan on page 10-3)

Set the PVID to the new VLAN.

set port vlan ge.1.1 2 (set port vlan on page 10-9)

Add the port to the new VLANs egress list.

set vlan egress 2 ge.1.1 untagged (set vlan egress on

page 10-15)

Remove the port from the default VLANs

egress list.

clear vlan egress 1 ge.1.1 (clear vlan egress on

page 10-15)

Assign host status to the VLAN.

set host vlan 2 (set host vlan on page 10-18)

Set a private community name and access

policy and confirm settings.

set snmp community private (set snmp community on

page 8-14)
(Optional) show snmp community (show snmp
community on page 8-13)

10-2

802.1Q VLAN Configuration

Viewing VLANs

Viewing VLANs
Purpose
TodisplayalistofVLANscurrentlyconfiguredonthedevice,todeterminehowoneormore
VLANswerecreated,theportsallowedanddisallowedtotransmittrafficbelongingtoVLAN(s),
andifthoseportswilltransmitthetrafficwithaVLANtagincluded.

Command
For information about...

Refer to page...

show vlan

10-3

show vlan
UsethiscommandtodisplayallinformationrelatedtooneormoreVLANs.

Syntax
show vlan [static] [vlan-list] [portinfo [vlan vlan-list | vlan-name] [port portstring]]

Parameters
static

(Optional)DisplaysinformationrelatedtostaticVLANs.StaticVLANsare
manuallycreatedusingthesetvlancommand(setvlanonpage 105),
SNMPMIBs,ortheWebViewmanagementapplication.ThedefaultVLAN,
VLAN1,isalwaysstaticallyconfiguredandcantbedeleted.Onlyports
thatuseaspecifiedVLANastheirdefaultVLAN(PVID)willbedisplayed.

vlanlist

(Optional)DisplaysinformationforaspecificVLANorrangeofVLANs.

portinfo

(Optional)DisplaysVLANattributesrelatedtooneormoreports.

vlanvlanlist|
vlanname

(Optional)DisplaysportinformationforoneormoreVLANs.

portportstring

(Optional)Displaysportinformationforoneormoreports.

Defaults
Ifnooptionsarespecified,allinformationrelatedtostaticanddynamicVLANswillbedisplayed.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayinformationforVLAN1.Inthiscase,VLAN1isnamed
DEFAULTVLAN.PortsallowedtotransmitframesbelongingtoVLAN1arelistedasegress
ports.PortsthatwontincludeaVLANtagintheirtransmittedframesarelistedasuntagged
ports.Therearenoforbiddenports(preventedfromtransmittedframes)onVLAN1:
B5(su)->show vlan 1
VLAN: 1
NAME: DEFAULT VLAN

Enterasys B5 CLI Reference

10-3

show vlan

VLAN Type: Default

Egress Ports
ge.1.1-10, ge.2.1-4, ge.3.1-7,
Forbidden Egress Ports
None.
Untagged Ports
ge.1.1-10, ge.2.1-4, ge.3.1-7,

Table 102providesanexplanationofthecommandoutput.
Table 10-2

10-4

show vlan Output Details

Output Field

What It Displays...

VLAN

VLAN ID.

NAME

Name assigned to the VLAN.

Status

Whether it is enabled or disabled.

VLAN Type

Whether it is permanent (static) or dynamic.

Egress Ports

Ports configured to transmit frames for this VLAN.

Forbidden Egress
Ports

Ports prevented from transmitting frames for this VLAN.

Untagged Ports

Ports configured to transmit untagged frames for this VLAN.

802.1Q VLAN Configuration

Creating and Naming Static VLANs

Purpose
TocreateanewstaticVLAN,ortoenableordisableexistingVLAN(s).

Commands
For information about...

Refer to page...

set vlan

10-5

set vlan name

10-6

clear vlan

10-6

clear vlan name

10-7

set vlan
UsethiscommandtocreateanewstaticIEEE802.1QVLAN,ortoenableordisableanexisting
VLAN.

Syntax
set vlan {create | enable | disable} vlan-list

Parameters
create|enable|
disable

Creates,enablesordisablesVLAN(s).

vlanlist

SpecifiesoneormoreVLANIDstobecreated,enabledordisabled.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
OnceaVLANiscreated,youcanassignitanameusingthesetvlannamecommanddescribedin
setvlannameonpage 106.
EachVLANIDmustbeunique.IfaduplicateVLANIDisentered,thedeviceassumesthatthe
AdministratorintendstomodifytheexistingVLAN.
EntertheVLANIDusingauniquenumberbetween1and4093.TheVLANIDsof0and4094and
highermaynotbeusedforuserdefinedVLANs.

Examples
ThisexampleshowshowtocreateVLAN3:
B5(su)->set vlan create 3
Enterasys B5 CLI Reference

10-5

set vlan name

UsethiscommandtosetorchangetheASCIInameforaneworexistingVLAN.

Syntax
set vlan name vlan-list vlan-name

Parameters
vlanlist

SpecifiestheVLANIDoftheVLAN(s)tobenamed.

vlanname

SpecifiesthestringusedasthenameoftheVLAN(1to32characters).

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtosetthenameforVLAN7togreen:
B5(su)->set vlan name 7 green

clear vlan
UsethiscommandtoremoveastaticVLANfromthelistofVLANsrecognizedbythedevice.

Syntax
clear vlan vlan-list

Parameters
vlanlist

SpecifiestheVLANIDoftheVLAN(s)toberemoved.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoremoveastaticVLAN9fromthedevicesVLANlist:
B5(su)->clear vlan 9

10-6

802.1Q VLAN Configuration

clear vlan name

UsethiscommandtoremovethenameofaVLANfromtheVLANlist.

Syntax
clear vlan name vlan-list

Parameters
vlanlist

SpecifiestheVLANIDoftheVLAN(s)forwhichthenamewillbecleared.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoclearthenameforVLAN9:
B5(su)->clear vlan name 9

Enterasys B5 CLI Reference

10-7

Assigning Port VLAN IDs (PVIDs) and Ingress Filtering

Purpose
ToassigndefaultVLANIDstountaggedframesononeormoreports,toconfigureVLANingress
filteringandconstraints,andtosettheframediscardmode.

Commands
For information about...

Refer to page...

show port vlan

10-8

set port vlan

10-9

clear port vlan

10-9

show port ingress filter

10-10

set port ingress filter

10-11

show port discard

10-11

set port discard

10-12

show port vlan

UsethiscommandtodisplayportVLANidentifier(PVID)information.PVIDdeterminesthe
VLANtowhichalluntaggedframesreceivedononeormoreportswillbeclassified.

Syntax
show port vlan [port-string]

Parameters
portstring

(Optional)DisplaysPVIDinformationforspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 71.

Defaults
Ifportstringisnotspecified,portVLANinformationforallportswillbedisplayed.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayPVIDsassignedtoge.2.1through6.Inthiscase,untagged
framesreceivedontheseportswillbeclassifiedtoVLAN1:
B5(su)->show port vlan ge.2.1-6
ge.2.1 is set to 1
ge.2.2 is set to 1
ge.2.3 is set to 1
ge.2.4 is set to 1
10-8

802.1Q VLAN Configuration

set port vlan

ge.2.5 is set to 1
ge.2.6 is set to 1

set port vlan

UsethiscommandtoconfigurethePVID(portVLANidentifier)foroneormoreports.

Syntax
set port vlan port-string pvid [modify-egress | no-modify-egress]

Parameters
portstring

Specifiestheport(s)forwhichtoconfigureaVLANidentifier.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 71.

pvid

SpecifiestheVLANIDoftheVLANtowhichport(s)willbeadded.

modifyegress

(Optional)Addsport(s)toVLANsuntaggedegresslistandremovesthem
fromotheruntaggedegresslists.

nomodifyegress

(Optional)Doesnotpromptforormakeegresslistchanges.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
ThePVIDisusedtoclassifyuntaggedframesastheyingressintoagivenport.

Example
Thisexampleshowshowtoaddge.1.10totheportVLANlistofVLAN4(PVID4).
B5(su)->set vlan create 4
B5(su)->set port vlan ge.1.10 4 modify-egress

clear port vlan

Usethiscommandtoresetaports802.1QportVLANID(PVID)tothehostVLANID1.
Note: The following command will reset the specified ports egress status to tagged. To set the
specified ports back to the default egress status of untagged, you must issue the set port vlan
command as described on page 10-9.

Syntax
clear port vlan port-string

Enterasys B5 CLI Reference

10-9

show port ingress-filter

Parameters
portstring

Specifiestheport(s)toberesettothehostVLANID1.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 71.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoresetportsge.1.3through11toaVLAN IDof1(HostVLAN):
B5(su)->clear port vlan ge.1.3-11

show port ingress-filter

Usethiscommandtoshowallportsthatareenabledforportingressfiltering,whichlimits
incomingVLANIDframesaccordingtoaportVLANegresslist.IftheVLANIDspecifiedinthe
receivedframeisnotontheportsVLANegresslist,thenthatframeisdroppedandnot
forwarded.

Syntax
show port ingress-filter [port-string]

Parameters
portstring

(Optional)Specifiestheport(s)forwhichtodisplayingressfilteringstatus.
Foradetaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.

Defaults
Ifportstringisnotspecified,ingressfilteringstatusforallportswillbedisplayed.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaytheportingressfilterstatusforports10through15inslot1.
Inthiscase,theportsaredisabledforingressfiltering:
B5(su)->show port ingress-filter ge.1.10-15
Port
State
-------- --------ge.1.10 disabled
ge.1.11 disabled
ge.1.12 disabled
ge.1.13 disabled
ge.1.14 disabled
ge.1.15 disabled

10-10

802.1Q VLAN Configuration

set port ingress-filter

UsethiscommandtodiscardallframesreceivedwithaVLANIDthatdontmatchtheports
VLANegresslist.

Syntax
set port ingress-filter port-string {disable | enable}

Parameters
portstring

Specifiestheport(s)onwhichtoenableofdisableingressfiltering.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.

disable|enable

Disablesorenablesingressfiltering.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
Wheningressfilteringisenabledonaport,theVLANIDsofincomingframesarecomparedtothe
portsegresslist.IfthereceivedVLANIDdoesnotmatchaVLANIDontheportsegresslist,then
theframeisdropped.
IngressfilteringisimplementedaccordingtotheIEEE802.1Qstandard.

Example
Thisexampleshowshowtoenableportingressfilteringonge.1.3:
B5(su)->set port ingress-filter ge.1.3 enable

show port discard

Usethiscommandtodisplaytheframediscardmodeforoneormoreports.Portscanbesetto
discardframesbasedonwhetherornottheframecontainsaVLANtag.Theycanalsobesetto
discardbothtaggedanduntaggedframes,orneither.

Syntax
show port discard [port-string]

Parameters
portstring

(Optional)Displaystheframediscardmodeforspecificport(s).Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.

Defaults
If port-string is not specified, frame discard mode will be displayed for all
ports.

Enterasys B5 CLI Reference

10-11

set port discard

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaytheframediscardmodeforge.2.7.Inthiscase,theporthas
beensettodiscardalltaggedframes:
B5(su)->show port discard ge.2.7
Port
Discard Mode
------------ ------------ge.2.7
tagged

set port discard

Usethiscommandtosettheframediscardmodeononeormoreports.

Syntax
set port discard port-string {tagged | untagged | both | none}

Parameters
portstring

Specifiestheport(s)forwhichtosetframediscardmode.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 71.

tagged|

untagged|both|
none

TaggedDiscardallincoming(received)taggedpacketsonthedefined
port(s).
UntaggedDiscardallincominguntaggedpackets.

BothAlltrafficwillbediscarded(taggedanduntagged).

NoneNopacketswillbediscarded.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
Theoptionsaretodiscardallincomingtaggedframes,allincominguntaggedframes,neither
(essentiallyallowalltraffic),orboth(essentiallydiscardingalltraffic).
Acommonpracticeistodiscardalltaggedpacketonuserports.TypicallyanAdministratordoes
notwanttheendusersdefiningwhatVLANtheyuseforcommunication.

Example
Thisexampleshowshowtodiscardalltaggedframesreceivedonportge.3.3:
B5(su)->set port discard ge.3.3 tagged

10-12

802.1Q VLAN Configuration

Configuring the VLAN Egress List

Purpose
ToassignorremoveportsontheegresslistofaparticularVLAN.Thisdetermineswhichportson
theswitchwillbeeligibletotransmitframesforaparticularVLAN.Forexample,ports1,5,7,8
couldbeallowedtotransmitframesbelongingtoVLAN20andports7,8,9,10couldbeallowedto
transmitframestaggedwithVLAN30(aportcanbelongtomultipleVLANEgresslists).Note
thatthePortEgresslistforports7and8wouldcontainbothVLAN20and30.
Theportegresstypeforallportscanbesettotagged,forbidden,oruntagged.Ingeneral,VLANs
havenoegress(exceptforVLAN1)untiltheyareconfiguredbystaticadministration,orthrough
dynamicmechanismssuchasGVRP.
SettingaporttoforbiddenpreventsitfromparticipatinginthespecifiedVLANandensuresthat
anydynamicrequests(eitherthroughGVRPordynamicegress)fortheporttojointheVLANwill
beignored.Settingaporttountaggedallowsittotransmitframeswithoutatagheader.This
settingisusuallyusedtoconfigureaportconnectedtoanenduserdevice.Framessentbetween
VLANawareswitchesaretypicallytagged.
ThedefaultVLANdefaultsitsegresstountaggedforallports.

Commands
For information about...

Refer to page...

show port egress

10-13

set vlan forbidden

10-14

set vlan egress

10-15

clear vlan egress

10-15

show vlan dynamicegress

10-16

set vlan dynamicegress

10-17

show port egress

UsethiscommandtodisplaytheVLANmembershipforoneormoreports.

Syntax
show port egress [port-string]

Parameters
portstring

(Optional)DisplaysVLANmembershipforspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 71.

Defaults
Ifportstringisnotspecified,VLANmembershipwillbedisplayedforallports.

Enterasys B5 CLI Reference

10-13

set vlan forbidden

Mode
Switchcommand,readwrite.

Example
ThisexampleshowsyouhowtoshowVLANegressinformationforge.1.1through3.Inthiscase,
allthreeportsareallowedtotransmitVLAN1framesastaggedandVLAN10framesas
untagged.BotharestaticVLANs:
B5(su)->show port egress ge.1.1-3
Port
Vlan
Egress
Registration
Number
Id
Status
Status
------------------------------------------------------ge.1.1
1
tagged
static
ge.1.1
10
untagged
static
ge.1.2
1
tagged
static
ge.1.2
10
untagged
static
ge.1.3
1
tagged
static
ge.1.3
10
untagged
static

set vlan forbidden

UsethiscommandtopreventoneormoreportsfromparticipatinginaVLAN.Thissetting
instructsthedevicetoignoredynamicrequests(eitherthroughGVRPordynamicegress)forthe
porttojointheVLAN.

Syntax
set vlan forbidden vlan-id port-string

Parameters
vlanid

SpecifiestheVLANforwhichtosetforbiddenport(s).

portstring

Specifiestheport(s)tosetasforbiddenforthespecifiedvlanid.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowsyouhowtosetge.1.3toforbiddenforVLAN6:
B5(su)->set vlan forbidden 6 ge.1.3

10-14

802.1Q VLAN Configuration

set vlan egress

UsethiscommandtoaddportstotheVLANegresslistforthedevice,ortopreventoneormore
portsfromparticipatinginaVLAN.Thisdetermineswhichportswilltransmitframesfora
particularVLAN.

Syntax
set vlan egress vlan-list port-string [untagged | forbidden | tagged]

Parameters
vlanlist

Specifies the VLAN where a port(s) will be added to the egress list.

portstring

SpecifiesoneormoreportstoaddtotheVLANegresslistofthespecified
vlanlist.Foradetaileddescriptionofpossibleportstringvalues,referto
PortStringSyntaxUsedintheCLIonpage 71.

untagged|
forbidden|
tagged

(Optional)Addsthespecifiedportsas:

untaggedCausestheport(s)totransmitframeswithoutanIEEE
802.1Qheadertag.

forbiddenInstructsthedevicetoignoredynamicrequests(either
throughGVRPordynamicegress)fromtheport(s)tojointheVLAN
anddisallowsegressonthatport.

taggedCausestheport(s)totransmit802.1Qtaggedframes.

Defaults
Ifuntagged,forbiddenortaggedisnotspecified,theportwillbeaddedtotheVLANegresslist
astagged.

Mode
Switchcommand,readwrite.

Examples
Thisexampleshowshowtoaddge.1.5through10totheegresslistofVLAN7.Sincenotag
parameterisspecified,theseportswilltransmitVLAN7framesastagged,thedefaultcondition:
B5(su)->set vlan egress 7 ge.1.5-10

Thisexampleshowshowtoforbidports13through15inslot1fromjoiningVLAN7anddisallow
egressonthoseports:
B5(su)->set vlan egress 7 ge.1.13-15 forbidden

Thisexampleshowshowtoallowport2inslot1totransmitVLAN7framesasuntagged:
B5(su)->set vlan egress 7 ge.1.2 untagged

clear vlan egress

UsethiscommandtoremoveportsfromaVLANsegresslist.
Note: The following command will reset the specified ports egress status to tagged. To set the
specified ports back to the default egress status of untagged, you must issue the set vlan egress
command as described on page 10-15.

Enterasys B5 CLI Reference

10-15

show vlan dynamicegress

Syntax
clear vlan egress vlan-list port-string [forbidden]

Parameters
vlanlist

SpecifiesthenumberoftheVLANfromwhichaport(s)willberemoved
fromtheegresslist.

portstring

SpecifiesoneormoreportstoberemovedfromtheVLANegresslistofthe
specifiedvlanlist.Foradetaileddescriptionofpossibleportstringvalues,
refertoPortStringSyntaxUsedintheCLIonpage 71.

forbidden

(Optional)Clearstheforbiddensettingfromthespecifiedport(s)andresets
theport(s)asabletoegressframesifsoconfiguredbyeitherstaticor
dynamicmeans.

Defaults
Ifforbiddenisnotspecified,taggedanduntaggedsettingswillbecleared.

Mode
Switchcommand,readwrite.

Examples
Thisexampleshowshowtoremovege.3.14fromtheegresslistofVLAN 9:
B5(su)->clear vlan egress 9 ge.3.14

ThisexampleshowshowtoremoveallEthernetportsinslot2fromtheegresslistofVLAN4:
B5(su)->clear vlan egress 4 ge.2.*

show vlan dynamicegress

Usethiscommandtodisplaythestatusofdynamicegress(enabledordisabled)foroneormore
VLANs.

Syntax
show vlan dynamicegress [vlan-list]

Parameters
vlanlist

(Optional)DisplaysdynamicegressstatusforspecificVLAN(s).

Defaults
Ifvlanlistisnotspecified,thedynamicegressstatusforallVLANswillbedisplayed.

Mode
Switchcommand,readwrite.

10-16

802.1Q VLAN Configuration

set vlan dynamicegress

Example
ThisexampleshowshowtodisplaythedynamicegressstatusforVLANs5055:
B5(rw)->show vlan dynamicegress 50-55
VLAN 50 is disabled
VLAN 51 is disabled
VLAN 52 is disabled
VLAN 53 is enabled
VLAN 54 is enabled
VLAN 55 is enabled

set vlan dynamicegress

UsethiscommandtoadministrativelysetthedynamicegressstatusforoneormoreVLANs.

Syntax
set vlan dynamicegress vlan-list {enable | disable}

Parameters
vlanlist

SpecifiestheVLANsbyIDtoenableordisabledynamicegress.

enable|disable

Enablesordisablesdynamicegress.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
IfdynamicegressisenabledforaparticularVLAN,whenaportreceivesaframetaggedwiththat
VLANsID,theswitchwilladdthereceivingporttothatVLANsegresslist.Dynamicegressis
disabledontheEnterasysB5bydefault.
Forexample,assumeyouhave20AppleTalkusersonyournetworkwhoaremobileusers(thatis,
usedifferentportseveryday),butyouwanttokeeptheAppleTalktrafficisolatedinitsown
VLAN.YoucancreateanAppleTalkVLANwithaVLANIDof55withaclassificationrulethatall
AppleTalktrafficgetstaggedwithVLANID55.Then,youenabledynamicegressforVLAN55.
Now,whenanAppleTalkuserplugsintoportge.3.5andsendsanAppleTalkpacket,theswitch
willtagthepackettoVLAN55andalsoaddportge.3.5toVLAN55segresslist,whichallowsthe
AppleTalkusertoreceiveAppleTalktraffic.

Example
ThisexampleshowshowtoenabledynamicegressonVLAN55:
B5(rw)->set vlan dynamicegress 55 enable

Enterasys B5 CLI Reference

10-17

Setting the Host VLAN

Purpose
ToconfigureahostVLANthatonlyselectdevicesareallowedtoaccess.Thissecuresthehostport
formanagementonlytasks.
Note: The host port is the management entity of the device. Refer to Creating a Secure
Management VLAN on page 10-2 for more information.

Commands
For information about...
show host vlan

10-18

set host vlan

10-18

clear host vlan

10-19

show host vlan

UsethiscommandtodisplaythecurrenthostVLAN.

Syntax
show host vlan

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaythehostVLAN:
B5(su)->show host vlan
Host vlan is 7.

set host vlan

UsethiscommandtoassignhoststatustoaVLAN.

Syntax
set host vlan vlan-id

10-18

Refer to page...

802.1Q VLAN Configuration

clear host vlan

Parameters
vlanid

SpecifiesthenumberoftheVLANtosetasthehostVLAN.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
ThehostVLANshouldbeasecureVLANwhereonlydesignatedusersareallowedaccess.For
example,ahostVLANcouldbespecificallycreatedfordevicemanagement.Thiswouldallowa
managementstationconnectedtothemanagementVLANtomanageallportsonthedeviceand
makemanagementsecurebypreventingmanagementviaportsassignedtootherVLANs.
Note: Before you can designate a VLAN as the host VLAN, you must create a VLAN using the set
of commands described in Creating and Naming Static VLANs on page 10-5.

Example
ThisexampleshowshowtosetVLAN7asthehostVLAN:
B5(su)->set host vlan 7

clear host vlan

UsethiscommandtoresetthehostVLANtothedefaultsettingof1.

Syntax
clear host vlan

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtosetthehostVLANtothedefaultsetting:
B5(su)->clear host vlan

Enterasys B5 CLI Reference

10-19

Enabling/Disabling GVRP (GARP VLAN Registration Protocol)

About GARP VLAN Registration Protocol (GVRP)
Thefollowingsectionsdescribethedeviceoperationwhenitsportsareoperatingunderthe
GenericAttributeRegistrationProtocol(GARP)applicationGARPVLANRegistrationProtocol
(GVRP).

Overview
ThepurposeofGVRPistodynamicallycreateVLANsacrossaswitchednetwork.WhenaVLAN
isdeclared,theinformationistransmittedoutGVRPconfiguredportsonthedeviceinaGARP
formattedframeusingtheGVRPmulticastMACaddress.Aswitchthatreceivesthisframe,
examinestheframe,andextractstheVLANIDs.GVRPthencreatestheVLANsandaddsthe
receivingporttoitstaggedmemberlistfortheextractedVLANID(s).Theinformationisthen
transmittedouttheotherGVRPconfiguredportsofthedevice.Figure 101showsanexampleof
howVLANbluefromendstationAwouldbepropagatedacrossaswitchnetwork.

How It Works
InFigure 101onpage 1021,Switch4,port1isregisteredasbeingamemberofVLANBlueand
thendeclaresthisfactoutallitsports(2and3)toSwitch1andSwitch 2.Thesetwodevices
registerthisintheportegresslistsoftheports(Switch1,port1andSwitch2,port1)thatreceived
theframeswiththeinformation.Switch2,whichisconnectedtoSwitch3andSwitch5declares
thesameinformationtothosetwodevicesandtheportegresslistofeachportisupdatedwiththe
newinformation,accordingly.
ConfiguringaVLANonan802.1QswitchcreatesastaticVLANentry.Theentrywillalways
remainregisteredandwillnottimeout.However,dynamicentrieswilltimeoutandtheir
registrationswillberemovedfromthememberlistiftheendstationAisremoved.Thisensures
that,ifswitchesaredisconnectedorifendstationsareremoved,theregisteredinformation
remainsaccurate.
TheendresultisthattheportegresslistofaportisupdatedwithinformationaboutVLANsthat
resideonthatport,eveniftheactualstationontheVLANisseveralhopsaway.

10-20

802.1Q VLAN Configuration

Enabling/Disabling GVRP (GARP VLAN Registration Protocol)

Figure 10-1

Example of VLAN Propagation via GVRP

Switch 3

Switch 2

R 2D

Switch 1

2
End
Station A

D 3 D

R
D

Switch 4

R Switch 5

= Port registered as a member of VLAN Blue

= Port declaring VLAN Blue

Purpose
TodynamicallycreateVLANsacrossaswitchednetwork.TheGVRPcommandsetisusedto
displayGVRPconfigurationinformation,thecurrentglobalGVRPstatesetting,individualport
settings(enableordisable)andtimersettings.Bydefault,GVRPisdisabledgloballyonthedevice
anddisabledonallports.

Commands
For information about...

Refer to page...

show gvrp

10-22

show garp timer

10-22

set gvrp

10-23

clear gvrp

10-24

set garp timer

10-25

clear garp timer

10-25

Enterasys B5 CLI Reference

10-21

show gvrp

show gvrp
UsethiscommandtodisplayGVRPconfigurationinformation.

Syntax
show gvrp [port-string]

Parameters
portstring

(Optional)DisplaysGVRPconfigurationinformationforspecificport(s).For
adetaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.

Defaults
Ifportstringisnotspecified,GVRPconfigurationinformationwillbedisplayedforallportsand
thedevice.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayGVRPstatusforthedeviceandforfw.2.1:
B5(su)->show gvrp ge.2.1
Global GVRP status is enabled.
Port Number
----------ge.2.1

GVRP status
----------disabled

show garp timer

UsethiscommandtodisplayGARPtimervaluesforoneormoreports.

Syntax
show garp timer [port-string]

Parameters
portstring

(Optional)DisplaysGARPtimerinformationforspecificport(s).Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.

Defaults
Ifportstringisnotspecified,GARPtimerinformationwillbedisplayedforallports.

Mode
Switchcommand,readonly.

10-22

802.1Q VLAN Configuration

set gvrp

Example
ThisexampleshowshowtodisplayGARPtimerinformationonports1through10inslot1:
Note: For a functional description of the terms join, leave, and leaveall timers, refer to the
standard IEEE 802.1Q documentation, which is not supplied with this device.
B5(su)->show garp timer ge.1.1-10
Port based GARP Configuration: (Timer units are centiseconds)
Port Number
Join
Leave
Leaveall
----------- ---------- ---------- ---------ge.1.1
20
60
1000
ge.1.2
20
60
1000
ge.1.3
20
60
1000
ge.1.4
20
60
1000
ge.1.5
20
60
1000
ge.1.6
20
60
1000
ge.1.7
20
60
1000
ge.1.8
20
60
1000
ge.1.9
20
60
1000
ge.1.10
20
60
1000

Table 103providesanexplanationofthecommandoutput.Fordetailsonusingthesetgvrp
commandtoenableordisableGVRP,refertosetgvrponpage 1023.Fordetailsonusingtheset
garptimercommandtochangedefaulttimervalues,refertosetgarptimeronpage 1025.
Table 10-3

show gvrp configuration Output Details

Output Field

What It Displays...

Port Number

Port designation. For a detailed description of possible port-string values, refer to

Port String Syntax Used in the CLI on page 7-1.

Join

Join timer setting.

Leave

Leave timer setting.

Leaveall

Leavall timer setting.

set gvrp
UsethiscommandtoenableordisableGVRPgloballyonthedeviceorononeormoreports.

Syntax
set gvrp {enable | disable} [port-string]

Parameters
disable|
enable

DisablesorenablesGVRPonthedevice.

portstring

(Optional)DisablesorenablesGVRPonspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsedin
theCLIonpage 71.

Defaults
Ifportstringisnotspecified,GVRPwillbedisabledorenabledforallports.

Enterasys B5 CLI Reference

10-23

clear gvrp

ThedefaultconditionontheswitchisGVRPenabledglobally,disabledperports.

Mode
Switchcommand,readwrite.

Examples
ThisexampleshowshowtoenableGVRPgloballyonthedevice:
B5(su)->set gvrp enable

ThisexampleshowshowtodisableGVRPgloballyonthedevice:
B5(su)->set gvrp disable

ThisexampleshowshowtoenableGVRPonge.1.3:
B5(su)->set gvrp enable ge.1.3

clear gvrp
UsethiscommandtoclearGVRPstatusononeormoreports.

Syntax
clear gvrp [port-string]

Parameters
portstring

(Optional)ClearsGVRPstatusonspecificport(s).Foradetaileddescriptionof
possibleportstringvalues,refertoPortStringSyntaxUsedintheCLIon
page 71.

Defaults
Ifportstringisnotspecified,GVRPstatuswillbeclearedtothedefaultconditionforallports.
ThedefaultconditionontheswitchisGVRPdisabledperport.

Mode
Switchcommand,readwrite.

Usage
ThiscommanddoesnotaffecttheglobalstateofGVRP.ToenableordisableGVRPglobally,use
thesetgvrpenable|disablecommand.

Example
ThisexampleshowshowtoclearGVRPstatusonallportsonthedevice:
B5(su)->clear gvrp

10-24

802.1Q VLAN Configuration

set garp timer

Usethiscommandtoadjustthevaluesofthejoin,leave,andleavealltimers.

Syntax
set garp timer {[join timer-value] [leave timer-value] [leaveall timer-value]}
port-string

Parameters
jointimervalue

SetstheGARPjointimerincentiseconds(Referto802.1Qstandard.)

leavetimervalue

SetstheGARPleavetimerincentiseconds(Referto802.1Qstandard.)

leavealltimer
value

SetstheGARPleavealltimerincentiseconds(Referto802.1Qstandard.)

portstring

Specifiestheport(s)onwhichtoconfigureGARPtimersettings.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
Thesettingofthesetimersiscriticalandshouldonlybechangedbypersonnelfamiliarwiththe
802.1Qstandardsdocumentation,whichisnotsuppliedwiththisdevice.

Examples
ThisexampleshowshowtosettheGARPjointimervalueto100centisecondsforallports:
B5(su)->set garp timer join 100 *.*.*

Thisexampleshowshowtosettheleavetimervalueto300centisecondsforallports:
B5(su)->set garp timer leave 300 *.*.*

Thisexampleshowshowtosettheleavealltimervalueto20000centisecondsforallports:
B5(su)->set garp timer leaveall 20000 *.*.*

clear garp timer

UsethiscommandtoresetGARPtimersbacktodefaultvalues.

Syntax
clear garp timer {[join] [leave] [leaveall]} port-string

Enterasys B5 CLI Reference

10-25

clear garp timer

Parameters
join

(Optional)Resetsthejointimerto20centiseconds.

leave

(Optional)Resetstheleavetimerto60centiseconds.

leaveall

(Optional)Resetstheleavealltimeto1000centiseconds.

portstring

SpecifiestheportorportsonwhichtoresettheGARPtimer(s).

Defaults
Atleastoneoptionalparametermustbeentered.

Mode
Switchcommand,readwrite.

Example
TheexampleshowshowtoresettheGARPleavetimerto60centiseconds.
B5(su)->clear garp timer leave ge.1.1

10-26

802.1Q VLAN Configuration

11
Policy Classification Configuration
ThischapterdescribesthePolicyClassificationsetofcommandsandhowtousethem.
For information about...

Refer to page...

Policy Classification Configuration Summary

11-1

Configuring Policy Profiles

11-2

Configuring Classification Rules

11-6

Assigning Ports to Policy Profiles

11-14

Configuring Policy Class of Service (CoS)

11-16

Note: An Enterasys Networks Feature Guide document containing an in-depth discussion of Policy
configuration is located on the Enterasys Networks web site:
https://extranet.enterasys.com/downloads/

Policy Classification Configuration Summary

EnterasysB5devicessupportpolicyprofilebasedprovisioningofnetworkresourcesbyallowing
ITadministratorsto:

Create,changeorremovepolicyprofilesbasedonbusinessspecificuseofnetworkservices.

Permitordenyaccesstospecificservicesbycreatingandassigningclassificationruleswhich
mapuserprofilestoprotocolbasedframefilteringpoliciesconfiguredforaparticularVLAN
orClassofService(CoS).

Assignorunassignportstopolicyprofilessothatonlyportsactivatedforaprofilewillbe
allowedtotransmitframesaccordingly.
Note: It is recommended that you use Enterasys Networks NMS Policy Manager as an alternative
to CLI for configuring policy classification on the Enterasys B5 devices.

Enterasys B5 CLI Reference

11-1

Configuring Policy Profiles

Purpose
Toreview,create,changeandremoveuserprofilesthatrelatetobusinessdrivenpoliciesfor
managingnetworkresources.
Note: B3, B5, C3, C5, and G3 devices support profile-based CoS traffic rate limiting only. Policy
rules specifying CoS will only rate limit on D2, C2 and B2 devices, including when C2 and B2
devices are configured on mixed stacks containing B3 and C3 devices.

Commands
For information about...

Refer to page...

show policy profile

11-2

set policy profile

11-4

clear policy profile

11-5

show policy profile

Usethiscommandtodisplaypolicyprofileinformation.

Syntax
show policy profile {all | profile-index [consecutive-pids] [-verbose]}

Parameters
all|profileindex

Displayspolicyinformationforallprofileindexesoraspecificprofileindex.

consecutivepids

(Optional)Displaysinformationforspecifiedconsecutiveprofileindexes.

verbose

(Optional)Displaysdetailedinformation.

Defaults
Ifoptionalparametersarenotspecified,summaryinformationwillbedisplayedforthespecified
indexorallindices.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaypolicyinformationforprofile11:
B5(su)->show policy profile 11
Profile Index
: 11
Profile Name
: MacAuth1
Row Status
: active
Port VID Status
: Enable
Port VID Override
: 11
CoS
: 0

11-2

Policy Classification Configuration

show policy profile

CoS Status
Egress Vlans
Forbidden Vlans
Untagged Vlans
Rule Precedence

Admin Profile Usage

Oper Profile Usage
Dynamic Profile Usage

: Disable
: none
: none
: none
: 1-31
:MACSource(1),MACDest(2),Unknown(3),
:Unknown(4),Unknown(5),Unknown(6),
:Unknown(7),Unknown(8),Unknown(9),
:Unknown(10),Unknown(11),IPSource(12),
:IPDest(13),IPFrag(14),UDPSrcPort(15),
:UDPDestPort(16),TCPSrcPort(17),TCPDestPort(18),
:ICMPType(19),Unknown(20),IPTOS(21),
:IPProto(22),Unknown(23),Unknown(24),
:Ether(25),Unknown(26),VLANTag(27),
:Unknown(28),Unknown(29),Unknown(30),
:port(31)
: none
: none
: none

Table 111providesanexplanationofthecommandoutput.
Table 11-1

show policy profile Output Details

Output Field

What It Displays...

Profile Index

Number of the profile.

Profile Name

User-supplied name assigned to this policy profile.

Row Status

Whether or not the policy profile is enabled (active) or disabled.

Port VID Status

Whether or not PVID override is enabled or disabled for this profile. If all
classification rules associated with this profile are missed, then this parameter, if
specified, determines default behavior.

Port VID Override

The PVID assigned to packets, if PVID override is enabled.

CoS

CoS priority value to assign to packets, if CoS override is enabled.

CoS Status

Whether or not Class of Service override is enabled or disabled for this profile. If all
classification rules associated with this profile are missed, then this parameter, if
specified, determines default behavior.

Egress VLANs

VLAN(s) that ports to which the policy profile is assigned can use for tagged egress.

Forbidden VLANs

VLAN(s) forbidden to ports to which the policy profile is assigned.

Untagged VLANs

VLAN(s) that ports to which the policy profile is assigned can use for untagged
egress.

Rule Precedence

Displays the precedence of types of rules.

Admin Profile Usage Ports administratively assigned to use this policy profile.
Oper Profile Usage

Ports currently assigned to use this policy profile.

Dynamic Profile
Usage

Port dynamically assigned to use this policy profile.

Enterasys B5 CLI Reference

11-3

set policy profile

Usethiscommandtocreateapolicyprofileentry.

Syntax
set policy profile profile-index [name name] [pvid-status {enable | disable}]
[pvid pvid] [cos-status {enable | disable}] [cos cos] [egress-vlans egressvlans][forbidden-vlans forbidden-vlans] [untagged-vlans untagged-vlans]
[precedence precedence-list] [append] [clear]

Parameters
profileindex

Specifiesanindexnumberforthepolicyprofile.Validvaluesare1255.

namename

(Optional)Specifiesanameforthepolicyprofile.Thisisastringfrom1to
64characters.

pvidstatus
enable|disable

(Optional)EnablesordisablesPVIDoverrideforthisprofile.Ifall
classificationrulesassociatedwiththisprofilearemissed,thenthis
parameter,ifspecified,determinesdefaultbehavior.

pvidpvid

(Optional)SpecifiesthePVIDtopackets,ifPVIDoverrideisenabledand
invokedasdefaultbehavior.

cosstatusenable
|disable

(Optional)EnablesordisablesClassofServiceoverrideforthisprofile.Ifall
classificationrulesassociatedwiththisprofilearemissed,thenthis
parameter,ifspecified,determinesdefaultbehavior.
Note: A maximum of 99 rules can be supported per policy profile for policy profiles
that have cos-status enabled.

coscos

(Optional)SpecifiesaCoSvaluetoassigntopackets,ifCoSoverrideis
enabledandinvokedasdefaultbehavior.Validvaluesare0to7.

egressvlans
egressvlans

(Optional)Specifiesthattheporttowhichthispolicyprofileisapplied
shouldbeaddedtotheegresslistoftheVLANsdefinedbyegressvlans.
Packetswillbeformattedastagged.

forbiddenvlans
forbiddenvlans

(Optional)Specifiesthattheporttowhichthispolicyprofileisapplied
shouldbeaddedasforbiddentotheegresslistoftheVLANsdefinedby
forbiddenvlans.Packetsfromthisportwillnotbeallowedtoparticipatein
thelistedVLANs.

untaggedvlans
untaggedvlans

(Optional)Specifiesthattheporttowhichthispolicyprofileisapplied
shouldbeaddedtotheegresslistoftheVLANsdefinedbyuntaggedvlans.
Packetswillbeformattedasuntagged.

append

(Optional)Appendsthispolicyprofilesettingtosettingspreviously
specifiedforthispolicyprofilebytheegressvlans,forbiddenvlans,or
untaggedvlansparameters.
Ifappendisnotused,previousVLANsettingsarereplaced.

11-4

clear

(Optional)Appendsthispolicyprofilesettingfromsettingspreviously
specifiedforthispolicyprofilebytheegressvlans,forbiddenvlans,or
untaggedvlansparameters.

precedence
precedencelist

(Optional)Assignsaruleprecedencetothisprofile.Lowervalueswillbe
givenhigherprecedence.Foralistofvalues,refertotheshowpolicy
profilecommandoutput.

Policy Classification Configuration

clear policy profile

Defaults
Ifoptionalparametersarenotspecified,nonewillbeapplied.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtocreateapolicyprofile1namednetadminwithPVIDoverride
enabledforPVID10,andClassofServiceoverrideenabledforCoS5.ThisprofilecanuseVLAN
10foruntaggedegress:
B5(su)->set policy profile 1 name netadmin pvid-status enable pvid 10 cos-status
enable cos 5 untagged-vlans 10

clear policy profile

Usethiscommandtodeleteapolicyprofileentry.

Syntax
clear policy profile profile-index

Parameters
profileindex

Specifiestheindexnumberoftheprofileentrytobedeleted.Validvalues
are1to255.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtodeletepolicyprofile8:
B5(su)->clear policy profile 8

Enterasys B5 CLI Reference

11-5

Configuring Classification Rules

Purpose
Toreview,create,assign,andunassignclassificationrulestopolicyprofiles.Thismapsuser
profilestoprotocolbasedframefilteringpolicies.
Note: B3, B5, C3, C5, and G3 devices support profile-based CoS traffic rate limiting only. Policy
rules specifying CoS will only rate limit on D2, C2 and B2 devices, including when C2 and B2
devices are configured on mixed stacks containing B3 and C3 devices.

Commands
For information about...

Refer to page...

show policy rule

11-6

show policy capability

11-8

set policy rule

11-10

clear policy rule

11-12

clear policy all-rules

11-13

show policy rule

Usethiscommandtodisplaypolicyclassificationruleinformation.

Syntax
show policy rule [all | admin-profile | profile-index] [ether |ipproto |
ipdestsocket | ipsourcesocket | iptos | macdest | macsource | tcpdestport |
tcpsourceport | udpdestport | udpsourceport] [data] [mask mask] [port-string portstring] [rule-status {active | not-in-service | not-ready}] [storage-type {nonvolatile | volatile}] | [drop | forward] [dynamic-pid dynamic-pid] [cos cos]
[admin-pid admin-pid] [-verbose] [usage-list] [display-if-used]

Parameters

11-6

all|admin
profile|profile
index

Displayspolicyclassificationrulesforallprofiles,theadminprofile,orfor
aspecificprofileindexnumber.Validvaluesare11023.

ether

DisplaysEthernettypeIIrules.

ipproto

DisplaysIPprotocolfieldinIPpacketrules.

ipdestsocket

DisplaysIPdestinationaddressrules.

ipsourcesocket

DisplaysIPsourceaddressrules.

iptos

DisplaysTypeofServicerules.

macdest

DisplaysMACdestinationaddressrules.

macsource

DisplaysMACsourceaddressrules.

tcpdestport

DisplaysTCPdestinationportrules.

Policy Classification Configuration

show policy rule

tcpsourceport

DisplaysTCPsourceportrules.

udpdestport

DisplaysUDPdestinationportrules.

udpsourceport

DisplaysUDPsourceportrules.

data

Displaysrulesforapredefinedclassifier.Thisvalueisdependentonthe
classificationtypeentered.RefertoTable 113forvalidvaluesforeach
classificationtype.

maskmask

(Optional)Displaysrulesforaspecificdatamask.RefertoTable 113for
validvaluesforeachclassificationtypeanddatavalue.

portstringport
string

(Optional)Displaysrulesrelatedtoaspecificingressport.

rulestatusactive (Optional)Displaysrulesrelatedtoaspecificrulesstatus.
|notinservice|
notready
storagetypenon
volatile|volatile

(Optional)Displaysrulesconfiguredforeithernonvolatileorvolatile
storage.

drop|forward

Displaysrulesbasedonwhethermatchingpacketswillbedroppedor
forwarded.

dynamicpid
dynamicpid

DisplaysrulesassociatedwithaspecificdynamicpolicyID.

coscos

(Optional)DisplaysrulesforaClassofServicevalue.

adminpid
adminpid

DisplaysrulesassociatedwithaspecificadministrativepolicyID[1..1023].

verbose

(Optional)Displaysdetailedinformation.

usagelist

(Optional)Ifselected,eachrulesusagelistshallbecheckedandshall
displayonlythoseportswhichhaveappliedthisrule.

displayifused

(Optional)Displaysrule(s)onlyiftheyareappliedtoatleastoneport.

Defaults
Ifverboseisnotspecified,summaryinformationwillbedisplayed.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaypolicyclassificationinformationforEthernettype2rules
B5(su)->show policy rule ether
|PID |Rule Type
|Rule Data
|02
|Ether
|2048 (0x0800)
|02
|Ether
|2049 (0x0801)
|02
|Ether
|2989 (0x0bad)
|02
|Ether
|33079 (0x8137)

|Mk|PortStr
|16|All
|16|All
|16|All
|16|All

|RS|ST|VLAN|CoS
| A|NV|fwrd|
| A|NV|drop|
| A|NV|drop|
| A|NV|drop|

|U|
|?|
|?|
|?|
|?|

|Mk|PortStr
|16|ge.1.1
|16|ge.1.2
|16|ge.1.3

|RS|ST|dPID|aPID|U|
| A|NV|
|
1|?|
| A|NV|
|
1|?|
| A|NV|
|
1|?|

Enterasys B5 CLI Reference

11-7

show policy capability

|ge.1.4
|ge.1.5
|ge.1.6
|ge.1.7
|ge.1.8
|ge.1.9
|ge.1.10
|ge.1.11
|ge.1.12

|16|ge.1.4
|16|ge.1.5
|16|ge.1.6
|16|ge.1.7
|16|ge.1.8
|16|ge.1.9
|16|ge.1.10
|16|ge.1.11
|16|ge.1.12

|
|
|
|
|
|
|
|
|

A|NV|
A|NV|
A|NV|
A|NV|
A|NV|
A|NV|
A|NV|
A|NV|
A|NV|

|
|
|
|
|
|
|
|
|

1|?|
1|?|
1|?|
1|?|
1|?|
1|?|
1|?|
1|?|
1|?|

Table 112providesanexplanationofthecommandoutput.
Table 11-2

show policy rule Output Details

Output Field

What It Displays...

PID

Profile index number. Assigned to this classification rule with the set policy profile
command (set policy profile on page 11-4).

Rule Type

Type of classification rule. Refer to Table 11-3 for valid types.

Rule Data

Rule data value. Refer to Table 11-3 for valid values for each classification type.

Rule data mask. Refer to Table 11-3 for valid values for each classification data
value.

PortStr

Ingress port(s) to which this rule applies.

Whether or not the status of this rule is active (A), not in service or not ready.

Whether or not this rules storage type is non-volatile (NV) or volatile (V).

VLAN

VLAN ID to which this rule applies and whether or not matching packets will be
dropped or forwarded.

CoS

If applicable, Class of Service value to which this rule applies.

Whether or not this rule has been used.

dPID

Whether or not this is a dynamic profile ID.

aPID

Whether or not this is an administrative profile ID.

show policy capability

Usethiscommandtodisplaydetailedpolicyclassificationcapabilitiessupportedbyyour
EnterasysB5device.

Syntax
show policy capability

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

11-8

Policy Classification Configuration

show policy capability

Usage
Usethiscommandtodisplaydetailedpolicyclassificationcapabilitiessupportedbyyour
EnterasysB5device.Theoutputofthiscommandshowsatablelistingclassifiabletrafficattributes
andthetypeofactions,byruletype,thatcanbeexecutedrelativetoeachattribute.Abovethe
tableisalistofalltheactionspossibleonthisdevice.
Theleftmostcolumnofthetablelistsallpossibleclassifiabletrafficattributes.Thenexttwo
columnsfromtheleftindicatehowpolicyprofilesmaybeassigned,eitheradministrativelyor
dynamically.Thenextfourcolumnsfromtheleftindicatetheactionsthatmaybeperformed.The
lastthreecolumnsindicateauditingoptions.
Anxinanactioncolumnforatrafficattributerowindicatesthatyoursystemhasthecapabilityto
performthatactionfortrafficclassifiedbythatattribute.

Example
Thisexampleshowshowtodisplaythedevicespolicyclassificationcapabilities.Refertoset
policyruleonpage 1110foradescriptionoftheparametersdisplayed:
B5(su)->show policy capability
The following supports related to policy are supported in this device:
VLAN Forwarding
Priority
Permit
Deny
Precedence Reordering
Rules Table
Longest Prefix Rules
=============================================================
|
| D |
|
|
|
| F |
|
| D |
|
| Y |
|
|
|
| O | S |
| I |
|
| N | A |
|
|
| R | Y |
| S |
|
| A | D | V |
| D | W | S | T | A |
|
| M | M | L | C | R | A | L | R | B |
|
| I | I | A | O | O | R | O | A | L |
| SUPPORTED RULE TYPES
| C | N | N | S | P | D | G | P | E |
=============================================================
|MAC source address
|
|
|
| X | X | X |
|
|
|
|MAC destination address |
|
|
| X | X | X |
|
|
|
|IPX source address
|
|
|
|
|
|
|
|
|
|
|IPX destination address |
|
|
|
|
|
|
|
|
|
|IPX source socket
|
|
|
|
|
|
|
|
|
|
|IPX destination socket
|
|
|
|
|
|
|
|
|
|
|IPX transmission control |
|
|
|
|
|
|
|
|
|
|IPX type field
|
|
|
|
|
|
|
|
|
|
|IPv6 source address
|
|
|
|
|
|
|
|
|
|
|IPv6 destination address |
|
|
|
|
|
|
|
|
|
|IPv6 flow label
|
|
|
|
|
|
|
|
|
|
|IP source address
|
|
|
| X | X | X |
|
|
|
|IP destination address
|
|
|
| X | X | X |
|
|
|
|IP fragmentation
|
|
|
|
|
|
|
|
|
|
|UDP port source
|
|
|
| X | X | X |
|
|
|
|UDP port destination
|
|
|
| X | X | X |
|
|
|
|TCP port source
|
|
|
| X | X | X |
|
|
|
|TCP port destination
|
|
|
| X | X | X |
|
|
|
|ICMP packet type
|
|
|
| X | X | X |
|
|
|
|TTL
|
|
|
|
|
|
|
|
|
|
|IP type of service
|
|
|
| X | X | X |
|
|
|
|IP proto
|
|
|
| X | X | X |
|
|
|
|Ether II packet type
|
|
| X | X | X | X |
|
|
|
|LLC DSAP/SSAP/CTRL
|
|
|
|
|
|
|
|
|
|
|VLAN tag
|
|
|
|
|
|
|
|
|
|
|Replace tci
|
|
|
|
|
|
|
|
|
|
|Port string
| X | X | X | X | X | X |
|
|
|

Enterasys B5 CLI Reference

11-9

set policy rule

=============================================================

set policy rule

UsethiscommandtoassignincominguntaggedframestoaspecificpolicyprofileandtoVLANor
ClassofServiceclassificationrules.

Syntax
set policy rule profile-index {ether | ipproto | ipdestsocket | ipsourcesocket |
iptos | macdest | macsource | tcpdestport | tcpsourceport | udpdestport |
udpsourceport} data [mask mask] {[vlan vlan] [cos cos] | [drop | forward]}

Note: Classification rules are automatically enabled when created.

Parameters
Thefollowingparametersapplytocreatingatrafficclassificationrule.

11-10

profileindex

Specifiesapolicyprofilenumbertowhichthisrulewillbeassigned.
Policyprofilesareconfiguredwiththesetpolicyprofilecommandas
describedinsetpolicyprofileonpage 114.Validprofileindexvalues
are1255.

ether

Specifiesthattheruleshouldapplytotrafficwiththespecifiedtypefield
inEthernetIIpacket.

ipproto

SpecifiesthattheruleshouldapplytotrafficwiththespecifiedProtocol
fieldinIPpacket.

ipdestsocket

Specifiesthattheruleshouldapplytotrafficwiththespecified
destinationIPaddresswithoptionalpostfixedTCPorUDPport.

ipsourcesocket

SpecifiesthattheruleshouldapplytotrafficwiththespecifiedsourceIP
address,withoptionalpostfixedTCPorUDPport.

iptos

SpecifiesthattheruleshouldapplytotrafficwiththespecifiedTypeof
ServicefieldinIPpacket.

macdest

SpecifiesthattheruleshouldapplytotrafficwiththespecifiedMAC
destinationaddress.

macsource

SpecifiesthattheruleshouldapplytotrafficwiththespecifiedMAC
sourceaddress.

tcpdestport

SpecifiesthattheruleshouldapplytotrafficwiththespecifiedTCP
destinationport.

tcpsourceport

SpecifiesthattheruleshouldapplytotrafficwiththespecifiedTCP
sourceport.

udpdestport

SpecifiesthattheruleshouldapplytotrafficwiththespecifiedUDP
destinationport.

udpsourceport

SpecifiesthattheruleshouldapplytotrafficwiththespecifiedUDP
sourceport.

data

Specifiesthecodeforthespecifiedtrafficclassifier(listedabove).This
valueisdependentontheclassificationtypeentered.RefertoTable 113
forvalidvaluesforeachclassificationtype.

Policy Classification Configuration

set policy rule

maskmask

(Optional)Specifiesthenumberofsignificantbitstomatch,dependenton
thedatavalueentered.RefertoTable 113forvalidvaluesforeach
classificationtypeanddatavalue.

vlanvlan

SpecifiestheactionoftheruleistoclassifytoaVLANID.

coscos

SpecifiestheactionoftheruleistoclassifytoaClassofServiceID.Valid
valuesare04095.Avalueof1indicatesthatnoCoSforwarding
behaviormodificationisdesired.(NotsupportedonB3,B5,C3,C5,and
G3.)

drop|forward

Specifiesthatpacketswithinthisclassificationwillbedroppedor
forwarded.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
Apolicyclassificationrulehastwomainparts:TrafficDescriptionandActions.TheTraffic
Descriptionidentifiesthetypeoftraffictowhichtherulewillpertain.Actionsspecifywhether
thattrafficwillbeassignedclassofservice,assignedtoaVLAN,orboth.
Table 113providesthesetpolicyruledatavaluesthatcanbeenteredforaparticularparameter,
andthemaskbitsthatcanbeenteredforeachclassifierassociatedwiththatparameter.
Table 11-3

Valid Values for Policy Classification Rules

Classification Rule Parameter

data value

mask bits

ether

Type field in Ethernet II packet:

1536 - 65535 or 0x600 - 0xFFFF

Not applicable.

ipproto

Protocol field in IP packet:

0 - 255 or 0 - 0xFF

Not applicable.

Destination or Source IP Address:

ipdestsocket
ipsourcesocket

IP Address in dotted decimal

format: 000.000.000.000 and
(Optional) post-fixed port: 0 65535

1 - 48

iptos

Type of Service field in IP packet:

0 - 252 or 0 - 0xFC

Not applicable.

Destination or Source MAC:

macdest
macsource

MAC Address: 00-00-00-00-0000

1 - 48

Destination or Source TCP port:

tcpdestport
tcpsourceport

TCP Port Number:

0 - 65535 or 0 - 0xFFFF

1 - 16

Destination or Source UDP port:

udpsourceport
udpdestport

UDP Port Number:

0 - 65535 or 0 - 0xFFFF

1 - 16

Enterasys B5 CLI Reference

11-11

clear policy rule

Examples
ThisexampleshowshowtouseTable 113toassignaruletopolicyprofile3thatwillfilter
EthernetIIType1526framestoVLAN7:
B5(su)->set policy rule 3 ether 1526 vlan 7

ThisexampleshowshowtouseTable 113toassignaruletopolicyprofile5thatwillforward
UDPpacketsfromsourceport45:
B5(su)->set policy rule 5 udpportsource 45 forward

ThisexampleshowshowtouseTable 113toassignaruletopolicyprofile1thatwilldropIP
sourcetrafficfromIPaddress1.2.3.4.Ifmask32isnotspecifiedasshown,adefaultmaskof48bits
(IPaddress+port)wouldbeapplied:
B5(su)->set policy rule 1 ipsourcesocket 1.2.3.4 mask 32 drop

clear policy rule

Usethiscommandtodeletepolicyclassificationruleentries.

Syntax
clear policy rule profile-index {all-pid-entries | {ether | ipproto | ipdestsocket
| ipsourcesocket | iptos | macdest | macsource | tcpdestport | tcpsourceport |
udpdestport | udpsourceport}}

Parameters
Thefollowingparametersapplytodeletingaclassificationrule.
profileindex

Specifiesapolicyprofileforwhichtodeleteclassificationrules.Valid
profileindexvaluesare1255.

allpidentries

Deletesallentriesassociatedwiththespecifiedpolicyprofile.

ether

DeletesassociatedEthernetIIclassificationrule.

ipproto

DeletesassociatedIPprotocolclassificationrule.

ipdestsocket

DeletesassociatedIPdestinationclassificationrule.

ipsourcesocket

DeletesassociatedIPsourceclassificationrule.

iptos

DeletesassociatedIPTypeofServiceclassificationrule.

macdest

DeletesassociatedMACdestinationaddressclassificationrule.

macsource

DeletesassociatedMACsourceaddressclassificationrule.

tcpdestport

DeletesassociatedTCPdestinationportclassificationrule.

tcpsourceport

DeletesassociatedTCPsourceportclassificationrule.

udpdestport

DeletesassociatedUDPdestinationportclassificationrule.

udpsourceport

DeletesassociatedUDPsourceportclassificationrule.

Defaults
Whenapplicable,dataandmaskmustbespecifiedforindividualrulestobecleared.

Mode
Switchcommand,readwrite.

11-12

Policy Classification Configuration

clear policy all-rules

Examples
ThisexampleshowshowtodeleteEthernetIIType1526classificationruleentriesassociatedwith
policyprofile1fromallports.
B5(su)->clear policy rule 1 ether 1526

Thisexampleshowshowtoremovearulefrompolicyprofile5thatwillforwardUDPframes
fromsourceport45.
B5(su)->clear policy rule 5 udpsourceport 45

clear policy all-rules

Usethiscommandtoremoveallpolicyclassificationrules.

Syntax
clear policy all-rules

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoremovealladministrativeandpolicyindexrules:
B5(su)->clear policy all-rules

Enterasys B5 CLI Reference

11-13

Assigning Ports to Policy Profiles

Note: Refer to Appendix A, Policy and Authentication Capacities for information about policy
limits for this platform.

Purpose
Toassignandunassignportstopolicyprofiles.

Commands
For information about...

Refer to page...

set policy port

11-14

clear policy port

11-15

set policy port

Usethiscommandtoassignportstoapolicyprofile.

Syntax
set policy port port-string profile-index

Parameters
portstring

Specifiestheport(s)toaddtothepolicyprofile.Foradetaileddescription
ofpossibleportstringvalues,refertoPortStringSyntaxUsedintheCLI
onpage 71.

profileindex

SpecifiestheIDofthepolicyprofile(role)towhichtheport(s)willbe
added.Thisvaluemustmatchtheprofileindexvalueassignedusingthe
setpolicyprofilecommand(setpolicyprofileonpage 114)inorder
forapolicyprofiletobeactiveonthespecifiedport.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoallowGigabitEthernetports5through15inslot1totransmitframes
accordingtopolicyprofile1:
B5(su)->set policy port ge.1.5-15 1

11-14

Policy Classification Configuration

clear policy port

Usethiscommandtoremoveapolicyprofilefromoneormoreports.

Syntax
clear policy port port-string profile-index

Parameters
portstring

Specifiestheport(s)fromwhichtoremovethepolicyprofile.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.

profileindex

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoremovepolicyprofile10fromport21inslot1:
B5(rw)->clear policy port ge.1.21 10

Enterasys B5 CLI Reference

11-15

Configuring Policy Class of Service (CoS)

Note: It is recommended that you use Enterasys Networks NMS Policy Manager as an alternative
to CLI for configuring policy-based CoS on the switches.

TheEnterasysB5supportsClassofService(CoS),whichallowsyoutoassignmissioncriticaldata
toahigherprioritythroughthedevicebydelayinglesscriticaltrafficduringperiodsof
congestion.Thehigherprioritytrafficgoingthroughthedeviceisservicedfirst(beforelower
prioritytraffic).TheClassofServicecapabilityofthedeviceisimplementedbyapriority
queueingmechanism.ClassofServiceisbasedontheIEEE802.1D(802.1p)standardspecification,
andallowsyoutodefineeightpriorities(07,with7grantedhighestpriority)andupto8transmit
queues(07)foreachport.
Bydefault,policybasedCoSisdisabledonthedevice,anddefaultoruserassignedportbased
802.1D(802.1p)settingsareusedtodeterminetrafficprioritization.WhenpolicybasedCoSis
enabled,thedefaultanduserassignedpolicybasedsettingswilloverrideportbasedsettings
describedinChapter 12.
ClassofServicefunctionalitycanalsobeusedtocontrolbroadcast,unknownunicast,and/or
multicastflooding.Thisfeaturepreventsconfiguredportsfrombeingdisruptedbyatrafficstorm
byratelimitingspecifictypesofpacketsthroughthoseports.RefertoAboutCoSBasedFlood
Controlonpage 1118formoreinformation.

About Policy-Based CoS Configurations

Onceenabledusingthesetcosstatecommand,youcanaddtothepolicybasedCoSfunctionby
definingnewportgroupings,andassigninginboundratelimiters.Theprocessforuserdefined
CoSconfigurationinvolvesthefollowingstepsandassociatedcommandslistedinProcedure 111.
Anexamplefollowstheprocedure.
Procedure 11-1

User-Defined CoS Configuration

Step

Task

Command(s)

Enable CoS

set cos state enable

Create CoS IRL port groups

set cos port-config irl

Define physical rate limiters for groups

set cos port-resource irl

Create virtual reference for the IRL resource

(physical reference) for each port group

set cos reference

Add IRL reference to CoS settings table

set cos settings

Example
Thisexamplecreatesdifferentinboundratelimitersfortwoportgroupsandthenassignsthemto
trafficwithaCoSsettingof0.
1.

Configuretwoportgroups,oneforuserportsandoneforuplinkportsandassignportstothe
groups.Portgroup1.0willrepresentuserports,group2.0willrepresentuplinkports.
B5(su)->set cos port-config irl 1.0 name Users ports ge.1.1-46
B5(su)->set cos port-config irl 2.0 name Uplink ports ge.1.47-48
B5(su)->show cos port-config
Inbound Rate Limiting Port Configuration Entries

11-16

Policy Classification Configuration

Configuring Policy Class of Service (CoS)

---------------------------------------------------------------------Port Group Name :Default

Port Group
:0
Port Type
:0
Assigned Ports
:none
---------------------------------------------------------------------Port Group Name :Users
Port Group
:1
Port Type
:0
Assigned Ports
:ge.1.1-46
---------------------------------------------------------------------Port Group Name :Uplink
Port Group
:2
Port Type
:0
Assigned Ports
:ge.1.47-48
----------------------------------------------------------------------

Configurephysicalinboundratelimitersforeachportgroup.Fortheuserportgroup(1.0),
createanIRL(irlindexof1)for512kbps.Fortheuplinkportgroup(2.0),createanIRL(irl
indexof1)for10megabitspersecond(10,000kbps).
B5(su)->set cos port-resource irl 1.0 1 unit kbps rate 512
B5(su)->set cos port-resource irl 2.0 1 unit kbps rate 10000

B5(su)->show cos port-resource irl 1.0 1

Group Index Resource Type Unit
Rate
----------- -------- ---- ---- ---------1.0
1
irl kbps 512

Rate Limit Type Action

--------------- -----drop
none

B5(su)->show cos port-resource irl 2.0 1

Group Index Resource Type Unit
Rate
----------- -------- ---- ---- ---------2.0
1
irl kbps 10000

Rate Limit Type Action

--------------- -----drop
none

IntheCoSIRLreferencemappingtableforeachportgroup,createareferenceforeachIRL
resourcecreatedinthepreviousstep.Wewillusereferencenumber1.
B5(su)->set cos reference irl 1.0 1 rate-limit 1
B5(su)->set cos reference irl 2.0 1 rate-limit 1
B5(su)->show cos reference irl 1.0
Group Index
----------1.0
1.0
1.0
1.0
...
1.0
1.0
1.0

Reference
--------0
1
2
3

Type
---irl
irl
irl
irl

Rate Limiter
-----------none
1
none
none

97
98
99

irl
irl
irl

none
none
none

B5(su)->show cos reference irl 2.0

Group Index
----------2.0
2.0
2.0
2.0
...

Reference
--------0
1
2
3

Type
---irl
irl
irl
irl

Rate Limiter
-----------none
1
none
none

Enterasys B5 CLI Reference

11-17

Configuring Policy Class of Service (CoS)

2.0
2.0
2.0

97
98
99

irl
irl
irl

none
none
none

IntheCoSsettingstable,configureaCoSsettingforCoSindex1,whichhasapriorityof0.We
entertheIRLreference,createdinthepreviousstep.
B5(su)->set cos settings 0 irl-reference 1
B5(su)->show cos settings
CoS Index Priority
ToS
IRL
--------- ---------- ------- ----0
0
*
1
1
1
*
*
2
2
*
*
3
3
*
*
4
4
*
*
5
5
*
*
6
6
*
*
7
7
*
*

About CoS-Based Flood Control

CoSbasedfloodcontrolpreventsconfiguredportsfrombeingdisruptedbyatrafficstormbyrate
limitingspecifictypesofpacketsthroughthoseports.Whenfloodcontrolisenabledonaport,
incomingtrafficismonitoredoveronesecondintervals.Duringaninterval,theincomingtraffic
rateforeachconfiguredtraffictype(unicast,broadcast,multicast)iscomparedwiththe
configuredtrafficfloodcontrolrate,specifiedinpacketspersecond.
If,duringaonesecondinterval,theincomingtrafficofaconfiguredtypereachesthetrafficflood
controlrateconfiguredontheport,CoSbasedfloodcontroldropsthetrafficuntiltheinterval
ends.Packetsarethenallowedtoflowagainuntilthelimitisagainreached.
ThefollowingproceduredescribesthestepsandcommandsrequiredtoconfigureCoSbased
floodcontrol.
Procedure 11-2
Step

Task

Command(s)

Enable CoS.

set cos state enable

Create a CoS flood control port resource, which

specifies flood control rate limiters that can be
mapped to specific ports.

set cos port-resource flood-ctrl

Assign the flood control resource to specific

ports.

set cos port-config flood-ctrl

Example
Thisexamplecreatesabroadcastratelimiter(index1.0)of5packetspersecondandassignsitto
portsge.1.2andge.2.2.
B5(su)->set cos state enable
B5(su)->set cos port-resource flood-ctrl 1.0 broadcast rate 5
B5(su)->set cos port-config flood-ctrl 1.0 ports ge.1.2;ge.2.2 append

11-18

Policy Classification Configuration

set cos state

Commands
For information about...

Refer to page...

set cos state

11-19

show cos state

11-20

clear cos state

11-20

set cos settings

11-21

clear cos settings

11-22

show cos settings

11-22

set cos port-config

11-23

show cos port-config

11-24

clear cos port-config

11-25

set cos port-resource irl

11-26

set cos port-resource flood-ctrl

11-27

show cos port-resource

11-28

clear cos port-resource irl

11-29

clear cos port-resource flood-ctrl

11-30

set cos reference

11-30

show cos reference

11-31

clear cos reference

11-32

show cos unit

11-33

clear cos all-entries

11-33

show cos port-type

11-34

set cos state

UsethiscommandtoenableordisableClassofService.

Syntax
set cos state {enable | disable}

Parameters
enable|disable

EnablesordisablesClassofServiceontheswitch.Defaultstateis
disabled.

Defaults
None.

Mode
Switchcommand,readwrite.

Enterasys B5 CLI Reference

11-19

show cos state

Example
ThisexampleshowshowtoenableClassofService:
B5(rw)->set cos state enable

show cos state

UsethiscommandtodisplaytheClassofServiceenablestate.

Syntax
show cos state

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtoshowtheClassofServiceenablestate:
B5(rw)->show cos state
Class-of-Service application is enabled

clear cos state

UsethiscommandtosetCoSstatebacktoitsdefaultsettingofdisabled.

Syntax
clear cos state

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtocleartheCoSstatebacktoitsdefaultsettingofdisabled:
B5(su)->clear cos state

11-20

Policy Classification Configuration

set cos settings

UsethiscommandtoconfigureaClassofServiceentryintheCoSsettingstable.

Syntax
set cos settings cos-index priority priority [tos-value tos-value] [irl-reference
irl-reference]

Parameters
cosindex

SpecifiesaClassofServiceentry.Validvaluesare0to255.

prioritypriority

Specifiesan802.1dpriorityvalue.Validvaluesare0to7,with0beingthe
lowestpriority.SeeUsagesectionbelowformoreinformation.

tosvaluetosvalue

(Optional)SpecifiesaTypeofServicevalue.Validvaluesare0to255.See
Usagesectionbelowformoreinformation.

irlreference
irlreference

(Optional)Settheinboundratelimiterassociatedwiththisentry.Valid
valuesare0to99.SeeUsagesectionbelowformoreinformation.

Defaults
Ifnooptionalparametersarespecified,nonewillbeapplied.

Mode
Switchcommand,readwrite.

Usage
TheCoSsettingstabletakesindividualclassofservicefeaturesanddisplaysthemasbelongingto
aCoSentry.Essentially,itisusedforCoSfeatureassignment.Eachclassofserviceentryconsists
ofanindex,802.1ppriority,anoptionalToSvalue,andanIRLreference.

CoSIndex
IndexesareuniqueidentifiersforeachCoSsetting.CoSindexes0through7arecreatedby
defaultandmappeddirectlyto802.1ppriorityforbackwardscompatibility.Theseentries
cannotberemoved,and802.1ppriorityvaluescannotbechanged.WhenCoSisenabled,
indexesareassigned.Upto256CoSindexesorentriescanbeconfigured.

Priority
802.1pprioritycanbeappliedperCoSindex.ForeachnewCoSindexcreated,theuserhasthe
optiontoassignan802.1ppriorityvalue0to7fortheclassofservice.CoSindexes0through7
mapdirectlyto802.1pprioritiesandcannotbechangedastheyexistforbackward
compatibility.

ToS
Thisvaluecanbesetperclassofservice,butisnotrequired.Whenaframeisassignedtoa
classofserviceforwhichthisvalueisconfigured,theToSfieldoftheincomingIPpacketwill
beoverwrittentotheuserdefinedvalue.AllbutthelasttwobitsoftheToSfieldare
rewritable.ToScanbesetforCoSindexes0through7.

IRLReference
TheCoSIRLreferencefieldisoptional,asratelimitsarenotrequired.TheIRLreferencedoes
notassignaninboundratelimitbutpointstotheCoSIRLReferenceMappingTable.This
referencemaybethoughtofasthevirtualratelimiterthatwillassignthephysicalratelimiter
definedbytheIRLReferenceMappingTable.
Enterasys B5 CLI Reference

11-21

clear cos settings

Example
ThisexampleshowshowtocreateCoSentry8withapriorityvalueof3:
B5(rw)->set cos settings 8 priority 3

clear cos settings

UsethiscommandtoclearClassofServiceentrysettings.

Syntax
clear cos settings cos-list {[all] | [priority] [tos-value] [irl-reference]}

Parameters
coslist

SpecifiesaClassofServiceentrytoclear.

all

Clearsallsettingsassociatedwiththisentry.

priority

Clearsthepriorityvalueassociatedwiththisentry.

tosvalue

ClearstheTypeofServicevalueassociatedwiththisentry.

irlreference

CleartheIRLreferenceassociatedwiththisentry.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoclearthepriorityforCoSentry8:
B5(rw)->clear cos settings 8 priority

show cos settings

UsethiscommandtodisplayClassofServiceparameters.

Syntax
show cos settings [cos-list]

Parameters
coslist

(Optional)SpecifiesaClassofServiceentrytodisplay.

Defaults
Ifnotspecified,allCoSentrieswillbedisplayed.

Mode
Switchcommand,readonly.

11-22

Policy Classification Configuration

set cos port-config

Example
ThisexampleshowshowtoshowallCoSsettings:
B5(su)->show cos settings
CoS Index Priority
ToS
IRL
--------- ---------- ------- ------0
0
48
*
1
1
*
*
2
2
*
*
3
3
*
*
4
4
*
*
5
5
*
*
6
6
*
*
7
7
*
*

flood-ctrl
---------enabled
enabled
enabled
enabled
enabled
enabled
enabled
enabled

set cos port-config

Usethiscommandtocreateaportgroupforinboundratelimitingorfloodcontrolandaddor
removeportsfromthegroup.

Syntax
set cos port-config {irl|flood-ctrl} group-type-index [name name] [ports portlist] [append] | [clear]

Parameters
irl

Specifiesthatthisisaninboundratelimiting(IRL)portgroup.

floodctrl

Specifiesthatthisisafloodcontrolportgroup.

grouptypeindex

Specifiesaninboundratelimitingportgroup/typeindex.Validentriesare
intheformofgroup#.porttype.
Validvaluesforgroup#canrangefrom0to7.Validvaluesforporttype
canrangefrom0to1,althoughonlyporttype0iscurrentlysupported.
Forexample,portgroup3wouldbespecifiedas3.0.

namename

(Optional)Userdefinednameforthegroup.

portsportlist

(Optional)Portsassignedtothegroup.Allportsmustbeofthesameport
type(FastEthernet,GigabitEthernet).

append

(Optional)Append(add)theportstotheportsthatarealreadyinthe
group.

clear

(Optional)Clearthegivenportsfromthoseassignedtothegroup.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
CoSportgroupsareidentifiedbygroupnumberandthetypeofportsinthegroup,intheformof
group#.porttype.Theportgroup0.0existsbydefault.Thisdefaultportgroupcannotberemoved
andallphysicalportsinthesystemareassignedtoit.Uptosevenadditionalportgroups(1

Enterasys B5 CLI Reference

11-23

show cos port-config

through7)canbeconfigured.Currently,onlyoneporttype(type0)issupported.Thisporttype
supports100limiters.
Additionalportgroupsmaybecreatedforflexibility.Portsassignedtoanewportgroupmustbe
mutuallyexclusivefromtheotherportgroupentriesportsareautomaticallyremovedfromthe
defaultportgroupandmustbecomprisedofthesameporttypeasdefinedbytheportgroup.
Thecreationofadditionalportgroupscouldbeusedtocombinesimilarportsbytheirfunctionfor
flexibility.Forinstance,portsassociatedtouserscanbeaddedtoaportgroupcalledUsersand
portsassociatedtouplinkportscanbeaddedtoaportgroupcalledUplink.Usingtheseport
groups,asingleclassofservicecanassigndifferentratelimitstoeachportgroup.Userports
canbeassignedoneratelimit,whileUplinkportscanbeassignedanother.
Thecommandshowcosportconfigdisplayseachportgroupconfiguredbygroupandtype,with
thegroupnameandassociated(assigned)ports.Thecommandshowcosporttypedisplaysthe
availableinboundratelimitingresourcesfortheporttype.

Example
Thisexampleconfigurestwoportgroups,oneforuserportsandoneforuplinkportsandassign
portstothegroups.Portgroup1.0willrepresentuserports,group2.0willrepresentuplinkports.
B5(su)->set cos port-config irl 1.0 name Users ports ge.1.1-46
B5(su)->set cos port-config irl 2.0 name Uplink ports ge.1.47-48

show cos port-config

UsethiscommandtoshowCoSportgroupsandtheassignedports.

Syntax
show cos port-config [irl|flood-ctrl [group-type-index]]

Parameters
irl

(Optional)Specifiesthatinboundratelimitingconfigurationinformation
shouldbedisplayed.

floodctrl

(Optional)Specifiesthatfloodcontrolrateconfigurationinformation
shouldbedisplayed.

grouptypeindex

(Optional)Showassignedportsforaspecificportgroup.Validentriesare
intheformofgroup#.porttype.
Validvaluesforgroup#canrangefrom0to7.Validvaluesforporttype
canrangefrom0to1,althoughonlyporttype0iscurrentlysupported.
Forexample,portgroup3wouldbespecifiedas3.0.

Defaults
Theshowcosportconfig commandbyitselfwillshowallPortGroups.

Mode
Switchcommand,readonly.

11-24

Policy Classification Configuration

clear cos port-config

Example
Thisexampleshowsallinboundratelimitingportgroups.Notethatportsge.1.1throughge.1.48
wereremovedfromthedefaultportgroup0.0whentheywereaddedtoportgroups1.0and2.0.
B5(su)->show cos port-config irl
Inbound Rate Limiting Port Configuration Entries
---------------------------------------------------------------------Port Group Name :Default
Port Group
:0
Port Type
:0
Assigned Ports
:none
---------------------------------------------------------------------Port Group Name :Users
Port Group
:1
Port Type
:0
Assigned Ports
:ge.1.1-46
---------------------------------------------------------------------Port Group Name :Uplink
Port Group
:2
Port Type
:0
Assigned Ports
:ge.1.47-48
----------------------------------------------------------------------

clear cos port-config

UsethiscommandtoclearCoSportgroupsorassignedports.

Syntax
clear cos port-config {irl|flood-ctrl} {all | group-type-index [entry] | [name]
[ports]}

Parameters
irl

ClearanIRLportgroupconfiguration.

floodctrl

Clearafloodcontrolportgroupconfiguration.

all

Clearallinboundratelimitingportconfignondefaultentries.

grouptypeindex

Deleteaspecificportgrouporgroupname,orcleartheportsfromthat
group.Validentriesareintheformofgroup#.porttype.
Validvaluesforgroup#canrangefrom0to7.Validvaluesforporttype
canrangefrom0to1,althoughonlyporttype0iscurrentlysupported.
Forexample,portgroup3wouldbespecifiedas3.0.

entry

Deletethisnondefaultinboundratelimiterentry.

name

Cleartheadministrativelyassignedtextualdescriptionofthisportgroup
entrytoitsdefault.

ports

Cleartheportsassignedtothisgrouptoitsdefault.

Defaults
None.

Enterasys B5 CLI Reference

11-25

set cos port-resource irl

Mode
Switchcommand,readwrite.

Usage
Thedefaultportgroup0.0cannotbedeleted.

Example
ThisexampledeletesallIRLPortGroupsexceptfortheDefaultgroup0.0:
B5(su)->clear cos port-config irl all

set cos port-resource irl

UsethiscommandtosettheinboundratelimitparametersforaspecificIRLresourceforaspecific
portgroup.

Syntax
set cos port-resource irl group-type-index irl-index {[unit {kbps}] [rate rate]
[type {drop}]}[syslog enable | disable] [trap enable|disable]

Parameters
grouptypeindex

irlindex

Indexnumberoftheinboundratelimiterresourceassociatedwiththis
entry.Validvaluesrangefrom0to99.

unit

Unitofmeasurefortheinboundratelimiter(onlyoptionisKbps).

kbps

Kilobitspersecond.

raterate

Datarateforthisinboundratelimiter.Thisistheactualratelimit.Valid
valuesrangefrom512to1,000,000KbpsforaGigabitport.

typedrop

Actionfortheratelimiter.Theonlyactionoptionisdroptheframeifall
limitersareexceeded.

syslog
enable|disable

Enableordisablereportingasyslogentryiflimitersareexceeded.

trapenable|disable Enableordisablesendingatrapiflimitersareexceeded.

Defaults
None.

Mode
Switchcommand,readwrite.

11-26

Policy Classification Configuration

set cos port-resource flood-ctrl

Usage
CoSportresourcesarewhereactualphysicalratelimitersareconfigured.Resourcesmapdirectly
tothenumberofratelimiterssupportedbytheporttype.(Porttype0supports100IRLresources.)
Resourcesexistforeachportgroupandareindexedasgroup#.porttype.irlindex.Portresources
arenotinitiallyconfiguredasratelimiting.
Inboundratelimiting,orratepolicing,simplydropsorclipstrafficinboundifaconfiguredrateis
exceeded.CoSinboundratelimitingallowstheusertoconfigureratelimitsbasedonkilobitsper
second.
Theshowcosportresourcecommanddisplaystheresourcesavailableforeachportgroup.By
default,noIRLresourcesareconfigured.ThedefaultRateLimitingalgorithmisdropandcannot
beconfiguredotherwise.

Example
Thisexamplesetstheinboundratelimitresourceindexnumber1forportgroup2.0to10000Kbps
or1MB:
B5(su)->set cos port-resource irl 2.0 1 unit kbps rate 10000 type drop

set cos port-resource flood-ctrl

UsethiscommandtocreateaCoSbasedfloodcontrolportresource.Thisresourcespecifiesflood
controlratelimitersthatcanbemappedtospecificports.

Syntax
set cos port-resource flood-ctrl group-type-index {unicast | multicast | broadcast
| all} rate rate

Parameters
grouptypeindex

Specifiesaportgroup/typeindex.Validentriesareintheformof
group#.porttype.
Validvaluesforgroup#canrangefrom0to7.Validvaluesforporttype
canrangefrom0to1,althoughonlyporttype0iscurrentlysupported.
Forexample,portgroup3wouldbespecifiedas3.0.

unicast

Specifiesratelimitingwillbeappliedtounknownunicasttraffic.

multicast

Specifiesratelimitingwillbeappliedtomulticasttraffic.

broadcast

Specifiesratelimitingwillbeappliedtobroadcasttraffic.

all

Specifiesratelimitingwillbeappliedtounknownunicast,multicast,
andbroadcasttraffic.

raterate

Specifiesaratelimitinpacketspersecond.

Defaults
None.

Mode
Switchcommand,readwrite.

Enterasys B5 CLI Reference

11-27

show cos port-resource

Usage
CoSportresourcesarewhereactualphysicalratelimitersareconfigured.Thiscommandcanbe
usedtocreateuptothreedifferentfloodcontrollimitresourcesfortheporttypeindexof0.The
resourcesareassignedtospecificportswiththesetcosportconfigcommand.

Example
Thisexamplecreatesaportresourcebroadcastratelimiterof5packetspersecondfortheport
grouptypeindexof1.0(group#1ofporttypeindex0).
B5(su)->set cos port-resource flood-ctrl 1.0 broadcast rate 5

show cos port-resource

Usethiscommandtodisplaytheconfiguredportresources.

Syntax
show cos port-resource [irl [group-type-index [irl-index]]] | [flood-ctrl [grouptype-index]]

Parameters
irl

(Optional)Specifiesthatinboundratelimitingportresourcesshouldbe
displayed.

floodctrl

(Optional)Specifiesthatfloodcontrolportresourcesshouldbedisplayed.

grouptypeindex

(Optional)Specifiesaportgroup/typeindex.Validentriesareintheform
ofgroup#.porttype.
Validvaluesforgroup#canrangefrom0to7.Validvaluesforporttype
canrangefrom0to1,althoughonlyporttype0iscurrentlysupported.
Forexample,portgroup3wouldbespecifiedas3.0.

irlindex

(Optional)Inboundratelimiterresourceindexconfiguredforthe
specifiedportgroup.Validvaluesrangefrom0to99.

Defaults
Ifirlorfloodctrlarenotspecified,allportresourcesareshown.
IfaportgroupandIRLindexarenotspecified,theIRLconfigurationforallresources(099)forall
configuredportgroupswillbeshown.
Ifaportgroupisnotspecifiedwiththefloodctrlparameter,floodcontrolresourcesforall
configuredportgroupswillbeshown.
Mode
Switchcommand,readonly.

Examples
ThisexampledisplaystheIRLresourceindexnumber1configurationforgroup2.0.
B5(su)->show cos port-resource irl 2.0 1
'?' after the rate value indicates an invalid rate value
Group Index Resource Type Unit

11-28

Policy Classification Configuration

Rate

Rate Limit Type Action

clear cos port-resource irl

----------- -------- ---- ---- ---------2.0

1
irl kbps 10000

--------------- -----drop
none

Thisexampledisplaysthefloodcontrolresourcesconfiguredforgroup1.0.
B5(su)->show cos port-resource flood-ctrl 1.0
'?' after the rate value indicates an invalid rate value
Group
Index
--------1.0
1.0
1.0

Resource

Type

----------ucast
mcast
bcast

---------flood-ctrl
flood-ctrl
flood-ctrl

Unit
---pps
pps
pps

Rate

Rate Limit
type
---------- --------------20
drop
10
drop
5
drop

Action
-----none
none
none

clear cos port-resource irl

Usethiscommandtoclearinboundratelimitresourcestodefaultvalues.

Syntax
clear cos port-resource irl {all | group-type-index [irl-index [unit] [rate]
[type]]}

Parameters
all

ClearallIRLresourcesforallportgroups.

grouptypeindex

irlindex

(Optional)Inboundratelimiterresourceindexassociatedwiththe
specifiedportgroup.Validvaluesrangefrom0to99.

unit

Cleartheunitofmeasurefortheinboundratelimiter.

rate

Clearthedatarateforthisinboundratelimiter.

type

Cleartheactionfortheratelimiter.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleclearsthedatarateto0forIRLresourceindex1forgroup2.0.
B5(su)->clear cos port-resource irl 2.0 1 rate

Enterasys B5 CLI Reference

11-29

clear cos port-resource flood-ctrl

Usethiscommandtoclearfloodcontrolportresourcestodefaultvalues.

Syntax
clear cos port-resource flood-ctrl {all | group-type-index {unicast | multicast |
broadcast | all [rate]}}

Parameters
all

Clearallfloodcontrolresourcesforallportgroups.

grouptypeindex

unicast

Clearunicastportresourcesforthespecifiedportgroup.

multicast

Clearmulticastportresourcesforthespecifiedportgroup.

broadcast

Clearbroadcastportresourcesforthespecifiedportgroup.

all

Clearallfloodcontrolportresourcesforthespecifiedportgroup.

rate

(Optional)Clearthedataratelimiterofthespecifiedtypeofport
resourcetothedefault(noneordisabled).

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleclearstheunicastportresourceforportgroup1.0todefaultvalues.
B5(su)->clear cos port-resource flood-ctrl 1.0 unicast

set cos reference

UsethiscommandtosettheClassofServiceinboundratelimitingreferenceconfiguration.

Syntax
set cos reference irl group-type-index reference rate-limit irl-index

Parameters
irl

SpecifiesthatanIRLreferenceisbeingconfigured.

grouptypeindex

11-30

Policy Classification Configuration

show cos reference

reference

IRLreferencenumberassociatedwiththisentry.

ratelimitirlindex

Ratelimiter(IRLresourceindex)tobindthisreferenceto.Validvalues
rangefrom0to99.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
TheCoSreferencetablemapstheuserdefinedIRLreferencesfoundintheCoSsettingstable(see
setcossettingsonpage 1121)toratelimiterscreatedintheportresourcetable(seesetcos
portresourceirlonpage 1126).TheCoSreferencetableindexescanbethoughtofasvirtualrate
limiters.Thetableaccountsforthemaximumnumberofratelimiterssupportedbythedevice.
Thevirtuallimitersthenmaptothephysicalratelimiters.TheCoSIRLReferenceTableisnot
configuredbydefault.
TheCoSIRLreferencetableuses100indexesorvirtualratelimiters,andmapseachvirtuallimiter
toaphysicallimiterorresource.AnIRLreferencetableexistsforeachportgroupconfigured,and
isindexedsimilarlytoportresources,asportgroup#,porttype,reference.IRLreferencesarenot
populatedwithlimiters(resources),butcanbeconfiguredbytheuser.TheIRLreferencetablecan
bedisplayedusingtheshowcosreferencecommand.

Example
IntheCoSIRLreferencemappingtableforportgroups1.0and2.0,createareferencefortheIRL
resourcenumber1createdforeachgroup.Thereferencenumber1isused.
B5(su)->set cos reference irl 1.0 1 rate-limit 1
B5(su)->set cos reference irl 2.0 1 rate-limit 1

show cos reference

UsethiscommandtoshowtheClassofServiceinboundratelimitingreferenceconfiguration.

Syntax
show cos reference [irl [group-type-index]]

Parameters
irl

(Optional)Specifiesthatinboundratelimitingreferenceinformation
shouldbedisplayed.

grouptypeindex

(Optional)Specifiesaninboundratelimitingportgroup/typeindex.Valid
entriesareintheformofgroup#.porttype.
Validvaluesforgroup#canrangefrom0to7.Validvaluesforporttype
canrangefrom0to1,althoughonlyporttype0iscurrentlysupported.
Forexample,portgroup3wouldbespecifiedas3.0.

Defaults
Ifirlisnotspecified,allCoSreferenceinformationisdisplayed.

Enterasys B5 CLI Reference

11-31

clear cos reference

Ifaspecificportgroupisnotspecified,informationforallportgroupsisdisplayed.

Mode
Switchcommand,readonly.

Example
ThisexampleshowstheClassofServiceIRLreferencesforportgroup1.0.Notethatnotallofthe
100possiblereferencesaredisplayedinthisoutputexample.
B5(su)->show cos reference irl 1.0
Group Index
----------1.0
1.0
1.0
1.0
...
1.0
1.0
1.0

Reference
--------0
1
2
3

Type
---irl
irl
irl
irl

Rate Limiter
-----------none
1
none
none

97
98
99

irl
irl
irl

none
none
none

clear cos reference

UsethiscommandtocleartheClassofServiceinboundratelimitingreferenceconfiguration.

Syntax
clear cos reference irl {all | group-type-index reference}

Parameters
irl

SpecifiesthatIRLreferencesarebeingcleared.

all

Clearallgroupsindexesandreferences.

grouptypeindex

reference

Clearaspecificreferenceforthespecifiedportgroup.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtocleartheCoSinboundratelimitingreferenceconfigurationforall
groups:
B5(su)->clear cos reference irl all

11-32

Policy Classification Configuration

show cos unit

UsethiscommandtoshowpossibleCoSunitentries.

Syntax
show cos unit [irl [port-type index] [kbps]] [flood-ctrl [port-type index] [pps]]

Parameters
irl

(Optional)DisplayonlyIRLunitinformation.

porttypeindex

(Optional)Displayinformationaboutthespecifiedporttype.(Only
porttypeindex0issupported.)

kbps

(Optional)Displaykbpsinformation.

floodctrl

(Optional)Displayonlyfloodcontrolunitinformation.

pps

(Optional)Displayppsinformation.

Defaults
Ifnoparametersareentered,allCosunitinformationisdisplayed.

Mode
Switchcommand,readonly.

Examples
Thisexampleshowspossibleunitentriesforinboundratelimiting:
B5(su)->show cos unit irl
Type:
irl = inbound rate limiting
Port Type
--------0

Type
---irl

Unit
---Kbps

Unit:
Kbps = Kilobits per second

Maximum Rate
-----------1000000

Minimum Rate
-----------64

Granularity
----------1

Thisexamplesshowsfloodcontrolunitinformation.
B5(su)->show cos unit flood-ctrl
Type:
flood-ctrl = flood control type
Port Type
----------0

Type
----------flood-ctrl

Unit
---pps

Unit:
pps = packets per second
Maximum Rate
-----------148810

Minimum Rate
-----------0

Granularity
----------1

clear cos all-entries

UsethiscommandtoclearallClassofServiceentriesexceptentries07.

Syntax
clear cos all-entries

Enterasys B5 CLI Reference

11-33

show cos port-type

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtocleartheCoSconfigurationforallentriesexceptentries07:
B5(su)->clear cos all-entries

show cos port-type

UsethiscommandtodisplayClassofServiceporttypeconfigurations.

Syntax
show cos port-type [irl [port-type]] [flood-ctrl [port-type]]

Parameters
irl

(Optional)Displaysinboundratelimitinginformation.

floodctrl

(Optional)Displaysfloodcontrolinformation.

porttype

(Optional)Displaysinformationforaspecificporttype.(Onlyporttype
0issupported.)

Defaults
Ifnoparametersarespecified,inboundratelimitingandfloodcontrolinformationforallport
typesisdisplayed.

Mode
Switchcommand,readonly.

Usage
TheB5implementationprovidesonedefaultporttype(0)fordesignatingavailableinboundrate
limitingorfloodcontrolresources.Porttype0includesallports.
Theporttype0IRLdescriptionisB5100IRL,whichindicatesthatthisporttypeprovidesa
maximumof100inboundratelimitingresourcesperportgroup.Theporttype0floodcontrol
descriptionisB53floodctrlwhichindicatesthatthisporttypeprovidesamaximumof3flood
controlresourcesperportgroup.

Examples
Thisexampleshowsinboundratelimitinginformationforporttype0.
B5(su)->show cos port-type irl 0

11-34

Policy Classification Configuration

show cos port-type

Number of resources:
irl = inbound rate limiter(s)

Index
----0

Port type
description
-----------B5 100 IRL

Number of
limiters
--------100

Supported rate types:

Kbps = kilobits per second
Supported
rate type
--------kbps

Eligible
ports
----------------ge.1.1-48

Unselected
ports
----------------ge.1.1-4

Thisexampleshowsfloodcontrolinformationforporttype0.
B5(su)->show cos port-type flood-ctrl 0
Number of resources:
flood-ctrl = flood control type

Index
----0

Port type
Number of
description
limiters
-------------------B5 3 flood-ctrl
3

Supported rate types:

Pps = Packets per second
Supported
rate type
--------pps

Eligible
ports
---------------ge.1.1-24

Unselected
ports
-----------ge.1.1-24

Enterasys B5 CLI Reference

11-35

show cos port-type

11-36

Policy Classification Configuration

12
Port Priority Configuration
ThischapterdescribesthePortPrioritysetofcommandsandhowtousethem.Refertothe
ConfiguringQoSFeatureGuidefordetailedinformationaboutconfiguringqualityofserviceon
theEnterasysB5.TheEnterasys NetworksfirmwareFeatureGuidesareavailableat:
https://extranet.enterasys.com/downloads/
For information about...

Refer to page...

Port Priority Configuration Summary

12-1

Configuring Port Priority

12-2

Configuring Priority to Transmit Queue Mapping

12-4

Configuring Quality of Service (QoS)

12-7

Port Priority Configuration Summary

TheEnterasysB5devicesupportsClassofService(CoS),whichallowsyoutoassignmission
criticaldatatohigherprioritythroughthedevicebydelayinglesscriticaltrafficduringperiodsof
congestion.Thehigherprioritytrafficthroughthedeviceisservicedfirstbeforelowerpriority
traffic.TheClassofServicecapabilityofthedeviceisimplementedbyapriorityqueueing
mechanism.ClassofServiceisbasedontheIEEE802.1D(802.1p)standardspecification,and
allowsyoutodefineeightpriorities(0 through 7)andassignthemtotransmitqueuesforeach
port.
Apriority0 through 7canbesetoneachport,with0beingthelowestpriority.Aportreceivinga
framewithoutpriorityinformationinitstagheaderisassignedapriorityaccordingtothedefault
prioritysettingontheport.Forexample,ifthepriorityofaportissetto4,theframesreceived
throughthatportwithoutapriorityindicatedintheirtagheaderareclassifiedasapriority4and
transmittedaccordingtothatpriority.
Note: When CoS override is enabled using the set policy profile command as described in set
policy profile on page 11-4, CoS-based classification rules will take precedence over priority
settings configured with the set port priority command described in this section.

Enterasys B5 CLI Reference

12-1

Configuring Port Priority

Purpose
Tovieworconfigureportprioritycharacteristicsasfollows:

DisplayorchangetheportdefaultClassofService(CoS)transmitpriority(0through7)of
eachportforframesthatarereceived(ingress)withoutpriorityinformationintheirtag
header.

Displaythecurrenttrafficclassmappingtopriorityofeachport.

Seteachporttotransmitframesaccordingto802.1D(802.1p)prioritysetintheframeheader.

Commands
For information about...

Refer to page...

show port priority

12-4

set port priority

12-3

clear port priority

12-3

show port priority

Usethiscommandtodisplaythe802.1Dpriorityforoneormoreports.

Syntax
show port priority [port-string]

Parameters
portstring

(Optional)Displayspriorityinformationforaspecificport.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 71.

Defaults
Ifportstringisnotspecified,priorityforallportswillbedisplayed.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaytheportpriorityforthege.2.1through5.
B5(su)->show
ge.2.1 is set
ge.2.2 is set
ge.2.3 is set
ge.2.4 is set
ge.2.5 is set

12-2

Port Priority Configuration

port priority ge.2.1-5

to 0
to 0
to 0
to 0
to 0

set port priority

Usethiscommandtosetthe802.1D(802.1p)ClassofServicetransmitpriority(0 through 7)on
eachport.Aportreceivingaframewithoutpriorityinformationinitstagheaderisassigneda
priorityaccordingtotheprioritysettingontheport.Forexample,ifthepriorityofaportissetto
5,theframesreceivedthroughthatportwithoutapriorityindicatedintheirtagheaderare
classifiedasapriority5.
Aframewithpriorityinformationinitstagheaderistransmittedaccordingtothatpriority.

Syntax
set port priority port-string priority

Parameters
portstring

Specifiestheportforwhichtosetpriority.Foradetaileddescriptionof
possibleportstringvalues,refertoPortStringSyntaxUsedintheCLIon
page 71.

priority

Specifiesavalueof0to7tosettheCoSpriorityfortheportenteredinthe
portstring.Priorityvalueof0isthelowestpriority.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
Thesetportprioritycommandwillnotchangethe802.1pprioritytagontaggedtrafficwitha
defaultprioritytag.Thecommandonlyhasaneffectonhowuntaggedtrafficwillbeprioritized
asitpassesinternallythroughthedevice.

Example
Thisexampleshowshowtosetadefaultpriorityof6onge.1.3.Framesreceivedbythisport
withoutpriorityinformationintheirframeheaderaresettothedefaultsettingof6:
B5(su)->set port priority ge.1.3 6

clear port priority

UsethiscommandtoresetthecurrentCoSportprioritysettingto0.Thiswillcauseallframes
receivedwithoutapriorityvalueinitsheadertobesettopriority0.

Syntax
clear port priority port-string

Parameters
portstring

Specifiestheportforwhichtoclearpriority.Foradetaileddescriptionof
possibleportstringvalues,refertoPortStringSyntaxUsedintheCLIon
page 71.

Enterasys B5 CLI Reference

12-3

Configuring Priority to Transmit Queue Mapping

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoresetge.1.11tothedefaultpriority:
B5(rw)->clear port priority ge.1.11

Configuring Priority to Transmit Queue Mapping

Purpose
Toperformthefollowing:

Viewthecurrentprioritytotransmitqueuemappingofeachphysicalport.

Configureeachporttoeithertransmitframesaccordingtotheportpriority,setusingtheset
portprioritycommanddescribedinsetportpriorityonpage 123,oraccordingtoapriority
basedonapercentageofporttransmissioncapacity,assignedtotransmitqueuesusingtheset
porttxqcommanddescribedinsetporttxqonpage 128.

Clearcurrentportpriorityqueuesettingsforoneormoreports.

Commands
For information about...

Refer to page...

show port priority-queue

12-4

set port priority-queue

12-5

clear port priority-queue

12-6

show port priority-queue

Usethiscommandtodisplaytheportprioritylevels(0through7,with0asthelowestlevel)
associatedwiththecurrenttransmitqueues(0beingthelowestpriority)foreachselectedport.A
framewithacertainportpriorityistransmittedaccordingtothesettingsenteredusingtheset
portpriorityqueuecommanddescribedinsetportpriorityqueueonpage 125.

Syntax
show port priority-queue [port-string]

Parameters
portstring

12-4

Port Priority Configuration

(Optional)Displaysthemappingofprioritiestotransmitqueuesforone
ormoreports.

set port priority-queue

Defaults
Ifportstringisnotspecified,priorityqueueinformationforallportswillbedisplayed.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaypriorityqueueinformationforge.1.1.Inthiscase,frameswith
apriorityof0areassociatedwithtransmitqueue1;frameswith1or2priority,areassociatedwith
transmitqueue0;andsoforth:
B5(su)->show
Port
P0
--------- -ge.1.1
1

port priority-queue ge.1.1

P1 P2 P3 P4 P5 P6 P7
-- -- -- -- -- -- -0 0 2 3 4 5 5

set port priority-queue

Usethiscommandtomap802.1D(802.1p)prioritiestotransmitqueues.

Syntax
set port priority-queue port-string priority queue

Parameters
portstring

Specifiestheport(s)forwhichtosetprioritytoqueuemappings.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.

priority

Specifiesavalueof0through7(0isthelowestlevel)thatdetermines
whatpriorityframeswillbetransmittedonthetransmitqueueenteredin
thiscommand.

queue

Specifiesavalueof0through5(0isthelowestlevel)thatdeterminesthe
queueonwhichtotransmittheframeswiththeportpriorityenteredin
thiscommand.
Note: Although there are 8 queues, only queues 0 through 5 may be configured.
Queues 6 and 7 are reserved for management traffic.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
Thiscommandenablesyoutochangethetransmitqueue(0to5,with0beingthelowestpriority
queue)foreachportpriorityoftheselectedport.Youcanapplythenewsettingstooneormore
ports.

Enterasys B5 CLI Reference

12-5

clear port priority-queue

Example
Thisexampleshowshowtosetpriority5framesreceivedonge.2.12totransmitonqueue0.
B5(su)->set port priority-queue ge.2.12 5 0

clear port priority-queue

Usethiscommandtoresetportpriorityqueuesettingsbacktodefaultsforoneormoreports.

Syntax
clear port priority-queue port-string

Parameters
portstring

Specifiestheportforwhichtoclearprioritytoqueuemappings.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoclearthepriorityqueuesettingsonge.2.12:
B5(su)->clear port priority-queue ge.2.12

12-6

Port Priority Configuration

Configuring Quality of Service (QoS)

RefertotheConfiguringQoSFeatureGuidefordetailedinformationaboutconfiguringquality
ofserviceontheEnterasysB5.TheEnterasys NetworksfirmwareFeatureGuidesareavailableat:
https://extranet.enterasys.com/downloads/

Purpose
Eighttransmitqueuesareimplementedintheswitchhardwareforeachport.Thecommandsin
thissectionallowyoutosettheprioritymodeandweightforeachoftheavailablequeues(0
through7)foreachphysicalportontheswitch.Prioritymodeandweightcannotbeconfiguredon
LAGs,onlyonthephysicalportsthatmakeuptheLAG.

Commands
For information about...

Refer to page...

show port txq

12-7

set port txq

12-8

clear port txq

12-8

show port txq

UsethiscommandtodisplayQoStransmitqueueinformationforoneormorephysicalports.

Syntax
show port txq [port-string]

Parameters
portstring

(Optional)Specifiesport(s)forwhichtodisplayQoSsettings.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.
Onlyphysicalportswillbedisplayed.LAGportshavenotransmitqueue
information.

Defaults
Iftheportstringisnotspecified,theQoSsettingofallphysicalportswillbedisplayed.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaythecurrentalgorithmandtransmitqueueweightsconfigured
onportge.1.10:
B5(su)->show port txq ge.1.10
Port
Alg Q0 Q1 Q2 Q3 Q4 Q5 Q6 Q7
------- --- --- --- --- --- --- --- ---

Enterasys B5 CLI Reference

12-7

set port txq

ge.1.10 WRR 10

set port txq

UsethiscommandtosetQoStransmitqueuearbitrationvaluesforphysicalports.

Syntax
set port txq port-string value0 value1 value2 value3 value4 value5 value6 value7

Parameters
portstring

Specifiesport(s)onwhichtosetqueuearbitrationvalues.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 71.
Onlyphysicalportscanbeconfiguredwiththiscommand.LAGports
cannotbeconfigured.

value0value7

Specifiespercentagetoallocatetoaspecifictransmitqueue.Thevalues
musttotal100percent.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
Queuescanbesetforstrictpriority(SP)orweightedroundrobin(WRR).IfsetforWRRmode,
weightsmaybeassignedtothosequeueswiththiscommand.Weightsarespecifiedintherangeof
0to100percent.Weightsspecifiedforqueues0through7onanyportmusttotal100percent.

Examples
Thisexampleshowshowtochangethearbitrationvaluesfortheeighttransmitqueuesbelonging
toge.1.1:
B5(su)->set port txq ge.1.1 10 10 10 10 10 10 10 30

Thisexampleshowshowtochangethealgorithmtostrictpriorityfortheeighttransmitqueues
belongingtoge.1.1:
B5(su)->set port txq ge.1.1 0 0 0 0 0 O O 100
B5(su)->show port txq ge.1.1
Port
Alg Q0 Q1 Q2 Q3 Q4 Q5 Q6 Q7
------- --- --- --- --- --- --- --- ---

ge.1.1

STR SP

clear port txq

Usethiscommandtoclearporttransmitqueuevaluesbacktotheirdefaultvalues.

Syntax
clear port txq port-string

12-8

Port Priority Configuration

clear port txq

Parameters
portstring

Clearstransmitqueuevaluesonspecificport(s)backtotheirdefault
values.Foradetaileddescriptionofpossibleportstringvalues,referto
PortStringSyntaxUsedintheCLIonpage 71.
Onlyphysicalportscanbeconfiguredwiththiscommand.LAGports
cannotbeconfigured.

Defaults
Bydefault,transmitqueuesaredefinedasfollows:
Queue

Mode

Weight

Queue

Mode

Weight

WRR

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtocleartransmitqueuevaluesonge.1.1:
B5(su)->clear port txq ge.1.1

Enterasys B5 CLI Reference

12-9

clear port txq

12-10

Port Priority Configuration

13
IGMP Configuration
ThischapterdescribestheIGMPConfigurationsetofcommandsandhowtousethem.
For information about...

Refer to page...

IGMP Overview

13-1

Configuring IGMP at Layer 2

13-2

Configuring IGMP on Routing Interfaces

13-10

IGMP Overview
About IP Multicast Group Management
TheInternetGroupManagementProtocol(IGMP)runsbetweenhostsandtheirimmediately
neighboringmulticastdevice.Theprotocolsmechanismsallowahosttoinformitslocaldevice
thatitwantstoreceivetransmissionsaddressedtoaspecificmulticastgroup.
Amulticastenableddevicecanperiodicallyaskitshostsiftheywanttoreceivemulticasttraffic.If
thereismorethanonedeviceontheLANperformingIPmulticasting,oneofthesedevicesis
electedquerierandassumestheresponsibilityofqueryingtheLANforgroupmembers.
BasedonthegroupmembershipinformationlearnedfromIGMP,adevicecandeterminewhich(if
any)multicasttrafficneedstobeforwardedtoeachofitsports.AtLayer3,multicastdevicesuse
thisinformation,alongwithamulticastroutingprotocol,tosupportIPmulticastingacrossanIP
network.
IGMPprovidesthefinalstepinanIPmulticastpacketdeliveryservice,sinceitisonlyconcerned
withforwardingmulticasttrafficfromthelocaldevicetogroupmembersonadirectlyattached
subnetworkorLANsegment.
ThisdevicesupportsIPmulticastgroupmanagementbypassivelysnoopingontheIGMPquery
andIGMPreportpacketstransferredbetweenIPmulticastdevicesandIPmulticasthostgroupsto
learnIPmulticastgroupmembers.
ThepurposeofIPmulticastgroupmanagementistooptimizeaswitchednetworksperformance
somulticastpacketswillonlybeforwardedtothoseportscontainingmulticastgrouphostsor
multicastdevicesinsteadoffloodingtoallportsinthesubnet(VLAN).
InadditiontopassivelymonitoringIGMPqueryandreportmessages,theEnterasysB5canalso
activelysendL3IGMPquerymessagestolearnlocationsofmulticastdevicesandmemberhosts
inmulticastgroupswithineachVLAN.
However,notethatIGMPneitheraltersnorroutesanyIPmulticastpackets.SinceIGMPisnot
concernedwiththedeliveryofIPmulticastpacketsacrosssubnetworks,multicastroutingis
neededifIPmulticastpacketshavetoberoutedacrossdifferentsubnetworks.
Enterasys B5 CLI Reference

13-1

Configuring IGMP at Layer 2

About Multicasting
Multicastingisusedtosupportrealtimeapplicationssuchasvideoconferencesorstreaming
audio.Amulticastserverdoesnothavetoestablishaseparateconnectionwitheachclient.It
merelybroadcastsitsservicetothenetwork,andanyhoststhatwanttoreceivethemulticast
registerwiththeirlocalmulticastswitch/router.Althoughthisapproachreducesthenetwork
overheadrequiredbyamulticastserver,thebroadcasttrafficmustbecarefullyprunedatevery
multicastswitch/routeritpassesthroughtoensurethattrafficisonlypassedtothehoststhat
subscribedtothisservice.

Configuring IGMP at Layer 2

TheEnterasysB5switchdeviceusesIGMP(InternetGroupManagementProtocol)toqueryfor
anyattachedhostswhowanttoreceiveaspecificmulticastservice.ThedevicelooksuptheIP
MulticastGroupusedforthisserviceandaddsittotheegresslistoftheLevel3interface.Itthen
propagatestheservicerequestontoanyneighboringmulticastswitch/routertoensurethatitwill
continuetoreceivethemulticastservice.
Note: An Enterasys Networks Feature Guide document containing an in-depth discussion of
multicast configuration is located on the Enterasys Networks web site:
https://extranet.enterasys.com/downloads/

Purpose
ToconfigureIGMPsnoopingfromtheswitchCLI.

Commands
For information about...

13-2

Refer to page...

show igmpsnooping

13-3

set igmpsnooping adminmode

13-3

set igmpsnooping interfacemode

13-4

set igmpsnooping groupmembershipinterval

13-4

set igmpsnooping maxresponse

13-5

set igmpsnooping mcrtrexpiretime

13-6

set igmpsnooping add-static

13-6

set igmpsnooping remove-static

13-7

show igmpsnooping static

13-7

show igmpsnooping mfdb

13-8

clear igmpsnooping

13-9

IGMP Configuration

show igmpsnooping

show igmpsnooping
UsethiscommandtodisplayIGMPsnoopinginformation.

Syntax
show igmpsnooping

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Usage
ConfiguredinformationisdisplayedwhetherornotIGMPsnoopingisenabled.Status
informationisdisplayedonlywhenthefunctionisenabled.ForinformationonenablingIGMPon
thesystem,refertosetigmpsnoopingadminmodeonpage 133.Forinformationonenabling
IGMPononeormoreports,refertosetigmpsnoopinginterfacemodeonpage 134.

Example
ThisexampleshowshowtodisplayIGMPsnoopinginformation:
B5(su)->show igmpsnooping
Admin Mode.....................................
Group Membership Interval......................
Max Response Time..............................
Multicast Router Present Expiration Time.......
Interfaces Enabled for IGMP Snooping...........
Multicast Control Frame Count..................
Data Frames Forwarded by the CPU...............

Enable
260
100
0
ge.1.1,ge.1.2,ge.1.3
0
0 set

set igmpsnooping adminmode

UsethiscommandtoenableordisableIGMPonthesystem.

Syntax
set igmpsnooping adminmode {enable | disable}

Parameters
enable|disable

EnablesordisablesIGMPsnoopingonthesystem.

Defaults
None.

Mode
Switchcommand,readwrite.

Enterasys B5 CLI Reference

13-3

set igmpsnooping interfacemode

Usage
InorderforIGMPsnoopingtobeenabledononeorallports,itmustbegloballyenabledonthe
devicewiththiscommand,andthenenabledonaport(s)usingthesetigmpsnoopinginterface
modecommandasdescribedinsetigmpsnoopinginterfacemodeonpage 134.

Note: IGMP snooping cannot be controlled via WebView.

Example
ThisexampleshowshowtoenableIGMPonthesystem:
B5(su)->set igmpsnooping adminmode enable

set igmpsnooping interfacemode

UsethiscommandtoenableordisableIGMPononeorallports.

Syntax
set igmpsnooping interfacemode port-string {enable | disable}

Parameters
portstring

SpecifiesoneormoreportsonwhichtoenableordisableIGMP.

enable|disable

EnablesordisablesIGMP.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
InorderforIGMPsnoopingtobeenabledononeorallports,itmustbegloballyenabledonthe
deviceusingthesetigmpsnoopingadminmodecommandasdescribedinsetigmpsnooping
adminmodeonpage 133,andthenenabledonaport(s)usingthiscommand.

Example
ThisexampleshowshowtoenableIGMPonportge.1.10:
B5(su)->set igmpsnooping interfacemode ge.1.10 enable

set igmpsnooping groupmembershipinterval

UsethiscommandtoconfiguretheIGMPgroupmembershipintervaltimeforthesystem.

Syntax
set igmpsnooping groupmembershipinterval time

13-4

IGMP Configuration

set igmpsnooping maxresponse

Parameters
time

SpecifiestheIGMPgroupmembershipinterval.Validvaluesare23600
seconds.
Thisvalueworkstogetherwiththesetigmpsnoopingmaxresponsetime
commandtoremoveportsfromanIGMPgroupandmustbegreaterthan
themaxresponsetimevalue.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
TheIGMPgroupmembershipintervaltimesetsthefrequencyofhostqueryframetransmissions
andmustbegreaterthantheIGMPmaximumresponsetimeasdescribedinsetigmpsnooping
maxresponseonpage 135.

Example
ThisexampleshowshowtosettheIGMPgroupmembershipintervalto250seconds:
B5(su)->set igmpsnooping groupmembershipinterval 250

set igmpsnooping maxresponse

UsethiscommandtoconfiguretheIGMPquerymaximumresponsetimeforthesystem.

Syntax
set igmpsnooping maxresponse time

Parameters
time

SpecifiestheIGMPmaximumqueryresponsetime.Validvaluesare100
255seconds.Thedefaultvalueis100seconds.
Thisvalueworkstogetherwiththesetigmpsnooping
groupmembershipintervalcommandtoremoveportsfromanIGMPgroup
andmustbelesserthanthegroupmembershipintervalvalue.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
ThisvaluemustbelessthantheIGMPmaximumresponsetimedescribedinsetigmpsnooping
groupmembershipintervalonpage 134.

Enterasys B5 CLI Reference

13-5

set igmpsnooping mcrtrexpiretime

Example
ThisexampleshowshowtosettheIGMPmaximumresponsetimeto100seconds:
B5(su)->set igmpsnooping maxresponse 100

set igmpsnooping mcrtrexpiretime

UsethiscommandtoconfiguretheIGMPmulticastrouterexpirationtimeforthesystem.

Syntax
set igmpsnooping mcrtrexpire time

Parameters
time

SpecifiestheIGMPmulticastrouterexpirationtime.Validvaluesare0
3600seconds.Avalueof0willconfigurethesystemwithaninfinite
expirationtime.Thedefaultvalueis0.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
Thistimerisforexpiringtheswitchfromthemulticastdatabase.Ifthetimerexpires,andtheonly
addressleftisthemulticastswitch,thentheentrywillberemoved.

Example
ThisexampleshowshowtosettheIGMPmulticastrouterexpirationtimetoinfinity:
B5(su)->set igmpsnooping mcrtrexpiretime 0

set igmpsnooping add-static

ThiscommandcreatesanewstaticIGMPentryoraddsoneormorenewportstoanexistingentry.

Syntax
set igmpsnooping add-static group vlan-list [modify] [port-string]

Parameters
group

SpecifiesthemulticastgroupIPaddressfortheentry.

vlanlist

SpecifiestheVLANsonwhichtoconfiguretheentry.

modify

(Optional)Addsthespecifiedportorportstoanexistingentry.

portstring

(Optional)Specifiestheportorportstoaddtotheentry.

Defaults
Ifnoportsarespecified,allportsareaddedtotheentry.
13-6

IGMP Configuration

set igmpsnooping remove-static

Ifmodifyisnotspecified,anewentryiscreated.

Mode
Switchcommand,readwrite.

Usage
UsethiscommandtocreateandconfigurestaticLayer2IGMPentries.Currently,upto100static
groupscanbeconfigured.Atotalof256dynamicandstaticIGMPgroupsaresupported.

Example
ThisexamplecreatesanIGMPentryforthemulticastgroupwithIPaddressof233.11.22.33
configuredonVLAN20configuredwiththeportge.1.1.
B5(su)->set igmpsnooping add-static 233.11.22.33 20 ge.1.1

set igmpsnooping remove-static

ThiscommanddeletesastaticIGMPentryorremovesoneormorenewportsfromanexisting
entry.

Syntax
set igmpsnooping remove-static group vlan-list [modify] [port-string]

Parameters
group

SpecifiesthemulticastgroupIPaddressoftheentry.

vlanlist

SpecifiestheVLANsonwhichtheentryisconfigured.

modify

(Optional)Removesthespecifiedportorportsfromanexistingentry.

portstring

(Optional)Specifiestheportorportstoremovefromtheentry.

Defaults
Ifnoportsarespecified,allportsareremovedfromtheentry.

Mode
Switchcommand,readwrite.

Example
Thisexampleremovesportge.1.1fromtheentryforthemulticastgroupwithIPaddressof
233.11.22.33configuredonVLAN20.
B5(su)->set igmpsnooping remove-static 233.11.22.33 20 ge.1.1

show igmpsnooping static

ThiscommanddisplaysstaticIGMPportsforoneormoreVLANsorIGMPgroups.

Syntax
show igmpsnooping static vlan-list [group group]

Enterasys B5 CLI Reference

13-7

show igmpsnooping mfdb

Parameters
vlanlist

SpecifiestheVLANforwhichtodisplaystaticIGMPports.

groupgroup

(Optional)SpecifiestheIGMPgroupforwhichtodisplaystaticIGMP
ports.

Defaults
Ifnogroupisspecified,informationforallgroupsisdisplayed.

Mode
Switchcommand,readonly.

Example
ThisexampledisplaysthestaticIGMPportsforVLAN20.
B5(su)->show igmpsnooping static 20
-------------------------------------------------------------------------------Vlan Id
= 20
Static Multicast Group Address = 233.11.22.33
Type = IGMP
IGMP Port List = ge.1.1

show igmpsnooping mfdb

Usethiscommandtodisplaymulticastforwardingdatabase(MFDB)information.

Syntax
show igmpsnooping mfdb [stats]

Parameters
stats

(Optional)DisplaysMFDBstatistics.

Defaults
Ifstatsisnotspecified,allMFDBtableentrieswillbedisplayed.

Mode
Switchcommand,readonly.

Examples
Thisexampleshowshowtodisplaymulticastforwardingdatabaseentries:
B5(su)->show igmpsnooping mfdb
MAC Address
Type
Description
----------------------- ------- ---------------00:14:01:00:5E:02:CD:B0 Dynamic Network Assist
00:32:01:00:5E:37:96:D0 Dynamic Network Assist
00:32:01:00:5E:7F:FF:FA Dynamic Network Assist

Interfaces
------------------------Fwd: ge.1.1,ge.3.1,ge.4.1
Fwd: ge.4.7
Fwd: ge.4.7

Thisexampleshowshowtodisplaymulticastforwardingdatabasestatistics:
B5(su)->show igmpsnooping mfdb stats
Max MFDB Table Entries......................... 256
Most MFDB Entries Since Last Reset............. 1
Current Entries................................ 0
13-8

IGMP Configuration

clear igmpsnooping

clear igmpsnooping
UsethiscommandtoclearallIGMPsnoopingentries.

Syntax
clear igmpsnooping

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoclearallIGMPsnoopingentries:
B5(su)->clear igmpsnooping
Are you sure you want to clear all IGMP snooping entries? (y/n) y
IGMP Snooping Entries Cleared.

Enterasys B5 CLI Reference

13-9

Configuring IGMP on Routing Interfaces

Router: The commands covered in this section can be executed only when the device is in router
mode. For details on how to enable router configuration modes, refer to Enabling Router
Configuration Modes on page 18-2.

Purpose
ToconfigureIGMPonroutinginterfaces.

Commands
For information about...

Refer to page...

ip igmp

13-10

ip igmp enable

13-11

ip igmp version

13-11

show ip igmp interface

13-12

show ip igmp groups

13-13

ip igmp query-interval

13-13

ip igmp query-max-response-time

13-14

ip igmp startup-query-interval

13-14

ip igmp startup-query-count

13-15

ip igmp last-member-query-interval

13-15

ip igmp last-member-query-count

13-16

ip igmp robustness

13-16

ip igmp
UsethiscommandtoenabletheL3IGMPQuerierfunctionalityontheswitch.Thenoformofthis
commanddisablesIGMPQuerierfunctionality.

Syntax
ip igmp
no ip igmp

Parameters
None.

Defaults
None.

Mode
Globalconfiguration:B5(su)>router(Config)#

13-10

IGMP Configuration

ip igmp enable

Usage
EnablingIGMPonaroutinginterfacerequiresboththeipigmpcommand(page1310),which
enablesitontherouter,andtheipigmpenablecommand(page1311),whichenablesitonan
interface.Oncethesecommandsareexecuted,thedevicewillstartsendingandprocessingIGMP
multicasttraffic.IGMPisdisabledbydefault,bothgloballyandonaperinterfacebasis.

Example
ThisexampleshowshowtoenableIGMPontherouter:
B5(su)->router(Config)#ip igmp

ip igmp enable
UsethiscommandtoenableIGMPonaninterface.ThenoformofthiscommanddisablesIGMP
onaninterface.

Syntax
ip igmp enable
no ip igmp enable

Parameters
None.

Defaults
None.

Mode
Interfaceconfiguration:B5(su)>router(Configif(Vlan1))#

Example
ThisexampleshowshowtoenableIGMPontheVLAN1interface:
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#ip igmp enable

ip igmp version
UsethiscommandtosettheversionofIGMPrunningontherouter.Thenoformofthiscommand
resetsIGMPtothedefaultversionof2(IGMPv2).

Syntax
ip igmp version version
no ip igmp

Enterasys B5 CLI Reference

13-11

show ip igmp interface

Parameters
version

SpecifiestheIGMPversionnumbertorunontherouter.Validvaluesare
1,2,or3.

Defaults
None.

Mode
Interfaceconfiguration:B5(su)>router(Configif(Vlan1))#

Example
ThisexampleshowshowtosettheIGMPversiontoversion1onVLAN1:
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#ip igmp version 1

show ip igmp interface

UsethiscommandtodisplayinformationaboutoneormoreIGMProutinginterfaces.

Syntax
show ip igmp interface [vlan vlan-id]

Parameters
vlanvlanid

(Optional)DisplaysinformationforoneormoreVLANs.

Defaults
Ifnotspecified,informationwillbedisplayedforallVLANsconfiguredforIGMProuting.

Mode
Anyroutermode.

Example
ThisexampleshowshowtodisplayIGMProutinginformationforVLAN1:
B5(su)->router#show ip igmp interface vlan 1
Vlan 1 is Admin UP
Vlan 1 is Oper UP
IGMP is configured via the Switch
IGMP ACL currently not supported
Multicast TTL currently defaults to 1
IGMP Version is 2
Query Interval is 125 (secs)
Query Max Response Time is 100 (1/10 of a second)
Robustness is 2
Startup Query Interval is 31 (secs)
Startup Query Count is 2
Last Member Query Interval is 10 (1/10 of a second)
Last Member Query Count is 2

13-12

IGMP Configuration

show ip igmp groups

UsethiscommandtodisplayalistofIGMPstreamsandclientconnectionports.

Syntax
show ip igmp groups

Parameters
None.

Defaults
None.

Mode
Anyroutermode.

Example
ThisexampleshowshowtodisplayinformationaboutIGMPgroups:
B5(su)->router#show ip igmp groups
REGISTERED MULTICAST GROUP DETAILS
Multicast
IP Address
Last Reporter
Up Time Expiry Time Host Timer
--------------- --------------- ------- ------------ -----------228.1.1.1
12.12.12.2
27

Version1
----------

ip igmp query-interval
UsethiscommandtosettheIGMPqueryintervalonaroutinginterface.Thenoformofthis
commandresetstheIGMPqueryintervaltothedefaultvalueof125seconds.

Syntax
ip igmp query-interval time
no ip igmp query-interval

Parameters
time

SpecifiestheIGMPqueryinterval.Validvaluesarefrom1to3600
seconds.Defaultis125seconds.

Defaults
None.

Mode
Interfaceconfiguration:B5(su)>router(Configif(Vlan1))#

Example
ThisexampleshowshowtosettheIGMPqueryintervalto1800secondsonVLAN1:
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#ip igmp query-interval 1800

Enterasys B5 CLI Reference

13-13

ip igmp query-max-response-time

ip igmp query-max-response-time
UsethiscommandtosetthemaximumresponsetimeintervaladvertisedinIGMPv2queries.The

no form of this command resets the IGMP maximum response time to the default value of 100
(one tenth of a second).

Syntax
ip igmp query-max-response-time time
no ip igmp query-max-response-time

Parameters
time

SpecifiestheIGMPmaximumresponsetimeinterval.Validvaluesare
from0to255tenthsofasecond.The default value is 100 (one tenth of a

second).

Defaults
None.

Mode
Interfaceconfiguration:B5(su)>router(Configif(Vlan1))#

Example
ThisexampleshowshowtosettheIGMPquerymaximumresponsetimeintervalto200(2tenths
ofasecond)onVLAN1:
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#ip igmp query-max-response-time 200

ip igmp startup-query-interval
UsethiscommandtosettheintervalbetweengeneralIGMPqueriessentonstartup.Thenoform
ofthiscommandresetstheIGMPstartupqueryintervaltothedefaultvalueof31seconds.

Syntax
ip igmp startup-query-interval time
no ip igmp startup-query-interval

Parameters
time

SpecifiestheIGMPstartupqueryinterval.Validvaluesarefrom1to300
seconds.Thedefaultvalueis31seconds.

Defaults
None.

Mode
Interfaceconfiguration:B5(su)>router(Configif(Vlan1))#

13-14

IGMP Configuration

ip igmp startup-query-count

Example
ThisexampleshowshowtosettheIGMPstartupqueryintervalto100secondsonVLAN1:
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#ip igmp startup-query-interval 100

ip igmp startup-query-count
UsethiscommandtosetthenumberofIGMPqueriessentoutonstartup,separatedbythe
startupqueryintervalasdescribedinipigmpstartupqueryinterval(page1314).Thenoformof
thiscommandresetstheIGMPstartupquerycounttothedefaultvalueof2.

Syntax
ip igmp startup-query-count count
no ip igmp startup-query-count

Parameters
count

SpecifiesthenumberofIGMPstartupqueries.Validvaluesarefrom1to
20.Thedefaultvalueis2.

Defaults
None.

Mode
Interfaceconfiguration:B5(su)>router(Configif(Vlan1))#

Example
ThisexampleshowshowtosettheIGMPstartupquerycountto10onVLAN1:
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#ip igmp startup-query-count 10

ip igmp last-member-query-interval
Usethiscommandtosetthemaximumresponsetimebeinginsertedintogroupspecificqueries
sentinresponsetoleavegroupmessages.ThenoformofthiscommandresetstheIGMPlast
memberqueryintervaltothedefaultvalueof1second.

Syntax
ip igmp last-member-query-interval time
no ip igmp last-member-query-interval

Parameters
time

SpecifiestheIGMPlastmemberqueryinterval.Validvaluesarefrom0to
255seconds.Thedefaultvalueis1second.

Defaults
None.

Enterasys B5 CLI Reference

13-15

ip igmp last-member-query-count

Mode
Interfaceconfiguration:B5(su)>router(Configif(Vlan1))#

Example
ThisexampleshowshowtosettheIGMPlastmemberqueryintervalto10secondsonVLAN1:
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#ip igmp last-member-query-interval 10

ip igmp last-member-query-count
Usethiscommandtosetthenumberofgroupspecificqueriessentbeforeassumingthereareno
localmembers.ThenoformofthiscommandresetstheIGMPlastmemberquerycounttothe
defaultvalueof2.

Syntax
ip igmp last-member-query-count count
no ip igmp last-member-query-count

Parameters
count

SpecifiesthenumberofIGMPstartupqueries.Validvaluesarefrom1to
20.Thedefaultvalueis2.

Defaults
None.

Mode
Interfaceconfiguration:B5(su)>router(Configif(Vlan1))#

Example
ThisexampleshowshowtosettheIGMPlastmemberquerycountto10onVLAN1:
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#ip igmp last-member-query-count 10

ip igmp robustness
UsethiscommandtoconfiguretherobustnesstuningforexpectedpacketlossonanIGMP
routinginterface.ThenoformofthiscommandresetstheIGMProbustnessvaluetothedefaultof
2.

Syntax
ip igmp robustness robustness
no ip igmp robustness

Parameters
robustness

13-16

IGMP Configuration

SpecifiestheIGMProbustnessvalue.Validvaluesarefrom1to255.The
defaultvalueis2.

ip igmp robustness

Defaults
None.

Mode
Interfaceconfiguration:B5(su)>router(Configif(Vlan1))#

Usage
ThisvaluedetermineshowmanytimesIGMPmessageswillbesent.Ahighernumberwillmean
thatendstationswillbemorelikelytoseethepacket.Aftertherobustnessvalueisreached,IGMP
willassumethereisnoresponsetoqueries.

Example
ThisexampleshowshowtosettheIGMProbustnessvalueto5onVLAN1:
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#ip igmp robustness 5

Enterasys B5 CLI Reference

13-17

ip igmp robustness

13-18

IGMP Configuration

14
Logging and Network Management
Thischapterdescribesswitchrelatedloggingandnetworkmanagementcommandsandhowto
usethem.
Note: The commands in this chapter pertain to network management of the Enterasys B5 device
from the switch CLI only. For information on router-related network management tasks, including
reviewing router ARP tables and IP traffic, refer to Chapter 19.
For information about...

Refer to page...

Configuring System Logging

14-1

Monitoring Network Events and Status

14-14

Managing Switch Network Addresses and Routes

14-19

Configuring Simple Network Time Protocol (SNTP)

14-29

Configuring Node Aliases

14-39

Configuring System Logging

Note: An Enterasys Networks Feature Guide document containing an in-depth discussion of Syslog
configuration is located on the Enterasys Networks web site:
https://extranet.enterasys.com/downloads/

Purpose
Todisplayandconfiguresystemlogging,includingSyslogserversettings,Syslogdefaultsettings,
andtheloggingbuffer.

Commands
For information about...

Refer to page...

show logging server

14-2

set logging server

14-3

clear logging server

14-4

show logging default

14-4

set logging default

14-5

Enterasys B5 CLI Reference

14-1

show logging server

For information about...

Refer to page...

clear logging default

14-6

show logging application

14-6

set logging application

14-7

clear logging application

14-9

show logging local

14-9

set logging local

14-10

clear logging local

14-10

show logging buffer

14-11

show logging interface

14-11

set logging interface

14-12

clear logging interface

14-13

show logging server

UsethiscommandtodisplaytheSyslogconfigurationforaparticularserver.

Syntax
show logging server [index]

Parameters
index

(Optional)DisplaysSysloginformationpertainingtoaspecificserver
tableentry.Validvaluesare18.

Defaults
Ifindexisnotspecified,allSyslogserverinformationwillbedisplayed.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaySyslogserverconfigurationinformation:
B5(ro)->show logging server
IP Address
Facility Severity
Description
Port Status
------------------------------------------------------------------------1 132.140.82.111 local4 warning(5)
default
514 enabled
2 132.140.90.84 local4 warning(5)
default
514 enabled

Table 141providesanexplanationofthecommandoutput.

14-2

Logging and Network Management

set logging server

Table 14-1

show logging server Output Details

Output Field

What It Displays...

IP Address

Syslog servers IP address. For details on setting this using the set logging server
command, refer to set logging server on page 14-3.

Facility

Syslog facility that will be encoded in messages sent to this server. Valid values are:
local0 to local7.

Severity

Severity level at which the server is logging messages.

Description

Text string description of this facility/server.

Port

UDP port the client uses to send to the server.

Status

Whether or not this Syslog configuration is currently enabled or disabled.

set logging server

UsethiscommandtoconfigureaSyslogserver.

Syntax
set logging server index [ip-addr ip-addr] [facility facility] [severity severity]
[descr descr] [port port] [state {enable | disable}]

Parameters
index

Specifiestheservertableindexnumberforthisserver.Validvaluesare1
8.

ipaddripaddr

(Optional)SpecifiestheSyslogmessageserversIPaddress.

facilityfacility

(Optional)Specifiestheserversfacilityname.Validvaluesare:local0to
local7.

severityseverity

(Optional)Specifiestheseveritylevelatwhichtheserverwilllog
messages.Validvaluesandcorrespondinglevelsare:
1emergencies(systemisunusable)
2alerts(immediateactionrequired)
3criticalconditions
4errorconditions
5warningconditions
6notifications(significantconditions)
7informationalmessages
8debuggingmessages

descrdescr

(Optional)Specifiesatextualstringdescriptionofthisfacility/server.

portport

(Optional)SpecifiesthedefaultUDPporttheclientusestosendtothe
server.

stateenable|
disable

(Optional)Enablesordisablesthisfacility/serverconfiguration.

Enterasys B5 CLI Reference

14-3

clear logging server

Defaults
Ifipaddrisnotspecified,anentryintheSyslogservertablewillbecreatedwiththespecified
indexnumberandamessagewilldisplayindicatingthatnoIPaddresshasbeenassigned.
Ifnotspecified,facility,severityandportwillbesettodefaultsconfiguredwiththesetlogging
defaultcommand(setloggingdefaultonpage 145).
Ifstateisnotspecified,theserverwillnotbeenabledordisabled.

Mode
Switchcommand,readwrite.

Example
ThiscommandshowshowtoenableaSyslogserverconfigurationforindex1,IPaddress
134.141.89.113,facilitylocal4,severitylevel3onport514:
B5(su)->set logging server 1 ip-addr 134.141.89.113 facility local4 severity 3
port 514 state enable

clear logging server

UsethiscommandtoremoveaserverfromtheSyslogservertable.

Syntax
clear logging server index

Parameters
index

Specifiestheservertableindexnumberfortheservertoberemoved.
Validvaluesare18.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThiscommandshowshowtoremovetheSyslogserverwithindex1fromtheservertable:
B5(su)->clear logging server 1

show logging default

UsethiscommandtodisplaytheSyslogserverdefaultvalues.

Syntax
show logging default

Parameters
None.
14-4

Logging and Network Management

set logging default

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThiscommandshowshowtodisplaytheSyslogserverdefaultvalues.Foranexplanationofthe
commandoutput,referbacktoTable 141onpage 143.
B5(su)->show logging default

Defaults:

Facility
Severity
Port
----------------------------------------local4
warning(5)
514

set logging default

Usethiscommandtosetloggingdefaultvalues.

Syntax
set logging default {[facility facility] [severity severity] port port]}

Parameters
facilityfacility

Specifiesthedefaultfacilityname.Validvaluesare:local0tolocal7.

severityseverity

Specifiesthedefaultloggingseveritylevel.Validvaluesand
correspondinglevelsare:
1emergencies(systemisunusable)
2alerts(immediateactionrequired)
3criticalconditions
4errorconditions
5warningconditions
6notifications(significantconditions)
7informationalmessages
8debuggingmessages

portport

SpecifiesthedefaultUDPporttheclientusestosendtotheserver.

Defaults
None.

Mode
Switchcommand,readwrite.

Enterasys B5 CLI Reference

14-5

clear logging default

Example
ThisexampleshowshowtosettheSyslogdefaultfacilitynametolocal2andtheseveritylevelto4
(errorlogging):
B5(su)->set logging default facility local2 severity 4

clear logging default

Usethiscommandtoresetloggingdefaultvalues.

Syntax
clear logging default {[facility] [severity] [port]}

Parameters
facility

(Optional)Resetsthedefaultfacilitynametolocal4.

severity

(Optional)Resetsthedefaultloggingseveritylevelto6(notificationsof
significantconditions).

port

(Optional)ResetsthedefaultUDPporttheclientusestosendtotheserver
to514.

Defaults
Atleastoneoptionalparametermustbeentered.
Allthreeoptionalkeywordsmustbeenteredtoresetallloggingvaluestodefaults.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoresettheSyslogdefaultseveritylevelto6:
B5(su)->clear logging default severity

show logging application

UsethiscommandtodisplaytheseveritylevelofSyslogmessagesforoneorallapplications
configuredforloggingonyoursystem.

Syntax
show logging application [mnemonic | all]

14-6

Logging and Network Management

set logging application

Parameters
mnemonic

(Optional)Displaysseveritylevelforoneapplicationconfiguredfor
logging.Mnemonicswillvarydependingonthenumberandtypesof
applicationsrunningonyoursystem.Samplemnemonicsandtheir
correspondingapplicationsarelistedinTable 143onpage 148.
Note: Mnemonic values are case sensitive and must be typed as they appear in
Table 14-3.

all

(Optional)Displaysseveritylevelforallapplicationsconfiguredfor
logging.

Defaults
Ifnoparameterisspecified,informationforallapplicationswillbedisplayed.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaysystemlogginginformationpertainingtotheSNMP
application.
B5(ro)->show logging application SNMP
Application
Current Severity Level
--------------------------------------------90
SNMP
6
1(emergencies)
4(errors)
7(information)

2(alerts)
5(warnings)
8(debugging)

3(critical)
6(notifications)

Table 142providesanexplanationofthecommandoutput.
Table 14-2

show logging application Output Details

Output Field

What it displays...

Application

A mnemonic abbreviation of the textual description for

applications being logged.

Current Severity Level

Severity level at which the server is logging messages for the

listed application. This range (from 1 to 8) and its associated
severity list is shown in the CLI output. For a description of these
entries, which are set using the set logging application
command, refer to set logging application on page 14-7.

set logging application

Usethiscommandtosettheseverityleveloflogmessagesforoneorallapplications.

Syntax
set logging application {[mnemonic | all]} [level level]

Enterasys B5 CLI Reference

14-7

set logging application

Parameters
mnemonic

Specifiesacasesensitivemnemonicabbreviationofanapplicationtobe
logged.Thisparameterwillvarydependingonthenumberandtypesof
applicationsrunningonyoursystem.Todisplayacompletelist,usethe
showloggingapplicationcommandasdescribedinshowlogging
applicationonpage 146.Samplemnemonicsandtheircorresponding
applicationsarelistedinTable 143onpage 148.
Note: Mnemonic values are case sensitive and must be typed as they appear in
Table 14-3.

all

Setstheloggingseveritylevelforallapplications.

levellevel

(Optional)Specifiestheseveritylevelatwhichtheserverwilllog
messagesforapplications.Validvaluesandcorrespondinglevelsare:
1emergencies(systemisunusable)
2alerts(immediateactionrequired)
3criticalconditions
4errorconditions
5warningconditions
6notifications(significantconditions)
7informationalmessages
8debuggingmessages

Table 14-3

Mnemonic Values for Logging Applications

Mnemonic

Application

CLIWEB

Command Line Interface and Webview management

SNMP

Simple Network Management Protocol

STP

Spanning Tree Protocol

Driver

Hardware drivers

System

Non-application items such as general chassis management

Stacking

Stacking management (if applicable)

UPN

User Personalized Networking

Router

Defaults
Iflevelisnotspecified,nonewillbeapplied.

Mode
Switchcommand,readwrite.

14-8

Logging and Network Management

clear logging application

Example
ThisexampleshowshowtosettheseveritylevelforSNMPto4sothaterrorconditionswillbe
loggedforthatapplication.
B5(rw)->set logging application SNMP level 4

clear logging application

Usethiscommandtoresettheloggingseveritylevelforoneorallapplicationstothedefaultvalue
of6(notificationsofsignificantconditions).

Syntax
clear logging application {mnemonic | all}

Parameters
mnemonic

Resetstheseveritylevelforaspecificapplicationto6.Validmnemonic
valuesandtheircorrespondingapplicationsarelistedinTable 143on
page 148.

all

Resetstheseveritylevelforallapplicationsto6.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoresettheloggingseveritylevelto6forSNMP.
B5(rw)->clear logging application SNMP

show logging local

Usethiscommandtodisplaythestateofmessageloggingtotheconsoleandapersistentfile.

Syntax
show logging local

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Enterasys B5 CLI Reference

14-9

set logging local

Example
Thisexampleshowshowtodisplaythestateofmessagelogging.Inthiscase,loggingtothe
consoleisenabledandloggingtoapersistentfileisdisabled.
B5(su)->show logging local
Syslog Console Logging enabled
Syslog File Logging disabled

set logging local

Usethiscommandtoconfigurelogmessagestotheconsoleandapersistentfile.

Syntax
set logging local console {enable | disable} file {enable | disable}

Parameters
consoleenable|disable

Enablesordisablesloggingtotheconsole.

fileenable|disable

Enablesordisablesloggingtoapersistentfile.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thiscommandshowshowtoenableloggingtotheconsoleanddisableloggingtoapersistentfile:
B5(su)->set logging local console enable file disable

clear logging local

Usethiscommandtocleartheconsoleandpersistentstoreloggingforthelocalsession.

Syntax
clear logging local

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

14-10

Logging and Network Management

show logging buffer

Example
Thisexampleshowshowtoclearlocallogging:
B5(su)->clear logging local

show logging buffer

Usethiscommandtodisplaythelast256messageslogged.Bydefault,criticalfailuresanduser
loginandlogouttimestampsaredisplayed.

Syntax
show logging buffer

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
Thisexampleshowsaportionoftheinformationdisplayedwiththeshowloggingbuffer
command:
B5(su)->show logging buffer
<165>Sep 4 07:43:09 10.42.71.13 CLI[5]User:rw logged in from 10.2.1.122 (telnet)
<165>Sep 4 07:43:24 10.42.71.13 CLI[5]User: debug failed login from 10.4.1.100
(telnet)

show logging interface

UsethiscommandtodisplaytheinterfaceusedforthesourceIPaddressofthesystemlogging.

Syntax
show logging interface

Parameters
None.

Defaults
None.

Mode
Switchmode,readonly.

Enterasys B5 CLI Reference

14-11

set logging interface

Example
Thisexampledisplaystheoutputofthiscommand.Inthiscase,theIPaddressassignedto
loopbackinterface1willbeusedasthesourceIPaddressofthesystemlogging.
B5(rw)->show logging interface
loopback 1

192.168.10.1

set logging interface

UsethiscommandtospecifytheinterfaceusedforthesourceIPaddressofthesystemlogging.

Syntax
set logging interface {loopback loop-ID | vlan vlan-ID}

Parameters
loopbackloopID

Specifiestheloopbackinterfacetobeused.ThevalueofloopIDcan
rangefrom0to7.

vlanvlanID

SpecifiestheVLANinterfacetobeused.ThevalueofvlanIDcanrange
from1to4093.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
ThiscommandallowsyoutoconfigurethesourceIPaddressusedbythesystemlogging
applicationwhengeneratingpacketsformanagementpurposes.Anyofthemanagement
interfaces,includingVLANroutinginterfaces,canbeconfiguredasthesourceIPaddressusedin
packetsgeneratedbythesystemlogging.
AninterfacemusthaveanIPaddressassignedtoitbeforeitcanbesetbythiscommand.
Ifnointerfaceisspecified,thentheIPaddressoftheHostinterfacewillbeused.
Ifanonloopbackinterfaceisconfiguredwiththiscommand,applicationpacketegressis
restrictedtothatinterfaceiftheservercanbereachedfromthatinterface.Otherwise,thepackets
aretransmittedoverthefirstavailableroute.Packetsfromtheapplicationserverarereceivedon
theconfiguredinterface.
Ifaloopbackinterfaceisconfigured,andtherearemultiplepathstotheapplicationserver,the
outgoinginterface(gateway)isdeterminedbasedonthebestroutelookup.Packetsfromthe
applicationserverarethenreceivedonthesendinginterface.Ifrouteredundancyisrequired,
therefore,aloopbackinterfaceshouldbeconfigured.

Example
ThisexampleconfiguresanIPaddressonVLANinterface100andthensetsthatinterfaceasthe
systemloggingsourceIPaddress.
B5(rw)->router(Config-if(Vlan 100))#ip address 192.168.10.1 255.255.255.0
B5(rw)->router(Config-if(Vlan 100))#exit

14-12

Logging and Network Management

clear logging interface

B5(rw)->router(Config)#exit
B5(rw)->router#exit
B5(rw)->router>exit
B5(rw)->set logging interface vlan 100

B5(rw)->show logging interface

vlan 100

192.168.10.1

clear logging interface

UsethiscommandtocleartheinterfaceusedforthesourceIPaddressofthesystemloggingback
tothedefaultoftheHostinterface.

Syntax
clear logging interface

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThiscommandreturnstheinterfaceusedforthesourceIPaddressofthesystemloggingbackto
thedefaultoftheHostinterface.
B5(rw)->show logging interface
vlan 100

192.168.10.1

B5(rw)->clear logging interface

B5(rw)->

Enterasys B5 CLI Reference

14-13

Monitoring Network Events and Status

Purpose
Todisplayswitcheventsandcommandhistory,tosetthesizeofthehistorybuffer,andtodisplay
anddisconnectcurrentusersessions.

Commands
For information about...

Refer to page...

history

14-14

show history

14-15

set history

14-15

ping

14-16

show users

14-16

disconnect

14-17

show netstat

14-17

history
Usethiscommandtodisplaythecontentsofthecommandhistorybuffer.Thecommandhistory
bufferincludesalltheswitchcommandsentereduptoamaximumof100,asspecifiedintheset
historycommand(sethistoryonpage 1415).

Syntax
history

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaythecontentsofthecommandhistorybuffer.Itshowsthereare
fivecommandsinthebuffer:
B5(su)->history
1 hist
2 show gvrp
3 show vlan
4 show igmp
5 show ip address

14-14

Logging and Network Management

show history

show history
Usethiscommandtodisplaythesize(inlines)ofthehistorybuffer.

Syntax
show history

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaythesizeofthehistorybuffer:
B5(su)->show history
History buffer size: 20

set history
Usethiscommandtosetthesizeofthehistorybuffer.

Syntax
set history size [default]

Parameters
size

Specifiesthesizeofthehistorybufferinlines.Validvaluesare1to100.

default

(Optional)Makesthissettingpersistentforallfuturesessions.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtosetthesizeofthecommandhistorybufferto30lines:
B5(su)->set history 30

Enterasys B5 CLI Reference

14-15

ping

ping
UsethiscommandtosendICMPechorequestpacketstoanothernodeonthenetworkfromthe
switchCLI.

Syntax
ping host

Parameters
host

SpecifiestheIPaddressofthedevicetowhichthepingwillbesent.

Defaults
None.

Mode
Switchcommand,readwrite.

Examples
ThisexampleshowshowtopingIPaddress134.141.89.29.Inthiscase,thishostisalive:
B5(su)->ping 134.141.89.29
134.141.89.29 is alive

Inthisexample,thehostatIPaddressisnotresponding:
B5(su)->ping 134.141.89.255
no answer from 134.141.89.255

show users
UsethiscommandtodisplayinformationabouttheactiveconsoleportorTelnetsession(s)logged
intotheswitch.

Syntax
show users

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtousetheshowuserscommand.Inthisoutput,therearetwoTelnet
usersloggedinwithReadWriteaccessprivilegesfromIPaddresses134.141.192.119and
134.141.192.18:

14-16

Logging and Network Management

disconnect

B5(su)->show users
Session User Location
-------- ----- -------------------------* telnet
rw
134.141.192.119
telnet
rw
134.141.192.18

disconnect
UsethiscommandtocloseanactiveconsoleportorTelnetsessionfromtheswitchCLI.

Syntax
disconnect {ip-addr | console}

Parameters
ipaddr

SpecifiestheIPaddressoftheTelnetsessiontobedisconnected.This
addressisdisplayedintheoutputshowninshowusersonpage 1215.

console

Closesanactiveconsoleport.

Defaults
None.

Mode
Switchcommand,readwrite.

Examples
ThisexampleshowshowtocloseaTelnetsessiontohost134.141.192.119:
B5(su)->disconnect 134.141.192.119

Thisexampleshowshowtoclosethecurrentconsolesession:
B5(su)->disconnect console

show netstat
Usethiscommandtodisplaynetworklayerstatistics.

Syntax
show netstat [icmp | ip | routes | stats | tcp | udp]

Parameters
icmp

(Optional)ShowsInternetControlMessageProtocol(ICMP)statistics.

(Optional)ShowsInternetProtocol(IP)statistics.

routes

(Optional)ShowstheIProutingtable.

stats

(Optional)ShowsallstatisticsforTCP,UDP,IP,andICMP.

tcp

(Optional)ShowsTransmissionControlProtocol(TCP)statistics.

udp

(Optional)ShowsUserDatagramProtocol(UDP)statistics.

Enterasys B5 CLI Reference

14-17

show netstat

Defaults
Ifnoparametersarespecified,shownetstatwillbeexecutedasshownintheexamplebelow.

Mode
Switchcommand,readonly.

Example
Thefollowingexampleshowshowtodisplaystatisticsforallthecurrentactivenetwork
connections.
B5(su)->show netstat
Prot Local Address
---- ----------------------------TCP 127.0.0.1.2222
TCP 0.0.0.0.80
TCP 0.0.0.0.23
TCP 10.1.56.17.23
UDP 0.0.0.0.17185
UDP 127.0.0.1.49152
UDP 0.0.0.0.161
UDP 0.0.0.0.*
UDP 0.0.0.0.514

Foreign Address
----------------------------0.0.0.0.*
0.0.0.0.*
0.0.0.0.*
134.141.99.104.47718
0.0.0.0.*
127.0.0.1.17185
0.0.0.0.*
0.0.0.0.*
0.0.0.0.*

Thefollowingtabledescribestheoutputofthiscommand.
Table 14-4

14-18

show netstat Output Details

Output Field

What it displays...

Prot

Type of protocol running on the connection.

Local Address

IP address of the connections local host.

Foreign Address

IP address of the connections foreign host.

State

Communications mode of the connection.

Logging and Network Management

State
----------LISTEN
LISTEN
LISTEN
ESTABLISHED

Managing Switch Network Addresses and Routes

Purpose
TodisplayordeleteswitchARPtableentries,andtodisplayMACaddressinformation.

Commands
For information about...

Refer to page...

show arp

14-19

set arp

14-20

clear arp

14-21

traceroute

14-21

show mac

14-22

show mac agetime

14-23

set mac agetime

14-24

clear mac agetime

14-24

set mac algorithm

14-25

show mac algorithm

14-25

clear mac algorithm

14-26

set mac multicast

14-26

clear mac address

14-27

show mac unreserved-flood

14-28

set mac unreserved-flood

14-28

show arp
UsethiscommandtodisplaytheswitchsARPtable.

Syntax
show arp

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Enterasys B5 CLI Reference

14-19

set arp

Example
ThisexampleshowshowtodisplaytheARPtable:
B5(su)->show arp
LINK LEVEL ARP TABLE
IP Address
Phys Address
Flags
Interface
----------------------------------------------------10.20.1.1
00-00-5e-00-01-1
S
host
134.142.21.194
00-00-5e-00-01-1
S
host
134.142.191.192 00-00-5e-00-01-1
S
host
134.142.192.18
00-00-5e-00-01-1
S
host
134.142.192.119 00-00-5e-00-01-1
S
host
-----------------------------------------------------

Table 145providesanexplanationofthecommandoutput.
Table 14-5

show arp Output Details

Output Field

What It Displays...

IP Address

IP address mapped to MAC address.

Phys Address

MAC address mapped to IP address.

Flags

Route status. Possible values and their definitions include:

S - manually configured entry (static)
P - respond to ARP requests for this entry

set arp
UsethiscommandtoaddmappingentriestotheswitchsARPtable.

Syntax
set arp ip-address mac-address

Parameters
ipaddress

SpecifiestheIPaddresstomaptotheMACaddressandaddtotheARP
table.

macaddress

SpecifiestheMACaddresstomaptotheIPaddressandaddtotheARP
table.TheMACaddresscanbeformattedasxx:xx:xx:xx:xx:xxorxxxx
xxxxxxxx.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtomapIPaddress192.168.219.232toMACaddress00000c400fbc:
B5(su)->set arp 192.168.219.232 00-00-0c-40-0f-bc

14-20

Logging and Network Management

clear arp

clear arp
UsethiscommandtodeleteaspecificentryorallentriesfromtheswitchsARPtable.

Syntax
clear arp {ip-address | all}

Parameters
ipaddress|all

SpecifiestheIPaddressintheARPtabletobecleared,orclearsallARP
entries.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtodeleteentry10.1.10.10fromtheARPtable:
B5(su)->clear arp 10.1.10.10

traceroute
UsethiscommandtodisplayahopbyhoppaththroughanIPnetworkfromthedevicetoa
specificdestinationhost.ThreeUDPorICMPprobeswillbetransmittedforeachhopbetweenthe
sourceandthetraceroutedestination.

Syntax
traceroute [-w waittime] [-f first-ttl] [-m max-ttl] [-p port] [-q nqueries] [-r]
[-d] [-n] [-v] host

Parameters
wwaittime

(Optional)Specifiestimeinsecondstowaitforaresponsetoaprobe.

ffirstttl

(Optional)Specifiesthetimetolive(TTL)ofthefirstoutgoingprobe
packet.

mmaxttl

(Optional)Specifiesthemaximumtimetolive(TTL)usedinoutgoing
probepackets.

pport

(Optional)SpecifiesthebaseUDPportnumberusedinprobes.

qnqueries

(Optional)Specifiesthenumberofprobeinquiries.

(Optional)Bypassesthenormalhostroutingtables.

(Optional)Setsthedebugsocketoption.

(Optional)Displayshopaddressesnumerically.(Supportedinafuture
release.)

Enterasys B5 CLI Reference

14-21

show mac

(Optional)Displaysverboseoutput,includingthesizeanddestinationof
eachresponse.

host

SpecifiesthehosttowhichtherouteofanIPpacketwillbetraced.

Defaults
Ifnotspecified,waittimewillbesetto5seconds.
Ifnotspecified,firstttlwillbesetto1second.
Ifnotspecified,maxttlwillbesetto30seconds.
Ifnotspecified,portwillbesetto33434.
Ifnotspecified,nquerieswillbesetto3.
Ifrisnotspecified,normalhostroutingtableswillbeused.
Ifdisnotspecified,thedebugsocketoptionwillnotbeused.
Ifvisnotspecified,summaryoutputwillbedisplayed.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtousetraceroutetodisplayaroundtrippathtohost192.167.252.17.In
thiscase,hop1istheEnterasysB5switch,hop2is14.1.0.45,andhop3isbacktothehostIP
address.RoundtriptimesforeachofthethreeUDPprobesaredisplayednexttoeachhop:
B5(su)->traceroute 192.167.252.17
traceroute to 192.167.252.17 (192.167.252.17), 30 hops max, 40 byte packets
1 matrix.enterasys.com (192.167.201.40) 20.000 ms 20.000 ms 20.000 ms
2 14.1.0.45 (14.1.0.45) 40.000 ms 10.000 ms 20.000 ms
3 192.167.252.17 (192.167.252.17) 50.000 ms 0.000 ms 20.000 ms

show mac
UsethiscommandtodisplayMACaddressesintheswitchsfilteringdatabase.Theseare
addresseslearnedonaportthroughtheswitchingprocess.

Syntax
show mac [address mac-address] [fid fid] [port port-string] [type {other | learned
| self | mgmt | mcast}]

Parameters

14-22

addressmacaddress

(Optional)DisplaysaspecificMACaddress(ifitisknownbythe
device).

fidfid

(Optional)DisplaysMACaddressesforaspecificfilterdatabase
identifier.

portportstring

(Optional)DisplaysMACaddressesforspecificport(s).

typeother|learned|
self|mgmt|mcast

(Optional)Displaysinformationrelatedtoother,learned,self,mgmt
(management),orstaticmulticast(mcast)addresstype.

Logging and Network Management

show mac agetime

Defaults
Ifnoparametersarespecified,allMACaddressesforthedevicewillbedisplayed.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayMACaddressinformationforge.3.1:
B5(su)->show mac port ge.3.1
MAC Address
FID Port
Type
----------------- ---- ------------- -------00-09-6B-0F-13-E6 15
ge.3.1
Learned
MAC Address
VLAN Port
Type
Status Egress Ports
----------------- ---- ------------- ------- ------- --------------------------01-01-23-34-45-56 20
any
mcast
perm
ge.3.1

Table 146providesanexplanationofthecommandoutput.
Table 14-6

show mac Output Details

Output Field

What It Displays...

MAC Address

MAC addresses mapped to the port(s) shown.

FID

Filter database identifier.

Port

Port designation.

Type

Address type. Valid types are:

Learned
Self
Management
Other (this will include any static MAC locked addresses as described in
Configuring MAC Locking on page 15-42).
mcast (multicast)

VLAN

The VLAN ID configured for the multicast MAC address.

Status

The status of the multicast address.

Egress Ports

The ports which have been added to the egress ports list.

show mac agetime

UsethiscommandtodisplaythetimeoutperiodforaginglearnedMACentries.

Syntax
show mac agetime

Parameters
None.

Enterasys B5 CLI Reference

14-23

set mac agetime

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaytheMACtimeoutperiod:
B5(su)->show mac agetime
Aging time: 300 seconds

set mac agetime

UseThiscommandtosetthetimeoutperiodforaginglearnedMACentries.

Syntax
set mac agetime time

Parameters
time

SpecifiesthetimeoutperiodinsecondsforaginglearnedMAC
addresses.Validvaluesare10to1,000,000seconds.Defaultvalueis300
seconds.

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtosettheMACtimeoutperiod:
B5(su)->set mac agetime 250

clear mac agetime

UsethiscommandtoresetthetimeoutperiodforaginglearnedMACentriestothedefaultvalue
of300seconds.

Syntax
clear mac agetime

Parameters
None.

Defaults
None.
14-24

Logging and Network Management

set mac algorithm

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtoresettheMACtimeoutperiodtothedefaultvalueof300seconds.
B5(su)->clear mac agetime

set mac algorithm

UsethiscommandtosettheMACalgorithmmode,whichdeterminesthehashmechanismused
bythedevicewhenperformingLayer2lookupsonreceivedframes.

Syntax
set mac algorithm {mac-crc16-lowerbits | mac-crc16-upperbits |
mac-crc32-lowerbits | mac-crc32-upperbits}

Parameters
maccrc16lowerbits

SelecttheMACCRC16lowerbitsalgorithmforhashing.

maccrc16upperbits

SelecttheMACCRC16upperbitsalgorithmforhashing.

maccrc32lowerbits

SelecttheMACCRC32lowerbitsalgorithmforhashing.

maccrc32upperbits

SelecttheMACCRC32upperbitsalgorithmforhashing.

Defaults
ThedefaultMACalgorithmismaccrc16upperbits.

Mode
Switchcommand,readwrite.

Usage
EachalgorithmisoptimizedforadifferentspreadofMACaddresses.Whenchangingthismode,
theswitchwilldisplayawarningmessageandpromptyoutorestartthedevice.
ThedefaultMACalgorithmismaccrc16upperbits.

Example
Thisexamplesetsthehashingalgorithmtomaccrc32upperbits.
B5(rw)->set mac algorithm mac-crc32-upperbits

show mac algorithm

ThiscommanddisplaysthecurrentlyselectedMACalgorithmmode.

Syntax
show mac algorithm

Enterasys B5 CLI Reference

14-25

clear mac algorithm

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
Thisexampleshowstheoutputofthiscommand.
B5(su)->show mac algorithm
Mac hashing algorithm is mac-crc16-upperbits.

clear mac algorithm

UsethiscommandtoreturntheMAChashingalgorithmtothedefaultvalueofmaccrc16
upperbits.

Syntax
clear mac algorithm

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleresetstheMAChashingalgorithmtothedefaultvalue.
B5(su)->clear mac algorithm

set mac multicast

UsethiscommandtodefineonwhatportswithinaVLANamulticastaddresscanbedynamically
learnedon,oronwhatportsaframewiththespecifiedMACaddresscanbeflooded.Also,use
thiscommandtoappendportstoorclearportsfromtheegressportslist.

Syntax
set mac multicast mac-address vlan-id [port-string] [{append | clear} port-string]

14-26

Logging and Network Management

clear mac address

Parameters
macaddress

SpecifiesthemulticastMACaddress.TheMACaddresscanbe
formattedasxx:xx:xx:xx:xx:xxorxxxxxxxxxxxx.

vlanid

SpecifiestheVLANIDcontainingtheports.

portstring

SpecifiestheportorrangeofportsthemulticastMACaddresscanbe
learnedonorfloodedto.

append|clear

Appendsorclearstheportorrangeofportsfromtheegressportlist.

Defaults
Ifnoportstringisdefined,thecommandwillapplytoallports.

Mode
Switchcommand,readwrite.

Example
ThisexampleconfiguresmulticastMACaddress010122334455forVLAN24.
B5(su)->set mac multicast 01-01-22-33-44-55 24

clear mac address

UsethiscommandtoremoveamulticastMACaddress.

Syntax
clear mac address mac-address [vlan-id]

Parameters
macaddress

SpecifiesthemulticastMACaddresstobecleared.TheMACaddress
canbeformattedasxx:xx:xx:xx:xx:xxorxxxxxxxxxxxx.

vlanid

(Optional)SpecifiestheVLANIDfromwhichtoclearthestatic
multicastMACaddress.

Defaults
Ifnovlanidisspecified,themulticastMACaddressisclearedfromallVLANs.

Mode
Switchcommand,readwrite.

Example
ThisexampleclearsmulticastMACaddress010122334455fromVLAN24.
B5(su)->clear mac multicast 01-01-22-33-44-55 24

Enterasys B5 CLI Reference

14-27

show mac unreserved-flood

Usethiscommandtodisplaythestateofmulticastfloodprotection.

Syntax
show mac unreserved-flood

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampledisplaysthestatusofmulticastfloodprotection.
B5(su)->show mac unreserved-flood
mac unreserved flood is disabled.

set mac unreserved-flood

Usethiscommandtoenableordisablemulticastfloodprotection.Whenenabled,thisprevents
policyprofilesrequiringafull10masksfrombeingloaded.

Syntax
set mac unreserved-flood {disable | enable}

Parameters
disable|enable

Disablesorenablesmulticastfloodprotection.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
Thefollowingaddresseswillbeforwardedwhenthisfunctionisenabled:
01:80:C2:00:00:11
01:80:C2:00:00:14
01:80:C2:00:00:15
Thedefaultstateisdisabled,andtheseaddresseswillnotbeforwarded.

14-28

Logging and Network Management

Configuring Simple Network Time Protocol (SNTP)

Example
Thisexampleenablesmulticastfloodprotection.
B5(su)->set mac unreserved-flood enable

Configuring Simple Network Time Protocol (SNTP)

Purpose
ToconfiguretheSimpleNetworkTimeProtocol(SNTP),whichsynchronizesdeviceclocksina
network.
Note: A management IP (host, routing interface, or loopback) address must be configured for SNTP
to work..

Commands
For information about...

Refer to page...

show sntp

14-29

set sntp client

14-31

clear sntp client

14-31

set sntp server

14-32

clear sntp server

14-32

set sntp poll-interval

14-33

clear sntp poll-interval

14-33

set sntp poll-retry

14-34

clear sntp poll-retry

14-34

set sntp poll-timeout

14-35

clear sntp poll-timeout

14-35

set timezone

14-36

show sntp interface

14-37

set sntp interface

14-37

clear sntp interface

14-38

show sntp
UsethiscommandtodisplaySNTPclientsettings.

Syntax
show sntp

Enterasys B5 CLI Reference

14-29

show sntp

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaySNTPclientsettings:
B5(su)->show sntp
SNTP Version: 3
Current Time: TUE SEP 09 16:13:33 2003
Timezone: 'EST', offset from UTC is -4 hours and 0 minutes
Client Mode: unicast
Broadcast Count: 0
Poll Interval: 512 seconds
Poll Retry: 1
Poll Timeout: 5 seconds
SNTP Poll Requests: 1175
Last SNTP Update: TUE SEP 09 16:05:24 2003
Last SNTP Request: TUE SEP 09 16:05:24 2003
Last SNTP Status: Success
SNTP-Server
Precedence
Status
------------------------------------------10.2.8.6
2
Active
144.111.29.19
1
Active

Table 147providesanexplanationofthecommandoutput.
Table 14-7

show sntp Output Details

Output Field

What It Displays...

SNTP Version

SNTP version number.

Current Time

Current time on the system clock.

Timezone

Time zone name and amount it is offset from UTC (Universal Time). Set using the
set timezone command (set timezone on page 14-36).

Client Mode

Whether SNTP client is operating in unicast or broadcast mode. Set using set sntp
client command (set sntp client on page 14-31).

Broadcast Count

Number of SNTP broadcast frames received.

Poll Interval

Interval between SNTP unicast requests. Default of 512 seconds can be reset using
the set sntp poll-interval command (set sntp poll-interval on page 14-33).

Poll Retry

Number of poll retries to a unicast SNTP server. Default of 1 can be reset using the
set sntp poll-retry command (set sntp poll-retry on page 14-34).

Poll Timeout

Timeout for a response to a unicast SNTP request. Default of 5 seconds can be

reset using set sntp poll-timeout command (set sntp poll-timeout on page 14-35).

SNTP Poll Requests Total number of SNTP poll requests.

14-30

Logging and Network Management

set sntp client

Table 14-7

show sntp Output Details (Continued)

Output Field

What It Displays...

Last SNTP Update

Date and time of most recent SNTP update.

Last SNTP Request

Date and time of most recent SNTP request.

Last SNTP Status

Whether or not broadcast reception or unicast transmission and reception was

successful.

SNTP-Server

IP address(es) of SNTP server(s).

Precedence

Precedence level of SNTP server in relation to its peers. Highest precedence is 1

and lowest is 10. Default of 1 can be reset using the set sntp server command (set
sntp server on page 14-32).

Status

Whether or not the SNTP server is active.

set sntp client

UsethiscommandtosettheSNTPoperationmode.

Syntax
set sntp client {broadcast | unicast | disable}

Parameters
broadcast

EnablesSNTPinbroadcastclientmode.

unicast

EnablesSNTPinunicast(pointtopoint)clientmode.Inthismode,the
clientmustsupplytheIPaddressfromwhichtoretrievethecurrenttime.

disable

DisablesSNTP.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoenableSNTPinbroadcastmode:
B5(su)->set sntp client broadcast

clear sntp client

UsethiscommandtocleartheSNTPclientsoperationalmode.

Syntax
clear sntp client

Parameters
None.

Enterasys B5 CLI Reference

14-31

set sntp server

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtocleartheSNTPclientsoperationalmode:
B5(su)->clear sntp client

set sntp server

UsethiscommandtoaddaserverfromwhichtheSNTPclientwillretrievethecurrenttimewhen
operatinginunicastmode.Upto10serverscanbesetasSNTPservers.

Syntax
set sntp server ip-address [precedence]

Parameters
ipaddress

SpecifiestheSNTPserversIPaddress.

precedence

(Optional)SpecifiesthisSNTPserversprecedenceinrelationtoitspeers.
Validvaluesare1(highest)to10(lowest).

Defaults
Ifprecedenceisnotspecified,1willbeapplied.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtosettheserveratIPaddress10.21.1.100 asan SNTPserver:
B5(su)->set sntp server 10.21.1.100

clear sntp server

UsethiscommandtoremoveoneorallserversfromtheSNTPserverlist.

Syntax
clear sntp server {ip-address | all}

Parameters

14-32

ipaddress

SpecifiestheIPaddressofaservertoremovefromtheSNTPserverlist.

all

RemovesallserversfromtheSNTPserverlist.

Logging and Network Management

set sntp poll-interval

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoremovetheserveratIPaddress10.21.1.100 fromtheSNTPserverlist:
B5(su)->clear sntp server 10.21.1.100

set sntp poll-interval

UsethiscommandtosetthepollintervalbetweenSNTPunicastrequests.

Syntax
set sntp poll-interval value

Parameters
value

Thepollintervalis2tothepowerofvalueinseconds,wherevaluecanrange
from6to10.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtosettheSNTPpollintervalto64seconds:
B5(su)->set sntp poll-interval 6

clear sntp poll-interval

UsethiscommandtoclearthepollintervalbetweenunicastSNTPrequests.

Syntax
clear sntp poll-interval

Parameters
None.

Defaults
None.

Enterasys B5 CLI Reference

14-33

set sntp poll-retry

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtocleartheSNTPpollinterval:
B5(su)->clear sntp poll-interval

set sntp poll-retry

UsethiscommandtosetthenumberofpollretriestoaunicastSNTPserver.

Syntax
set sntp poll-retry retry

Parameters
retry

Specifiesthenumberofretries.Validvaluesare0to10.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtosetthenumberofSNTPpollretriesto5:
B5(su)->set sntp poll-retry 5

clear sntp poll-retry

UsethiscommandtoclearthenumberofpollretriestoaunicastSNTPserver.

Syntax
clear sntp poll-retry

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

14-34

Logging and Network Management

set sntp poll-timeout

Example
ThisexampleshowshowtoclearthenumberofSNTPpollretries:
B5(su)->clear sntp poll-retry

set sntp poll-timeout

Usethiscommandtosetthepolltimeout(inseconds)foraresponsetoaunicastSNTPrequest.

Syntax
set sntp poll-timeout timeout

Parameters
timeout

Specifiesthepolltimeoutinseconds.Validvaluesare1to30.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtosettheSNTPpolltimeoutto10seconds:
B5(su)->set sntp poll-timeout 10

clear sntp poll-timeout

UsethiscommandtocleartheSNTPpolltimeout.

Syntax
clear sntp poll-timeout

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtocleartheSNTPpolltimeout:
B5(su)->clear sntp poll-timeout

Enterasys B5 CLI Reference

14-35

set timezone

set timezone
UsethiscommandtoconfigurethecurrenttimezoneasanoffsetfromUTC.

Syntax
set timezone name [hours] [minutes]

Parameters
name

Thenameofthetimezone.Typically,thisnameisastandard
abbreviationsuchasEST(EasternStandardTime)orEDT(Eastern
DaylightTime).

hours

(Optional)SpecifiestheoffsetinhoursfromUTC.Thevaluecanrange
from13to13.Thedefaultis0hours.

minutes

(Optional)SpecifiesadditionaloffsetinminutesfromUTC.Thevalue
canrangefrom0to59.Thedefaultis0minutes.

Defaults
Ifyouenteratimezonenamewithoutspecifyinganoffsetinhoursandminutes,thedefaultisan
offsetfromUTCof0hoursand0minutes.

Mode
Switchcommand,readwrite.

Usage
Typically,thiscommandisusedtoconfigurethelocaltimezoneoffsetfromUTC(UniveralTime)
whenSNTPisusedtosynchronizethetimeusedbydevicesonthenetwork.
TodisplaythecurrenttimezonesettingusedbySNTP,usetheshowsntpcommand.Toclearan
existingoffsettozero,enterthecommandwithoutspecifyinganyhoursorminutes.
StandardtimezonenamesandoffsetscanbefoundatthefollowingURL,amongothers:
http://www.timeanddate.com/library/abbreviations/timezones/

Example
ThefollowingexamplesetsthetimezonenametoESTandtheoffsettoNorthAmericanEastern
StandardTimeoffsetof5hoursfromUTC,thendisplaysthetimezoneusedwithSNTP.
B5(su)->set timezone EST -5
B5(su)->show sntp
SNTP Version: 3
Current Time: WED JUL 16 11:35:52 2008
Timezone: 'EST' offset from UTC is -5 hours and 0 minutes
Client Mode: unicast
Broadcast Count: 0
Poll Interval: 6 (64 seconds)
Poll Retry: 1
Poll Timeout: 5 seconds
SNTP Poll Requests: 2681
Last SNTP Update: WED JUL 16 16:35:23 2008
Last SNTP Request: WED JUL 16 16:35:23 2008
Last SNTP Status: Success

14-36

Logging and Network Management

show sntp interface

SNTP-Server
Precedence
Status
------------------------------------------192.255.255.254
2
Active

show sntp interface

UsethiscommandtodisplaytheinterfaceusedforthesourceIPaddressoftheSNTPclient.

Syntax
show sntp interface

Parameters
None.

Defaults
None.

Mode
Switchmode,readonly.

Example
Thisexampledisplaystheoutputofthiscommand.Inthiscase,theIPaddressassignedto
loopbackinterface1willbeusedasthesourceIPaddressoftheSNTPclient.
B5(rw)->show sntp interface
loopback 1

192.168.10.1

set sntp interface

UsethiscommandtospecifytheinterfaceusedforthesourceIPaddressoftheSNTPclient.

Syntax
set sntp interface {loopback loop-ID | vlan vlan-ID}

Parameters
loopbackloopID

Specifiestheloopbackinterfacetobeused.ThevalueofloopIDcan
rangefrom0to7.

vlanvlanID

SpecifiestheVLANinterfacetobeused.ThevalueofvlanIDcanrange
from1to4093.

Defaults
None.

Mode
Switchcommand,readwrite.

Enterasys B5 CLI Reference

14-37

clear sntp interface

Usage
ThiscommandallowsyoutoconfigurethesourceIPaddressusedbytheSNTPapplicationwhen
generatingpacketsformanagementpurposes.Anyofthemanagementinterfaces,including
VLANroutinginterfaces,canbeconfiguredasthesourceIPaddressusedinpacketsgeneratedby
theSNTPclient.
AninterfacemusthaveanIPaddressassignedtoitbeforeitcanbesetbythiscommand.
Ifnointerfaceisspecified,thentheIPaddressoftheHostinterfacewillbeused.
Ifanonloopbackinterfaceisconfiguredwiththiscommand,applicationpacketegressis
restrictedtothatinterfaceiftheservercanbereachedfromthatinterface.Otherwise,thepackets
aretransmittedoverthefirstavailableroute.Packetsfromtheapplicationserverarereceivedon
theconfiguredinterface.
Ifaloopbackinterfaceisconfigured,andtherearemultiplepathstotheapplicationserver,the
outgoinginterface(gateway)isdeterminedbasedonthebestroutelookup.Packetsfromthe
applicationserverarethenreceivedonthesendinginterface.Ifrouteredundancyisrequired,
therefore,aloopbackinterfaceshouldbeconfigured.

Example
ThisexampleconfiguresanIPaddressonVLANinterface100andthensetsthatinterfaceasthe
SNTPclientsourceIPaddress.
B5(rw)->router(Config-if(Vlan 100))#ip address 192.168.10.1 255.255.255.0
B5(rw)->router(Config-if(Vlan 100))#exit
B5(rw)->router(Config)#exit
B5(rw)->router#exit
B5(rw)->router>exit
B5(rw)->set sntp interface vlan 100

B5(rw)->show sntp interface

vlan 100

192.168.10.1

clear sntp interface

UsethiscommandtocleartheinterfaceusedforthesourceIPaddressoftheSNTPclientbackto
thedefaultoftheHostinterface.

Syntax
clear sntp interface

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

14-38

Logging and Network Management

Configuring Node Aliases

Example
ThiscommandreturnstheinterfaceusedforthesourceIPaddressoftheSNTPclientbacktothe
defaultoftheHostinterface.
B5(rw)->show sntp interface
vlan 100

192.168.10.1

B5(rw)->clear sntp interface

B5(rw)->

Configuring Node Aliases

ThenodealiasfeatureenablesadministratorstodeterminetheMACaddressandlocationofa
givenendstation(ornode)usingthenodesLayer3aliasinformation(IPaddress)asakey.With
thismethod,itispossibletodeterminethat,forinstance,IPaddress123.145.2.23islocatedon
switch5port3.
Thepassiveaccumulationofanetworksnode/aliasinformationisaccomplishedbysnooping
onthecontentsofnetworktrafficasitpassesthroughtheswitchfabric.
IntheB5,nodedataisautomaticallyaccumulatedintothectaliasmib,andbydefaultthisfeature
isenabled.TheNetSightConsoleCompassutilityandAutomatedSecurityManager(ASM)use
theinformationinthenode/aliasMIBtable.
Itsimportanttomakesurethatinterswitchlinksarenotlearningnode/aliasinformation,asit
wouldslowdownsearchesbytheNetSightCompassandASMtoolsandgiveinaccurateresults.

Purpose
Toreview,disable,andreenablenode(port)aliasfunctionalityontheswitch.

Commands
For information about...

Refer to page...

show nodealias config

14-39

set nodealias

14-40

clear nodealias config

14-41

show nodealias config

Usethiscommandtodisplaynodealiasconfigurationsettingsononeormoreports.

Syntax
show nodealias config [port-string]

Parameters
portstring

(Optional)Displaysnodealiasconfigurationsettingsforspecificport(s).

Enterasys B5 CLI Reference

14-39

set nodealias

Defaults
Ifportstringisnotspecified,nodealiasconfigurationswillbedisplayedforallports.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaynodealiasconfigurationsettingsforportsge.2.1through9:
B5(rw)->show nodealias config ge.2.1-9
Port Number
Max Entries
--------------------ge.2.1
16
ge.2.2
47
ge.2.3
47
ge.2.4
47
ge.2.5
47
ge.2.6
47
ge.2.7
47
ge.2.8
47
ge.2.9
4000

Used Entries
-----------0
0
2
0
0
2
0
0
1

Status
-----Enable
Enable
Enable
Enable
Enable
Enable
Enable
Enable
Enable

Table 148providesanexplanationofthecommandoutput.
Table 14-8

show nodealias config Output Details

Output Field

What It Displays...

Port Number

Port designation.

Max Entries

Maximum number of alias entries configured for this port.

Used Entries

Number of alias entries (out of the maximum amount configured) already used by
this port.

Status

Whether or not a node alias agent is enabled (default) or disabled on this port.

set nodealias
Usethiscommandtoenableordisableanodealiasagentononeormoreports,orsetthe
maximumnumberofaliasentriesstoredperport.

Syntax
set nodealias {enable | disable | maxentries maxentries} port-string

Parameters

14-40

enable|disable

Enablesordisablesanodealiasagent.

maxentriesmaxentries

Setthemaximumnumberofaliasentriesstoredperport.Validrange
is0to4096.Thedefaultvalueis32.

portstring

Specifiestheport(s)onwhichtoenable/disablenodealiasagentorset
amaximumnumberofstoredentries.

Logging and Network Management

clear nodealias config

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
Uponpacketreception,nodealiasesaredynamicallyassignedtoportsenabledwithanalias
agent,whichisthedefaultsettingonEnterasysB5devices.Nodealiasescannotbestatically
created,butcanbedeletedusingthecommandclearnodealiasconfig(page 1441).
Itsimportanttomakesurethatinterswitchlinksarenotlearningnode/aliasinformation,asit
wouldslowdownsearchesbytheNetSightCompassandASMtoolsandgiveinaccurateresults.

Example
Thisexampleshowshowtodisablethenodealiasagentonge.1.3:
B5(su)->set nodealias disable ge.1.3

clear nodealias config

Usethiscommandtoresetnodealiasstatetoenabledandclearthemaximumentriesvalue.

Syntax
clear nodealias config port-string

Parameters
portstring

Specifiestheport(s)onwhichtoresetthenodealiasconfiguration.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoresetthenodealiasconfigurationonge.1.3:
B5(su)->clear nodealias config ge.1.3

Enterasys B5 CLI Reference

14-41

clear nodealias config

14-42

Logging and Network Management

15
RMON Configuration
ThischapterdescribesthecommandsusedtoconfigureRMONonaEnterasysB5switch.
For information about...

Refer to page...

RMON Monitoring Group Functions

15-1

Design Considerations

15-2

Statistics Group Commands

15-3

History Group Commands

15-6

Alarm Group Commands

15-9

Event Group Commands

15-13

Filter Group Commands

15-17

Packet Capture Commands

15-22

RMON Monitoring Group Functions

RMON(RemoteNetworkMonitoring)providescomprehensivenetworkfaultdiagnosis,
planning,andperformancetuninginformationandallowsforinteroperabilitybetweenSNMP
managementstationsandmonitoringagents.RMONextendstheSNMPMIBcapabilityby
definingadditionalMIBsthatgenerateamuchrichersetofdataaboutnetworkusage.TheseMIB
groupseachgatherspecificsetsofdatatomeetcommonnetworkmonitoringrequirements.
Table 151liststheRMONmonitoringgroupssupportedonEnterasysB5devices,eachgroups
functionandtheelementsitmonitors,andtheassociatedconfigurationcommandsneeded.
Table 15-1
RMON
Group
Statistics

RMON Monitoring Group Functions and Commands

What It Does...

What It Monitors...

CLI Command(s)

Records statistics
measured by the RMON
probe for each monitored
interface on the device.

Packets dropped, packets

sent, bytes sent (octets),
broadcast and multicast
packets, CRC errors,
oversized and undersized
packets, fragments, jabbers,
and counters for packets.

show rmon stats on

page 15-4
set rmon stats on
page 15-4
clear rmon stats on
page 15-5

Enterasys B5 CLI Reference

15-1

Design Considerations

Table 15-1
RMON
Group
History

RMON Monitoring Group Functions and Commands (Continued)

What It Does...

What It Monitors...

CLI Command(s)

Records periodic statistical

samples from a network.

Sample period, number of

samples and item(s) sampled.

show rmon history on

page 15-6
set rmon history on
page 15-7
clear rmon history on
page 15-7

Alarm

Event

Periodically gathers
statistical samples from
variables in the probe and
compares them with
previously configured
thresholds. If the monitored
variable crosses a
threshold, an event is
generated.

Alarm type, interval, starting

threshold, stop threshold.

Controls the generation and

notification of events from
the device.

Event type, description, last

time event was sent.

show rmon alarm on

page 15-9
set rmon alarm properties
on page 15-10
set rmon alarm status on
page 15-11
clear rmon alarm on
page 15-12
show rmon event on
page 15-13
set rmon event properties
on page 15-14
set rmon event status on
page 15-15
clear rmon event on
page 15-15

Filter

Allows packets to be
matched by a filter
equation. These matched
packets form a data stream
or channel that may be
captured.

Packets matching the filter

configuration.

Packet
Capture

Allows packets to be
captured upon a filter
match.

Packets matching the filter

configuration.

show rmon capture on

page 15-22
set rmon capture on
page 15-23
clear rmon capture on
page 15-24

Design Considerations
TheB5supportsRMONPacketCapture/FilterSamplingthroughboththeCLIandMIBs,butwith
thefollowingconstraints:

15-2

RMON Configuration

Statistics Group Commands

RMONPacketCapture/FilterSamplingandPortMirroringcannotbeenabledonthesame
interfaceconcurrently.

Youcancaptureatotalof100packetsonaninterface,nomoreandnoless.

Thecapturedframeswillbeasclosetosequentialasthehardwarewillallow.

Onlyoneinterfacecanbeconfiguredforcapturingatatime.

Once100frameshavebeencapturedbythehardware,theapplicationwillstopwithout
manualintervention.

AsdescribedintheMIB,thefilterisonlyappliedaftertheframeiscaptured,thusonlya
subsetoftheframescapturedwillbeavailablefordisplay.

ThereisonlyoneBufferControlEntrysupported.

Duetothelimitationsofthehardware,theBufferControlEntrytablewillhavelimitsonafew
ofitselements:

MaxOctetsRequestedcanonlybesettothevalue1whichindicatestheapplicationwill
captureasmanypacketsaspossiblegivenitsrestrictions.

CaptureSliceSizecanonlybesetto1518.

TheFullActionelementcanonlybesettolocksincethedevicedoesnotsupport
wrappingthecapturebuffer.

Duetohardwarelimitations,theonlyframeerrorcountedisoversizedframes.

TheapplicationdoesnotsupportEvents.Therefore,thefollowingelementsoftheChannel
EntryTablearenotsupported:TurnOnEventIndex,TurnOffEventIndex,EventIndex,and
EventStatus.

ThereisonlyoneChannelEntryavailableatatime.

ThereareonlythreeFilterEntriesavailable,andausercanassociateallthreeFilterEntries
withtheChannelEntry.

Configuredchannel,filter,andbufferinformationwillbesavedacrossresets,butnotframes
withinthecapturebuffer.

Statistics Group Commands

Purpose
Todisplay,configure,andclearRMONstatistics.

Note: Due to hardware limitations, the only frame error counted is oversized frames.

Commands
For information about...

Refer to page...

show rmon stats

15-4

set rmon stats

15-4

clear rmon stats

15-5

Enterasys B5 CLI Reference

15-3

show rmon stats

UsethiscommandtodisplayRMONstatisticsmeasuredforoneormoreports.

Syntax
show rmon stats [port-string]

Parameters
portstring

(Optional)DisplaysRMONstatisticsforspecificport(s).

Defaults
Ifportstringisnotspecified,RMONstatswillbedisplayedforallports.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayRMONstatisticsforGigabitEthernetport1inswitch1.
:

B5(su)->show rmon stats ge.1.1

Port: ge.1.1
------------------------------------Index
= 1
Owner
= monitor
Data Source
= ifIndex.1
Drop Events
Collisions
Jabbers
Broadcast Pkts
Multicast Pkts
CRC Errors
Undersize Pkts
Oversize Pkts
Fragments

=
=
=
=
=
=
=
=
=

0
0
0
0
0
0
0
0
0

Packets
Octets
0
64
65
- 127
128 - 255
256 - 511
512 - 1023
1024 - 1518

Octets
Octets
Octets
Octets
Octets
Octets

=
=
=
=
=
=
=
=

0
0
0
0
0
0
0
0

Table 152providesanexplanationofthecommandoutput.

set rmon stats

UsethiscommandtoconfigureanRMONstatisticsentry.

Syntax
set rmon stats index port-string [owner]

Parameters

15-4

index

Specifiesanindexforthisstatisticsentry.

portstring

Specifiesport(s)towhichthisentrywillbeassigned.

owner

(Optional)Assignsanownerforthisentry.

RMON Configuration

clear rmon stats

Defaults
Ifownerisnotspecified,monitorwillbeapplied.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoconfigureRMONstatisticsentry2forge.1.20:
B5(rw)->set rmon stats 2 ge.1.20

clear rmon stats

UsethiscommandtodeleteoneormoreRMONstatisticsentries.

Syntax
clear rmon stats {index-list | to-defaults}

Parameters
indexlist

Specifiesoneormorestatsentriestobedeleted,causingthemtodisappear
fromanyfutureRMONqueries.

todefaults

Resetsallhistoryentriestodefaultvalues.Thiswillcauseentriesto
reappearinRMONqueries.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtodeleteRMONstatisticsentry2:
B5(rw)->clear rmon stats 2

Enterasys B5 CLI Reference

15-5

History Group Commands

Purpose
Todisplay,configure,andclearRMONhistorypropertiesandstatistics.

Commands
For information about...

Refer to page...

show rmon history

15-6

set rmon history

15-7

clear rmon history

15-7

show rmon history

UsethiscommandtodisplayRMONhistorypropertiesandstatistics.TheRMONhistorygroup
recordsperiodicstatisticalsamplesfromanetwork.

Syntax
show rmon history [port-string]

Parameters
portstring

(Optional)DisplaysRMONhistoryentriesforspecificport(s).

Defaults
Ifportstringisnotspecified,informationaboutallRMONhistoryentrieswillbedisplayed.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayRMONhistoryentriesforGigabitEthernetport1inswitch1.
Acontrolentrydisplaysfirst,followedbyactualentriescorrespondingtothecontrolentry.Inthis
case,thedefaultsettingsforentryowner,samplinginterval,andmaximumnumberofentries.
(buckets)havenotbeenchangedfromtheirdefaultvalues.Foradescriptionofthetypesof
statisticsshown,refertoTable 152.
:

B5(su)->show rmon history ge.1.1

Port: ge.1.1
------------------------------------Index 1
Owner
= monitor
Status
= valid
Data Source
= ifIndex.1
Interval
= 30
Buckets Requested = 50
Buckets Granted
= 10

15-6

RMON Configuration

set rmon history

Sample 2779
Drop Events
Octets
Packets
Broadcast Pkts
Multicast Pkts
CRC Align Errors

=
=
=
=
=
=

Interval Start: 1 days 0 hours 2 minutes 22 seconds

0
Undersize Pkts
= 0
0
Oversize Pkts
= 0
0
Fragments
= 0
0
Jabbers
= 0
0
Collisions
= 0
0
Utilization(%)
= 0

set rmon history

UsethiscommandtoconfigureanRMONhistoryentry.

Syntax
set rmon history index [port-string] [buckets buckets] [interval interval] [owner
owner]

Parameters
indexlist

Specifiesanindexnumberforthisentry.

portstring

(Optional)Assignsthisentrytoaspecificport.

bucketsbuckets

(Optional)Specifiesthemaximumnumberofentriestomaintain.

intervalinterval

(Optional)Specifiesthesamplingintervalinseconds.

ownerowner

(Optional)Specifiesanownerforthisentry.

Defaults
Ifbucketsisnotspecified,themaximumnumberofentriesmaintainedwillbe50.
Ifnotspecified,intervalwillbesetto30seconds.
Ifownerisnotspecified,monitorwillbeapplied.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowconfigureRMONhistoryentry1onportge.2.1tosampleevery20
seconds:
B5(rw)->set rmon history 1 ge.2.1 interval 20

clear rmon history

UsethiscommandtodeleteoneormoreRMONhistoryentriesorresetoneormoreentriesto
defaultvalues.Forspecificvalues,refertosetrmonhistoryonpage 157.

Syntax
clear rmon history {index-list | to-defaults}

Enterasys B5 CLI Reference

15-7

clear rmon history

Parameters
indexlist

Specifiesoneormorehistoryentriestobedeleted,causingthemto
disappearfromanyfutureRMONqueries.

todefaults

Resetsallhistoryentriestodefaultvalues.Thiswillcauseentriesto
reappearinRMONqueries.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtodeleteRMONhistoryentry1:
B5(rw)->clear rmon history 1

15-8

RMON Configuration

Alarm Group Commands

Purpose
Todisplay,configure,andclearRMONalarmentriesandproperties.

Commands
For information about...

Refer to page...

show rmon alarm

15-9

set rmon alarm properties

15-10

set rmon alarm status

15-11

clear rmon alarm

15-12

show rmon alarm

UsethiscommandtodisplayRMONalarmentries.TheRMONalarmgroupperiodicallytakes
statisticalsamplesfromRMONvariablesandcomparesthemwithpreviouslyconfigured
thresholds.IfthemonitoredvariablecrossesathresholdanRMONeventisgenerated.

Syntax
show rmon alarm [index]

Parameters
index

(Optional)DisplaysRMONalarmentriesforaspecificentryindexID.

Defaults
Ifindexisnotspecified,informationaboutallRMONalarmentrieswillbedisplayed.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayRMONalarmentry3:
B5(rw)->show rmon alarm 3
Index 3
--------------------Owner
=
Status
=
Variable
=
Sample Type
=
Interval
=
Rising Threshold
=
Rising Event Index =

Manager
valid
1.3.6.1.4.1.5624.1.2.29.1.2.1.0
delta
Startup Alarm
30
Value
1
Falling Threshold
2
Falling Event Index

=
=
=
=

rising
0
0
0

Table 152providesanexplanationofthecommandoutput.
Enterasys B5 CLI Reference

15-9

set rmon alarm properties

Table 15-2

show rmon alarm Output Details

Output Field

What It Displays...

Index

Index number for this alarm entry.

Owner

Text string identifying who configured this entry.

Status

Whether this event entry is enabled (valid) or disabled.

Variable

MIB object to be monitored.

Sample Type

Whether the monitoring method is an absolute or a delta sampling.

Startup Alarm

Whether alarm generated when this entry is first enabled is rising, falling, or either.

Interval

Interval in seconds at which RMON will conduct sample monitoring.

Rising Threshold

Minimum threshold for causing a rising alarm.

Falling Threshold

Maximum threshold for causing a falling alarm.

Rising Event Index

Index number of the RMON event to be triggered when the rising threshold is
crossed.

Falling Event Index

Index number of the RMON event to be triggered when the falling threshold is
crossed.

set rmon alarm properties

UsethiscommandtoconfigureanRMONalarmentry,ortocreateanewalarmentrywithan
unusedalarmindexnumber.

Syntax
set rmon alarm properties index [interval interval] [object object] [type
{absolute | delta}] [startup {rising | falling | either}] [rthresh rthresh]
[fthresh fthresh] [revent revent] [fevent fevent] [owner owner]

Parameters
index

Specifiesanindexnumberforthisentry.Maximumnumberorentriesis
50.Maximumvalueis65535.

intervalinterval

(Optional)Specifiesaninterval(inseconds)forRMONtoconductsample
monitoring.

objectobject

(Optional)SpecifiesaMIBobjecttobemonitored.
Note: This parameter is not mandatory for executing the command, but
must be specified in order to enable the alarm entry configuration.

typeabsolute|
delta

15-10

RMON Configuration

(Optional)Specifiesthemonitoringmethodas:samplingtheabsolute
valueoftheobject,orthedifference(delta)betweenobjectsamples.

set rmon alarm status

startuprising|
falling|either

(Optional)Specifiesthetypeofalarmgeneratedwhenthiseventisfirst
enabledas:

RisingSendsalarmwhenanRMONeventreachesamaximum
thresholdconditionisreached,forexample,morethan30collisions
persecond.

FallingSendsalarmwhenRMONeventfallsbelowaminimum
thresholdcondition,forexamplewhenthenetworkisbehaving
normallyagain.

EitherSendsalarmwheneitherarisingorfallingthresholdis
reached.

rthreshrthresh

(Optional)Specifiesaminimumthresholdforcausingarisingalarm.

fthreshfthresh

Specifiesamaximumthresholdforcausingafallingalarm.

reventrevent

SpecifiestheindexnumberoftheRMONeventtobetriggeredwhenthe
risingthresholdiscrossed.

feventfevent

SpecifiestheindexnumberoftheRMONeventtobetriggeredwhenthe
fallingthresholdiscrossed.

ownerowner

(Optional)Specifiesthenameoftheentitythatconfiguredthisalarm
entry.

Defaults
interval3600seconds
typeabsolute
startuprising
rthresh0
fthresh0
revent0
fevent0
ownermonitor

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoconfigurearisingRMONalarm.Thisentrywillconductmonitoring
ofthedeltabetweensamplesevery30seconds:
B5(rw)->set rmon alarm properties 3 interval 30 object
1.3.6.1.4.1.5624.1.2.29.1.2.1.0 type delta rthresh 1 revent 2 owner Manager

set rmon alarm status

UsethiscommandtoenableanRMONalarmentry.Analarmisanotificationthatastatistical
sampleofamonitoredvariablehascrossedaconfiguredthreshold.

Syntax
set rmon alarm status index enable
Enterasys B5 CLI Reference

15-11

clear rmon alarm

Parameters
index

Specifiesanindexnumberforthisentry.Maximumnumberorentriesis
50.Maximumvalueis65535.

enable

Enablesthisalarmentry.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
AnRMONalarmentrycanbecreatedusingthiscommand,configuredusingthesetrmonalarm
propertiescommand(setrmonalarmpropertiesonpage 1510),thenenabledusingthis
command.AnRMONalarmentrycanbecreatedandconfiguredatthesametimebyspecifying
anunusedindexwiththesetrmonalarmpropertiescommand.

Example
ThisexampleshowshowtoenableRMONalarmentry3:
B5(rw)->set rmon alarm status 3 enable

clear rmon alarm

UsethiscommandtodeleteanRMONalarmentry.

Syntax
clear rmon alarm index

Parameters
index

Specifiestheindexnumberofentrytobecleared.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoclearRMONalarmentry1:
B5(rw)->clear rmon alarm 1

15-12

RMON Configuration

Event Group Commands

Purpose
TodisplayandclearRMONevents,andtoconfigureRMONeventproperties.

Commands
For information about...

Refer to page...

show rmon event

15-13

set rmon event properties

15-14

set rmon event status

15-15

clear rmon event

15-15

show rmon event

UsethiscommandtodisplayRMONevententryproperties.

Syntax
show rmon event [index]

Parameters
index

(Optional)DisplaysRMONpropertiesandlogentriesforaspecificentry
indexID.

Defaults
Ifindexisnotspecified,informationaboutallRMONentrieswillbedisplayed.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayRMONevententry3:
B5(rw)->show rmon event 3
Index 3
---------------Owner
=
Status
=
Description
=
Type
=
Community
=
Last Time Sent =

Manager
valid
STP Topology change
log-and-trap
public
0 days 0 hours 0 minutes 37 seconds

Table 153providesanexplanationofthecommandoutput.

Enterasys B5 CLI Reference

15-13

set rmon event properties

Table 15-3

show rmon event Output Details

Output Field

What It Displays...

Index

Index number for this event entry.

Owner

Text string identifying who configured this entry.

Status

Whether this event entry is enabled (valid) or disabled.

Description

Text string description of this event.

Type

Whether the event notification will be a log entry, and SNMP trap, both, or none.

Community

SNMP community name if message type is set to trap.

Last Time Sent

When an event notification matching this entry was sent.

set rmon event properties

UsethiscommandtoconfigureanRMONevententry,ortocreateanewevententrywithan
unusedeventindexnumber.

Syntax
set rmon event properties index [description description] [type {none | log | trap
| both}] [community community] [owner owner]

Parameters
index

Specifiesanindexnumberforthisentry.Maximumnumberofentriesis
100.Maximumvalueis65535.

description
description

(Optional)Specifiesatextstringdescriptionofthisevent.

typenone|log|
trap|both

(Optional)SpecifiesthetypeofRMONeventnotificationas:none,alog
tableentry,anSNMPtrap,orbothalogentryandatrapmessage.

community
community

(Optional)SpecifiesanSNMPcommunitynametouseifthemessage
typeissettotrap.FordetailsonsettingSNMPtrapsandcommunity
names,refertoCreatingaBasicSNMPTrapConfigurationon
page 836.

ownerowner

(Optional)Specifiesthenameoftheentitythatconfiguredthisentry.

Defaults
Ifdescriptionisnotspecified,nonewillbeapplied.
Ifnotspecified,typenonewillbeapplied.
Ifownerisnotspecified,monitorwillbeapplied.

Mode
Switchcommand,readwrite.

15-14

RMON Configuration

set rmon event status

Example
ThisexampleshowshowtocreateandenableanRMONevententrycalledSTPtopology
changethatwillsendbothalogentryandanSNMPtrapmessagetothepubliccommunity:
B5(rw)->set rmon event properties 2 description "STP topology change" type both
community public owner Manager

set rmon event status

UsethiscommandtoenableanRMONevententry.Anevententrydescribestheparametersofan
RMONeventthatcanbetriggered.EventscanbefiredbyRMONalarmsandcanbeconfiguredto
createalogentry,generateatrap,orboth.

Syntax
set rmon event status index enable

Parameters
index

Specifiesanindexnumberforthisentry.Maximumnumberofentriesis
100.Maximumvalueis65535.

enable

Enablesthisevententry.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
AnRMONevententrycanbecreatedusingthiscommand,configuredusingthesetrmonevent
propertiescommand(setrmoneventpropertiesonpage 1514),thenenabledusingthis
command.AnRMONevententrycanbecreatedandconfiguredatthesametimebyspecifyingan
unusedindexwiththesetrmoneventpropertiescommand.

Example
ThisexampleshowshowtoenableRMONevententry1:
B5(rw)->set rmon event status 1 enable

clear rmon event

UsethiscommandtodeleteanRMONevententryandanyassociatedlogentries.

Syntax
clear rmon event index

Parameters
index

Specifiestheindexnumberoftheentrytobecleared.

Enterasys B5 CLI Reference

15-15

clear rmon event

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoclearRMONevent1:
B5(rw)->clear rmon event 1

15-16

RMON Configuration

Filter Group Commands

Thepacketcaptureandfilterfunctionisdisabledbydefault.Onlyoneinterfacecanbeconfigured
forcapturingandfilteringatatime.
Whenpacketcaptureisenabledonaninterface,theEnterasysB5switchwillcapture100framesas
closetosequentiallyaspossible.These100frameswillbeplacedintoabufferforinspection.If
thereisdatainthebufferwhenthefunctionisstarted,thebufferwillbeoverwritten.Once100
frameshavebeencaptured,thecapturewillstop.Filteringwillbeperformedontheframes
capturedinthebuffer.Therefore,onlyasubsetoftheframescapturedwillbeavailablefordisplay.

Note: Packet capture is sampling only and does not guarantee receipt of back to back packets.

Onechannelatatimecanbesupported,withuptothreefilters.Configuredchannel,filter,and
buffercontrolinformationwillbesavedacrossresets,butcapturedframeswithinthebufferwill
notbesaved.
Thisfunctioncannotbeusedconcurrentlywithportmirroring.Thesystemwillchecktoprevent
concurrentlyenablingbothfunctions,andawarningwillbegeneratedintheCLIifattempted.

Commands
For information about...

Refer to page...

show rmon channel

15-17

set rmon channel

15-18

clear rmon channel

15-19

show rmon filter

15-19

set rmon filter

15-20

clear rmon filter

15-21

show rmon channel

UsethiscommandtodisplayRMONchannelentriesforoneormoreports.

Syntax
show rmon channel [port-string]

Parameters
portstring

(Optional)DisplaysRMONchannelentriesforaspecificport(s).

Defaults
Ifportstringisnotspecified,informationaboutallchannelswillbedisplayed.

Mode
Switchcommand,readonly.

Enterasys B5 CLI Reference

15-17

set rmon channel

UsethiscommandtoconfigureanRMONchannelentry.

Syntax
set rmon channel index port-string [accept {matched | failed}] [control {on | off}]
[description description] [owner owner]

Parameters
index

Specifiesanindexnumberforthisentry.Anentrywillautomaticallybe
createdifanunusedindexnumberischosen.Maximumnumberof
entriesis2.Maximumvalueis65535.

portstring

Specifiestheportonwhichtrafficwillbemonitored.

acceptmatched|
failed

(Optional)Specifiestheactionofthefiltersonthischannelas:

matchedPacketswillbeacceptedonfiltermatches

failedPacketswillbeacceptediftheyfailamatch

controlon|off

(Optional)Enablesordisablescontroloftheflowofdatathroughthe
channel.

description
description

(Optional)Specifiesadescriptionforthischannel.

ownerowner

(Optional)Specifiesthenameoftheentitythatconfiguredthisentry.

Defaults
Ifanactionisnotspecified,packetswillbeacceptedonfiltermatches.
Ifnotspecified,controlwillbesettooff.
Ifadescriptionisnotspecified,nonewillbeapplied.
Ifownerisnotspecified,itwillbesettomonitor.

Mode
Switchcommand,readwrite.

15-18

RMON Configuration

clear rmon channel

Example
ThisexampleshowshowtocreateanRMONchannelentry:
B5(rw)->set rmon channel 54313 ge.2.12 accept failed control on description
"capture all"

clear rmon channel

UsethiscommandtoclearanRMONchannelentry.

Syntax
clear rmon channel index

Parameters
index

Specifiesthechannelentrytobecleared.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoclearRMONchannelentry2:
B5(rw)->clear rmon channel 2

show rmon filter

UsethiscommandtodisplayoneormoreRMONfilterentries.

Syntax
show rmon filter [index index | channel channel]

Parameters
indexindex|
channelchannel

(Optional)Displaysinformationaboutaspecificfilterentry,oraboutall
filterswhichbelongtoaspecificchannel.

Defaults
Ifnooptionsarespecified,informationforallfilterentrieswillbedisplayed.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayallRMONfilterentriesandchannelinformation:

Enterasys B5 CLI Reference

15-19

set rmon filter

B5(rw)->show rmon filter

Index= 55508
Channel Index= 628
EntryStatus= valid
---------------------------------------------------------Data Offset
0
PktStatus
0
PktStatusMask
0
PktStatusNotMask
0
Owner
ETS,NAC-D
----------------------------Data
ff ff ff ff ff ff
----------------------------DataMask
ff ff ff ff ff ff
----------------------------DataNotMask
00 00 00 00 00 00

set rmon filter

UsethiscommandtoconfigureanRMONfilterentry.

Syntax
set rmon filter index channel-index [offset offset] [status status] [smask smask]
[snotmask snotmask] [data data] [dmask dmask] [dnotmask dnotmask] [owner owner]

Parameters
index

Specifiesanindexnumberforthisentry.Anentrywillautomaticallybe
createdifanunusedindexnumberischosen.Maximumnumberof
entriesis10.Maximumvalueis65535.

channelindex

Specifiesthechanneltowhichthisfilterwillbeapplied.

offsetoffset

(Optional)Specifiesanoffsetfromthebeginningofthepackettolookfor
matches.

statusstatus

(Optional)Specifiespacketstatusbitsthataretobematched.

smasksmask

(Optional)Specifiesthemaskappliedtostatustoindicatewhichbitsare
significant.

snotmasksnotmask

(Optional)Specifiestheinversionmaskthatindicateswhichbitsshould
besetornotset

datadata

(Optional)Specifiesthedatatobematched.

dmaskdmask

(Optional)Specifiesthemaskappliedtodatatoindicatewhichbitsare
significant.

dnotmaskdnotmask

(Optional)Specifiestheinversionmaskthatindicateswhichbitsshould
besetornotset.

owner

(Optional)Specifiesthenameoftheentitythatconfiguredthisentry.

Defaults
Ifownerisnotspecified,itwillbesettomonitor.
Ifnootheroptionsarespecified,none(0)willbeapplied.

15-20

RMON Configuration

clear rmon filter

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtocreateRMONfilter1andapplyittochannel9:
B5(rw)->set rmon filter 1 9 offset 30 data 0a154305 dmask ffffffff

clear rmon filter

UsethiscommandtoclearanRMONfilterentry.

Syntax
clear rmon filter {index index | channel channel}

Parameters
indexindex|
channelchannel

Clearsaspecificfilterentry,orallentriesbelongingtoaspecificchannel.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoclearRMONfilterentry1:
B5(rw)->clear rmon filter index 1

Enterasys B5 CLI Reference

15-21

Packet Capture Commands

Notethatpacketcapturefilterissamplingonlyanddoesnotguaranteereceiptofbacktoback
packets.

Purpose
TodisplayRMONcaptureentries,configure,enable,ordisablecaptureentries,andclearcapture
entries.

Commands
For information about...

Refer to page...

show rmon capture

15-22

set rmon capture

15-23

clear rmon capture

15-24

show rmon capture

UsethiscommandtodisplayRMONcaptureentriesandassociatedbuffercontrolentries.

Syntax
show rmon capture [index [nodata]]

Parameters
index

(Optional)Displaysthespecifiedbuffercontrolentryandallcaptured
packetsassociatedwiththatentry.

nodata

(Optional)Displaysonlythebuffercontrolentryspecifiedbyindex.

Defaults
Ifnooptionsarespecified,allbuffercontrolentriesandassociatedcapturedpacketswillbe
displayed.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayRMONcaptureentriesandassociatedbufferentries:
B5(rw)->show rmon capture
Buf.control= 28062 Channel= 38283
EntryStatus= valid
---------------------------------------------------------FullStatus
avail
FullAction
lock
Captured packets
251
Capture slice
1518
Download size
100
Download offset
0
Max Octet Requested 50000
Max Octet Granted
50000
Start time
1 days 0 hours 51 minutes 15 seconds

15-22

RMON Configuration

set rmon capture

Owner

monitor

captureEntry= 1
Buff.control= 28062
-------------------------------------------Pkt ID
9
Pkt time
1 days 0 hours 51 minutes 15 seconds
Pkt Length 93
Pkt status 0
Data:
00 00 5e 00 01 01 00 01 f4 00 7d ce 08 00 45 00
00 4b b4 b9 00 00 40 11 32 5c 0a 15 43 05 86 8d
bf e5 00 a1 0e 2b 00 37 cf ca 30 2d 02 01 00 04
06 70 75 62 6c 69 63 a2 20 02 02 0c 92 02 01 00
02 01 00 30 14 30 12 06 0d 2b 06 01 02 01 10 07
01 01 0b 81 fd 1c 02 01 01 00 11 0b 00

set rmon capture

UsethiscommandtoconfigureanRMONcaptureentry.

Syntax
set rmon capture index {channel [action {lock}] [slice slice] [loadsize loadsize]
[offset offset] [asksize asksize] [owner owner]}

Parameters
index

Specifiesabuffercontrolentry.

channel

Specifiesthechanneltowhichthiscaptureentrywillbeapplied.

actionlock

(Optional)Specifiestheactionofthebufferwhenitisfullas:

lockPacketswillceasetobeaccepted

sliceslice

(Optional)Specifiesthemaximumoctetsfromeachpackettobesavedin
abuffer.Currently,theonlyvalueallowedis1518.

loadsizeloadsize

(Optional)Specifiesthemaximumoctetsfromeachpackettobe
downloadedfromthebuffer.Thedefaultis100.

offsetoffset

(Optional)Specifiesthefirstoctetfromeachpacketthatwillberetrieved.

asksizeasksize

(Optional)Specifiestherequestedmaximumoctetstobesavedinthis
buffer.Currently,theonlyvalueacceptedis1,whichrequestsasmany
octetsaspossible.

owner

(Optional)Specifiesthenameoftheentitythatconfiguredthisentry.

Defaults
Ifnotspecified,actiondefaultstolock.
Ifnotspecified,offsetdefaultsto0.
Ifnotspecified,asksizedefaultsto1(whichwillrequestasmanyoctetsaspossible).
Ifsliceisnotspecified,1518willbeapplied.
Ifloadsizeisnotspecified,100willbeapplied.
Ifownerisnotspecified,itwillbesettomonitor.

Enterasys B5 CLI Reference

15-23

clear rmon capture

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtocreateRMONcaptureentry1tolistenonchannel628:
B5(rw)->set rmon capture 1 628

clear rmon capture

UsethiscommandtoclearsanRMONcaptureentry.

Syntax
clear rmon capture index

Parameters
index

Specifiesthecaptureentrytobecleared.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoclearRMONcaptureentry1:
B5(rw)->clear rmon capture 1

15-24

RMON Configuration

16
DHCP Server Configuration
ThischapterdescribesthecommandstoconfiguretheIPv4DHCPserverfunctionalityona
EnterasysB5switch.
For information about...

Refer to page...

DHCP Overview

16-1

Configuring General DHCP Server Parameters

16-3

Configuring IP Address Pools

16-12

DHCP Overview
DynamicHostConfigurationProtocol(DHCP)forIPv4isanetworklayerprotocolthat
implementsautomaticormanualassignmentofIPaddressesandotherconfigurationinformation
toclientdevicesbyservers.ADHCPservermanagesauserconfiguredpoolofIPaddressesfrom
whichitcanmakeassignmentsuponclientrequests.ArelayagentpassesDHCPmessages
betweenclientsandserverswhichareondifferentphysicalsubnets.

DHCP Relay Agent

TheDHCP/BOOTPrelayagentfunctioncanbeconfiguredonalloftheEnterasysB5srouting
interfaces.TherelayagentcanforwardaDHCPclientsrequesttoaDHCPserverlocatedona
differentnetworkiftheaddressoftheserverisconfiguredasahelperaddressonthereceiving
interface.TherelayagentinterfacemustbeaVLANwhichisconfiguredwithanIPaddress.Refer
totheiphelperaddresscommand(iphelperaddressonpage 1914)formoreinformation.

DHCP Server
DHCPserverfunctionalityallowstheEnterasysB5switchtoprovidebasicIPconfiguration
informationtoaclientonthenetworkwhorequestssuchinformationusingtheDHCPprotocol.
DHCPprovidesthefollowingmechanismsforIPaddressallocationbyaDHCPserver:

AutomaticDHCPserverassignsanIPaddresstoaclientforalimitedperiodoftime(or
untiltheclientexplicitlyrelinquishestheaddress)fromadefinedpoolofIPaddresses
configuredontheserver.

ManualAclientsIPaddressisassignedbythenetworkadministrator,andDHCPisused
simplytoconveytheassignedaddresstotheclient.Thisismanagedbymeansofstatic
addresspoolsconfiguredontheserver.

TheamountoftimethataparticularIPaddressisvalidforasystemiscalledalease.The
EnterasysB5maintainsaleasedatabasewhichcontainsinformationabouteachassignedIP

Enterasys B5 CLI Reference

16-1

DHCP Overview

address,theMACaddresstowhichitisassigned,theleaseexpiration,andwhethertheaddress
assignmentisdynamic(automatic)orstatic(manual).TheDHCPleasedatabaseisstoredinflash
memory.
InadditiontoassigningIPaddresses,theDHCPservercanalsobeconfiguredtoassignthe
followingtorequestingclients:

Defaultrouter(s)

DNSserver(s)anddomainname

NetBIOSWINSserver(s)andnodename

Bootfile

DHCPoptionsasdefinedbyRFC2132
Note: A total of 16 address pools, dynamic and/or static, and a maximum of 256 addresses for the
entire switch, can be configured on the Enterasys B5.

Configuring a DHCP Server

ForDHCPtofunctiononEnterasysB5systems,thesystemhastoknowabouttheIPnetwork
forwhichtheDHCPpoolistobecreated.
OntheB5,therearetwowaystoconfigureaDHCPserver:oneistoassociatetheDHCPaddress
poolwiththeswitchshostportIPaddress,andtheotheristoassociatetheDHCPaddresspool
witharoutedinterface.
SinceonaB5system,thehostportIPaddresscannotfallwithinaconfiguredroutedinterfaceon
thesystem,atypicalB5systemconfiguredwithroutinginterfaceswillnothaveahostportIP
address.Therefore,allDHCPpoolswouldbeassociatedwithroutedinterfaces.
ThefollowingtasksprovidebasicDHCPserverfunctionalitywhentheDHCPpoolisassociated
withthesystemshostIPaddress.ThisprocedurewouldtypicallybeusedwhentheB5systemis
NOTconfiguredforrouting.
1.

Configurethesystem(stack)hostportIPaddresswiththesetipaddresscommand.Oncethe
systemsIPaddressisconfigured,thesystemthenknowsabouttheconfiguredsubnet.For
example:
set ip address 192.0.0.50 mask 255.255.255.0

EnableDHCPserverfunctionalityonthesystemwiththesetdhcpenablecommand.

ConfigureanIPaddresspoolfordynamicIPaddressassignment.Theonlyrequiredstepsare
tonamethepoolanddefinethenetworknumberandmaskforthepool.Notethatthepool
hastobeinthesamesubnetandusethesamemaskasthesystemhostportIPaddress.For
example:
set dhcp pool auto-pool network 192.0.0.0 255.255.255.0

AllDHCPclientsservedbythisswitchmustbeinthesameVLANasthesystemshostport.
ThefollowingtasksprovidebasicDHCPserverfunctionalitywhentheDHCPpoolisassociated
witharoutedinterface.
1.

CreateaVLANandaddportstotheVLAN.OnlyDHCPclientsassociatedwiththisVLAN
willbeservedIPaddressesfromtheDHCPaddresspoolassociatedwiththisroutedinterface
(VLAN).Inthisexample,VLAN6iscreatedandportsge.1.1throughge.1.10areaddedto
VLAN6:
set vlan create 6

16-2

DHCP Server Configuration

Configuring General DHCP Server Parameters

set port vlan ge.1.1-10 6

CreatearoutedinterfacefortheVLANinrouterconfigurationmode.Inthefollowing
example,anIPaddressisassociatedwithroutedinterfaceVLAN6:
Inrouterconfigurationmode:
interface vlan 6
no shutdown
ip address 6.6.1.1 255.255.0.0

EnableDHCPserverfunctionalityonthesystemwiththesetdhcpenablecommand.

CreatetheDHCPaddresspool.Theonlyrequiredstepsaretonamethepoolanddefinethe
networknumberandmaskforthepool.Notethatthepoolhastobeinthesamesubnetasthe
routedinterfaceandusethesamemaskconfiguredontheroutedinterface.Forexample:
set dhcp pool auto-pool network 6.6.0.0 255.255.0.0

DHCPclientsinVLAN6willbeservedIPaddressesfromthisDHCPaddresspool.
OptionalDHCPservertasksinclude:

Youcanlimitthescopeofaddressesassignedtoapoolfordynamicaddressassignmentwith
thesetdhcpexcludecommand.Upto128nonoverlappingaddressrangescanbeexcluded
ontheEnterasysB5.Forexample:
set dhcp exclude 192.0.0.1 192.0.0.10
Note: The IP address of the systems host port or the routed interface is automatically
excluded.

Configurestaticaddresspoolsformanualaddressassignment.Theonlyrequiredstepsareto
namethepool,configureeitherthehardwareaddressoftheclientortheclientidentifier,and
configuretheIPaddressandmaskforthemanualbinding.Forexample:
set dhcp pool static-pool hardware-address 0011.2233.4455
set dhcp pool static-pool host 192.0.0.200 255.255.255.0

SetotherDHCPserverparameterssuchasthenumberofpingpacketstobesentbefore
assigninganIPaddress,orenablingconflictlogging.

Configuring General DHCP Server Parameters

Purpose
ToconfigureDHCPserverparameters,andtodisplayandclearaddressbindinginformation,
serverstatistics,andconflictinformation.

Commands
For information about...

Refer to page...

set dhcp

16-4

set dhcp bootp

16-4

set dhcp conflict logging

16-5

show dhcp conflict

16-5

Enterasys B5 CLI Reference

16-3

set dhcp

For information about...

Refer to page...

clear dhcp conflict

16-6

set dhcp exclude

16-7

clear dhcp exclude

16-7

set dhcp ping

16-8

clear dhcp ping

16-8

show dhcp binding

16-9

clear dhcp binding

16-9

show dhcp server statistics

16-10

clear dhcp server statistics

16-11

set dhcp
UsethiscommandtoenableordisabletheDHCPserverfunctionalityontheEnterasysB5.

Syntax
set dhcp {enable | disable}

Parameters
enable|disable

EnablesordisablesDHCPserverfunctionality.Bydefault,DHCPserveris
disabled.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleenablesDHCPserverfunctionality.
B5(rw)->set dhcp enable

set dhcp bootp

UsethiscommandtoenableordisableautomaticaddressallocationforBOOTPclients.By
default,addressallocationforBOOTPclientsisdisabled.RefertoRFC1534,Interoperation
BetweenDHCPandBOOTP,formoreinformation.

Syntax
set dhcp bootp {enable | disable}

Parameters
enable|disable

16-4

DHCP Server Configuration

EnablesordisablesaddressallocationforBOOTPclients.

set dhcp conflict logging

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleenablesaddressallocationforBOOTPclients.
B5(rw)->set dhcp bootp enable

set dhcp conflict logging

Usethiscommandtoenableconflictlogging.Bydefault,conflictloggingisenabled.Usetheclear
dhcpconflictloggingcommandtodisableconflictlogging.

Syntax
set dhcp conflict logging

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleenablesDHCPconflictlogging.
B5(rw)->set dhcp conflict logging

show dhcp conflict

Usethiscommandtodisplayconflictinformation,foroneaddressoralladdresses.

Syntax
show dhcp conflict [address]

Parameters
address

[Optional]Specifiestheaddressforwhichtodisplayconflictinformation.

Defaults
Ifnoaddressisspecified,conflictinformationforalladdressesisdisplayed.

Enterasys B5 CLI Reference

16-5

clear dhcp conflict

Mode
Readonly.

Example
Thisexampledisplaysconflictinformationforalladdresses.Notethatpingistheonlydetection
methodused.
B5(ro)->show dhcp conflict
IP address
----------192.0.0.2
192.0.0.3
192.0.0.4
192.0.0.12

Detection Method
----------------Ping
Ping
Ping
Ping

Detection Time
--------------0 days 19h:01m:23s
0 days 19h:00m:46s
0 days 19h:01m:25s
0 days 19h:01m:26s

clear dhcp conflict

Usethiscommandtoclearconflictinformationforoneoralladdresses,ortodisableconflict
logging.

Syntax
clear dhcp conflict {logging | ip-address| *}

Parameters
logging

Disablesconflictlogging.

ipaddress

ClearstheconflictinformationforthespecifiedIPaddress.

ClearstheconflictinformationforallIPaddresses.

Defaults
None.

Mode
Switchcommand,readwrite.

Examples
ThisexampledisablesDHCPconflictlogging.
B5(rw)->clear dhcp conflict logging

ThisexampleclearstheconflictinformationfortheIPaddress192.0.0.2.
B5(rw)->clear dhcp conflict 192.0.0.2

16-6

DHCP Server Configuration

set dhcp exclude

UsethiscommandtoconfiguretheIPaddressesthattheDHCPservershouldnotassigntoDHCP
clients.Multipleaddressrangescanbeconfiguredbuttherangescannotoverlap.Upto128non
overlappingaddressrangescanbeexcluded.

Syntax
set dhcp exclude low-ipaddr [high-ipaddr]

Parameters
lowipaddr

SpecifiesthefirstIPaddressintheaddressrangetobeexcludedfrom
assignment.

highipaddr

(Optional)SpecifiesthelastIPaddressintheaddressrangetobe
excluded.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexamplefirstconfigurestheaddresspoolnamedauto1with255addressesfortheClassC
network172,20.28.0,withthesetdhcppoolnetworkcommand.Then,theexamplelimitsthe
scopeoftheaddressesthatcanbeassignedbyaDHCPserverbyexcludingaddresses172.20.28.80
100,withthesetdhcpexcludecommand.
B5(rw)->set dhcp pool auto1 network 172.20.28.0 24
B5(rw)->set dhcp exclude 172.20.28.80 172.20.28.100

clear dhcp exclude

UsethiscommandtocleartheconfiguredIPaddressesthattheDHCPservershouldnotassignto
DHCPclients.

Syntax
clear dhcp exclude low-ipaddr [high-ipaddr]

Parameters
lowipaddr

SpecifiesthefirstIPaddressintheaddressrangetobecleared.

highipaddr

(Optional)SpecifiesthelastIPaddressintheaddressrangetobecleared.

Defaults
None.

Mode
Switchcommand,readwrite.

Enterasys B5 CLI Reference

16-7

set dhcp ping

Example
ThisexampleclearsthepreviouslyexcludedrangeofIPaddressesbetween192.168.1.88through
192.168.1.100.
B5(rw)->clear dhcp exclude 192.168.1.88 192.168.1.100

set dhcp ping

UsethiscommandtoconfigurethenumberofpingpacketstheDHCPserversendstoanIP
addressbeforeassigningtheaddresstoarequestingclient.

Syntax
set dhcp ping packets number

Parameters
packetsnumber

Specifiesthenumberofpingpacketstobesent.Thevalueofnumbercan
be0,orrangefrom2to10.Entering0disablesthisfunction.Thedefault
valueis2packets.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexamplesetsthenumberofpingpacketssentto3.
B5(rw)->set dhcp ping packets 3

clear dhcp ping

UsethiscommandtoresetthenumberofpingpacketssentbytheDHCPserverbacktothe
defaultvalueof2.

Syntax
clear dhcp ping packets

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

16-8

DHCP Server Configuration

show dhcp binding

Example
Thisexampleresetsthenumberofpingpacketssentbacktothedefaultvalue.
B5(rw)->clear dhcp ping packets

show dhcp binding

UsethiscommandtodisplaybindinginformationforoneorallIPaddresses.

Syntax
show dhcp binding [ip-address]

Parameters
ipaddress

(Optional)SpecifiestheIPaddressforwhichtodisplaybinding
information.

Defaults
IfnoIPaddressisspecified,bindinginformationforalladdressesisdisplayed.

Mode
Readonly.

Example
Thisexampledisplaysbindinginformationaboutalladdresses.
B5(rw)->show dhcp binding
IP address
Hardware Address
--------------------------192.0.0.6
00:33:44:56:22:39
192.0.0.8
00:33:44:56:22:33
192.0.0.10
00:33:44:56:22:34
192.0.0.11
00:33:44:56:22:35
192.0.0.12
00:33:44:56:22:36
192.0.0.13
00:33:44:56:22:37
192.0.0.1400:33:44:56:22:38

Lease Expiration
----------------00:11:02
00:10:22
00:09:11
00:10:05
00:10:30
infinite
infinite

Type
----Automatic
Automatic
Automatic
Automatic
Automatic
Manual
Manual

clear dhcp binding

Usethiscommandtoclear(delete)oneoralldynamic(automatic)DHCPaddressbindings.

Syntax
clear dhcp binding {ip-addr | *}

Parameters
ipaddr

SpecifiestheIPaddressforwhichtoclear/deletetheDHCPbinding.

Deletesalldynamicaddressbindings.

Defaults
None.
Enterasys B5 CLI Reference

16-9

show dhcp server statistics

Mode
Switchcommand,readwrite.

Usage
Thiscommandclearsonlydynamic(automatic)DHCPbindings.Usethecommandcleardhcp
poolhosttoclearmanuallyconfiguredDHCPbindings.

Example
ThisexampledeletesthedynamicDHCPaddressbindingforIPaddress192.168.1.1.
B5(rw)->clear dhcp binding 192.168.1.1

show dhcp server statistics

UsethiscommandtodisplayDHCPserverstatistics.

Syntax
show dhcp server statistics

Parameters
None.

Defaults
None.

Mode
Readonly.

Example
Thisexampledisplaysserverstatistics.
B5(ro)->show dhcp server statistics
Automatic Bindings
Expired Bindings
Malformed Bindings
Messages
---------DHCP DISCOVER
DHCP REQUEST
DHCP DECLINE
DHCP RELEASE
DHCP INFORM
Messages
---------DHCP OFFER
DHCP ACK
DHCP NACK

16-10

DHCP Server Configuration

36
6
0
Received
---------382
3855
0
67
1
Sent
-----381
727
2

clear dhcp server statistics

UsethiscommandtoclearallDHCPservercounters.

Syntax
clear dhcp server statistics

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleclearsallDHCPservercounters.
B5(rw)->clear dhcp server statistics

Enterasys B5 CLI Reference

16-11

Configuring IP Address Pools

Manual Pool Configuration Considerations

ThesubnetoftheIPaddressbeingissuedshouldbeonthesamesubnetastheingress
interface(thatis,thesubnetofthehostIPaddressoftheswitch,orifroutinginterfacesare
configured,thesubnetoftheroutinginterface).

Amanualpoolcanbeconfiguredusingeithertheclientshardwareaddress(setdhcppool
hardwareaddress)ortheclientsclientidentifier(setdhcppoolclientidentifier),butusing
bothisnotrecommended.

IftheincomingDHCPrequestpacketcontainsaclientidentifier,thenamanualpool
configuredwiththatclientidentifiermustexistontheswitchinorderfortherequesttobe
processed.Thehardwareaddressisnotchecked.

Ahardwareaddressandtype(EthernetorIEEE802)configuredinamanualpoolischecked
onlywhenaclientidentifierisnotalsoconfiguredforthepoolandtheincomingDHCP
requestpacketdoesnotincludeaclientidentifieroption.

Purpose
ToconfigureandclearDHCPaddresspoolparameters,andtodisplayaddresspoolconfiguration
information.

Note: A total of 16 address pools, dynamic and/or static, can be configured on the Enterasys B5.

Commands
For information about...

16-12

Refer to page...

set dhcp pool

16-13

clear dhcp pool

16-14

set dhcp pool network

16-14

clear dhcp pool network

16-15

set dhcp pool hardware-address

16-15

clear dhcp pool hardware-address

16-16

set dhcp pool host

16-16

clear dhcp pool host

16-17

set dhcp pool client-identifier

16-17

clear dhcp pool client-identifier

16-18

set dhcp pool client-name

16-19

clear dhcp pool client-name

16-19

set dhcp pool bootfile

16-20

clear dhcp pool bootfile

16-20

DHCP Server Configuration

set dhcp pool

For information about...

Refer to page...

set dhcp pool next-server

16-21

clear dhcp pool next-server

16-21

set dhcp pool lease

16-22

clear dhcp pool lease

16-22

set dhcp pool default-router

16-23

clear dhcp pool default-router

16-23

set dhcp pool dns-server

16-24

clear dhcp pool dns-server

16-24

set dhcp pool domain-name

16-25

clear dhcp pool domain-name

16-25

set dhcp pool netbios-name-server

16-26

clear dhcp pool netbios-name-server

16-26

set dhcp pool netbios-node-type

16-27

clear dhcp pool netbios-node-type

16-27

set dhcp pool option

16-28

clear dhcp pool option

16-29

show dhcp pool configuration

16-29

set dhcp pool

UsethiscommandtocreateandassignanametoaDHCPserverpoolofaddresses.Upto16
addresspoolsmaybeconfiguredonaEnterasysB5.Notethatenteringthiscommandisnot
requiredtocreateanaddresspoolbeforeconfiguringotheraddresspoolparameters.

Syntax
set dhcp pool poolname

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexamplecreatesanaddresspoolnamedauto1.
B5(rw)->set dhcp pool auto1

Enterasys B5 CLI Reference

16-13

clear dhcp pool

UsethiscommandtodeleteaDHCPserverpoolofaddresses.

Syntax
clear dhcp pool poolname

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampledeletestheaddresspoolnamedauto1.
B5(rw)->clear dhcp pool auto1

set dhcp pool network

UsethiscommandtoconfigurethesubnetnumberandmaskforanautomaticDHCPaddress
pool.

Syntax
set dhcp pool poolname network number {mask | prefix-length}

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

number

SpecifiesanIPsubnetfortheaddresspool.

mask

Specifiesthesubnetmaskindottedquadnotation.

prefixlength

Specifiesthesubnetmaskasaninteger.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
UsethiscommandtoconfigureasetofIPaddressestobeassignedbytheDHCPserverusingthe
specifiedaddresspool.Inordertolimitthescopeoftheaddressesconfiguredwiththiscommand,
usethesetdhcpexcludecommandonpage167.
16-14

DHCP Server Configuration

clear dhcp pool network

Examples
ThisexampleconfigurestheIPsubnet172.20.28.0withaprefixlengthof24fortheautomatic
DHCPpoolnamedauto1.Alternatively,themaskcouldhavebeenspecifiedas255.255.255.0.
B5(rw)->set dhcp pool auto1 network 172.20.28.0 24

Thisexamplelimitsthescopeof255addressescreatedfortheClassCnetwork172,20.28.0bythe
previousexample,byexcludingaddresses172.20.28.80100.
B5(rw)->set dhcp exclude 172.20.28.80 172.20.28.100

clear dhcp pool network

UsethiscommandtoremovethenetworknumberandmaskofaDHCPserverpoolofaddresses.

Syntax
clear dhcp pool poolname network

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampledeletesthenetworkandmaskfromtheaddresspoolnamedauto1.
B5(rw)->clear dhcp pool auto1 network

set dhcp pool hardware-address

UsethiscommandtoconfiguretheMACaddressoftheDHCPclientandcreateanaddresspool
formanualbinding.Youcanuseeitherthiscommandorthesetdhcppoolclientidentifier
commandtocreateamanualbindingpool,butusingbothisnotrecommended.

Syntax
set dhcp pool poolname hardware-address hw-addr [type]

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

hwaddr

SpecifiestheMACaddressoftheclientshardwareplatform.Thisvalue
canbeenteredusingdottedhexadecimalnotationorcolons.

type

(Optional)Specifiestheprotocolofthehardwareplatform.Validvalues
are1forEthernetor6forIEEE802.Defaultvalueis1,Ethernet.

Enterasys B5 CLI Reference

16-15

clear dhcp pool hardware-address

Defaults
Ifnotypeisspecified,Ethernetisassumed.

Mode
Switchcommand,readwrite.

Example
Thisexamplespecifies0001.f401.2710astheEthernetMACaddressforthemanualaddresspool
namedmanual1.Alternatively,theMACaddresscouldhavebeenteredas00:01:f4:01:27:10.
B5(rw)->set dhcp pool manual1 hardware-address 0001.f401.2710

clear dhcp pool hardware-address

UsethiscommandtoremovethehardwareaddressofaDHCPclientfromamanualbinding
addresspool.

Syntax
clear dhcp pool poolname hardware-address

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampledeletestheclienthardwareaddressfromtheaddresspoolnamedmanual1.
B5(rw)->clear dhcp pool manual1 hardware-address

set dhcp pool host

UsethiscommandtoconfigureanIPaddressandnetworkmaskforamanualDHCPbinding.

Syntax
set dhcp pool poolname host ip-address [mask | prefix-length]

Parameters

16-16

poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

ipaddress

SpecifiestheIPaddressformanualbinding.

DHCP Server Configuration

clear dhcp pool host

mask

(Optional)Specifiesthesubnetmaskindottedquadnotation.

prefixlength

(Optional)Specifiesthesubnetmaskasaninteger.

Defaults
Ifamaskorprefixisnotspecified,theclassA,B,orCnaturalmaskwillbeused.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoconfiguretheminimumrequirementsforamanualbindingaddress
pool.First,thehardwareaddressoftheclientshardwareplatformisconfigured,followedby
configurationoftheaddresstobeassignedtothatclientmanually.
B5(rw)->set dhcp pool manual1 hardware-address 0001.f401.2710
B5(rw)->set dhcp pool manual1 host 15.12.1.99 255.255.248.0

clear dhcp pool host

UsethiscommandtoremovethehostIPaddressfromamanualbindingaddresspool.

Syntax
clear dhcp pool poolname host

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampledeletesthehostIPaddressfromtheaddresspoolnamedmanual1.
B5(rw)->clear dhcp pool manual1 host

set dhcp pool client-identifier

UsethiscommandtoconfiguretheclientidentifieroftheDHCPclientandcreateanaddresspool
formanualbinding.Youcanuseeitherthiscommandorthesetdhcppoolhardwareaddress
commandtocreateamanualbindingpool,butusingbothisnotrecommended.

Syntax
set dhcp pool poolname client-identifier id

Enterasys B5 CLI Reference

16-17

clear dhcp pool client-identifier

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

Specifiestheuniqueclientidentifierforthisclient.Thevaluemustbe
enteredinxx:xx:xx:xx:xx:xxformat.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
TheclientidentifierisformedbyconcatenatingthemediatypeandtheMACaddress.For
example,iftheclienthardwaretypeisEthernetandtheclientMACaddressis00:01:22:33:44:55,
thentheclientidentifierconfiguredwiththiscommandmustbe01:00:01:22:33:44:55.

Example
Thisexampleshowshowtoconfiguretheminimumrequirementsforamanualbindingaddress
pool,usingaclientidentifierratherthanthehardwareaddressoftheclientshardwareplatform.
B5(rw)->set dhcp pool manual2 client-identifier 01:00:01:22:33:44:55
B5(rw)->set dhcp pool manual2 host 10.12.1.10 255.255.255.0

clear dhcp pool client-identifier

UsethiscommandtoremovetheuniqueidentifierofaDHCPclientfromamanualbinding
addresspool.

Syntax
clear dhcp pool poolname client-identifier

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampledeletestheclientidentifierfromtheaddresspoolnamedmanual1.
B5(rw)->clear dhcp pool manual1 client-identifier

16-18

DHCP Server Configuration

set dhcp pool client-name

UsethiscommandtoassignanametoaDHCPclientwhencreatinganaddresspoolformanual
binding.

Syntax
set dhcp pool poolname client-name name

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

name

Specifiesthenametobeassignedtothisclient.Clientnamesmaybeupto
31charactersinlength.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleconfigurestheclientnameappsvr1tothemanualbindingpoolmanual2.
B5(rw)->set dhcp pool manual2 client-identifier 01:22:33:44:55:66
B5(rw)->set dhcp pool manual2 host 10.12.1.10 255.255.255.0
B5(rw)->set dhcp pool manual2 client-name appsvr1

clear dhcp pool client-name

UsethiscommandtodeleteaDHCPclientnamefromanaddresspoolformanualbinding.

Syntax
clear dhcp pool poolname client-name

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampledeletestheclientnamefromthemanualbindingpoolmanual2.
B5(rw)->clear dhcp pool manual2 client-name

Enterasys B5 CLI Reference

16-19

set dhcp pool bootfile

UsethiscommandtospecifyadefaultbootimagefortheDHCPclientswhowillbeservedbythe
addresspoolbeingconfigured.

Syntax
set dhcp pool poolname bootfile filename

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

filename

Specifiesthebootimagefilename.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexamplesetsthebootimagefilenameforaddresspoolnamedauto1.
B5(rw)->set dhcp pool auto1 bootfile image1.img

clear dhcp pool bootfile

Usethiscommandtoremoveadefaultbootimagefromtheaddresspoolbeingconfigured.

Syntax
clear dhcp pool poolname bootfile

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleremovesthebootimagefilenamefromaddresspoolnamedauto1.
B5(rw)->clear dhcp pool auto1 bootfile

16-20

DHCP Server Configuration

set dhcp pool next-server

Usethiscommandtospecifythefileserverfromwhichthedefaultbootimageistobeloadedby
theclient.

Syntax
set dhcp pool poolname next-server ip-address

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

ipaddress

SpecifiestheIPaddressofthefileservertheDHCPclientshouldcontact
toloadthedefaultbootimage.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexamplespecifiesthefileserverfromwhichclientsbeingservedbyaddresspoolauto1
shoulddownloadthebootimagefileimage1.img.
B5(rw)->set dhcp pool auto1 bootfile image1.img
B5(rw)->set dhcp pool auto1 next-server 10.1.1.10

clear dhcp pool next-server

Usethiscommandtoremovethebootimagefileserverfromtheaddresspoolbeingconfigured.

Syntax
clear dhcp pool poolname next-server

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleremovesthefileserverfromaddresspoolauto1.
B5(rw)->clear dhcp pool auto1 next-server

Enterasys B5 CLI Reference

16-21

set dhcp pool lease

UsethiscommandtospecifythedurationoftheleaseforanIPaddressassignedbytheDHCP
serverfromtheaddresspoolbeingconfigured.

Syntax
set dhcp pool poolname lease {days [hours [minutes]] | infinite}

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

days

Specifiesthenumberofdaysanaddressleasewillremainvalid.Valuecan
rangefrom0to59.

hours

(Optional)Whenadaysvaluehasbeenassigned,specifiesthenumberof
hoursanaddressleasewillremainvalid.Valuecanrangefrom0to1439.

minutes

(Optional)Whenadaysvalueandanhoursvaluehavebeenassigned,
specifiesthenumberofminuteanaddressleasewillremainvalid.Value
canrangefrom0to86399.

infinite

Specifiesthatthedurationoftheleasewillbeunlimited.

Defaults
Ifnoleasetimeisspecified,aleasedurationof1dayisconfigured.

Mode
Switchcommand,readwrite.

Example
Thisexampleconfiguresaleasedurationof12hoursfortheaddresspoolbeingconfigured.Note
thattoconfigurealeasetimelessthanoneday,enter0fordays,thenthenumberofhoursand
minutes.
B5(rw)->set dhcp pool auto1 lease 0 12

clear dhcp pool lease

Usethiscommandtorestorethedefaultleasetimevalueofonedayfortheaddresspoolbeing
configured.

Syntax
clear dhcp pool poolname lease

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

Defaults
Clearstheleasetimeforthisaddresspooltothedefaultvalueofoneday.

16-22

DHCP Server Configuration

set dhcp pool default-router

Mode
Switchcommand,readwrite.

Example
Thisexamplerestoresthedefaultleasedurationofonedayforaddresspoolauto1.
B5(rw)->clear dhcp pool auto1 lease

set dhcp pool default-router

UsethiscommandtospecifyadefaultrouterlistfortheDHCPclientsservedbytheaddresspool
beingconfigured.Upto8defaultrouterscanbeconfigured.

Syntax
set dhcp pool poolname default-router address [address2 ... address8]

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

address

SpecifiestheIPaddressofadefaultrouter.

address2...address8

(Optional)Specifies,inorderofpreference,upto7additionaldefault
routeraddresses.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleassignsadefaultrouterat10.10.10.1totheaddresspoolnamedauto1.
B5(rw)->set dhcp pool auto1 default-router 10.10.10.1

clear dhcp pool default-router

Usethiscommandtodeletethedefaultroutersconfiguredforthisaddresspool.

Syntax
clear dhcp pool poolname default-router

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

Defaults
None.

Enterasys B5 CLI Reference

16-23

set dhcp pool dns-server

Mode
Switchcommand,readwrite.

Example
Thisexampleremovesthedefaultrouterfromtheaddresspoolauto1.
B5(rw)->clear dhcp pool auto1 default-router

set dhcp pool dns-server

UsethiscommandtospecifyoneormoreDNSserversfortheDHCPclientsservedbytheaddress
poolbeingconfigured.Upto8DNSserverscanbeconfigured.

Syntax
set dhcp pool poolname dns-server address [address2 ... address8]

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

address

SpecifiestheIPaddressofaDNSserver.

address2...address8

(Optional)Specifies,inorderofpreference,upto7additionalDNS
serveraddresses.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleassignsaDNSserverat10.14.10.1totheaddresspoolauto1.
B5(rw)->set dhcp pool auto1 dns-server 10.14.10.1

clear dhcp pool dns-server

UsethiscommandtoremovetheDNSserverlistfromtheaddresspoolbeingconfigured.

Syntax
clear dhcp pool poolname dns-server

Parameters
poolname

Defaults
None.

16-24

DHCP Server Configuration

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

set dhcp pool domain-name

Mode
Switchcommand,readwrite.

Example
ThisexampleremovestheDNSserverlistfromtheaddresspoolauto1.
B5(rw)->clear dhcp pool auto1 dns-server

set dhcp pool domain-name

UsethiscommandtospecifyadomainnametobeassignedtoDHCPclientsservedbytheaddress
poolbeingconfigured.

Syntax
set dhcp pool poolname domain-name domain

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

domain

Specifiesthedomainnamestring.Thedomainnamecanbeupto255
charactersinlength.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleassignsthemycompany.comdomainnametotheaddresspoolauto1.
B5(rw)->set dhcp pool auto1 domain-name mycompany.com

clear dhcp pool domain-name

Usethiscommandtoremovethedomainnamefromtheaddresspoolbeingconfigured.

Syntax
clear dhcp pool poolname domain-name

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

Defaults
None.

Enterasys B5 CLI Reference

16-25

set dhcp pool netbios-name-server

Mode
Switchcommand,readwrite.

Example
Thisexampleremovesthedomainnamefromtheaddresspoolauto1.
B5(rw)->clear dhcp pool auto1 domain-name

set dhcp pool netbios-name-server

UsethiscommandtoassignoneormoreNetBIOSnameserversfortheDHCPclientsservedby
theaddresspoolbeingconfigured.Upto8NetBIOSnameserverscanbeconfigured.

Syntax
set dhcp pool poolname netbios-name-server address [address2 ... address8]

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

address

SpecifiestheIPaddressofaNetBIOSnameserver.

address2...address8

(Optional)Specifies,inorderofpreference,upto7additionalNetBIOS
nameserveraddresses.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleassignsaNetBIOSnameserverat10.15.10.1totheaddresspoolbeingconfigured.
B5(rw)->set dhcp pool auto1 netbios-name-server 10.15.10.1

clear dhcp pool netbios-name-server

UsethiscommandtoremovetheNetBIOSnamerserverlistfromtheaddresspoolbeing
configured.
clear dhcp pool poolname netbios-name-server

Parameters
poolname

Defaults
None.

16-26

DHCP Server Configuration

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

set dhcp pool netbios-node-type

Mode
Switchcommand,readwrite.

Example
ThisexampleremovestheNetBIOSnameserverlistfromtheaddresspoolauto1.
B5(rw)->clear dhcp pool auto1 netbios-name-server

set dhcp pool netbios-node-type

UsethiscommandtospecifyaNetBIOSnode(server)typefortheDHCPclientsservedbythe
addresspoolbeingconfigured.

Syntax
set dhcp pool poolname netbios-node-type {b-node | h-node | p-node | m-node}

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

bnode

SpecifiestheNetBIOsnodetypetobebroadcast(noWINS).

hnode

SpecifiestheNetBIOsnodetypetobehybrid(WINS,thenbroadcast).

pnode

SpecifiestheNetBIOsnodetypetobepeer(WINSonly).

mnode

SpecifiestheNetBIOsnodetypetobemixed(broadcast,thenWINS).

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexamplespecifieshybridastheNetBIOSnodetypefortheaddresspoolauto1.
B5(rw)->set dhcp pool auto1 netbios-node-type h-node

clear dhcp pool netbios-node-type

UsethiscommandtoremovetheNetBIOSnodetypefromtheaddresspoolbeingconfigured.

Syntax
clear dhcp pool poolname netbios-node-type

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

Enterasys B5 CLI Reference

16-27

set dhcp pool option

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleremovestheNetBIOSnodetypefromtheaddresspoolauto1.
B5(rw)->clear dhcp pool auto1 netbios-node-type

set dhcp pool option

UsethiscommandtoconfigureDHCPoptions,describedinRFC2132.

Syntax
set dhcp pool poolname option code {ascii string | hex string-list | ip addresslist}

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

code

SpecifiestheDHCPoptioncode,asdefinedinRFC2132.Valuecanrange
from1to254.

asciistring

SpecifiesthedatainASCIIformat.AnASCIIcharacterstringcontaininga
spacemustbeenclosedinquotations.

hexstringlist

SpecifiesthedatainHEXformat.Upto8HEXstringscanbeentered.

ipaddresslist

SpecifiesthedatainIPaddressformat.Upto8IPaddressescanbeentered.

Defaults
None.

Mode
Switchcommand,readwrite.

Examples
ThisexampleconfiguresDHCPoption19,whichspecifieswhethertheclientshouldconfigureits
IPlayerforpacketforwarding.Inthiscase,IPforwardingisenabledwiththe01value.
B5(rw)->set dhcp pool auto1 option 19 hex 01

ThisexampleconfiguresDHCPoption72,whichassignsoneormoreWebserversforDHCP
clients.Inthiscase,twoWebserveraddressesareconfigured.
B5(rw)->set dhcp pool auto1 option 72 ip 168.24.3.252 168.24.3.253

16-28

DHCP Server Configuration

clear dhcp pool option

UsethiscommandtoremoveaDHCPoptionfromtheaddresspoolbeingconfigured.

Syntax
clear dhcp pool poolname option code

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

code

SpecifiestheDHCPoptioncode,asdefinedinRFC2132.Valuecanrange
from1to254.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleremovesoption19fromaddresspoolauto1.
B5(rw)->clear dhcp pool auto1 option 19

show dhcp pool configuration

Usethiscommandtodisplayconfigurationinformationforoneoralladdresspools.

Syntax
show dhcp pool configuration {poolname | all}

Parameters
poolname

Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.

Defaults
None.

Mode
Readonly.

Example
Thisexampledisplaysconfigurationinformationforalladdresspools.
B5(rw)->show dhcp pool configuration all
Pool: Atg_Pool
Pool Type

Dynamic

Enterasys B5 CLI Reference

16-29

show dhcp pool configuration

16-30

Network
Lease Time
Default Routers

192.0.0.0 255.255.255.0
1 days 0 hrs 0 mins
192.0.0.1

Pool: static1
Pool Type
Client Name
Client Identifier
Host
Lease Time
Option

Manual
appsvr1
01:00:01:f4:01:27:10
10.1.1.1 255.0.0.0
infinite
19 hex 01

Pool: static2
Pool Type
Hardware Address
Hardware Address Type
Host
Lease Time

Manual
00:01:f4:01:27:10
ieee802
192.168.10.1 255.255.255.0
infinite

DHCP Server Configuration

17
DHCP Snooping and
Dynamic ARP Inspection
Thischapterdescribestwosecurityfeatures:

DHCPsnooping,whichmonitorsDHCPmessagesbetweenaDHCPclientandDHCPserver
tofilterharmfulDHCPmessagesandtobuildadatabaseofauthorizedaddressbindings

DynamicARPinspection,whichusesthebindingsdatabasecreatedbytheDHCPsnooping
featuretorejectinvalidandmaliciousARPpackets

For information about...

Refer to page...

DHCP Snooping Overview

17-1

DHCP Snooping Commands

17-4

Dynamic ARP Inspection Overview

17-16

Dynamic ARP Inspection Commands

17-20

DHCP Snooping Overview

DHCPsnoopingmonitorsDHCPmessagesbetweenDHCPclientsandDHCPserverstofilter
harmfulDHCPmessagesandtobuildabindingsdatabaseof{MACaddress,IPaddress,VLAN
ID,port}tuplesthatareconsideredauthorized.
DHCPsnoopingisdisabledgloballyandonallVLANsbydefault.Portsareuntrustedbydefault.
DHCPsnoopingmustbeenabledgloballyandonspecificVLANs.PortswithintheVLANsmust
beconfiguredastrustedoruntrusted.DHCPserversmustbereachedthroughtrustedports.
DHCPsnoopingenforcesthefollowingsecurityrules:

DHCPpacketsfromaDHCPserver(DHCPOFFER,DHCPACK,DHCPNAK)aredroppedif
receivedonanuntrustedport.

DHCPRELEASEandDHCPDECLINEmessagesaredroppediftheyareforaMACaddress
inthesnoopingdatabasebutthebindingsinterfaceinthedatabaseisdifferentfromthe
interfacewherethemessagewasreceived.

Onuntrustedinterfaces,theswitchdropsDHCPpacketswhosesourceMACaddressdoesnot
matchtheclienthardwareaddress.Thisfeatureisaconfigurableoption.

DHCP Message Processing

ThehardwareidentifiesallincomingDHCPpacketsonportswhereDHCPsnoopingisenabled.
Onuntrustedports,thehardwaretrapsallincomingDHCPpacketstotheCPU.Ontrustedports,

Enterasys B5 CLI Reference

17-1

DHCP Snooping Overview

thehardwareforwardsclientmessagesandcopiesservermessagestotheCPUsoDHCPsnooping
canlearnthebinding.
TheDHCPsnoopingapplicationprocessesincomingDHCPmessages.ForDHCPRELEASEand
DHCPDECLINEmessages,theapplicationcomparesthereceiveinterfaceandVLANwiththe
clientsinterfaceandVLANinthebindingsdatabase.Iftheinterfacesdonotmatch,the
applicationlogstheeventanddropsthemessage.Forvalidclientmessages,DHCPsnooping
comparesthesourceMACaddresstotheDHCPclienthardwareaddress.Wherethereisa
mismatch,DHCPsnoopinglogsanddropsthepacket.Youcandisablethisfeatureusingtheset
dhcpsnoopingverifymacaddressdisablecommand.
Note: If the switch has been configured as a DHCP relay agent, to forward client requests to a
DHCP server that does not reside on the same broadcast domain as the client, MAC address
verification should be disabled in order to allow DHCP RELEASE packets to be processed by the
DHCP snooping functionality and client bindings removed from the bindings database.

DHCPsnoopingcanbeconfiguredonswitchingVLANsandroutingVLANs.WhenaDHCP
packetisreceivedonaroutingVLAN,theDHCPsnoopingapplicationappliesitsfilteringrules
andupdatesthebindingsdatabase.Ifaclientmessagepassesfilteringrules,themessageisplaced
intothesoftwareforwardingpath,whereitmaybeprocessedbytheDHCPrelayagent,thelocal
DHCPserver,orforwardedasanIPpacket.
DHCPsnoopingforwardsvalidDHCPclientmessagesreceivedonnonroutingVLANs.The
messageisforwardedonalltrustedinterfacesintheVLAN.IfaDHCPrelayagentorlocalDHCP
servercoexistwiththeDHCPsnoopingfeature,DHCPclientmessageswillbesenttotheDHCP
relayagentorlocalDHCPservertoprocessfurther.
TheDHCPsnoopingapplicationdoesnotforwardservermessagessincetheyareforwardedin
hardware.

Building and Maintaining the Database

TheDHCPsnoopingapplicationusesDHCPmessagestobuildandmaintainthebindings
database.Thebindingsdatabaseincludesonlydataforclientsonuntrustedports.Thebindings
databaseincludesthefollowinginformationforeachentry:

ClientMACaddress

ClientIPaddress

Timewhenclientsleaseexpires

ClientVLANID

Clientport

DHCPsnoopingcreatesatentativebindingfromDHCPDISCOVERandREQUESTmessages.
Tentativebindingstieaclienttoaport(theportwheretheDHCPclientmessagewasreceived).
TentativebindingsarecompletedwhenDHCPsnoopinglearnstheclientsIPaddressfroma
DHCPACKmessageonatrustedport.DHCPsnoopingremovesbindingsinresponseto
DECLINE,RELEASE,andNACKmessages.TheDHCPsnoopingapplicationignorestheACK
messagessentinreplytotheDHCPInformmessagesreceivedontrustedports.Youcanalso
enterstaticbindingsintothebindingsdatabase.
Whenaswitchlearnsofnewbindingsorwhenitlosesbindings,theswitchimmediatelyupdates
theentriesinthedatabase.
Iftheabsoluteleasetimeofasnoopingdatabaseentryexpires,thenthatentrywillberemoved.
Careshouldbetakentoensurethatsystemtimeisconsistentacrossthereboots.Otherwise,
snoopingentrieswillnotexpireproperly.IfahostsendsaDHCPRELEASEmessagewhilethe

17-2

DHCP Snooping and Dynamic ARP Inspection

DHCP Snooping Overview

switchisrebooting,whentheswitchreceivesaDHCPDISCOVERYorREQUESTmessage,the
clientsbindingwillgotoatentativebindingstate.

Rate Limiting
ToprotecttheswitchagainstDHCPattackswhenDHCPsnoopingisenabled,thesnooping
applicationenforcesaratelimitforDHCPpacketsreceivedonuntrustedinterfaces.DHCP
snoopingmonitorsthereceiverateoneachinterfaceseparately.Ifthereceiverateexceedsa
configurablelimit,DHCPsnoopingbringsdowntheinterface.Usethesetportenablecommand
toreenabletheinterface.Boththerateandtheburstintervalcanbeconfigured.

Basic Configuration
Thefollowingconfigurationproceduredoesnotchangethewritedelaytothesnoopingdatabase
oranyofthedefaultratelimitingvalues.Additionalconfigurationnotesfollowthisprocedure.
Procedure 17-1

Basic Configuration for DHCP Snooping

Step

Task

Command(s)

Enable DHCP snooping globally on the switch.

set dhcpsnooping enable

Determine where DHCP clients will be

connected and enable DHCP snooping on their
VLANs.

set dhcpsnooping vlan vlan-list

enable

Determine which ports will be connected to the

DHCP server and configure them as trusted
ports.

set dhcpsnooping trust port

port-string enable

If desired, enable logging of invalid DHCP

messages on specfic ports.

set dhcpsnooping log-invalid port

port-string enable

If desired, add static bindings to the database.

set dhcpsnooping binding mac-address

vlan vlan-id ipaddr port port-string

Configuration Notes
DHCP Server

Whentheswitchisoperatinginswitchmode,thentheDHCPserverandDHCPclientsmust
beinthesameVLAN.

Iftheswitchisinroutingmode(onthoseplatformsthatsupportrouting),thentheDCHP
servercanberemotelyconnectedtoaroutinginterface,orrunninglocally.

IftheDHCPserverisremotelyconnected,thentheuseofanIPhelperaddressisrequiredand
MACaddressverificationshouldbedisabled(setdhcpsnoopingverifymacaddress
disable).

TheDHCPservermustuseScopesinordertoprovidetheIPaddressesperVLAN.

DHCPsnoopingmustbeenabledontheinterfaceswheretheDHCPclientsareconnected,
andtheinterfacesmustbeuntrustedDHCPsnoopingports.

TheroutinginterfacethatisconnectedtotheDHCPservermustbeenabledforDHCP
snoopingandmustbeatrustedDHCPsnoopingport.

Enterasys B5 CLI Reference

17-3

DHCP Snooping Commands

For information about...

Refer to page...

set dhcpsnooping

17-4

set dhcpsnooping vlan

17-5

set dhcpsnooping database write-delay

17-5

set dhcpsnooping trust

17-6

set dhcpsnooping binding

17-7

set dhcpsnooping verify

17-7

set dhcpsnooping log-invalid

17-8

set dhcpsnooping limit

17-9

show dhcpsnooping

17-10

show dhcpsnooping database

17-11

show dhcpsnooping port

17-11

show dhcpsnooping binding

17-12

show dhcpsnooping statistics

17-13

clear dhcpsnooping binding

17-14

clear dhcpsnooping statistics

17-14

clear dhcpsnooping database

17-14

clear dhcpsnooping limit

17-15

set dhcpsnooping
UsethiscommandtoenableordisableDHCPsnoopingglobally.

Syntax
set dhcpsnooping {enable | disable}

Parameters
enable

EnableDHCPsnoopinggloballyontheswitch.

disable

DisableDHCPsnoopinggloballyontheswitch.

Defaults
Disabledglobally.

Mode
Switchcommand,readwrite.

Usage
Bydefault,DHCPsnoopingisdisabledgloballyandonallVLANs.Youmustenableitglobally
withthiscommand,andthenenableitonspecificVLANs.
17-4

DHCP Snooping and Dynamic ARP Inspection

set dhcpsnooping vlan

Example
ThefollowingexampleenablesDHCPsnoopingglobally.
B5(rw)->set dhcpsnooping enable

set dhcpsnooping vlan

UsethiscommandtoenableordisableDHCPsnoopingonaVLANorrangeofVLANs.

Syntax
set dhcpsnooping vlan vlan-range {enable | disable}

Parameters
vlanrange

SpecifiestheVLANorrangeofVLANsonwhichDHCPsnoopingisto
beenabledordisabled.

enable|disable

EnablesordisablesDHCPsnoopingforthespecifiedVLANs.

Defaults
DHCPsnoopingisdisabledbydefaultonallVLANs.

Mode
Switchcommand,readwrite.

Usage
Bydefault,DHCPsnoopingisdisabledgloballyandonallVLANs.Youmustenableitglobally
withthesetdhcpsnoopingcommand,andthenenableitonspecificVLANswiththiscommand.

Example
ThisexampleenablesDHCPsnoopingonVLANS10through20.
B5(rw)->set dhcpsnooping vlan 10-20 enable

set dhcpsnooping database write-delay

Usethiscommandtospecifytheintervalbetweenupdatestothestoredbindingsdatabase.

Syntax
set dhcpsnooping database write-delay seconds

Parameters
second

Specifytheintervalinsecondsbetweenupdatestothestoredbindings
database.Thevaluecanrangefrom15to86400seconds.

Defaults
Every5minutes(300seconds).

Enterasys B5 CLI Reference

17-5

set dhcpsnooping trust

Mode
Switchcommand,readwrite.

Usage
Whenaswitchlearnsofnewbindingsorwhenitlosesbindings,theswitchupdatestheentriesin
thebindingsdatabaseaccordingtothewritedelaytimer.Theswitchalsoupdatestheentriesin
thebindingfile.Thefrequencyatwhichthefileisupdatedisbasedonthedelayconfiguredwith
thiscommand,andtheupdatesarebatched.

Example
Thefollowingexamplespecifiesthatthestoreddatabaseshouldbeupdatedonceanhour.
B5(rw)->set dhcpsnooping database write-delay 3600

set dhcpsnooping trust

UsethiscommandtoenableordisableaportasaDHCPsnoopingtrustedport.

Syntax
set dhcpsnooping trust port port-string {enable | disable}

Parameters
portportstring

Specifiestheportorportstobeenabledordisabledastrustedports.The
portscanbephysicalportsorLAGsthataremembersofaVLAN.

enable|disable

Enablesordisablesthespecifiedportsastrustedports.

Defaults
Bydefault,portsareuntrusted.

Mode
Switchcommand,readwrite.

Usage
InorderforDHCPsnoopingtooperate,snoopinghastobeenabledgloballyandonspecific
VLANs,andtheportswithintheVLANshavetobeconfiguredastrustedoruntrusted.On
trustedports,DHCPclientmessagesareforwardeddirectlybythehardware.Onuntrustedports,
clientmessagesaregiventotheDHCPsnoopingapplication.
TheDHCPsnoopingapplicationbuildsthebindingsdatabasefromclientmessagesreceivedon
untrustedports.DHCPsnoopingcreatesatentativebindingfromDHCPDISCOVERand
REQUESTmessages.Tentativebindingstieaclienttotheportonwhichthemessagepacketwas
received.TentativebindingsarecompletedwhenDHCPsnoopinglearnstheclientsIPaddress
fromaDHCPACKmessageonatrustedport.
TheportsontheswitchthroughwhichDHCPserversarereachedmustbeconfiguredastrusted
portssothatpacketsreceivedfromthoseportswillbeforwardedtoclients.DCHPpacketsfroma
DHCPserver(DHCPOFFER,DHCPACK,DHCPNAK)aredroppedifreceivedonanuntrusted
port.

17-6

DHCP Snooping and Dynamic ARP Inspection

set dhcpsnooping binding

Example
Thisexampleconfiguresportge.1.1asatrustedport.
B5(rw)->set dhcpsnooping trust port ge.1.1 enable

set dhcpsnooping binding

UsethiscommandtoaddastaticDHCPbindingtotheDHCPsnoopingdatabase.

Syntax
set dhcpsnooping binding mac-address vlan vlan-id ipaddr port port-string

Parameters
macaddress

SpecifiestheMACaddressofthebindingentry.

vlanvlanid

SpecifiestheVLANofthebindingentry.

ipaddr

SpecifiestheIPaddressofthebindingentry.

portportstring

Specifiestheportofthebindingentry.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
WhenenabledgloballyandonVLANs,DHCPsnoopingbuildsitsbindingsdatabasefromDHCP
clientmessagesreceivedonuntrustedports.Suchentriesinthedatabasearedynamicentries
whichwillberemovedinresponsetovalidDECLINE,RELEASE,andNACKmessagesorwhen
theabsoluteleasetimeoftheentryexpires.
Youcanaddstaticentriestothebindingsdatabasewiththiscommand.

Example
Thisexamplecreatesastaticentry,associatingMACaddress00:01:02:33:44:55withIPaddress
192.168.10.10andVLAN10,portge.1.1.
B5(rw)->set dhcpsnooping binding 00:01:02:33:44:55 vlan 10 192.168.10.10 port
ge.1.1

set dhcpsnooping verify

UsethiscommandtoenableordisableDHCPsnoopingtofilteronsourceMACaddress.

Syntax
set dhcpsnooping verify mac-address {enable | disable}

Enterasys B5 CLI Reference

17-7

set dhcpsnooping log-invalid

Parameters
enable

EnablesverificationofthesourceMACaddressinclientmessages
againsttheclienthardwareaddress.

disable

DisablesverificationofthesourceMACaddressinclientmessages
againsttheclienthardwareaddress.

Defaults
SourceMACaddressverificationisenabledbydefault.

Mode
Switchcommand,readwrite.

Usage
Whenthisverificationisenabled,theDHCPsnoopingapplicationcomparesthesourceMAC
addresscontainedinvalidclientmessageswiththeclientshardwareaddress.Ifthereisa
mismatch,DHCPsnoopinglogstheeventanddropsthepacket.
Usetheshowdhcpsnoopingcommandtodisplaythestatus(enabledordisabled)ofsourceMAC
addressverificationforeachinterfaceinanenabledVLAN.Theshowdhcpsnoopingstatistics
commandshowstheactualnumberofMACverificationerrorsthatoccurredonuntrustedports.

Example
ThisexampledisablessourceMACaddressverificationandlogging.
B5(rw)->set dhcpsnooping verify mac-address disable

set dhcpsnooping log-invalid

UsethiscommandtoenableordisableloggingofinvalidDHCPmessagesonports.

Syntax
set dhcpsnooping log-invalid port port-string {enable | disable}

Parameters
portportstring

Specifiestheportorportsonwhichtoenableordisableloggingof
invalidpackets.

enable|disable

Enablesordisablesloggingonthespecifiedports.

Defaults
Disabled.

Mode
Switchcommand,readwrite.

Usage
TheDHCPsnoopingapplicationprocessesincomingDHCPmessages.ForDHCPRELEASEand
DHCPDECLINEmessages,theapplicationcomparesthereceiveinterfaceandVLANwiththe

17-8

DHCP Snooping and Dynamic ARP Inspection

set dhcpsnooping limit

clientsinterfaceandVLANinthebindingsdatabase.Iftheinterfacesdonotmatch,the
applicationlogstheeventiflogginghasbeenenabled.
Usetheshowdhcpsnoopingcommandtodisplaythestatus(enabledordisabled)oflogging
invalidpacketsforeachinterfaceinanenabledVLAN.Theshowdhcpsnoopingstatistics
commandshowstheactualnumberofservermessagesreceivedonuntrustedports.

Example
ThisexampleenablesloggingofinvalidDHCPmessagesonportge.1.1andthendisplaysthe
DHCPconfigurationsettings.
B5(rw)->set dhcpsnooping log invalid port ge.1.1 enable
B5(su)->show dhcpsnooping
DHCP snooping is Disabled
DHCP snooping source MAC verification is enabled
DHCP snooping is enabled on the following VLANs:
3

Interface

Trusted

Log Invalid Pkts

-----------

----------

----------------

ge.1.1

Yes

ge.1.2

ge.1.3

Yes

set dhcpsnooping limit

UsethiscommandtoconfigureratelimitingparametersforincomingDHCPpacketsonaportor
ports.

Syntax
set dhcpsnooping limit port-string {none | rate pps {burst interval secs]}

Parameters
portstring

Specifiestheportorportstowhichtoapplytheseratelimiting
parameters.

none

ConfiguresnolimitonincomingDHCPpackets.

ratepps

Specifiesaratelimitinpacketspersecond.Thevalueofppscanrange
from0to100packetspersecond.

burstintervalsecs

Specifiesaburstintervalinseconds.Thevalueofsecscanrangefrom1
to15seconds.

Defaults
Rate=15packetspersecond
BurstInterval=1second

Mode
Switchcommand,readwrite.

Enterasys B5 CLI Reference

17-9

show dhcpsnooping

Usage
ToprotecttheswitchfromDHCPattackswhenDHCPsnoopingisenabled,thesnooping
applicationenforcesaratelimitforDHCPpacketsreceivedonuntrustedinterfaces.DHCP
snoopingmonitorsthereceiverateoneachinterfaceseparately.Ifthereceiverateexceedsthe
configuredlimit,DHCPsnoopingbringsdowntheinterface.Youcanreenabletheinterfacewith
thesetportenablecommand.Boththerateandtheburstintervalcanbeconfigured.
Youcandisplaythecurrentlyconfiguredratelimitparameterswiththeshowdhcpsnoopingport
command.

Example
Thisexampleconfiguresratelimitparametersonportge.1.1.
B5(rw)->set dhcpsnooping limit ge.1.1 rate 20 burst interval 2
B5(rw)->show dhcpsnooping port ge.1.1
Interface

Trust State

Rate Limit

Burst Interval

(pps)

(seconds)

----------

-------------

---------------

ge.1.1

show dhcpsnooping
UsethiscommandtodisplayDHCPsnoopingconfigurationparameters.

Syntax
show dhcpsnooping

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
Thiscommanddisplaysthestatus(enabledordisabled)ofDHCPsnoopingglobally,liststhe
VLANsonwhichDHCPsnoopingisenabled,displayswhethersourceMACaddressverification
isenabledordisabled,andforportsthatareenabledforsnooping,displayswhethertheyare
trustedoruntrustedandwhetherloggingofinvalidpacketshasbeenenabled.

Example
Thisexampleshowstheoutputoftheshowdhcpsnoopingcommand.
B5(su)->show dhcpsnooping
DHCP snooping is Enabled
DHCP snooping source MAC verification is enabled
DHCP snooping is enabled on the following VLANs:

17-10

DHCP Snooping and Dynamic ARP Inspection

show dhcpsnooping database

Interface

Trusted

Log Invalid Pkts

-----------

----------

----------------

ge.1.47

Yes

ge.1.48

lag.0.1

show dhcpsnooping database

UsethiscommandtodisplayDHCPsnoopingdatabaseconfigurationparameters.

Syntax
show dhcpsnooping database

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
Thiscommanddisplayswherethedatabasefileisstored(locally)andwhatthewritedelayvalue
is.

Example
Thisexampleshowstheoutputoftheshowdhcpsnoopingdatabasecommand.
B5(su)->show dhcpsnooping database
agent url:

local

write-delay:

300

show dhcpsnooping port

UsethiscommandtodisplayDHCPsnoopingconfigurationparametersforspecificports.

Syntax
show dhcpsnooping port port-string

Parameters
portstring

Specifiestheportorportsforwhichtodisplayconfiguration
information.

Enterasys B5 CLI Reference

17-11

show dhcpsnooping binding

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
Thiscommanddisplaysthetruststateandratelimitingparametersconfiguredonthespecified
ports.

Example
Thisexampleshowstheoutputoftheshowdhcpsnoopingportcommand.
B5(su)->show dhcpsnooping port ge.1.1
Interface

Trust State

Rate Limit

----------

-------------

---------------

ge.1.1

(pps)

Burst Interval
(seconds)

show dhcpsnooping binding

UsethiscommandtodisplaythecontentsoftheDHCPsnoopingbindingsdatabase.

Syntax
show dhcpsnooping binding [dynamic | static] [port port-string] [vlan vlan-id]

Parameters
dynamic|static

(Optional)Limitsthedisplayofbindingsinthedatabasebytypeof
entry,eitherdynamicorstatic.

portportstring

(Optional)Limitsthedisplayofbindingsinthedatabasebyport.

vlanvlanid

(Optional)LimitsthedisplayofbindingsinthedatabasebyVLANid.

Defaults
Ifnoparametersareentered,allbindingsinthedatabasearedisplayed.

Mode
Switchcommand,readwrite.

Usage
ThiscommanddisplaysinformationabouttheDHCPbindingsintheDHCPsnoopingdatabase.

Example
Thisexampleshowstheoutputoftheshowdhcpsnoopingbindingcommandwhenno
parametersareentered.
B5(su)->show dhcpsnooping binding
Total number of bindings:

17-12

DHCP Snooping and Dynamic ARP Inspection

show dhcpsnooping statistics

MAC Address

IP Address

VLAN

Interface

Type

Lease (min)
-----------

-----------------

---------------

----

-----------

-------

00:02:B3:06:60:80

192.168.10.10

ge.1.1

STATIC

00:0F:FE:00:13:04

192.168.20.1

ge.1.30

DYNAMIC

1440

show dhcpsnooping statistics

UsethiscommandtodisplayDHCPsnoopingstatisticsforuntrustedports.

Syntax
show dhcpsnooping statistics

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
TheDHCPsnoopingapplicationprocessesincomingDHCPmessagesonenableduntrusted
interfaces.ForDHCPRELEASEandDHCPDECLINEmessages,theapplicationcomparesthe
receiveinterfaceandVLANwiththeclientsinterfaceandVLANinthebindingsdatabase.Ifthe
interfacesdonotmatch,theapplicationlogstheevent(ifloggingofinvalidmessagesisenabled)
anddropsthemessage.IfsourceMACverificationisenabled,forvalidclientmessages,DHCP
snoopingcomparesthesourceMACaddresstotheDHCPclienthardwareaddress.Wherethereis
amismatch,DHCPsnoopinglogsanddropsthepacket.
Thiscommanddisplays,foreachenableduntrustedinterface,thenumberofsourceMAC
verificationfailuresandclientinterfacemismatchesthatoccurredsincethelasttimethese
statisticswerecleared.
SinceDHCPserversshouldnotbeconnectedthroughanuntrustedport,theDHCPsnooping
applicationwilldropincomingDHCPservermessagesonuntrustedinterfacesandincrementa
counterthatisdisplayedwiththiscommand.

Example
Thisexampleshowstheoutputoftheshowdhcpsnoopingstatisticscommand.
B5(su)->show dhcpsnooping statistics
Interface

-----------

MAC Verify

Client Ifc

DHCP Server

Failures

Mismatch

Msgs Rec'd

----------

-----------

ge.1.48

lag.0.1

Enterasys B5 CLI Reference

17-13

clear dhcpsnooping binding

UsethiscommandtoremovebindingsfromtheDHCPsnoopingbindingsdatabase.

Syntax
clear dhcpsnooping binding [port port-string | mac mac-addr]

Parameters
portportstring

(Optional)Specifiestheentryorentriestoremovebyportidentifier.

macmacaddr

(Optional)SpecifiestheentrytoremovebyMACaddress.

Defaults
Ifnoparametersareentered,allbindings(staticanddynamic)areremoved.

Mode
Switchcommand,readwrite.

Example
Thisexampleclearsthestaticbindingentrythatincludesportge.1.2.
B5(su)->clear dhcpsnooping binding port ge.1.2

clear dhcpsnooping statistics

UsethiscommandtocleartheDHCPsnoopingstatisticscounters.

Syntax
clear dhcpsnooping statistics

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleclearstheDHCPsnoopingstatisticscountersforallenableduntrustedports.
B5(su)->clear dhcpsnooping statistics

clear dhcpsnooping database

Usethiscommandtoreturnthewritedelayvaluetoitsdefaultvalueof300seconds.

17-14

DHCP Snooping and Dynamic ARP Inspection

clear dhcpsnooping limit

Syntax
clear dhcpsnooping database [write-delay]

Parameters
writedelay

(Optional)Specifiesthatthewritedelayvalueshouldbereturnedtothe
defaultvalueof300seconds.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
Thiscommandwillsetthedatabasewritedelayvaluetothedefaultof300seconds.

Example
Thisexamplesetsthedatabasestoragelocationtothedefaultoflocal.
B5(su)->clear dhcpsnooping database

clear dhcpsnooping limit

Usethiscommandtoresettheratelimitvaluestothedefaultsof15packetspersecondwitha
burstintervalof1second.

Syntax
clear dhcpsnooping limit port-string

Parameters
portstring

Specifiestheportorportstowhichthiscommandapplies.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleresetstheratelimitvaluestotheirdefaultsonportge.1.1.
B5(su)->clear dhcpsnooping limit ge.1.1

Enterasys B5 CLI Reference

17-15

Dynamic ARP Inspection Overview

DynamicARPinspection(DAI)isasecurityfeaturethatrejectsinvalidandmaliciousARP
packets.Thefeaturepreventsaclassofmaninthemiddleattackswhereanunfriendlystation
interceptstrafficforotherstationsbypoisoningtheARPcachesofitsunsuspectingneighbors.
ARPpoisoningisatacticwhereanattackerinjectsfalseARPpacketsintothesubnet,normallyby
broadcastingARPresponsesinwhichtheattackerclaimstobesomeoneelse.Bypoisoningthe
ARPcache,amalicioususercaninterceptthetrafficintendedforotherhostsonthenetwork.
TheDynamicARPInspectionapplicationperformsARPpacketvalidation.WhenDAIisenabled,
itverifiesthatthesenderMACaddressandthesourceIPaddressareavalidpairintheDHCP
snoopingbindingdatabaseanddropsARPpacketswhosesenderMACaddressandsenderIP
addressdonotmatchanentryinthedatabase.AdditionalARPpacketvalidationcanbe
configured.
IfDHCPsnoopingisdisabledontheingressVLANorthereceiveinterfaceistrustedforDHCP
snooping,ARPpacketsaredropped.

Functional Description
DAIisenabledonVLANs,effectivelyenablingDAIontheinterfaces(physicalportsorLAGs)that
aremembersofthatVLAN.Individualinterfacesareconfiguredastrustedoruntrusted.Thetrust
configurationforDAIisindependentofthetrustconfigurationforDHCPsnooping.Atrusted
portisaportthenetworkadministratordoesnotconsidertobeasecuritythreat.Anuntrusted
portisonewhichcouldpotentiallybeusedtolaunchanetworkattack.
DAIconsidersallphysicalportsandLAGsuntrustedbydefault.

Static Mappings
StaticmappingsareusefulwhenhostsconfigurestaticIPaddresses,DHCPsnoopingcannotbe
run,orotherswitchesinthenetworkdonotrundynamicARPinspection.Astaticmapping
associatesanIPaddresstoaMACaddressonaVLAN.DAIconsultsitsstaticmappingsbeforeit
consultsDHCPsnoopingthus,staticmappingshaveprecedenceoverDHCPsnooping
bindings.
ARPACLsareusedtodefinestaticmappingsforDAI.Inthisimplementation,onlythesubsetof
ARPACLsyntaxrequiredforDAIissupported.ARPACLsarecompletelyindependentofACLs
usedforQoS.Amaximumof100ARPACLscanbeconfigured.WithinanACL,amaximumof20
rulescanbeconfigured.

Optional ARP Packet Validation

IfoptionalARPpacketvalidationhasbeenconfigured,DAIverifiesthatthesenderMACaddress
equalsthesourceMACaddressintheEthernetheader.Additionally,theoptiontoverifythatthe
targetMACaddressequalsthedestinationMACaddressintheEthernetheadercanbe
configured.ThischeckonlyappliestoARPresponses,sincethetargetMACaddressis
unspecifiedinARPrequests.
YoucanalsoenableIPaddresschecking.Whenthisoptionisenabled,DAIdropsARPpackets
withaninvalidIPaddress.ThefollowingIPaddressesareconsideredinvalid:

17-16

0.0.0.0

255.255.255.255

AllIPmulticastaddresses

AllclassEaddresses(240.0.0.0/4)

DHCP Snooping and Dynamic ARP Inspection

Dynamic ARP Inspection Overview

Loopbackaddresses(intherange127.0.0.0/8)

Logging Invalid Packets

Bydefault,DAIwritesalogmessagetothenormalbufferedlogforeachinvalidARPpacketit
drops.YoucanconfigureDAItonotloginvalidpacketsforspecificVLANs.

Packet Forwarding
DAIforwardsvalidARPpacketswhosedestinationMACaddressisnotlocal.TheingressVLAN
couldbeaswitchingorroutingVLAN.ARPrequestsarefloodedintheVLAN.ARPresponsesare
unicasttowardtheirdestination.DAIqueriestheMACaddresstabletodeterminetheoutgoing
port.IfthedestinationMACaddressislocal,DAIgivesvalidARPpacketstotheARPapplication.

Rate Limiting
ToprotecttheswitchfromDHCPattackswhenDAIisenabled,theDAIapplicationenforcesarate
limitforARPpacketsreceivedonuntrustedinterfaces.DAImonitorsthereceiverateoneach
interfaceseparately.Ifthereceiverateexceedsaconfigurablelimit,DAIerrordisablesthe
interface,whicheffectivelybringsdowntheinterface.Youcanusethesetportenablecommand
toreenabletheport.
Youcanconfigureboththerateandtheburstinterval.Thedefaultrateis15ppsoneachuntrusted
interfacewitharangeof0to50pps.Thedefaultburstintervalis1secondwitharangeto1to15
seconds..TheratelimitcannotbesetontrustedinterfacessinceARPpacketsreceivedontrusted
interfacesdonotcometotheCPU.

Eligible Interfaces
DynamicARPinspectionisenabledperVLAN,effectivelyenablingDAIonthemembersofthe
VLAN,eitherphysicalportsorLAGs.TrustisspecifiedontheVLANmembers.
DAImaybeconnectedto:

Asinglehostthroughatrustedlink(forexample,aserver)

Ifmultiplehostsneedtoconnected,theremustbeaswitchbetweentherouterandthehosts,
withDAIenabledonthatswitch

Interaction with Other Functions

DAIreliesontheDHCPsnoopingapplicationtoverifythata{IPaddress,MACaddress,
VLAN,interface}tupleisvalid.

DAIregisterswithdot1qtoreceivenotificationofVLANmembershipchangesfortheVLANs
whereDAIisenabled.

DAItellsthedriverabouteachuntrustedinterface(physicalportorLAG)whereDAIis
enabledsothatthehardwarewillinterceptARPpacketsandsendthemtotheCPU.

Enterasys B5 CLI Reference

17-17

Dynamic ARP Inspection Overview

Basic Configuration
Thefollowingbasicconfigurationdoesnotchangethedefaultratelimitingparameters.
Procedure 17-2

Basic Dynamic ARP Inspection Configuration

Step

Task

Command(s)

Configure DHCP snooping.

Refer to Procedure 17-1 on page 17-3.

Enable ARP inspection on the VLANs where

clients are connected, and optionally, enable
logging of invalid ARP packets.

set arpinspection vlan vlan-range

[logging]

Determine which ports are not security threats

and configure them as DAI trusted ports.

set arpinspection trust port

port-string enable

If desired, configure optional validation

parameters.

set arpinspection validate

{[src-mac] [dst-mac] [ip]}

If desired, configure static mappings for DAI by

creating ARP ACLs:

set arpinspection filter name permit

ip host sender-ipaddr mac host
sender-macaddr

Create the ARP ACL

Apply the ACL to a VLAN

17-18

DHCP Snooping and Dynamic ARP Inspection

set arpinspection filter name vlan

vlan-range [static]

Dynamic ARP Inspection Overview

Example Configuration
T

Note: This example applies only to platforms that support routing.

ThefollowingexampleconfiguresDHCPsnoopinganddynamicARPinspectioninarouting
environmentusingRIP.Theexampleconfigurestwointerfacesontheswitch,configuringRIPon
bothinterfaces,assigningeachtoadifferentVLAN,andthenenablingDHCPsnoopingand
dynamicARPinspectiononthem:

Interfacege.1.1,whichisconnectedtoaremoteDHCPserver,onVLAN192

Interfacege.1.2,whichisconnectedtoDHCPclients,onVLAN10

Inaddition,thedefaultVLAN,VLAN1,isalsoenabledforDHCPsnoopinganddynamicARP
inspection.
SincetheDHCPserverisremote,theswitchhasbeenconfiguredasaDHCPrelayagent(withthe
iphelperaddresscommand),toforwardclientrequeststotheDHCPserver.Therefore,MAC
addressverificationisdisabled(withthesetdhcpsnoopingverifymacaddressdisable
command)inordertoallowDHCPRELEASEpacketstobeprocessedbytheDHCPsnooping
functionalityandclientbindingsremovedfromthebindingsdatabase

Router Configuration
router
enable
configure
interface vlan 10
no shutdown
ip address 10.2.0.1 255.255.0.0
ip helper-address 192.168.0.200
ip rip send version 2
ip rip receive version 2
ip rip enable
exit

interface vlan 192

no shutdown
ip address 192.168.0.1 255.255.255.0
ip rip send version 2
ip rip receive version 2
ip rip enable
exit
router rip
exit

VLAN Configuration
set vlan create 10
set vlan create 192
clear vlan egress 1 ge.1.1-2

Enterasys B5 CLI Reference

17-19

Dynamic ARP Inspection Commands

set vlan egress 10 ge.1.2 untagged

set vlan egress 192 ge.1.1 untagged

DHCP Snooping Configuration

set dhcpsnooping enable
set dhcpsnooping vlan 1 enable
set dhcpsnooping vlan 10 enable
set dhcpsnooping vlan 192 enable
set dhcpsnooping verify mac-address disable
set dhcpsnooping trust port ge.1.1

enable

Dynamic ARP Inspection Configuration

set arpinspection vlan 1
set arpinspection vlan 10
set arpinspection vlan 192
set arpinspection trust port ge.1.1 enable

Dynamic ARP Inspection Commands

For information about...

Refer to page...

set arpinspection vlan

17-20

set arpinspection trust

17-21

set arpinspection validate

17-22

set arpinspection limit

17-23

set arpinspection filter

17-24

show arpinspection access-list

17-24

show arpinspection ports

17-25

show arpinspection vlan

17-26

show arpinspection statistics

17-26

clear arpinspection validate

17-27

clear arpinspection vlan

17-28

clear arpinspection filter

17-29

clear arpinspection limit

17-30

clear arpinspection statistics

17-31

set arpinspection vlan

UsethiscommandtoenabledynamicARPinspectionononeormoreVLANs,andoptionally,
enableloggingofinvalidARPpackets.

Syntax
set arpinspection vlan vlan-range [logging]

17-20

DHCP Snooping and Dynamic ARP Inspection

set arpinspection trust

Parameters
vlanrange

SpecifiestheVLANorrangeofVLANsonwhichtoenabledynamic
ARPinspection.

logging

(Optional)EnablesloggingofinvalidARPpacketsforthatVLAN.

Defaults
Loggingisdisabledbydefault.

Mode
Switchcommand,readwrite.

Usage
ThiscommandenablesdynamicARPinspection(DAI)ononeormoreVLANs.WhenDAIis
enabledonaVLAN,DAIiseffectivelyenabledontheinterfaces(physicalportsorLAGs)thatare
membersofthatVLAN.
DAIusestheDHCPsnoopingbindingsdatabasetoverifythatthesenderMACaddressandthe
sourceIPaddressareavalidpairinthedatabase.ARPpacketswhosesenderMACaddressand
senderIPaddressdonotmatchanentryinthedatabasearedropped.
Ifloggingisenabled,invalidARPpacketsarealsologged.

Example
ThisexampleenablesDAIonVLANs2through5andalsoenablesloggingofinvalidARPpackets
onthoseVLANs.
B5(su)->set arpinspection vlan 2-5 logging

set arpinspection trust

UsethiscommandtoenableordisableaportasadynamicARPinspectiontrustedport.

Syntax
set arpinspection trust port port-string {enable | disable}

Parameters
portstring

SpecifiestheportorportstobeenabledordisabledasDAItrusted
ports.TheportscanbephysicalportsorLAGsthataremembersofa
VLAN.

enable|disable

EnablesordisablesthespecifiedportsastrustedforDAI.

Defaults
Bydefault,allphysicalportsandLAGsareuntrusted.

Mode
Switchcommand,readwrite.

Enterasys B5 CLI Reference

17-21

set arpinspection validate

Usage
Individualinterfacesareconfiguredastrustedoruntrusted.ThetrustconfigurationforDAIis
independentofthetrustconfigurationforDHCPsnooping.Atrustedportisaportthenetwork
administratordoesnotconsidertobeasecuritythreat.Anuntrustedportisonewhichcould
potentiallybeusedtolaunchanetworkattack.
DAIconsidersallphysicalportsandLAGsuntrustedbydefault.Packetsarrivingontrusted
interfacesbypassallDAIvalidationchecks.

Example
Thisexampleenablesportge.1.1astrustedforDAI.
B5(su)->set arpinspection trust port ge.1.1 enable

set arpinspection validate

UsethiscommandtoconfigureadditionaloptionalARPvalidationparameters.

Syntax
set arpinspection validate {[src-mac] [dst-mac] [ip]}

Parameters
srcmac

SpecifiesthatDAIshouldverifythatthesenderMACaddressequals
thesourceMACaddressintheEthernetheader.

dstmac

SpecifiesthatDAIshouldverifythatthetargetMACaddressequalsthe
destinationMACaddressintheEthernetheader.
ThischeckonlyappliestoARPresponses,sincethetargetMACaddress
isunspecifiedinARPrequests.

SpecifiesthatDAIshouldchecktheIPaddressanddropARPpackets
withaninvalidaddress.Aninvalidaddressisoneofthefollowing:
0.0.0.0
255.255.255.255
All IP multicast addresses
All class E addresses (240.0.0.0/4)
Loopback addresses (in the range 127.0.0.0/8)

Defaults
Allparametersareoptional,butatleastoneparametermustbespecified.

Mode
Switchcommand,readwrite.

Usage
ThiscommandaddsadditionalvalidationofARPpacketsbyDAI,beyondthebasicvalidation
thattheARPpacketssenderMACaddressandsenderIPaddressmatchanentryintheDHCP
snoopingbindingsdatabase.

17-22

DHCP Snooping and Dynamic ARP Inspection

set arpinspection limit

Example
ThisexampleaddstheoptionalverificationthatsenderMACaddressesarethesameasthesource
MACaddressesintheEthernetheadersofARPpackets.
B5(su)->set arpinspection validate src-mac

set arpinspection limit

UsethiscommandtoconfigureratelimitingparametersforincomingARPpacketsonaportor
ports

Syntax
set arpinspection limit port port-string {none | rate pps {burst interval secs]}

Parameters
portstring

Specifiestheportorportstowhichtoapplytheseratelimiting
parameters.

none

ConfiguresnolimitonincomingARPpackets.

ratepps

Specifiesaratelimitinpacketspersecond.Thevalueofppscanrange
from0to50packetspersecond.

burstintervalsecs

Specifiesaburstintervalinseconds.Thevalueofsecscanrangefrom1
to15seconds.

Defaults
Rate=15packetspersecond
BurstInterval=1second

Mode
Switchcommand,readwrite.

Usage
ToprotecttheswitchagainstDHCPattackswhenDAIisenabled,theDAIapplicationenforcesa
ratelimitforARPpacketsreceivedonuntrustedinterfaces.DAImonitorsthereceiverateoneach
interfaceseparately.Ifthereceiverateexceedsthelimitconfiguredwiththiscommand,DAI
disablestheinterface,whicheffectivelybringsdowntheinterface.Youcanusethesetportenable
commandtoreenabletheport.
Youcanconfigureboththerateandtheburstinterval.Thedefaultrateis15ppsoneachuntrusted
interfacewitharangeof0to50pps.Thedefaultburstintervalis1secondwitharangeto1to15
seconds..TheratelimitcannotbesetontrustedinterfacessinceARPpacketsreceivedontrusted
interfacesdonotcometotheCPU.

Example
Thisexamplesetstherateto20packetspersecondandtheburstintervalto2secondsonports
ge.1.1andge.1.2.
B5(su)->set arpinspection limit port ge.1.1-2 rate 20 burst interval 2

Enterasys B5 CLI Reference

17-23

set arpinspection filter

UsethiscommandtocreateanARPACLandthentoassignanACLtoaVLAN,optionallyasa
staticmapping.

Syntax
set arpinspection filter name {permit ip host sender-ipaddr mac host
sender-macaddr | vlan vlan-range [static]}

Parameters
name

SpecifiesthenameoftheARPACL.

permit

Specifiesthatapermitruleisbeingcreated.

iphostsenderipaddr

SpecifiestheIPaddressintherulebeingcreated.

machost
sendermacaddr

SpecifiestheMACaddressintherulebeingcreated.

vlanvlanrange

SpecifiestheVLANorVLANstowhichthisARPACLisassigned.

static

(Optional)SpecifiesthatthisARPACLconfiguresstaticmappingsfor
theVLANorVLANs.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
ARPACLsareusedtodefinestaticmappingsforDAI.ARPACLsarecompletelyindependentof
ACLsusedforQoS.Amaximumof100ARPACLscanbeconfigured.WithinanACL,a
maximumof20rulescanbeconfigured.
AstaticmappingassociatesanIPaddresstoaMACaddressonaVLAN.DAIconsultsitsstatic
mappingsbeforeitconsultstheDHCPsnoopingbindingsdatabasethus,staticmappingshave
precedenceoverDHCPsnoopingbindings.

Example
ThisexamplecreatesanACLnamedstaticARPandcreatesapermitruleforIPaddress
192.168.1.10.Then,theACLisassignedtoaVLANasastaticmapping.
B5(su)->set arpinspection filter staticARP permit ip host 192.168.1.10 mac host
00:01:22:33:44:55
B5(su)->set arpinspection filter staticARP vlan 10 static

show arpinspection access-list

UsethiscommandtodisplayARPaccesslistconfigurationinformation.

Syntax
show arpinspection access-list [acl-name]

17-24

DHCP Snooping and Dynamic ARP Inspection

show arpinspection ports

Parameters
aclname

(Optional)SpecifiestheARPACLtodisplay.

Defaults
IfaspecificACLisnotspecified,informationaboutallconfiguredARPACLsisdisplayed.

Mode
Switchcommand,readwrite.

Example
ThisexampledisplaysinformationabouttheARPACLnamedstaticARP.
B5(su)->show arpinspection access-list staticARP
ARP access list

staticARP

permit ip host 192.168.1.10 mac host 00:01:22:33:44:55

permit ip host 192.168.1.20 mac host 00:0A:11:22:33:66

show arpinspection ports

UsethiscommandtodisplaytheARPconfigurationofoneormoreports.

Syntax
show arpinspection ports [port-string]

Parameters
portstring

(Optional)SpecifiestheportorportsforwhichtodisplayARP
configurationinformation.

Defaults
Ifaportstringisnotspecified,informationaboutallDAIenableduntrustedportsisdisplayed.

Mode
Switchcommand,readwrite.

Example
ThisexampledisplaystheARPconfigurationoflag.0.1.
B5(su)->show arpinspection ports lag.0.1
Interface

Trust State

---------lag.0.1

------------No

Rate Limit
(pps)
------------15

Burst Interval
(seconds)
--------------1

Enterasys B5 CLI Reference

17-25

show arpinspection vlan

UsethiscommandtodisplaytheARPconfigurationofoneormoreVLANs.

Syntax
show arpinspection vlan vlan-range

Parameters
vlanrange

SpecifiestheVLANsforwhichtodisplayconfigurationinformation.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampledisplaysARPconfigurationinformationforVLAN5.
B5(su)->show arpinspection vlan 5
Source MAC Validation
Destination MAC Validation
IP Address Validation
Vlan
---5

Disabled
Disabled
Disabled

Configuration Log Invalid

ACL Name
------------- ----------- -------------------------------Disabled
Enabled
staticARP

Static flag
----------Enabled

show arpinspection statistics

UsethiscommandtodisplayARPstatisticsforallDAIenabledVLANsorforspecificVLANs.

Syntax
show arpinspection statistics [vlan vlan-range]

Parameters
vlanvlanrange

(Optional)SpecifiestheVLANsforwhichtodisplaystatistics.

Defaults
IfnoVLANsarespecified,limitedstatisticsforallDAIenabledVLANsisdisplayed.

Mode
Switchcommand,readwrite.

Usage
WhennospecificVLANsareentered,thiscommanddisplaysthenumberofForwardedand
DroppedARPpacketsperDAIenabledVLAN.WhenoneormoreVLANsarespecified,this
commanddisplaysmoredetailedstatistics.

17-26

DHCP Snooping and Dynamic ARP Inspection

clear arpinspection validate

Examples
ThisexampleshowswhatisdisplayedwhennoVLANsarespecified.
B5(su)->show arpinspection statistics
VLAN
---5

Forwarded
-----------0

Dropped
--------0

ThisexampleshowswhatinformationisdisplayedwhenoneormoreVLANsarespecified.
B5(su)->show arpinspection statistics vlan 5
VLAN

DHCP
ACL
DHCP
ACL
Bad Src
Bad Dest
Invalid
Drops
Drops
Permits
Permits
MAC
MAC
IP
---- ---------- ---------- ---------- ---------- ---------- ---------- --------5
0
0
0
0
0
0
0

clear arpinspection validate

UsethiscommandtoremoveadditionaloptionalARPvalidationparametersthatwerepreviously
configured.

Syntax
clear arpinspection validate {[src-mac] [dst-mac] [ip]}

Parameters
srcmac

Clear,orremove,theverificationthatthesenderMACaddressequals
thesourceMACaddressintheEthernetheader.

dstmac

Clear,orremove,theverificationthatthetargetMACaddressequals
thedestinationMACaddressintheEthernetheader.

Clear,orremove,checkingtheIPaddressanddroppingARPpackets
withaninvalidaddress.

Defaults
Allparametersareoptional,butatleastoneparametermustbespecified.

Mode
Switchcommand,readwrite.

Usage
ThiscommandremovespreviouslyconfiguredadditionalvalidationofARPpacketsbyDAI,
beyondthebasicvalidationthattheARPpacketssenderMACaddressandsenderIPaddress
matchanentryintheDHCPsnoopingbindingsdatabase.
Usetheshowarpinspectionvlancommandtodisplaythecurrentstatusoftheadditional
validationrules.

Example
Thisexampleremovesall3additionalvalidationconditions.
B5(su)->clear arpinspection validate src-mac dst-mac ip

Enterasys B5 CLI Reference

17-27

clear arpinspection vlan

UsethiscommandtodisabledynamicARPinspectionononeormoreVLANsortodisable
loggingofinvalidARPpacketsononeormoreVLANs.

Syntax
clear arpinspection vlan vlan-range [logging]

Parameters
vlanrange

SpecifiestheVLANorrangeofVLANsonwhichtodisabledynamic
ARPinspection.

logging

(Optional)DisableloggingofinvalidARPpacketsforthespecified
VLANs.

Defaults
IfloggingisenabledforthespecifiedVLANbutloggingisnotenteredwiththiscommand,
loggingwillremainenabled.

Mode
Switchcommand,readwrite.

Usage
YoucanusethiscommandtodisabledynamicARPinspectionononeormoreVLANs,oryoucan
disableloggingofinvalidARPpacketsonspecifiedVLANs.TodisablebothloggingandDAI,you
mustenterthiscommandtwice.

Example
ThisexamplefirstdisplaystheDAIconfigurationforVLAN5,thendisablesDAIonVLAN5,then
disablesloggingofinvalidARPpacketsonVLAN5.
B5(su)->show arpinspection vlan 5
Source MAC Validation
Destination MAC Validation
IP Address Validation
Vlan
---5

Disabled
Disabled
Disabled

Configuration Log Invalid

ACL Name
------------- ----------- -------------------------------Enabled
Enabled
staticARP

Static flag
----------Enabled

B5(su)->clear arpinspection vlan 5

B5(su)->show arpinspection vlan 5

Source MAC Validation
Destination MAC Validation
IP Address Validation
Vlan
---5

17-28

Disabled
Disabled
Disabled

Configuration Log Invalid

ACL Name
------------- ----------- -------------------------------Disabled
Enabled
staticARP

DHCP Snooping and Dynamic ARP Inspection

Static flag
----------Enabled

clear arpinspection filter

B5(su)->clear arpinspection vlan 5 logging

B5(su)->show arpinspection vlan 5
Source MAC Validation
Destination MAC Validation
IP Address Validation
Vlan
---5

Disabled
Disabled
Disabled

Configuration Log Invalid

ACL Name
------------- ----------- -------------------------------Disabled
Disabled
staticARP

Static flag
----------Enabled

clear arpinspection filter

UsethiscommandtoremoveanARPACLfromaVLANorfromtheswitch,ortoremovea
permitrulefromanexistingACL,ortochangethestatusofstaticmappingtodisabled.

Syntax
clear arpinspection filter name [permit ip host sender-ipaddr mac host
sender-macaddr] | [vlan vlan-range [static]

Parameters
name

SpecifiesthenameoftheARPACL.

permit

(Optional)Specifiesthatapermitruleisbeingdeleted.

iphostsenderipaddr

SpecifiestheIPaddressintherulebeingdeleted.

machost
sendermacaddr

SpecifiestheMACaddressintherulebeingdeleted.

vlanvlanrange

(Optional)SpecifiestheVLANorVLANstowhichthiscommand
shouldapply.RemovetheACLfromtheVLAN,ifstaticisnotspecified
also.

static

(Optional)SpecifiesthatstaticmappingshouldbedisabledforthisARP
ACLforthespecifiedVLANorVLANs.

Defaults
Ifonlythenameisspecified,theACLisdeletedfromtheswitch.

Mode
Switchcommand,readwrite.

Usage
Youcanusethiscommandto:

RemoveaconfiguredARPACLfromtheswitch,or

RemoveapermitrulefromaconfiguredARPACL,or

RemovetheassociationofanARPACLwithaVLANorVLANs,or

DisablestaticmappingofanARPACLassociatedwithaVLANorVLANs.

UsethesetarpinspectionfiltercommandtocreateandassignanARPACL.
UsetheshowarpinspectionaccesslistcommandtodisplaycurrentlyconfiguredARPACLs.

Enterasys B5 CLI Reference

17-29

clear arpinspection limit

Examples
ThisexampleremovesapermitrulefromtheARPACLnamedstaticARP.
B5(su)->clear arpinspection filter staticARP permit ip host 192.168.1.10 mac host
00:01:22:33:44:55

ThisexampledisablesstaticmappingoftheARPACLnamedstaticARPthatisassociatedwith
VLAN5.
B5(su)->clear arpinspection filter staticARP vlan 5 static

ThisexampleremovestheARPACLnamedstaticARPfromVLAN5.
B5(su)->clear arpinspection filter staticARP vlan 5

ThisexampleremovestheARPACLnamedstaticARPfromtheswitchcompletely.
B5(su)->clear arpinspection filter staticARP

clear arpinspection limit

UsethiscommandtoreturntheDAIratelimitingvaluestotheirdefaultvaluesforaportorrange
ofports.

Syntax
clear arpinspection limit port port-string

Parameters
portstring

Specifiestheportsonwhichtoreturntheratelimitingvaluesto
defaults.

Defaults
Rate=15packetspersecond
BurstInterval=1second

Mode
Switchmode,readwrite.

Usage
Usethesetarpinspectionlimitcommandtochangethevaluesoftheratelimitandburstinterval.
Usetheshowarpinspectionportscommandtodisplaythecurrentlyconfiguredratelimits.

Example
ThisexamplereturnstheDAIratelimitingvaluestotheirdefaultsforportge.1.1.
B5(su)->clear arpinspection limit port ge.1.1

17-30

DHCP Snooping and Dynamic ARP Inspection

clear arpinspection statistics

UsethiscommandtoclearalldynamicARPinspectionstatistics.

Syntax
clear arpinspection statistics

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleclearsallDAIstatisticsfromtheswitch.
B5(su)->clear arpinspection statistics

Enterasys B5 CLI Reference

17-31

clear arpinspection statistics

17-32

DHCP Snooping and Dynamic ARP Inspection

18
Preparing for Router Mode
Thischapterdescribeshowtopreparetheswitchforrouting.
For information about...

Refer to page...

Pre-Routing Configuration Tasks

18-1

Enabling Router Configuration Modes

18-2

Pre-Routing Configuration Tasks

StartupandgeneralconfigurationoftheEnterasysB5switchmustoccurfromtheswitchCLI.For
detailsonhowtostarttheswitchandconfiguregeneralplatformsettings,refertoChapter 1,
Introduction,Chapter 2,ConfiguringSwitchesinaStack,andChapter 3,BasicConfiguration.
Oncestartupandgeneralswitchsettingsarecomplete,IPconfigurationandotherrouterspecific
commandscanbeexecutedwhentheswitchisinroutermode.Fordetailsonhowtoenablerouter
modefromtheswitchCLI,refertoTable 182inEnablingRouterConfigurationModes.
ThefollowingpreroutingtasksmustbeperformedfromtheswitchCLI:

StartinguptheCLI.(UsingtheCommandLineInterfaceonpage16)

Settingthesystempassword.(setpasswordonpage35)

Configuringbasicplatformsettings,suchashostname,systemclock,andterminaldisplay
settings.(SettingBasicSwitchPropertiesonpage39)

SettingthesystemIPaddress.(setipaddressonpage310)

CreatingandenablingVLANs.(Chapter 10)

Filemanagementtasks,includinguploadingordownloadingflashortextconfigurationfiles,
anddisplayingdirectoryandfilecontents.(ManagingSwitchConfigurationandFileson
page338)

Configuringtheswitchtoruninroutermode.(EnablingRouterConfigurationModeson
page182)
Note: The command prompts used as examples in Table 18-1 and throughout this guide show
switch operation for a user in admin (su) access mode, and a system where the VLAN 1 interface
has been configured for routing. The prompt changes depending on your current configuration
mode, your specific switch, and the interface types and numbers configured for routing on your
system.

Enterasys B5 CLI Reference

18-1

Enabling Router Configuration Modes

Table 18-1

Enabling the Switch for Routing

Step

To do this task...

Type this command...

At this prompt...

For details, see...

From admin (su) mode,

enable router mode.

router

Switch:
B5(su)->

Enable router Privileged

EXEC mode.

enable

Router:
B5(su)->router>

Enable global router

configuration mode.

configure

Router:
B5(su)->router#

Enable interface
configuration mode using the
routing VLAN or loopback id.

interface {vlan vlan-id | loopback

loop-id}

Router:
B5(su)>router(Config)#

interface on page
19-2

Assign an IP address to the

routing interface.

ip address {ip-address ip-mask}

Router:
B5(su)->router (Config-if
(Vlan 1))#

interface on page
19-2

Enable the interface for IP

routing.

no shutdown

Router:
B5(su)->router(Config-if
(Vlan 1))#

no shutdown on
page 19-6

Example
ThefollowingexampleshowshowtoconfigureVLAN1onIPaddress182.127.63.1255.255.255.0
asaroutinginterface.
B5(su)->router
B5(su)->router>enable
B5(su)->router#configure
Enter configuration commands:
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#ip address 182.127.63.1 255.255.255.0
B5(su)->router(Config-if(Vlan 1))#no shutdown

Enabling Router Configuration Modes

TheEnterasysB5CLIprovidesdifferentmodesofrouteroperationforissuingasubsetof
commandsfromeachmode.Table 182describesthesemodesofoperation.
Table 18-2

Router CLI Configuration Modes

Use this mode...

To...

Access method...

Resulting Prompt...

Privileged EXEC
Mode

Set system operating

parameters

From the switch CLI:

Type router, then

B5(su)->router>

Show configuration
parameters

Type enable.

B5(su)->router#

Save/copy
configurations

18-2

Global Configuration
Mode

Set system-wide
parameters.

Type configure from

Privileged EXEC mode.

B5(su)->router (Config)#

Interface
Configuration Mode

Configure router
interfaces.

Type interface vlan or

loopback and the
interfaces id from Global
Configuration mode.

B5(su)->router(Config-if
(Vlan 1))#

Preparing for Router Mode

B5(su)->router(Config-if
(Lpbk 1))#

Enabling Router Configuration Modes

Table 18-2

Router CLI Configuration Modes (Continued)

Use this mode...

To...

Access method...

Resulting Prompt...

Router Configuration
Mode

Set IP protocol
parameters.

Type router and the

protocol name from
Global or Interface
Configuration mode.

B5(su)->router(Config-router)#

Note: To jump to a lower configuration mode, type exit at the command prompt. To revert back to
switch CLI, type exit from Privileged EXEC router mode.

Enterasys B5 CLI Reference

18-3

Enabling Router Configuration Modes

18-4

Preparing for Router Mode

19
IP Configuration
ThischapterdescribestheInternetProtocol(IP)configurationsetofcommandsandhowtouse
them.
Router: Unless otherwise noted, the commands covered in this chapter can be executed only
when the device is in router mode. For details on how to enable router configuration modes, refer
to Enabling Router Configuration Modes on page 18-2.
For information about...

Refer to page...

Configuring Routing Interface Settings

19-1

Reviewing and Configuring the ARP Table

19-8

Configuring Broadcast Settings

19-12

Reviewing IP Traffic and Configuring Routes

19-15

Configuring ICMP Redirects

19-18

Configuring Routing Interface Settings

Purpose
Toenableroutinginterfaceconfigurationmodeonthedevice,tocreateroutinginterfaces,to
reviewtheusabilitystatusofinterfacesconfiguredforIP,tosetIPaddressesforinterfaces,to
enableinterfacesforIProutingatdevicestartup,andtoreviewtherunningconfiguration.

Commands
For information about...

Refer to page...

show interface

19-2

interface

19-2

show ip interface

19-4

ip address

19-5

no shutdown

19-6

no ip routing

19-6

show running-config

19-7

Enterasys B5 CLI Reference

19-1

show interface

show interface
Usethiscommandtodisplayinformationaboutoneormoreinterfaces(VLANsorloopbacks)
configuredontherouter.

Syntax
show interface [vlan vlan-id] [loopback loop-id]

Parameters
vlanvlanid

(Optional)DisplaysinterfaceinformationforaspecificVLANinterface.
ThisinterfacemustbeconfiguredforIProutingasdescribedinPre
RoutingConfigurationTasksonpage 181.

loopbackloopid

(Optional)Displaysinterfaceinformationforaspecificloopbackinterface.

Defaults
Ifinterfacetypeisnotspecified,informationforallroutinginterfaceswillbedisplayed.

Mode
Anyroutermode.

Examples
Thisexampleshowshowtodisplayinformationforallinterfacesconfiguredontherouter.Fora
detaileddescriptionofthisoutput,refertoTable 191:
B5(su)->router#show interface
Vlan 1 is Administratively DOWN
Vlan 1 is Operationally DOWN
Internet Address is 10.10.1.1 , Subnet Mask is
Mac Address is: 001F.4554.EAA5
The name of this device is Vlan 1
The MTU is 1500 bytes
The bandwidth is 0 Mb/s
Encapsulation type Ethernet
ARP Timeout: 14400 seconds

255.255.255.0

Thisexampleshowshowtodisplayinformationforloopbackinterface1.
B5(su)->router#show interface loopback 1
Loopback 1 is Administratively UP
Loopback 1 is Operationally UP
Internet Address is 10.1.192.100, Subnet Mask is 255.255.255.0
The name of this device is Loopback 1
The MTU is 1500 bytes

interface
UsethiscommandtoconfigureinterfacesforIProuting.

Syntax
interface vlan vlan-id | loopback loop-id

19-2

IP Configuration

interface

Parameters
vlanvlanid

SpecifiesthenumberoftheVLANinterfacetobeconfiguredforrouting.
ThisinterfacemustbeconfiguredforIProutingasdescribedinPre
RoutingConfigurationTasksonpage 181.

loopbackloopid

Specifiesthenumberoftheloopbackinterfacetobeconfiguredforrouting.
Thevalueofloopidcanrangefrom0to7.

Defaults
None.

Mode
Routerglobalconfigurationmode:B5(su)>router(Config)#

Usage
Thiscommandenablesinterfaceconfigurationmodefromglobalconfigurationmode,and,ifthe
interfacehasnotpreviouslybeencreated,thiscommandcreatesanewroutinginterface.For
detailsonconfigurationmodessupportedbytheEnterasysB5deviceandtheiruses,referto
Table 182inEnablingRouterConfigurationModesonpage 182.
VLANsmustbecreatedfromtheswitchCLIbeforetheycanbeconfiguredforIProuting.For
detailsoncreatingVLANsandconfiguringthemforIP,refertoEnablingRouterConfiguration
Modesonpage 182.
EachVLANinterfacemustbeconfiguredforroutingseparatelyusingtheinterfacecommand.To
endconfigurationononeinterfacebeforeconfiguringanother,typeexitatthecommandprompt.
Enablinginterfaceconfigurationmodeisrequiredforcompletinginterfacespecificconfiguration
tasks.Foranexampleofhowthesecommandsareused,refertoPreRoutingConfiguration
Tasksonpage 181.
Aloopbackinterfaceisalwaysexpectedtobeup.Thisinterfacecanprovidethesourceaddressfor
sentpacketsandcanreceivebothlocalandremotepackets.Theloopbackinterfaceistypically
usedbyroutingprotocols,butitcanalsobeusedformanagementornetworkservicessuchas
RADIUS,SNMP,Syslog,SNTP,orsFlow.Bydefault,ifRADIUSisconfiguredwithnohostIP
addressonthedevice,itwillusetheloopbackinterface0IPaddress(ifithasbeenconfigured)as
itssourcefortheNASIPattribute.(Administratorscanassignwheretosourcemanagementor
networkserviceIPpacketsviathesetinterfacecommands.)
EachEnterasysB5system(stack)cansupportupto24routinginterfaces.Eachinterfacecanbe
configuredfortheRIProutingprotocol.

Examples
ThisexampleshowshowtoenterconfigurationmodeforVLAN1:
B5(su)->router#configure
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#

Thisexampleshowshowtoenterconfigurationmodeforloopback1:
B5(su)->router#configure
B5(su)->router(Config)#interface loopback 1
B5(su)->router(Config-if(Lpbk 1))#

Enterasys B5 CLI Reference

19-3

show ip interface

show ip interface
Usethiscommandtodisplayinformation,includingadministrativestatus,IPaddress,MTU
(MaximumTransmissionUnit)sizeandbandwidth,andACLconfigurations,forinterfaces
configuredforIP.

Syntax
show ip interface [vlan vlan-id] [loopback loop-id]

Parameters
vlanvlanid

(Optional)DisplaysinformationforaspecificVLANinterface.This
interfacemustbeconfiguredforIProutingasdescribedinPreRouting
ConfigurationTasksonpage 181.

loopbackloopid

(Optional)Displaysinterfaceinformationforaspecificloopbackinterface.

Defaults
Ifinterfacetypeisnotspecified,statusinformationforallroutinginterfaceswillbedisplayed.

Mode
Anyroutermode.

Example
ThisexampleshowshowtodisplayconfigurationinformationforVLAN1:
B5(su)->router#show ip interface vlan 1
Vlan 1 is Admin DOWN
Vlan 1 is Oper DOWN
Primary IP Address is 192.168.10.1
Frame Type Ethernet
MAC-Address 0001.F45C.C993
Incoming Accesslist is not set
MTU is 6145 bytes
ARP Timeout is 1 seconds
Direct Broadcast Disabled
Proxy ARP is Disabled

Mask 255.255.255.0

Table 191providesanexplanationofthecommandoutput.
Table 19-1

19-4

show ip interface Output Details

Output Field

What It Displays...

Vlan N

Whether the interface is administratively and operationally up or down.

Primary IP Address

Intefaces primary IP address and mask. Set using the ip address command as
described in ip address on page 19-5.

Frame Type

Encapsulation type used by this interface. Set using the arp command as described
in arp on page 19-9.

MAC-Address

MAC address mapped to this interface.

Incoming Access
List

Whether or not an access control list (ACL) has been configured for ingress on this
interface using the commands described in Configuring Access Lists on
page 22-82.

IP Configuration

ip address

Table 19-1

show ip interface Output Details (Continued)

Output Field

What It Displays...

MTU

Interfaces Maximum Transmission Unit size.

ARP Timeout

Duration for entries to stay in the ARP table before expiring. Set using the arp
timeout command as described in arp timeout on page 19-11.

Direct Broadcast

Whether or not IP directed broadcast is enabled. Set using the ip directed-broadcast

command described in ip directed-broadcast on page 19-12.

Proxy Arp

Whether or not proxy ARP is enabled or disabled for this interface. Set using the ip
proxy arp command as described in ip proxy-arp on page 19-10.

Thisexampleshowstheoutputforaloopbackinterface.
B5(su)->router#show ip interface loopback 2
Loopback 2 is Admin UP
Loopback 2 is Oper DOWN
Primary IP Address is 10.10.10.10

Mask

255.255.255.0

ip address
Usethiscommandtoset,remove,ordisableaprimaryorsecondaryIPaddressforaninterface.
ThenoformofthiscommandremovesthespecifiedIPaddressanddisablestheinterfaceforIP
processing.

Syntax
ip address ip-address ip-mask [secondary]
no ip address ip-address ip-mask

Parameters
ipaddress

SpecifiestheIPaddressoftheinterfacetobeaddedorremoved.

ipmask

SpecifiesthemaskfortheassociatedIPsubnet.

secondary

(Optional)SpecifiesthattheconfiguredIPaddressisasecondaryaddress.

Defaults
Ifsecondaryisnotspecified,theconfiguredaddresswillbetheprimaryaddressfortheinterface.

Mode
Routerinterfaceconfiguration:B5(su)>router(Configif(Vlan1))#

Usage
RefertotheRouterCapacitiestableintheReleaseNotesforthisproductforthenumberof
primaryandsecondaryIPinterfacessupportedbythisproduct.
Example
ThisexamplesetstheIPaddressto192.168.1.1andthenetworkmaskto255.255.255.0forVLAN1:
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#ip address 192.168.1.1 255.255.255.0

Enterasys B5 CLI Reference

19-5

no shutdown

no shutdown
UsethiscommandtoenableaninterfaceforIProutingandtoallowtheinterfacetoautomatically
beenabledatdevicestartup.

Syntax
no shutdown
shutdown

Parameters
None.

Defaults
None.

Mode
Interfaceconfiguration:B5(su)>router(Configif(Vlan1))#

Usage
TheshutdownformofthiscommanddisablesaninterfaceforIProuting.

Example
ThisexampleshowshowtoenableVLAN1forIProuting:
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#no shutdown

no ip routing
UsethiscommandtodisableIProutingonthedevice.Bydefault,IProutingisenabledwhen
interfacesareconfiguredforitasdescribedinConfiguringRoutingInterfaceSettingson
page 191.

Syntax
no ip routing

Parameters
None.

Mode
Globalconfiguration:B5(su)>router(Config)#

Defaults
None.

Example
This example shows how to disable IP routing on the device:
B5(su)->router(Config)#no ip routing

19-6

IP Configuration

show running-config

show running-config
Usethiscommandtodisplaythenondefault,usersuppliedcommandsenteredwhileconfiguring
thedevice.

Syntax
show running-config

Parameters
None.

Defaults
None.

Mode
Anyroutermode.

Example
Thisexampleshowshowtodisplaythecurrentrouteroperatingconfiguration:
B5(su)->router#show running-config
!
interface vlan 10
ip address 99.99.2.10 255.255.255.0
no shutdown
!
router
network 99.99.2.0
0.0.0.255
network 192.168.100.1 0.0.0.0

Enterasys B5 CLI Reference

19-7

Reviewing and Configuring the ARP Table

Purpose
ToreviewandconfiguretheroutingARPtable,toenableproxyARPonaninterface,andtoseta
MACaddressonaninterface.

Commands
For information about...

Refer to page...

show ip arp

19-8

arp

19-9

ip proxy-arp

19-10

arp timeout

19-11

clear arp-cache

19-11

show ip arp
UsethiscommandtodisplayentriesintheARP(AddressResolutionProtocol)table.ARP
convertsanIPaddressintoaphysicaladdress.

Syntax
show ip arp [ip-address]|[vlan vlan-id]|[output-modifier]

Parameters
ipaddress

(Optional)DisplaysARPentriesrelatedtoaspecificIPaddress.

vlanvlanid

(Optional)DisplaysonlyARPentrieslearnedthroughaspecificVLAN
interface.ThisVLANmustbeconfiguredforIProutingasdescribedin
PreRoutingConfigurationTasksonpage 181.

outputmodifier

(Optional)DisplaysARPentrieswithinaspecificrange.Optionsare:

|beginipaddressDisplaysonlyARPentriesthatbeginwiththe
specifiedIPaddress.

|excludeipaddressExcludesARPentriesmatchingthespecified
IPaddress.

|includeipaddressIncludesARPentriesmatchingthespecified
IPaddress.

Defaults
Ifnoparametersarespecified,allentriesintheARPcachewillbedisplayed.

Mode
Anyroutermode.

19-8

IP Configuration

arp

Example
Thisexampleshowshowtousetheshowiparpcommand:
B5(su)->router#show ip arp
Protocol

Address

Age (min) Hardware Addr

Interface

-----------------------------------------------------------------------------Internet

134.141.235.251

0003.4712.7a99

Vlan1

Internet

134.141.235.165

0002.1664.a5b3

Vlan1

Internet

134.141.235.167

00d0.cf00.4b74

Vlan2

B5(su)->router#show ip arp 134.141.235.165

Protocol

Address

Age (min)

Hardware Addr

Interface

-----------------------------------------------------------------------------Internet

134.141.235.165

0002.1664.a5b3

Vlan2

B5(su)->router#show ip arp vlan 2

Protocol

Address

Age (min)

Hardware Addr

Interface

-----------------------------------------------------------------------------Internet

134.141.235.251

0003.4712.7a99

Vlan2

Table 192providesanexplanationofthecommandoutput.
Table 19-2

show ip arp Output Details

Output Field

What It Displays...

Protocol

ARP entrys type of network address.

Address

Network address mapped to the entrys MAC address.

Age (min)

Interval (in minutes) since the entry was entered in the table.

Hardware Addr

MAC address mapped to the entrys network address.

Interface

Interface (VLAN or loopback) through which the entry was learned.

arp
Usethiscommandtoaddorremovepermanent(static)ARPtableentries.AmulticastMAC
addresscanbeusedinastaticARPentry.Thenoformofthiscommandremovesthespecified
permanentARPentry:

Syntax
arp ip-address mac-address
no arp ip-address

Parameters
ipaddress

SpecifiestheIPaddressofadeviceonthenetwork.ValidvaluesareIP
addressesindotteddecimalnotation.

macaddress

Specifiesthe48bithardwareaddresscorrespondingtotheipaddress
expressedinhexadecimalnotation.

Enterasys B5 CLI Reference

19-9

ip proxy-arp

Defaults
None.

Mode
Globalconfiguration:B5(su)>router(Config)#

Usage
TheIPaddressspecifiedforthestaticARPentrymustfallwithinoneofthesubnetsornetworks
definedontheroutedinterfacesofthesystem(orstack,ifapplicable).Thesystemcanthenmatch
theIPaddressofthestaticARPentrywiththeappropriateroutedinterfaceandassociateitwith
thecorrectVLAN.
RefertotheRouterCapacitiestableintheReleaseNotesforthisproductforalistingofthe
numberofstaticARPentriessupportedbythisproduct.

Example
ThisexampleshowshowtoaddapermanentARPentryfortheIPaddress130.2.3.1andMAC
address0003.4712.7a99:
B5(su)->router(Config)#arp 130.2.3.1 0003.4712.7a99

ip proxy-arp
UsethiscommandtoenableproxyARPonaninterface.Thenoformofthiscommanddisables
proxyARP.

Syntax
ip proxy-arp
no ip proxy-arp

Parameters
None.

Defaults
Disabled.

Mode
Interfaceconfiguration:B5(su)>router(Configif(Vlan1))#

Usage
ThisvariationoftheARPprotocolallowstheroutertosendanARPresponseonbehalfofanend
nodetotherequestinghost.ProxyARPcanbeusedtoresolveroutingissuesonendstationsthat
areunabletorouteinthesubnettedenvironment.TheEnterasysB5willanswertoARPrequests
onbehalfoftargetedendstationsonneighboringnetworks.Itisdisabledbydefault.

Example
ThisexampleshowshowtoenableproxyARPonVLAN1:
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#ip proxy-arp

19-10

IP Configuration

arp timeout

arp timeout
Usethiscommandtosettheduration(inseconds)fordynamicallylearnedentriestoremaininthe
ARPtablebeforeexpiring.Thenoformofthiscommandrestoresthedefaultvalueof14,400
seconds.
arp timeout seconds
no arp timeout

Parameters
seconds

SpecifiesthetimeinsecondsthatanentryremainsintheARPcache.Valid
valuesare065535.Avalueof0specifiesthatARPentrieswillneverbe
agedout.

Defaults
14,400seconds.

Mode
Globalconfiguration:B5(su)>router(Config)#

Example
ThisexampleshowshowtosettheARPtimeoutto7200seconds:
B5(su)->router(Config)#arp timeout 7200

clear arp-cache
Usethiscommandtodeleteallnonstatic(dynamic)entriesfromtheARPtable.
clear arp-cache

Parameters
None.

Mode
PrivilegedEXEC:B5(su)>router#

Defaults
None.

Example
ThisexampleshowshowtodeletealldynamicentriesfromtheARPtable:
B5(su)->router#clear arp-cache

Enterasys B5 CLI Reference

19-11

Configuring Broadcast Settings

Purpose
ToconfigureIPbroadcastsettings.Bydefault,interfacesontheEnterasysB5donotforward
broadcastpackets.

Commands
For information about...

Refer to page...

ip directed-broadcast

19-12

ip forward-protocol

19-13

ip helper-address

19-14

ip directed-broadcast
UsethiscommandtoenableordisableIPdirectedbroadcastsonaninterface.Bydefault,
interfacesontheEnterasysB5donotforwarddirectedbroadcasts.Thenoformofthiscommand
disablesIPdirectedbroadcastontheinterface.

Syntax
ip directed-broadcast
no ip directed-broadcast

Parameters
None.

Defaults
None.

Mode
Interfaceconfiguration:B5(su)>Router1(Configif(Vlan1))#

Usage
Directedbroadcastisanefficientmechanismforcommunicatingwithmultiplehostsonanetwork
whileonlytransmittingasingledatagram.Adirectedbroadcastisapacketsenttoallhostsona
specificnetworkorsubnet.Thedirectedbroadcastaddressincludesthenetworkorsubnetfields,
withthebinarybitsofthehostportionoftheaddresssettoone.Forexample,foranetworkwith
theaddress192.168.0.0/16,thedirectedbroadcastaddresswouldbe192.168.255.255.Forasubnet
withtheaddress192.168.12.0/24,thedirectedbroadcastaddresswouldbe192.168.12.255.
InordertominimizebroadcastDoSattacks,forwardingofdirectedbroadcastsisdisabledby
defaultontheEnterasysB5,asrecommendedbyRFC2644.
Iftheabilitytosenddirectedbroadcaststoanetworkisrequired,youshouldenabledirected
broadcastsonlyontheoneinterfacethatwillbetransmittingthedatagrams.Forexample,ifa
EnterasysB5hasfiveroutedinterfacesforthe10,20,30,40,and50networks,enablingdirected

19-12

IP Configuration

ip forward-protocol

broadcastonlyonthe30networkinterfacewillallowanyonefromanyothernetworks(10,20,40,
50)tosenddirectedbroadcasttothe30network.

Example
ThisexampleshowshowtoenableIPdirectedbroadcastsonVLAN1:
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#ip directed-broadcast

ip forward-protocol
UsethiscommandtoenableUDPbroadcastforwardingandspecifywhichprotocolswillbe
forwarded.

Syntax
ip forward-protocol udp [port]
no ip forward-protocol udp [port]

Parameters
udp

SpecifiesUDPastheIPforwardingprotocol.

port

(Optional)SpecifiesadestinationportthatcontrolswhichUDPservices
areforwarded.

Defaults
Ifportisnotspecified,thefollowingdefaultsareused:

TrivialFileTransferProtocol(TFTP)(port69)

DomainNamingSystem(port53)

Timeservice(port37)

NetBIOSNameServer(port137)

NetBIOSDatagramServer(port138)

TACACSservice(port49)

EN116NameService(port42)

Mode
Routercommand,Globalconfiguration:B5(su)>router(Config)#
Routerinterfaceconfiguration:B5(su)>router(Configif(Vlan1)#

Usage
Inordertoactuallyforwardprotocols,youmustconfigureanIPhelperaddressontheindividual
routerinterfaceswiththecommandiphelperaddress(page 1914).
Ifacertainserviceexistsinsidethenode,andthereisnoneedtoforwardtherequesttoremote
networks,thenoformofthiscommandshouldbeusedtodisabletheforwardingforthespecific
port.Suchrequestswillnotbeautomaticallyblockedfrombeingforwardedjustbecauseaservice
forthemexistsinthenode.
ThenoformofthiscommandremovesaUDPportorprotocol,disablingforwarding.

Enterasys B5 CLI Reference

19-13

ip helper-address

Examples
ThefollowingexamplegloballydisablesIPforwardingforUDPport69.
B5(su)->router(Config)#no ip forward-protocol udp 69

ThefollowingexampledisablesIPforwardingforUDPport69onaspecificinterface.
B5(su)->router(Config)#interface vlan 10
B5(su)->router(Config-if(Vlan 10))#no ip forward-protocol udp 69

ip helper-address
UsethiscommandtoenabletheDHCP/BOOTPrelayagentonaEnterasysB5routedinterface
and/ortoforwardbroadcasttrafficidentifiedwiththeipforwardprotocolcommandtoaunicast
address.EnablingtherelayagentallowsforwardingofclientDHCP/BOOTPrequeststoaDHCP/
BOOTPserverthatdoesnotresideonthesamebroadcastdomainastheclient.Upto6IPhelper
addressesmaybeconfiguredperinterface.
ThenoformofthiscommanddisablestheforwardingofUDPdatagramstothespecifiedaddress.

Syntax
ip helper-address address
no ip helper-address address

Parameters
address

AddressofthehostwhereUDPbroadcastpacketsshouldbeforwarded.

Defaults
None.

Mode
Interfaceconfiguration:B5(su)>Router1(Configif(Vlan1))#

Usage
TypicallyforDHCP/BootP,whenahostrequestsanIPaddress,itsendsoutaDHCPbroadcast
packet.Normally,therouterdropsallbroadcastpackets.However,byexecutingthiscommand,
youenabletheroutedinterfacetopassDHCPbroadcastframesthrough,sendingthemdirectlyto
theremoteDHCPserversIPaddress.
TheDHCP/BOOTPrelayagentwilldetectDHCP/BOOTPrequestsbasedonUDPsourceand
destinationports.Itwillthenmakethenecessarychangestothepacketandsendthepackettothe
DHCPserver.Thechangesinclude:

ReplacingthedestinationIPaddresswiththeaddressoftheDHCPserver,

ReplacingthesourceIPaddresswithitsownaddress(thatis,theIPaddressofthelocal
routedinterface),and

WithintheBOOTPpartofthepacket,changingtheRelayAgentIPaddressfrom0.0.0.0tothe
addressofthelocalroutedinterface.

ThelastchangetotheBootPpackettellstheDHCPserverthatitneedstoassignanIPaddress
thatisinthesamesubnetastheRelayAgentIP.Whentheresponsecomesfromtheserver,the
DHCP/BOOTPrelayagentsendsittothehost.

19-14

IP Configuration

Reviewing IP Traffic and Configuring Routes

Forotherprotocolsspecifiedthroughtheipforwardprotocolcommand,thesystemforwards
broadcastUDPtrafficasaunicastpackettothespecifiedIPaddresses.

Example
ThisexampleshowhowtohaveallclientDHCPrequestsforusersinVLAN1tobeforwardedto
theremoteDHCPserverwithIPaddress192.168.1.28.
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#ip helper-address 192.168.1.28

Reviewing IP Traffic and Configuring Routes

Purpose
ToreviewIPtrafficandconfigureroutes,tosendrouterICMP(ping)messages,andtoexecute
traceroute.

Commands
For information about...

Refer to page...

show ip route

19-15

ip route

19-16

ping

19-17

traceroute

19-17

show ip route
UsethiscommandtodisplayinformationaboutIProutes.

Syntax
show ip route [destination-prefix [destination-prefix-match] |connected | rip |
static | summary]

Parameters
destinationprefix
destinationprefix
match

(Optional)Convertsthespecifiedaddressandmaskintoaprefixand
displaysanyroutesthatmatchtheprefix.

connected

(Optional)Displaysconnectedroutes.

rip

(Optional)DisplaysroutesconfiguredfortheRIProutingprotocol.For
detailsonconfiguringRIP,refertoConfiguringRIPonpage 201.

static

(Optional)Displaysstaticroutes.

summary

(Optional)DisplaysasummaryoftheIProutingtable.

Defaults
Ifnoparametersarespecified,allIProuteinformationwillbedisplayed.

Enterasys B5 CLI Reference

19-15

ip route

Mode
Anyroutermode.

Usage
Theroutingtablecontainsallactivestaticroutes,alltheRIProutes,learnedforeachnetwork.

Example
ThisexampleshowshowtousetheshowiproutecommandtodisplayallIProuteinformation.A
portionoftheoutputisshown:
B5(su)->router#show ip route
Codes: C - connected, S - static, R - RIP, O - OSPF, IA - OSPF interarea
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
E - EGP, i - IS-IS, L1 - IS-IS level-1, LS - IS-IS level-2
* - candidate default, U - per user static route
R
R
R
R
C
R
R
R
R
R
R
R
R
R
R
R
R

1.1.1.0/24 [120/2] via 19.0.0.2, Vlan 3803

1.2.3.0/24 [120/2] via 19.0.0.2, Vlan 3803
1.3.4.0/24 [120/2] via 19.0.0.2, Vlan 3803
5.0.0.0/25 [120/2] via 19.0.0.2, Vlan 3803
19.0.0.0/30 [0/1] directly connected, Vlan 3803
21.21.21.0/30 [120/2] via 19.0.0.2, Vlan 3803
24.24.24.0/24 [120/2] via 19.0.0.2, Vlan 3803
27.27.27.0/24 [120/2] via 19.0.0.2, Vlan 3803
33.9.8.0/28 [120/2] via 19.0.0.2, Vlan 3803
34.0.10.192/26 [120/2] via 19.0.0.2, Vlan 3803
34.0.11.192/26 [120/2] via 19.0.0.2, Vlan 3803
34.0.16.192/26 [120/2] via 19.0.0.2, Vlan 3803
34.0.17.192/26 [120/2] via 19.0.0.2, Vlan 3803
37.37.37.0/24 [120/2] via 19.0.0.2, Vlan 3803
40.1.1.0/24 [120/2] via 19.0.0.2, Vlan 3803
50.0.0.0/29 [120/2] via 19.0.0.2, Vlan 3803
50.1.1.0/24 [120/2] via 19.0.0.2, Vlan 3803

ip route
UsethiscommandtoaddorremoveastaticIProute.Thenoformofthiscommandremovesthe
staticIProute.
ip route prefix mask dest-addr [distance]
no ip route prefix mask forward-addr

Parameters

19-16

prefix

SpecifiesadestinationIPaddressprefix.

mask

Specifiesadestinationprefixmask.

destaddr

Specifiesaforwarding(gateway)IPaddress.

distance

(Optional)Specifiesanadministrativedistancemetricforthisroute.Valid
valuesare1(default)to255.Routeswithlowervaluesreceivehigher
preferenceinrouteselection.

IP Configuration

ping

Defaults
Ifdistanceisnotspecified,thedefaultvalueof1willbeapplied.

Mode
Globalconfiguration:B5(su)>router(Config)#

Example
ThisexampleshowshowtosetIPaddress10.1.2.3asthenexthopgatewaytodestinationaddress
10.0.0.0:
B5(su)->router(Config)#ip route 10.0.0.0 255.0.0.0 10.1.2.3

ping
UsethiscommandtotestroutingnetworkconnectivitybysendingIPpingrequests.

Syntax
ping ip-address

Parameters
ipaddress

SpecifiestheIPaddressofthesystemtoping.

Defaults
None.

Mode
PrivilegedEXEC:B5(su)>router#

Usage
Thiscommandisalsoavailableinswitchmode.

Examples
ThisexampleshowsoutputfromasuccessfulpingtoIPaddress182.127.63.23:
B5(su)->router#ping 182.127.63.23
182.127.63.23 is alive

ThisexampleshowsoutputfromanunsuccessfulpingtoIPaddress182.127.63.24:
B5(su)->router#ping 182.127.63.24
no answer from 182.127.63.24

traceroute
UsethiscommandtodisplayahopbyhoppaththroughanIPnetworkfromthedevicetoa
specificdestinationhost.ThreeICMPprobeswillbetransmittedforeachhopbetweenthesource
andthetraceroutedestination.

Syntax
traceroute host
Enterasys B5 CLI Reference

19-17

Configuring ICMP Redirects

Parameters
host

SpecifiesahosttowhichtherouteofanIPpacketwillbetraced.

Defaults
None.

Mode
PrivilegedEXEC:B5(su)>router#

Usage
Thereisalsoatraceroutecommandavailableinswitchmode.

Example
Thisexampleshowshowtousetraceroutetodisplayaroundtrippathtohost192.141.90.183.
B5(su)->router#traceroute 192.141.90.183
Traceroute to 192.141.90.183, 30 hops max, 40 byte packets
1 10.1.56.1
0.000 ms
0.000 ms
2 10.1.48.254
10.000 ms
0.000 ms
3 10.1.0.2
0.000 ms
0.000 ms
4 192.141.89.17
0.000 ms
0.000 ms
5 192.141.100.13
0.000 ms
10.000 ms
6 192.141.100.6
0.000 ms
0.000 ms
7 192.141.90.183
0.000 ms
0.000 ms

0.000
0.000
0.000
10.000
0.000
10.000
0.000

ms
ms
ms
ms
ms
ms
ms

Configuring ICMP Redirects

Purpose
DisableorenablesendingICMPredirectpacketstotheswitchCPUforprocessing,ataglobal
levelandataninterfacelevel.Bydefault,sendingICMPredirectsisenabledgloballyandonall
interfaces.DisablingsendingICMPredirectscanreduceCPUusageincertaindeployments.

Commands
For information about...

Refer to page...

ip icmp redirect enable

19-18

show ip icmp redirect

19-19

ip icmp redirect enable

UsethiscommandtoenableordisablesendingICMPredirectstotheCPUforprocessingona
globalleveloronaspecificinterface.ThenoformofthiscommanddisablessendingICMP
redirectstotheCPU.

19-18

IP Configuration

show ip icmp redirect

Syntax
ip icmp redirect enable
no ip icmp redirect enable

Parameters
None.

Defaults
Bydefault,sendingICMPredirectstotheCPUisenabledgloballyandonallinterfaces.

Mode
Routerglobalconfigurationmode:B5(su)>router(Config)#
Interfaceconfigurationmode:B5(su)>Router1(Configif(Vlan1))#

Usage
YoucanusethiscommandinrouterglobalconfigurationmodetoenableordisablesendingICMP
redirectsgloballyontheswitch.
Youcanusethiscommandinrouterinterfaceconfigurationmodetoenableordisablesending
ICMPredirectsonlyonspecificinterfaces.

Examples
ThisexampledisablessendingICMPredirectsontheinterfaceVLAN5.
B5(su)->router#configure
B5(su)->router(Config)#interface vlan 5
B5(su)->Router1(Config-if(Vlan 5))# no ip icmp redirect enable

ThisexampledisablessendingICMPredirectsglobally.
B5(su)->router#configure
B5(su)->router(Config)#no ip icmp redirect enable

show ip icmp redirect

UsethiscommandtodisplaythestatusofsendingICMPredirectsataglobalorinterfacelevel.

Syntax
show ip icmp redirect {status | interface [vlan vlan-id]}

Parameters
status

DisplaytheglobalICMPredirectstatus.

interface

DisplayICMPredirectstatusforinterfaces.

vlanvlanid

(Optional)DisplayICMPredirectstatusforthespecifiedVLAN.

Defaults
IfnoVLANisspecifiedwiththeinterfaceparameter,informationforallVLANinterfacesis
displayed.

Enterasys B5 CLI Reference

19-19

show ip icmp redirect

Mode
PrivilegedEXECmode:B5(su)>router#
Routerglobalconfigurationmode:B5(su)>router(Config)#

Examples
ThisexampledisplaystheglobalICMPredirectstatus.
B5(su)->router#show ip icmp redirect status
Global ICMP Redirect status - Enabled

ThisexampledisplaystheICMPredirectstatusforVLAN5.
B5(su)->router#show ip icmp redirect interface vlan 5
Vlan Id
Admin Status
-----------------5
Enabled

19-20

IP Configuration

20
IPv4 Routing Protocol Configuration
ThischapterdescribestheIPv4RoutingProtocolConfigurationsetofcommandsandhowtouse
them.
Router: The commands covered in this chapter can be executed only when the device is in router
mode. For details on how to enable router configuration modes, refer to Enabling Router
Configuration Modes on page 18-2.
For information about...

Refer to page...

Configuring RIP

20-1

Configuring IRDP

20-11

Configuring RIP

RIP Configuration Task List and Commands

Table 201liststhetasksandcommandsassociatedwithRIPconfiguration.Commandsare
describedintheassociatedsectionasshown.
Table 20-1

RIP Configuration Task List and Commands

To do this...

Use these commands...

Enable RIP configuration mode.

router rip on page 20-2

Enable RIP on an interface.

ip rip enable on page 20-7

Configure an administrative distance.

distance on page 20-3

Allow reception of a RIP version.

ip rip send version on page 20-8

Allow transmission of a RIP version.

ip rip receive version on page 20-8

Configure RIP simple authentication.

ip rip authentication-key on page 20-9

Configure RIP encrypted authentication.

ip rip message-digest-key on page 20-9

Disable automatic route summarization

(necessary for enabling CIDR)

no auto-summary on page 20-4

Activate split horizon or poison-reverse.

split-horizon poison on page 20-4

Suppress sending routing updates.

passive-interface on page 20-5

Enterasys B5 CLI Reference

20-1

router rip

Table 20-1

RIP Configuration Task List and Commands (Continued)

To do this...

Use these commands...

Control reception of routing updates

receive-interface on page 20-6

Control advertising non-RIP routes.

redistribute on page 20-6

Router Configuration Commands

ThefollowingcommandsareusedtoenterRIProuterconfigurationmodeandtoconfigureRIP
routing.
For information about...

Refer to page...

router rip

20-2

distance

20-3

no auto-summary

20-4

split-horizon poison

20-4

passive-interface

20-5

receive-interface

20-6

redistribute

20-6

router rip
UsethiscommandtoenableordisableRIPconfigurationmode.Thenoformofthiscommand
disablesRIP.

Syntax
router rip
no router rip

Parameters
None.

Defaults
None.

Mode
Globalconfiguration:B5(su)>router(Config)#

Usage
YoumustexecutetherouterripcommandtoenabletheprotocolbeforecompletingmanyRIP
specificconfigurationtasks.Fordetailsonenablingconfigurationmodes,refertoTable 182in
EnablingRouterConfigurationModesonpage182.

20-2

IPv4 Routing Protocol Configuration

distance

Example
ThisexampleshowshowtoenableRIP:
B5(su)->router#configure
B5(su)->router(Config)#router rip
B5(su)->router(Config-router)#

distance
UsethiscommandtoconfiguretheadministrativedistanceforRIProutes.Thenoformofthis
commandresetsRIPadministrativedistancetothedefaultvalueof120.

Syntax
distance weight
no distance [weight]

Parameters
weight

SpecifiesanadministrativedistanceforRIProutes.Validvaluesare1255.

Defaults
None.

Mode
Routerconfiguration:B5(su)>router(Configrouter)#

Usage
Ifseveralroutes(comingfromdifferentprotocols)arepresentedtotheEnterasysB5,theprotocol
withthelowestadministrativedistancewillbechosenforrouteinstallation.Bydefault,RIP
administrativedistanceissetto120.Thedistancecommandcanbeusedtochangethisvalue,
resettingRIPsroutepreferenceinrelationtootherroutesasshowninthetablebelow.
Route Source

Default Distance

Connected

Static

OSPF

110

RIP

120

Example
ThisexampleshowshowtochangethedefaultadministrativedistanceforRIPto1001:
B5(su)->router(Config)#router rip
B5(su)->router(Config-router)#distance 100

Enterasys B5 CLI Reference

20-3

no auto-summary

no auto-summary
Usethiscommandtodisableautomaticroutesummarization.

Syntax
no auto-summary
auto-summary

Parameters
None.

Defaults
None.

Mode
Routerconfiguration:B5(su)>router(Configrouter)#

Usage
Bydefault,RIPversion2supportsautomaticroutesummarization,whichsummarizes
subprefixestotheclassfulnetworkboundarywhencrossingnetworkboundaries.Disabling
automaticroutesummarizationenablesCIDR,allowingRIPtoadvertiseallsubnetsandhost
routinginformationontheEnterasysB5device.Toverifywhichroutesaresummarizedforan
interface,usetheshowiproutecommandasdescribedinshowiprouteonpage1915.The
reverseofthecommandreenablesautomaticroutesummarization.Bydefault,RIPauto
summarizationaffectsbothRIPv1andRIPv2routes.

Note: This command is necessary for enabling CIDR for RIP on the Enterasys B5 device.

Example
ThisexampleshowshowtodisableRIPautomaticroutesummarization:
B5(su)->router(Config)#router rip
B5(su)->router(Config-router)#no auto-summary

split-horizon poison
UsethiscommandtoenableordisablesplithorizonpoisonreversemodeforRIPpackets.Theno
formofthiscommanddisablessplithorizonpoisonreverse.

Syntax
split-horizon poison
no split-horizon poison

Parameters
None.

Defaults
None.

20-4

IPv4 Routing Protocol Configuration

passive-interface

Mode
Routerconfiguration:B5(su)>router(Configrouter)#

Usage
Splithorizonpreventsanetworkfrombeingadvertisedoutthesameinterfaceitwasreceivedon.
Thisfunctionisdisabledbydefault.

Example
ThisexampleshowshowtodisablesplithorizonpoisonreverseforRIPpacketstransmittedon
theVLAN1interface:
B5(su)->router(Config)#router rip
B5(su)->router(Config-router)#no split-horizon poison

passive-interface
UsethiscommandtopreventRIPfromtransmittingupdatepacketsonaninterface.Thenoform
ofthiscommanddisablespassiveinterface.

Syntax
passive-interface vlan vlan-id
no passive-interface vlan vlan-id

Parameters
vlanvlanid

SpecifiesthenumberoftheVLANtomakeapassiveinterface.ThisVLAN
mustbeconfiguredforIProutingasdescribedinPreRouting
ConfigurationTasksonpage181.

Defaults
None.

Mode
Routerconfiguration:B5(su)>router(Configrouter)#

Usage
ThiscommanddoesnotpreventRIPfrommonitoringupdatesontheinterface.

Example
ThisexampleshowshowtosetVLAN2asapassiveinterface.NoRIPupdateswillbetransmitted
onVLAN2:
B5(su)->router(Config)#router rip
B5(su)->router(Config-router)#passive-interface vlan 2

Enterasys B5 CLI Reference

20-5

receive-interface

receive-interface
UsethiscommandtoallowRIPtoreceiveupdatepacketsonaninterface.Thenoformofthis
commanddeniesthereceptionofRIPupdates.Bydefault,receivingisenabledonallrouting
interfaces.

Syntax
receive-interface vlan vlan-id
no receive-interface vlan vlan-id

Parameters
vlanvlanid

SpecifiesthenumberoftheVLANtomakeareceiveinterface.ThisVLAN
mustbeconfiguredforIProutingasdescribedinPreRouting
ConfigurationTasksonpage181.

Defaults
None.

Mode
Routerconfiguration:B5(su)>router(Configrouter)#

Usage
ThiscommanddoesnotaffectthesendingofRIPupdatesonthespecifiedinterface.

Example
ThisexampleshowshowtodenythereceptionofRIPupdatesonVLAN2:
B5(su)->router(Config)#router rip
B5(su)->router(Config-router)#no receive-interface vlan 2

redistribute
UsethiscommandtoallowroutinginformationdiscoveredthroughnonRIPprotocolstobe
distributedinRIPupdatemessages.Thenoformofthiscommandclearsredistribution
parameters.

Syntax
redistribute {connected | static} [metric metric value]
no redistribute {connected | stat

20-6

connected

SpecifiesthatnonRIProutinginformationdiscoveredviadirectly
connectedinterfaceswillberedistributed.

static

SpecifiesthatnonRIProutinginformationdiscoveredviastaticrouteswill
beredistributed.Staticroutesarethosecreatedusingtheiproute
commanddetailediniprouteonpage1916.

metricmetricvalue

(Optional)Specifiesametricfortheconnectedorstaticredistribution
route.Thisvalueshouldbeconsistentwiththedesignationprotocol.

IPv4 Routing Protocol Configuration

ip rip enable

Mode
Routerconfiguration:B5(su)>router(Configrouter)#

Defaults
Ifmetricvalueisnotspecified,1willbeapplied.
Example
Thisexampleshowshowtoredistributeroutinginformationdiscoveredthroughstaticrouteswill
beredistributedintoRIPupdatemessages:
B5(su)->router(Config)#router rip
B5(su)->router(Config-router)#redistribute static

Interface Configuration Commands

ThefollowingcommandsareusedtoconfigureRIPonspecificinterfaces.
For information about...

Refer to page...

ip rip enable

20-7

ip rip send version

20-8

ip rip receive version

20-8

ip rip authentication-key

20-9

ip rip message-digest-key

20-9

ip rip enable
UsethiscommandtoenableRIPonaninterface.ThenoformofthiscommanddisablesRIPonan
interface:Bydefault,RIPisdisabledonallinterfaces.

Syntax
ip rip enable
no ip rip enable

Parameters
None.

Defaults
None.

Mode
Interfaceconfiguration:B5(su)>router(Configif(Vlan1))#

Example
ThisexampleshowshowtoenableRIPontheVLAN1interface:
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#ip rip enable

Enterasys B5 CLI Reference

20-7

ip rip send version

UsethiscommandtosettheRIPversionforRIPupdatepacketstransmittedoutaninterface.The
noversionofthiscommandsetstheversionoftheRIPupdatepacketstoRIPv1.

Syntax
ip rip send version {1 | 2 | r1compatible}
no ip rip send version

Parameters
1

SpecifiesRIPversion1.Thisisthedefaultsetting.

SpecifiesRIPversion2.

r1compatible

Specifiesthatpacketsbesentasversion2packets,buttransmitstheseas
broadcastpacketsratherthanmulticastpacketssothatsystemswhichonly
understandRIPversion1canreceivethem.

Defaults
None.

Mode
Interfaceconfiguration:B5(su)>router(Configif(Vlan1))#

Example
ThisexampleshowshowtosettheRIPsendversionto2forpacketstransmittedontheVLAN1
interface:
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#ip rip send version 2

ip rip receive version

UsethiscommandtosettheRIPversion(s)forRIPupdatepacketsacceptedonaninterface.The
noversionofthiscommandsetstheacceptablereceiveversionoftheRIPupdatepacketstoRIPv1.

Syntax
ip rip receive version {1 | 2 | 1 2 | none}
no ip rip receive version

Parameters
1

SpecifiesRIPversion1.Thisisthedefaultsetting.

SpecifiesRIPversion2.

SpecifiesRIPversions1and2.

none

SpecifiesthatnoRIProuteswillbeprocessedonthisinterface.

Mode
Interfaceconfiguration:B5(su)>router(Configif(Vlan1))#

20-8

IPv4 Routing Protocol Configuration

ip rip authentication-key

Defaults
None.

Example
ThisexampleshowshowtosettheRIPreceiveversionto2forupdatepacketsreceivedonthe
VLAN1interface:
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#ip rip receive version 2

ip rip authentication-key
UsethiscommandtoenableordisableaRIPauthenticationkey(password)foruseonan
interface.ThenoformofthiscommandpreventsRIPfromusingauthentication.

Syntax
ip rip authentication-key name
no ip rip authentication-key

Parameters
name

SpecifiesthepasswordtoenableordisableforRIPauthentication.

Defaults
None.

Mode
Interfaceconfiguration:B5(su)>router(Configif(Vlan1))#

Example
ThisexampleshowshowtosettheRIPauthenticationkeychaintopasswordontheVLAN1
interface:
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#ip rip authentication-key password

ip rip message-digest-key
UsethiscommandtoenableordisableaRIPMD5authenticationkey(password)foruseonan
interface.ThenoformofthiscommandpreventsRIPfromusingauthentication.

Syntax
ip rip message-digest-key keyid md5 key
no ip rip message-digest-key keyid

Enterasys B5 CLI Reference

20-9

ip rip message-digest-key

Parameters
keyid

SpecifiesthekeyIDtoenableordisableforRIPauthentication.Validvalues
are1to255.

md5

SpecifiesuseoftheMD5algorithm.

key

SpecifiestheRIPauthenticationpassword.

Mode
Interfaceconfiguration:B5(su)>router(Configif(Vlan1))#

Defaults
None.

Examples
ThisexampleshowshowtosettheMD5authenticationIDto5fortheRIPauthenticationkeyset
ontheVLAN1interface:
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#ip rip message-digest-key 5 md5 password

20-10

IPv4 Routing Protocol Configuration

Configuring IRDP

Configuring IRDP
Purpose
ToenableandconfiguretheICMPRouterDiscoveryProtocol(IRDP)onaninterface.Thisprotocol
enablesahosttodeterminetheaddressofarouteritcanuseasadefaultgateway.Itisdisabledby
default.

Commands
For information about...

Refer to page...

ip irdp enable

20-11

ip irdp maxadvertinterval

20-12

ip irdp minadvertinterval

20-12

ip irdp holdtime

20-13

ip irdp preference

20-13

ip irdp broadcast

20-14

show ip irdp

20-14

ip irdp enable
UsethiscommandtoenableIRDPonaninterface.ThenoformofthiscommanddisablesIRDPon
aninterface.

Syntax
ip irdp enable
no ip irdp enable

Parameters
None.

Defaults
None.

Mode
Interfaceconfiguration:B5(su)>router(Configif(Vlan1))#

Example
ThisexampleshowshowtoenableIRDPontheVLAN1interface:
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#ip irdp enable

Enterasys B5 CLI Reference

20-11

ip irdp maxadvertinterval

ip irdp maxadvertinterval
UsethiscommandtosetthemaximumintervalinsecondsbetweenIRDPadvertisements.Theno
formofthiscommandresetsthemaximumadvertisementintervaltothedefaultvalueof600
seconds.

Syntax
ip irdp maxadvertinterval interval
no irdp maxadvertinterval

Parameters
interval

Specifiesamaximumadvertisementintervalinseconds.Validvaluesare
4to1800.

Defaults
None.

Mode
Interfaceconfiguration:B5(su)>router(Configif(Vlan1))#

Example
ThisexampleshowshowtosetthemaximumIRDPadvertisementintervalto1000secondsonthe
VLAN1interface:
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#ip irdp maxadvertinterval 1000

ip irdp minadvertinterval
UsethiscommandtosettheminimumintervalinsecondsbetweenIRDPadvertisements.Theno
formofthiscommanddeletesthecustomholdtimesetting,andresetstheminimum
advertisementintervaltothedefaultvalueofthreefourthsofthemaxadvertintervalvalue,which
isequalto450seconds.

Syntax
ip irdp minadvertinterval interval
no irdp minadvertinterval

Parameters
interval

Specifiesaminimumadvertisementintervalinseconds.Validvaluesare3
to1800.

Defaults
None.

Mode
Interfaceconfiguration:B5(su)>router(Configif(Vlan1))#

20-12

IPv4 Routing Protocol Configuration

ip irdp holdtime

Example
ThisexampleshowshowtosettheminimumIRDPadvertisementintervalto500secondsonthe
VLAN1interface:
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#ip irdp minadvertinterval 500

ip irdp holdtime
UsethiscommandtosetthelengthoftimeinsecondsIRDPadvertisementsareheldvalid.Theno
formofthiscommandresetstheholdtimetothedefaultvalueofthreetimesthe
maxadvertintervalvalue,whichisequalto1800seconds.

Syntax
ip irdp holdtime holdtime
no irdp holdtime

Parameters
holdtime

Specifiestheholdtimeinseconds.Validvaluesare0to
9000.

Defaults
None.

Mode
Interfaceconfiguration:B5(su)>router(Configif(Vlan1))#

Example
ThisexampleshowshowtosettheIRDPholdtimeto4000secondsontheVLAN1interface:
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#ip irdp holdtime 4000

ip irdp preference
UsethiscommandtosettheIRDPpreferencevalueforaninterface.ThisvalueisusedbyIRDPto
determinetheinterfacesselectionasadefaultgatewayaddress.Thenoformofthiscommand
resetstheinterfacesIRDPpreferencevaluetothedefaultof0.

Syntax
ip irdp preference preference
no irdp preference

Parameters
preference

Specifiesthevaluetoindicatetheinterfacesuseasadefaultrouter
address.Validvaluesare2147483648to2147483647.
Theminimumvalueindicatesthattheaddress,eventhoughitmaybe
advertised,isnottobeusedbyneighboringhostsasadefaultrouter
address.

Enterasys B5 CLI Reference

20-13

ip irdp broadcast

Defaults
None.

Mode
Interfaceconfiguration:B5(su)>router(Configif(Vlan1))#

Example
ThisexampleshowshowtosetIRDPpreferenceontheVLAN1interfacesothattheinterfaces
addressmaystillbeadvertised,butcannotbeusedbyneighboringhostsasadefaultrouter
address:
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#ip irdp preference -2147483648

ip irdp broadcast
UsethiscommandtoconfigureIRDPtousethelimitedbroadcastaddressof255.255.255.255.The
defaultismulticastwithaddress224.0.0.1.ThenoformofthiscommandresetsIRDPtouse
multicastonIPaddress224.0.0.1.

Syntax
ip irdp broadcast
no ip irdp broadcast

Parameters
None.

Defaults
None.

Mode
Interfaceconfiguration:B5(su)>router(Configif(Vlan1))#

Example
ThisexampleshowshowtoenablebroadcastforIRDPontheVLAN1interface:
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#ip irdp broadcast

show ip irdp
UsethiscommandtodisplayIRDPinformation.

Syntax
show ip irdp [vlan vlan-id]

20-14

IPv4 Routing Protocol Configuration

show ip irdp

Parameters
vlanvlanid

(Optional)DisplaysIRDPinformationforaspecificVLAN.ThisVLAN
mustbeconfiguredforIProutingasdescribedinPreRouting
ConfigurationTasksonpage181.

Defaults
Ifvlanvlanidisnotspecified,IRDPinformationforallinterfaceswillbedisplayed.

Mode
Globalconfiguration:B5(su)>router(Config)#
Execmode:B5(su)>router#

Example
ThisexampleshowshowtodisplayIRDPinformationfortheVLAN1interface:
B5(su)->router#show ip irdp vlan 1
Interface vlan 1 has router discovery enabled
Advertisements will occur between 450 and 600 seconds
Advertisements are sent with broadcasts
Advertisements are valid for 1800 seconds
Default preference will be 0

Enterasys B5 CLI Reference

20-15

show ip irdp

20-16

IPv4 Routing Protocol Configuration

21
IPv6 Management
ThischapterdescribestheswitchmodesetofcommandsusedtomanageIPv6.

Purpose
ToenableordisabletheIPv6managementfunction,toconfigureanddisplaytheIPv6host
addressandIPv6gatewayfortheswitch,andtodisplayIPv6statusinformation.

Commands
For information about...

Refer to page...

show ipv6 status

21-1

set ipv6

21-2

set ipv6 address

21-3

show ipv6 address

21-4

clear ipv6 address

21-4

set ipv6 gateway

21-5

clear ipv6 gateway

21-6

show ipv6 neighbors

21-7

show ipv6 netstat

21-7

ping ipv6

21-8

traceroute ipv6

21-9

show ipv6 status

UsethiscommandtodisplaythestatusoftheIPv6managementfunction.

Syntax
show ipv6 status

Parameters
None.

Enterasys B5 CLI Reference

21-1

set ipv6

Defaults
None.

Mode
Switchmode,readonly.

Example
ThisexampleshowshowtodisplayIPv6managementfunctionstatus.
B5(ro)->show ipv6 status
IPv6 Administrative Mode: Disabled

set ipv6
UsethiscommandtogloballyenableordisabletheIPv6managementfunction.

Syntax
set ipv6 {enable | disable}

Parameters
enable|disable

EnableordisabletheIPv6managementfunction.

Defaults
Bydefault,IPv6managementisdisabled.

Mode
Switchmode,readwrite.

Usage
WhenyouenableIPv6managementontheswitch,thesystemautomaticallygeneratesalinklocal
hostaddressfortheswitchfromthehostMACaddress.YoucansetadifferenthostIPv6address
withthesetipv6addresscommand.

Example
ThisexampleshowshowtoenableIPv6management.
B5(su)-> set ipv6 enable
B5(su)->show ipv6 status
IPv6 Administrative Mode: Enabled
B5(su)->show ipv6 address
Name
IPv6 Address
--------------------------------------------------host
FE80::201:F4FF:FE5C:2880/64

21-2

IPv6 Management

set ipv6 address

UsethiscommandtoconfigureIPv6globaladdressinginformation.

Syntax
set ipv6 address ipv6-addr/prefix-length [eui64]

Parameters
ipv6addr

TheIPv6addressorprefixtobeconfigured.Thisparametermustbeinthe
formdocumentedinRFC4291,withtheaddressspecifiedinhexadecimal
using16bitvaluesbetweencolons.

prefixlength

ThelengthoftheIPv6prefixforthisaddress.Thevalueofprefixlengthisa
decimalnumberindicatingthenumberofhighordercontiguousbitsofthe
addressthatcomprisethenetworkportionoftheaddress.

eui64

(Optional)FormulatetheIPv6addressusinganEUI64IDinthelower
order64bitsoftheaddress.

Defaults
NoglobalunicastIPv6addressisdefinedbydefault.

Mode
Switchmode,readwrite.

Usage
UsethiscommandtomanuallyconfigureaglobalunicastIPv6addressforIPv6management.You
canspecifytheaddresscompletely,oryoucanusetheoptionaleui64parametertoallowthe
switchtogeneratethelowerorder64bitsoftheaddress.
Whenusingtheeui64parameter,youspecifyonlythenetworkprefixandlength.

Examples
ThisexampleshowshowtocompletelyspecifyanIPv6addressbyenteringall128bitsandthe
prefix:
B5(su)->set ipv6 address 2001:0db8:1234:5555::9876:2/64
B5(su)->show ipv6 address
Name
IPv6 Address
--------------------------------------------------host
FE80::201:F4FF:FE5C:2880/64
host
2001:DB8:1234:5555::9876:2/64

Thisexampleshowshowtousetheeui64parametertoconfigurethelowerorder64bits:
B5(su)->set ipv6 address 2001:0db8:1234:5555::/64 eui64
B5(su)->show ipv6 address
Name
IPv6 Address
--------------------------------------------------host
FE80::201:F4FF:FE5C:2880/64
host
2001:DB8:1234:5555:201:F4FF:FE5C:2880/64

Enterasys B5 CLI Reference

21-3

show ipv6 address

UsethiscommandtodisplaythesystemIPv6address(es)andIPv6gatewayaddress(default
router),ifconfigured.

Syntax
show ipv6 address

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Usage
ThiscommanddisplaystheIPv6addressesconfiguredautomaticallyandwiththesetipv6
addressandsetipv6gatewaycommands.

Example
ThisexampledisplaystwoIPv6management(host)addressesconfiguredfortheswitch.Thefirst
listedisthelinklocaladdressthatwasautomaticallycreatedwhenIPv6wasenabledforthehost.
Thesecondaddressisaglobaladdressthatwasmanuallyconfigured.Thegatewayaddresswas
alsoautomaticallycreatedforthelinklocaladdress.
B5(su)->show ipv6 address
Name
IPv6 Address
--------------------------------------------------host
FE80::201:F4FF:FE5C:2880/64
host
2001:DB8:1234:5555:201:F4FF:FE5C:2880/64
gateway
FE80::201:F4FF:FE5D:1234

clear ipv6 address

UsethiscommandtoclearIPv6globaladdresses.

Syntax
clear ipv6 [address {all|ipv6-addr/prefix-length}]

Parameters

21-4

ipv6addr

TheIPv6addresstobecleared.Thisparametermustbeintheform
documentedinRFC4291,withtheaddressspecifiedinhexadecimalusing
16bitvaluesbetweencolons.

prefixlength

ThelengthoftheIPv6prefixforthisaddress.Thevalueofprefixlengthisa
decimalnumberindicatingthenumberofhighordercontiguousbitsofthe
addressthatcomprisethenetworkportionoftheaddress.

all

DeletesallIPv6globaladdresses.

IPv6 Management

set ipv6 gateway

Defaults
Ifaddressisnotentered,allmanuallyconfiguredglobalIPv6addressesarecleared.

Mode
Switchmode,readwrite.

Usage
Thiscommandclearsaddressesmanuallyconfiguredwiththesetipv6addresscommand.Usethe
clearipv6gatewaycommandtocleartheIPv6gatewayaddress.

Example
ThisexampleillustratesthatthiscommandclearsonlythoseIPv6addressesconfiguredwiththe
setipv6addresscommand.Thelinklocaladdressforthehostinterfaceandthegatewayaddress
arenotremovedwiththiscommand.
B5(su)->show ipv6 address
Name
IPv6 Address
--------------------------------------------------host
FE80::201:F4FF:FE5C:2880/64
host
2001:DB8:1234:5555:201:F4FF:FE5C:2880/64
host
2001:DB8:1234:5555::9876:2/64
gateway
FE80::201:F4FF:FE5D:1234
B5(su)->clear ipv6 address all
B5(su)->show ipv6 address
Name
IPv6 Address
--------------------------------------------------host
FE80::201:F4FF:FE5C:2880/64
gateway
FE80::201:F4FF:FE5D:1234

set ipv6 gateway

UsethiscommandtoconfiguretheIPv6gateway(defaultrouter)address.

Syntax
set ipv6 gateway ipv6-addr

Parameters
ipv6addr

TheIPv6addresstobeconfigured.Theaddresscanbeaglobalunicastor
linklocalIPv6address,intheformdocumentedinRFC4291,withthe
addressspecifiedinhexadecimalusing16bitvaluesbetweencolons.

Defaults
None.

Mode
Switchmode,readwrite.

Enterasys B5 CLI Reference

21-5

clear ipv6 gateway

Usage
ThiscommandconfigurestheIPv6gatewayaddress.OnlyoneIPv6gatewayaddresscanbe
configuredfortheswitch,soexecutingthiscommandwhenagatewayaddresshasalreadybeen
configuredwilloverwritethepreviouslyconfiguredaddress.
Usetheshowipv6addresscommandtodisplayaconfiguredIPv6gatewayaddress.

Example
ThisexampleshowshowtoconfigureanIPv6gatewayaddressusingalinklocaladdress.
B5(su)->set ipv6 gateway fe80::201:f4ff:fe5d:1234
B5(su)->show ipv6 address
Name
IPv6 Address
--------------------------------------------------host
FE80::201:F4FF:FE5C:2880/64
gateway
FE80::201:F4FF:FE5D:1234

clear ipv6 gateway

UsethiscommandtoclearanIPv6gatewayaddress.

Syntax
clear ipv6 gateway

Parameters
None.

Defaults
None.

Mode
Switchmode,readwrite.

Example
ThisexampleshowshowtoremoveaconfiguredIPv6gatewayaddress.
B5(su)->show ipv6 address
Name
IPv6 Address
--------------------------------------------------host
FE80::201:F4FF:FE5C:2880/64
gateway
FE80::201:F4FF:FE5D:1234
B5(su)->clear ipv6 gateway
B5(su)->show ipv6 address
Name
IPv6 Address
--------------------------------------------------host
FE80::201:F4FF:FE5C:2880/64

21-6

IPv6 Management

show ipv6 neighbors

UsethiscommandtodisplaythesystemIPv6NeighborDiscoveryProtocolcache.

Syntax
show ipv6 neighbors

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
Thisexampleshowsexampleoutputofthiscommand.
B5(su)->show ipv6 neighbors
Last
IPv6 Address
MAC Address
isRtr State
Updated
--------------------------------------- ----------------- ----- ------- ------2001:db8:1234:6666::2310:3
00:04:76:73:42:31 True Reachable 00:01:16

show ipv6 netstat

UsethiscommandtodisplayIPv6netstatinformation.

Syntax
show ipv6 netstat

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
Thisexampleshowstheoutputofthiscommand.
B5(su)->show ipv6 netstat
Prot Local
Address
Foreign Address
---- -------------------------------------------TCP 3333::211:88FF:FE59:4424.22
2020::D480:1384:F58C:B114.1049
TCP 3333::211:88FF:FE59:4424.443

State
----------ESTABLISHED
TIME_WAIT
Enterasys B5 CLI Reference

21-7

ping ipv6

TCP
TCP
TCP
TCP
TCP

2020::D480:1384:F58C:B114.1056
::.23
::.*
3333::211:88FF:FE59:4424.22
2020::D480:1384:F58C:B114.1050
3333::211:88FF:FE59:4424.22
3333::2117:F1C0:90B:910D.1045
::.80
::.*
::.22
::.*
3333::211:88FF:FE59:4424.80
2020::D480:1384:F58C:B114.1053
3333::211:88FF:FE59:4424.80
2020::D480:1384:F58C:B114.1054
::.443
::.*
3333::211:88FF:FE59:4424.22
2020::D480:1384:F58C:B114.1048
3333::211:88FF:FE59:4424.443
2020::D480:1384:F58C:B114.1055

LISTEN
ESTABLISHED
ESTABLISHED
LISTEN
LISTEN

ESTABLISHED
ESTABLISHED
LISTEN
ESTABLISHED
TIME_WAIT

ping ipv6
UsethiscommandtotestroutingnetworkconnectivitybysendingIPpingrequests.

Syntax
ping ipv6-addr [size num]

Parameters
ipv6addr

SpecifiestheIPv6addressofthesystemtoping.Entertheaddressinthe
formdocumentedinRFC4291,withtheaddressspecifiedinhexadecimal
using16bitvaluesbetweencolons.

sizenum

(Optional)Specifiesthesizeofthedatagrampacket.Thevalueofnumcan
rangefrom48to2048bytes.

Defaults
None.

Mode
Switchmode,readwrite.

Usage
Thiscommandisalsoavailableinroutermode.

Examples
ThisexampleshowsoutputfromasuccessfulpingtoIPv6address2001:0db8:1234:5555::1234:1.
B5(su)->ping ipv6 2001:0db8:1234:5555::1234:1
2001:DB8:1234:5555::1234:1 is alive

21-8

IPv6 Management

traceroute ipv6

ThisexampleshowsoutputfromanunsuccessfulpingtoIPv6address
2001:0db8:1234:5555::1234:1.
B5(su)->ping ipv6 2001:0db8:1234:5555::1234:1
no answer from 2001:DB8:1234:5555::1234:1

traceroute ipv6
Usethiscommandtodiscovertheroutesthatpacketsactuallytakewhentravelingtotheir
destinationthroughthenetworkonahopbyhopbasis.

Syntax
traceroute ipv6 ipv6-addr

Parameters
ipv6addr

SpecifiesahosttowhichtherouteofanIPv6packetwillbetraced.Enterthe
addressintheformdocumentedinRFC4291,withtheaddressspecifiedin
hexadecimalusing16bitvaluesbetweencolons.

Defaults
None.

Mode
Switchmode,readwrite.

Usage
Thiscommandisalsoavailableinroutermode.

Example
Thisexampleshowshowtousetraceroutetodisplayaroundtrippathtohost
2001:0db8:1234:5555
B5(su)->router#traceroute ipv6 2001:0db8:1234:5555::1
Traceroute to 2001:0db8:1234:5555, 30 hops max, 40 byte packets
1 2001:0db8:1234:5555
1.000000e+00 ms
1.000000e+00 ms

1.000000e+00 ms

Enterasys B5 CLI Reference

21-9

traceroute ipv6

21-10

IPv6 Management

22
Authentication and Authorization
Configuration
Thischapterdescribesthefollowingauthenticationandauthorizationcommandsandhowtouse
them.ForinformationaboutusingtheTACACS+authenticationmethodformanagement,see
Chapter 23,TACACS+Configuration.
For information about...

Refer to page...

Overview of Authentication and Authorization Methods

22-1

Setting the Authentication Login Method

22-4

Configuring RADIUS

22-6

Configuring 802.1X Authentication

22-15

Configuring MAC Authentication

22-25

Configuring Multiple Authentication Methods

22-37

Configuring User + IP Phone Authentication

22-48

Configuring VLAN Authorization (RFC 3580)

22-49

Configuring Policy Maptable Response

22-52

Configuring MAC Locking

22-57

Configuring Port Web Authentication (PWA)

22-68

Configuring Secure Shell (SSH)

22-80

Configuring Access Lists

22-82

Note: An Enterasys Networks Feature Guide document containing an in-depth discussion of

authentication and authorization configuration is located on the Enterasys Networks web site:
https://extranet.enterasys.com/downloads/

Overview of Authentication and Authorization Methods

Thefollowingmethodsareavailableforcontrollingwhichusersareallowedtoaccess,monitor,
andmanagetheswitch.

LoginuseraccountsandpasswordsusedtologintotheCLIviaaTelnetconnectionorlocal
COMportconnection.Fordetails,refertoSettingUserAccountsandPasswordson
page 32.

HostAccessControlAuthentication(HACA)authenticatesuseraccessofTelnet
management,consolelocalmanagementandWebViewviaacentralRADIUSClient/Serveror

Enterasys B5 CLI Reference

22-1

Overview of Authentication and Authorization Methods

TACACS+application.WhenRADIUSorTACACS+isenabled,thisessentiallyoverrideslogin
useraccounts.WhenHACAisactiveperavalidRADIUSorTACACS+configuration,theuser
namesandpasswordsusedtoaccesstheswitchviaTelnet,SSH,WebView,andCOMports
willbevalidatedagainsttheconfiguredRADIUSserver.OnlyinthecaseofaRADIUS
timeoutwillthosecredentialsbecomparedagainstcredentialslocallyconfiguredonthe
switch.Fordetails,refertoConfiguringRADIUSonpage 226.

SNMPuserorcommunitynamesallowsaccesstotheEnterasysB5switchviaanetwork
SNMPmanagementapplication.Toaccesstheswitch,youmustenteranSNMPuseror
communitynamestring.Thelevelofmanagementaccessisdependentontheassociated
accesspolicy.Fordetails,refertoChapter 8.

802.1XPortBasedNetworkAccessControlusingEAPOL(ExtensibleAuthenticationProtocol)
providesamechanismviaaRADIUSserverforadministratorstosecurelyauthenticateand
grantappropriateaccesstoenduserdevicescommunicatingwithEnterasysB5ports.For
detailsonusingCLIcommandstoconfigure802.1X,refertoConfiguring802.1X
Authenticationonpage 2215.
Note: To configure EAP pass-through, which allows client authentication packets to be forwarded
through the switch to an upstream device, 802.1X authentication must be globally disabled with the
set dot1x command.

MACAuthenticationprovidesamechanismforadministratorstosecurelyauthenticate
sourceMACaddressesandgrantappropriateaccesstoenduserdevicescommunicatingwith
EnterasysB5ports.Fordetails,refertoConfiguringMACAuthenticationonpage 2225.

MultipleAuthenticationMethodsallowsuserstoauthenticateusingmultiplemethodsof
authenticationonthesameport.Fordetails,refertoConfiguringMultipleAuthentication
Methodsonpage 2237.

MultiUserAuthenticationallowsmultipleusersanddevicesonthesameportto
authenticateusinganysupportedauthenticationmethod.Eachuserordevicecanbemapped
tothesameordifferentrolesusingEnterasyspolicyforaccesscontrol,VLANauthorization,
trafficratelimiting,andqualityofservice.Thisisthemostflexibleandpreferredmethodto
useforVoIP(PCdaisychainedtoaphone).Fordetails,refertoAboutMultiUser
Authenticationonpage 2237.RefertoAppendix A,PolicyandAuthenticationCapacities,
foralistingofthenumberofusersperportsupportedbytheEnterasysB5.

User+IPPhone(Legacyfeature)TheUser+IPPhoneauthenticationfeatureprovides
legacysupportforauthenticationandauthorizationoftwodevices,specificallyaPCcascaded
withaVLANtaggingIPphone,onasingleportontheswitch.TheIPphonemust
authenticateusingMACor802.1Xauthentication,buttheusermayauthenticatebyany
method.ThisfeatureallowsboththeusersPCandIPphonetosimultaneouslyauthenticate
onasingleportandeachreceiveauniquelevelofnetworkaccess.Fordetails,referto
ConfiguringUser+IPPhoneAuthenticationonpage 2248.
Note: User + IP Phone authentication is a legacy feature that should only be used if you have
already implemented User + IP Phone in your network with switches that do not support true
multi-user authentication.

22-2

RFC3580tunnelattributesprovideamechanismtocontainan802.1X,MAC,orPWA
authenticatedusertoaVLANregardlessofthePVID.Thisfeaturedynamicallyassignsa
VLANbasedontheRFC3580tunnelattributesreturnedintheRADIUSacceptmessage.Refer
toConfiguringVLANAuthorization(RFC3580)onpage 2249.

ConfiguringPolicyMaptableResponseallowsyoutodefinehowthesystemshouldhandle
allowinganauthenticateduserontoaportbasedonthecontentsoftheRADIUSserver
AccessAcceptreply.Therearethreepossibleresponsesettings:tunnelmode,policymode,or

Authentication and Authorization Configuration

Overview of Authentication and Authorization Methods

bothtunnelandpolicy,alsoknownashybridauthenticationmode.RefertoConfiguring
PolicyMaptableResponseonpage 2252.

MACLockinglocksaporttooneormoreMACaddresses,preventingtheuseof
unauthorizeddevicesandMACspoofingontheportFordetails,refertoConfiguringMAC
Lockingonpage 2257.

PortWebAuthentication(PWA)passesalllogininformationfromtheendstationtoa
RADIUSserverforauthenticationbeforeallowingausertoaccessthenetwork.PWAisan
alternativeto802.1XandMACauthentication.Fordetails,refertoConfiguringPortWeb
Authentication(PWA)onpage 2268.

SecureShell(SSH)providessecureTelnet.Fordetails,refertoConfiguringSecureShell
(SSH)onpage 2280.

IPAccessLists(ACLs)permitsordeniesaccesstoroutinginterfacesbasedonprotocoland
inboundand/oroutboundIPaddressrestrictionsconfiguredinaccesslists.Fordetails,referto
ConfiguringAccessListsonpage 2282.

TACACS+(TerminalAccessControllerAccessControlSystemPlus) asecurityprotocol
developedbyCiscoSystemsthatcanbeusedasanalternativetothestandardRADIUS
securityprotocol(RFC2865).TACACS+runsoverTCPandencryptsthebodyofeachpacket.
RefertoChapter 23,TACACS+Configuration,forinformationaboutthecommandsusedto
configureTACACS+.

RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment

IfyouconfigureanauthenticationmethodthatrequirescommunicationwithaRADIUSserver,
youcanusetheRADIUSFilterIDattributetodynamicallyassignapolicyprofileand/or
managementleveltoauthenticatingusersand/ordevices.
TheRADIUSFilterIDattributeissimplyastringthatisformattedintheRADIUSAccessAccept
packetsentbackfromtheRADIUSservertotheswitchduringtheauthenticationprocess.
EachusercanbeconfiguredintheRADIUSserverdatabasewithaRADIUSFilterIDattribute
thatspecifiesthenameofthepolicyprofileand/ormanagementleveltheusershouldbeassigned
uponsuccessfulauthentication.Duringtheauthenticationprocess,whentheRADIUSserver
returnsaRADIUSAccessAcceptmessagethatincludesaFilterIDmatchingapolicyprofilename
configuredontheswitch,theswitchthendynamicallyappliesthepolicyprofiletothephysical
porttheuser/deviceisauthenticatingon.

Filter-ID Attribute Formats

Enterasys NetworkssupportstwoFilterIDformatsdecoratedandundecorated.The
decoratedformathasthreeforms:

Tospecifythepolicyprofiletoassigntotheauthenticatinguser(networkaccess
authentication):
Enterasys:version=1:policy=string
wherestringspecifiesthepolicyprofilename.Policyprofilenamesarecasesensitive.

Tospecifyamanagementlevel(managementaccessauthentication):
Enterasys:version=1:mgmt=level
wherelevelindicatesthemanagementlevel,eitherro,rw,orsu.

Tospecifybothmanagementlevelandpolicyprofile:
Enterasys:version=1:mgmt=level:policy=string

Enterasys B5 CLI Reference

22-3

Setting the Authentication Login Method

Theundecoratedformatissimplyastringthatspecifiesapolicyprofilename.Theundecorated
formatcannotbeusedformanagementaccessauthentication.
DecoratedFilterIDsareprocessedfirstbytheswitch.IfnodecoratedFilterIDsarefound,then
undecoratedFilterIDsareprocessed.IfmultipleFilterIDsarefoundthatcontainconflicting
values,aSyslogmessageisgenerated.

Setting the Authentication Login Method

Purpose
Toconfiguretheauthenticationloginmethodtobeusedformanagement.

Commands
Thecommandsusedtoconfiguretheauthenticationloginmethodarelistedbelow.
For information about...

Refer to page...

show authentication login

22-4

set authentication login

22-5

clear authentication login

22-5

show authentication login

Usethiscommandtodisplaythecurrentauthenticationloginmethodformanagement.

Syntax
show authentication login

Parameters
None.

Defaults
None.

Mode
Switchcommand,ReadOnly.

Example
Thisexampleshowshowtodisplaythecurrentauthenticationloginmethod.
B5(rw)->show authentication login
Authentication Login List
------------------------any

22-4

Authentication and Authorization Configuration

Method 1
-------tacacs

Method 2
-------radius

Method 3
-------local

set authentication login

Usethiscommandtosettheauthenticationloginmethod.

Syntax
set authentication login {any | local | radius | tacacs}

Parameters
any

Specifiesthattheauthenticationprotocolwillbeselectedusingthe
followingprecedenceorder:

TACACS+

RADIUS

Local

local

Specifiesthatthelocalnetworkpasswordsettingswillbeusedfor
authenticationlogin.

radius

SpecifiesthatRADIUSwillbeusedforauthenticationlogin.

tacacs

SpecifiesthatTACACS+willbeusedforauthenticationlogin.

Defaults
Ifthiscommandisnotexecuted,thedefaultloginmethodisany.

Mode
Switchcommand,ReadWrite.

Example
Thisexampleshowshowtosettheauthenticationloginmethodtousethelocalpasswordsettings:
B5(rw)->set authentication login local

clear authentication login

Usethiscommandtoresettheauthenticationloginmethodtothedefaultsettingofany.

Syntax
clear authentication login

Parameters
None.

Defaults
None.

Mode
Switchcommand,ReadWrite.

Enterasys B5 CLI Reference

22-5

Configuring RADIUS

Example
Thisexampleshowshowtoresettheauthenticationloginmethod.
B5(rw)->clear authentication login

Configuring RADIUS
Purpose
Toperformthefollowing:

ReviewtheRADIUSclient/serverconfigurationontheswitch.

EnableordisabletheRADIUSclient.

Setlocalandremoteloginoptions.

Setprimaryandsecondaryserverparameters,includingIPaddress,timeoutperiod,
authenticationrealm,andnumberofuserloginattemptsallowed.

ResetRADIUSserversettingstodefaultvalues.

ConfigureaRADIUSaccountingserver.

ConfiguretheinterfaceusedforthesourceIPaddressoftheRADIUSapplicationwhen
generatingRADIUSpackets.

Commands
For information about...

Refer to page...

show radius

22-6

set radius

22-8

clear radius

22-9

show radius accounting

22-10

set radius accounting

22-11

clear radius accounting

22-12

show radius interface

22-12

set radius interface

22-13

clear radius interface

22-14

show radius
UsethiscommandtodisplaythecurrentRADIUSclient/serverconfiguration.

Syntax
show radius [status | retries | timeout | server [index | all]]

22-6

Authentication and Authorization Configuration

show radius

Parameters
status

(Optional)DisplaystheRADIUSserversenablestatus.

retries

(Optional)DisplaysthenumberofretryattemptsbeforetheRADIUSserver
timesout.

timeout

(Optional)Displaysthemaximumamountoftime(inseconds)toestablish
contactwiththeRADIUSserverbeforeretryattemptsbegin.

server

(Optional)DisplaysRADIUSserverconfigurationinformation.

index|all

Forusewiththeserverparametertoshowserverconfigurationforall
serversoraspecificRADIUSserverasdefinedbyanindex.

Defaults
Ifnoparametersarespecified,allRADIUSconfigurationinformationwillbedisplayed.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayRADIUSconfigurationinformation:
B5(rw)->show radius
RADIUS status:
Enabled
RADIUS retries:
3
RADIUS timeout:
20 seconds
RADIUS Server
IP Address
----------------------10
172.16.20.10

Auth-Port
--------1812

Realm-Type
----------------management-access

Table 221providesanexplanationofthecommandoutput.
Table 22-1

show radius Output Details

Output Field

What It Displays...

RADIUS status

Whether RADIUS is enabled or disabled.

RADIUS retries

Number of retry attempts before the RADIUS server times out. The default value of 3
can be reset using the set radius command as described in set radius on
page 22-8.

RADIUS timeout

Maximum amount of time (in seconds) to establish contact with the RADIUS server
before retry attempts begin. The default value of 20 can be reset using the set
radius command as described in set radius on page 22-8.

RADIUS Server

RADIUS servers index number, IP address, and UDP authentication port.

Realm-Type

Realm defines who has to go through the RADIUS server for authentication.
Management-access: This means that anyone trying to access the switch (Telnet,
SSH, Local Management) has to authenticate through the RADIUS server.
Network-access: This means that all the users have to authenticate to a RADIUS
server before they are allowed access to the network.
Any-access: Means that both Management-access and Network-access have
been enabled.

Enterasys B5 CLI Reference

22-7

set radius

set radius
Usethiscommandtoenable,disable,orconfigureRADIUSauthentication.

Syntax
set radius {enable | disable} | {retries number-of-retries} | {timeout timeout} |
{server index ip-address port [secret-value] [realm {management-access | any |
network-access}} | {realm {management-access | any | network-access} {index| all}}

Parameters
enable|disable

EnablesordisablestheRADIUSclient.

retriesnumberof
retries

SpecifiesthenumberofretryattemptsbeforetheRADIUSservertimesout.
Validvaluesarefrom0to10.Defaultis3.

timeouttimeout

Specifiesthemaximumamountoftime(inseconds)toestablishcontact
withtheRADIUSserverbeforeretryattemptsbegin.Validvaluesarefrom1
to30.Defaultis20seconds.

serverindex
ip_addressport

Specifiestheindexnumber,IPaddressandtheUDPauthenticationportfor
theRADIUSserver.

secretvalue

(Optional)Specifiesanencryptionkeytobeusedforauthentication
betweentheRADIUSclientandserver.

realm
management
access|any|
networkaccess

RealmallowsyoutodefinewhohastogothroughtheRADIUSserverfor
authentication.

managementaccess:Thismeansthatanyonetryingtoaccesstheswitch
(Telnet,SSH,LocalManagement)hastoauthenticatethroughthe
RADIUSserver.

networkaccess:Thismeansthatalltheusershavetoauthenticatetoa
RADIUSserverbeforetheyareallowedaccesstothenetwork.

any:Meansthatbothmanagementaccessandnetworkaccesshave
beenenabled.

Note: If the management-access or any access realm has been configured, the
local admin account is disabled for access to the switch using the console, Telnet,
or Local Management. Only the network-access realm allows access to the local
admin account.

index|all

Appliestherealmsettingtoaspecificserverortoallservers.

Defaults
Ifsecretvalueisnotspecified,nonewillbeapplied.
Ifrealmisnotspecified,theanyaccessrealmwillbeused.

Mode
Switchcommand,readwrite.

Usage
TheEnterasysB5deviceallowsupto10RADIUSserverstobeconfigured,withuptotwoservers
activeatanygiventime.
TheRADIUSclientcanonlybeenabledontheswitchonceaRADIUSserverisonline,anditsIP
address(es)hasbeenconfiguredwiththesamepasswordtheRADIUSclientwilluse.
22-8

Authentication and Authorization Configuration

clear radius

Examples
ThisexampleshowshowtoenabletheRADIUSclientforauthenticatingwithRADIUSserver1at
IPaddress192.168.6.203,UDPauthenticationport1812,andanauthenticationpasswordof
pwsecret.Aspreviouslynoted,theserversecretpasswordenteredheremustmatchthat
alreadyconfiguredastheReadWrite(rw)passwordontheRADIUSserver:
B5(su)->set radius server 1 192.168.6.203 1812 pwsecret

ThisexampleshowshowtosettheRADIUStimeoutto5seconds:
B5(su)->set radius timeout 5

ThisexampleshowshowtosetRADIUSretriesto10:
B5(su)->set radius retries 10

Thisexampleshowshowtoforceanymanagementaccesstotheswitch(Telnet,web,SSH)to
authenticatethroughaRADIUSserver.Theallparameterattheendofthecommandmeansthat
anyofthedefinedRADIUSserverscanbeusedforthisAuthentication.
B5(rw)->set radius realm management-access all

clear radius
UsethiscommandtoclearRADIUSserversettings.

Syntax
clear radius [retries] | [timeout] | [server {index | all | realm {index | all}}]

Parameters
retries

ResetsthemaximumnumberofattemptsausercancontacttheRADIUS
serverbeforetimingoutto3.

timeout

ResetsthemaximumamountoftimetoestablishcontactwiththeRADIUS
serverbeforetimingoutto20seconds.

server

Deletesserversettings.

index|all

Forusewiththeserverparametertocleartheserverconfigurationforall
serversoraspecificRADIUSserverasdefinedbyanindex.

realm

ResetstherealmsettingforallserversoraspecificRADIUSserveras
definedbyanindex.

Mode
Switchcommand,readwrite.

Defaults
None.

Enterasys B5 CLI Reference

22-9

show radius accounting

Examples
ThisexampleshowshowtoclearallsettingsonallRADIUSservers:
B5(su)->clear radius server all

ThisexampleshowshowtoresettheRADIUStimeouttothedefaultvalueof20seconds:
B5(su)->clear radius timeout

show radius accounting

UsethiscommandtodisplaytheRADIUSaccountingconfiguration.Thistransmitsaccounting
informationbetweenanetworkaccessserverandasharedaccountingserver.

Syntax
show radius accounting [server] | [counter ip-address] | [retries] | [timeout]

Parameters
server

(Optional)DisplaysoneorallRADIUSaccountingserverconfigurations.

counteripaddress

(Optional)DisplayscountersforaRADIUSaccountingserver.

retries

(Optional)Displaysthemaximumnumberofattemptstocontactthe
RADIUSaccountingserverbeforetimingout.

timeout

(Optional)Displaysthemaximumamountoftimebeforetimingout.

Mode
Switchcommand,readonly.

Defaults
Ifnoparametersarespecified,allRADIUSaccountingconfigurationinformationwillbe
displayed.

Example
ThisexampleshowshowtodisplayRADIUSaccountingconfigurationinformation.Inthiscase,
RADIUSaccountingisnotcurrentlyenabledandglobaldefaultsettingshavenotbeenchanged.
Oneserverhasbeenconfigured.
FordetailsonenablingandconfiguringRADIUSaccounting,refertosetradiusaccountingon
page 2211:
B5(ro)->show radius accounting
RADIUS accounting status:
Disabled
RADIUS Acct Server IP Address Acct-Port Retries Timeout Status
------------------ ---------- --------- ------- ------- -----1
172.16.2.10 1856
3
20
Disabled

22-10

Authentication and Authorization Configuration

set radius accounting

UsethiscommandtoconfigureRADIUSaccounting.

Syntax
set radius accounting {[enable | disable] [retries retries] [timeout timeout]
[server ip_address port [server-secret]

Parameters
enable|disable

EnablesordisablestheRADIUSaccountingclient.

retriesretries

SetsthemaximumnumberofattemptstocontactaspecifiedRADIUS
accountingserverbeforetimingout.Validretryvaluesare010.

timeouttimeout

Setsthemaximumamountoftime(inseconds)toestablishcontactwitha
specifiedRADIUSaccountingserverbeforetimingout.Validtimeout
valuesare130.

serverip_address
portserversecret

Specifiestheaccountingservers:

IPaddress

UDPauthenticationport(065535)

serversecret(ReadWritepasswordtoaccessthisaccountingserver.
Devicewillpromptforthisentryuponcreatingaserverinstance,as
shownintheexamplebelow.)

Mode
Switchcommand,readwrite.

Defaults
None.

Examples
ThisexampleshowshowtoenabletheRADIUSaccountingclientforauthenticatingwiththe
accountingserveratIPaddress10.2.4.12,UDPauthenticationport1800.Aspreviouslynoted,the
serversecretpasswordenteredheremustmatchthatalreadyconfiguredastheReadWrite(rw)
passwordontheRADIUSaccountingserver:
B5(su)->set radius accounting server 10.2.4.12 1800
Enter secret:
Re-enter secret:

ThisexampleshowshowtosettheRADIUSaccountingtimeoutto30seconds:
B5(su)->set radius accounting timeout 30

ThisexampleshowshowtosetRADIUSaccountingretriesto10:
B5(su)->set radius accounting retries 10

Enterasys B5 CLI Reference

22-11

clear radius accounting

UsethiscommandtoclearRADIUSaccountingconfigurationsettings.

Syntax
clear radius accounting {server ip-address | retries | timeout | counter}

Parameters
serveripaddress

Clearstheconfigurationononeormoreaccountingservers.

retries

Resetstheretriestothedefaultvalueof3.

timeout

Resetsthetimeoutto5seconds.

counter

Clearscounters.

Mode
Switchcommand,readwrite.

Defaults
None.

Example
ThisexampleshowshowtoresettheRADIUSaccountingtimeoutto5seconds.
B5(su)->clear radius accounting timeout

show radius interface

UsethiscommandtodisplaytheinterfaceusedforthesourceIPaddressoftheRADIUS
applicationwhengeneratingRADIUSpackets.

Syntax
show radius interface

Parameters
None.

Defaults
None.

Mode
Switchmode,readonly.

Example
Thisexampledisplaystheoutputofthiscommand.Inthiscase,theIPaddressassignedto
loopbackinterface1willbeusedasthesourceIPaddressoftheRADIUSapplication.
B5(rw)->show radius interface
loopback 1

22-12

192.168.10.1

Authentication and Authorization Configuration

set radius interface

UsethiscommandtospecifytheinterfaceusedforthesourceIPaddressoftheRADIUS
applicationwhengeneratingRADIUSpackets.

Syntax
set radius interface {loopback loop-ID | vlan vlan-ID}

Parameters
loopbackloopID

Specifiestheloopbackinterfacetobeused.ThevalueofloopIDcan
rangefrom0to7.

vlanvlanID

SpecifiestheVLANinterfacetobeused.ThevalueofvlanIDcanrange
from1to4093.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
ThiscommandallowsyoutoconfigurethesourceIPaddressusedforthesourceIPaddressofthe
RADIUSapplicationwhengeneratingRADIUSpackets.Anyofthemanagementinterfaces,
includingVLANroutinginterfaces,canbeconfiguredasthesourceIPaddressusedinpackets
generatedbytheRADIUSapplication.
AninterfacemusthaveanIPaddressassignedtoitbeforeitcanbesetbythiscommand.
Ifnointerfaceisspecified,thentheIPaddressoftheHostinterface,ifconfigured,willbeusedfor
boththesourceIPaddressandNASIP.IfnointerfaceisspecifiedandnoHostaddressis
configured,thesourceIPaddresswillbetheaddressoftheroutedinterfaceonwhichthepacket
egresses.Ifloopback0hasbeenconfigured,theNASIPwillbesettotheIPaddressofloopback0.
Otherwise,theNASIPwillbezero.

Example
ThisexampleconfiguresanIPaddressonVLANinterface100andthensetsthatinterfaceasthe
RADIUSapplicationsourceIPaddress.
B5(rw)->router(Config-if(Vlan 100))#ip address 192.168.10.1 255.255.255.0
B5(rw)->router(Config-if(Vlan 100))#exit
B5(rw)->router(Config)#exit
B5(rw)->router#exit
B5(rw)->router>exit
B5(rw)->set radius interface vlan 100

B5(rw)->show radius interface

vlan 100

192.168.10.1

Enterasys B5 CLI Reference

22-13

clear radius interface

UsethiscommandtocleartheinterfaceusedforthesourceIPaddressoftheRADIUSapplication
backtothedefaultoftheHostinterface,ifconfigured.IfnoHostaddressisconfigured,thesource
IPaddresswillbetheaddressoftheroutedinterfaceonwhichthepacketegresses.

Syntax
clear radius interface

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThiscommandreturnstheinterfaceusedforthesourceIPaddressoftheRADIUSapplication
backtothedefaultoftheHostinterface.
B5(rw)->show radius interface
vlan 100

192.168.10.1

B5(rw)->clear radius interface

B5(rw)->

22-14

Authentication and Authorization Configuration

Configuring 802.1X Authentication

Purpose
Toreviewandconfigure802.1XauthenticationforoneormoreportsusingEAPOL(Extensible
AuthenticationProtocol).802.1Xcontrolsnetworkaccessbyenforcinguserauthorizationon
selectedports,whichresultsinallowingordenyingnetworkaccessaccordingtoRADIUSserver
configuration.
Note: To configure EAP pass-through, which allows client authentication packets to be forwarded
through the switch to an upstream device, 802.1X authentication must be globally disabled with the
set dot1x command (set dot1x on page 22-18).

Commands
For information about...

Refer to page...

show dot1x

22-15

show dot1x auth-config

22-17

set dot1x

22-18

set dot1x auth-config

22-19

clear dot1x auth-config

22-20

show eapol

22-21

set eapol

22-23

clear eapol

22-23

show dot1x
Usethiscommandtodisplay802.1Xstatus,diagnostics,statistics,andreauthenticationor
initializationcontrolinformationforoneormoreports.

Syntax
show dot1x [auth-diag] [auth-stats] [port [init | reauth]] [port-string]

Parameters
authdiag

(Optional)Displaysauthenticationdiagnosticsinformation.

authstats

(Optional)Displaysauthenticationstatistics.

portinit|reauth

(Optional)Displaysthestatusofportinitializationandreauthentication
controlfortheport.

portstring

(Optional)Displaysinformationforspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 71.

Defaults
Ifnoparametersarespecified,802.1Xstatuswillbedisplayed.

Enterasys B5 CLI Reference

22-15

show dot1x

Ifportstringisnotspecified,informationforallportswillbedisplayed.

Mode
Switchcommand,readonly.

Examples
Thisexampleshowshowtodisplay802.1Xstatus:
B5(su)->show dot1x
DOT1X is disabled.

Thisexampleshowshowtodisplayauthenticationdiagnosticsinformationforge.1.1:
B5(su)->show dot1x auth-diag ge.1.1
Port : 1
Auth-Diag
Enter Connecting:
EAP Logoffs While Connecting:
Enter Authenticating:
Success While Authenticating
Timeouts While Authenticating:
Fails While Authenticating:
ReAuths While Authenticating:
EAP Starts While Authenticating:
EAP logoff While Authenticating:
Backend Responses:
Backend Access Challenges:
Backend Others Requests To Supp:
Backend NonNak Responses From:
Backend Auth Successes:
Backend Auth Fails:

0
0
0
0
0
0
0
0
0
0
0
0
0
0
0

Thisexampleshowshowtodisplayauthenticationstatisticsforge.1.1:
B5(su)->show dot1x auth-stats
Port: 1
Auth-Stats
EAPOL Frames Rx:
EAPOL Frames Tx:
EAPOL Start Frames Rx:
EAPOL Logoff Frames Rx:
EAPOL RespId Frames Rx:
EAPOL Resp Frames Rx:
EAPOL Req Frames Tx:
EAP Length Error Frames Rx:
Last EAPOL Frame Version:
Last EAPOL Frame Source:

ge.1.1
0
0
0
0
0
0
0
0
0
00:00:00:00:00:00

Thisexampleshowshowtodisplaythestatusofportreauthenticationcontrolforge.1.1through
ge.1.6:
B5(su)->show dot1x port reauth ge.1.1-6
Port 1: Port reauthenticate:
FALSE
Port 2: Port reauthenticate:
FALSE
Port 3: Port reauthenticate:
FALSE
Port 4: Port reauthenticate:
FALSE
Port 5: Port reauthenticate:
FALSE
Port 6: Port reauthenticate:
FALSE

22-16

Authentication and Authorization Configuration

show dot1x auth-config

Usethiscommandtodisplay802.1Xauthenticationconfigurationsettingsforoneormoreports.

Syntax
show dot1x auth-config [authcontrolled-portcontrol] [maxreq] [quietperiod]
[reauthenabled] [reauthperiod] [servertimeout] [supptimeout] [txperiod]
[port-string]

Parameters
authcontrolled
portcontrol

(Optional)DisplaysthecurrentvalueofthecontrolledPortcontrol
parameterfortheport.

maxreq

(Optional)Displaysthevaluesetformaximumrequestscurrentlyinuseby
thebackendauthenticationstatemachine.

quietperiod

(Optional)Displaysthevaluesetforquietperiodcurrentlyinusebythe
authenticatorPAEstatemachine.

reauthenabled

(Optional)Displaysthestateofreauthenticationcontrolusedbythe
ReauthenticationTimerstatemachine.

reauthperiod

(Optional)Displaysthevalue,inseconds,setforthereauthentication
periodusedbythereauthenticationtimerstatemachine.

servertimeout

(Optional)Displaystheservertimeoutvalue,inseconds,currentlyinuse
bythebackendauthenticationstatemachine.

supptimeout

(Optional)Displaystheauthenticationsupplicanttimeoutvalue,in
seconds,currentlyinusebythebackendauthenticationstatemachine.

txperiod

(Optional)Displaysthetransmissionperiodvalue,inseconds,currentlyin
usebytheauthenticatorPAEstatemachine.

portstring

(Optional)Limitsthedisplayofdesiredinformationinformationtospecific
port(s).Foradetaileddescriptionofpossibleportstringvalues,referto
PortStringSyntaxUsedintheCLIonpage 71.

Defaults
Ifnoparametersarespecified,all802.1Xsettingswillbedisplayed.
Ifportstringisnotspecified,informationforallportswillbedisplayed.

Mode
Switchcommand,readonly.

Examples
ThisexampleshowshowtodisplaytheEAPOLportcontrolmodeforge.1.1:
B5(su)->show dot1x auth-config authcontrolled-portcontrol ge.1.1
Port 1: Auth controlled port control:
Auto

Thisexampleshowshowtodisplaythe802.1Xquietperiodsettingsforge.1.1:
B5(su)->show dot1x auth-config quietperiod ge.1.1
Port 1: Quiet period:
30

Thisexampleshowshowtodisplayall802.1Xauthenticationconfigurationsettingsforge.1.1:
B5(ro)->show dot1x auth-config ge.1.1

Enterasys B5 CLI Reference

22-17

set dot1x

Port : 1
Auth-Config
PAE state:
Backend auth state:
Admin controlled directions:
Oper controlled directions:
Auth controlled port status:
Auth controlled port control:
Quiet period:
Transmission period:
Supplicant timeout:
Server timeout:
Maximum requests:
Reauthentication period:
Reauthentication control:

Initialize
Initialize
Both
Both
Authorized
Auto
60
30
30
30
2
3600
Disabled

set dot1x
Usethiscommandtoenableordisable802.1Xauthentication,toreauthenticateoneormoreaccess
entities,ortoreinitializeoneormoresupplicants.

Syntax
set dot1x {enable | disable | port {init | reauth} {true | false} [port-string]}

Parameters
enable|disable

Enablesordisables802.1X.

port

Enableordisable802.1Xreauthenticationorinitializationcontrolononeor
moreports.

init|reauth

Configureinitializationorreauthenticationcontrol.

true|false

Enable(true)ordisable(false)reinitialization/reauthentication.

portstring

(Optional)Specifiestheport(s)toreinitializeorreauthenticate.

Defaults
Ifnoportsarespecified,thereinitializationorreauthenticationsettingwillbeappliedtoallports.

Mode
Switchcommand,readwrite.

Usage
Disabling802.1Xauthenticationglobally,bynotenteringaspecificportstringvalue,willenable
theEAPpassthroughfeature.EAPpassthroughallowsclientauthenticationpacketstobe
forwardedunmodifiedthroughtheswitchtoanupstreamdevice.

Examples
Thisexampleshowshowtoenable802.1X:
B5(su)->set dot1x enable

Thisexampleshowshowtoreinitializege.1.2:
B5(rw)->set dot1x port init true ge.1.2

22-18

Authentication and Authorization Configuration

set dot1x auth-config

Usethiscommandtoconfigure802.1Xauthentication.

Syntax
set dot1x auth-config {[authcontrolled-portcontrol {auto | forced-auth |
forced-unauth}] [maxreq value] [quietperiod value] [reauthenabled {false | true}]
[reauthperiod value] [servertimeout timeout] [supptimeout timeout] [txperiod
value]} [port-string]

Parameters
authcontrolled
portcontrol
auto|forcedauth|
forcedunauth

Specifiesthe802.1Xportcontrolmode.

autoSetportcontrolmodetoautocontrolledportcontrol.This
isthedefaultvalue.

forcedauthSetportcontrolmodetoForcedAuthorized
controlledportcontrol.

forcedunauthSetportcontrolmodetoForcedUnauthorized
controlledportcontrol.

maxreqvalue

Specifiesthemaximumnumberofauthenticationrequestsallowed
bythebackendauthenticationstatemachine.Validvaluesare110.
Defaultvalueis2.

quietperiodvalue

Specifiesthetime(inseconds)followingafailedauthentication
beforeanotherattemptcanbemadebytheauthenticatorPAEstate
machine.Validvaluesare065535.Defaultvalueis60seconds.

reauthenabledfalse|
true

Enables(true)ordisables(false)reauthenticationcontrolofthe
reauthenticationtimerstatemachine.Defaultvalueisfalse.

reauthperiodvalue

Specifiesthetimelapse(inseconds)betweenattemptsbythe
reauthenticationtimerstatemachinetoreauthenticateaport.Valid
valuesare065535.Defaultvalueis3600seconds.

servertimeouttimeout

Specifiesatimeoutperiod(inseconds)fortheauthenticationserver,
usedbythebackendauthenticationstatemachine.Validvaluesare1
300.Defaultvalueis30seconds.

supptimeouttimeout

Specifiesatimeoutperiod(inseconds)fortheauthentication
supplicantusedbythebackendauthenticationstatemachine.Valid
valuesare1300.Defaultvalueis30seconds.

txperiodvalue

Specifiestheperiod(inseconds)whichpassesbetweenauthenticator
PAEstatemachineEAPtransmissions.Validvaluesare065535.
Defaultvalueis30seconds.

portstring

(Optional)Limitstheconfigurationofdesiredsettingstospecified
port(s).Foradetaileddescriptionofpossibleportstringvalues,refer
toPortStringSyntaxUsedintheCLIonpage 71.

Defaults
Ifportstringisnotspecified,authenticationparameterswillbesetonallports.

Mode
Switchcommand,readwrite.

Enterasys B5 CLI Reference

22-19

clear dot1x auth-config

Examples
Thisexampleshowshowtoenablereauthenticationcontrolonportsge.1.13:
B5(su)->set dot1x auth-config reauthenabled true ge.1.1-3

Thisexampleshowshowtosetthe802.1Xquietperiodto120secondsonportsge.1.13:
B5(su)->set dot1x auth-config quietperiod 120 ge.1.1-3

clear dot1x auth-config

Usethiscommandtoreset802.1Xauthenticationparameterstodefaultvaluesononeormore
ports.

Syntax
clear dot1x auth-config [authcontrolled-portcontrol] [maxreq] [quietperiod]
[reauthenabled] [reauthperiod] [servertimeout] [supptimeout] [txperiod] [portstring]

Parameters
authcontrolled
portcontrol

(Optional)Resetsthe802.1Xportcontrolmodetoauto.

maxreq

(Optional)Resetsthemaximumrequestsvalueto2.

quietperiod

(Optional)Resetsthequietperiodvalueto60seconds.

reauthenabled

(Optional)Resetsthereauthenticationcontrolstatetodisabled(false).

reauthperiod

(Optional)Resetsthereauthenticationperiodvalueto3600seconds.

servertimeout

(Optional)Resetstheservertimeoutvalueto30seconds.

supptimeout

(Optional)Resetstheauthenticationsupplicanttimeoutvalueto30
seconds.

txperiod

(Optional)Resetsthetransmissionperiodvalueto30seconds.

portstring

(Optional)Resetssettingsonspecificport(s).Foradetaileddescriptionof
possibleportstringvalues,refertoPortStringSyntaxUsedintheCLIon
page 71.

Defaults
Ifnoparametersarespecified,allauthenticationparameterswillbereset.
Ifportstringisnotspecified,parameterswillbesetonallports.

Mode
Switchcommand,readwrite.

Examples
Thisexampleshowshowtoresetthe802.1Xportcontrolmodetoautoonallports:
B5(su)->clear dot1x auth-config authcontrolled-portcontrol

Thisexampleshowshowtoresetreauthenticationcontroltodisabledonportsge.1.13:
B5(su)->clear dot1x auth-config reauthenabled ge.1.1-3

22-20

Authentication and Authorization Configuration

show eapol

Thisexampleshowshowtoresetthe802.1Xquietperiodto60secondsonportsge.1.13:
B5(su)->clear dot1x auth-config quietperiod ge.1.1-3

show eapol
UsethiscommandtodisplayEAPOLstatusorsettingsforoneormoreports.

Syntax
show eapol [port-string]

Parameters
portstring

(Optional)DisplaysEAPOLstatusforspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 71.

Defaults
Ifportstringisnotspecified,onlyEAPOLenablestatuswillbedisplayed.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayEAPOLstatusforportsge.1.13:
B5(su)->show eapol ge.1.1-3
EAPOL is disabled.
Port
-------ge.1.1
ge.1.2
ge.1.3

Authentication State
-------------------Initialize
Initialize
Initialize

Authentication Mode
-------------------Auto
Auto
Auto

Table 222providesanexplanationofthecommandoutput.Fordetailsonusingtheseteapol
commandtoenabletheprotocolandassignanauthenticationmode,refertoseteapolon
page 2223.

Enterasys B5 CLI Reference

22-21

show eapol

Table 22-2

show eapol Output Details

Output Field

What It Displays...

Port

Port designation. For a detailed description of possible port-string values, refer to

Port String Syntax Used in the CLI on page 7-1.

Authentication State

Current EAPOL authentication state for each port. Possible internal states for the
authenticator (switch) are:
initialize: A port is in the initialize state when:

authentication is disabled,

authentication is enabled and the port is not linked, or

authentication is enabled and the port is linked. (In this case very
little time is spent in this state, it immediately transitions to the
connecting state, via disconnected.

disconnected: The port passes through this state on its way to connected
whenever the port is reinitialized, via link state change, reauthentication failure, or
management intervention.
connecting: While in this state, the authenticator sends request/ID messages to
the end user.
authenticating: The port enters this state from connecting after receiving a
response/ID from the end user. It remains in this state until the entire
authentication exchange between the end user and the authentication server
completes.
authenticated: The port enters this state from authenticating state after the
exchange completes with a favorable result. It remains in this state until linkdown,
logoff, or until a reauthentication begins.
aborting: The port enters this state from authenticating when any event occurs
that interrupts the login exchange.
held: After any login failure the port remains in this state for the number of
seconds equal to quietPeriod (can be set using MIB).
forceAuth: Management is allowing normal, unsecured switching on this port.
forceUnauth: Management is preventing any frames from being forwarded to or
from this port.
Authentication Mode Mode enabling network access for each port. Modes include:
Auto: Frames are forwarded according to the authentication state of each port.
Forced Authorized Mode: Meant to disable authentication on a port. It is
intended for ports that support ISLs and devices that cannot authenticate, such
as printers and file servers. If a default policy is applied to the port via the policy
profile MIB, then frames are forwarded according to the configuration set by that
policy, otherwise frames are forwarded according to the current configuration for
that port. Authentication using 802.1X is not possible on a port in this mode.
Forced Unauthorized Mode: All frames received on the port are discarded by a
filter. Authentication using 802.1X is not possible on a port in this mode.

22-22

Authentication and Authorization Configuration

set eapol

set eapol
UsethiscommandtoenableordisableEAPOLportbaseduserauthenticationwiththeRADIUS
serverandtosettheauthenticationmodeforoneormoreports.

Syntax
set eapol [enable | disable] [auth-mode {auto | forced-auth | forced-unauth}
port-string

Parameters
enable|disable

EnablesordisablesEAPOL.

authmode

Specifiestheauthenticationmodeas:

auto|
forcedauth|
forcedunauth

autoAutoauthorizationmode.Thisisthedefaultmodeandwill
forwardframesaccordingtotheauthenticationstateoftheport.For
detailsonthismode,refertoTable 222.

forcedauthForcedauthorizedmode,whichdisablesauthentication
ontheport.

forcedunauthForcedunauthorizedmode,whichfiltersanddiscards
allframesreceivedontheport.

portstring

Specifiestheport(s)onwhichtosetEAPOLparameters.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 71.

Defaults
None.

Mode
Switchcommand,readwrite.

Examples
ThisexampleshowshowtoenableEAPOL:
B5(su)->set eapol enable

ThisexampleshowshowtoenableEAPOLwithforcedauthorizedmodeonportge.1.1:
B5(su)->set eapol auth-mode forced-auth ge.1.1

clear eapol
UsethiscommandtogloballycleartheEAPOLauthenticationmode,ortoclearsettingsforoneor
moreports.

Syntax
clear eapol [auth-mode] [port-string]

Enterasys B5 CLI Reference

22-23

clear eapol

Parameters
authmode

(Optional)GloballyclearstheEAPOLauthenticationmode.

portstring

Specifiestheport(s)onwhichtoclearEAPOLparameters.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 71.

Defaults
Ifauthmodeisnotspecified,allEAPOLsettingswillbecleared.
Ifportstringisnotspecified,settingswillbeclearedforallports.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtocleartheEAPOLauthenticationmodeforportge.1.3:
B5(su)->clear eapol auth-mode ge.1.3

22-24

Authentication and Authorization Configuration

Configuring MAC Authentication

Purpose
Toreview,disable,enableandconfigureMACauthentication.Thisauthenticationmethodallows
thedevicetoauthenticatesourceMACaddressesinanexchangewithanauthenticationserver.
Theauthenticator(switch)selectsasourceMACseenonaMACauthenticationenabledportand
submitsittoabackendclientforauthentication.ThebackendclientusestheMACaddressstored
password,ifrequired,ascredentialsforanauthenticationattempt.Ifaccepted,astring
representinganaccesspolicyand/orVLANauthorizationmaybereturned.Ifpresent,theswitch
appliestheassociatedpolicyrulesandVLANsegmentation.
YoucanspecifyamasktoapplytoMACaddresseswhenauthenticatingusersthroughaRADIUS
server(seesetmacauthenticationsignificantbitsonpage 2235).Themostcommonuseof
significantbitmasksisforauthenticationofallMACaddressesforaspecificvendor.

Commands
For information about...

Refer to page...

show macauthentication

22-25

show macauthentication session

22-27

set macauthentication

22-28

set macauthentication password

22-28

clear macauthentication password

22-29

set macauthentication port

22-29

set macauthentication portinitialize

22-30

set macauthentication portquietperiod

22-30

clear macauthentication portquietperiod

22-31

set macauthentication macinitialize

22-31

set macauthentication reauthentication

22-32

set macauthentication portreauthenticate

22-32

set macauthentication macreauthenticate

22-33

set macauthentication reauthperiod

22-33

clear macauthentication reauthperiod

22-34

set macauthentication significant-bits

22-35

clear macauthentication significant-bits

22-35

show macauthentication
UsethiscommandtodisplayMACauthenticationinformationforoneormoreports.

Syntax
show macauthentication [port-string]

Enterasys B5 CLI Reference

22-25

show macauthentication

Parameters
portstring

(Optional)DisplaysMACauthenticationinformationforspecificport(s).
Foradetaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.

Defaults
Ifportstringisnotspecified,MACauthenticationinformationwillbedisplayedforallports.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayMACauthenticationinformationforge.2.1through8:
B5(su)->show macauthentication ge.2.1-8
MAC authentication:
- enabled
MAC user password:
- NOPASSWORD
Port username significant bits - 48
Port
------ge.2.1
ge.2.2
ge.2.3
ge.2.4
ge.2.5
ge.2.6
ge.2.7
ge.2.8

Port
State
-------disabled
disabled
disabled
disabled
disabled
disabled
disabled
disabled

Reauth
Period
---------3600
3600
3600
3600
3600
3600
3600
3600

Auth
Allowed
-------1
1
1
1
1
1
1
1

Auth
Allocated
--------1
1
1
1
1
1
1
1

Reauthentications
----------------disabled
disabled
disabled
disabled
disabled
disabled
disabled
disabled

Table 223providesanexplanationofthecommandoutput.
Table 22-3

22-26

show macauthentication Output Details

Output Field

What It Displays...

MAC authentication

Whether MAC authentication is globally enabled or disabled. Set using the set
macauthentication command as described in set macauthentication on
page 22-28.

MAC user password

User password associated with MAC authentication on the device. Set using the set
macauthentication password command as described in set macauthentication
password on page 22-28.

Port username
significant bits

Number of significant bits in the MAC addresses to be used starting with the left-most
bit of the vendor portion of the MAC address. The significant portion of the MAC
address is sent as a user-name credential when the primary attempt to authenticate
the full MAC address fails. Any other failure to authenticate the full address, (i.e.,
authentication server timeout) causes the next attempt to start once again with a full
MAC authentication. Default value of 48 can be changed with the set
macauthentication significant-bits command.

Port

Port designation. For a detailed description of possible port-string values, refer to

Port String Syntax Used in the CLI on page 7-1.

Port State

Whether or not MAC authentication is enabled or disabled on this port.

Authentication and Authorization Configuration

show macauthentication session

Table 22-3

show macauthentication Output Details (Continued)

Output Field

What It Displays...

Reauth Period

Reauthentication period for this port. Default value of 30 can be changed using the
set macauthentication reauthperiod command (page 22-33).

Auth Allowed

Number of concurrent authentications supported on this port.

Auth Allocated

Maximum number of MAC authentications permitted on this port.

Reauthentications

Whether or not reauthentication is enabled or disabled on this port. Set using the set
macauthentication reauthentication command (page 22-32).

show macauthentication session

UsethiscommandtodisplaytheactiveMACauthenticatedsessions.

Syntax
show macauthentication session

Parameters
None.

Defaults
Ifportstringisnotspecified,MACsessioninformationwillbedisplayedforallMAC
authenticationports.

Mode
Switchcommand,readonly.

Usage
ChangingtheReauthPeriodwiththesetmacauthenticationreauthperiodcommanddoesnot
affectcurrentsessions.Newsessionsdisplaythecorrectperiod.

Example
ThisexampleshowshowtodisplayMACsessioninformation:
B5(su)->show macauthentication session
Port
MAC Address
Duration
Reauth Period
--------------------- ---------- ------------ge.1.2
00:60:97:b5:4c:07 0,00:52:31 3600

Reauthentications
----------------disabled

Table 224providesanexplanationofthecommandoutput.
Table 22-4

show macauthentication session Output Details

Output Field

What It Displays...

Port

Port designation. For a detailed description of possible port-string values, refer to

Port String Syntax Used in the CLI on page 7-1.

MAC Address

MAC address associated with the session.

Duration

Time this session has been active.

Enterasys B5 CLI Reference

22-27

set macauthentication

Table 22-4

show macauthentication session Output Details (Continued)

Output Field

What It Displays...

Reauth Period

Reauthentication period for this port, set using the set macauthentication
reauthperiod command described in set macauthentication reauthperiod on
page 22-33.

Reauthentications

Whether or not reauthentication is enabled or disabled on this port. Set using the set
macauthentication reauthentication command described in set
macauthentication reauthentication on page 22-32.

set macauthentication
UsethiscommandtogloballyenableordisableMACauthentication.

Syntax
set macauthentication {enable | disable}

Parameters
enable|disable

GloballyenablesordisablesMACauthentication.

Mode
Switchcommand,readwrite.

Defaults
None.

Example
ThisexampleshowshowtogloballyenableMACauthentication:
B5(su)->set macauthentication enable

set macauthentication password

UsethiscommandtosetaMACauthenticationpassword.

Syntax
set macauthentication password password

Parameters
password

SpecifiesatextstringMACauthenticationpassword.

Defaults
None.

Mode
Switchcommand,readwrite.

22-28

Authentication and Authorization Configuration

clear macauthentication password

Example
ThisexampleshowshowtosettheMACauthenticationpasswordtomacauth:
B5(su)->set macauthentication password macauth

clear macauthentication password

UsethiscommandtocleartheMACauthenticationpassword.

Syntax
clear macauthentication password

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtocleartheMACauthenticationpassword:
B5(su)->clear macauthentication password

set macauthentication port

UsethiscommandtoenableordisableoneormoreportsforMACauthentication.

Syntax
set macauthentication port {enable | disable} port-string

Parameters
enable|disable

EnablesordisablesMACauthentication.

portstring

Specifiesport(s)onwhichtoenableordisableMACauthentication.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.

Defaults
None.

Mode
Switchcommand,readwrite.

Enterasys B5 CLI Reference

22-29

set macauthentication portinitialize

Usage
Enablingport(s)forMACauthenticationrequiresgloballyenablingMACauthenticationonthe
switchasdescribedinsetmacauthenticationonpage 2228,andthenenablingitonaportby
portbasis.Bydefault,MACauthenticationisgloballydisabledanddisabledonallports.

Example
ThisexampleshowshowtoenableMACauthenticationonge.2.1though5:
B5(su)->set macauthentication port enable ge.2.1-5

set macauthentication portinitialize

UsethiscommandtoforceoneormoreMACauthenticationportstoreinitializeandremoveany
currentlyactivesessionsonthoseports.

Syntax
set macauthentication portinitialize port-string

Parameters
portstring

SpecifiestheMACauthenticationport(s)toreinitialize.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 71.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoforcege.2.1through5toinitialize:
B5(su)->set macauthentication portinitialize ge.2.1-5

set macauthentication portquietperiod

Thissetsthenumberofsecondsfollowingafailedauthenticationbeforeanotherattemptmaybe
madeontheport.

Syntax
set macauthentication portquietperiod time port-string

Parameters

22-30

time

Periodinsecondstowaitafterafailedauthentication.Bydefault,thisis30
seconds.

portstring

Specifiestheportsforwhichthequitperiodistobeapplied.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 71.

Authentication and Authorization Configuration

clear macauthentication portquietperiod

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexamplesetsport1towait5secondsafterafailedauthenticationattemptbeforeanew
attemptcanbemade:
B5(su)->set macauthentication portquietperiod 5 ge.1.1

clear macauthentication portquietperiod

Thissetsthequietperiodbacktothedefaultvalueof30seconds.

Syntax
clear macauthentication portquietperiod [port-string]

Parameters
portstring

(Optional)Specifiestheportsforwhichthequietperiodistobereset.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.

Defaults
Ifaportstringisnotspecifiedthenallportswillbesettothedefaultportquietperiod.

Mode
Switchcommand,readwrite.

Example
Thisexampleresetsthedefaultquietperiodonport1:
B5(su)->clear macauthentication portquietperiod ge.1.1

set macauthentication macinitialize

UsethiscommandtoforceacurrentMACauthenticationsessiontoreinitializeandremovethe
session.

Syntax
set macauthentication macinitialize mac-addr

Parameters
macaddr

SpecifiestheMACaddressofthesessiontoreinitialize.

Enterasys B5 CLI Reference

22-31

set macauthentication reauthentication

Mode
Switchcommand,readwrite.

Defaults
None.

Example
ThisexampleshowshowtoforcetheMACauthenticationsessionforaddress006097b54c07
toreinitialize:
B5(su)->set macauthentication macinitialize 00-60-97-b5-4c-07

set macauthentication reauthentication

UsethiscommandtoenableordisablereauthenticationofallcurrentlyauthenticatedMAC
addressesononeormoreports.

Syntax
set macauthentication reauthentication {enable | disable} port-string

Parameters
enable|disable

EnablesordisablesMACreauthentication.

portstring

Specifiesport(s)onwhichtoenableordisableMACreauthentication.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoenableMACreauthenticationonge.4.1though5:
B5(su)->set macauthentication reauthentication enable ge.4.1-5

set macauthentication portreauthenticate

Usethiscommandtoforceanimmediatereauthenticationofthecurrentlyactivesessionsonone
ormoreMACauthenticationports.

Syntax
set macauthentication portreauthenticate port-string

22-32

Authentication and Authorization Configuration

set macauthentication macreauthenticate

Parameters
portstring

SpecifiesMACauthenticationport(s)tobereauthenticated.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 71.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoforcege.2.1though5toreauthenticate:
B5(su)->set macauthentication portreauthentication ge.2.1-5

set macauthentication macreauthenticate

UsethiscommandtoforceanimmediatereauthenticationofaMACaddress.

Syntax
set macauthentication macreauthenticate mac-addr

Parameters
macaddr

SpecifiestheMACaddressofthesessiontoreauthenticate.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoforcetheMACauthenticationsessionforaddress006097b54c07
toreauthenticate:
B5(su)->set macauthentication macreauthenticate 00-60-97-b5-4c-07

set macauthentication reauthperiod

UsethiscommandtosettheMACreauthenticationperiod(inseconds).Thisisthetimelapse
betweenattemptstoreauthenticateanycurrentMACaddressauthenticatedtoaport.

Syntax
set macauthentication reauthperiod time port-string

Enterasys B5 CLI Reference

22-33

clear macauthentication reauthperiod

Parameters
time

Specifiesthenumberofsecondsbetweenreauthenticationattempts.Valid
valuesare14294967295.

portstring

Specifiestheport(s)onwhichtosettheMACreauthenticationperiod.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
ChangingtheReauthPeriodwiththesetmacauthenticationreauthperiodcommanddoesnot
affectcurrentsessions.Newsessionswillusethecorrectperiod.

Example
ThisexampleshowshowtosettheMACreauthenticationperiodto7200seconds(2hours)on
ge.2.1through5:
B5(su)->set macauthentication reauthperiod 7200 ge.2.1-5

clear macauthentication reauthperiod

UsethiscommandtocleartheMACreauthenticationperiodononeormoreports.

Syntax
clear macauthentication reauthperiod [port-string]

Parameters
portstring

(Optional)ClearstheMACreauthenticationperiodonspecificport(s).Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.

Defaults
Ifportstringisnotspecified,thereauthenticationperiodwillbeclearedonallports.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtogloballycleartheMACreauthenticationperiod:
B5(su)->clear macauthentication reauthperiod

22-34

Authentication and Authorization Configuration

set macauthentication significant-bits

UsethiscommandtosetthenumberofsignificantbitsoftheMACaddresstousefor
authentication.

Syntax
set macauthentication significant-bits number

Parameters
number

Specifiesthenumberofsignificantbitstobeusedforauthentication.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
ThiscommandallowsyoutospecifyamasktoapplytoMACaddresseswhenauthenticating
usersthroughaRADIUSserver.Themostcommonuseofsignificantbitmasksisfor
authenticationofallMACaddressesforaspecificvendor.
OnswitchesusingMACauthentication,theMACaddressofauserattemptingtologinissentto
theRADIUSserverastheusername.Ifaccessisdenied,andifasignificantbitmaskhasbeen
configured(otherthan48)withthiscommand,theswitchwillapplythemaskandresendthe
maskedaddresstotheRADIUSserver.Forexample,ifauserwithMACaddressof0016CF12
3456isdeniedaccess,anda32bitmaskhasbeenconfigured,theswitchwillapplythemaskand
resendaMACaddressof0016CF120000totheRADIUSserver.
Touseasignificantbitsmaskforauthenticationofdevicesbyaparticularvendor,specifya24bit
mask,tomaskouteverythingexceptthevendorportionoftheMACaddress.

Example
ThisexamplesetstheMACauthenticationsignificantbitsmaskto24.
B5(su)->set macauthentication significant-bits 24

clear macauthentication significant-bits

UsethiscommandtoresetthenumberofsignificantbitsoftheMACaddresstousefor
authenticationtothedefaultof48.

Syntax
clear macauthentication significant-bits

Parameters
None.

Defaults
None.

Enterasys B5 CLI Reference

22-35

clear macauthentication significant-bits

Mode
Switchcommand,readwrite.

Example
ThisexampleresetstheMACauthenticationsignificantbitsto48.
B5(su)->clear macauthentication significant-bits

22-36

Authentication and Authorization Configuration

Configuring Multiple Authentication Methods

About Multiple Authentication Types
Whenenabled,multipleauthenticationtypesallowsausertoauthenticateusingmorethanone
methodonthesameport.Inorderformultipleauthenticationtofunctiononthedevice,each
possiblemethodofauthentication(MACauthentication,802.1X,PWA)mustbeenabledglobally
andconfiguredappropriatelyonthedesiredportswithitscorrespondingcommandsetdescribed
inthischapter.Theprecedenceconfiguredfortheauthenticationmethodsdetermineswhich
authenticationmethodisactuallyappliedtotheuser,device,orport.
Multipleauthenticationmodemustbegloballyenabledonthedeviceusingthesetmultiauth
modecommand.Authenticationprecedencecanbeconfiguredwiththesetmultiauthprecedence
command.

About Multi-User Authentication

Multiuserauthenticationreferstotheabilitytoauthenticatemorethanoneuserordeviceonthe
sameport,witheachuserordevicebeingprovidedtheappropriatelevelofnetworkresources
basedonpolicy.
Whenasinglesupplicantconnectedtoanaccesslayerportauthenticates,apolicyprofilecanbe
dynamicallyappliedtoalltrafficontheport.Whenmultiuserauthenticationisnotimplemented,
andmorethanonesupplicantisconnectedtoaport,thefirmwaredoesnotprovisionnetwork
resourcesonaperuserorperdevicebasis,eventhoughdifferentusersordevicesmayrequirea
differentsetofnetworkresources.
Inordertosupportprovisioningnetworkresourcesonaperuserbasis,byapplyingthepolicy
configuredintheRADIUSfilterIDorRFC3580tunnelattributesforagivenuserordevice,the
switchmustbethepointofauthenticationfortheattacheddevices.TheRADIUSfilterIDand
tunnelattributesarepartoftheRADIUSuseraccountandareincludedintheRADIUSaccess
acceptmessageresponsereceivedbytheswitchfromtheauthenticationserver.
Themaximumnumberofmultipleuserssupportedperportdependsonyourplatform.Referto
Appendix A,PolicyandAuthenticationCapacitiesforadescriptionofthemultiusercapacities
foryourdevice.Bydefault,thenumberofallowedusersperportissetto1.Toconfigurethe
numberofallowedusersperport,usethesetmultiauthportnumuserscommand.Usetheshow
multiauthportcommandtodisplaythecurrentvaluesofMaxusersandAllowedusersper
port.

Commands
For information about...

Refer to page...

show multiauth

22-38

set multiauth mode

22-39

clear multiauth mode

22-39

set multiauth precedence

22-40

clear multiauth precedence

22-40

show multiauth port

22-41

set multiauth port

22-41

Enterasys B5 CLI Reference

22-37

show multiauth

For information about...

Refer to page...

clear multiauth port

22-42

show multiauth station

22-43

show multiauth session

22-43

show multiauth idle-timeout

22-44

set multiauth idle-timeout

22-45

clear multiauth idle-timeout

22-46

show multiauth session-timeout

22-46

set multiauth session-timeout

22-47

clear multiauth session-timeout

22-48

show multiauth
Usethiscommandtodisplaymultipleauthenticationsystemconfiguration.

Syntax
show multiauth

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaymultipleauthenticationsystemconfiguration:
B5(rw)->show multiauth
Multiple authentication system configuration
------------------------------------------------Supported types
: dot1x, pwa, mac
Maximum number of users
: 768
Current number of users
: 2
System mode
: multi
Default precedence
: dot1x, pwa, mac
Admin precedence
: dot1x, pwa, mac
Operational precedence
: dot1x, pwa, mac

22-38

Authentication and Authorization Configuration

set multiauth mode

Usethiscommandtosetthesystemauthenticationmodetoallowmultipleauthenticators
simultaneously(802.1x,PWA,andMACAuthentication)onasingleport,ortostrictlyadhereto
802.1xauthentication.

Syntax
set multiauth mode {multi | strict}

Parameters
multi

Allowsthesystemtousemultipleauthenticatorssimultaneously(802.1x,
PWA,andMACAuthentication)onaport.Thisisthedefaultmode.

strict

Usermustauthenticateusing802.1xauthenticationbeforenormaltraffic
(anythingotherthanauthenticationtraffic)canbeforwarded.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
MultiauthmultimoderequiresthatMAC,PWA,and802.1Xauthenticationbeenabledglobally,
andconfiguredappropriatelyonthedesiredportsaccordingtotheircorrespondingcommand
setsdescribedinthischapter.RefertoConfiguring802.1XAuthenticationonpage 2215and
ConfiguringMACAuthenticationonpage 2225andConfiguringPortWebAuthentication
(PWA)onpage 2268.

Example
Thisexampleshowshowtoenablesimultaneousmultipleauthentications:
B5(rw)->set multiauth mode multi

clear multiauth mode

Usethiscommandtoclearthesystemauthenticationmode.

Syntax
clear multiauth mode

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Enterasys B5 CLI Reference

22-39

set multiauth precedence

Example
Thisexampleshowshowtoclearthesystemauthenticationmode:
B5(rw)->clear multiauth mode

set multiauth precedence

Usethiscommandtosetthesystemsmultipleauthenticationadministrativeprecedence.

Syntax
set multiauth precedence {[dot1x] [mac] [pwa]}

Parameters
dot1x

Setsprecedencefor802.1Xauthentication.

mac

SetsprecedenceforMACauthentication.

pwa

Setsprecedenceforportwebauthentication

Defaults
Defaultprecedenceorderisdot1x,pwa,mac.

Mode
Switchcommand,readwrite.

Usage
Whenauserissuccessfullyauthenticatedbymorethanonemethodatthesametime,the
precedenceoftheauthenticationmethodswilldeterminewhichRADIUSreturnedfilterIDwillbe
processedandresultinanappliedtrafficpolicyprofile.

Example
ThisexampleshowshowtosetprecedenceforMACauthentication:
B5(rw)->set multiauth precedence mac dot1x

clear multiauth precedence

Usethiscommandtoclearthesystemsmultipleauthenticationadministrativeprecedencetothe
defaultprecedenceorder.

Syntax
clear multiauth precedence

Parameters
None.

Defaults
None.

22-40

Authentication and Authorization Configuration

show multiauth port

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoclearthemultipleauthenticationprecedence:
B5(rw)->clear multiauth precedence

show multiauth port

Usethiscommandtodisplaymultipleauthenticationpropertiesforoneormoreports.

Syntax
show multiauth port [port-string]

Parameters
portstring

(Optional)Displaysmultipleauthenticationinformationforspecificport(s).

Defaults
Ifportstringisnotspecified,multipleauthenticationinformationwillbedisplayedforallports.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaymultipleauthenticationinformationforportsge.3.14.The
numberofMaxusersshownbythiscommandvariesdependingontheplatform.
B5(rw)->show multiauth port ge.3.1-4
Port

Mode

Max
users
------------ ------------ ---------ge.3.1
auth-opt
n
ge.3.2
auth-opt
n
ge.3.3
auth-opt
n
ge.3.4
auth-opt
n

Allowed
users
---------1
1
1
1

Current
users
---------0
0
0
0

set multiauth port

Usethiscommandtosetmultipleauthenticationpropertiesforoneormoreports.

Syntax
set multiauth port mode {auth-opt | auth-reqd | force-auth | force-unauth} |
numusers numusers port-string

Enterasys B5 CLI Reference

22-41

clear multiauth port

Parameters
mode
authopt|
authreqd|
forceauth|
forceunauth

Specifiestheport(s)multipleauthenticationmodeas:

authoptAuthenticationoptional(nonstrictbehavior).Ifauser
doesnotattempttoauthenticateusing802.1x,orif802.1x
authenticationfails,theportwillallowtraffictobeforwarded
accordingtothedefineddefaultVLAN.

authreqdAuthenticationisrequired.

forceauthAuthenticationconsidered.

forceunauthAuthenticationdisabled.

numusers
numusers

Specifiesthenumberofusersallowedauthenticationonport(s).Valid
valuesdependonyourspecificplatform.RefertoAppendix A,Policyand
AuthenticationCapacitiesforinformationaboutmultiusercapacities.

portstring

Specifiestheport(s)onwhichtosetmultipleauthenticationproperties.

Defaults
Defaultvalueforthenumberofusersallowedtoauthenticateonaportis1.

Mode
Switchcommand,readwrite.

Examples
Thisexampleshowshowtosettheportmultipleauthenticationmodetorequiredonge.3.14:
B5(rw)->set multiauth port mode auth-reqd ge.3.14

Thisexampleshowshowtosetthenumberofusersallowedtoauthenticateonportge.3.14to2:
B5(rw)->set multiauth port numusers 2 ge.3.14

clear multiauth port

Usethiscommandtoclearmultipleauthenticationpropertiesforoneormoreports.

Syntax
clear multiauth port {mode | numusers} port-string

Parameters
mode

Clearsthespecifiedportsmultipleauthenticationmode.

numusers

Clearsthevaluesetforthenumberofusersallowedauthenticationonthe
specifiedport.

portstring

Specifiestheportorportsonwhichtoclearmultipleauthentication
properties.

Defaults
None.

22-42

Authentication and Authorization Configuration

show multiauth station

Mode
Switchcommand,readwrite.

Examples
Thisexampleshowshowtocleartheportmultipleauthenticationmodeonportge.3.14:
B5(rw)->clear multiauth port mode ge.3.14

Thisexampleshowshowtoclearthenumberofusersonportge.3.14:
B5(rw)->clear multiauth port numusers ge.3.14

show multiauth station

Usethiscommandtodisplaymultipleauthenticationstation(enduser)entries.

Syntax
show multiauth station [mac address] [port port-string]

Parameters
macaddress

(Optional)Displaysmultipleauthenticationstationentriesforaspecific
MACaddress.

portportstring

(Optional)Displaysmultipleauthenticationstationentriesforoneormore
ports.

Mode
Switchcommand,readonly.

Defaults
Ifnooptionsarespecified,multipleauthenticationstationentrieswillbedisplayedforallMAC
addressesandports.

Example
Thisexampleshowshowtodisplaymultipleauthenticationstationentries.Inthiscase,twoend
userMACaddressesareshown:
B5(rw)->show
Port
-----------ge.1.20
ge.2.16

multiauth station
Address type Address
------------ -----------------------mac
00-10-a4-9e-24-87
mac
00-b0-d0-e5-0c-d0

show multiauth session

Usethiscommandtodisplaymultipleauthenticationsessionentries.

Syntax
show multiauth session [all] [agent {dot1x | mac | pwa}] [mac address]
[port port-string]

Enterasys B5 CLI Reference

22-43

show multiauth idle-timeout

Parameters
all

(Optional)Displaysinformationaboutallsessions,includingthosewith
terminatedstatus.

agentdot1x|mac|
pwa

(Optional)Displays802.1X,orMAC,orportwebauthenticationsession
information.

macaddress

(Optional)Displaysmultipleauthenticationsessionentriesforspecific
MACaddress(es).

portportstring

(Optional)Displaysmultipleauthenticationsessionentriesforthe
specifiedportorports.

Defaults
Ifnooptionsarespecified,multipleauthenticationsessionentrieswillbedisplayedforall
sessions,authenticationtypes,MACaddresses,andports.

Mode
Switchcommand,readonly.

Example
Thisexampleshowshowtodisplaymultipleauthenticationsessioninformationforportge.1.1.
B5(su)->show multiauth session port ge.1.1
__________________________________________
Port
| ge.1.1
Station address
Auth status
| success
Last attempt
Agent type
| dot1x
Session applied
Server type
| radius
VLAN-Tunnel-Attr
Policy index
| 0
Policy name
Session timeout | 0
Session duration
Idle timeout
| 5
Idle time
Termination time | Not Terminated

|
|
|
|
|
|
|

00-01-03-86-0A-87
FRI MAY 18 11:16:36 2007
true
none
Administrator
0,00:00:25
0,00:00:00

show multiauth idle-timeout

Usethiscommandtodisplaythetimeoutvalue,inseconds,foranidlesessionforall
authenticationmethods.

Syntax
show multiauth idle-timeout

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

22-44

Authentication and Authorization Configuration

set multiauth idle-timeout

Example
Thisexampleshowshowtodisplaytimeoutvaluesforanidlesessionforallauthenticationtypes.
B5(su)->show multiauth idle-timeout
Authentication type Timeout (sec)
------------------- ------------dot1x
0
pwa
0
mac
0

set multiauth idle-timeout

Usethiscommandtosetthemaximumnumberofconsecutivesecondsanauthenticatedsession
maybeidlebeforeterminationofthesession.

Syntax
set multiauth idle-timeout [dot1x | mac | pwa] timeout

Parameters
dot1x

(Optional)SpecifiestheIEEE802.1Xportbasednetworkaccesscontrol
authenticationmethodforwhichtosetthetimeoutvalue.

mac

(Optional)SpecifiestheEnterasysMACauthenticationmethodfor
whichtosetthetimeoutvalue.

pwa

(Optional)SpecifiestheEnterasysPortWebAuthenticationmethodfor
whichtosetthetimeoutvalue.

timeout

Specifiesthetimeoutvalueinseconds.Thevaluecanrangefrom0to
65535.Avalueof0meansthatnoidletimeoutwillbeappliedunlessan
idletimeoutvalueisprovidedbytheauthenticatingserver.

Defaults
Ifnoauthenticationmethodisspecified,theidletimeoutvalueissetforallauthentication
methods.

Mode
Switchmode,readwrite.

Usage
Ifyousetanidletimeoutvalue,aMACuserwhoseMACaddresshasagedoutoftheforwarding
databasewillbeunauthenticatedifnotraffichasbeenseenfromthataddressforthespecifiedidle
timeoutperiod.
Avalueofzeroindicatesthatnoidletimeoutwillbeappliedunlessanidletimeoutvalueis
providedbytheauthenticatingserver.Forexample,ifasessionisauthenticatedbyaRADIUS
server,thatservermayencodeaIdleTimeoutAttributeinitsauthenticationresponse.

Example
Thisexamplesetstheidletimeoutvalueforallauthenticationmethodsto300seconds.
B5(su)->set multiauth idle-timeout 300

Enterasys B5 CLI Reference

22-45

clear multiauth idle-timeout

Usethiscommandtoresetthemaximumnumberofconsecutivesecondsanauthenticatedsession
maybeidlebeforeterminationofthesessiontoitsdefaultvalueof0.

Syntax
clear multiauth idle-timeout [dot1x | mac | pwa]

Parameters
dot1x

(Optional)SpecifiestheIEEE802.1Xportbasednetworkaccesscontrol
authenticationmethodforwhichtoresetthetimeoutvaluetoits
default.

mac

(Optional)SpecifiestheEnterasysMACauthenticationmethodfor
whichtoresetthetimeoutvaluetoitsdefault.

pwa

(Optional)SpecifiestheEnterasysPortWebAuthenticationmethodfor
whichtoresetthetimeoutvaluetoitsdefault.

Defaults
Ifnoauthenticationmethodisspecified,theidletimeoutvalueisresettoitsdefaultvalueof0for
allauthenticationmethods.

Mode
Switchmode,readwrite.

Example
Thisexampleresetstheidletimeoutvalueforallauthenticationmethodsto0seconds.
B5(su)->clear multiauth idle-timeout

show multiauth session-timeout

Usethiscommandtodisplaythesessiontimeoutvalue,inseconds,forallauthenticationmethods.

Syntax
show multiauth session-timeout

Parameters
None.

Defaults
None.

Mode
Switchmode,readonly.

22-46

Authentication and Authorization Configuration

set multiauth session-timeout

Example
Thisexampledisplaysthesessiontimeoutvaluesforallauthenticationmethods.
B5(su)->show multiauth session-timeout
Authentication type Timeout (sec)
------------------- ------------dot1x
0
pwa
0
mac
0

set multiauth session-timeout

Usethiscommandtosetthemaximumnumberofsecondsanauthenticatedsessionmaylast
beforeterminationofthesession.

Syntax
set multiauth session-timeout [dot1x | mac | pwa] timeout

Parameters
dot1x

(Optional)SpecifiestheIEEE802.1Xportbasednetworkaccesscontrol
authenticationmethodforwhichtosetthesessiontimeoutvalue.

mac

(Optional)SpecifiestheEnterasysMACauthenticationmethodfor
whichtosetthesessiontimeoutvalue.

pwa

(Optional)SpecifiestheEnterasysPortWebAuthenticationmethodfor
whichtosetthesessiontimeoutvalue.

timeout

Specifiesthetimeoutvalueinseconds.Thevaluecanrangefrom0to
65535.Avalueof0meansthatnosessiontimeoutwillbeappliedunless
asessiontimeoutvalueisprovidedbytheauthenticatingserver.

Defaults
Ifnoauthenticationmethodisspecified,thesessiontimeoutvalueissetforallauthentication
methods.

Mode
Switchmode,readwrite.

Usage
Avalueofzeromaybesupersededbyasessiontimeoutvalueprovidedbytheauthenticating
server.Forexample,ifasessionisauthenticatedbyaRADIUSserver,thatservermayencodea
SessionTimeoutAttributeinitsauthenticationresponse.

Example
ThisexamplesetsthesessiontimeoutvaluefortheIEEE802.1Xauthenticationmethodto300
seconds.
B5(su)->set multiauth session-timeout dot1x 300

Enterasys B5 CLI Reference

22-47

clear multiauth session-timeout

Usethiscommandtoresetthemaximumnumberofconsecutivesecondsanauthenticatedsession
maylastbeforeterminationofthesessiontoitsdefaultvalueof0.

Syntax
clear multiauth session-timeout [dot1x | mac | pwa]

Parameters
dot1x

(Optional)SpecifiestheIEEE802.1Xportbasednetworkaccesscontrol
authenticationmethodforwhichtoresetthetimeoutvaluetoits
default.

mac

(Optional)SpecifiestheEnterasysMACauthenticationmethodfor
whichtoresetthetimeoutvaluetoitsdefault.

pwa

(Optional)SpecifiestheEnterasysPortWebAuthenticationmethodfor
whichtoresetthetimeoutvaluetoitsdefault.

Defaults
Ifnoauthenticationmethodisspecified,thesessiontimeoutvalueisresettoitsdefaultvalueof0
forallauthenticationmethods.

Mode
Switchmode,readwrite.

Example
ThisexampleresetsthesessiontimeoutvaluefortheIEEE802.1Xauthenticationmethodto0
seconds.
B5(su)->clear multiauth session-timeout dot1x

Configuring User + IP Phone Authentication

User+IPphoneauthenticationisalegacyfeaturethatallowsauserandtheirIPphonetobothuse
asingleportontheswitch buttohaveseparatepolicyroles.TheusersPCandtheirIPphoneare
daisychainedtogetherwithasingleconnectiontothenetwork.
Thisspecialapplicationofmultiuserauthenticationwasinheritedfromlegacyplatforms(suchas
theB2andC2)thatcouldnotnativelysupportmultipleusersperport.TheEnterasysB5can
supportmultipleusersperportsotheUser+IPphoneapplicationshouldonlybeusedifyouare
integratingEnterasysB5sintoalegacydeployment.

WithUser+IPPhoneauthentication,thepolicyrolefortheIPphoneisstaticallymappedusing
apolicyadminrulewhichassignsanypacketsreceivedwithaVLANtagsettoaspecificVID(for
example,VoiceVLAN)toanspecifiedpolicyrole(forexample,IPPhonepolicyrole).Therefore,it
isrequiredthattheIPphonebeconfiguredtosendVLANtaggedpacketstaggedfortheVoice
VLAN.RefertotheUsagesectionforthecommandsetpolicyruleonpage 1110foradditional
informationaboutconfiguringapolicyadminrulethatmapsaVLANtagtoapolicyrole.
NotethatiftheIPphoneauthenticatestothenetwork,theRADIUSacceptmessagemustreturn
nullvaluesforRFC3580tunnelattributesandtheFilterID.

22-48

Authentication and Authorization Configuration

Configuring VLAN Authorization (RFC 3580)

Thesecondpolicyrole,fortheuser,caneitherbestaticallyconfiguredwiththedefaultpolicyrole
ontheportordynamicallyassignedthroughauthenticationtothenetwork(usingaRADIUS
FilterID).Whenthedefaultpolicyroleisassignedonaport,theVLANsetastheportsPVIDis
mappedtothedefaultpolicyrole.Whenapolicyroleisdynamicallyappliedtoauserastheresult
ofasuccessfullyauthenticatedsession,theauthenticatedVLANismappedtothepolicyroleset
intheFilterIDreturnedfromtheRADIUSserver.TheauthenticatedVLANmayeitherbethe
PVIDoftheport,ifthePVIDOverrideforthepolicyprofileisdisabled,ortheVLANspecifiedin
thePVIDOverrideifthePVIDOverrideisenabled.

Configuring VLAN Authorization (RFC 3580)

Purpose
RFC3580TunnelAttributesprovideamechanismtocontainan802.1X,MAC,orPWA
authenticatedusertoaVLANregardlessofthePVID.ThisisreferredtoasdynamicVLAN
assignment.
Pleaseseesection331ofRFC3580fordetailsonconfiguringaRADIUSservertoreturnthe
desiredtunnelattributes.AsstatedinRFC3580,...itmaybedesirabletoallowaporttobeplaced
intoaparticularVirtualLAN(VLAN),definedin[IEEE8021Q],basedontheresultofthe
authentication.
TheRADIUSservertypicallyindicatesthedesiredVLANbyincludingtunnelattributeswithinits
AccessAcceptparameters.However,theIEEE802.1XorMACauthenticatorcanalsobe
configuredtoinstructtheVLANtobeassignedtothesupplicantbyincludingtunnelattributes
withinAccessRequestparameters.
ThefollowingtunnelattributesareusedinVLANauthorizationassignment:

TunnelTypeVLAN(13)

TunnelMediumType802

TunnelPrivateGroupIDVLANID

InordertoauthenticateRFC3580users,policymaptableresponsemustbesettotunnelas
describedinConfiguringPolicyMaptableResponseonpage 2252.
Note: A policy license, if applicable, is not required to deploy RFC 3580 dynamic VLAN
assignment.

Commands
For information about...

Refer to page...

set vlanauthorization

22-50

set vlanauthorization egress

22-50

clear vlanauthorization

22-51

show vlanauthorization

22-51

Enterasys B5 CLI Reference

22-49

set vlanauthorization

set vlanauthorization
EnableordisabletheuseoftheRADIUSVLANtunnelattributetoputaportintoaparticular
VLANbasedontheresultofauthentication.

Syntax
set vlanauthorization {enable | disable} [port-string]

Parameters
enable|disable

Enablesordisablesvlanauthorization/tunnelattributes.

portstring

(Optional)SpecifieswhichportstoenableordisabletheuseofVLAN
tunnelattributes/authorization.Foradetaileddescriptionofpossibleport
stringvalues,refertoPortStringSyntaxUsedintheCLIonpage 71.

Defaults
VLANauthenticationisdisabledbydefault.

Mode
Switchcommand,readwrite.

Examples
ThisexampleshowshowtoenableVLANauthenticationforallGigabitEthernetports:
B5(rw)-> set vlanauthorization enable ge.*.*

ThisexampleshowshowtodisableVLANauthenticationforallGigabitEthernetportsonswitch
unit/module 3:
B5(rw)-> set vlanauthorization disable ge.3.*

set vlanauthorization egress

ControlsthemodificationofthecurrentVLANegresslistof802.1xauthenticatedportsforthe
VLANsreturnedintheRADIUSauthorizationfilteridstring.

Syntax
set vlanauthorization egress {none | tagged | untagged} port-string

Parameters

22-50

none

Specifiesthatnoegressmanipulationwillbemade.

tagged

Specifiesthattheauthenticatingportwillbeaddedtothecurrenttagged
egressfortheVLANIDreturned.

untagged

Specifiesthattheauthenticatingportwillbeaddedtothecurrent
untaggedegressfortheVLANIDreturned(default).

portstring

Specifiesthattheportorlistofports.towhichthiscommandwillapply.
Foradetaileddescriptionofpossibleportstringvalues,refertoPort
StringSyntaxUsedintheCLIonpage 71.

Authentication and Authorization Configuration

clear vlanauthorization

Defaults
Bydefault,administrativeegressissettountagged.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoenabletheinsertionoftheRADIUSassignedVLANtoan802.1qtag
foralloutboundframesforports10through15onunit/modulenumber3.
B5(rw)->set vlanauthorization egress tagged ge.3.10-15

clear vlanauthorization
Usethiscommandtoreturnport(s)tothedefaultconfigurationofVLANauthorizationdisabled,
egressuntagged.

Syntax
clear vlanauthorization [port-string]

Parameters
portstring

(Optional)Specifieswhichportsaretoberestoredtodefault
configuration.Ifnoportstringisentered,theactionwillbeaglobal
setting.Foradetaileddescriptionofpossibleportstringvalues,referto
PortStringSyntaxUsedintheCLIonpage 71.

Defaults
Ifnoportstringisentered,allportsawillberesettodefaultconfigurationwithVLAN
authorizationdisabledandegressframesuntagged.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowhowtoclearVLANauthorizationforallportsonslots3,4,and5:
B5(rw)->clear vlanauthorization ge.3-5.*

show vlanauthorization
DisplaystheVLANauthenticationstatusandconfigurationinformationforthespecifiedports.

Syntax
show vlanauthorization [port-string]

Enterasys B5 CLI Reference

22-51

Configuring Policy Maptable Response

Parameters
portstring

(Optional)DisplaysVLANauthenticationstatusforthespecifiedports.If
noportstringisentered,thentheglobalstatusofthesettingisdisplayed.
Foradetaileddescriptionofpossibleportstringvalues,refertoPort
StringSyntaxUsedintheCLIonpage 71.

Defaults
Ifnoportstringisentered,thestatusforallportswillbedisplayed.

Mode
Switchcommand,readonly.

Example
ThiscommandshowshowtodisplayVLANauthorizationstatusforge.1.1:
B5(su)->show vlanauthorization ge.1.1
Vlan Authorization: - enabled
port
status
administrative
operational
egress
egress
------- -------- -----------------------ge.1.1
enabled
untagged

authenticated
vlan id
mac address
----------------- -------

Table 225providesanexplanationofcommandoutput.Fordetailsonenablingandassigning
protocolandegressattributes,refertosetvlanauthorizationonpage 2250andset
vlanauthorizationegressonpage 2250.
Table 22-5

show vlanauthorization Output Details

Output Field

What It Displays...

port

Port identification

status

Port status as assigned by set vlanauthorization command

administrative
egress

Port status as assigned by the set vlanauthorization egress command

operational egress

Port operational status of vlanauthorization egress.

authenticated mac
address

If authentication has succeeded, displays the MAC address assigned for egress.

vlan id

If authentication has succeeded, displays the assigned VLAN id for ingress.

Configuring Policy Maptable Response

Thepolicymaptableresponsefeatureallowsyoutodefinehowthesystemshouldhandle
allowinganauthenticateduserontoaportbasedonthecontentsoftheRADIUSserverAccess
Acceptreply.Therearethreepossibleresponsesettings:tunnelmode,policymode,orbothtunnel
andpolicy,alsoknownashybridauthenticationmode.
Whenthemaptableresponseissettotunnelmode,thesystemwillusethetunnelattributesinthe
RADIUSreplytoapplyaVLANtotheauthenticatinguserandwillignoreanyFilterIDattributes
intheRADIUSreply.Onthisplatform,whentunnelmodeisconfigured,noVLANtopolicy
mappingwilloccur.WhenusingVLANauthorization,thepolicymaptableresponseshouldbeset
totunnel(seeConfiguringVLANAuthorization(RFC3580)onpage 2249).

22-52

Authentication and Authorization Configuration

Configuring Policy Maptable Response

Whenthemaptableresponseissettopolicymode,thesystemwillusetheFilterIDattributesin
theRADIUSreplytoapplyapolicytotheauthenticatinguserandwillignoreanytunnel
attributesintheRADIUSreply.Onthisplatform,whenpolicymodeisconfigured,noVLANto
policymappingwilloccur.
Whenthemaptableresponseissettoboth,orhybridauthenticationmode,bothFilterID
attributes(dynamicpolicyassignment)andtunnelattributes(dynamicVLANassignment)sentin
RADIUSserverAccessAcceptrepliesareusedtodeterminehowtheswitchshouldhandle
authenticatingusers.Onthisplatform,whenhybridauthenticationmodeisconfigured,VLANto
policymappingcanoccur,asdescribedbelowinWhenPolicyMaptableResponseisBothon
page 2253.
UsinghybridauthenticationmodeeliminatesthedependencyonhavingtoassignVLANs
throughpolicyrolesVLANscanbeassignedbymeansofthetunnelattributeswhilepolicy
rolescanbeassignedbymeansoftheFilterIDattributes.Alternatively,VLANtopolicymapping
canbeusedtomappoliciestousersusingtheVLANspecifiedbythetunnelattributes,without
havingtoconfigureFilterIDattributesontheRADIUSserver.Thisseparationgives
administratorsmoreflexibilityinsegmentingtheirnetworksbeyondtheplatformshardware
policyrolelimits.
RefertoRADIUSFilterIDAttributeandDynamicPolicyProfileAssignmentonpage 223for
moreinformationaboutFilterIDattributesandConfiguringVLANAuthorization(RFC3580)
onpage 2249formoreinformationabouttunnelattributes.

Operational Description
When Policy Maptable Response is Both
HybridauthenticationmodeusesbothFilterIDattributesandtunnelattributes.Toenablehybrid
authenticationmode,usethesetpolicymaptablecommandandsettheresponseparameterto
both.Whenconfiguredtousebothsetsofattributes:

IfboththeFilterIDandtunnelattributesarepresentintheRADIUSreply,thenthepolicy
profilespecifiedbytheFilterIDisappliedtotheauthenticatinguser,andifVLAN
authorizationisenabledgloballyandontheauthenticatingusersport,theVLANspecifiedby
thetunnelattributesisappliedtotheauthenticatinguser.
IfVLANauthorizationisnotenabled,theVLANspecifiedbythepolicyprofileisapplied.See
ConfiguringVLANAuthorization(RFC3580)onpage 2249forinformationaboutenabling
VLANauthorizationgloballyandonspecificports.

IftheFilterIDattributesarepresentbutthetunnelattributesarenotpresent,thepolicy
profilespecifiedbytheFilterIDisapplied,alongwiththeVLANspecifiedbythepolicy
profile.

IfthetunnelattributesarepresentbuttheFilterIDattributesarenotpresentorareinvalid,
andifVLANauthorizationisenabledgloballyandontheauthenticatingusersport,thenthe
switchwillchecktheVLANtopolicymappingtable(configuredwiththesetpolicy
maptablecommand):

IfanentrymappingthereceivedVLANIDtoavalidpolicyprofileisfound,thenthat
policyprofile,alongwiththeVLANspecifiedbythepolicyprofile,willbeappliedtothe
authenticatinguser.

Ifnomatchingmappingtableentryisfound,theVLANspecifiedbythetunnelattributes
willbeappliedtotheauthenticatinguser.

IftheVLANtopolicymappingtableisinvalid,thenthe
etsysPolicyRFC3580MapInvalidMappingMIBisincrementedandtheVLANspecifiedby
thetunnelattributeswillbeappliedtotheauthenticatinguser.
Enterasys B5 CLI Reference

22-53

show policy maptable

IfVLANauthorizationisnotenabled,thetunnelattributesareignored.

When Policy Maptable Response is Policy

WhentheswitchisconfiguredtouseonlyFilterIDattributes,bysettingthesetpolicymaptable
commandresponseparametertopolicy:

IftheFilterIDattributesarepresent,thespecifiedpolicyprofilewillbeappliedtothe
authenticatinguser.IfnoFilterIDattributesarepresent,orifthepolicyIDisunknownor
invalid,thedefaultpolicy(ifitexists)willbeapplied.

Ifthetunnelattributesarepresent,theyareignored.NoVLANtopolicymappingwilloccur.

Onswitchesthatsupportpolicy,thedefaultmaptableresponsemodeispolicy.Onswitchesthat
donotsupportpolicy,thedefaultmaptableresponsemodeistunnel.

When Policy Maptable Response is Tunnel

Whentheswitchisconfiguredtouseonlytunnelattributes,bysettingthesetpolicymaptable
commandresponseparametertotunnel,andifVLANauthorizationisenabledbothgloballyand
ontheauthenticatingusersport:

Ifthetunnelattributesarepresent,thespecifiedVLANwillbeappliedtotheauthenticating
user.NoVLANtopolicymappingwilloccur.

Ifthetunnelattributesarenotpresent,thedefaultpolicyVLANwillbeappliedifitexists.
Otherwise,theportVLANwillbeapplied.

IftheFilterIDattributesarepresent,theyareignored.

IfVLANauthorizationisnotenabled,theuserwillbeallowedontotheportwiththedefault
policy,ifitexists.Ifnodefaultpolicyexists,theportVLANwillbeapplied.
Onswitchesthatsupportpolicy,thedefaultmaptableresponsemodeispolicy.Onswitchesthat
donotsupportpolicy,thedefaultmaptableresponsemodeistunnel.

Commands
For information about...

Refer to page...

show policy maptable

22-54

set policy maptable

22-55

clear policy maptable

22-56

show policy maptable

UsethiscommandtodisplayinformationaboutthecurrentVLANtopolicymappingtableand
theswitchspolicymaptableresponsesetting.

Syntax
show policy maptable [vlan-list]

Parameters
vlanlist

22-54

(Optional)SpecifiestheVLANorlistofVLANsforwhichtodisplaythe
VLANtopolicysettings.

Authentication and Authorization Configuration

set policy maptable

Defaults
IfnoVLANlistisspecified,allentriesintheVLANtopolicymappingtablearedisplayed.

Mode
Switchcommand,readonly.

Usage
Thiscommanddisplaysboththepolicymaptableresponsesetting,andtheentriesintheVLAN
topolicymappingtableforoneormultipleVLANs.RefertoOperationalDescriptionon
page 2253forinformationabouthowtheVLANtopolicymappingtableisused.

Example
ThisexampleshowshowtodisplaythepolicymaptableresponseandalltheentriesintheVLAN
topolicymappingtable.Inthisexample,hybridauthenticationmodeisenabled(becausethe
policymaptableresponseisboth).
B5(rw)->show policy maptable
Policy map response
: both
Policy map last change : 1 days 00:23:57
VLAN ID
144
160

Policy Profile
4
7

(Students)
(Faculty)

set policy maptable

UsethiscommandtoconfiguretheVLANtopolicymappingtableandalsotheswitchsmaptable
responsesettingthatis,whethertheswitchisintunnelmode,policymode,orhybrid
authenticationmode.

Syntax
set policy maptable {vlan-list policy-index | response {both | policy | tunnel}}

Parameters
vlanlistpolicyindex

SpecifiesanentryintheVLANtopolicymappingtable,whichrelatesa
policyprofilewithaVLANIDorrangeofIDs.vlanlistcanrangefrom1
to4093.policyindexcanrangefrom1to1023.

response

Indicatesthatthiscommandisconfiguringthepolicymaptable
response.

both

SetsthemaptableresponsetolookatboththeFilterIDandtunnel
attributesinaRADIUSAccessAcceptreplytodeterminehowto
handleanauthenticatinguser.Thisisequivalenttoenablinghybrid
authenticationmode.

policy

Setsthemaptableresponsetopolicymode.Thesystemwilllookatonly
theFilterIDattributesinaRADIUSAccessAcceptreplytodetermine
howtohandleanauthenticatinguser.

tunnel

Setsthemaptableresponsetotunnelmode.Thesystemwilllookat
onlythetunnelattributesinaRADIUSAccessAcceptreplyto
determinehowtohandleanauthenticatinguser.

Enterasys B5 CLI Reference

22-55

clear policy maptable

Defaults
Nomappingtableentriesareconfigured.
Thedefaultpolicymaptableresponsesettingispolicymode.

Mode
Switchcommand,readwrite.

Usage
ThiscommandcanbeusedtocreateentriesintheVLANtopolicymappingtableandalsotoset
theswitchsmaptableresponse.RefertoOperationalDescriptiononpage 2253formore
informationabouttheswitchsoperationsforallmaptableresponseparameters.
WhenyouareusingVLANauthorizationfordynamicVLANassignment,youshouldsetthe
policymaptableresponsetotunnel.SeeConfiguringVLANAuthorization(RFC3580)on
page 2249.

Examples
Thisexampleshowshowtosetthepolicymaptableresponsetoboth,orhybridauthentication
mode:
B5(rw)->set policy maptable response both

ThisexampleshowshowtoconfigureapolicymappingentrythatwillmapVLAN144topolicy
profile4.
B5(rw)->set policy maptable 144 4

clear policy maptable

UsethiscommandtoclearaVLANtopolicymappingtableentryortoresetthemaptable
responsetothedefaultvalueofpolicymode.

Syntax
clear policy maptable {vlan-list | response}

Parameters
vlanlist

ClearsthepolicyprofilemappingforthespecifiedVLANIDorrangeof
VLANs.

response

Resetsthemaptableresponsetopolicy.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
ThiscommandcanbeusedtoremoveanentryintheVLANtopolicymappingtableortochange
themaptableresponsebacktothedefaultvalueofpolicymode.

22-56

Authentication and Authorization Configuration

Configuring MAC Locking

Example
ThisexampleremovestheentryinthemappingtableforVLAN144.
B5(rw)->show policy maptable
Policy map response
: both
Policy map last change : 1 days 17:23:57
VLAN ID
144
160

Policy Profile
4
7

(Students)
(Faculty)

B5(rw)->clear policy maptable 144

B5(rw)->show policy maptable
Policy map response
: both
Policy map last change : 1 days 17:24:01
VLAN ID
160

Policy Profile
7

(Faculty)

Configuring MAC Locking

ThisfeaturelocksaMACaddresstooneormoreports,preventingconnectionofunauthorized
devicesthroughtheport(s).WhensourceMACaddressesarereceivedonspecifiedports,the
switchdiscardsallsubsequentframesnotcontainingtheconfiguredsourceaddresses.Theonly
framesforwardedonalockedportarethosewiththelockedMACaddress(es)forthatport.
TherearetwomethodsoflockingaMACtoaport:firstarrivalandstatic.Thefirstarrivalmethod
isdefinedtobelockingthefirstnnumberofMACswhicharriveonaportconfiguredwithMAC
lockingenabled.Thevaluenisconfiguredwiththesetmaclockfirstarrivalcommand.
ThestaticmethodisdefinedtobestaticallyprovisioningaMACportlockusingthesetmaclock
command.ThemaximumnumberofstaticMACaddressesallowedforMAClockingonaport
canbeconfiguredwiththesetmaclockstaticcommand.
YoucanconfiguretheswitchtoissueaviolationtrapifapacketarriveswithasourceMAC
addressdifferentfromanyofthecurrentlylockedMACaddressesforthatport.
MACsareunlockedasaresultof:

Alinkdownevent

WhenMAClockingisdisabledonaport

WhenaMACisagedoutoftheforwardingdatabasewhenFirstArrivalagingisenabled

Whenproperlyconfigured,MAClockingisanexcellentsecuritytoolasitpreventsMACspoofing
onconfiguredports.AlsoifaMACweretobesecuredbysomethinglikeDragonDynamic
IntrusionDetection,MAClockingwouldmakeitmoredifficultforahackertosendpacketsinto
thenetworkbecausethehackerwouldhavetochangetheirMACaddressandmovetoanother
port.Inthemeantimethesystemadministratorwouldbereceivingamaclocktrapnotification.

Purpose
Toreview,disable,enable,andconfigureMAClocking.

Enterasys B5 CLI Reference

22-57

show maclock

Commands
For information about...

Refer to page...

show maclock

22-58

show maclock stations

22-59

set maclock enable

22-60

set maclock disable

22-61

set maclock

22-61

clear maclock

22-62

set maclock static

22-63

clear maclock static

22-63

set maclock firstarrival

22-64

clear maclock firstarrival

22-65

set maclock agefirstarrival

22-65

clear maclock agefirstarrival

22-66

set maclock move

22-66

set maclock trap

22-67

show maclock
UsethiscommandtodisplaythestatusofMAClockingononeormoreports.

Syntax
show maclock [port-string]

Parameters
portstring

(Optional)DisplaysMAClockingstatusforspecifiedport(s).Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.

Defaults
Ifportstringisnotspecified,MAClockingstatuswillbedisplayedforallports.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayMAClockinginformationforge.1.1.
B5(su)->show maclock ge.1.1
MAC locking is globally enabled
Port
Number

22-58

Port
Status

Trap
Status

Authentication and Authorization Configuration

Aging
Status

Max Static
Allocated

Max FirstArrival
Allocated

Last Violating
MAC Address

show maclock stations

------ge.1.1

------- -------- ------enabled disabled enabled

---------- --------------- --------------20

1
00:a0:c9:39:5c:b4

Table 226providesanexplanationofthecommandoutput.
Table 22-6

show maclock Output Details

Output Field

What It Displays...

Port Number

Port designation. For a detailed description of possible port-string values, refer to

Port String Syntax Used in the CLI on page 7-1.

Port Status

Whether MAC locking is enabled or disabled on the port. MAC locking is globally
disabled by default. For details on enabling MAC locking on the switch and on one or
more ports, refer to set maclock enable on page 22-60 and set maclock on
page 22-61.

Trap Status

Whether MAC lock trap messaging is enabled or disabled on the port. For details
on setting this status, refer to set maclock trap on page 22-67.

Aging Status

Whether aging of FirstArrival MAC addresses is enabled or disabled on the port.

Refer to set maclock agefirstarrival on page 22-65.

Max Static Allocated

The maximum static MAC addresses allowed locked to the port. For details on
setting this value, refer to set maclock static on page 22-63.

Max FirstArrival
Allocated

The maximum end station MAC addresses allowed locked to the port. For details on
setting this value, refer to set maclock firstarrival on page 22-64.

Last Violating MAC

Address

Most recent MAC address(es) violating the maximum static and first arrival value(s)
set for the port.

show maclock stations

UsethiscommandtodisplayMAClockinginformationaboutendstationsconnectedtothe
switch.

Syntax
show maclock stations [firstarrival | static] [port-string]

Parameters
firstarrival

(Optional)DisplaysMAClockinginformationaboutendstationsfirst
connectedtoMAClockedports.

static

(Optional)DisplaysMAClockinginformationaboutstatic(management
defined)endstationsconnectedtoMAClockedports.

portstring

(Optional)Displaysendstationinformationforspecifiedport(s).Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.

Defaults
Ifnoparametersarespecified,MAClockinginformationwillbedisplayedforallendstations.

Mode
Switchcommand,readonly.

Enterasys B5 CLI Reference

22-59

set maclock enable

Example
ThisexampleshowshowtodisplayMAClockinginformationfortheendstationsconnectedtoall
GigabitEthernetportsinunit/module2:
B5(su)->show maclock stations ge.2.*
Port Number MAC Address
Status
------------ -----------------------------ge.2.1
00:a0:c9:39:5c:b4
active
ge.2.7
00:a0:c9:39:1f:11
active

State
-------------first arrival
static

Aging
----true
false

Table 227providesanexplanationofthecommandoutput.
Table 22-7

show maclock stations Output Details

Output Field

What It Displays...

Port Number

Port designation. For a detailed description of possible port-string values, refer to

Port String Syntax Used in the CLI on page 7-1.

MAC address

MAC address of the end station(s) locked to the port.

Status

Whether the end stations are active or inactive.

State

Whether the end station locked to the port is a first arrival or static connection.

Aging

When true, FirstArrival MACs that have aged out of the forwarding database will be
removed for the associated port lock.

set maclock enable

UsethiscommandtoenableMAClockinggloballyorononeormoreports.

Note: MAC locking needs to be enabled globally and on appropriate ports for it to function.

Syntax
setmaclockenable[portstring]

Parameters
portstring

(Optional)EnablesMAClockingonspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 71.

Defaults
Ifportstringisnotspecified,MAClockingwillbeenabledglobally.

Mode
Switchcommand,readwrite.

Usage
Whenenabledandconfigured,MAClockingdefineswhichMACaddresses,aswellashowmany
MACaddressesarepermittedtousespecificport(s).
22-60

Authentication and Authorization Configuration

set maclock disable

MAClockingisdisabledbydefaultatdevicestartup.ConfiguringoneormoreportsforMAC
lockingrequiresgloballyenablingitonthedeviceandthenenablingitonthedesiredports.

Example
ThisexampleshowshowtoenableMAClockingonge.2.3:
B5(su)->set maclock enable ge.2.3

set maclock disable

UsethiscommandtodisableMAClockinggloballyorononeormoreports.

Syntax
set maclock disable [port-string]

Parameters
portstring

(Optional)DisablesMAClockingonspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 71.

Defaults
Ifportstringisnotspecified,MAClockingwillbedisabledgloballyontheswitch.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtodisableMAClockingonge.2.3:
B5(su)->set maclock disable ge.2.3

set maclock
UsethiscommandtocreateastaticMACaddresstoportlocking,andtoenableordisableMAC
lockingforthespecifiedMACaddressandport.

Syntax
set maclock mac-address port-string {create | enable | disable}

Parameters
macaddress

SpecifiestheMACaddressforwhichMAClockingwillbecreated,
enabledordisabled.

portstring

Specifiestheportonwhichtocreate,enableordisableMAClockingfor
thespecifiedMAC.Foradetaileddescriptionofpossibleportstring
values,refertoPortStringSyntaxUsedintheCLIonpage 71.

Enterasys B5 CLI Reference

22-61

clear maclock

create

EstablishesaMAClockingassociationbetweenthespecifiedMAC
addressandport.CreateautomaticallyenablesMAClockingbetweenthe
specifiedMACaddressandport.

enable|disable

EnablesordisablesMAClockingbetweenthespecifiedMACaddressand
port.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
ConfiguringaportforMAClockingrequiresgloballyenablingitontheswitchfirstusingtheset
maclockenablecommandasdescribedinsetmaclockenableonpage 2260.
StaticMAClockingauseronmultipleportsisnotsupported.
StaticallyMAClockedaddresseswilldisplayintheshowmacoutput(asdescribedonpage1422)
asaddresstypeotherandwillnotremovethemonlinkdown.

Example
ThisexampleshowshowtocreateaMAClockingassociationbetweenMACaddress0e03efd8
4455andportge.3.2:
B5(rw)->set maclock 0e-03-ef-d8-44-55 ge.3.2 create

clear maclock
UsethiscommandtoremoveastaticMACaddresstoportlockingentry.

Syntax
clear maclock mac-address port-string

Parameters
macaddress

SpecifiestheMACaddressthatwillberemovedfromthelistofstatic
MACsallowedtocommunicateontheport.

portstring

SpecifiestheportonwhichtocleartheMACaddress.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 71.

Defaults
None.

Mode
Switchcommand,readwrite.

22-62

Authentication and Authorization Configuration

set maclock static

Usage
TheMACaddressthatisclearedwillnolongerbeabletocommunicateontheportunlessthefirst
arrivallimithasbeensettoavaluegreaterthan0andthislimithasnotyetbeenmet.
Forexample,ifuserBsMACisremovedfromthestaticMACaddresslistandthefirstarrival
limithasbeensetto0,thenuserBwillnotbeabletocommunicateontheport.IfuserAsMACis
removedfromthestaticMACaddresslistandthefirstarrivallimithasbeensetto10,butonlyhas
7entries,userAwillbecomethe8thentryandallowedtocommunicateontheport.

Example
ThisexampleshowshowtoremoveaMACfromthelistofstaticMACsallowedtocommunicate
onportge.3.2:
B5(rw)->clear maclock 0e-03-ef-d8-44-55 ge.3.2

set maclock static

UsethiscommandtosetthemaximumnumberofstaticMACaddressesallowedperport.Static
MACsareadministrativelydefined.

Syntax
set maclock static port-string value

Parameters
portstring

SpecifiestheportonwhichtosetthemaximumnumberofstaticMACs
allowed.Foradetaileddescriptionofpossibleportstringvalues,referto
PortStringSyntaxUsedintheCLIonpage 71.

value

SpecifiesthemaximumnumberofstaticMACaddressesallowedper
port.Validvaluesare0to20.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtosetthemaximumnumberofallowablestaticMACsto2onge.3.1:
B5(rw)->set maclock static ge.3.1 2

clear maclock static

UsethiscommandtoresetthenumberofstaticMACaddressesallowedperporttothedefault
valueof20.

Syntax
clear maclock static port-string

Enterasys B5 CLI Reference

22-63

set maclock firstarrival

Parameters
portstring

SpecifiestheportonwhichtoresetnumberofstaticMACaddresses
allowed.Foradetaileddescriptionofpossibleportstringvalues,referto
PortStringSyntaxUsedintheCLIonpage 71.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoresetthenumberofallowablestaticMACsonge.2.3:
B5(rw)->clear maclock static ge.2.3

set maclock firstarrival

UsethiscommandtorestrictMAClockingonaporttoamaximumnumberofendstation
addressesfirstconnectedtothatport.

Syntax
set maclock firstarrival port-string value

Parameters
portstring

SpecifiestheportonwhichtolimitMAClocking.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 71.

value

SpecifiesthenumberoffirstarrivalendstationMACaddressestobe
allowedconnectionstotheport.Validvaluesare0to600.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
Themaclockfirstarrivalcountresetswhenthelinkgoesdown.Thisfeatureisbeneficialifyou
haveroamingusersthefirstarrivalcountwillbereseteverytimeausermovestoanotherport,
butwillstillprotectagainstconnectingmultipledevicesonasingleportandwillprotectagainst
MACaddressspoofing.
Note: Setting a ports first arrival limit to 0 does not deny the first MAC address learned on the port
from passing traffic.

22-64

Authentication and Authorization Configuration

clear maclock firstarrival

Example
ThisexampleshowshowtorestrictMAClockingto6MACaddressesonge.2.3:
B5(su)->set maclock firstarrival ge.2.3 6

clear maclock firstarrival

UsethiscommandtoresetthenumberoffirstarrivalMACaddressesallowedperporttothe
defaultvalueof600.

Syntax
clear maclock firstarrival port-string

Parameters
portstring

Specifiestheportonwhichtoresetthefirstarrivalvalue.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 71.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoresetMACfirstarrivalsonge.2.3:
B5(su)->clear maclock firstarrival ge.2.3

set maclock agefirstarrival

UsethiscommandtoenableordisabletheagingoffirstarrivalMACaddresses.Whenenabled,
firstarrivalMACaddressesthatareagedoutoftheforwardingdatabasewillberemovedfromthe
associatedportMAClock.

Syntax
set maclock agefirstarrival port-string {enable | disable}

Parameters
portstring

Specifiestheport(s)onwhichtoenableordisablefirstarrivalaging.For
adetaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.

enable|disable

Enableordisablefirstarrivalaging.Bydefault,firstarrivalagingis
disabled.

Defaults
None.

Enterasys B5 CLI Reference

22-65

clear maclock agefirstarrival

Mode
Switchmode,readwrite.

Example
Thisexampleenablesfirstarrivalagingonportge.1.1.
B5(su)-> set maclock agefirstarrival ge.1.1 enable

clear maclock agefirstarrival

Usethiscommandtoresetfirstarrivalagingononeormoreportstoitsdefaultstateofdisabled.

Syntax
clear maclock agefirstarrival port-string

Parameters
portstring

Specifiestheport(s)onwhichtodisablefirstarrivalaging.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.

Defaults
None.

Mode
Switchmode,readwrite.

Example
Thisexampledisablesfirstarrivalagingonportge.1.1.
B5(su)-> clear maclock agefirstarrival ge.1.1 enable

set maclock move

UsethiscommandtomoveallcurrentfirstarrivalMACstostaticentries.

Syntax
set maclock move port-string

Parameters
portstring

SpecifiestheportonwhichMACwillbemovedfromfirstarrivalMACs
tostaticentries.Foradetaileddescriptionofpossibleportstringvalues,
refertoPortStringSyntaxUsedintheCLIonpage 71.

Defaults
None.

22-66

Authentication and Authorization Configuration

set maclock trap

Mode
Switchcommand,readwrite.

Usage
IftherearemorefirstarrivalMACsthantheallowedmaximumstaticMACs,thenonlythelatest
firstarrivalMACswillbemovedtostaticentries.Forexample,ifyousetthemaximumnumberof
staticMACsto2withthesetmaclockstaticcommand,andthenexecutedthesetmaclockmove
command,eventhoughtherewerefiveMACsinthefirstarrivaltable,onlythetwomostrecent
MACentrieswouldbemovedtostaticentries.

Example
ThisexampleshowshowtomoveallcurrentfirstarrivalMACstostaticentriesonportsge.3.140:
B5(rw)->set maclock move ge.3.1-40

set maclock trap

UsethiscommandtoenableordisableMAClocktrapmessaging.

Syntax
set maclock trap port-string {enable | disable}

Parameters
portstring

SpecifiestheportonwhichMAClocktrapmessagingwillbeenabledor
disabled.Foradetaileddescriptionofpossibleportstringvalues,referto
PortStringSyntaxUsedintheCLIonpage 71.

enable|disable

EnablesordisablesMAClocktrapmessaging.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
Whenenabled,thisfeatureauthorizestheswitchtosendanSNMPtrapmessageifanendstation
isconnectedthatexceedsthemaximumvaluesconfiguredusingthesetmaclockfirstarrivaland
setmaclockstaticcommands.ViolatingMACaddressesaredroppedfromthedevices(orstacks)
filteringdatabase.

Example
ThisexampleshowshowtoenableMAClocktrapmessagingonge.2.3:
B5(su)->set maclock trap ge.2.3 enable

Enterasys B5 CLI Reference

22-67

Configuring Port Web Authentication (PWA)

About PWA
PWAprovidesawayofauthenticatingusersthroughaWebportalbeforeallowinggeneralaccess
tothenetwork.
TologonusingPWA,theusermakesarequestthroughawebbrowserforthePWAwebpageoris
automaticallyredirectedtothisloginpageafterrequestingaURLinabrowser.
Dependingupontheauthenticatedstateoftheuser,aloginpageoralogoutpagewilldisplay.
Whenausersubmitsusernameandpassword,theswitchthenauthenticatestheuserviaa
preconfiguredRADIUSserver.Iftheloginissuccessful,thentheuserwillbegrantedfullnetwork
accessaccordingtotheuserspolicyconfigurationontheswitch.

Purpose
Toreview,enable,disable,andconfigurePortWebAuthentication(PWA).

Commands
For information about...

22-68

Refer to page...

show pwa

22-69

set pwa

22-70

show pwa banner

22-71

set pwa banner

22-71

clear pwa banner

22-72

set pwa displaylogo

22-72

set pwa ipaddress

22-73

set pwa guestname

22-74

clear pwa guestname

22-74

set pwa guestpassword

22-75

set pwa gueststatus

22-75

set pwa initialize

22-76

set pwa quietperiod

22-76

set pwa maxrequest

22-77

set pwa portcontrol

22-77

show pwa session

22-78

set pwa enhancedmode

22-79

Authentication and Authorization Configuration

show pwa

show pwa
Usethiscommandtodisplayportwebauthenticationinformationforoneormoreports.

Syntax
show pwa [port-string]

Parameters
portstring

(Optional)DisplaysPWAinformationforspecificport(s).

Defaults
Ifportstringisnotspecified,PWAinformationwillbedisplayedforallports.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayPWAinformationforge.2.1:
B5(su)->show pwa ge.2.1
PWA Status
PWA IP Address
PWA Protocol
PWA Enhanced Mode
PWA Logo
PWA Guest Networking Status
PWA Guest Name
PWA Redirect Time
Port
Mode
-------- ---------------ge.2.1
disabled

enabled
192.168.62.99
PAP
N/A
enabled
disabled
guest
N/A

AuthStatus
-------------disconnected

QuietPeriod
----------60

MaxReq
--------16

Table 228providesanexplanationofthecommandoutput.
Table 22-8

show pwa Output Details

Output Field

What It Displays...

PWA Status

Whether or not port web authentication is enabled or disabled. Default state of

disabled can be changed using the set pwa command as described in set pwa on
page 22-70.

PWA IP Address

IP address of the end station from which PWA will prevent network access until the
user is authenticated. Set using the set pwa ipaddress command as described in
set pwa ipaddress on page 22-73.

PWA Protocol

Whether PWA protocol is CHAP or PAP. .

PWA Enhanced
Mode

Whether PWA enhanced mode is enabled or disabled. Default state of disabled can
be changed using the set pwa enhancedmode command as described in set pwa
enhancedmode on page 22-79.

PWA Logo

Whether the Enterasys logo will be displayed or hidden at user login. Default state of
enabled (displayed) can be changed using the set pwa displaylogo command as
described in set pwa displaylogo on page 22-72.

Enterasys B5 CLI Reference

22-69

set pwa

Table 22-8

show pwa Output Details (Continued)

Output Field

What It Displays...

PWA Guest
Networking Status

Whether PWA guest user status is disabled or enabled with RADIUS or no

authentication. Default state of disabled can be changed using the set pwa
gueststatus command as described in set pwa gueststatus on page 22-75.

PWA Guest Name

Guest user name for PWA enhanced mode networking. Default value of guest can
be changed using the set pwa guestname command as described in set pwa
guestname on page 22-74.

PWA Guest
Password

Guest users password. Default value of an empty string can be changed using the
set pwa guestpassword command as described in set pwa guestpassword on
page 22-75.

PWA Redirect Time

Time in seconds after login success before the user is redirected to the PWA home
page.

Port

PWA port designation.

Mode

Whether PWA is enabled or disabled on his port.

Auth Status

Whether or not the port state is disconnected, authenticating, authenticated, or held

(authentication has failed).

Quiet Period

Amount of time a port will be in the held state after a user unsuccessfully attempts to
log on to the network. Default value of 60 can be changed using the set pwa
quietperiod command as described in set pwa quietperiod on page 22-76.

MaxReq

Maximum number of log on attempts allowed before transitioning the port to a held
state. Default value of 2 can be changed using the set pwa maxrequests command
as described in set pwa maxrequest on page 22-77.

set pwa
Usethiscommandtoenableordisableportwebauthentication.

Syntax
set pwa {enable | disable}

Parameters
enable|disable

Enablesordisablesportwebauthentication.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoenableportwebauthentication:
B5(su)->set pwa enable

22-70

Authentication and Authorization Configuration

show pwa banner

Usethiscommandtodisplaytheportwebauthenticationloginbannerstring.

Syntax
show pwa banner

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaythePWAloginbanner:
B5(su)->show pwa banner
Welcome to Enterasys Networks

set pwa banner

UsethiscommandtoconfigureastringtobedisplayedasthePWAloginbanner.

Syntax
set pwa banner string

Parameters
string

SpecifiesthePWAloginbanner.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtosetthePWAloginbannertoWelcometoEnterasys Networks:
B5(su)->set pwa banner Welcome to Enterasys Networks

Enterasys B5 CLI Reference

22-71

clear pwa banner

UsethiscommandtoresetthePWAloginbannertoablankstring.

Syntax
clear pwa banner

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoresetthePWAloginbannertoablankstring
B5(su)->clear pwa banner

set pwa displaylogo

UsethiscommandtosetthedisplayoptionsfortheEnterasys Networkslogo.

Syntax
set pwa displaylogo {display | hide}

Parameters
display|hide

DisplaysorhidestheEnterasys NetworkslogowhenthePWAwebsite
displays.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtohidetheEnterasys Networkslogo:
B5(su)->set pwa displaylogo hide

22-72

Authentication and Authorization Configuration

set pwa ipaddress

UsethiscommandtosetthePWAIPaddress.ThisistheIPaddressoftheendstationfromwhich
PWAwillpreventnetworkaccessuntiltheuserisauthenticated.

Syntax
set pwa ipaddress ip-address

Parameters
ipaddress

SpecifiesagloballyuniqueIPaddress.Thissamevaluemustbe
configuredintoeveryauthenticatingswitchinthedomain.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtosetaPWAIPaddressof1.2.3.4:
B5(su)->set pwa ipaddress 1.2.3.4

set pwa protocol

Usethiscommandtosettheportwebauthenticationprotocol.

Syntax
set pwa protocol {chap | pap}

Parameters
chap|pap

SetsthePWAprotocolto:

CHAP(PPPChallengeHandshakeProtocol)encryptstheusername
andpasswordbetweentheendstationandtheswitchport.

PAP(PasswordAuthenticationProtocoldoesnotprovideany
encryptionbetweentheendstationandtheswitchport.Thisisthe
default.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtosetathePWAprotocoltoCHAP:
B5(su)->set pwa protocol chap
Enterasys B5 CLI Reference

22-73

set pwa guestname

UsethiscommandtosetaguestusernameforPWAnetworking.PWAwillusethisnametogrant
networkaccesstoguestswithoutestablishedloginnamesandpasswords.

Syntax
set pwa guestname name

Parameters
name

Specifiesaguestusername.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtosetthePWAguestusernametoguestuser:
B5(su)->set pwa guestname guestuser

clear pwa guestname

UsethiscommandtoclearthePWAguestusername.

Syntax
clear pwa guestname

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoclearthePWAguestusername
B5(su)->clear pwa guestname

22-74

Authentication and Authorization Configuration

set pwa guestpassword

UsethiscommandtosettheguestuserpasswordforPWAnetworking.

Syntax
set pwa guestpassword

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
PWAwillusethispasswordandtheguestusernametograntnetworkaccesstoguestswithout
establishedloginnamesandpasswords.

Example
ThisexampleshowshowtosetthePWAguestuserpasswordname:
B5(su)->set pwa guestpassword
Guest Password: *********
Retype Guest Password: *********

set pwa gueststatus

Usethiscommandtoenableordisableguestnetworkingforportwebauthentication.

Syntax
set pwa gueststatus {authnone | authradius | disable}

Parameters
authnone

Enablesguestnetworkingwithnoauthenticationmethod.

authradius

EnablesguestnetworkingwithRADIUSauthentication.Uponsuccessful
authenticationfromRADIUS,PWAwillapplythepolicyreturnedfrom
RADIUStothePWAport.

disable

Disablesguestnetworking.

Defaults
None.

Mode
Switchcommand,readwrite.

Enterasys B5 CLI Reference

22-75

set pwa initialize

Usage
PWAwilluseaguestpasswordandguestusernametograntnetworkaccesswithdefaultpolicy
privilegestouserswithoutestablishedloginnamesandpasswords.

Example
ThisexampleshowshowtoenablePWAguestnetworkingwithRADIUSauthentication:
B5(su)->set pwa guestnetworking authradius

set pwa initialize

UsethiscommandtoinitializeaPWAporttoitsdefaultunauthenticatedstate.

Syntax
set pwa initialize [port-string]

Parameters
portstring

(Optional)Initializesspecificport(s).Foradetaileddescriptionofpossible
portstringvalues,refertoPortStringSyntaxUsedintheCLIon
page 71.

Defaults
Ifportstringisnotspecified,allportswillbeinitialized.

Mode
Switchcommand,readwrite.

Example
Thisexampleshowshowtoinitializeportsge.1.57:
B5(su)->set pwa initialize ge.1.5-7

set pwa quietperiod

Usethiscommandtosettheamountoftimeaportwillremainintheheldstateafterauser
unsuccessfullyattemptstologontothenetwork.

Syntax
set pwa quietperiod time [port-string]

Parameters

22-76

time

Specifiesquiettimeinseconds.

portstring

(Optional)Setsthequietperiodforspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 71.

Authentication and Authorization Configuration

set pwa maxrequest

Defaults
Ifportstringisnotspecified,quietperiodwillbesetforallports.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtosetthePWAquietperiodto30secondsforportsge.1.57:
B5(su)->set pwa quietperiod 30 ge.1.5-7

set pwa maxrequest

Usethiscommandtosetthemaximumnumberoflogonattemptsallowedbeforetransitioning
thePWAporttoaheldstate.

Syntax
set pwa maxrequests requests [port-string]

Parameters
maxrequests

Specifiesthemaximumnumberoflogonattempts.

portstring

(Optional)Setsthemaximumrequestsforspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 71.

Defaults
Ifportstringisnotspecified,maximumrequestswillbesetforallports.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtosetthePWAmaximumrequeststo3forallports:
B5(su)->set pwa maxrequests 3

set pwa portcontrol

ThiscommandenablesordisablesPWAauthenticationonselectports.

Syntax
set pwa portcontrol {enable | disable} [port-string]

Enterasys B5 CLI Reference

22-77

show pwa session

Parameters
enable|disable

EnablesordisablesPWAonspecifiedports.

portstring

(Optional)Setsthecontrolmodeonspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 71.

Defaults
Ifportstringisnotspecified,PWAwillenabledonallports.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoenablePWAonports122:
B5(su)->set pwa portcontrol enable ge.1.1-22

show pwa session

UsethiscommandtodisplayinformationaboutcurrentPWAsessions.

Syntax
show pwa session [port-string]

Parameters
portstring

(Optional)DisplaysPWAsessioninformationforspecificport(s).Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 71.

Defaults
Ifportstringisnotspecified,sessioninformationforallportswillbedisplayed.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplayPWAsessioninformation:
B5(su)->show pwa session
Port
MAC
-------- ----------------ge.2.19 00-c0-4f-20-05-4b
ge.2.19 00-c0-4f-24-51-70
ge.2.19 00-00-f8-78-9c-a7

22-78

Authentication and Authorization Configuration

IP
--------------172.50.15.121
172.50.15.120
172.50.15.61

User
------------pwachap10
pwachap1
pwachap11

Duration
-----------0,14:46:55
0,15:43:30
0,14:47:58

Status
--------active
active
active

set pwa enhancedmode

ThiscommandenablesPWAURLredirection.TheswitchinterceptsallHTTPpacketsonport80
fromtheenduser,andsendstheenduserarefreshpagedestinedforthePWAIPAddress
configured.

Syntax
set pwa enhancedmode {enable | disable}

Parameters
enable|disable

EnablesordisablesPWAenhancedmode.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoenablePWAenhancedmode:
B5(su)->set pwa enhancedmode enable

Enterasys B5 CLI Reference

22-79

Configuring Secure Shell (SSH)

Purpose
Toreview,enable,disable,andconfiguretheSecureShell(SSH)protocol,whichprovidessecure
Telnet.TheswitchcansupportuptotwoconcurrentSSHsessions.

Commands
For information about...

Refer to page...

show ssh status

22-80

set ssh

22-80

set ssh hostkey

22-81

show ssh status

UsethiscommandtodisplaythecurrentstatusofSSHontheswitch.

Syntax
show ssh status

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
ThisexampleshowshowtodisplaySSHstatusontheswitch:
B5(su)->show ssh status
SSH Server status: Disabled

set ssh
Usethiscommandtoenable,disableorreinitializeSSHserverontheswitch.Bydefault,theSSH
serverisdisabled.TheswitchcansupportuptotwoconcurrentSSHsessions.

Syntax
set ssh {enable | disable | reinitialize}

22-80

Authentication and Authorization Configuration

set ssh hostkey

Parameters
enable|disable

EnablesordisablesSSH,orreinitializestheSSHserver.

reinitialize

ReinitializestheSSHserver.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtodisableSSH:
B5(su)->set ssh disable

set ssh hostkey

UsethiscommandtoreinitializenewSSHauthenticationkeys.

Syntax
set ssh hostkey reinitialize

Parameters
reinitialize

Reinitializestheserverhostauthenticationkeys.

Defaults
None

Mode
Switchcommand,readwrite.

Example
ThisexampleshowshowtoregenerateSSHkeys:
B5(su)->set ssh hostkey reinitialize

Enterasys B5 CLI Reference

22-81

Configuring Access Lists

Router: These commands can be executed when the device is in router mode only. For details
on how to enable router configuration modes, refer to Enabling Router Configuration Modes on
page 18-2.
Note: Refer to the Release Notes for your product for any limitations that may apply to access
control lists.

Purpose
Toreviewandconfiguresecurityaccesscontrollists(ACLs),whichpermitordenyaccessto
routinginterfacesbasedonprotocolandIPaddressrestrictions.

Commands
For information about...

Refer to page...

show access-lists

22-82

access-list (standard)

22-83

access-list (extended)

22-84

ip access-group

22-86

show access-lists
UsethiscommandtodisplayconfiguredIPaccesslistswhenoperatinginroutermode.

Syntax
show access-lists [number]

Parameters
accesslist
number

(Optional)Displaysaccesslistinformationforaspecificaccesslistnumber.
Validvaluesarebetween1and199.

Defaults
Ifnumberisnotspecified,theentiretableofaccesslistswillbedisplayed.

Mode
Anyroutermode.

Example
ThisexampleshowshowtodisplayIPaccesslistnumber145.Thisisanextendedaccesslist,
whichpermitsordeniesICMP,UDPandIPframesbasedonrestrictionsconfiguredwithoneof
theaccesslistcommands.Fordetailsonconfiguringstandardaccesslists,refertoaccesslist
(standard)onpage 2283.Fordetailsonconfiguringextendedaccesslists,refertoaccesslist
(extended)onpage 2284.

22-82

Authentication and Authorization Configuration

access-list (standard)

B5(su)->router#show access-lists 145

Extended IP access list 145
1: permit icmp host 88.255.255.254 any
2: permit icmp any host 11.11.16.16
3: deny icmp any any
4: permit tcp host 88.255.255.254 any eq 22
5: permit udp 88.255.128.0 0.0.127.255 eq 161 any
6: permit tcp any host 230.10.230.10 eq 1234
7: deny tcp any any eq 23
8: permit ip 88.255.128.0 0.0.127.255 any
9: deny ip any 224.0.0.0 31.0.0.0

access-list (standard)
UsethiscommandtodefineastandardIPaccesslistbynumberwhenoperatinginroutermode.
Thenoformofthiscommandremovesthedefinedaccesslistorentry.

Syntax
To create an ACL entry:
access-list access-list-number {deny | permit} source [source-wildcard]
no access-list access-list-number [entryno [entryno]]

To insert or replace an ACL entry:

access-list access-list-number insert | replace entryno {deny | permit} source
[source-wildcard]

To move entries within an ACL:

access-list access-list-number move destination source1 [source2]

Parameters
accesslistnumber
[entryno[entryno]]

Specifiesastandardaccesslistnumber.Validvaluesarefrom1to99.
Whenusingthenoaccesslistcommand,youcandeleteawholeaccesslist,
oronlyspecificentriesinthelistwiththeoptionalentrynoparameter.
Specifyarangeofentriesbyenteringthestartandendentrynumbers.

deny|permit

Deniesorpermitsaccessifspecifiedconditionsaremet.

source

Specifiesthenetworkorhostfromwhichthepacketwillbesent.Valid
optionsforexpressingsourceare:

sourcewildcard

IPaddressorrangeofaddresses(A.B.C.D)

anyAnysourcehost

hostsourceIPaddressofasinglesourcehost

(Optional)Specifiesthebitstoignoreinthesourceaddress.

Enterasys B5 CLI Reference

22-83

access-list (extended)

insert|replace
entryno

(Optional)InsertsthisnewentrybeforeaspecifiedentryinanexistingACL,
orreplacesaspecifiedentrywiththisnewentry.

movedestination
source1source2

(Optional)Movesasequenceofaccesslistentriesbeforeanotherentry.
Destinationisthenumberoftheexistingentrybeforewhichthisnewentry
willbemoved.Source1isasingleentrynumberorthefirstentrynumberin
therangetobemoved.Source2(optional)isthelastentrynumberinthe
rangetobemoved.Ifsource2isnotspecified,onlythesource1entrywillbe
moved.

Defaults
Ifinsert,replaceormovearenotspecified,thenewentrywillbeappendedtotheaccesslist.
Ifsource2isnotspecifiedwithmove,onlyoneentrywillbemoved.

Mode
Globalconfiguration:B5(su)>router(Config)#

Usage
ValidaccesslistnumbersforstandardACLsare1to99.ForextendedACLs,validvaluesare100
to199.
Accesslistsareappliedtointerfacesbyusingthe ipaccessgroupcommand(page2286).
Allaccesslistshaveanimplicitdenyanyanystatmentastheirlastentry.

Examples
Thisexampleshowshowtocreateaccesslist1withthreeentriesthatallowaccesstoonlythose
hostsonthethreespecifiednetworks.Thewildcardbitsapplytothehostportionsofthenetwork
addresses.Anyhostwithasourceaddressthatdoesnotmatchtheaccesslistentrieswillbe
rejected:
B5(su)->router(Config)#access-list 1 permit 192.5.34.0 0.0.0.255
B5(su)->router(Config)#access-list 1 permit 128.88.0.0 0.0.255.255
B5(su)->router(Config)#access-list 1 permit 36.0.0.0 0.255.255.255

Thisexamplemovesentry16tothebeginningofACL22:
B5(su)->router(Config)#access-list 22 move 1 16

access-list (extended)
UsethiscommandtodefineanextendedIPaccesslistbynumberwhenoperatinginroutermode.
Thenoformofthiscommandremovesthedefinedaccesslistorentry:

Syntax
To create an extended ACL entry:
access-list access-list-number {deny | permit} protocol source [source-wildcard]
[eq port] destination [destination-wildcard] [eq port]
no access-list access-list-number [entryno [entryno]]

To insert or replace an ACL entry:

access-list access-list-number insert | replace entryno {deny | permit} protocol
source [source-wildcard] [eq port] destination [destination-wildcard] [eq port]

22-84

Authentication and Authorization Configuration

access-list (extended)

To move entries within an ACL:

access-list access-list-number move destination source1 [source2]

Parameters
accesslistnumber
[entryno[entryno]]

Specifiesanextendedaccesslistnumber.Validvaluesarefrom100to199.

deny|permit

Deniesorpermitsaccessifspecifiedconditionsaremet.

protocol

SpecifiesanIPprotocolforwhichtodenyorpermitaccess.Validvalues
andtheircorrespondingprotocolsare:

source

Whenusingthenoaccesslistcommand,youcandeleteawholeaccesslist,
oronlyspecificentriesinthelistwiththeoptionalentrynoparameter.
Specifyarangeofentriesbyenteringthestartandendentrynumbers.

ipAnyInternetprotocol

udpUserDatagramProtocol

tcpTransmissionControlProtocol

icmpInternetControlMessageProtocol

Specifiesthenetworkorhostfromwhichthepacketwillbesent.Valid
optionsforexpressingsourceare:

IPaddressorrangeofaddresses(A.B.C.D)

anyAnysourcehost

hostsourceIPaddressofasinglesourcehost

sourcewildcard

(Optional)Specifiesthebitstoignoreinthesourceaddress.

eqport

(Optional)AppliesaccessrulestoTCPorUDPsourceand/ordestination
portnumbersequaltothespecifiedportnumber.
Portnumberscanrangefrom0to65535.
Note: This parameter is not available when you specify the icmp protocol.

destination

Specifiesthenetworkorhosttowhichthepacketwillbesent.Validoptions
forexpressingdestinationare:

IPaddress(A.B.C.D)

anyAnydestinationhost

hostsourceIPaddressofasingledestinationhost

destinationwildcard (Optional)Specifiesthebitstoignoreinthedestinationaddress.
insert|replace
entryno

(Optional)Insertsthisnewentrybeforeaspecifiedentryinanexisting
ACL,orreplacesaspecifiedentrywiththisnewentry.

movedestination
source1source2

Defaults
Ifinsert,replace,ormovearenotspecified,thenewentrywillbeappendedtotheaccesslist.
Ifsource2isnotspecifiedwithmove,onlyoneentrywillbemoved.
Enterasys B5 CLI Reference

22-85

ip access-group

Ifeqportisnotspecified,TCP/UDPportsarenotusedforfiltering.Onlytheprotocol,source,and
destinationareusedforapplyingtherule.

Mode
Globalconfiguration:B5(su)>router(Config)#

Usage
Accesslistsareappliedtointerfacesbyusingtheipaccessgroupcommandasdescribedinip
accessgrouponpage 2286.
ValidaccesslistnumbersforextendedACLsare100to199.ForstandardACLs,validvaluesare1
to99.
Allaccesslistshaveanimplicitdenyanyanystatmentastheirlastentry.

Examples
Thisexampleshowshowtodefineaccesslist145todenyICMPtransmissionsfromanysource
andforanydestination:
B5(su)->router(Config)#access-list 145 deny ICMP any any

Thisexampleappendstoaccesslist145apermitstatementthatallowsthehostwithIPaddress
88.255.255.254todoanSSHremotelogintoanydestinationonTCPport22.
B5(su)->router(Config)#access-list 145 permit tcp host 88.255.255.254 any eq 22

Thisexampleappendstoaccesslist145apermitstatementthatallowsSNMPcontroltraffic(from
UDPport161)tobesentfromIPaddresseswithintherangedefinedby88.255.128.00.0.127.255
toanydestination.
B5(su)->router(Config)#access-list 145 permit udp 88.255.128.0 0.0.127.255 eq 161
any

ip access-group
Usethiscommandtoapplyaccessrestrictionstoinboundframesonaninterfacewhenoperating
inroutermode.Thenoformofthiscommandremovesthespecifiedaccesslist.

Syntax
ip access-group access-list-number in
no ip access-group access-list-number in

Parameters
accesslistnumber

Specifiesthenumberoftheaccesslisttobeappliedtotheaccesslist.This
isadecimalnumberfrom1to199.

Filtersinboundframes.

Defaults
None.

Mode
Interfaceconfiguration:B5(su)>router(Configif(Vlan<vlan_id>))#

22-86

Authentication and Authorization Configuration

ip access-group

Usage
ACLsmustbeappliedperroutinginterface.Anaccesslistcanbeappliedtoinboundtrafficonly.
AccesslistscannowbeappliedtoroutedVLANswhichincorporateLAGs.

Example
Thisexampleshowshowtoapplyaccesslist1forallinboundframesontheVLAN1interface.
Throughthedefinitionofaccesslist1,onlyframeswithasourceaddressonthe192.5.34.0/24
networkwillberouted.AlltheframeswithothersourceaddressesreceivedontheVLAN1
interfacearedropped:
B5(su)->router(Config)#access-list 1 permit 192.5.34.0 0.0.0.255
B5(su)->router(Config)#interface vlan 1
B5(su)->router(Config-if(Vlan 1))#ip access-group 1 in

Enterasys B5 CLI Reference

22-87

ip access-group

22-88

Authentication and Authorization Configuration

23
TACACS+ Configuration
ThischapterprovidesinformationaboutthecommandsusedtoconfigureandmonitorTACACS+
(TerminalAccessControllerAccessControlSystemPlus).
TACACS+isasecurityprotcolthatprovidesservicesforsecureauthentication,CLIcommand
authorization,andCLIauditingforadministrativeaccess.Itcanbeusedasanalternativetothe
standardRADIUSsecurityprotocol(RFC2865).TACACS+runsoverTCPandencryptsthebody
ofeachmanagementpacket.
BasedonthenowobsoleteTACACSprotocol(definedinRFC1492),TACACS+isdefinedinan
unpublishedandexpiredInternetDraftdraftgranttacacs02.txt,TheTACACS+Protocol
Version1.78,January,1997.
FordetailedinformationaboutusingTACACS+inyournetwork,refertotheEnterasysFeature
GuideTACACS+ConfigurationlocatedontheEnterasyswebsite:
https://extranet.enterasys.com/downloads/
For information about...

Refer to page...

show tacacs

23-2

set tacacs

23-3

show tacacs server

23-3

set tacacs server

23-4

clear tacacs server

23-5

show tacacs session

23-6

set tacacs session

23-7

clear tacacs session

23-8

show tacacs command

23-9

set tacacs command

23-9

show tacacs singleconnect

23-10

set tacacs singleconnect

23-10

show tacacs interface

23-11

set tacacs interface

23-11

clear tacacs interface

23-12

Enterasys B5 CLI Reference

23-1

show tacacs

show tacacs
UsethiscommandtodisplaythecurrentTACACS+configurationinformationandstatus.

Syntax
show tacacs [state]

Parameters
state

(Optional)DisplaysonlytheTACACS+clientstatus.

Defaults
Ifstateisnotspecified,allTACACS+configurationinformationwillbedisplayed.

Mode
Switchcommand,ReadOnly.

Example
ThisexampleshowshowtodisplayallTACACSconfigurationinformation.
B5(ro)->show tacacs
TACACS+ status:Disabled
TACACS+ session accounting state:disable
TACACS+ command authorization state:disable
TACACS+ command auccounting state:disable
TACACS+ single connect state:Disabled
TACACS+ service: exec
TACACS+ session authorization A-V pairs:
access-level

attribute

value

read-only

priv-lvl

read-write

priv-lvl

super-user

priv-lvl

TACACS+ Server

IP address

Port

Timeout

--------------

----------

------

-------

192.168.10.1

Table 231providesanexplanationofthecommandoutput.
Table 23-1

23-2

show tacacs Output Details

Output...

What it displays...

TACACS+ status

Whether the TACACS+ client is enabled or disabled.

TACACS+ session accounting

state

Whether TACACS+ session accounting is enabled or disabled.

TACACS+ command
authorization state

Whether TACACS+ command authorization is enabled or disabled.

TACACS+ command accounting

state

Whether TACACS+ command accounting is enabled or disabled.

TACACS+ Configuration

set tacacs

Table 23-1

show tacacs Output Details (Continued)

Output...

What it displays...

TACACS+ singleconnect state

Whether TACACS+ singleconnect is enabled or disabled.

When enabled, the TACACS+ client sends multiple requests over a
single TCP connection.

TACACS+ service

The name of the service that is requested by the TACACS+ client for
session authorization. exec is the default service name.

TACACS+ session authorization

A-V pairs

Displays the attribute value pairs that are mapped to the read-only,
read-write, and super-user access privilege levels for the service
requested for session authorization.
The attribute names and values shown in the example above are the
default values.

TACACS+ Server

Displays the TACACS+ server information used by the TACACS+

client.

set tacacs
UsethiscommandtoenableordisabletheTACACS+client.

Syntax
set tacacs {enable | disable}

Parameters
enable|disable

EnablesordisablestheTACACSclient.

Defaults
None.

Mode
Switchcommand,ReadWrite.

Usage
TheTACACS+clientcanbeenabledontheswitchanytime,withorwithoutaTACACS+server
online.IftheTACACS+serverisofflineandTACACS+isenabled,theloginauthenticationis
switchedtoRADIUSorlocal,ifenabled.

Examples
ThisexampleshowshowtoenabletheTACACS+client.
B5(rw)->set tacacs enable

show tacacs server

UsethiscommandtodisplaythecurrentTACACS+serverconfiguration.

Syntax
show tacacs server {index | all}

Enterasys B5 CLI Reference

23-3

set tacacs server

Parameters
index

DisplaytheconfigurationoftheTACACS+serveridentifiedbyindex.
Thevalueofindexcanrangefrom1to2,147,483,647.

all

DisplaytheconfigurationforallconfiguredTACACS+servers.

Defaults
None.

Mode
Switchcommand,ReadOnly.

Example
ThisexampledisplaysconfigurationinformationforTACACS+server1.
B5(ro)->show tacacs server 1
TACACS+ Server

IP address

Port

Timeout

--------------

----------

------

-------

192.168.10.1

set tacacs server

UsethiscommandtoconfiguretheTACACS+server(s)tobeusedbytheTACACS+client.Youcan
configurethetimeoutvalueforallconfiguredserversorasingleserver,oryoucanconfigurethe
IPaddress,TCPport,andsecretforasingleserver.Forsimplicity,twosyntaxstatementsare
shown.

Syntax
set tacacs server {all | index} timeout seconds
set tacacs server index address port secret

Parameters
all

SpecifythetimeoutvalueforallconfiguredTACACS+servers.

index

ConfiguretheTACACS+serveridentifiedbyindex.Thevalueofindex
canrangefrom1to2,147,483,647.

timeoutseconds

Setthetimeoutvalueforthespecifiedserver(s)inseconds.Thevalueof
secondscanrangefrom1to180seconds.
Thedefaulttimeoutvalueis10seconds.

address

SpecifytheIPaddressoftheTACACS+server.

port

SpecifytheTCPportfortheTACACS+server.Thevalueofportcan
rangefrom0to65535,buttypically,port49isspecified.

secret

Specifythesecret(sharedpassword)fortheTACACS+server.

Defaults
NoTACACS+serversareconfiguredbydefault.
WhenyoudoconfigureaTACACS+server,thedefaulttimeoutvalueis10seconds.

23-4

TACACS+ Configuration

clear tacacs server

Mode
Switchcommand,ReadWrite.

Usage
Upto5TACACS+serverscanbeconfigured,withtheindexvalueof1havingthehighestpriority.
Ifyouwanttochangethedefaulttimeoutvalueforaspecificserverorallservers,youmustenter
thecommandusingthetimeoutparameter.
Whenatleastonebackupserverhasbeenconfiguredandtheswitchlosescontactwiththe
primaryserver,theswitchwillcontactthenextserverinpriority.Iftheswitchwastryingto
authenticateauserwhentheconnectionwaslost,orifthedefaultloginaccess(readonly
permissions)hadbeenreceived,theswitchwilltrytoauthenticateagain.
Ifauserhadalreadybeenauthenticatedandauthorized,thenthebackupserveriscontacted
withoutrequiringanyauthentication.Thebackupserverwilljustauthorizeoraccountforthe
packetscominginforthatuser.SinceataskIDisassociatedwitheachaccountingsession,ifthere
isafailovertoabackupserver,theaccountinginformationwillstillbeassociatedwiththecorrect
sessionusingthetaskID.
Whenafailovertoabackupserveroccurs,syslogmessagesaregeneratedcontainingthereason
forthefailure.

Example
ThisexampleconfiguresTACACS+server1.Then,thedefaulttimeoutvalueof10secondsis
changedto20seconds.
B5(rw)->set tacacs server 1 192.168.10.10 49 mysecret
B5(rw)->set tacacs server 1 timeout 20

clear tacacs server

UsethiscommandtoremoveoneorallconfiguredTACACS+servers,ortoreturnthetimeout
valuetoitsdefaultvalueforoneorallconfiguredTACACS+servers.

Syntax
clear tacacs server {all | index} [timeout]

Parameters
all

SpecifiesthatallconfiguredTACACS+serversshouldbeaffected.

index

SpecifiesoneTACACS+servertobeaffected.

timeout

(Optional)Returnthetimeoutvaluetoitsdefaultvalueof10seconds.

Defaults
Iftimeoutisnotspecified,theaffectedTACACS+serverswillberemoved.

Mode
Switchcommand,ReadWrite.

Enterasys B5 CLI Reference

23-5

show tacacs session

Examples
ThisexampleremovesTACACS+server1.
B5(rw)->clear tacacs server 1

Thisexampleresetsthetimeoutvaluetoitsdefaultvalueof10secondsforallconfigured
TACACS+servers.
B5(rw)->clear tacacs server all timeout

show tacacs session

UsethiscommandtodisplaythecurrentTACACS+clientsessionsettings.

Syntax
show tacacs session {authorization | accounting}

Parameters
authorization

Displayclientsessionauthorizationsettings.

accounting

Displayclientsessionaccountingsettings.

Defaults
None.

Mode
Switchcommand,ReadOnly.

Examples
Thisexampleshowshowtodisplayclientsessionauthorizationinformation:
B5(ro)->show tacacs session authorization
TACACS+ service: exec
TACACS+ session authorization A-V pairs:
access-level

attribute

value

read-only

priv-lvl

read-write

priv-lvl

super-user

priv-lvl

Thisexampleshowshowtodisplayclientsessionaccountingstate.
B5(ro)->show tacacs session accounting
TACACS+ session accounting state:

23-6

TACACS+ Configuration

enabled

set tacacs session

UsethiscommandtoenableordisableTACACS+sessionaccounting,ortoconfigureTACACS+
sessionauthorizationparameters.Forsimplicity,separatesyntaxformatsareshownfor
configuringsessionaccountingandsessionauthorization.

Syntax
set tacacs session accounting {enable | disable}
set tacacs session authorization {service name | read-only attribute value |
read-write attribute value | super-user attribute value}

Parameters
accounting

SpecifiesthatTACACS+sessionaccountingisbeingconfigured.

enable|disable

EnablesordisablesTACACS+sessionaccounting.

authorization

SpecifiesthatTACACS+sessionauthorizationisbeingconfigured.

servicename

SpecifiesthenameoftheservicethattheTACACS+clientwillrequest
fromtheTACACS+server.Thenamespecifiedheremustmatchthe
nameofaserviceconfiguredontheserver.Thedefaultservicenameis
exec.

readonlyattribute
value

Specifiesthatthereadonlyaccessprivilegelevelshouldbematchedto
aprivilegelevelconfiguredontheTACACS+serverbymeansofan
attributevaluepairspecifiedbyattributeandvalue.
Bydefault,attributeisprivlvlandvalueis0.

readwriteattribute
value

Specifiesthatthereadwriteaccessprivilegelevelshouldbematchedto
aprivilegelevelconfiguredontheTACACS+serverbymeansofan
attributevaluepairspecifiedbyattributeandvalue.
Bydefault,attributeisprivlvlandvalueis1.

superuserattribute
value

Specifiesthatthesuperuseraccessprivilegelevelshouldbematchedto
aprivilegelevelconfiguredontheTACACS+serverbymeansofan
attributevaluepairspecifiedbyattributeandvalue.
Bydefault,attributeisprivlvlandvalueis15.

Defaults
None.

Mode
Switchcommand,ReadWrite.

Usage
Whensessionaccountingisenabled,theTACACS+serverwilllogaccountinginformation,suchas
startandstoptimes,IPaddressoftheclient,andsoforth,foreachauthorizedclientsession.
WhentheTACACS+clientisenabledontheswitch(withthesettacacsenablecommand),the
sessionauthorizationparametersconfiguredwiththiscommandaresentbytheclienttothe
TACACS+serverwhenasessionisinitiatedontheswitch.Theparametervaluesmustmatcha
serviceandaccesslevelattributevaluepairsconfiguredontheserverforthesessiontobe
authorized.Iftheparametervaluesdonotmatch,thesessionwillnotbeallowed.

Enterasys B5 CLI Reference

23-7

clear tacacs session

Theservicenameandattributevaluepairscanbeanycharacterstring,andaredeterminedby
yourTACACS+serverconfiguration.
SinceataskIDisassociatedwitheachaccountingsession,ifthereisafailovertoabackupserver,
theaccountinginformationwillstillbeassociatedwiththecorrectsessionusingthetaskID.

Examples
ThisexampleconfigurestheservicerequestedbytheTACACS+clientastheservicenamebasic.
B5(rw)->set tacacs session authorization service basic

Thisexamplemapsthereadwriteaccessprivilegeleveltoanattributenamedprivlvlwiththe
valueof5configuredontheTACACS+server.
B5(rw)->set tacacs session authorization read-write priv-lvl 5

ThisexampleenablesTACACS+sessionaccounting.
B5(rw)->set tacacs session accounting enable

clear tacacs session

UsethiscommandtoreturntheTACACS+sessionauthorizationsettingstotheirdefaultvalues.

Syntax
clear tacacs session authorization {[service]|[read-only]|[read-write] |
[super-user]}

Parameters
authorization

ClearstheTACACS+sessionauthorizationparameters.

service

ClearstheTACACS+sessionauthorizationservicenametothedefault
valueofexec.

readonly

ClearstheTACACS+sessionauthorizationreadonlyattributevalue
pairtotheirdefaultvaluesofprivlvland0.

readwrite

ClearstheTACACS+sessionauthorizationreadwriteattributevalue
pairtotheirdefaultvaluesofprivlvland1.

superuser

ClearstheTACACS+sessionauthorizationsuperuserattributevalue
pairtotheirdefaultvaluesofprivlvland15.

Defaults
Atleastoneofthesessionauthorizationparametersmustbespecified.

Mode
Switchcommand,ReadWrite.

Examples
Thisexampleshowshowtoreturntheservicenametothedefaultofexec.
B5(rw)->clear tacacs session authorization service

Thisexampleshowshowtoreturnallthesessionauthorizationparameterstotheirdefaultvalues.
B5(rw)->clear tacacs session authorization service read-only read-write superuser

23-8

TACACS+ Configuration

show tacacs command

Usethiscommandtodisplaythestatus(enabledordisabled)ofTACACS+accountingor
authorizationonapercommandbasis.

Syntax
show tacacs command {accounting | authorization}

Parameters
accounting

DisplaythestatusofTACACS+accountingonapercommandbasis.

authorization

DisplaythestatusofTACACS+authorizationonapercommandbasis.

Defaults
None.

Mode
Switchcommand,ReadWrite.

Example
ThisexampleshowshowtodisplaythestateoftheTACACS+clientscommandauthorization.
B5(rw)->show tacacs command authorization
TACACS+ command authorization state:

enabled

set tacacs command

UsethiscommandtoenableordisableTACACS+accountingorauthorizationonapercommand
basis.

Syntax
set tacacs command {accounting | authorization} {enable | disable}

Parameters
accounting|
authorization

SpecifieseitherTACACS+accountingorauthorizationtobeenabledor
disabled.

enable|disable

Enableordisableaccountingorauthorizationonapercommandbasis.

Defaults
None.

Mode
Switchcommand,ReadWrite.

Usage
InorderforpercommandaccountingorauthorizationbyaTACACS+servertotakeplace,the
commandmustbeexecutedwithinanauthorizedsession.

Enterasys B5 CLI Reference

23-9

show tacacs singleconnect

Whenpercommandaccountingisenabled,theTACACS+serverwilllogaccountinginformation,
suchasstartandstoptimes,IPaddressoftheclient,andsoforth,foreachcommandexecuted
duringthesession.
Whenpercommandauthorizationisenabled,theTACACS+serverwillcheckwhethereach
commandispermittedforthatauthorizedsessionandreturnasuccessorfail.Iftheauthorization
fails,thecommandisnotexecuted.

Example
ThisexampleshowshowtoenableTACACS+authorizationonacommandbasis.
B5(rw)->set tacacs command authorization enable

show tacacs singleconnect

UsethiscommandtodisplaythecurrentstatusoftheTACACS+clientsabilitytosendmultiple
requestsoverasingleTCPconnection.

Syntax
show tacacs singleconnect

Parameters
None.

Defaults
None.

Mode
Switchcommand,ReadWrite.

Example
ThisexampleshowshowtodisplaythestateoftheTACACS+clientsabilitytosendmultiple
requestsoverasingleconnection.
B5(rw)->show tacacs singleconnect
TACACS+ single-connect state:

enabled

set tacacs singleconnect

UsethiscommandtoenableordisabletheabilityoftheTACACS+clienttosendmultiplerequests
overasingleTCPconnection.Whenenabled,theTACACS+clientwilluseasingleTCP
connectionforallrequeststoagivenTACACS+server.

Syntax
set tacacs singleconnect {enable | disable}

Parameters
enable|disable

23-10

TACACS+ Configuration

EnableordisabletheabilitytosendmultiplerequestsoverasingleTCP
connection.

show tacacs interface

Defaults
None.

Mode
Switchcommand,ReadWrite.

Examples
Thisexampleshowshowtodisablesendingmultiplerequestsoverasingleconnection.
B5(rw)->set tacacs singleconnect disable

show tacacs interface

UsethiscommandtodisplaytheinterfaceusedforthesourceIPaddressoftheTACACS+packets
generatedbytheswitch.

Syntax
show tacacs interface

Parameters
None.

Defaults
None.

Mode
Switchmode,readonly.

Example
Thisexampledisplaystheoutputofthiscommand.Inthiscase,theIPaddressassignedto
loopbackinterface1willbeusedasthesourceIPaddressoftheTACACS+packetsgeneratedby
theswitch.
B5(rw)->show tacacs interface
loopback 1

192.168.10.1

set tacacs interface

UsethiscommandtospecifytheinterfaceusedforthesourceIPaddressoftheTACACS+packets
generatedbytheswitch.

Syntax
set tacacs interface {loopback loop-ID | vlan vlan-ID}

Parameters
loopbackloopID

Specifiestheloopbackinterfacetobeused.ThevalueofloopIDcan
rangefrom0to7.

Enterasys B5 CLI Reference

23-11

clear tacacs interface

vlanvlanID

SpecifiestheVLANinterfacetobeused.ThevalueofvlanIDcanrange
from1to4093.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
ThiscommandallowsyoutoconfigurethesourceIPaddressusedbytheTACACS+application
ontheswitchwhengeneratingpacketsformanagementpurposes.Anyofthemanagement
interfaces,includingVLANroutinginterfaces,canbeconfiguredasthesourceIPaddressusedin
packetsgeneratedbytheTACACS+client.
AninterfacemusthaveanIPaddressassignedtoitbeforeitcanbesetbythiscommand.
Ifnointerfaceisspecified,thentheIPaddressoftheHostinterfacewillbeused.
Ifanonloopbackinterfaceisconfiguredwiththiscommand,applicationpacketegressis
restrictedtothatinterfaceiftheservercanbereachedfromthatinterface.Otherwise,thepackets
aretransmittedoverthefirstavailableroute.Packetsfromtheapplicationserverarereceivedon
theconfiguredinterface.
Ifaloopbackinterfaceisconfigured,andtherearemultiplepathstotheapplicationserver,the
outgoinginterface(gateway)isdeterminedbasedonthebestroutelookup.Packetsfromthe
applicationserverarethenreceivedonthesendinginterface.Ifrouteredundancyisrequired,
therefore,aloopbackinterfaceshouldbeconfigured.

Example
ThisexampleconfiguresanIPaddressonVLANinterface100andthensetsthatinterfaceasthe
TACACS+clientsourceIPaddress.
B5(rw)->router(Config-if(Vlan 100))#ip address 192.168.10.1 255.255.255.0
B5(rw)->router(Config-if(Vlan 100))#exit
B5(rw)->router(Config)#exit
B5(rw)->router#exit
B5(rw)->router>exit
B5(rw)->set tacacs interface vlan 100

B5(rw)->show tacacs interface

vlan 100

192.168.10.1

clear tacacs interface

UsethiscommandtocleartheinterfaceusedforthesourceIPaddressoftheTACACS+clientback
tothedefaultoftheHostinterface.

Syntax
clear tacacs interface

Parameters
23-12

TACACS+ Configuration

clear tacacs interface

None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThiscommandreturnstheinterfaceusedforthesourceIPaddressoftheTACACS+clientbackto
thedefaultoftheHostinterface.
B5(rw)->show tacacs interface
vlan 100

192.168.10.1

B5(rw)->clear tacacs interface

B5(rw)->

Enterasys B5 CLI Reference

23-13

clear tacacs interface

23-14

TACACS+ Configuration

24
sFlow Configuration
ThischapterprovidesinformationaboutthecommandsusedtoconfigureandmonitorthesFlow
system.
For information about...

Refer to page...

Overview

24-1

Commands

24-4

Overview
sFlowisamethodformonitoringhighspeedswitchedandroutednetworks.sFlowtechnologyis
builtintonetworkequipmentandgivesvisibilityintonetworkactivity,enablingeffective
managementandcontrolofnetworkresources.
AnsFlowsolutionconsistsofansFlowAgent,embeddedinthenetworkdevicesuchasaswitch
orrouter,andansFlowCollector.ThesFlowAgentusessamplingtechnologytocapturetraffic
statisticsfromthedeviceitismonitoringandimmediatelyforwardsthesampledtrafficstatistics
toansFlowCollectorforanalysisinsFlowdatagrams.
ThesFlowAgentusestwoformsofsamplingstatisticalpacketbasedsamplingofswitchedor
routedPacketFlows,andtimebasedsamplingofcounters.
Version5ofsFlowisdescribedindetailinthedocumententitledsFlowVersion5availablefrom
sFlow.org(http://www.sflow.org).

Using sFlow in Your Network

TheadvantagesofusingsFlowinclude:

sFlowmakesitpossibletomonitorportsofaswitch,withnoimpactonthedistributed
switchingperformance.(SeeUsageNotesonpage 243formoreinformation.)

sFlowrequiresverylittlememoryorCPUusage.Samplesarenotaggregatedintoaflow
tableontheswitchtheyareforwardedimmediatelyoverthenetworktothesFlow
Collector.

Thesystemistoleranttopacketlossinthenetwork.(Thestatisticalmodelmeanslossis
equivalenttoaslightchangeinthesamplingrate.)

ThesFlowCollectorcanreceivedatafrommultipleswitches,providingarealtime
synchronizedviewofthewholenetwork.

ThesFlowCollectorcananalyzetrafficpatternsforwhateverprotocolsarefoundinthe
packetheaders(forexample,TCP/IP,IPX,Ethernet,AppleTalk).Thereisnoneedforthelayer
2switchtodecodeandunderstandallprotocols.

Enterasys B5 CLI Reference

24-1

Overview

Definitions
ThefollowingtabledescribessomeofthemainsFlowtermsandconcepts.
Table 24-1

sFlow Definitions

Term

Definition

Data Source

A Data Source refers to a location within a Network Device that

can make traffic measurements. Possible Data Sources include
interfaces and VLANs.

Packet Flow

A Packet Flow is defined as the path or trajectory that a packet

takes through a Network Device (That is, the path that a packet
takes as it is received on one interface, is subjected to a switching/
routing decision, and is then sent on another interface).

Packet Flow Sampling

Packet Flow Sampling refers to the random selection of a fraction

of the Packet Flows observed at a Data Source.

Sampling Rate

The Sampling Rate specifies the ratio of packets observed at the

Data Source to the samples generated.

Sampling Interval

The time period between successive Counter Samples.

sFlow Instance

An sFlow Instance refers to a measurement process associated

with a Data Source.

sFlow Agent

The sFlow Agent provides an interface for configuring the sFlow

Instances within a device.

sFlow Collector

An sFlow Collector receives sFlow Datagrams from one or more

sFlow Agents. The sFlow Collector may also configure sFlow
Instances using the configuration mechanisms provided by the
sFlow Agent.

sFlow Datagram

An sFlow Datagram is a UDP datagram that contains the

measurement data, and information about the measurement
source and process.

sFlow Agent Functionality

PacketflowsamplingandcountersamplingareperformedbysFlowInstancesassociatedwith
individualDataSourceswithinthesFlowAgent.Packetflowsamplingandcountersamplingare
designedaspartofanintegratedsystem.BothtypesofsamplesarecombinedinsFlowdatagrams.
Packetflowsamplingwillcauseasteady,butrandom,streamofsFlowdatagramstobesenttothe
sFlowCollector.Countersamplesmaybetakenopportunisticallyinordertofillthesedatagrams.
Inordertoperformpacketflowsampling,ansFlowSamplerInstanceisconfiguredwitha
samplingrate.Thepacketflowsamplingprocessresultsinthegenerationofpacketflowrecords.
Inordertoperformcountersampling,ansFlowPollerInstanceisconfiguredwithapolling
interval.Thecountersamplingprocessresultsinthegenerationofcounterrecords.ThesFlow
AgentcollectscounterrecordsandpacketflowrecordsandsendsthemintheformofsFlow
datagramstosFlowCollectors.

Sampling Mechanisms
TwoformsofsamplingareperformedbythesFlowAgent:statisticalpacketbasedsamplingof
switchedorroutedpacketflows,andtimebasedsamplingofcounters.

24-2

sFlow Configuration

Overview

Packet Flow Sampling

ThepacketflowsamplingmechanismcarriedoutbyeachsFlowInstanceensuresthatanypacket
observedataDataSourcehasanequalchanceofbeingsampled,irrespectiveofthepacketflow(s)
towhichitbelongs.
Packetflowsamplingisaccomplishedasfollows:
1.

Whenapacketarrivesonaninterface,theNetworkDevicemakesafilteringdecisionto
determinewhetherthepacketshouldbedropped.

Ifthepacketisnotfiltered(dropped),adestinationinterfaceisassignedbytheswitching/
routingfunction.

Atthispoint,adecisionismadeonwhetherornottosamplethepacket.Themechanism
involvesacounterthatisdecrementedwitheachpacket.Whenthecounterreacheszeroa
sampleistaken.

Whenasampleistaken,thecounterindicatinghowmanypacketstoskipbeforetakingthe
nextsampleisreset.Thevalueofthecounterissettoarandomintegerwherethesequenceof
randomintegersusedovertimeistheSamplingRate.

PacketflowsamplingresultsinthegenerationofPacketFlowRecords.APacketFlowRecord
containsinformationabouttheattributesofapacketflow,including:

Informationonthepacketitselfapacketheader,packetlength,andpacketencapsulation.

Informationaboutthepaththepackettookthroughthedevice,includinginformationrelating
totheselectionoftheforwardingpath.

Counter Sampling
Theprimaryobjectiveofthecountersamplingisto,inanefficientway,periodicallyexport
countersassociatedwithDataSources.AmaximumsamplingintervalisassignedtoeachsFlow
InstanceassociatedwithaDataSource.
Countersamplingisaccomplishedasfollows:
1.

ThesFlowAgentkeepalistofcountersourcesbeingsampled.

WhenaPacketFlowSampleisgenerated,thesFlowAgentexaminesthelistofcounter
sourcesandaddscounterstothesampledatagram,leastrecentlysampledfirst.
Countersareonlyaddedtothedatagramifthesourcesarewithinashortperiod,5seconds
say,offailingtomeettherequiredsamplinginterval.

Periodically,sayeverysecond,thesFlowAgentexaminesthelistofcountersourcesandsends
anycountersthatneedtobesenttomeetthesamplingintervalrequirement.

ThesetofcountersisafixedsetdefinedinSection5ofthedocumententitledsFlowVersion5
availablefromsFlow.org(http://www.sflow.org).

Usage Notes
sFlowisdisabledbydefault,andthereforemustbemanuallyenabled.
Althoughtheswitchhardwarehasthecapabilitytosamplepacketsonanyport,toensurethat
CPUutilitizationisnotcompromised,thenumberofsFlowsamplersthatcanbeconfiguredper
switchorstackofswitchesislimitedtoamaximumof32.Thereisnolimitationonthenumberof
pollersthatcanbeconfigured.
Undercertaincircumstances,theswitchwilldroppacketsamplesthatthesFlowimplementation
isnotabletocountandthereforecannotcorrectlyreportsample_poolanddropsfieldsofflow

Enterasys B5 CLI Reference

24-3

Commands

samplessenttothesFlowCollector.Underheavyload,thissamplelosscouldbesignificantand
couldthereforeaffecttheaccuracyofthesamplinganalysis.

Example Configuration
ThegeneralprocedureforconfiguringsFlowincludes:
1.

ConfigureyoursFlowCollectorinformationtobeusedbythesFlowAgentontheswitch.Up
toeightCollectorscanbeconfigured.TheinformationisstoredinthesFlowReceiverTable.

EnableandconfiguresFlowpacketflowsamplinginstancesoneachport.

EnableandconfiguresFlowcountersamplingpollerinstancesoneachport.

ThefollowingisanexampleofthecommandsusedtoconfiguresFlow:
# configure sFlow Collector 1
# accept defaults for datagram size and port
set sflow receiver 1 owner enterasys timeout 180000
set sflow receiver 1 ip 192.168.16.91
#
#configure packet sampling instances on ports 1 through 12
#assign to sFlow Collector 1
set sflow port ge.1.1-12 sampler 1
set sflow port ge.1.1-12 sampler maxheadersize 256
set sflow port ge.1.1-12 sampler rate 2048
#
#configure counter poller instances on ports 1 through 12
#assign to sFlow Collector 1
set sflow port ge.1.1-12 poller 1
set sflow port ge.1.1-12 poller interval 20

Commands
For information about...

24-4

Refer to page...

show sflow receivers

24-5

set sflow receiver owner

24-7

set sflow receiver ip

24-7

set sflow receiver maxdatagram

24-8

set sflow receiver port

24-9

clear sflow receiver

24-9

set sflow port poller

24-10

show sflow pollers

24-11

clear sflow port poller

24-12

set sflow port sampler

24-12

show sflow samplers

24-13

sFlow Configuration

show sflow receivers

For information about...

Refer to page...

clear sflow port sampler

24-14

set sflow interface

24-14

show sflow interface

24-15

clear sflow interface

24-16

show sflow agent

24-17

show sflow receivers

UsethiscommandtodisplaythecontentsofthesFlowReceiversTable,ortodisplayinformation
aboutaspecificsFlowCollectorlistedinthetable.

Syntax
show sflow receivers [index]

Parameters
index

(Optional)SpecifiesaspecificCollectortodisplayinformationabout.

Defaults
ThecontentsofthesFlowReceiversTableisdisplayed.

Mode
Switchcommand,readonly.

Usage
ExecutingthiscommandwithoutspecifyinganindexintothesFlowReceiversTabledisplays
informationaboutalltheCollectorsconfiguredontheswitch.
IfyouspecifyanindividualCollectorbyitsindexnumber,additionalinformationisdisplayedfor
thatCollector.

Examples
ThisexampledisplaysthesFlowReceiversTable.
B5(su)->show sflow receivers
Receiver Owner
Index

Time out

String

Max Datagram Port

IP Address

Size

-------- -------- ---------- ------------ ----- ------------------1

ets1

17766

1400

6343

10.1.2.117

ThisexampledisplaysinformationabouttheCollectorwithindex1.
B5(su)->show sflow receivers 1
Receiver Index

Owner String

ets1

Time out

17758

Enterasys B5 CLI Reference

24-5

show sflow receivers

IP Address:

10.1.2.117

Address Type

IPv4

Port

6343

Datagram Version

Maximum Datagram Size

1400

Thefollowingtabledescribestheoutputfields.
Table 24-2

24-6

show sflow receivers Output Descriptions

Output...

What it displays...

Receiver Index

Index number of a specific Collector entry in the sFlow Receivers

Table. Up to 8 Collectors may be configured.

Owner String

Identity string of the Collector. An empty string indicates that the

entry is unclaimed and cannot be assigned to a sampler or poller
instance. The owner string is configured with the set sflow receiver
owner command.

Time Out

The time remaining, in seconds, before the sampler or poller is

released and stops sending samples to this receiver/Collector.
The timeout value is configured with the set sflow receiver owner
command.

IP Address

The IP address of this receiver/Collector. The IP address is

configured with the set sflow receiver ip command.

Address Type

Whether the Collector IP address is IPv4 or IPv6.

Port

The UDP port number on this receiver/Collector to which sample

datagrams should be sent. The default value is 6343, which can
be changed with the set sflow receiver port command.

Datagram Version

Specifies the sFlow version used for formatting the sample

datagrams.

Max Datagram Size

The maximum number of data bytes that can be sent in a single

sample datagram to this receiver/Collector. The default value is
1400 bytes, which can be changed with the set sflow receiver
maxdatagram command.

sFlow Configuration

set sflow receiver owner

UsethiscommandtoconfiguretheowneridentitystringandtimeoutvalueforansFlowCollector
intheswitchssFlowReceiversTable.

Syntax
set sflow receiver index owner owner-string timeout timeout

Parameters
index

IndexnumberinthesFlowReceiversTableforthereceiver/Collector
beingconfigured.Theindexcanrangefrom1to8.

ownerownerstring

Theidentitystringofthereceiver/Collectorbeingconfigured.
Thestringcanbeupto127charactersinlength.

timeouttimeout

Thetime,inseconds,remainingbeforethereceiver/Collectorbeing
configuredandallassociatedsamplersandpollersexpire.
Thevaluecanrangefrom0to4294967295seconds.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
InorderforansFlowCollectortobeassignedtoreceivesampledatagramsfromthesFlowAgent
ontheswitch,anentryforthatCollectormustbeconfiguredintheswitchssFlowReceiversTable.
Anentrymustcontainanowneridentitystring,anonzerotimeoutvalue,andtheIPaddressof
theCollector.ConfiguretheIPaddresswiththesetsflowreceiveripcommand.
Anentrywithoutanowneridentitystringisconsideredunclaimedandcannotbeassignedasa
receivertosamplerorpollerinstances.
Oncethetimersetbythiscommandexpires,thereceiver/Collectorandallthesamplersand
pollersassociatedwiththisCollectorexpireandareremovedfromtheswitchsconfiguration.In
ordertostartsendingsampledatatotheCollectoragain,theCollectormustbereconfiguredwith
anewtimeoutvalueandsamplersandpollersmustbeconfiguredagain.Therefore,youshould
considersettingthetimeoutvaluetothelargestvaluethatisreasonableforyourenvironment.

Example
Thisexampleconfiguresanentryforindex1inthesFlowReceiversTable.
B5(su)->set sflow receiver 1 owner ets1 timeout 180000

set sflow receiver ip

UsethiscommandtoconfiguretheIPaddressofansFlowCollectorintheswitchssFlow
ReceiversTable.

Syntax
set sflow receiver index ip ipaddr
Enterasys B5 CLI Reference

24-7

set sflow receiver maxdatagram

Parameters
index

IndexnumberinthesFlowReceiversTableforthereceiver/Collector
beingconfigured.Theindexcanrangefrom1to8.

ipipaddr

TheIPaddressofthereceiver/Collectorbeingconfigured.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThisexampleconfiguresanIPaddressof10.10.10.10toindexentry1.
B5(su)->set sflow receiver 1 ip 10.10.10.10

set sflow receiver maxdatagram

Usethiscommandtosetthemaximumnumberofdatabytesthatcanbesentinasinglesample
datagram.

Syntax
set sflow receiver index maxdatagram bytes

Parameters
index

IndexnumberinthesFlowReceiversTableforthereceiver/Collector
beingconfigured.Theindexcanrangefrom1to8.

maxdatagrambytes

Specifiesthemaximumnumberofdatabytesthatcanbesentinasingle
sampledatagram.Thissizeshouldbesettoavoidfragmentationofthe
sFlowdatagrams.
Thevalueofbytescanrangefrom200to9116.Thedefaultis1400.

Defaults
Defaultmaximumdatagramsizeis1400bytes.

Mode
Switchcommand,readwrite.

24-8

sFlow Configuration

set sflow receiver port

Example
Thisexamplesetsthemaximumdatagramsizeto2800bytesforindexentry1.
B5(su)->set sflow receiver 1 maxdatagram 2800

set sflow receiver port

UsethiscommandtoconfiguretheUDPportonthesFlowControllertowhichtheswitchwill
sendsampledatagrams.

Syntax
set sflow receiver index port port

Parameters
index

IndexnumberinthesFlowReceiversTableforthereceiver/Collector
beingconfigured.Theindexcanrangefrom1to8.

portport

SpecifiestheUDPportonthereceiver/Collectortowhichthesample
datagramsshouldbesent.Bydefault,theportis6343.

Defaults
Thedefaultportvalueis6343.

Mode
Switchcommand,readwrite.

Example
ThisexamplechangesthesFlowreceiverportontheCollectorto1234.
B5(su)->set sflow receiver 1 port 1234

clear sflow receiver

Usethiscommandtodeleteareceiver/CollectorfromthesFlowReceiversTable,ortoreturn
certainparameterstotheirdefaultvaluesforthespecifiedCollector.

Syntax
clear sflow receiver index [ip | maxdatagram | owner [timeout] | port]

Parameters
index

IndexnumberinthesFlowReceiversTableforthereceiver/Collector
beingconfigured.Theindexcanrangefrom1to8.

(Optional)CleartheIPaddress.

maxdatagram

(Optional)Returnthemaximumdatagramsizeto1400bytes.

owner

(Optional)Cleartheowneridentitystring.EntriesinthesFlowReceiver
Tablewithoutanidentitystringareconsideredunclaimed.

timeout

(Optional)Clearthetimeoutvalueofthespecifiedentry.

Enterasys B5 CLI Reference

24-9

set sflow port poller

portport

(Optional)CleartheUDPportonthereceiver/Collectortowhichthe
sampledatagramsshouldbesent.Thevalueisresettothedefaultof
6343.

Defaults
Ifnooptionalparametersarespecified,theentireentryiscleared.

Mode
Switchcommand,readwrite.

Usage
YoucancleartheIPaddress,maximumdatagramsize,orUDPportwithoutdeletinganentry
fromthesFlowReceiversTable.Ifyoucleartheownerortimeout,theentireentryiscleared.Ifyou
enteronlyanentryindexandnoneoftheoptionalparameters,theentireentryiscleared.
Onceanentryiscleared,allpollersandsamplersassociatedwiththatreceiverarealsoremoved
fromtheswitchconfiguration.

Example
Thisexamplereturnsthemaximumdatagramsizetothedefaultof1400bytesfortheCollector
withindex1.
B5(su)->clear sflow receiver 1 maxdatagram

set sflow port poller

Usethiscommandtoconfigurepollerinstancesonports,ordatasources.

Syntax
set sflow port port-string poller {index | interval seconds}

Parameters
portstring

Specifiestheportorports(datasources)onwhichthepollerinstanceis
beingconfigured.

index

IndexnumberinthesFlowReceiversTableforthereceiver/Collector
withwhichthepollerinstanceisassociated.Theindexcanrangefrom1
to8.

intervalseconds

Specifiesthepollinginterval,whichcanrangefrom0to86400seconds.
Avalueof0disablescountersampling.

Defaults
Thedefaultintervalvalueis0seconds,whichdisablescountersampling.

Mode
Switchcommand,readwrite.

24-10

sFlow Configuration

show sflow pollers

Usage
Apollerinstanceperformscountersamplingonthedatasourcetowhichitisconfigured.Referto
SamplingMechanismsonpage 242formoreinformation.
Youmustfirstassociateareceiver/CollectorinthesFlowReceiversTablewiththepollerinstance,
beforeconfiguringthepollinginterval.
WhenareceivertimesoutorisclearedfromthesFlowReceiversTable,allpollerandsampler
instancesassociatedwiththatreceiverarealsoclearedfromtheswitchsconfiguration.

Example
Thefollowingexampleconfigurespollerinstancesonportsge.1.1throughge.1.8andassociates
themwithreceiver1.Then,apollingintervalof240secondsisconfigured.
B5(su)->set sflow port ge.1.1-8 poller 1
B5(su)->set sflow port ge.1.1-8 poller interval 240

show sflow pollers

Usethiscommandtodisplayinformationaboutconfiguredpollerinstances.

Syntax
show sflow pollers

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
Thisexampledisplaystheoutputofthiscommand.
B5(su)->show sflow pollers
Poller
Data Source
-----------

Receiver
Index
-------

Poller
Interval
-------

ge.1.1

240

ge.1.2

240

ge.1.3

240

ge.1.4

240

ge.1.5

240

ge.1.6

240

ge.1.7

240

ge.1.8

240

Enterasys B5 CLI Reference

24-11

clear sflow port poller

Usethiscommandtochangethepollerintervalortoremovepollerinstances.

Syntax
clear sflow port port-string poller [interval]

Parameters
portstring

Specifiestheportorportsonwhichthepollerinstanceisbeingcleared.

interval

(Optional)Specifiesthatthepollingintervalshouldbeclearedto0.A
valueof0disablescountersampling.

Defaults
Ifintervalisnotspecified,thepollerinstanceiscleared.

Mode
Switchcommand,readwrite.

Example
Thisexampleremovesthepollerinstanceonportge.1.1.
B5(su)->clear sflow port ge.1.1 poller

set sflow port sampler

Usethiscommandtoconfiguresamplerinstancesonports,ordatasources.

Syntax
set sflow port port-string sampler {index | maxheadersize bytes | rate rate}

Parameters
portstring

Specifiestheportorports(datasources)onwhichthesamplerinstance
isbeingconfigured.

index

IndexnumberinthesFlowReceiversTableforthereceiver/Collector
withwhichthesamplerinstanceisassociated.Theindexcanrangefrom
1to8.

maxheadersizebytes

Specifiesthemaximumnumberofbytesthatshouldbecopiedfromthe
samplerpacket.Thevaluecanrangefrom20to256bytes.Thedefaultis
128bytes.

raterate

Specifiesthestatisticalsamplingrateforsamplingfromthisdata
source.Thevalueofratespecifiesthenumberofincomingpacketsfrom
whichonepacketwillbesampled.Forexample,iftherateis1024,one
packetwillbesampledfromevery1024ingressingpacketsonthisdata
source.
Theratecanrangefrom1024to65536.Avalueof0disablessampling.
Thedefaultvalueis0.

24-12

sFlow Configuration

show sflow samplers

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
Asamplerinstanceperformspacketflowsamplingonthedatasourcetowhichitisconfigured.
RefertoSamplingMechanismsonpage 242formoreinformation.
Youmustfirstassociateareceiver/CollectorinthesFlowReceiversTablewiththesampler
instance,beforeconfiguringthesamplingrateormaximumnumberofbytescopiedfromsampled
packets.
WhenareceivertimesoutorisclearedfromthesFlowReceiversTable,allpollerandsampler
instancesassociatedwiththatreceiverarealsoclearedfromtheswitchsconfiguration.
Amaximumof32samplerinstancescanbeconfiguredperswitchorstackofswitches.

Example
Thefollowingexampleconfiguressamplerinstancesonportsge.1.1throughge.1.8andassociates
themwithreceiver1.Then,asamplingrateof1024isconfigured.Thedefaultmaxheadersizeof
128bytesisused.
B5(su)->set sflow port ge.1.1-8 sampler 1
B5(su)->set sflow port ge.1.1-8 sampler rate 1024

show sflow samplers

Usethiscommandtodisplayinformationaboutconfiguredsamplerinstances.

Syntax
show sflow samplers

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
Thisexampledisplaystheoutputofthiscommand.
B5(su)->show sflow samplers
Sampler
Data Source
-----------

Receiver
Index
-------

Packet
Sampling Rate
-------------

Max Header
Size
----------

ge.1.1

1024

128

Enterasys B5 CLI Reference

24-13

clear sflow port sampler

ge.1.2

1024

128

ge.1.3

1024

128

ge.1.4

1024

128

ge.1.5

1024

128

ge.1.6

1024

128

ge.1.7

1024

128

ge.1.8

1024

128

clear sflow port sampler

Usethiscommandtochangethesamplerrateormaximumheadersize,ortoremovesampler
instances.

Syntax
clear sflow port port-string sampler [maxheadersize | rate]

Parameters
portstring

Specifiestheportorportsonwhichthesamplerinstanceisbeing
cleared.

maxheadersize

(Optional)Specifiesthatthemaximumheadersizeshouldbeclearedto
thedefaultvalueof128bytes.

rate

(Optional)Specifiesthatthesamplingrateshouldbeclearedtothe
defaultvalueof0,whichdisablessamplingbytheinstance.

Defaults
Ifneitheroptionalparameterisspecified,thesamplerinstanceiscleared.

Mode
Switchcommand,readwrite.

Example
Thisexampleremovesthesamplerinstanceonportge.1.1.
B5(su)->clear sflow port ge.1.1 sampler

set sflow interface

UsethiscommandtospecifytheinterfaceusedforthesourceIPaddressofthesFlowAgentwhen
sendingsamplingdatagramstothesFlowCollector.

Syntax
set sflow interface {loopback loop-ID | vlan vlan-ID}

Parameters
loopbackloopID

24-14

sFlow Configuration

Specifiestheloopbackinterfacetobeused.ThevalueofloopIDcan
rangefrom0to7.

show sflow interface

vlanvlanID

SpecifiestheVLANinterfacetobeused.ThevalueofvlanIDcanrange
from1to4093.

Defaults
None.

Mode
Switchcommand,readwrite.

Usage
ThiscommandallowsyoutoconfigurethemanagementinterfaceusedbythesFlowAgentwhen
sendingsamplingdatagramstothesFlowCollector.Anyoftheinterfaces,includingVLAN
routinginterfaces,canbeconfiguredasthemanagementinterface.
AninterfacemusthaveanIPaddressassignedtoitbeforeitcanbesetbythiscommand.
Ifnointerfaceisspecified,thentheHostVLANwillbeusedasthemanagementinterface.
Ifanonloopbackinterfaceisconfiguredwiththiscommand,applicationpacketegressis
restrictedtothatinterfaceiftheservercanbereachedfromthatinterface.Otherwise,thepackets
aretransmittedoverthefirstavailableroute.Packetsfromtheapplicationserverarereceivedon
theconfiguredinterface.
Ifaloopbackinterfaceisconfigured,andtherearemultiplepathstotheapplicationserver,the
outgoinginterface(gateway)isdeterminedbasedonthebestroutelookup.Packetsfromthe
applicationserverarethenreceivedonthesendinginterface.Ifrouteredundancyisrequired,
therefore,aloopbackinterfaceshouldbeconfigured.

Example
ThisexampleconfiguresanIPaddressonVLANinterface100andthensetsthatinterfaceasthe
managementinterfaceforthesFlowAgent.
B5(rw)->router(Config-if(Vlan 100))#ip address 192.168.10.1 255.255.255.0
B5(rw)->router(Config-if(Vlan 100))#exit
B5(rw)->router(Config)#exit
B5(rw)->router#exit
B5(rw)->router>exit
B5(rw)->set sflow interface vlan 100

B5(rw)->show sflow interface

vlan 100

192.168.10.1

show sflow interface

UsethiscommandtodisplaytheinterfaceusedbythesFlowAgentwhensendingsampling
datagramstothesFlowCollector.

Syntax
show sflow interface

Parameters

Enterasys B5 CLI Reference

24-15

clear sflow interface

None.

Defaults
None.

Mode
Switchmode,readonly.

Example
Thisexampledisplaystheoutputofthiscommand.Inthiscase,theIPaddressassignedto
loopbackinterface1willbeusedasthesourceIPaddressofthesFlowAgent.
B5(rw)->show sflow interface
loopback 1

192.168.10.1

clear sflow interface

UsethiscommandtoclearthemanagementinterfaceusedbythesFlowAgentbacktothedefault
oftheHostVLAN.

Syntax
clear sflow interface

Parameters
None.

Defaults
None.

Mode
Switchcommand,readwrite.

Example
ThiscommandreturnsthemanagmentinterfaceusedbythesFlowAgentbacktothedefaultof
theHostVLAN.
B5(rw)->show sflow interface
vlan 100

192.168.10.1

B5(rw)->clear sflow interface

B5(rw)->

24-16

sFlow Configuration

show sflow agent

UsethiscommandtodisplayinformationaboutthesFlowAgent.

Syntax
show sflow agent

Parameters
None.

Defaults
None.

Mode
Switchcommand,readonly.

Example
Thisexampledisplaystheoutputofthiscommand.
B5(rw)->show sflow agent

sFlow Version

1.3;Enterasys Networks.;06.41.01.0017

IP Address

192.168.0.100

Enterasys B5 CLI Reference

24-17

show sflow agent

24-18

sFlow Configuration

A
Policy and Authentication Capacities
ThisappendixliststhepolicyandauthenticationcapacitiesoftheEnterasysB5asofthedatethis
documentwaspublished.PleaserefertotheReleaseNotesforyourfirmwareversionforthelatest
capacityinformation.

Policy Capacities
RefertotheConfiguringPolicyFeatureGuideforanindepthdiscussionofPolicy
configuration.ThisFeatureGuideislocatedontheEnterasysNetworkswebsite:
https://extranet.enterasys.com/downloads/
Table A-1

Policy Capacities

Feature

Capacity

Maximum policy roles (profiles) per system

Maximum number of unique rules per system

1536

Maximum number of ether type rules

256

Maximum number of MAC rules

256

Maximum number of Layer 3/4 rules

1024

Maximum number of rules per single role

250

Maximum number of masks

No limit

CoS rate limiting (IRL) support

Yes

Priority-based rate limiting

Rule-based rate limiting

Role-based rate limiting

Yes

Fixed rule precedence

Yes

Supported rule types

ether type (numuser = 1)1, 2

vlan/cos/drop/fwd (max 7 vlan rules per profile)

mac dest/mac source

cos/drop/fwd

ip protocol1

cos/drop/fwd

ip dest socket/ip source socket

cos/drop/fwd

ip tos1

cos/drop/fwd

tcp dest port/ tcp source port

cos/drop/fwd

Enterasys B5 CLI Reference

A-1

Authentication Capacities

Table A-1

Policy Capacities (Continued)

Feature

Capacity
udp dest port/udp source port
1

icmp type

cos/drop/fwd
No

1. These rules cannot be masked.

2. Ether type to vlan rules require that multiauth numusers = 1 (that is, only one authenticated user is
allowed per port).

Authentication Capacities
RefertotheConfiguringUserAuthenticationFeatureGuideforanindepthdiscussionof
authenticationconfiguration.ThisFeatureGuideislocatedontheEnterasysNetworkswebsite:
https://extranet.enterasys.com/downloads/
Table A-2

Authentication Capacities

Authentication Feature

Capacity

IEEE 802.1x (dot1x) authentication

Supported

MAC-based authentication

Supported

Port Web Authentication (PWA)

Supported

RFC 3580 dynamic VLAN assignment based on

authentication response

Supported, for 802.1x, MAC-based, and PWA

authentication methods

Multi-user authentication maximum users per port

when policy maptable response is:
policy mode

both, hybrid mode

tunnel mode

User + IP phone
(Configured with a policy admin rule)
Multiauth numusers set to 2 or greater

A-2

Policy and Authentication Capacities

Supported

Index
Numerics
802.1D 9-1
802.1p 11-16, 12-1
802.1Q 10-1
802.1s 9-2
802.1w 9-1
802.1x 22-8, 22-23

A
Access Groups 22-86
Access Lists 22-83 to 22-84
Addresses
MAC, adding entries to routing
table 19-5
Advertised Ability 7-16
AES encryption protocol 8-10
Alias
node 14-39
ARP
dynamic inspection 17-16
entries, adding in routing mode 19-9
proxy, enabling 19-10
timeout 19-11
Authentication
EAPOL 22-23
MAC 22-25
Port web 22-68
RADIUS server 22-8, 22-11
SSH 22-81
Auto-negotiation 7-16

copying 3-44
deleting 3-45
displaying 3-43
executing 3-44
show running config 3-45
show running-config 19-7
Contexts (SNMP) 8-3
Copying Configuration or Image
Files 3-44
CoS
flood control 11-18
rate limiting 11-16
Cost
Spanning Tree port 9-40

D
Defaults
CLI behavior, described 1-8
factory installed 1-2
DES encryption protocol 8-10
DHCP server, configuring 16-1
DHCP snooping
basic configuration 17-3
database 17-2
overview 17-1
DHCP/BOOTP Relay 16-1
Dynamic ARP inspection
basic configuration 17-18
overview 17-16
Dynamic policy profile
assignment 22-3

I
ICMP 14-16
IGMP 13-1
enabling and disabling 13-2, 13-10
Image File
copying 3-44
downloading 3-31
Ingress Filtering 10-8, 10-11
Interface Configuration Mode 19-2
Interface(s)
configuring settings for IP 19-1
RIP passive 20-5
RIP receive 20-6
RIP send 20-8
IP
access lists 22-83 to 22-84
address, setting for a routing
interface 19-5
routes, adding in router mode 19-16
routes, managing in switch
mode 14-19
IPv6
addresses, setting 21-3
default router, setting 21-5
gateway, setting 21-5
management 21-1
Neighbor Discovery Protocol
displaying cache 21-7
IRDP 20-11

banner motd 3-25

Baud Rate 3-31
Broadcast
settings for IP routing 19-12
suppression, enabling on ports 7-35

Jumbo Frame Support 7-14

EAP pass-through 22-2, 22-18

EAPOL 22-23
encryption protocol
SNMP 8-9

CDP Discovery Protocol 6-1

CIDR 20-4
Cisco Discovery Protocol 6-7
Class of Service 11-7, 11-11,
11-16 to 11-22, 12-1
Class of Service (CoS) 11-16
Classification Policies 11-1
Clearing NVRAM 3-50
CLI
closing 3-48
scrolling screens 1-9
starting 1-6
Command History Buffer 14-14, 14-15
Command Line Interface. See also CLI
Configuration
clearing switch parameters 3-50
modes for router operation 18-2
Configuration Files

Flood control, via CoS 11-18

Flow Control 7-22
Forbidden VLAN port 10-14

G
Getting help xxxii
GVRP
enabling and disabling 10-23
purpose of 10-20
timer 10-25

H
Hardware
show system 3-15, 3-26
Help
keyword lookups 1-8
Host VLAN 10-18
hybrid authentication, about 22-52

Keyword Lookups 1-8

L
Line Editing Commands 1-10
Link Layer Discovery Protocol (LLDP)
configuring 6-13
LLDP
configuring 6-13
LLDP-MED
configuring 6-14
Lockout
set system 3-7
Logging 14-1
Login
administratively configured 1-7
default 1-7
setting accounts 3-2
via Telnet 1-6

M
MAC Addresses
displaying 14-22
MAC Authentication 22-25

Index -1

MAC Locking 22-57

maximum static entries 22-63
static 22-63
Management VLAN 10-2
maptable response 22-52
motd 3-25
Multicast Filtering 13-1, 13-2
Multiple Spanning Tree Protocol
(MSTP) 9-2

N
Name
setting for a VLAN 10-6
setting for the system 3-27
Network Management
addresses and routes 14-19
monitoring switch events and
status 14-14
Node Alias 14-39
NVRAM
clearing 3-50

P
Password
aging 3-6
history 3-6, 3-7
set new 3-5
setting the login 3-5
Ping 14-16, 19-17
Policy Management
assigning ports 11-14
classifying to a VLAN or Class of
Service 11-7, 11-11
dynamic assignment of profiles 22-3
profiles 11-2, 11-16
policy maptable response,
about 22-52
Port Mirroring 7-38
Port Priority
configuring 12-2
Port String
syntax used in the CLI 7-1
Port Trunking 7-44
Port web authentication
configuring 22-68
Port(s)
alias 7-9
assignment scheme 7-1
auto-negotiation and advertised
ability 7-16
broadcast suppression 7-35
counters, reviewing statistics 7-4
duplex mode, setting 7-11
flow control 7-22
link flap
about 7-24
configuration defaults 7-26
configuring 7-25
link traps, configuring 7-24
MAC lock 22-60
priority, configuring 12-2

Index - 2

speed, setting 7-11

status, reviewing 7-2
Power over Ethernet (PoE),
configuring 4-1
Priority to Transmit Queue
Mapping 12-4
Prompt
in router mode 18-2
set 3-24
PWA 22-68

R
RADIUS 22-6
realm 22-8
RADIUS Filter-ID 22-3
attribute formats 22-3
RADIUS server 22-8, 22-11
Rapid Spanning Tree Protocol
(RSTP) 9-1
Rate limiting, via CoS 11-16
Redistribute 20-6
remote port mirroring
configuring 7-42
Reset 3-50
RFC 3580 22-49
RIP
CIDR 20-4
configuration mode, enabling 20-2
configuration tasks 20-1
passive interface 20-5
redistribute 20-6
Router Mode(s)
enabling 18-2
Routing Interfaces
configuring 19-2
Routing Protocol Configuration
IRDP 20-11
RIP 20-1

S
Scrolling Screens 1-9
Secure Shell (SSH) 22-80
enabling 22-80
regenerating new keys 22-81
Security
methods, overview of 22-1
Serial Port
downloading upgrades via 3-31
sFlow configuration 24-1
show system utilization cpu 3-16
SNMP
access rights 8-15
accessing in router mode 8-3
enabling on the switch 8-18
encryption protocols 8-10
MIB views 8-19
notification parameters 8-29
notify filters 8-29
security models and levels 8-2
statistics 8-3
target addresses 8-26

target parameters 8-23

trap configuration example 8-36
users, groups and communities 8-8
SNTP 14-29
Spanning Tree 9-2
backup root 9-21, 9-22
bridge parameters 9-3
features 9-2
port parameters 9-34
Rapid Spanning Tree Protocol
(RSTP) 9-1
Split Horizon 20-4
SSL WebView 3-53
stacks
installing units 2-2
operation 2-1
virtual switch configuration 2-3
Syslog 14-1
System Information
displaying basic 3-13
setting basic 3-9

T
TACACS+ configuration 23-1
Technical Support xxxii
Telnet
disconnecting 14-17
enabling in switch mode 3-37
Terminal Settings 3-28
TFTP
downloading firmware upgrades
via 3-31
Timeout
ARP 19-11
CLI, system 3-30
RADIUS 22-8
Traceroute
in router mode 19-17
Trap
SNMP configuration example 8-36
Tunnel Attributes
RFC 3580 RADIUS attributes 22-49

U
User Accounts
default 1-7
setting 3-2

V
Version
RIP receive 20-8
RIP send 20-8
Version Information 3-26
virtual switch, configuring 2-3
VLANs
assigning ingress filtering 10-11
assigning port VLAN IDs 10-8
authentication 22-49, 22-51
classifying to 11-7, 11-11
creating static 10-5
dynamic egress 10-17

egress lists 10-13, 22-50

enabling GVRP 10-20
forbidden ports 10-14
host, setting 10-18
ingress filtering 10-8
naming 10-6
RADIUS 22-49
secure management, creating 10-2

W
WebView 1-2, 3-51
WebView SSL 3-53

Index -3

Index - 4

AIM OPC Server Manual
No ratings yet
AIM OPC Server Manual
154 pages
TACH DWELL Tester Instructions
75% (4)
TACH DWELL Tester Instructions
7 pages
Radware Linkproof User Guide 200-101 - LP - Level1-V9
33% (3)
Radware Linkproof User Guide 200-101 - LP - Level1-V9
169 pages
HP 6120xg Config
No ratings yet
HP 6120xg Config
4 pages
Final Year PW-1 VTU Guidelines For The Preparation of The Project Reports
No ratings yet
Final Year PW-1 VTU Guidelines For The Preparation of The Project Reports
7 pages
Wonderware Application Server Scripting Guide
No ratings yet
Wonderware Application Server Scripting Guide
148 pages
NTP Server m600
No ratings yet
NTP Server m600
14 pages
10RX HowTo Configure Syslog
100% (1)
10RX HowTo Configure Syslog
18 pages
TEST Terminal Services Deployment Guide
No ratings yet
TEST Terminal Services Deployment Guide
143 pages
Prosoft - Modbus PLX31-MBTCP-MBS
No ratings yet
Prosoft - Modbus PLX31-MBTCP-MBS
3 pages
Stratix Manual PDF
No ratings yet
Stratix Manual PDF
548 pages
Brocade Configurations
No ratings yet
Brocade Configurations
55 pages
FortiGate 40C
No ratings yet
FortiGate 40C
2 pages
Cisco Vs Extreme
No ratings yet
Cisco Vs Extreme
4 pages
02-VLAN Configuration Guide HP Comware
100% (1)
02-VLAN Configuration Guide HP Comware
8 pages
Netra 240 Server Service Manual
100% (1)
Netra 240 Server Service Manual
150 pages
Step-By-Step Guide For Configuring A Two-Node File Server Failover Cluster in Windows Server 2008
100% (2)
Step-By-Step Guide For Configuring A Two-Node File Server Failover Cluster in Windows Server 2008
20 pages
Arista Support Community Guide
No ratings yet
Arista Support Community Guide
16 pages
3com Switch 4500 Family: Getting Started Guide
100% (3)
3com Switch 4500 Family: Getting Started Guide
102 pages
Proficy Process Systems (PPS) : Application Setup and Configuration Guide
No ratings yet
Proficy Process Systems (PPS) : Application Setup and Configuration Guide
28 pages
OS6350 AOS 6.7.2 R07 CLI Reference Guide PDF
No ratings yet
OS6350 AOS 6.7.2 R07 CLI Reference Guide PDF
2,974 pages
RAISECOM Series Switch Command Reference Version 3.0
No ratings yet
RAISECOM Series Switch Command Reference Version 3.0
228 pages
Extremexos Screenplay User Guide
No ratings yet
Extremexos Screenplay User Guide
42 pages
VLAN Application On Draytek
No ratings yet
VLAN Application On Draytek
8 pages
Cyber Security For Automation Systems - v1.0 - Training Manual
No ratings yet
Cyber Security For Automation Systems - v1.0 - Training Manual
53 pages
ISCOM2600G (A) Series Command Reference (Rel - 04)
No ratings yet
ISCOM2600G (A) Series Command Reference (Rel - 04)
956 pages
Cheat Sheet To Configure Exos
No ratings yet
Cheat Sheet To Configure Exos
3 pages
NetSight 6.1 NAC Manager Comment
No ratings yet
NetSight 6.1 NAC Manager Comment
986 pages
Troubleshooting Cisco Catalyst 2960 3560 and 3750 Series Switches
100% (1)
Troubleshooting Cisco Catalyst 2960 3560 and 3750 Series Switches
135 pages
IPv 6
No ratings yet
IPv 6
197 pages
Wonderware Silo - Tips - Alarm-Db-Logger-Object-For-Wonderware-Application-Server-Demo-Guide-Ver-10-Rev-10
No ratings yet
Wonderware Silo - Tips - Alarm-Db-Logger-Object-For-Wonderware-Application-Server-Demo-Guide-Ver-10-Rev-10
20 pages
Basic EXOS
No ratings yet
Basic EXOS
5 pages
FortiGate LED Specs
No ratings yet
FortiGate LED Specs
4 pages
Connected Components Workbench - 12.00.00 (Released 3 - 2019)
No ratings yet
Connected Components Workbench - 12.00.00 (Released 3 - 2019)
9 pages
Checkpoint Firewall Administration Training Part2
No ratings yet
Checkpoint Firewall Administration Training Part2
29 pages
Intouch Tse DG 10
No ratings yet
Intouch Tse DG 10
139 pages
Upgrading Brocade Switch Firmware
No ratings yet
Upgrading Brocade Switch Firmware
4 pages
Redundancy:: o Redundancy, Failover, High Availability, Clustering, RAID and Fault-Tolerance
No ratings yet
Redundancy:: o Redundancy, Failover, High Availability, Clustering, RAID and Fault-Tolerance
19 pages
Dell Emc Networking Product Poster Data Center
No ratings yet
Dell Emc Networking Product Poster Data Center
1 page
c9j5yw2lt5ga-InTouchForSystemPlatform 2023 RevA Manual DoNotCopy
No ratings yet
c9j5yw2lt5ga-InTouchForSystemPlatform 2023 RevA Manual DoNotCopy
550 pages
Alteon Platform Backplane and Hard Disk Capacity
No ratings yet
Alteon Platform Backplane and Hard Disk Capacity
1 page
VMware VSAN 6.5 Technical Overview
No ratings yet
VMware VSAN 6.5 Technical Overview
43 pages
APV App WebUI
No ratings yet
APV App WebUI
317 pages
RC Datasheet ISCOM2600G 20160128 PDF
No ratings yet
RC Datasheet ISCOM2600G 20160128 PDF
5 pages
Manual de Integracion Smart Gateway Al Allen Bradley
No ratings yet
Manual de Integracion Smart Gateway Al Allen Bradley
44 pages
FortiOS 5.6 High - Availability
No ratings yet
FortiOS 5.6 High - Availability
303 pages
HP Procurve CLI Cheat
100% (1)
HP Procurve CLI Cheat
6 pages
Superstack Ii Switch 3000 10/100 User Guide: Agent Software Version 3.1
100% (1)
Superstack Ii Switch 3000 10/100 User Guide: Agent Software Version 3.1
150 pages
RSeries Uberdeck For Field
No ratings yet
RSeries Uberdeck For Field
132 pages
OS2x60 AOS 5.1.R1 Hardware Users Guide
No ratings yet
OS2x60 AOS 5.1.R1 Hardware Users Guide
80 pages
Avaya Ethernet Routing Switching Implementation
No ratings yet
Avaya Ethernet Routing Switching Implementation
76 pages
TS Gateway 2008 & RSA
50% (2)
TS Gateway 2008 & RSA
16 pages
Veeam 110 Instance
No ratings yet
Veeam 110 Instance
3 pages
Cisco UCS B200 M6 Blade Serve
No ratings yet
Cisco UCS B200 M6 Blade Serve
8 pages
Installing SQL Server 2012 Step by Step
From Everand
Installing SQL Server 2012 Step by Step
Stephen Thomas
No ratings yet
MCSA: Windows 10 Complete Study Guide: Exam 70-698 and Exam 70-697
From Everand
MCSA: Windows 10 Complete Study Guide: Exam 70-698 and Exam 70-697
William Panek
No ratings yet
Windows Server 2008 For Dummies
From Everand
Windows Server 2008 For Dummies
Ed Tittel
No ratings yet
DeviceNet The Ultimate Step-By-Step Guide
From Everand
DeviceNet The Ultimate Step-By-Step Guide
Gerardus Blokdyk
No ratings yet
MCSA Windows 10 Study Guide: Exam 70-698
From Everand
MCSA Windows 10 Study Guide: Exam 70-698
William Panek
No ratings yet
Configuring IPCop Firewalls: Closing Borders with Open Source
From Everand
Configuring IPCop Firewalls: Closing Borders with Open Source
Barrie Dempster
No ratings yet
Cacti 0.8 Beginner's Guide
From Everand
Cacti 0.8 Beginner's Guide
Thomas Urban
No ratings yet
vSphere 5 AutoLab 1.1a Deployment Guide
From Everand
vSphere 5 AutoLab 1.1a Deployment Guide
Alastair Cooke
No ratings yet
Chapter 15
No ratings yet
Chapter 15
14 pages
AUDIO VISUAL AIDS MSC
No ratings yet
AUDIO VISUAL AIDS MSC
7 pages
5 Fun Facts About Fakesgiving
No ratings yet
5 Fun Facts About Fakesgiving
10 pages
Financial Accounting 1 by Harold
No ratings yet
Financial Accounting 1 by Harold
421 pages
TOIEC Grammar - Relative Clauses
100% (1)
TOIEC Grammar - Relative Clauses
6 pages
Akuisisi CNKO Dan Backdoor Listing Strategi
No ratings yet
Akuisisi CNKO Dan Backdoor Listing Strategi
20 pages
M508 Datasheet R01.b
No ratings yet
M508 Datasheet R01.b
3 pages
Calculator & Computer: Means of Performing Action by Using
No ratings yet
Calculator & Computer: Means of Performing Action by Using
13 pages
Job Hazard Analysis - Crane Lift Operation - r01
No ratings yet
Job Hazard Analysis - Crane Lift Operation - r01
6 pages
Business Benchmark2 Upper Intermediate Students Book Bulats Frontmatter PDF
100% (2)
Business Benchmark2 Upper Intermediate Students Book Bulats Frontmatter PDF
7 pages
Add A Table For Model Views To A JT Plus PDF Template
No ratings yet
Add A Table For Model Views To A JT Plus PDF Template
29 pages
Hose Binding Data Sheet3
No ratings yet
Hose Binding Data Sheet3
2 pages
Become A Web Scraping Pro: With These 5 Tips
No ratings yet
Become A Web Scraping Pro: With These 5 Tips
6 pages
Jedidah N Wairiuko
No ratings yet
Jedidah N Wairiuko
35 pages
Complaint On Senior Kansas Judge Richard Smith - Kansas Commission On Judicial Qualifications May 2nd 2019 - Matthew Schwob
No ratings yet
Complaint On Senior Kansas Judge Richard Smith - Kansas Commission On Judicial Qualifications May 2nd 2019 - Matthew Schwob
57 pages
Save These Instructions
No ratings yet
Save These Instructions
1 page
Cbe ReceiptFT25017F26WS
No ratings yet
Cbe ReceiptFT25017F26WS
1 page
Q18021 0100D PK2 PD RPT PM 01 - REV0 - Infrastructure Design Development Report
0% (1)
Q18021 0100D PK2 PD RPT PM 01 - REV0 - Infrastructure Design Development Report
266 pages
Best Solar Mounting Structure Manufacturers
No ratings yet
Best Solar Mounting Structure Manufacturers
6 pages
SAP - Evolution of SAP: SAP at A Glance
No ratings yet
SAP - Evolution of SAP: SAP at A Glance
57 pages
NAMUR Proximity Switches: Connection Diagrams
No ratings yet
NAMUR Proximity Switches: Connection Diagrams
1 page
Unsteady Poiseuille Flow of An Incompressible Elastico-Viscous Fluid in A Tube of Spherical Cross Section On A Porous Boundary
No ratings yet
Unsteady Poiseuille Flow of An Incompressible Elastico-Viscous Fluid in A Tube of Spherical Cross Section On A Porous Boundary
7 pages
Accounting For Special Transactions - (Problems)
No ratings yet
Accounting For Special Transactions - (Problems)
44 pages
Incident Investigation - Tripod by Syed Naman Shah (Pakistan Refinery Limited)
100% (2)
Incident Investigation - Tripod by Syed Naman Shah (Pakistan Refinery Limited)
11 pages
BGP, Ospf, Ras, Rommon, Password Recovery
No ratings yet
BGP, Ospf, Ras, Rommon, Password Recovery
3 pages
[FREE PDF sample] The Nature of Endangerment in India: Tigers, 'Tribes', Extermination & Conservation, 1818-2020 Ezra Rashkow ebooks
100% (1)
[FREE PDF sample] The Nature of Endangerment in India: Tigers, 'Tribes', Extermination & Conservation, 1818-2020 Ezra Rashkow ebooks
57 pages
TAXREV SANTOSsyllabus
No ratings yet
TAXREV SANTOSsyllabus
7 pages
Soil Mechanics - Assignment 3
100% (3)
Soil Mechanics - Assignment 3
5 pages