OPERATION MANUAL

INSTALLATION AND
PowerFlow-2-10G
Industrial 10G Core Switch
Demarcation/Aggregation Device
Version 1.0
PowerFlow-2-10G
Industrial 10G Core Switch
Version 1.0
Installation and Operation Manual

Notice
This manual contains information that is proprietary to RAD Data Communications Ltd. ("RAD").
No part of this publication may be reproduced in any form whatsoever without prior written
approval by RAD Data Communications.
Right, title and interest, all information, copyrights, patents, know-how, trade secrets and other
intellectual property or other proprietary rights relating to this manual and to the PowerFlow-2-
10G and any software components contained therein are proprietary products of RAD protected
under international copyright law and shall be and remain solely with RAD.
The PowerFlow-2-10G product name is owned by RAD. The PowerFlow-2-10G product name is
owned by RAD. No right, license, or interest to such trademark is granted hereunder, and you
agree that no such right, license, or interest shall be asserted by you with respect to such
trademark. RAD products/technologies are protected by registered patents. To review specifically
which product is covered by which patent, please see ipr.rad.com. The RAD name, logo,
logotype, and the product names MiNID, Optimux, Airmux, IPmux, and MiCLK are registered
trademarks of RAD Data Communications Ltd. All other trademarks are the property of their
respective holders.
You shall not copy, reverse compile or reverse assemble all or any portion of the Manual or the
PowerFlow-2-10G. You are prohibited from, and shall not, directly or indirectly, develop, market,
distribute, license, or sell any product that supports substantially similar functionality as the
PowerFlow-2-10G, based on or derived in any way from the PowerFlow-2-10G. Your undertaking
in this paragraph shall survive the termination of this Agreement.
This Agreement is effective upon your opening of the PowerFlow-2-10G package and shall
continue until terminated. RAD may terminate this Agreement upon the breach by you of any
term hereof. Upon such termination by RAD, you agree to return to RAD the PowerFlow-2-10G
and all copies and portions thereof.
For further information contact RAD at the address below or contact your local distributor.

International Headquarters North American Headquarters

RAD Data Communications Ltd. RAD Data Communications Inc.

24 Raoul Wallenberg Street 900 Corporate Drive

Tel Aviv 69719, Israel Mahwah, NJ 07430, USA
Tel: 972-3-6458181 Tel: (201) 5291100, Toll free: 1-800-4447234
Fax: 972-3-6498250, 6474436 Fax: (201) 5295777
E-mail: [email protected] E-mail: [email protected]

© 1988–2018 RAD Data Communications Ltd. Publication No. 738-200-12/18

Front Matter Installation and Operation Manual

Limited Warranty
RAD warrants to DISTRIBUTOR that the hardware in the PowerFlow-2-10G to be delivered
hereunder shall be free of defects in material and workmanship under normal use and service for
a period of twelve (12) months following the date of shipment to DISTRIBUTOR.
If, during the warranty period, any component part of the equipment becomes defective by
reason of material or workmanship, and DISTRIBUTOR immediately notifies RAD of such defect,
RAD shall have the option to choose the appropriate corrective action: a) supply a replacement
part, or b) request return of equipment to its plant for repair, or c) perform necessary repair at
the equipment's location. In the event that RAD requests the return of equipment, each party
shall pay one-way shipping costs.
RAD shall be released from all obligations under its warranty in the event that the equipment has
been subjected to misuse, neglect, accident or improper installation, or if repairs or
modifications were made by persons other than RAD's own authorized service personnel, unless
such repairs by others were made with the written consent of RAD.
The above warranty is in lieu of all other warranties, expressed or implied. There are no
warranties which extend beyond the face hereof, including, but not limited to, warranties of
merchantability and fitness for a particular purpose, and in no event shall RAD be liable for
consequential damages.
RAD shall not be liable to any person for any special or indirect damages, including, but not
limited to, lost profits from any cause whatsoever arising from or in any way connected with the
manufacture, sale, handling, repair, maintenance or use of the PowerFlow-2-10G, and in no
event shall RAD's liability exceed the purchase price of the PowerFlow-2-10G.
DISTRIBUTOR shall be responsible to its customers for any and all warranties which it makes
relating to PowerFlow-2-10G and for ensuring that replacements and other adjustments required
in connection with the said warranties are satisfactory.
Software components in the PowerFlow-2-10G are provided "as is" and without warranty of any
kind. RAD disclaims all warranties including the implied warranties of merchantability and fitness
for a particular purpose. RAD shall not be liable for any loss of use, interruption of business or
indirect, special, incidental or consequential damages of any kind. In spite of the above RAD
shall do its best to provide error-free software products and shall offer free Software updates
during the warranty period under this Agreement.
RAD's cumulative liability to you or any other party for any loss or damages resulting from any
claims, demands, or actions arising out of or relating to this Agreement and the PowerFlow-2-
10G shall not exceed the sum paid to RAD for the purchase of the PowerFlow-2-10G. In no event
shall RAD be liable for any indirect, incidental, consequential, special, or exemplary damages or
lost profits, even if RAD has been advised of the possibility of such damages.
This Agreement shall be construed and governed in accordance with the laws of the State of
Israel.

Product Disposal
To facilitate the reuse, recycling and other forms of recovery of waste
equipment in protecting the environment, the owner of this RAD product is
required to refrain from disposing of this product as unsorted municipal waste at
the end of its life cycle. Upon termination of the unit’s use, customers should
provide for its collection for reuse, recycling or other form of environmentally
conscientious disposal.

ii PowerFlow-2-10G
Installation and Operation Manual Front Matter

General Safety Instructions

The following instructions serve as a general guide for the safe installation and operation of
telecommunications products. Additional instructions, if applicable, are included inside the
manual.

Safety Symbols
This symbol may appear on the equipment or in the text. It indicates
potential safety hazards regarding product operation or maintenance to
operator or service personnel.
Warning

Danger of electric shock! Avoid any contact with the marked surface while
the product is energized or connected to outdoor telecommunication lines.

Protective ground: the marked lug or terminal should be connected to the

building protective ground bus.

Some products may be equipped with a laser diode. In such cases, a label
with the laser class and other warnings as applicable will be attached near
the optical transmitter. The laser warning symbol may be also attached.
Warning Please observe the following precautions:
• Before turning on the equipment, make sure that the fiber optic cable is
intact and is connected to the transmitter.
• Do not attempt to adjust the laser drive current.
• Do not use broken or unterminated fiber-optic cables/connectors or look
straight at the laser beam.
• The use of optical devices with the equipment will increase eye hazard.
• Use of controls, adjustments or performing procedures other than those
specified herein, may result in hazardous radiation exposure.
ATTENTION: The laser beam may be invisible!

In some cases, the users may insert their own SFP laser transceivers into the product. Users are
alerted that RAD cannot be held responsible for any damage that may result if non-compliant
transceivers are used. In particular, users are warned to use only agency approved products that
comply with the local laser safety regulations for Class 1 laser products.
Always observe standard safety precautions during installation, operation and maintenance of
this product. Only qualified and authorized service personnel should carry out adjustment,
maintenance or repairs to this product. No installation, adjustment, maintenance or repairs
should be performed by either the operator or the user.

PowerFlow-2-10G iii
Front Matter Installation and Operation Manual

Handling Energized Products

General Safety Practices

Do not touch or tamper with the power supply when the power cord is connected. Line voltages
may be present inside certain products even when the power switch (if installed) is in the OFF
position or a fuse is blown. For DC-powered products, although the voltages levels are usually
not hazardous, energy hazards may still exist.
Before working on equipment connected to power lines or telecommunication lines, remove
jewelry or any other metallic object that may come into contact with energized parts.
Unless otherwise specified, all products are intended to be grounded during normal use.
Grounding is provided by connecting the mains plug to a wall socket with a protective ground
terminal. If a ground lug is provided on the product, it should be connected to the protective
ground at all times, by a wire with a diameter of 18 AWG or wider. Rack-mounted equipment
should be mounted only in grounded racks and cabinets.
Always make the ground connection first and disconnect it last. Do not connect
telecommunication cables to ungrounded equipment. Make sure that all other cables are
disconnected before disconnecting the ground.
Some products may have panels secured by thumbscrews with a slotted head. These panels may
cover hazardous circuits or parts, such as power supplies. These thumbscrews should therefore
always be tightened securely with a screwdriver after both initial installation and subsequent
access to the panels.

Connecting AC Mains
Make sure that the electrical installation complies with local codes.
Always connect the AC plug to a wall socket with a protective ground.
The maximum permissible current capability of the branch distribution circuit that supplies power
to the product is 16A (20A for USA and Canada). The circuit breaker in the building installation
should have high breaking capacity and must operate at short-circuit current exceeding 35A (40A
for USA and Canada).
Always connect the power cord first to the equipment and then to the wall socket. If a power
switch is provided in the equipment, set it to the OFF position. If the power cord cannot be
readily disconnected in case of emergency, make sure that a readily accessible circuit breaker or
emergency switch is installed in the building installation.
In cases when the power distribution system is IT type, the switch must disconnect both poles
simultaneously.

Connecting DC Power
Unless otherwise specified in the manual, the DC input to the equipment is floating in reference
to the ground. Any single pole can be externally grounded.
Due to the high current capability of DC power systems, care should be taken when connecting
the DC supply to avoid short-circuits and fire hazards.
Make sure that the DC power supply is electrically isolated from any AC source and that the
installation complies with the local codes.

iv PowerFlow-2-10G
Installation and Operation Manual Front Matter

The maximum permissible current capability of the branch distribution circuit that supplies power
to the product is 16A (20A for USA and Canada). The circuit breaker in the building installation
should have high breaking capacity and must operate at short-circuit current exceeding 35A (40A
for USA and Canada).
Before connecting the DC supply wires, ensure that power is removed from the DC circuit. Locate
the circuit breaker of the panel board that services the equipment and switch it to the OFF
position. When connecting the DC supply wires, first connect the ground wire to the
corresponding terminal, then the positive pole and last the negative pole. Switch the circuit
breaker back to the ON position.
A readily accessible disconnect device that is suitably rated and approved should be incorporated
in the building installation.
If the DC power supply is floating, the switch must disconnect both poles simultaneously.

Connecting Data and Telecommunications Cables

Data and telecommunication interfaces are classified according to their safety status.
The following table lists the status of several standard interfaces. If the status of a given port
differs from the standard one, a notice will be given in the manual.

Ports Safety Status

V.11, V.28, V.35, V.36, RS-530, X.21, SELV Safety Extra Low Voltage:
10BaseT, 100BaseT, 1000BaseT, Ports which do not present a safety hazard. Usually
Unbalanced E1, E2, E3, STM, DS-2, up to 30 VAC or 60 VDC.
DS-3, S-Interface ISDN, Analog voice
E&M
xDSL (without feeding voltage), TNV-1 Telecommunication Network Voltage-1:
Balanced E1, T1, Sub E1/T1, POE Ports whose normal operating voltage is within the
limits of SELV, on which overvoltages from
telecommunications networks are possible.
FXS (Foreign Exchange Subscriber) TNV-2 Telecommunication Network Voltage-2:
Ports whose normal operating voltage exceeds the
limits of SELV (usually up to 120 VDC or telephone
ringing voltages), on which overvoltages from
telecommunication networks are not possible. These
ports are not permitted to be directly connected to
external telephone and data lines.
FXO (Foreign Exchange Office), xDSL TNV-3 Telecommunication Network Voltage-3:
(with feeding voltage), U-Interface Ports whose normal operating voltage exceeds the
ISDN limits of SELV (usually up to 120 VDC or telephone
ringing voltages), on which overvoltages from
telecommunication networks are possible.

Always connect a given port to a port of the same safety status. If in doubt, seek the assistance
of a qualified safety engineer.
Always make sure that the equipment is grounded before connecting telecommunication cables.
Do not disconnect the ground connection before disconnecting all telecommunications cables.
Some SELV and non-SELV circuits use the same connectors. Use caution when connecting cables.
Extra caution should be exercised during thunderstorms.

PowerFlow-2-10G v
Front Matter Installation and Operation Manual

When using shielded or coaxial cables, verify that there is a good ground connection at both
ends. The grounding and bonding of the ground connections should comply with the local codes.
The telecommunication wiring in the building may be damaged or present a fire hazard in case of
contact between exposed external wires and the AC power lines. In order to reduce the risk,
there are restrictions on the diameter of wires in the telecom cables, between the equipment
and the mating connectors.

Caution To reduce the risk of fire, use only No. 26 AWG or larger telecommunication
line cords.

Attention Pour réduire les risques s’incendie, utiliser seulement des conducteurs de
télécommunications 26 AWG ou de section supérieure.

Some ports are suitable for connection to intra-building or non-exposed wiring or cabling only. In
such cases, a notice will be given in the installation instructions.
Do not attempt to tamper with any carrier-provided equipment or connection hardware.

Electromagnetic Compatibility (EMC)

The equipment is designed and approved to comply with the electromagnetic regulations of
major regulatory bodies. The following instructions may enhance the performance of the
equipment and will provide better protection against excessive emission and better immunity
against disturbances.
A good ground connection is essential. When installing the equipment in a rack, make sure to
remove all traces of paint from the mounting points. Use suitable lock-washers and torque. If an
external grounding lug is provided, connect it to the ground bus using braided wire as short as
possible.
The equipment is designed to comply with EMC requirements when connecting it with unshielded
twisted pair (UTP) cables with the exception of 1000BaseT ports that must always use shielded
twisted pair cables of good quality (CAT 5E or higher). However, the use of shielded wires is
always recommended, especially for high-rate data. In some cases, when unshielded wires are
used, ferrite cores should be installed on certain cables. In such cases, special instructions are
provided in the manual.
Disconnect all wires which are not in permanent use, such as cables used for one-time
configuration.
The compliance of the equipment with the regulations for conducted emission on the data lines
is dependent on the cable quality. The emission is tested for UTP with 80 dB longitudinal
conversion loss (LCL).
Unless otherwise specified or described in the manual, TNV-1 and TNV-3 ports provide secondary
protection against surges on the data lines. Primary protectors should be provided in the building
installation.
The equipment is designed to provide adequate protection against electro-static discharge (ESD).
However, it is good working practice to use caution when connecting cables terminated with
plastic connectors (without a grounded metal hood, such as flat cables) to sensitive data lines.
Before connecting such cables, discharge yourself by touching ground or wear an ESD preventive
wrist strap.

vi PowerFlow-2-10G
Installation and Operation Manual Front Matter

FCC-15 User Information

This equipment has been tested and found to comply with the limits of the Class A digital device,
pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection
against harmful interference when the equipment is operated in a commercial environment. This
equipment generates, uses and can radiate radio frequency energy and, if not installed and used
in accordance with the Installation and Operation manual, may cause harmful interference to the
radio communications. Operation of this equipment in a residential area is likely to cause harmful
interference in which case the user will be required to correct the interference at his own
expense.

Canadian Emission Requirements

This Class A digital apparatus meets all the requirements of the Canadian Interference-Causing
Equipment Regulation.
Cet appareil numérique de la classe A respecte toutes les exigences du Règlement sur le matériel
brouilleur du Canada.

Warning per EN 55022 (CISPR-22)

Warning This is a class A product. In a domestic environment, this product may cause
radio interference, in which case the user will be required to take adequate
measures.

Avertissement Cet appareil est un appareil de Classe A. Dans un environnement résidentiel,

cet appareil peut provoquer des brouillages radioélectriques. Dans ces cas, il
peut être demandé à l’utilisateur de prendre les mesures appropriées.

Achtung Das vorliegende Gerät fällt unter die Funkstörgrenzwertklasse A. In

Wohngebieten können beim Betrieb dieses Gerätes Rundfunkströrungen
auftreten, für deren Behebung der Benutzer verantwortlich ist.

PowerFlow-2-10G vii
 Front Matter Installation and Operation Manual

Mise au rebut du produit

Français

Afin de faciliter la réutilisation, le recyclage ainsi que d'autres formes de

récupération d'équipement mis au rebut dans le cadre de la protection de
l'environnement, il est demandé au propriétaire de ce produit RAD de ne pas
mettre ce dernier au rebut en tant que déchet municipal non trié, une fois que le
produit est arrivé en fin de cycle de vie. Le client devrait proposer des solutions
de réutilisation, de recyclage ou toute autre forme de mise au rebut de cette
unité dans un esprit de protection de l'environnement, lorsqu'il aura fini de
l'utiliser.

Instructions générales de sécurité

Les instructions suivantes servent de guide général d'installation et d'opération sécurisées des
produits de télécommunications. Des instructions supplémentaires sont éventuellement
indiquées dans le manuel.

Symboles de sécurité
Ce symbole peut apparaitre sur l'équipement ou dans le texte. Il indique des
risques potentiels de sécurité pour l'opérateur ou le personnel de service,
quant à l'opération du produit ou à sa maintenance.
Avertissement

Danger de choc électrique ! Evitez tout contact avec la surface marquée

tant que le produit est sous tension ou connecté à des lignes externes de
télécommunications.

Mise à la terre de protection : la cosse ou la borne marquée devrait être

connectée à la prise de terre de protection du bâtiment.

viii PowerFlow-2-10G
Installation and Operation Manual Front Matter

Certains produits peuvent être équipés d'une diode laser. Dans de tels cas,

Français
une étiquette indiquant la classe laser ainsi que d'autres avertissements, le
cas échéant, sera jointe près du transmetteur optique. Le symbole
d'avertissement laser peut aussi être joint.
Avertissement
Veuillez observer les précautions suivantes :
• Avant la mise en marche de l'équipement, assurez-vous que le câble de
fibre optique est intact et qu'il est connecté au transmetteur.
• Ne tentez pas d'ajuster le courant de la commande laser.
• N'utilisez pas des câbles ou connecteurs de fibre optique cassés ou sans
terminaison et n'observez pas directement un rayon laser.
• L'usage de périphériques optiques avec l'équipement augmentera le
risque pour les yeux.
• L'usage de contrôles, ajustages ou procédures autres que celles
spécifiées ici pourrait résulter en une dangereuse exposition aux
radiations.
ATTENTION : Le rayon laser peut être invisible !

Les utilisateurs pourront, dans certains cas, insérer leurs propres émetteurs-récepteurs Laser SFP
dans le produit. Les utilisateurs sont avertis que RAD ne pourra pas être tenue responsable de
tout dommage pouvant résulter de l'utilisation d'émetteurs-récepteurs non conformes. Plus
particulièrement, les utilisateurs sont avertis de n'utiliser que des produits approuvés par
l'agence et conformes à la réglementation locale de sécurité laser pour les produits laser de
classe 1.
Respectez toujours les précautions standards de sécurité durant l'installation, l'opération et la
maintenance de ce produit. Seul le personnel de service qualifié et autorisé devrait effectuer
l'ajustage, la maintenance ou les réparations de ce produit. Aucune opération d'installation,
d'ajustage, de maintenance ou de réparation ne devrait être effectuée par l'opérateur ou
l'utilisateur.

Manipuler des produits sous tension

Règles générales de sécurité

Ne pas toucher ou altérer l'alimentation en courant lorsque le câble d'alimentation est branché.
Des tensions de lignes peuvent être présentes dans certains produits, même lorsque le
commutateur (s'il est installé) est en position OFF ou si le fusible est rompu. Pour les produits
alimentés par CC, les niveaux de tension ne sont généralement pas dangereux mais des risques
de courant peuvent toujours exister.
Avant de travailler sur un équipement connecté aux lignes de tension ou de télécommunications,
retirez vos bijoux ou tout autre objet métallique pouvant venir en contact avec les pièces sous
tension.
Sauf s'il en est autrement indiqué, tous les produits sont destinés à être mis à la terre durant
l'usage normal. La mise à la terre est fournie par la connexion de la fiche principale à une prise
murale équipée d'une borne protectrice de mise à la terre. Si une cosse de mise à la terre est
fournie avec le produit, elle devrait être connectée à tout moment à une mise à la terre de
protection par un conducteur de diamètre 18 AWG ou plus. L'équipement monté en châssis ne
devrait être monté que sur des châssis et dans des armoires mises à la terre.
Branchez toujours la mise à la terre en premier et débranchez-la en dernier. Ne branchez pas des
câbles de télécommunications à un équipement qui n'est pas mis à la terre. Assurez-vous que
tous les autres câbles sont débranchés avant de déconnecter la mise à la terre.

PowerFlow-2-10G ix
 Front Matter Installation and Operation Manual

Connexion au courant du secteur

Français

Assurez-vous que l'installation électrique est conforme à la réglementation locale.

Branchez toujours la fiche de secteur à une prise murale équipée d'une borne protectrice de mise
à la terre.
La capacité maximale permissible en courant du circuit de distribution de la connexion alimentant
le produit est de 16A (20A aux Etats-Unis et Canada). Le coupe-circuit dans l'installation du
bâtiment devrait avoir une capacité élevée de rupture et devrait fonctionner sur courant de
court-circuit dépassant 35A (40A aux Etats-Unis et Canada).
Branchez toujours le câble d'alimentation en premier à l'équipement puis à la prise murale. Si un
commutateur est fourni avec l'équipement, fixez-le en position OFF. Si le câble d'alimentation ne
peut pas être facilement débranché en cas d'urgence, assurez-vous qu'un coupe-circuit ou un
disjoncteur d'urgence facilement accessible est installé dans l'installation du bâtiment.
Le disjoncteur devrait déconnecter simultanément les deux pôles si le système de distribution de
courant est de type IT.

Connexion d'alimentation CC
Sauf s'il en est autrement spécifié dans le manuel, l'entrée CC de l'équipement est flottante par
rapport à la mise à la terre. Tout pôle doit être mis à la terre en externe.
A cause de la capacité de courant des systèmes à alimentation CC, des précautions devraient
être prises lors de la connexion de l'alimentation CC pour éviter des courts-circuits et des risques
d'incendie.
Assurez-vous que l'alimentation CC est isolée de toute source de courant CA (secteur) et que
l'installation est conforme à la réglementation locale.
La capacité maximale permissible en courant du circuit de distribution de la connexion alimentant
le produit est de 16A (20A aux Etats-Unis et Canada). Le coupe-circuit dans l'installation du
bâtiment devrait avoir une capacité élevée de rupture et devrait fonctionner sur courant de
court-circuit dépassant 35A (40A aux Etats-Unis et Canada).
Avant la connexion des câbles d'alimentation en courant CC, assurez-vous que le circuit CC n'est
pas sous tension. Localisez le coupe-circuit dans le tableau desservant l'équipement et fixez-le
en position OFF. Lors de la connexion de câbles d'alimentation CC, connectez d'abord le
conducteur de mise à la terre à la borne correspondante, puis le pôle positif et en dernier, le
pôle négatif. Remettez le coupe-circuit en position ON.
Un disjoncteur facilement accessible, adapté et approuvé devrait être intégré à l'installation du
bâtiment.
Le disjoncteur devrait déconnecter simultanément les deux pôles si l'alimentation en courant CC
est flottante.

x PowerFlow-2-10G
 Contents
Chapter 1. Introduction
1.1 Overview .............................................................................................................................. 1-1
1.2 Product Description .............................................................................................................. 1-1
PowerFlow-2-10G .............................................................................................................. 1-2
1.3 PowerFlow-2 Features ......................................................................................................... 1-2
1.4 Product Specifications .......................................................................................................... 1-3

Chapter 2. Panels & Installation

2.1 Views of Panels .................................................................................................................... 2-1
2.2 Connections ......................................................................................................................... 2-2
100/1000M SFP ................................................................................................................. 2-2
Combo Port Connections ................................................................................................... 2-2
2.2.3 10GbE SFP+ Connection ............................................................................................ 2-2
2.2.4 MGMT Port ................................................................................................................ 2-3
2.2.5 Console Port ............................................................................................................. 2-3
RJ-45 Pin Assignment .................................................................................................... 2-3
2.2.5.2 Accessory Cable ................................................................................................ 2-3
2.3 Electrical Installation ............................................................................................................ 2-4
2.4 Alarm Relay .......................................................................................................................... 2-5
2.5 2.5 Rack Mounting ............................................................................................................... 2-5
2.6 Earth Ground Connection ..................................................................................................... 2-6
2.7 LED Indicators ...................................................................................................................... 2-7

Chapter 3. Introduction to CLI

3.1 General Introduction ............................................................................................................ 3-1
3.2 CONSOLE Operation ............................................................................................................. 3-1
3.3 CLI Modes ............................................................................................................................ 3-2
3.4 Quick Keys ........................................................................................................................... 3-3
3.5 Command Syntax ................................................................................................................. 3-3
3.6 Basic Configurations ................................................................................................................ 4
3.6.1 Configuring IPv4 Address ............................................................................................. 4
3.6.2 Enter Config Interface Mode ........................................................................................ 4
3.6.3 Save Configurations ..................................................................................................... 5
3.6.4 Restart the Device ....................................................................................................... 5
3.6.5 Load Factory Defaults .................................................................................................. 6
3.6.6 Show System and Software Information ...................................................................... 6
3.6.7 Show Running Configurations ...................................................................................... 7
3.6.8 Show History Commands ............................................................................................. 8
3.6.9 Help ............................................................................................................................. 8
3.6.10 Logout ....................................................................................................................... 9
3.7 Commands in User Mode ......................................................................................................... 9
3.7.1 > clear ip arp ............................................................................................................. 10
3.7.2 > clear lldp statistics .................................................................................................. 10
3.7.3 > clear statistics ........................................................................................................ 10
3.7.4 > enable .................................................................................................................... 10
3.7.5 > exit ......................................................................................................................... 11
3.7.6 > help ........................................................................................................................ 11
3.7.7 > logout ..................................................................................................................... 11

PowerFlow-2-10G i
Table of Contents Installation and Operation Manual

3.7.8 > ping ip .................................................................................................................... 11

3.7.9 > ping ipv6................................................................................................................. 12
3.7.10 show commands ...................................................................................................... 12
3.8 Commands in EXEC Mode ...................................................................................................... 13
3.8.1 # clear access management statistics ........................................................................ 13
3.8.2 # clear access-list ace statistics ................................................................................. 13
3.8.3 # clear dot1x statistics ............................................................................................... 13
3.8.4 # clear erps ................................................................................................................ 13
3.8.5 # clear ip arp ............................................................................................................. 14
3.8.6 # clear ip dhcp detailed statistics ............................................................................... 14
3.8.7 # clear ip dhcp server binding <ip> ............................................................................ 14
3.8.8 # clear ip dhcp server binding { automatic | manual | expired } ................................... 15
3.8.9 # clear ip dhcp server statistics .................................................................................. 15
3.8.10 # clear ip dhcp relay statistics .................................................................................. 15
3.8.11 # clear ip dhcp snooping statistics ........................................................................... 15
3.8.12 # clear ip igmp snooping .......................................................................................... 16
3.8.13 # clear ip statistics ................................................................................................... 16
3.8.14 # clear ipv6 mld snooping ........................................................................................ 16
3.8.15 # clear ipv6 neighbors.............................................................................................. 16
3.8.16 # clear ipv6 statistics ............................................................................................... 16
3.8.17 # clear lacp statistics ............................................................................................... 17
3.8.18 # clear lldp statistics ................................................................................................ 17
3.8.19 # clear logging ......................................................................................................... 17
3.8.20 # clear mac address-table ........................................................................................ 17
3.8.21 # clear mep .............................................................................................................. 18
3.8.22 # clear mvr ............................................................................................................... 18
3.8.23 # clear spanning-tree ............................................................................................... 18
3.8.24 # clear statistics ...................................................................................................... 18
3.8.25 # config terminal ..................................................................................................... 18
3.8.26 # copy ..................................................................................................................... 19
3.8.27 # delete ................................................................................................................... 20
3.8.28 # dir ......................................................................................................................... 21
3.8.29 # disable & # enable ................................................................................................ 21
3.8.30 # dot1x .................................................................................................................... 22
3.8.31 # erps ...................................................................................................................... 22
3.8.32 # firmware swap ...................................................................................................... 23
3.8.33 # firmware upgrade ................................................................................................. 23
3.8.34 # ip dhcp retry interface vlan ................................................................................... 23
3.8.35 # more ..................................................................................................................... 23
3.8.36 # ping ip .................................................................................................................. 24
3.8.37 # ping ipv6 ............................................................................................................... 24
3.8.38 # reload warm ......................................................................................................... 24
3.8.39 # reload defaults ..................................................................................................... 25
3.8.40 # send ..................................................................................................................... 26
3.8.41 # terminal editing .................................................................................................... 26
3.8.42 # terminal exec-timeout........................................................................................... 26
3.8.43 # terminal history size ............................................................................................. 27
3.8.44 # terminal length ..................................................................................................... 27
3.8.45 # terminal width ...................................................................................................... 28
3.8.46 # no port-security shutdown ................................................................................... 28
3.8.47 show commands ...................................................................................................... 29
3.9 Commands in Config Mode .................................................................................................... 29
3.9.1 (config)# aaa authentication login ............................................................................. 29
3.9.2 (config)# access management ................................................................................... 31

ii PowerFlow-2-10G
Installation and Operation Manual Table of Contents

3.9.3 (config)# access-list................................................................................................... 32

3.9.3.1 (config)# access-list ace .................................................................................... 32
3.9.3.2 (config)# access-list ace update......................................................................... 33
3.9.3.3 (config)# access-list rate-limiter ........................................................................ 34
3.9.3.4 (config-if)# access-list action ............................................................................. 35
3.9.3.5 (config-if)# access-list logging ........................................................................... 35
3.9.3.6 (config-if)# access-list policy ............................................................................. 35
3.9.3.7 (config-if)# access-list port-state....................................................................... 36
3.9.3.8 (config-if)# access-list rate-limiter ..................................................................... 36
3.9.3.9 (config-if)# access-list shutdown ....................................................................... 36
3.9.3.10 (config-if)# access-list {redirect| port-copy } .................................................... 37
3.9.4 (config)# aggregation ................................................................................................ 37
3.9.4.1 (config)# aggregation mode............................................................................... 37
3.9.4.2 (config-if)# aggregation group ........................................................................... 38
3.9.5 (config)# banner ........................................................................................................ 38
3.9.5.1 (config)# banner [ motd ] <banner> .................................................................. 38
3.9.5.2 (config)# banner exec <banner> ........................................................................ 39
3.9.5.3 (config)# banner login <banner>........................................................................ 39
3.9.6 (config)# clock ........................................................................................................... 39
3.9.6.1 (config)# clock summer-time <word16> date .................................................... 39
3.9.6.2 (config)# clock summer-time <word16> recurring .............................................. 40
3.9.6.3 (config)# clock timezone .................................................................................... 41
3.9.7 (config)# default access-list rate-limiter .................................................................... 42
3.9.8 (config)# dot1x .......................................................................................................... 42
3.9.8.1 (config)# dot1x system-auth-control ................................................................. 42
3.9.8.2 (config)# dot1x re-authentication ...................................................................... 43
3.9.8.3 (config)# dot1x authentication timer re-authenticate ........................................ 44
3.9.8.4 (config)# dot1x timeout tx-period ...................................................................... 44
3.9.8.5 (config)#dot1x authentication timer inactivity ................................................... 45
3.9.8.6 (config)# dot1x timeout quiet-period................................................................. 45
3.9.8.7 (config)# dot1x feature...................................................................................... 46
3.9.8.8 (config)# dot1x guest-vlan ................................................................................. 47
3.9.8.9 (config)# dot1x guest-vlan supplicant ................................................................ 47
3.9.8.10 (config)# dot1x max-requth-req....................................................................... 47
3.9.8.11 (config-if)# dot1x port-control ......................................................................... 48
3.9.8.12 (config-if)# dot1x guest-vlan ........................................................................... 49
3.9.8.13 (config-if)# dot1x radius-qos ........................................................................... 50
3.9.8.14 (config-if)# dot1x radius-vlan........................................................................... 50
3.9.8.15 (config-if)# dot1x re-authenticate ................................................................... 51
3.9.9 (config-if)# duplex ..................................................................................................... 51
3.9.10 (config)# enable ...................................................................................................... 52
3.9.10.1 (config)# enable password ............................................................................... 52
3.9.10.2 (config)# enable password level ....................................................................... 52
3.9.10.3 (config)# enable secret .................................................................................... 53
3.9.11 (config)# erps .......................................................................................................... 53
3.9.11.1 (config)# erps <group> guard <guard_time_ms> .............................................. 53
3.9.11.2 (config)# erps <group> holdoff <holdoff_time_ms> ......................................... 54
3.9.11.3 (config)# erps <group> major port0 interface port1 interface <port_type>
<port1> [ interconnect ] ................................................................................................ 54
3.9.11.4 (config)# erps <group> mep port0 sf <p0_sf> aps <p0_aps> port1 sf <p1_sf>
aps <p1_aps> ................................................................................................................. 55
3.9.11.5 (config)# erps <group> revertive <wtr_time_minutes> ..................................... 55
3.9.11.6 (config)# erps <group> rpl { owner | neighbor } { port0 | port1 } ..................... 56

PowerFlow-2-10G iii
Table of Contents Installation and Operation Manual

3.9.11.7 (config)# erps <group> sub port0 interface <port_type> <port0> { { port1
interface <port_type> <port1> } | { interconnect <major_ring_id> [ virtual-channel ] } } . 56
3.9.11.8 (config)# erps <group> topology-change propagate ........................................ 57
3.9.11.9 (config)# erps <group> version { 1 | 2 } ........................................................... 57
3.9.11.10 (config)# erps <group> vlan { none | [ add | remove ] <vlans> } ..................... 58
3.9.12 (config-if)# excessive-restart ................................................................................... 58
3.9.13 (config-if)# flowcontrol { on | off } .......................................................................... 59
3.9.14 (config)# gvrp .......................................................................................................... 59
3.9.14.1 (config)# gvrp .................................................................................................. 59
3.9.14.2 (config)# gvrp max-vlans .................................................................................. 60
3.9.14.3 (config)# gvrp time .......................................................................................... 60
3.9.14.4 (config-if)# gvrp ............................................................................................... 61
3.9.15 (config)# hostname ................................................................................................. 62
3.9.16 (config)# interface ................................................................................................... 62
3.9.16.1(config)# interface ( <port_type> [ <plist> ] ) ................................................... 62
3.9.16.2 (config)# interface vlan .................................................................................... 63
3.9.17 (config)# ip .............................................................................................................. 64
3.9.17.1 (config)# ip arp inspection ............................................................................... 64
3.9.17.2 (config)# ip arp inspection entry interface ........................................................ 64
3.9.17.3 (config)# ip arp inspection translate ................................................................. 65
3.9.17.4 (config)# ip arp inspection vlan ........................................................................ 65
3.9.17.5 (config)# ip arp inspection vlan <in_vlan_list> logging ....................................... 66
3.9.17.6 (config)# ip dhcp excluded-address.................................................................. 66
3.9.17.7 (config)# ip dhcp pool ...................................................................................... 67
3.9.17.8 (config)# ip dhcp relay ..................................................................................... 79
3.9.17.9 (config)# ip dhcp relay information circuit-id format ........................................ 79
3.9.17.10 (config)# ip dhcp relay information option ..................................................... 80
3.9.17.11 (config)# ip dhcp relay information policy {drop | keep |replace} .................... 80
3.9.17.12 (config)# ip dhcp relay information remote-id ............................................... 81
3.9.17.13 (config)# ip dhcp relay information remote-id format .................................... 81
3.9.17.14 (config)# ip dhcp server ................................................................................. 82
3.9.17.15 (config)# ip dhcp snooping ............................................................................ 82
3.9.17.16 (config)# ip dhcp snooping vlan ..................................................................... 83
3.9.17.17 (config)# ip dns proxy .................................................................................... 83
3.9.17.18 (config)# ip helper-address ............................................................................ 84
3.9.17.19 (config)# ip http secure-server ...................................................................... 84
3.9.17.20 (config)# ip http secure-redirect .................................................................... 85
3.9.17.21 (config)# ip igmp host-proxy .......................................................................... 85
3.9.17.22 (config)# ip igmp snooping ............................................................................ 86
3.9.17.23 (config)# ip igmp snooping vlan ..................................................................... 86
3.9.17.24 (config)# ip igmp ssm-range .......................................................................... 87
3.9.17.25 (config)# ip igmp unknown-flooding .............................................................. 87
3.9.17.26 (config)# ip name-server ................................................................................ 87
3.9.17.27 (config)# ip route........................................................................................... 88
3.9.17.28 (config)# ip routing ........................................................................................ 89
3.9.17.29 (config)# ip source binding interface .............................................................. 89
3.9.17.30 (config)# ip ssh .............................................................................................. 90
3.9.17.31 (config)# ip verify source ............................................................................... 91
3.9.17.32 (config)# ip verify source translate ................................................................ 91
3.9.17.33 (config-if)# ip arp inspection check-type ....................................................... 91
3.9.17.34 (config-if)# ip arp inspection check-vlan ........................................................ 92
3.9.17.35 (config-if)# ip arp inspection logging .............................................................. 92
3.9.17.36 (config-if)# ip arp inspection trust .................................................................. 92
3.9.17.37 (config-if)# ip dhcp snooping trust ................................................................ 93

iv PowerFlow-2-10G
Installation and Operation Manual Table of Contents

3.9.17.38 (config-if)# ip dhcp relay information subscriber-id ....................................... 93

3.9.17.39 (config-if)# ip dhcp snooping limit ................................................................. 93
3.9.17.40 (config-if)# ip dhcp snooping limit maximum ................................................. 94
3.9.17.41 (config-if)# ip dhcp snooping trust ................................................................ 94
3.9.17.42 (config-if)# ip igmp snooping filter ................................................................ 95
3.9.17.43 (config-if)# ip igmp snooping immediate-leave .............................................. 95
3.9.17.44 (config-if)# ip igmp snooping max-groups...................................................... 95
3.9.17.45 (config-if)# ip igmp snooping mrouter ........................................................... 96
3.9.17.46 (config-if)# ip verify source ............................................................................ 96
3.9.17.47 (config-if)# ip verify source limit .................................................................... 97
3.9.17.48 (config-if-vlan)# ip address ............................................................................ 97
3.9.17.49 (config-if-vlan)# ip dhcp server ...................................................................... 98
3.9.17.50 (config-if-vlan)# ip igmp snooping ................................................................. 98
3.9.17.51 (config-if-vlan)# ip igmp snooping compatibility ............................................ 98
3.9.17.52 (config-if-vlan)# ip igmp snooping last-member-query-interval ...................... 99
3.9.17.53 (config-if-vlan)# ip igmp snooping priority ..................................................... 99
3.9.17.54 (config-if-vlan)# ip igmp snooping querier ................................................... 101
3.9.17.55 (config-if-vlan)# ip igmp snooping query-interval ......................................... 101
3.9.17.56 (config-if-vlan)# ip igmp snooping query-max-response-time ...................... 101
3.9.17.57 (config-if-vlan)# ip igmp snooping robustness-variable ................................ 102
3.9.17.58 (config-if-vlan)# ip igmp snooping unsolicited-report-interval ...................... 102
3.9.17.59 (config-if-vlan)# ipv6 address ...................................................................... 103
3.9.17.60 (config-if-vlan)# ipv6 mld snooping ............................................................. 103
3.9.17.61 (config-if-vlan)# ipv6 mld snooping compatibility ......................................... 103
3.9.17.62 (config-if-vlan)# ipv6 mld snooping last-member-query-interval .................. 104
3.9.17.63 (config-if-vlan)# ipv6 mld snooping priority <cos_priority> ........................... 104
3.9.17.64 (config-if-vlan)# ipv6 mld snooping querier election .................................... 105
3.9.17.65 (config-if-vlan)# ipv6 mld snooping query-interval <ipmc_qi>....................... 105
3.9.17.66 (config-if-vlan)# ipv6 mld snooping query-max-response-time <ipmc_qri> ... 105
3.9.17.67 (config-if-vlan)# ipv6 mld snooping robustness-variable <ipmc_rv> .............. 106
3.9.17.68 (config-if-vlan)# ipv6 mld snooping unsolicited-report-interval <ipmc_uri> .. 106
3.9.18 (config)# ipmc ....................................................................................................... 107
3.9.18.1 (config)# ipmc profile..................................................................................... 107
3.9.18.2 (config)# ipmc profile <profile_name> ............................................................ 107
3.9.18.3 (config)# ipmc range ...................................................................................... 108
3.9.18.4 (config-ipmc-profile)# default range .............................................................. 108
3.9.18.5 (config-ipmc-profile)# description .................................................................. 109
3.9.18.6 (config-ipmc-profile)# range .......................................................................... 110
3.9.19 (config)# ipv6 mld host-proxy ................................................................................ 110
3.9.19.1 (config)# ipv6 mld host-proxy ........................................................................ 110
3.9.19.2 (config)# ipv6 mld host-proxy leave-proxy ..................................................... 111
3.9.19.3 (config)# ipv6 mld snooping........................................................................... 112
3.9.19.4 (config)# ipv6 mld snooping vlan ................................................................... 113
3.9.19.5 (config)# ipv6 mld ssm-range......................................................................... 113
3.9.19.6 (config)# ipv6 mld unknown-flooding ............................................................ 114
3.9.19.7 (config)# ipv6 route ....................................................................................... 114
3.9.19.8 (config-if)# ipv6 mld snooping filter ............................................................... 115
3.9.19.9 (config-if)# ipv6 mld snooping immediate-leave ............................................ 116
3.9.19.10 (config-if)# ipv6 mld snooping max-groups .................................................. 116
3. 9.19.11 (config-if)# ipv6 mld snooping mrouter ...................................................... 116
3.9.20 (config)# lacp ........................................................................................................ 117
3.9.20.1 (config)# lacp system-priority ........................................................................ 117
3.9.20.2 (config-if)# lacp ............................................................................................. 118
3.9.20.3 (config-if)# lacp key ....................................................................................... 118

PowerFlow-2-10G v
Table of Contents Installation and Operation Manual

3.9.20.4 (config-if)# lacp port-priority <v_1_to_65535> ............................................... 119

3.9.20.5 (config-if)# lacp role { active | passive } ......................................................... 119
3.9.20.6 (config-if)# lacp timeout { fast | slow } .......................................................... 120
3.9.21 (config)# line ......................................................................................................... 120
3.9.21.1 (config)# line ................................................................................................. 120
3.9.21.2 (config-line)# do ............................................................................................ 121
3.9.21.3 (config-line)# editing ..................................................................................... 121
3.9.21.4 (config-line)# end .......................................................................................... 122
3.9.21.5 (config-line)# exec-banner ............................................................................. 122
3.9.21.6 (config-line)# exec-timeout............................................................................ 123
3.9.21.7 (config-line)# exit .......................................................................................... 123
3.9.21.8 (config-line)# help ......................................................................................... 124
3.9.21.9 (config-line)# history size .............................................................................. 125
3.9.21.10 (config-line)# length .................................................................................... 125
3.9.21.11 (config-line)# location.................................................................................. 126
3.9.21.12 (config-line)# motd-banner .......................................................................... 127
3.9.21.13 (config-line)# privilege level ......................................................................... 127
3.9.21.14 (config-line)# width ..................................................................................... 128
3.9.22 (config)# lldp ......................................................................................................... 130
3.9.22.1 (config)# lldp holdtime ................................................................................... 130
3.9.22.2 (config)# lldp reinit ........................................................................................ 130
3.9.22.3 (config)# lldp timer ........................................................................................ 131
3.9.22.4 (config)# lldp transmission-delay ................................................................... 131
3.9.22.5 (config)# lldp med datum ............................................................................... 132
3.9.22.6 (config)# lldp med fast................................................................................... 133
3.9.22.7 (config)# lldp med location-tlv altitude .......................................................... 133
3.9.22.8 (config)# lldp med location-tlv civic-addr ....................................................... 134
3.9.22.9 (config)# lldp med location-tlv elin-addr ........................................................ 136
3.9.22.10 (config)# lldp med location-tlv latitude ........................................................ 137
3.9.22.11 (config)# lldp med location-tlv longitude ...................................................... 137
3.9.22.12 (config)# lldp med media-vlan-policy ........................................................... 138
3.9.22.13 (config-if)# lldp cdp-aware........................................................................... 139
3.9.22.14 (config-if)# lldp med media-vlan policy-list .................................................. 139
3.9.22.15 (config-if)# lldp med transmit-tlv ................................................................. 140
3.9.22.16 (config-if)# lldp receive ................................................................................ 140
3.9.22.17 (config-if)# lldp tlv-select ............................................................................. 141
3.9.22.18 (config-if)# lldp transmit .............................................................................. 141
3.9.23 (config)# logging ................................................................................................... 141
3.9.23.1 (config)# logging on ....................................................................................... 141
3.9.23.2 (config)# logging host .................................................................................... 142
3.9.23.3 (config)# logging level .................................................................................... 143
3.9.24 (config)# loop-protect ........................................................................................... 143
3.9.24.1 (config)# loop-protect ................................................................................... 143
3.9.24.2 (config)# loop-protect shutdown-time ........................................................... 144
3.9.24.3 (config)# loop-protect transmit-time ............................................................. 144
3.9.24.4 (config-if)# loop-protect ................................................................................ 145
3.9.24.5 (config-if)# loop-protect action ..................................................................... 145
3.9.24.6 (config-if)# loop-protect tx-mode .................................................................. 146
3.9.25 (config)# mac ........................................................................................................ 146
3.9.25.1 (config)# mac address-table aging-time ......................................................... 146
3.9.25.2 (config)# mac address-table static ................................................................. 147
3.9.25.3 (config-if)# mac address-table learning ......................................................... 148
3.9.26 (config-if)# media-type ......................................................................................... 148
3.9.27 (config-if)# mtu ..................................................................................................... 149

vi PowerFlow-2-10G
Installation and Operation Manual Table of Contents

3.9.28 (config)# mep ........................................................................................................ 149

3.9.28.1 (config)# mep <inst> ..................................................................................... 149
3.9.28.2 (config)# mep <inst> ais ................................................................................ 151
3.9.28.3 (config)# mep <inst> aps ............................................................................... 151
3.9.28.4 (config)# mep <inst> cc ................................................................................. 152
3.9.28.5 (config)# mep <inst> client domain ............................................................... 153
3.9.28.6 (config)# mep <inst> client flow .................................................................... 153
3.9.28.7 (config)# mep <inst> dm ............................................................................... 154
3.9.28.8 (config)# mep <inst> dm ns ........................................................................... 156
3.9.28.9 (config)# mep <inst> dm overflow-reset ........................................................ 156
3.9.28.10 (config)# mep <inst> dm proprietary ........................................................... 156
3.9.28.11 (config)# mep <inst> dm syncronized .......................................................... 158
3.9.28.12 (config)# mep <inst> lb................................................................................ 158
3.9.28.13 (config)# mep <inst> lck .............................................................................. 160
3.9.28.14 (config)# mep <inst> level ........................................................................... 160
3.9.28.15 (config)# mep <inst> lm............................................................................... 160
3.9.28.16 (config)# mep <inst> lt ................................................................................ 162
3.9.28.17 (config)# mep <inst> meg-id ....................................................................... 162
3.9.28.18 (config)# mep <inst> peer-mep-id ............................................................... 163
3.9.28.19 (config)# mep <inst> performance-monitoring ............................................ 163
3.9.28.20 (config)# mep <inst> tst .............................................................................. 164
3.9.28.21 (config)# mep <inst> tst rx .......................................................................... 165
3.9.28.22 (config)# mep <inst> tst tx .......................................................................... 165
3.9.28.23 (config)# mep <inst> vid .............................................................................. 166
3.9.28.24 (config)# mep <inst> voe ............................................................................. 166
3.9.29 (config)# monitor .................................................................................................. 166
3.9.29.1 (config)# monitor destination interface .......................................................... 166
3.9.29.2 (config)# monitor source ............................................................................... 167
3.9.30 (config)# mvr ......................................................................................................... 168
3.9.30.1 (config)# mvr ................................................................................................. 168
3.9.30.2 (config)# mvr name <mvr_name> channel ...................................................... 168
3.9.30.3 (config)# mvr name <mvr_name> frame priority............................................. 169
3.9.30.4 (config)# mvr name <mvr_name> frame tagged ............................................. 170
3.9.30.5 (config)# mvr name <mvr_name> igmp-address ............................................. 170
3.9.30.6 (config)# mvr name <mvr_name> last-member-query-interval ....................... 171
3.9.30.7 (config)# mvr name <mvr_name> mode ......................................................... 172
3.9.30.8 (config)# mvr vlan <v_vlan_list> ...................................................................... 173
3.9.30.9 (config)# mvr vlan <v_vlan_list> channel ......................................................... 173
3.9.30.10 (config)# mvr vlan <v_vlan_list> frame priority............................................. 174
3.9.30.11 (config)# mvr vlan <v_vlan_list> frame tagged .............................................. 175
3.9.30.12 (config)# mvr vlan <v_vlan_list> igmp-address .............................................. 175
3.9.30.13 (config)# mvr vlan <v_vlan_list> last-member-query-interval ....................... 177
3.9.30.14 (config)# mvr vlan <v_vlan_list> mode .......................................................... 177
3.9.30.15 (config-if)# mvr immediate-leave ................................................................. 178
3.9.30.16 (config-if)# mvr name .................................................................................. 179
3.9.30.17 (config-if)# mvr vlan .................................................................................... 179
3.9.31 (config)# ntp ......................................................................................................... 180
3.9.31.1 (config)# ntp.................................................................................................. 180
3.9.31.2 (config)# ntp server ....................................................................................... 180
3.9.32 (config)# port-security........................................................................................... 181
3.9.32.1 (config)# port-security ................................................................................... 181
3.9.32.2 (config)# port-security aging ......................................................................... 182
3.9.32.3 (config)# port-security aging time.................................................................. 182
3.9.32.4 (config-if)# port-security ............................................................................... 183

PowerFlow-2-10G vii
Table of Contents Installation and Operation Manual

3.9.32.5 (config-if)# port-security maximum ................................................................ 183

3.9.32.6 (config-if)# port-security violation ................................................................. 184
3.9.33 (config)# privilege .................................................................................................. 185
3.9.34 (config-if)# pvlan ................................................................................................... 186
3.9.34.1 (config-if)# pvlan ........................................................................................... 186
3.9.34.2 (config-if)# pvlan isolation ............................................................................. 187
3.9.35 (config)# qos ......................................................................................................... 188
3.9.35.1 (config)# qos map cos-dscp ........................................................................... 188
3.9.35.2 (config)# qos map dscp-classify ..................................................................... 189
3.9.35.3 (config)# qos map dscp-cos ........................................................................... 190
3.9.35.4 (config)# qos map dscp-egress-translation .................................................... 191
3.9.35.5 (config)# qos map dscp-ingress-translation ................................................... 192
3.9.35.6 (config)# qos qce refresh............................................................................... 194
3.9.35.7 (config)# qos qce update ............................................................................... 194
3.9.35.8 (config)# qos wred queue .............................................................................. 197
3.9.35.9 (config-if)# qos dscp-classify ......................................................................... 199
3.9.35.10 (config-if)# qos dscp-remark ....................................................................... 199
3.9.35.11 (config-if)# qos dscp-translate .................................................................... 200
3.9.35.12 (config-if)# qos map cos-tag ....................................................................... 200
3.9.35.13 (config-if)# qos ingress queue-shaper ......................................................... 201
3.9.35.14 (config-if)# qos egress shaper ..................................................................... 201
3.9.35.15 (config-if)# qos egress tag-remark .............................................................. 202
3.9.35.16 (config-if)# qos egress wrr .......................................................................... 203
3.9.35.17 (config-if)# qos ingress cos ......................................................................... 203
3.9.35.18 (config-if)# qos ingress dei .......................................................................... 204
3.9.35.19 (config-if)# qos ingress dpl .......................................................................... 204
3.9.35.20 (config-if)# qos ingress map tag-cos ........................................................... 205
3.9.35.21 (config-if)# qos ingress pcp ......................................................................... 205
3.9.35.22 (config-if)# qos policer ................................................................................ 206
3.9.35.23 (config-if)# qos ingress queue-policer ......................................................... 206
3.9.35.24 (config-if)# qos ingress shaper .................................................................... 207
3.9.35.25 (config-if)# qos ingress trust dscp ............................................................... 208
3.9.35.26 (config-if)# qos ingress trust tag ................................................................. 208
3.9.35.27 (config-if)# qos storm .................................................................................. 208
3.9.36 (config)# radius-server .......................................................................................... 209
3.9.36.1 (config)# radius-server attribute 32 ............................................................... 209
3.9.36.2 (config)# radius-server attribute 4 ................................................................. 210
3.9.36.3 (config)# radius-server attribute 95 ............................................................... 210
3.9.36.4 (config)# radius-server deadtime ................................................................... 211
3.9.36.5 (config)# radius-server host ........................................................................... 211
3.9.36.6 (config)# radius-server key ............................................................................ 212
3.9.36.7 (config)# radius-server retransmit ................................................................. 213
3.9.36.8 (config)# radius-server timeout ..................................................................... 213
3.9.37 (config)# ring ......................................................................................................... 214
3.9.37.1 (config)# ring <instance> chain ...................................................................... 214
3.9.37.2 (config)# ring <instance> ring ........................................................................ 215
3.9.37.3 (config)# ring <instance> sub ........................................................................ 216
3.9.38 (config)# rmon ...................................................................................................... 216
3.9.38.1 (config)# rmon alarm ..................................................................................... 216
3.9.38.2(config)# rmon event ...................................................................................... 218
3.9.38.3 (config-if)# rmon collection history ................................................................ 219
3.9.38.4 (config-if)# rmon collection stats ................................................................... 219
3.9.39 (config-if)# shutdown ............................................................................................ 220
3.9.40 (config)# snmp-server ........................................................................................... 220

viii PowerFlow-2-10G
Installation and Operation Manual Table of Contents

3.9.40.1 (config)# snmp-server.................................................................................... 220

3.9.40.2 (config)# snmp-server access ........................................................................ 221
3.9.40.3 (config)# snmp-server community v2c ........................................................... 222
3.9.40.4 (config)# snmp-server community v3 ............................................................. 222
3.9.40.5 (config)# snmp-server contact ....................................................................... 223
3.9.40.6 (config)# snmp-server engine-id local ............................................................ 223
3.9.40.7 (config)# snmp-server host ............................................................................ 224
3.9.40.8 (config)# snmp-server location ...................................................................... 224
3.9.40.9 (config)# snmp-server security-to-group model ............................................. 225
3.9.40.10 (config)# snmp-server trap .......................................................................... 226
3.9.40.11 (config)# snmp-server user .......................................................................... 226
3.9.40.12 (config)# snmp-server version ..................................................................... 227
3.9.40.13 (config)# snmp-server view.......................................................................... 228
3.9.40.14 (config-if)# snmp-server host <conf_name> traps ....................................... 229
3.9.40.15 (config-snmps-host)# alarm ......................................................................... 229
3.9.40.16 (config-snmps-host)# host <v_ipv6_ucast> .................................................. 230
3.9.40.17 (config-snmps-host)# host <v_ipv4_ucast> .................................................. 230
3.9.40.18 (config-snmps-host)# version ...................................................................... 231
3.9.40.19 (config-snmps-host)# informs retries .......................................................... 232
3.9.40.20 (config-snmps-host)# shutdown .................................................................. 232
3.9.40.21 (config-snmps-host)# traps ......................................................................... 233
3.9.41 (config)# spanning-tree ......................................................................................... 234
3.9.41.1 (config)# spanning-tree aggregation .............................................................. 234
3.9.41.2 (config-stp-aggr)# spanning-tree ................................................................... 234
3.9.41.3 (config-stp-aggr)# spanning-tree auto-edge .................................................. 235
3.9.41.4 (config-stp-aggr)# spanning-tree bpdu-guard ................................................ 235
3.9.41.5 (config-stp-aggr)# spanning-tree edge .......................................................... 235
3.9.41.6 (config-stp-aggr)# spanning-tree link-type .................................................... 236
3.9.41.7 (config-stp-aggr)# spanning-tree mst <instance> cost .................................. 236
3.9.41.8 (config-stp-aggr)# spanning-tree mst <instance> port-priority ...................... 237
3.9.41.9 (config-stp-aggr)# spanning-tree restricted-role ............................................ 237
3.9.41.10 (config-stp-aggr)# spanning-tree restricted-tcn ........................................... 238
3.9.41.11 (config)# spanning-tree edge bpdu-filter ..................................................... 238
3.9.41.12 (config)# spanning-tree edge bpdu-guard.................................................... 238
3.9.41.13 (config)# spanning-tree mode ..................................................................... 239
3.9.41.14 (config)# spanning-tree mst <instance> priority <prio> ............................... 240
3.9.41.15 (config)# spanning-tree mst <instance> vlan <v_vlan_list> ........................... 240
3.9.41.16 (config)# spanning-tree mst forward-time ................................................... 241
3.9.41.17 (config)# spanning-tree mst max-age .......................................................... 242
3.9.41.18 (config)# spanning-tree mst max-hops ........................................................ 242
3.9.41.19 (config)# spanning-tree mst name ............................................................... 243
3.9.41.20 (config)# spanning-tree recovery interval .................................................... 244
3.9.41.21 (config)# spanning-tree transmit hold-count ............................................... 244
3.9.41.22 (config-if)# spanning-tree ............................................................................ 245
3.9.41.23 (config-if)# spanning-tree auto-edge ........................................................... 245
3.9.41.24 (config-if)# spanning-tree bpdu-guard ......................................................... 245
3.9.41.25 (config-if)# spanning-tree edge ................................................................... 246
3.9.41.26 (config-if)# spanning-tree link-type ............................................................. 246
3.9.41.27 (config-if)# spanning-tree mst <instance> cost ........................................... 247
3.9.41.28 (config-if)# spanning-tree mst <instance> port-priority ............................... 247
3.9.41.29 (config-if)# spanning-tree restricted-role .................................................... 249
3.9.41.30 (config-if)# spanning-tree restricted-tcn...................................................... 249
3.9.42 (config-if)# speed .................................................................................................. 249
3.9.43 (config)# switchport .............................................................................................. 250

PowerFlow-2-10G ix
Table of Contents Installation and Operation Manual

3.9.43.1 (config)# switchport vlan mapping ................................................................. 250

3.9.43.2 (config-if)# switchport access vlan................................................................. 250
3.9.43.3 (config-if)# switchport forbidden vlan............................................................ 251
3.9.43.4 (config-if)# switchport hybrid acceptable-frame-type ................................... 252
3.9.43.5 (config-if)# switchport hybrid allowed vlan .................................................... 252
3.9.43.6 (config-if)# switchport hybrid egress-tag ....................................................... 253
3.9.43.7 (config-if)# switchport hybrid ingress-filtering ............................................... 253
3.9.43.8 (config-if)# switchport hybrid native vlan....................................................... 254
3.9.43.9 (config-if)# switchport hybrid port-type ........................................................ 255
3.9.43.10 (config-if)# switchport mode ....................................................................... 256
3.9.43.11 (config-if)# switchport trunk allowed vlan.................................................... 257
3.9.43.12 (config-if)# switchport trunk native vlan ...................................................... 257
3.9.43.13 (config-if)# switchport trunk vlan tag native ................................................ 258
3.9.43.14 (config-if)# switchport vlan ip-subnet id ...................................................... 258
3.9.43.15 (config-if)# switchport vlan mac .................................................................. 259
3.9.43.16 (config-if)# switchport vlan mapping ........................................................... 259
3.9.43.17 (config-if)# switchport vlan protocol group .................................................. 260
3.9.43.18 (config-if)# switchport voice vlan discovery-protocol ................................... 260
3.9.43.19 (config-if)# switchport voice vlan mode ....................................................... 261
3.9.43.20 (config-if)# switchport voice vlan security.................................................... 261
3.9.44 (config)# tacacs-server .......................................................................................... 262
3.9.44.1 (config)# tacacs-server timeout ..................................................................... 262
3.9.44.2 (config)# tacacs-server deadtime ................................................................... 263
3.9.44.3 (config)# tacacs-server key ............................................................................ 263
3.9.44.4 (config)# tacacs-server host ........................................................................... 263
3.9.45 (config)# upnp ....................................................................................................... 264
3.9.45.1 (config)# upnp ............................................................................................... 264
3.9.45.2 (config)# upnp advertising-duration ............................................................... 265
3.9.45.3 (config)# upnp ttl........................................................................................... 265
3.9.46 (config)# username ............................................................................................... 266
3.9.46.1 (config)# username<username>privilege<priv>password encrypted .............. 266
3.9.46.2 (config)# username<username>privilege<priv>password none ...................... 267
3.9.46.3 (config)# username<username>privilege<priv>password unencrypted ........... 268
3.9.47 (config)# vlan ........................................................................................................ 269
3.9.47.1 (config)# vlan ................................................................................................. 269
3.9.47.2 (config)# vlan ethertype s-custom-port ......................................................... 269
3.9.47.3 (config)# vlan protocol ................................................................................... 271
3.9.48 (config)# web privilege group ................................................................................ 272

Chapter 4. Web Operation and Configuration

4.1 Web Management Interface Connection & Login .................................................................. 4-1
4.2 Icons & Buttons ................................................................................................................... 4-2
4.2.1 Port Status ............................................................................................................... 4-2
4.2.2 Refresh ..................................................................................................................... 4-3
4.2.3 Help System ............................................................................................................. 4-3
4.2.4 Logout ...................................................................................................................... 4-3
4.3 Configuration ....................................................................................................................... 4-4
4.3.1 System ..................................................................................................................... 4-4
4.3.1.1 System Information Configuration .................................................................... 4-4
4.3.1.2 System Information .......................................................................................... 4-6
4.3.1.3 System IP .......................................................................................................... 4-6
4.3.1.4 System IP Status .............................................................................................. 4-9
4.3.1.5 System NTP ....................................................................................................... 4-9

x PowerFlow-2-10G
Installation and Operation Manual Table of Contents

4.3.1.6 System Time ................................................................................................... 4-10

4.3.1.7 System Log Configuration .............................................................................. 4-11
4.3.1.8 System Log Information ................................................................................. 4-12
4.3.1.9 System Detailed Log ...................................................................................... 4-13
4.3.1.10 Power ........................................................................................................... 4-13
4.3.1.11 System CPU Load .......................................................................................... 4-13
4.3.1.12 System SMTP ................................................................................................ 4-14
4.3.2 Ports....................................................................................................................... 4-16
4.3.2.1 Configuration .................................................................................................. 4-16
4.3.2.2 Ports State...................................................................................................... 4-18
4.3.2.3 Ports Traffic Overview ..................................................................................... 4-19
4.3.2.4 Ports QoS Statistics ........................................................................................ 4-20
4.3.2.5 Ports QCL Status ............................................................................................. 4-21
4.3.2.6 Ports Detailed Statistics .................................................................................. 4-22
4.3.2.7 Ports SFP ........................................................................................................ 4-24
4.3.3 Security .................................................................................................................. 4-25
4.3.3.1 Switch ............................................................................................................. 4-25
4.3.3.2 Network .......................................................................................................... 4-49
4.3.3.3 RADIUS ........................................................................................................... 4-88
4.3.4 Aggregation ............................................................................................................ 4-95
4.3.4.1 Static .............................................................................................................. 4-95
4.3.4.2 LACP ............................................................................................................... 4-96
4.3.5 Redundancy .......................................................................................................... 4-101
4.3.5.1 PF-Ring ......................................................................................................... 4-101
4.3.5.2 Loop Protection ............................................................................................ 4-106
4.3.5.3 Spanning Tree ............................................................................................... 4-108
4.3.5.4 MEP (Y.1731) ................................................................................................ 4-119
4.3.5.5 ERPS (G.8032) .............................................................................................. 4-133
4.3.6 IPMC Profile .......................................................................................................... 4-135
4.3.6.1 Profile Table .................................................................................................. 4-135
4.3.6.2 Address Entry ............................................................................................... 4-136
4.3.7 MVR ...................................................................................................................... 4-137
4.3.7.1 Configuration ................................................................................................ 4-138
4.3.7.2 MVR Statistics ............................................................................................... 4-140
4.3.7.3 MVR Channel Groups ..................................................................................... 4-140
4.3.7.4 MVR SFM Information .................................................................................... 4-141
4.3.8 IPMC ..................................................................................................................... 4-141
4.3.8.1 IGMP Snooping .............................................................................................. 4-142
4.3.8.2 MLD Snooping ............................................................................................... 4-148
4.3.9 LLDP ..................................................................................................................... 4-155
4.3.9.1 LLDP Configuration ....................................................................................... 4-155
4.3.9.2 LLDP-MED ..................................................................................................... 4-156
4.3.9.3 Neighbours ................................................................................................... 4-160
4.3.9.4 LLDP-MED Neighbours.................................................................................. 4-161
4.3.9.5 Port Statistics ............................................................................................... 4-162
4.3.10 MAC Table ........................................................................................................... 4-163
4.3.10.1 Configuration .............................................................................................. 4-163
4.3.10.2 MAC Address Table ..................................................................................... 4-164
4.3.11 VLANs ................................................................................................................. 4-165
4.3.11.1 Configuration .............................................................................................. 4-166
4.3.11.2 Membership ................................................................................................ 4-170
4.3.11.3 Ports ........................................................................................................... 4-170
4.3.11.4 VLAN Translation ......................................................................................... 4-171
4.3.12 Private VLANs ..................................................................................................... 4-173

PowerFlow-2-10G xi
Table of Contents Installation and Operation Manual

4.3.12.1 PVLAN Membership ..................................................................................... 4-173

4.3.12.2 Port Isolation .............................................................................................. 4-174
4.3.13 GVRP................................................................................................................... 4-174
4.3.13.1 Global Config .............................................................................................. 4-174
4.3.13.2 Port Config.................................................................................................. 4-176
4.3.14 VCL ..................................................................................................................... 4-176
4.3.14.1 MAC-based VLAN ........................................................................................ 4-176
4.3.14.2 Protocol-based VLAN .................................................................................. 4-177
4.3.14.3 IP Subnet-based VLAN................................................................................. 4-179
4.3.15 QoS .................................................................................................................... 4-180
4.3.15.1 Ingress ........................................................................................................ 4-181
4.3.15.2 Egress ......................................................................................................... 4-186
4.3.15.3 Port DSCP ................................................................................................... 4-191
4.3.15.4 DSCP-Based QoS Ingress Classification ........................................................ 4-192
4.3.15.5 DSCP Translation ......................................................................................... 4-193
4.3.15.6 DSCP Classification ...................................................................................... 4-193
4.3.15.7 QoS Control List .......................................................................................... 4-194
4.3.15.8 Storm Control ............................................................................................. 4-198
4.3.15.9 WRED .......................................................................................................... 4-199
4.3.16 Mirroring ............................................................................................................. 4-200
4.3.17 UPnP ................................................................................................................... 4-200
4.3.18 L2CP ................................................................................................................... 4-201
4.3.19 Diagnostics ......................................................................................................... 4-202
4.3.19.1 Ping ............................................................................................................ 4-202
4.3.19.2 Ping6 .......................................................................................................... 4-203
4.3.20 Maintenance ....................................................................................................... 4-203
4.3.20.1 Reboot ........................................................................................................ 4-204
4.3.20.2 Factory Defaults ......................................................................................... 4-204
4.3.20.3 Software ..................................................................................................... 4-204
4.3.20.4 Configuration .............................................................................................. 4-205

xii PowerFlow-2-10G
 Chapter 1
Introduction

1.1 Overview
In this chapter we will introduce the various PowerFlow-2-10G models available
for Fast Ethernet, Gigabit Ethernet and 10Gig Ethernet. These models can be
mounted in a 19” rack. Chapter 2 will describe the mounting and installation
methods. All the models in this series utilize almost identical management
interfaces, whether using serial console and CLI (command line interface)
commands, Telnet, SSH, HTTP (Web GUI) or SNMP (Simple Network Management
Protocol). Chapter 4 will detail all of the configuration settings by using an easy
to point and click Web interface which can be accessed from any available web
browser.

1.2 Product Description

RAD’s PowerFlow-2-10G is a series of managed industrial grade Gigabit &
10Gigabit Ethernet switches that provide stable and reliable Ethernet
transmission. Housed in 19” rack, these switches are designed for harsh
environments, such as industrial networking and intelligent transportation
systems (ITS) and are also suitable for many military and utility market
applications where environmental conditions exceed commercial product
specifications.

This chapter details the features of each model in this series. Basically, the
models have three input power types:
• Redundant 48VDC

• Redundant AC power

• One AC Power Supply and one DC PS (48V)

PowerFlow-2-10G Product Description 1-1

Chapter 1 Introduction Installation and Operation Manual

Ordering Option Description

PowerFlow-2- PF-2- PowerFlow-2-10G, -10 - 60°C Redundant 48VDC

10G-DCR 10G/48R/4SFPP/4ETH/20SFP power supply, 4x 1G/2.5G/10G SFP+, 4x
100/1000Base Combo, 20x 100/1000Base-X SFP

PowerFlow-2- PF-2- PowerFlow-2-10G, -10 - 60°C, Redundant AC/High

10G-ACR 10G/ACR/4SFPP/4ETH/20SFP Voltage DC power supply, 4x 1G/2.5G/10G SFP+, 4x
100/1000Base Combo, 20x 100/1000Base-X SFP

PowerFlow-2- PF-2- -PowerFlow-2-10G, -10 - 60°C, Redundant 48VDC +

10G-ACDC 10G/ACDC/4SFPP/4ETH/20SFP AC/High Voltage DC power supplies, 4x 1G/2.5G/10G
SFP+, 4x 100/1000Base Combo, 20x 100/1000Base-
X SFP

PowerFlow-2-10G
PowerFlow-2-10G is an Industrial grade core switch for commercial temperature
range of -10°C to +60°C. There are 24 100/1000M SFP with 4 GbE Combo ports
and 4 10GbE SFP+. PowerFlow-2-10G offers three type of power supply on the
rear panel. Users can choose 2 AC powers, 2 DC powers or the combination of
one AC and one DC power. On the rear panel, a 3-pin Alarm Relay terminal block
is also provided to notify alarm events when programmable events occur. See
below for overview for front panel and rear panel.

Figure 2. PowerFlow-2-10G Front Panel

1.3 PowerFlow-2-10G Features

• 24 x 100/1000 SFP with 4 GbE Combo ports plus 4 10GbE SFP+
• Support isolated Low Voltage (24/48VDC) and High Voltage AC/DC (88~264
VAC / 88~300VDC) power inputs
• IP30 rugged metal housing and fanless design
• Wide operating temperature range -10°C~60°C
• Support many advanced Ethernet L2 functions
• Support proprietary PF-Ring and provide up to 14 instances for ring
redundancy applications
• Support IEEE1588 PTPv2 for precise time synchronization
• Console, Telnet, Web and SNMP management
• CE, FCC, EN 50121-4 certified, EN61000-6-2, EN61000-6-4
• Supported by RADview for centralized management

1-2 PowerFlow-2-10G Features PowerFlow-2-10G

Installation and Operation Manual Chapter 1 Introduction

• Support IEEE802.3az EEE (Energy Efficient Ethernet) Management to optimize

power consumption
• STP, RSTP, MSTP, ITU-T G.8032 Ethernet Protection Ring(EPR) for cabling
redundancy
• QoS, Traffic classification QoS, CoS, Band width control for Ingress and
Egress, broadcast storm control, DiffServ
• IEEE802.1q VLAN, MAC based VLAN, IP subnet based VLAN, Protocol based
VLAN, VLAN translation, MVR
• Dynamic IEEE 802.3ad LACP Link Aggregation, Static Link Aggregation
• IGMP/MLD snooping V1/V2/V3, IGMP Filtering / Throttling, IGMP query, IGMP
proxy reporting, MLD snooping
• Security: Port based and MAC based IEEE802.1X, RADIUS, ACL, TACACS+,
HTTP/HTTPS
• CLI, Web based management, SNMP v1/v2c/v3, Telnet server for management
• Software upgrade via TFTP and HTTP, dual partitioned flash for quick recovery
from upgrade failure
• DHCP client/Relay/Snooping/Snooping option 82/Relay option 82
• RMON, MIB II, port mirroring, event syslog, DNS, NTP/SNTP, IEEE802.1ab LLDP
Support IPv6 Telnet server /ICMP v6, SNMP, HTTP, SSH/SSL, NTP/SNTP, TFTP

1.4 Product Specifications

IEEE 802.3 10BaseT 10 Mbps Ethernet
IEEE 802.3u 100BaseTX, 100BaseFX, Fast Ethernet
IEEE 802.3ab 1000BaseT Gbps Ethernet over twisted pair
IEEE 802.3z 1000BaseX Gbps Ethernet over fiber optic
IEEE 802.1d STP (Spanning Tree Protocol)
IEEE 802.1w RSTP (Rapid Spanning Tree Protocol)
IEEE 802.1s MSTP (Multiple Spanning Tree Protocol)
Standards

ITU-T G.8032 / EPR (Ethernet Protection Ring)

Y.1344
IEEE 802.1Q Virtual LANs (VLAN)
IEEE 802.1X Port based network access control, authentication
Link aggregation for parallel links with LACP (Link
IEEE 802.3ad
Aggregation Control Protocol)
IEEE 802.3x Flow control for full duplex
IEEE 802.3af PoE (Power over Ethernet)
IEEE 802.3at PoE+ (Power over Ethernet enhancements)

PowerFlow-2-10G Product Specifications 1-3

Chapter 1 Introduction Installation and Operation Manual

IEEE 802.1ad Stacked VLANs, Q-in-Q

IEEE 802.1p LAN Layer 2 QoS/CoS Protocol for Traffic Prioritization
IEEE 802.1ab Link Layer Discovery Protocol (LLDP)
IEEE 802.3az EEE (Energy Efficient Ethernet)
VLAN Groups Up to 4096
Switching Fabric 128 Gbps
Data Processing Store and Forward
Switch

IEEE 802.3x for full duplex mode, back pressure for half
Flow Control
duplex mode
MTU 9600 Bytes (Jumbo Frames)
MAC Table 8K
Dimensions 315 mm (D) x 440 mm (W) x 43.5 mm (H)
Mechanical

Mounting kits 19" Rack mount

4510g (1xAC + 1xDC Model), 4755g (Redundant AC Model),

Weight
4260g (Redundant DC Model)

1xAC + 1xDC Model: 1 x Isolated High Voltage 110/220 VAC

(88~264VAC) & 1 x Isolated Low Voltage 110/220VAC
(88~264VAC) or 1 x isolated 110/220 DC (88~300VDC)
Power

Power Supply
Redundant AC Model: 2 x Isolated High Voltage 110/220 VAC
(88~264VAC)
Redundant DC Model: 2 x Isolated Low Voltage 24/48 VDC
(18~60VDC)
Operating Temp. -10°C~60°C
Environment

Storage Temp. -40°C~85°C

Humidity 5%~95% (Non-condensing)

EMC CE
EMI FCC Part 15 sub B class A, CE EN55022 Class A
Immunity &
Emission for Heavy
EN61000-6-2, EN61000-6-4
Industrial
Certifications

Environment
EN61000-4-2 (ESD) Level 3, Criteria B
EN61000-4-3 (RS) Level3, Criteria A
EN61000-4-4 (Burst) Level3, Criteria A
EMS EN61000-4-5 (Surge) Level3, Criteria B
EN61000-4-6 (CS) Level3, Criteria A
EN61000-4-8 (PFMF, Magnetic Field) Field Strength:
300A/m, Criteria A

1-4 Product Specifications PowerFlow-2-10G

Installation and Operation Manual Chapter 1 Introduction

Safety UL60950-1
Railway Traffic EN50121-4
Shock EN60068-2-27
Freefall EN60068-2-32
Vibration EN60068-2-6

PowerFlow-2-10G Product Specifications 1-5

Chapter 1 Introduction Installation and Operation Manual

1-6 Product Specifications PowerFlow-2-10G

 Chapter 2
Panels & Installation

2.1 Views of Panels

Each physical feature on the panels is indexed numerically and explained briefly in
the reference box. Detailed descriptions for each feature are also provided in the
following sub-sections.

PowerFlow-2-10G Front Panel

Rear Panel with 1 AC Power Supply and 1 DC Power Supply

Rear Panel with 2 AC Power Supplies

Rear Panel with 2 DC Power Supplies

No. Description

1 LED indicators

2 (Port 1~20) SFP Fiber interface

3 (Port 21~24) Combo SFP Fiber + RJ45 interface

4 (Port 25~26 or Port 25~28) 10Gbps SFP+ Fiber interface

5 Management Port

6 Console Port

7 Reset-to-Default Push Button

PowerFlow-2-10G Views of Panels 2-1

Chapter 2 Panels & Installation Installation and Operation Manual

8 Alarm Relay Contacts

9 AC Power Input and Power On/Off Switch

10 DC Power Input and Power On/Off Switch

11 Earth Ground Connection

2.2 Connections

100/1000M SFP

PowerFlow-2-10G supports 20 100/1000Mbps dual speed SFP slots (labeled

1~20). Each of these SFP ports has associated LEDs which indicate the active link
state and the detected speed of the interface. A green indicates a link and a
speed of 100M, while yellow color indicates a link and speed of 1000M.

Combo Port Connections

On the front panel, 4 combo ports that are either SFP slot (100/1000Mbps) or RJ-
45 UTP (10/100/1000M) interface are provided. Each of these combo ports has
associated LEDs which indicate the active link state and the detected speed of
the interface. A green indicates a link and a speed of 100M, while yellow color
indicates a link and speed of 1000M.

2.2.3 10GbE SFP+ Connection

For 10G fiber connection, PowerFlow-2-10G switches support 4 10G SFP+ slots
(labeled 25~28). Users can use any compatible 10G SFP+ fiber transceiver for
network connection.

2-2 Connections PowerFlow-2-10G

Installation and Operation Manual Chapter 2 Panels & Installation

2.2.4 MGMT Port

PowerFlow-2-10G has a MGMT (Management) port for in-band management via

TCP/IP connectivity. The MGMT port allows you to access Command Line Interface
(CLI) using Telnet or Web management over TCP/IP using standard web browsers.
When you use the switch for the first time or restore the switch to the factory
defaults, you can use RJ-45 cable to directly connect MGMT port to your
management PC. Then, run a Telnet facility or web browser to communicate with
the device over a TCP/IP network using the default IP address 10.1.1.1. For Telnet
connection, up to four active Telnet sessions can access the Switch concurrently.
After you successfully login to the switch, you can change the IP address to the
desired one.

2.2.5 Console Port

PowerFlow-2-10G has a terminal console port for local management via a serial
terminal. The terminal provides management via a CLI (Command Line Interface)
which will be familiar to many networking engineers. For most users, the CLI can
be used to initially configure TCP/IP access so that further configuration can be
completed via the GUI (Graphical User Interface) using a web browser (Chrome,
IE, Firefox etc).

RJ-45 Pin Assignment

This RJ-45 connector provides an RS-232 DCE (data communication
equipment) asynchronous serial connection for local management.
Pin Ref. Definition Direction

3 RxD Receive Data Out towards DTE

6 TxD Transmit Data In from DTE

4,5 SG Signal Ground na

Console Port Pinouts

2.2.5.2 Accessory Cable

This DB9F to RJ-45 cable provides a connection for the RS-232. This cable is used
between the PowerFlow-2-10G serial port of terminal.

PowerFlow-2-10G Connections 2-3

Chapter 2 Panels & Installation Installation and Operation Manual

to PC COM Port
Pins
Ref. Definition Direction
DB9 RJ-45
2 3 RxD Receive Data Out towards DTE
3 6 TxD Transmit Data In from DTE
5 4,5 SG Signal Ground na
RS232 (Female) Pinouts

2.3 Electrical Installation

AC power module, located on the rear panel of the device, is supplied to
PowerFlow-2-10G through a standard IEC C14 3-prong receptacle. Any national
power cord with IEC C13 line plug may be used to connect AC power to the power
module.

Left: Live line

Right: Neutral line
Middle: Ground

IEC (AC) Power Connector Pin Assignment

PowerFlow-2-10G also provides DC module for power connection. The user must
connect the device only to DC input source that has an input supply voltage from
18 to 60 VDC. If the power you use is not in this range, the device might not
operate properly and there is great possibility that the device might be damaged.

Left: V-
Middle: Frame Ground
Right: V+

Terminal Block (DC) Power Connector Pin Assignment

2-4 Electrical Installation PowerFlow-2-10G

Installation and Operation Manual Chapter 2 Panels & Installation

2.4 Alarm Relay

The Alarm is one electrical relay that can be wired into an alarm circuit and is
triggered while the programmable events occur. From the common pin (COM), the
relay can be connected as Normally Open (NO) or Normally Closed (NC). When an
alarm occurs the NC-to-COM circuit opens and the COM-to-NO circuit closes. See
the following diagrams for normal and fault illustration in each alarm relay type.
Please note that the alarm relay contact can only support 1A current at 24VDC.
Do not apply voltage and current that exceed these specifications.

Alarm Relay
Terminal Block

Alarm Relay for NO (Normally Open) Type

2.5 2.5 Rack Mounting

When installing the rack mount brackets, be sure to correctly align the orientation
pin. Use the screws provided in the rack-mounting kit to securely fasten the
brackets.

Attaching Rack-Mounting Brackets

The Switch with Rack-Mounting Brackets

PowerFlow-2-10G 2.5 Rack Mounting 2-5

Chapter 2 Panels & Installation Installation and Operation Manual

Mounting in Rack

2.6 Earth Ground Connection

An earth ground connector is provided on the rear panel next to the power
supply. Grounding the device can help to release leakage of electricity to the
earth safely so as to reduce injuries from electromagnetic interference (EMI).
Prior to connecting to the power, it is important to connect the ground wire to
the earth. Follow steps below to install ground wire:

1. Remove the grounding screw.

2. Attach the grounding screw to the ring terminal of the grounding cable. Make
sure that the grounding cable is long enough to reach the earth.
3. Use a screwdriver to fasten the grounding screw.

Earth Ground Connection on the Rear Panel

2-6 Earth Ground Connection PowerFlow-2-10G

Installation and Operation Manual Chapter 2 Panels & Installation

2.7 LED Indicators

LED Color Definition

Power is connected and active at the corresponding input terminal

PWR1/ Green
connection.
PWR2
Off Power is not connected.

When one or more of the programmable alarm conditions is active or

Red
abnormal conditions occur.
ACT/Alarm
Normal operation without faults.
Green
Alarm conditions are all disabled.

Lit when this unit is the 'master' in a fiber ring and all units are
Ring Master Green configured for PF-Ring or ERPS (Ethernet Ring Protection Switching or
G.8032).

Green The connected LAN speed is 10/100M.

Combo
Yellow The connected LAN speed is 1000M.
RJ-45 LINK/ACT
Blinking Blinking when there is Ethernet traffic.

Green The fiber link speed is 100M.

SFP 1~24
Yellow The fiber link speed is 1000M.
LINK/ACT
Blinking Blinking when there is data traffic.

Amber The fiber link speed is 1000M.

SFP+ 25~26 or
25~28 Blue The fiber link speed is 10G.
LINK/ACT
Blinking Blinking when there is data traffic.

PowerFlow-2-10G LED Indicators 2-7

Chapter 2 Panels & Installation Installation and Operation Manual

2-8 LED Indicators PowerFlow-2-10G

 Chapter 3
Introduction to CLI

3.1 General Introduction

The PowerFlow-2-10G industrial Ethernet core switch provides a number of
configuration/management methods. The first and very basic is serial console
access. This method is also called out-of-band management and is only available
when a terminal or administrator PC can be physically connected to the local
PowerFlow switch at the CONSOLE port using RJ45 to RS-232 console cable.
Accessing the switch via CONSOLE port allows the user to use Command Line
Interface (CLI) to manage and configure the device. The out-of-band
management is relatively useful when you lose the network connection to the
device.
The out-of-band management via console access, using a command line (CLI), is
familiar to most network engineers. For engineers that are not comfortable using
CLI, this device can also be managed using any standard Web Browser in a more
user friendly 'point-and-click' method. Therefore, in most configuration scenarios,
the console will only be used to initially configure the IP address, so that the
device may be accessed via the other methods which require working TCP/IP.
After the device has been properly configured for the application and placed into
service, a third method of configuration/management can be employed using
Simple Network Management Protocol (SNMP). The operator will use SNMP
management software to manage and monitor PowerFlow-2-10G on a network.
This requires some configuration of the device to allow SNMP management. In
addition, the network management platform will need to import and compile the
proprietary MIB (management information base) file so that the manager knows
"how" to manage PowerFlow-2-10G.

3.2 CONSOLE Operation

Using the provided accessory cable, connect the "CONSOLE" port (RJ-45) to the
PC terminal communications port (DB9). Run any terminal emulation program
(HyperTerminal, PuTTY, TeraTerm Pro, etc.) and configure the communication
parameters as follows:
• Speed: 115,200
• Data: 8 bits
• Parity: none
• Stop bits: 1

PowerFlow-2-10G CONSOLE Operation 3-1

Chapter 3 Introduction to CLI Installation and Operation Manual

• Flow Control: None

From a cold start, the following screen will be displayed. At the "Username"
prompt, enter 'admin' with no password.
Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
Free Software Foundation, Inc.
RedBoot is free software, covered by the eCos license, derived from the
GNU General Public License. You are welcome to change it and/or distribute
copies of it under certain conditions. Under the license terms, RedBoot's
source code and full license terms must have been made available to you.
Redboot comes with ABSOLUTELY NO WARRANTY.
Platform: VCore-III (MIPS32 24KEc) JAGUAR
RAM: 0x80000000-0x88000000 [0x80021798-0x87fe0000 available]
FLASH: 0x40000000-0x40ffffff, 256 x 0x10000 blocks
== Executing boot script in 2.000 seconds - enter ^C to abort
RedBoot> fi lo -a -f managed
RedBoot> go
Press ENTER to get started
Username: admin
Password:

3.3 CLI Modes

The Command Line Interface (CLI) is mainly divided into four basic modes; these
are User mode, EXEC mode, Config mode and Config Interface mode. After
entering the username and password, you start from the EXEC mode (prompted
with “#”). The commands available in User mode and EXEC mode are limited. For
more advanced configurations, you must enter Config mode or Config Interface
mode. In each mode, a question mark (?) at the system prompt can be issued to
obtain a list of commands available for each command mode. The following table
provides a brief overview of modes available in this device.

Mode Prompt Enter Method Exit Method

User mode > enable disable

Enter authorized
EXEC mode # username and Exit, logout
password

Global Config Enter “configure

(config)# End, exit, do logout
Mode terminal” after “#”

Specify interface,
Config interface type and
(config-if)# End, exit, do logout
Interface Mode number after
(config)#

3-2 CLI Modes PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.4 Quick Keys

There are several useful quick keys you can use when editing command lines.

Keyboard Action

? Issue “?” to get a list of commands available in the current

mode.

Up arrow key To view the previous entered commands.

Down arrow key To view the previous entered commands.

Tab key To complete an unfinished command.

3.5 Command Syntax

Commands introduced in this user manual are written using the coherent symbols
and easy-to-understand syntax and style. Although users can issue Help
command to complete a desired command in CLI, it is useful to understand
frequently-used symbols and syntax conventions. The following table lists the
syntax conventions used in this user manual together with an example.
Example: (config-if-vlan)# ip address { { <address> <netmask> } | { dhcp [ fallback
<fallback_address> <fallback_netmask> [ timeout <fallback_timeout> ] ] } }
Symbol Function Example Explanation

< > (Angle Enter a value, <address> <netmask> Enter IP address and
bracket) alphanumeric strings or subnet mask.
keywords.

[ ] This is an optional [ fallback <fallback_address> Fallback parameter is

(Square parameter. <fallback_netmask> [ timeout an optional item.
bracket) <fallback_timeout> ] ]

{ } A curly bracket has the { { <address> <netmask> } | { dhcp At least specify one
(Curly following two functions: [ fallback <fallback_address> option to complete
bracket) If there are more than two <fallback_netmask> [ timeout the command.
options available, a curly <fallback_timeout> ] ] } }
bracket can be used to
separate them.
The uter curly bracket
means that this is a must
parameter. At leaset one
value should be specified.

| (Vertical Use a vertical bar to { { <address> <netmask> } | { dhcp Enter IP address or

bar) separate options. [ fallback <fallback_address> use DHCP to assign IP
<fallback_netmask> [ timeout address
<fallback_timeout> ] ] } } automatically.

PowerFlow-2-10G Command Syntax 3-3

Chapter 3 Introduction to CLI Installation and Operation Manual

3.6 Basic Configurations

This section introduces users how to change the default IP address to the desired
one and save the current running configurations to startup configurations. For
detailed introductions to commands, please see section 3.7, 3.8, 3.9.

3.6.1 Configuring IPv4 Address

IP address: 192.168.0. 101
Subnet mask: 255.255.255.0

# config terminal
(config)# interface vlan 1
(config-if-vlan)# ip address 192.168.0.101 255.255.255.0
(config-if-vlan)# exit
(config)# exit
# show ip interface brief
Vlan Address Method Status
---- -------------------- -------- ------
1 192.168.0.101/24 Manual DOWN

3.6.2 Enter Config Interface Mode

 Enter Port 3’s Config Interface mode.
# config terminal
(config)# interface GigabitEthernet 1/3
(config-if)#

Note: 1/3 means Ethernet Interface 1, Port 3.

 Enter Port 1~3’s Config Interface mode.

# config terminal
(config)# interface GigabitEthernet 1/1-3
(config-if)#

Note: 1/1-3 means Ethernet Interface 1, Port 1 to Port 3.

4 Basic Configurations PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

 Enter Port 1~3 & Port 5’s Config Interface mode.

# config terminal
(config)# interface GigabitEthernet 1/1-3,5
(config-if)#

Note: 1/1-3,5 means Ethernet Interface 1, Port 1 to Port 3 and Port 5.

3.6.3 Save Configurations

# copy running-config startup-config

Building configuration...
% Saving 1469 bytes to flash:startup-config
#

3.6.4 Restart the Device

# reload warm
% Warm reload in progress, please stand by.
#

Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
Free Software Foundation, Inc.
RedBoot is free software, covered by the eCos license, derived from the
GNU General Public License. You are welcome to change it and/or distribute
copies of it under certain conditions. Under the license terms, RedBoot's
source code and full license terms must have been made available to you.
Redboot comes with ABSOLUTELY NO WARRANTY.

RedBoot> fi lo -d managed
Image loaded from 0x80040000-0x80ae54cc
RedBoot> go

Press ENTER to get started

PowerFlow-2-10G PowerFlow-2-10G Basic Configurations 5

Chapter 3 Introduction to CLI Installation and Operation Manual

3.6.5 Load Factory Defaults

Load factory default settings
# reload defaults
% Reloading defaults. Please stand by.

Load factory defaults but keep IP settings

# reload defaults keep-ip
% Reloading defaults, attempting to keep VLAN 1 IP address. Please stand by.

3.6.6 Show System and Software Information

# show
version

: Total=77679 KBytes, Free=51457 KBytes,

MEMORY Max=51417 KBytes
MAC : 00-02-ab-00-00-01
Address
: Cold
Previous
Restart
:
:
System
Contact :
System : 2018-03-27T17:23:40+08:00
Name
: 00:28:39
System
Location
System
Time
System managed
Uptime
:
: 2015-01-01T00:03:06+00:00
Active
Image
------------
------
Image : managed.bk
Version
Date : 2015-08-03T16:21:44+08:00

6 Basic Configurations PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Alternative
Image
: "V1.052"
------------
: 2017-09-08T10:52:33+08:00
------
Image
Version
Date
------------
------
SID : 1
------------
------
Software
Version
Build Date

3.6.7 Show Running Configurations

# show running-config
Building configuration...
username admin privilege 15 password none
!
vlan 1
!
!
!
no smtp server
spanning-tree mst name 00-02-ab-00-00-01 revision 0
!
interface GigabitEthernet 1/1
no spanning-tree
!
interface GigabitEthernet 1/2
no spanning-tree
!
interface GigabitEthernet 1/3
no spanning-tree
!

PowerFlow-2-10G PowerFlow-2-10G Basic Configurations 7

Chapter 3 Introduction to CLI Installation and Operation Manual

interface GigabitEthernet 1/4

no spanning-tree
!
-- more --, next page: Space, continue: g, quit: ^C

3.6.8 Show History Commands

# show history
config t
exit
config t
ip arp ex
exit

> show history

config t
interface GigabitEthernet 1/3
exit
interface GigabitEthernet 1/1-5
exit
interface GigabitEthernet 1/1-3,5,7
flowcontrol on
exit
show interface * status
disable
show clock detail
show dot1x
show history

3.6.9 Help
Help command can be issued in User, Exec, and Global Config mode to get a hint
message describing how to use “show” command to get help from CLI.

# help
Help may be requested at any point in a command by entering
a question mark '?'. If nothing matches, the help list will
be empty and you must backup until entering a '?' shows the

8 Basic Configurations PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

available options.
Two styles of help are provided:
1. Full help is available when you are ready to enter a
command argument (e.g. 'show ?') and describes each possible
argument.
2. Partial help is provided when an abbreviated argument is entered
and you want to know what arguments match the input
(e.g. 'show pr?'.)

3.6.10 Logout
To close an active terminal session, issue the “logout” command in User or EXEC
mode.

(config)# exit
# logout

Press ENTER to get started

# disable
> logout

Press ENTER to get started

3.7 Commands in User Mode

When you successfully login in Command Line Interface, you are in EXEC Mode
(prompted with “#”). To enter User mode, issue “disable” command after #
prompt. Then you will be directed to User mode with “>” prompt.

Username: admin
Password:
#
# disable

PowerFlow-2-10G PowerFlow-2-10G Commands in User Mode 9

Chapter 3 Introduction to CLI Installation and Operation Manual

>

In User mode, only limited commands are available. These commands are used
for clearing statistics, entering Exec mode and pinging the specified destination.
To configure a function, you should enter Config mode or Config Interface mode.

3.7.1 > clear ip arp

Syntax: > clear ip arp

Explanation: Clear ARP cache.

3.7.2 > clear lldp statistics

Syntax: > clear lldp statistics

Explanation: Clear LLDP statistics.

3.7.3 > clear statistics

Syntax: > clear statistics {[ interface ] ( <port_type> [ <v_port_type_list> ] )}

<port_type>: Specify the interface type.

[ <v_port_type_list>: Specify the ports that you want to clear.

Explanation: Clear statistics of the specified interfaces.

3.7.4 > enable

10 Commands in User Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Syntax: > enable [ <new_priv> ]

[ <new_priv: 0-15> ]: Choose a privilege level.

Explanation: Enter the EXEC mode.

3.7.5 > exit

Syntax: > exit

Explanation: Return to the previous mode. Issuing this command in User mode
will logout the Command Line Interface.

3.7.6 > help

Syntax: > help

Explanation: Provide help messages.

3.7.7 > logout

Syntax: > logout

Explanation: Logout the Command Line Interface.

3.7.8 > ping ip

Syntax: > ping ip <v_ip_addr> [ repeat <count> ] [ size <size> ] [ interval

<seconds> ]

<v_ip_addr>: Specify IPv4 address that you want to ping.

PowerFlow-2-10G PowerFlow-2-10G Commands in User Mode 11

Chapter 3 Introduction to CLI Installation and Operation Manual

[ repeat <count> ]: The number of packets that are sent to the destination
IP or host.

[ size <size> ]: The size of the packet.

[ interval <seconds> ]: Timeout interval. The ping test is successful only when it receives echo
reply from the destination IP or host within the time specified here.

Explanation: To carry out ping tests on the specified destination IPv4 address or
host.

3.7.9 > ping ipv6

Syntax: > ping ipv6 <v_ipv6_addr> [ repeat <count> ] [ size <size> ] [ interval
<seconds> ] [ interface vlan <v_vlan_id> ]

<v_ipv6_addr>: Specify IPv6 address that you want to ping.

[ repeat <count> ]: The number of packets that are sent to the destination
IP or host.

[ size <size> ]: The size of the ping packet.

[ interval <seconds> ]: Timeout interval. The ping test is successful only when it receives echo
reply from the destination IP or host within the time specified here.

[ interface vlan <v_vlan_id> ]:

Explanation: To carry out ping tests on the specified destination IPv6 address or
host.

3.7.10 show commands

In User mode, “show” commands can be issued to display current status or
settings of a certain command. They will be introduced in Section 3.9 “Commands
in Config Mode”.

12 Commands in User Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.8 Commands in EXEC Mode

3.8.1 # clear access management statistics

Syntax: # clear access management statistics

Explanation: Clear access (HTTP, HTTPs, SNMP, Telnet, SSH) management

statistics.

3.8.2 # clear access-list ace statistics

Syntax: # clear access-list ace statistics

Explanation: Clear access list entry statistics.

3.8.3 # clear dot1x statistics

Syntax: # clear dot1x statistics [ interface ( <port_type> [ <v_port_type_list> ] ) ]

Parameter:

[ interface ( <port_type> [ <v_port_type_list> ] ) ]: Specify the interface that you want to clear.

Explanation: Clear (the specified interfaces’) dot1x statistics.

3.8.4 # clear erps

Syntax: # clear erps [ <groups> ] statistics

Parameter:

PowerFlow-2-10G PowerFlow-2-10G Commands in EXEC Mode 13

Chapter 3 Introduction to CLI Installation and Operation Manual

[ <groups> ]: Specify the ERPS group that you want to clear.

Explanation: Clear (the specified group’s) ERPS statistics.

3.8.5 # clear ip arp

Syntax: # clear ip arp

Explanation: Clear ARP cache.

3.8.6 # clear ip dhcp detailed statistics

Syntax: # clear ip dhcp detailed statistics { server | client | snooping | relay | helper
| all } [ interface ( <port_type> [ <in_port_list> ] ) ]

Explanation: Clear IP DHCP statistics.

Parameter:

{ server | client | snooping | relay | helper | all }: Specify the type of information that you want
to clear.

[ interface ( <port_type> [ <in_port_list> ] ) ]: Specify the interface type and port number.

3.8.7 # clear ip dhcp server binding <ip>

Syntax: # clear ip dhcp server binding <ip>

Parameter:

<ip>: Specify the IP address for this server binding setup.

14 Commands in EXEC Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Explanation: Clear DHCP server binding cache in reletion to the specified IP

address.

3.8.8 # clear ip dhcp server binding { automatic | manual | expired }

Syntax: # clear ip dhcp server binding { automatic | manual | expired }

Parameter:

{ automatic | manual | expired }: Specify the server binding mode.

Explanation: Clear automatic, manual or expired server binding caches.

3.8.9 # clear ip dhcp server statistics

Syntax: # clear ip dhcp server statistics

Explanation: Clear DHCP server statistics.

3.8.10 # clear ip dhcp relay statistics

Syntax: # clear ip dhcp relay statistics

Explanation: Clear IP DHCP Relay statistics.

3.8.11 # clear ip dhcp snooping statistics

Syntax: # clear ip dhcp snooping statistics [ interface ( <port_type> [

<in_port_list> ] ) ]

Explanation: Clear IP DHCP Snooping statistics.

PowerFlow-2-10G PowerFlow-2-10G Commands in EXEC Mode 15

Chapter 3 Introduction to CLI Installation and Operation Manual

3.8.12 # clear ip igmp snooping

Syntax: # clear ip igmp snooping [ vlan <v_vlan_list> ] statistics

Explanation: Clear IP IGMP Snooping statistics.

3.8.13 # clear ip statistics

Syntax: # clear ip statistics [ system ] [ interface vlan <v_vlan_list> ] [ icmp ] [

icmp-msg <type> ]

Explanation: Clear IPv4 statistics for system, interface and ICMP.

3.8.14 # clear ipv6 mld snooping

Syntax: # clear ipv6 mld snooping [ vlan <v_vlan_list> ] statistics

Explanation: Clear statistics for IPv6 MLD Snooping.

3.8.15 # clear ipv6 neighbors

Syntax: # clear ipv6 neighbors

Explanation: Clear the table for IPv6 neighbors.

3.8.16 # clear ipv6 statistics

16 Commands in EXEC Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Syntax: # clear ipv6 statistics [ system ] [ interface vlan <v_vlan_list> ] [ icmp ] [

icmp-msg <type> ]

Explanation: Clear IPv6 statistics for system, interface and ICMP.

3.8.17 # clear lacp statistics

Syntax: # clear lacp statistics

Explanation: Clear LACP statistics.

3.8.18 # clear lldp statistics

Syntax: # clear lldp statistics

Explanation: Clear LLDP statistics.

3.8.19 # clear logging

Syntax: # clear logging [ info ] [ warning ] [ error ] [ switch <switch_list> ]

Explanation: Clear specific syslog events.

3.8.20 # clear mac address-table

Syntax: # clear mac address-table

Explanation: Clear MAC address table.

PowerFlow-2-10G PowerFlow-2-10G Commands in EXEC Mode 17

Chapter 3 Introduction to CLI Installation and Operation Manual

3.8.21 # clear mep

Syntax: # clear mep <inst> { lm | dm | tst }

Explanation: Clear a specific instance MEP information.

3.8.22 # clear mvr

Syntax: # clear mvr [ vlan <v_vlan_list> | name <mvr_name> ] statistics

Explanation: Clear MVR statistics.

3.8.23 # clear spanning-tree

Syntax: # clear spanning-tree { { statistics [ interface ( <port_type> [

<v_port_type_list> ] ) ] } | { detected-protocols [ interface ( <port_type> [
<v_port_type_list_1> ] ) ] } }

Explanation: Clear specific interfaces’ Spanning Tree statistics.

3.8.24 # clear statistics

Syntax: # clear statistics [ interface ] ( <port_type> [ <v_port_type_list> ] )

Explanation: Clear Fast Ethernet and/or Gigabit Ethernet interfaces’ statistics.

3.8.25 # config terminal

Syntax: # config terminal

18 Commands in EXEC Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Explanation: Enter the Global Config mode.

Example:

# config t
(config)#

3.8.26 # copy

Syntax: # copy { startup-config | running-config | <source_path> } { startup-config

| running-config | <destination_path> } [ syntax-check ]

{ startup-config | running-config | <source_path> }: Specify the file type that you want to copy
from. This can be “startup-config”, “running-config” or a specific source file in flash or TFTP
server.

{ startup-config | running-config | <destination_path> }: Specify the file type that you want to
copy to. This can be “startup-config”, “running-config” or a specific destination file in flash or
TFTP server.

Explanation: Save running configurations to startup configurations.

Example: Save running configurations to startup configurations.

# copy running-config startup-config

Building configuration...
% Saving 1596 bytes to flash:startup-config
#

Explanation: Save startup configurations to running configurations.

Example: Save running configurations to startup configurations.

PowerFlow-2-10G PowerFlow-2-10G Commands in EXEC Mode 19

Chapter 3 Introduction to CLI Installation and Operation Manual

# copy startup-config running-config

Building configuration...
% Saving 1596 bytes to flash:startup-config
#

Explanation: Save running configurations to Flash 201

# copy running-config Flash:201
Building configuration...
% Saving 1487 bytes to flash:201
# dir
Directory of flash:
r- 1970-01-01 00:00:00 284 default-config
rw 2015-01-01 01:56:32 1487 startup-config
rw 2015-01-01 01:56:49 1487 201
3 files, 3258 bytes total.

3.8.27 # delete

Syntax: # delete <path>

Explanation: Delete a file saved in Flash.

Parameters:

<Path : word>: Name of the file in Flash to be deleted.

Example: Delete a file named 201 in Flash.

20 Commands in EXEC Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

# dir
Directory of flash:
r- 1970-01-01 00:00:00 284 default-config
rw 2015-01-01 01:56:32 1487 startup-config
rw 2015-01-01 01:56:49 1487 201
3 files, 3258 bytes total.
# delete flash:201
# dir
Directory of flash:
r- 1970-01-01 00:00:00 284 default-config
rw 2015-01-01 01:56:32 1487 startup-config
2 files, 1771 bytes total.

3.8.28 # dir

Explanation: Display files in flash.

Example:

# dir
Directory of flash:
r- 1970-01-01 00:00:00 284 default-config
rw 2015-01-01 01:56:32 1487 startup-config

3.8.29 # disable & # enable

Explanation: Return to user mode or enter exec mode.

PowerFlow-2-10G PowerFlow-2-10G Commands in EXEC Mode 21

Chapter 3 Introduction to CLI Installation and Operation Manual

# disable
>
>
> enable
#
#

3.8.30 # dot1x

Syntax: # dot1x initialize [ interface ( <port_type> [ <plist> ] )

[ interface ( <port_type> [ <plist> ] ) ]: Specify the type of interface that you intend to use. “*”
means all interfaces.

<plist>: Specify the ports that apply to this command.

Explanation: To initialize dot1x function in an interface immediately.

3.8.31 # erps

Syntax: # erps <group> command {clear | force | manual} {port0 | port1}

Explanation: Configure ERPS instance.

Parameters:

<group: 1-64>: Specify a group number between 1~64.

{clear | force | manual}: Specify an action.

{port0 | port1}: Specify port0 (east) or port1 (west) that applies to this
command.

22 Commands in EXEC Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.8.32 # firmware swap

Syntax: # firmware swap

Explanation: Use the other standby firmware image file uploaded to flash.

3.8.33 # firmware upgrade

Syntax: # firmware upgrade <TFTPServer_path_file : word>

<TFTPServer_path_file : word>: Specify the TFTP server IP address and

firmware filename.

Explanation: Upgrade the firmware image.

3.8.34 # ip dhcp retry interface vlan

Syntax: # ip dhcp retry interface vlan <vlan_id>

<vlan_id>: Specify the valid VLAN ID for DHCP query.

Explanation: Restart the DHCP query process.

3.8.35 # more

Syntax: # more <path>

<path>: Specify the filename.

Explanation: Display file in Flash or in TFTP server.

PowerFlow-2-10G PowerFlow-2-10G Commands in EXEC Mode 23

Chapter 3 Introduction to CLI Installation and Operation Manual

3.8.36 # ping ip

Syntax: # ping ip <v_ip_addr> [ repeat <count> ] [ size <size> ] [ interval

<seconds> ]

Explanation: Ping the specified IP.

Parameters:

<addr>: Specify the IPv4 address or IPv6 address for ping test.

3.8.37 # ping ipv6

Syntax: #ping ipv6 <v_ipv6_addr> [ repeat <count> ] [ size <size> ] [ interval

<seconds> ] [ interface vlan <v_vlan_id> ]

< v_ipv6_addr >: Specify the IPv4 address or IPv6 address for ping test.

Explanation: Ping the specified IPv6 address.

Parameters:

[ repeat <count> ]: The number of echo packets will be sent.

[ size <size> ]: The size or length of echo packets.

[ interval <seconds> ]: The time interval between each ping request.

[ interface vlan <v_vlan_id> ]: Specify the VLAN ID.

3.8.38 # reload warm

Syntax: # reload warm

Explanation: Perform a warm reload (restart) on the system.

24 Commands in EXEC Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.8.39 # reload defaults

Syntax: # reload defaults [keep-ip]

Explanation: Restore the device to factory default settings.

Parameters:

[keep-ip]: Keep VLAN 1 IP setting.

PowerFlow-2-10G PowerFlow-2-10G Commands in EXEC Mode 25

Chapter 3 Introduction to CLI Installation and Operation Manual

3.8.40 # send

Syntax: # send { * | <session_list> | console 0 | vty <vty_list> } <message>

Explanation: Send messages to other tty lines.

Parameters:

{ * | <session_list> | console 0 | vty <vty_list> }: Choose one of the options.

* : Specify “*” to denote all tty users.

<session_list>: Specify a session number between 0 and 16.

console 0: This means primary terminal line.

<vty_list>: Send a message to a virtual terminal.

<message>: Enter a message in 128 characters that you want to send.

3.8.41 # terminal editing

Syntax: # terminal editing

Explanation: Enable command line editing.

Show: > show terminal

# show terminal

Negation: # no terminal editing

3.8.42 # terminal exec-timeout

Syntax: # terminal exec-timeout <0-1440> [<0-3600>]

26 Commands in EXEC Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Parameters:

<0-1440>: Specify the timeout value in minutes.

[<0-3600>]: Specify the timeout value in seconds.

Explanation: Set up terminal timeout value.

Show: > show terminal

# show terminal

Negation: # no terminal exec-timeout

3.8.43 # terminal history size

Syntax: # terminal history size <0-32>

Parameters:

<0-32>: Specify the current history size. “0” means to disable.

Explanation: Set up terminal history size.

Show: > show terminal

# show terminal

Negation: # no terminal history size

3.8.44 # terminal length

Syntax: # terminal length <0 or 3-512>

Parameters:

PowerFlow-2-10G PowerFlow-2-10G Commands in EXEC Mode 27

Chapter 3 Introduction to CLI Installation and Operation Manual

<0 or 3-512>: Specify the lines displayed on the screen. “0” means no
pausing.

Explanation: Set up terminal length.

Show: > show terminal

# show terminal

Negation: # no terminal length

3.8.45 # terminal width

Syntax: # terminal width <0 or 40-512>

Parameters:

<0 or 40-512>: Specify the width displayed on the screen. “0” means
unlimited width.

Explanation: Set up terminal display width.

Show: > show terminal

# show terminal

Negation: # no terminal width

3.8.46 # no port-security shutdown

Syntax: # no port-security shutdown [interface (<port_type>[<v_port_type_list>])]

Explanation: Reopen ports that are shutdown or disabled by Port Security

function.

Parameters:

28 Commands in EXEC Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

[interface (<port_type>[<v_port_type_list>])]: Specify the port type and port numbers that you
want to reopen.

3.8.47 show commands

In Exec mode, “show” commands can be issued to display current status or
settings of a certain command. They will be introduced in Section 3.9 “Commands
in Config Mode”.

3.9
Commands in Config Mode
3.9.1 (config)# aaa authentication login

Syntax: (config)# aaa authentication login { console | telnet | ssh | http } { { local |
radius | tacacs } [ { local | radius | tacacs } [ { local | radius | tacacs } ] ] }

Explanation: Configure the authentication method for the client.

Parameters:

{ console | telnet | ssh | http }: Specify one of the authentication clients.

{ { local | radius | tacacs } [ { local | radius | tacacs } [ { local | radius | tacacs } ] ] }: Specify one
of the authentication methods for the specified client. At least one method needs to be
specified. Users can specify three methods at most.

local: Use the local user database on the switch for authentication.

radius: Use remote RADIUS server(s) for authentication.

tacacs: Use remote TACACS+ server(s) for authentication.

NOTE: Methods that involve remote servers will time out if the remote servers are
offline. In this case the next method is tried. Each method is tried and continues
until a method either approves or rejects a user. If a remote server is used for

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 29

Chapter 3 Introduction to CLI Installation and Operation Manual

primary authentication it is recommended to configure secondary authentication

as 'local'. This will enable the management client to login via the local user database
if none of the configured authentication servers are alive.

Example: Set the Console client to use remote RADIUS server(s) for
authentication.

# config t
(config)# aaa authentication login console radius

Negation: (config)# no aaa authentication login { console | telnet | ssh | http }

Show: # show aaa

30 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.2 (config)# access management

Syntax: (config)# access management <access_id> <access_vid> <start_addr> [ to

<end_addr> ] { [ web ] [ snmp ] [ telnet ] | all }

Explanation: Create an access management rule.

Parameters:

<access_id: 1-16>: Specify an ID for this access management entry.

<access_vid>: Indicates the VLAN ID for the access management entry.

<start_addr> [ to <end_addr> ]: Indicate the starting and ending IP address

for the access management entry.

{ [ web ] [ snmp ] [ telnet ] | all }: Specify matched hosts can access the
switch from which interface.

Example: Allow IP 192.168.0.1 to 192.168.0.10 to access the device via Web,

SNMP and Telnet.

# config t
(config)# access management 1 1 192.168.0.1 to 192.168.0.10 a

Negation: (config)# no access management

(config)# no access management <access_id>

Show: # show access management [ statistics | <access_id_list> ]

Clear: # clear access management statistics

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 31

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.3 (config)# access-list

3.9.3.1 (config)# access-list ace

Syntax: (config)# access-list ace <AceId : 1-256> [ action {deny | filter | permit}]
[ dmac-type {any| broadcast | multicast | unicast } ] [frame-type {any|
arp|etype|ipv4|ipv4-icmp|ipv4-tcp|ipv4-udp|ipv6|ipv6-icmp|ipv6-tcp|ipv6-udp} ]
[ingress {any | interface <PORT_TYPE> }] [logging] [next { <AceId : 1-256>|last}]
[policy <PolicyId : 0-255>] [rate-limiter {<RateLimiterId : 1-16>|disable}] [redirect
{disable| interface <PORT_TYPE>}] [shutdown] [tag {any|tagged|untagged}] [tag-
priority {0-1| 0-3| 2-3| 4-5| 4-7| 6-7| <TagPriority : 0-7>|any}] [vid { <Vid : 1-
4095>|any}]
Explanation: Configure an access control list.

Parameters:

<AceId : 1-256>: Specify access control list ID that applies to this rule.

[ action {deny | filter | permit}]: Specify the action that applies to this rule.

[ dmac-type {any| broadcast | multicast | unicast } ]: Specify destination MAC

type that applies to this rule.

[frame-type {any| arp|etype|ipv4|ipv4-icmp|ipv4-tcp|ipv4-udp|ipv6|ipv6-icmp|ipv6-tcp|ipv6-

udp} ]: Specify the frame type that applies to this rule.

[ingress {any | interface <PORT_TYPE> }]: Specify the ingress port.

[logging]: Enable logging function.

[mirror]: Enable the function of mirroring frames to destination mirror port.

[next { <AceId : 1-256>|last}]: Insert the current ACE ID before the next ACE
ID or put the ACE ID to the last one.

[policy <PolicyId : 0-255>]: Specify the policy ID.

[rate-limiter {<RateLimiterId : 1-16>|disable}]: Specify the rate limit ID or

disable this function.

[redirect {disable| interface <PORT_TYPE>}]: Redirect frames to a specific port

or disable this function.

32 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

[shutdown]: Enable shutdown function.

[tag {any|tagged|untagged}]: Specify whether frames should be tagged or

untagged.

[tag-priority {0-1| 0-3| 2-3| 4-5| 4-7| 6-7| <TagPriority : 0-7>|any}]: Specify
the priority value.

[vid { <Vid : 1-4095>|any}]: Specify the VLAN ID.

Show: # show access-list [ interface [ ( <port_type> [ <v_port_type_list> ] ) ] ] [ rate-

limiter [ <rate_limiter_list> ] ] [ ace statistics [ <ace_list> ] ]

Negation: (config)# no access-list ace <ace_list>

Clear: # clear access-list ace statistics

3.9.3.2 (config)# access-list ace update

Syntax: (config)# access-list ace update <AceId : 1-256> [ action {deny | filter |
permit}] [ dmac-type {any| broadcast | multicast | unicast } ] [frame-type {any|
arp|etype|ipv4|ipv4-icmp|ipv4-tcp|ipv4-udp|ipv6|ipv6-icmp|ipv6-tcp|ipv6-udp} ]
[ingress {any | interface <PORT_TYPE> }] [logging] [next { <AceId : 1-256>|last}]
[policy <PolicyId : 0-255>] [rate-limiter {<RateLimiterId : 1-16>|disable}] [redirect
{disable| interface <PORT_TYPE>}] [shutdown] [tag {any|tagged|untagged}] [tag-
priority {0-1| 0-3| 2-3| 4-5| 4-7| 6-7| <TagPriority : 0-7>|any}] [vid { <Vid : 1-
4095>|any}]

Explanation: Update an access control list.

Parameters:

<AceId : 1-256>: Specify access control list ID that applies to this rule.

[ action {deny | filter | permit}]: Specify the action that applies to this rule.

[ dmac-type {any| broadcast | multicast | unicast } ]: Specify destination MAC

type that applies to this rule.

[frame-type {any| arp|etype|ipv4|ipv4-icmp|ipv4-tcp|ipv4-udp|ipv6|ipv6-icmp|ipv6-tcp|ipv6-

udp} ]: Specify the frame type that applies to this rule.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 33

Chapter 3 Introduction to CLI Installation and Operation Manual

[ingress {any | interface <PORT_TYPE> }]: Specify the ingress port.

[logging]: Enable logging function.

[mirror]: Enable the function of mirroring frames to destination mirror port.

[next { <AceId : 1-256>|last}]: Insert the current ACE ID before the next ACE
ID or put the ACE ID to the last one.

[policy <PolicyId : 0-255>]: Specify the policy ID.

[rate-limiter {<RateLimiterId : 1-16>|disable}]: Specify the rate limit ID or

disable this function.

[redirect {disable| interface <PORT_TYPE>}]: Redirect frames to a specific port

or disable this function.

[shutdown]: Enable shutdown function.

[tag {any|tagged|untagged}]: Specify whether frames should be tagged or

untagged.

[tag-priority {0-1| 0-3| 2-3| 4-5| 4-7| 6-7| <TagPriority : 0-7>|any}]: Specify
the priority value.

[vid { <Vid : 1-4095>|any}]: Specify the VLAN ID.

Show: # show access-list [ interface [ ( <port_type> [ <v_port_type_list> ] ) ] ] [ rate-

limiter [ <rate_limiter_list> ] ] [ ace statistics [ <ace_list> ] ]

Negation: (config)# no access-list ace <ace_list>

3.9.3.3 (config)# access-list rate-limiter

Syntax: (config)# access-list rate-limiter [ <rate_limiter_list> ] { pps <pps_rate> |

100pps <pps100_rate> | kpps <kpps_rate> | 100kbps <kpbs100_rate> }

Explanation: Configure rate limiter that applies to each rate limit ID.

Parameters:

34 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

[ <rate_limiter_list> ]: Specify the “rate limit ID”, “100kbps” or “pps” . The

allowed rate limit ID range is from1~16.

{ pps <pps_rate> | 100pps <pps100_rate> | kpps <kpps_rate> | 100kbps <kpbs100_rate> }:

Specify the rate limit rate.

Show: # show access-list rate-limiter [<RateLimiterList : 1~16>]

3.9.3.4 (config-if)# access-list action

Syntax: (config-if)# access-list action { permit|deny}

Explanation: Configure a specific port’s action option.

Parameters:

{ permit|deny}: Permit or deny frames on a specific port.

Show: # show access-list [ interface [ ( <port_type> [ <v_port_type_list> ] ) ] ]

3.9.3.5 (config-if)# access-list logging

Syntax: (config-if)# access-list logging

Explanation: Enable a specific port’s logging function.

Show: # show access-list [ interface [ ( <port_type> [ <v_port_type_list> ] ) ] ]

Negation: (config-if)# no access-list logging

3.9.3.6 (config-if)# access-list policy

Syntax: (config-if)# access-list policy <policy_id>

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 35

Chapter 3 Introduction to CLI Installation and Operation Manual

Parameters:

<policy_id:0-255>: Specify a policy ID that applies to this specific port.

Explanation: Apply a policy ID to a specific port.

Show: # show access-list [ interface [ ( <port_type> [ <v_port_type_list> ] ) ] ]

Negation: (config-if)# no access-list policy

3.9.3.7 (config-if)# access-list port-state

Syntax: (config-if)# access-list port-state

Explanation: Enable a specific port’s port state.

Negation: (config-if)# no access-list port-state

3.9.3.8 (config-if)# access-list rate-limiter

Syntax: (config-if)# access-list rate-limiter <rate_limiter_id>

Parameters:

<rate_limiter_id:1-16>: Specify a rate limiter ID to a specific port.

Explanation: Apply a rate limiter ID to a specific port.

Negation: (config-if)# no access-list rate-limiter

3.9.3.9 (config-if)# access-list shutdown

Syntax: (config-if)# access-list shutdown

36 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Explanation: Shutdown this port when specified rules are matched.

Negation: (config-if)# no access-list shutdown

3.9.3.10 (config-if)# access-list {redirect| port-copy }

Syntax: (config-if)# access-list { redirect | port-copy } interface { <port_type>

<port_type_id> | ( <port_type> [ <port_type_list> ] ) }

Parameters:

{ redirect | port-copy }: Redirect or copy this port’s frames to the specified

port.

interface { <port_type> <port_type_id> | ( <port_type> [ <port_type_list> ] ) }: Specify the

redirect or copy port type and port list.

Explanation: Redirect or copy this port’s frames to the specified port.

Negation: (config-if)# no access-list { redirect | port-copy }

3.9.4 (config)# aggregation

3.9.4.1 (config)# aggregation mode

Syntax: (config)# aggregation mode { [ smac ] [ dmac ] [ ip ] [ port ] }

Explanation: Configure aggregation mode.

Parameters:

[smac]: All traffic from the same Source MAC address is output on the same
link in a trunk.

[dmac]: All traffic with the same Destination MAC address is output on the
same link in a trunk.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 37

Chapter 3 Introduction to CLI Installation and Operation Manual

[ip]: All traffic with the same source and destination IP address is output on
the same link in a trunk.

[port]: All traffic with the same source and destination TCP/UDP port number is output on the
same link in a trunk.

Negation: (config)# no aggregation mode

Show: # show aggregation [mode]

3.9.4.2 (config-if)# aggregation group

Syntax: (config-if)# aggregation group <unit>

Explanation: Add this specific interface to the specified aggregation group.

Parameters:

<unit>: Specify the aggregation group ID.

Negation: (config-if)# no aggregation group

Show: # show aggregation [mode]

3.9.5 (config)# banner

3.9.5.1 (config)# banner [ motd ] <banner>

Syntax: (config)# banner [ motd ] <banner>

Parameters:

[ motd ]: Type in the message of the day.

Explanation: Configure the message of the day.

38 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Negation: (config)# no banner [motd]

3.9.5.2 (config)# banner exec <banner>

Syntax: (config)# banner exec <banner>

Explanation: Display the configured message when successfully entering Exec

mode.

Negation: (config)# no banner exec

3.9.5.3 (config)# banner login <banner>

Syntax: (config)# banner login <banner>

Explanation: Display the configured message when prompted for login ID and
password.

Negation: (config)# no banner login

3.9.6 (config)# clock

3.9.6.1 (config)# clock summer-time <word16> date

Syntax: clock summer-time <word16> date [ <start_month_var> <start_date_var>

<start_year_var> <start_hour_var> <end_month_var> <end_date_var>
<end_year_var> <end_hour_var> [ <offset_var> ] ]

Explanation: Configure daylight saving time. This is used to set the clock forward
or backward according to the configurations set for a defined Daylight Saving
Time duration. “Recurring” command is used to repeat the configuration every
year.

Parameters:

summer-time <word16>: Specify a description for this day-light setting.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 39

Chapter 3 Introduction to CLI Installation and Operation Manual

date [ <start_month_var> <start_date_var> <start_year_var> <start_hour_var> <end_month_var>

<end_date_var> <end_year_var> <end_hour_var> [ <offset_var> ] ]

<start_month_var:1-12>: Specify the starting month.

<start_date_var: 1-31>: Specify the starting day.

<start_year_var:2000-2097>: Specify the starting year.

<start_hour_var: hh:mm>: Specify the time to start.

<end_month_var:1-12>: Specify the ending month.

<end_date_var: 1-31>: Specify the ending day.

<end_year_var:2000-2097>: Specify the ending year.

<end_hour_var: hh:mm>: Specify the time to start.

[ <offset_var: 1-1440> ]: Specify the number of minutes to add during Daylight Saving
Time. The allowed range is 1 to 1440.

Negation: (config)# no clock summer-time

Show: > show clock

> show clock detail
# show clock
# show clock detail

3.9.6.2 (config)# clock summer-time <word16> recurring

Syntax: (config)# clock summer-time <word16> recurring [ <start_week_var>

<start_day_var> <start_month_var> <start_hour_var> <end_week_var>
<end_day_var> <end_month_var> <end_hour_var> [ <offset_var> ] ]

Explanation: Configure daylight saving time. This is used to set the clock forward
or backward according to the configurations set for a defined Daylight Saving
Time duration. “Recurring” command is used to repeat the configuration every
year.

40 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Parameters:

summer-time <word16>: Specify a description for this day-light setting.

recurring [ <start_week_var> <start_day_var> <start_month_var> <start_hour_var>

<end_week_var> <end_day_var> <end_month_var> <end_hour_var> [ <offset_var> ] ]

<start_week_var:1-5>: Specify the starting week.

<start_day_var: 1-31>: Specify the starting day.

<start_month_var:1-12>: Specify the starting month.

<start_hour_var: hh:mm>: Specify the time to start.

<end_week_var:1-5>: Specify the ending week.

<end_day_var: 1-31>: Specify the ending day.

<end_month_var: 1-12>: Specify the ending month.

<end_hour_var: hh:mm>: Specify the time to end.

[ <offset_var: 1-1440> ]: Specify the number of minutes to add during Daylight Saving
Time. The allowed range is 1 to 1440.

Negation: (config)# no clock summer-time

Show: # show clock

# show clock detail

3.9.6.3 (config)# clock timezone

Syntax: (config)# clock timezone <word> <-23-23> [<0-59>]

Explanation: Configure a timezone used in the switch.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 41

Chapter 3 Introduction to CLI Installation and Operation Manual

Parameters:

<word16>: Specify the name of the timezone.

<-23-23>: Hours offset from UTC.

[<0-59>]: Minutes offset from UTC.

Negation: (config)# no clock timezone

Show: # show clock

# show clock detail

3.9.7 (config)# default access-list rate-limiter

Syntax: (config)# default access-list rate-limiter [ <rate_limiter_list> ]

Explanation: To default the specified rate-limiter ID.

Parameters:

[ <rate_limiter_list: 1-16> ]: Specify a rate limiter ID.

Example: To default rate-limiter 1.

# config t
(config)# default access-list rate-limiter 1

3.9.8 (config)# dot1x

3.9.8.1 (config)# dot1x system-auth-control

42 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Syntax: (config)# dot1x system-auth-control

Explanation: To enable 802.1x service.

Parameters: None.

Example: Enable 802.1x service.

# config t
(config)# dot1x system-auth-control

Negation: (config)# no dot1x system-auth-control

Show: > show dot1x status [ interface ( <port_type> [ <v_port_type_list> ] ) ]

[ brief ]
# show dot1x status [ interface ( <port_type> [ <v_port_type_list> ] ) ] [ brief ]

3.9.8.2 (config)# dot1x re-authentication

Syntax: (config)# dot1x re-authentication

Explanation: Set clients to be re-authenticated after an interval set in "Re-

authenticate" field. Re-autentication can be used to detect if a new device is
attached to a switch port.

Example: Enable re-authentication function.

# config t
(config)# dot1x re-authentication

Negation: (config)# no dot1x re-authentication

Show: > show dot1x status [ interface ( <port_type> [ <v_port_type_list> ] ) ]

[ brief ]
# show dot1x status [ interface ( <port_type> [ <v_port_type_list> ] ) ] [ brief ]

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 43

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.8.3 (config)# dot1x authentication timer re-authenticate

Syntax: (config)# dot1x authentication timer re-authenticate <1-3600>

Explanation: Specify the time interval for a connected device to be re-

authenticated. By default, the re-authenticated period is set to 3600 seconds.
The allowed range is 1 - 3600 seconds.

Parameters:

<1-3600>: Specify a re-authentication value between 1 and 3600.

Example: Set re-authentication timer to 100.

# config t
(config)# dot1x authentication timer re-authenticate 100

Negation: (config)# no dot1x authentication timer re-authenticate

3.9.8.4 (config)# dot1x timeout tx-period

Syntax: (config)# dot1x timeout tx-period <v_1_to_65535>

Explanation: Specify the time that the switch waits for a supplicant response
during an authentication session before transmitting a Request Identify EAPOL
packet. By default, it is set to 30 seconds.

Parameters:

<v_1_to_65535>: Specify a timeout value between 1 and 65535 (seconds).

Example: Set EAPOL timeout to 30 seconds.

44 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

# config t
(config)# dot1x timeout tx-period 30

Negation: (config)# no dot1x timeout tx-period

3.9.8.5 (config)#dot1x authentication timer inactivity

Syntax: (config)# dot1x authentication timer inactivity <10-1000000>

Explanation: Specify the period that is used to age out a client’s allowed access
to the switch via 802.1X and MAC-based authentication. The default period is
300 seconds. The allowed range is 10 - 1000000 seconds.

Parameters:

<10-1000000>: Specify a value between 10 and 1000000 (seconds).

Example: Set the aging time to 300 seconds.

# config t
(config)# dot1x authentication timer inactivity 300

Negation: (config)# no dot1x authentication timer inactivity

3.9.8.6 (config)# dot1x timeout quiet-period

Syntax: (config)# dot1x timeout quiet-period <v_10_to_1000000>

Explanation: The time after an EAP Failure indication or RADIUS timeout that a
client is not allowed access. This setting applies to ports running Single 802.1X,
Multi 802.1X, or MAC-based authentication. By default, hold time is set to 10
seconds. The allowed range is 10 - 1000000 seconds.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 45

Chapter 3 Introduction to CLI Installation and Operation Manual

Parameters:

<10-1000000>: Specify a value between 10 and 1000000 (seconds).

Example: Set hold time to 30 seconds.

# config t
(config)# dot1x timeout quiet-period 30

Negation: (config)# no dot1x timeout quiet-period

3.9.8.7 (config)# dot1x feature

Syntax: (config)# dot1x feature { [ guest-vlan ] [ radius-qos ] [ radius-vlan ] }

Explanation: Enable the specified feature.

Parameters:

{ [ guest-vlan ] [ radius-qos ] [ radius-vlan ] }:

[guest-vlan]: Enable guest VLAN. A Guest VLAN is a special VLAN typically with limited
network access. When checked, the individual ports' ditto setting determines whether the
port can be moved into Guest VLAN. When unchecked, the ability to move to the Guest
VLAN is disabled on all ports.

[radius-qos]: Enable RADIUS assigned QoS.

[radius-vlan]: Enable RADIUS VLAN. RADIUS-assigned VLAN provides a means to centrally

control the VLAN on which a successfully authenticated supplicant is placed on the switch.
Incoming traffic will be classified to and switched on the RADIUS-assigned VLAN. The
RADIUS server must be configured to transmit special RADIUS attributes to take advantage
of this feature.

Example: Enable guest VLAN service.

46 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

# config t
(config)# dot1x feature guest-vlan

Negation: (config)# no dot1x feature { [ guest-vlan ] [ radius-qos ] [ radius-vlan ] }

3.9.8.8 (config)# dot1x guest-vlan

Syntax: (config)# dot1x guest-vlan <value>

Explanation: Configure a guest VLAN ID.

Parameters:

<value:1-4095>: Specify the guest VLAN ID. The allowed VLAN ID range is
from 1 to 4095.

Negation: (config)# no dot1x guest-vlan

3.9.8.9 (config)# dot1x guest-vlan supplicant

Syntax: (config)# dot1x guest-vlan supplicant

Explanation: Enable Guest VLAN supplicant function. The switch remembers if an

EAPOL frame has been received on the port for the life-time of the port. Once
the switch considers whether to enter the Guest VLAN, it will first check if this
option is enabled or disabled. When enabled, the switch does not maintain the
EAPOL packet history and allows clients that fail authentication to access the
guest VLAN, regardless of whether EAPOL packets had been detected on the
interface. Clients that fail authentication can access the guest VLAN.

Negation: (config)# no dot1x guest-vlan supplicant

3.9.8.10 (config)# dot1x max-requth-req

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 47

Chapter 3 Introduction to CLI Installation and Operation Manual

Syntax: (config)# dot1x max-reauth-req <value>

Explanation: The maximum number of times the switch transmits an EAPOL

Request Identity frame without receiving a response before adding a port to the
Guest VLAN. The value can only be changed when the Guest VLAN option is
globally enabled. The range is 1 – 255.

Parameters:

<value:1-255>: Specify a value between 1 and 255.

Negation: (config)# no dot1x max-reauth-req

3.9.8.11 (config-if)# dot1x port-control

Syntax: (config-if)# dot1x port-control { force-authorized | force-unauthorized |

auto | single | multi | mac-based }

Parameters:

{ force-authorized | force-unauthorized | auto | single | multi | mac-based }: Specify one of the

authentication modes on the selected interfaces. This setting works only when NAS is globally
enabled. The following modes are available:

force-authorized: In this mode, the switch will send one EAPOL Success frame when the
port link comes up, and any client on the port will be allowed network access without
authentication.

force unauthorized: In this mode, the switch will send one EAPOL Failure frame when the
port link comes up, and any client on the port will be disallowed network access.

auto (Port-Based 802.1X): This mode requires a dot1x-aware client to be authorized by the
authentication server. Clients that are not dot1x-aware will be denied access.

single (802.1X): In Single 802.1X, at most one supplicant can get authenticated on the port
at a time. Normal EAPOL frames are used in the communication between the supplicant
and the switch. If more than one supplicant is connected to a port, the one that comes
first when the port's link comes up will be the first one considered. If that supplicant
doesn't provide valid credentials within a certain amount of time, another supplicant will
get a chance. Once a supplicant is successfully authenticated, only that supplicant will be
allowed access. This is the most secure of all the supported modes. In this mode, the “Port
Security” module is used to secure a supplicant's MAC address once successfully
authenticated.

48 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

multi (802.1X): In Multi 802.1X, one or more supplicants can get authenticated on the
same port at the same time. Each supplicant is authenticated individually and secured in
the MAC table using the “Port Security” module.

mac-based: Unlike port-based 802.1X, MAC-based authentication do not transmit or

receive EAPOL frames. In MAC-based authentication, the switch acts as the supplicant on
behalf of clients. The initial frame (any kind of frame) sent by a client is snooped by the
switch, which in turn uses the client's MAC address as both username and password in the
subsequent EAP exchange with the RADIUS server. The 6-byte MAC address is converted to
a string on the following form "xx-xx-xx-xx-xx-xx", that is, a dash (-) is used as separator
between the lower-cased hexadecimal digits. The switch only supports the MD5-Challenge
authentication method, so the RADIUS server must be configured accordingly.

Example: Set Gigabit Ethernt port 1-10’s admin state to “auto”

# config t
(config)# interface gigabitethernet 1/1-10
(config-if)# dot1x port-control auto

Negation: (config-if)# no dot1x port-control

3.9.8.12 (config-if)# dot1x guest-vlan

Syntax: (config-if)# dot1x guest-vlan

Explanation: Enable the guest VLAN on the selected interfaces.

Parameters: None.

Example: Enable guest VLAN on port 1-10.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 49

Chapter 3 Introduction to CLI Installation and Operation Manual

# config t
(config)# interface gigabitethernet 1/1-10
(config-if)# dot1x guest-vlan

Negation: (config-if)# no dot1x guest-vlan

3.9.8.13 (config-if)# dot1x radius-qos

Syntax: (config-if)# dot1x radius-qos

Explanation: Enable RADIUS Assigned QoS on the selected interfaces.

Parameters: None.

Example: Enable RADIUS Assigned QoS on port 1-10.

# config t
(config)# interface gigabitethernet 1/1-10
(config-if)# dot1x radius-qos

Negation: (config-if)# no dot1x radius-qos

3.9.8.14 (config-if)# dot1x radius-vlan

Syntax: (config-if)# dot1x radius-vlan

Explanation: Enable RADIUS Assigned VLAN on the selected interfaces.

Example: Enable RADIUS Assigned VLAN on port 1-10.

50 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

# config t
(config)# interface gigabitethernet 1/1-10
(config-if)# dot1x radius-vlan

Negation: (config-if)# no dot1x radius-vlan

3.9.8.15 (config-if)# dot1x re-authenticate

Syntax: (config-if)# dot1x re-authenticate

Explanation: Schedules reauthentication to whenever the quiet-period of the port

runs out (EAPOL-based authentication). For MAC-based authentication,
reauthentication will be attempted immediately. This command only has effect
for successfully authenticated clients on the port and will not cause the clients to
get temporarily unauthorized.

Show: > show dot1x statistics { eapol | radius | all } [ interface ( <port_type>
[ <v_port_type_list> ] ) ]
# show dot1x statistics { eapol | radius | all } [ interface ( <port_type> [ <v_port_type_list> ] ) ]

3.9.9 (config-if)# duplex

Syntax: (config-if)# duplex { half | full | auto [ half | full ] }

Explanation: Configure port’s duplex mode.

Parameters:

{ half | full | auto [ half | full ] }: Specify the duplex mode for this specific
interface.

Example: Set port 1’s duplex mode to auto.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 51

Chapter 3 Introduction to CLI Installation and Operation Manual

# config t
(config)# interface gigabitethernet 1/1-10
(config-if)# duplex auto

Negation: (config-if)# no duplex

Show: > show interface ( <port_type> [ <v_port_type_list> ] ) status

# show interface ( <port_type> [ <v_port_type_list> ] ) status

3.9.10 (config)# enable

3.9.10.1 (config)# enable password

Syntax: (config)# enable password <password>

Explanation: Configure enable password.

Parameters:

password <password>: Specify the enable mode password.

3.9.10.2 (config)# enable password level

Syntax: (config)# enable password [level <priv: 1-15>] <password>

Explanation: Configure enable password and privilege level.

Parameters:

[level <priv: 1-15>]: Specify the privilege level for this password.

<password>: Specify the enable mode password.

Negation: (config)# no enable password [ level <priv> ]

52 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.10.3 (config)# enable secret

Syntax: (config)# enable secret { 0 | 5 } [ level <priv: 1-15> ] <password>

Parameters:

{ 0 | 5 }: Specify “0” to denote unencrypted secret (cleartext). Specify “5” to

denote encrypted secret (MD5).

[level <priv: 1-15>]: Specify the privilege level for this password.

<password>: Specify the enable mode password.

Explanation: Configure enable secret password and privilege level.

Negation: (config)# no enable secret { [ 0 | 5 ] } [ level <priv> ]

3.9.11 (config)# erps

3.9.11.1 (config)# erps <group> guard <guard_time_ms>

Syntax: (config)# erps <group> guard <guard_time_ms>

Explanation: Configure the specified group’s guard time.

Parameters:

<group: 1-64>: Specify a group number. The allowed range is from 1 to 64.

<guard_time_ms: 10-2000>: Specify the guard time. The allowed range is 10

to 2000 ms.

Negation: (config)# no erps <group> guard

Show: # show erps [ <groups> ] [ detail | statistics ]

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 53

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.11.2 (config)# erps <group> holdoff <holdoff_time_ms>

Syntax: (config)# erps <group> holdoff <holdoff_time_ms>

Parameters:

<group: 1-64>: Specify a group number. The allowed range is from 1 to 64.

<holdoff_time_ms: 0-10000>: Specify the holdoff time. The allowed range is 0

to 10000 ms.

Explanation: Configure the specified group’s holdoff time.

Negation: (config)# no erps <group> holdoff

Show: # show erps [ <groups> ] [ detail | statistics ]

3.9.11.3 (config)# erps <group> major port0 interface port1

interface <port_type> <port1> [ interconnect ]

Syntax: (config)# erps <group> major port0 interface <port_type> <port0> port1
interface <port_type> <port1> [ interconnect ]

Explanation: Create an ERPS instance.

Parameters:

<group: 1-64>: Specify a group number. The allowed range is from 1 to 64.

<port_type> <port0>: Specify Port 0’s port type and port number. Port 0 is also known as E port
(East port) which is used by some of the other vendors.

<port_type> <port1>: Specify Port 1’s port type and port number. Port 1 is also known as W
port (West port) which is used by some of the other vendors. When this port is interconnected
with the other sub-ring, “0” is used in this field to indicate that no west port is associated with
this instance.

54 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

[ interconnect ]: Specify this parameter if this is an interconnected node for

this instance.

Show: # show erps [ <groups> ] [ detail | statistics ]

3.9.11.4 (config)# erps <group> mep port0 sf <p0_sf> aps

<p0_aps> port1 sf <p1_sf> aps <p1_aps>

Syntax: (config)# erps <group> mep port0 sf <p0_sf> aps <p0_aps> port1 sf
<p1_sf> aps <p1_aps>

Explanation: Configure the specified group’s MEP & APS settings.

Parameters:

<group: 1-64>: Specify a group number. The allowed range is from 1 to 64.

<p0_sf>: This is also known as East Signal Fail APS MEP. Assign the East Signal
Fail reporting MEP in this field.

<p0_aps>: Specify the East APS PDU handling MEP.

<p1_sf>: This is also known as West Signal Fail APS MEP. When interconnected with the other
sub-ring, “0” is used in this field to indicate that no west SF MEP is associated with this
instance. Assign the West Signal Fail reporting MEP in this field.

<p1_aps>: Specify the West APS PDU handling MEP. When interconnected with the other sub-
ring, “0” is used in this field to indicate that no west APS MEP is associated with this instance.

Negation: (config)# no erps <group> mep

Show: # show erps [ <groups> ] [ detail | statistics ]

3.9.11.5 (config)# erps <group> revertive <wtr_time_minutes>

Syntax: (config)# erps <group> revertive <wtr_time_minutes>

Explanation: Configure the Wait-to-Restore timer in revertive mode.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 55

Chapter 3 Introduction to CLI Installation and Operation Manual

Parameters:

<group: 1-64>: Specify a group number. The allowed range is from 1 to 64.

<wtr_time_minutes>: Specify Wait-to-Restore timer in minutes. The allowed range is from 1 to

12 minutes.

Negation: (config)# no erps <group> revertive

Show: # show erps [ <groups> ] [ detail | statistics ]

3.9.11.6 (config)# erps <group> rpl { owner | neighbor }

{ port0 | port1 }

Syntax: (config)# erps <group> rpl { owner | neighbor } { port0 | port1 }

Explanation: Specify the Ethernet ring port on the local node as the RPL (Ring
Protection Link) owner or neighbor.

Parameters:

<group: 1-64>: Specify a group number. The allowed range is from 1 to 64.

{ owner | neighbor }: Specify the ring port is a owner or neighbor. RPL (Ring Protection Link) is
responsible for blocking traffic over the RPL so that no loops are formed in the Ethernet traffic.

{ port0 | port1 }: Specify the port applies to this rule.

Negation: (config)# no erps <group> rpl

Show: # show erps [ <groups> ] [ detail | statistics ]

3.9.11.7 (config)# erps <group> sub port0 interface

<port_type> <port0> { { port1 interface <port_type> <port1> }
| { interconnect <major_ring_id> [ virtual-channel ] } }

56 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Syntax: (config)# erps <group> sub port0 interface <port_type> <port0> { { port1
interface <port_type> <port1> } | { interconnect <major_ring_id> [ virtual-
channel ] } }

Explanation: Create a profile and configure the Sub ERPS interface port 0, port 1.

Parameters:

<group: 1-64>: Specify a group number. The allowed range is from 1 to 64.

<port_type> <port0>: Specify sub port’s port type and port number.

{ { port1 interface <port_type> <port1> } | { interconnect <major_ring_id> [ virtual-channel ] } }:

Specify Port 1’s port type and port numbr or specify major ring’s group ID.

Negation: (config)# no erps <group>

Show: # show erps [ <groups> ] [ detail | statistics ]

3.9.11.8 (config)# erps <group> topology-change propagate

Syntax: (config)# erps <group> topology-change propagate

Parameters:

<group: 1-64>: Specify a group number. The allowed range is from 1 to 64.

Explanation: Allow topology change notification propagation.

Negation: (config)# no erps <group> topology-change propagate

Show: # show erps [ <groups> ] [ detail | statistics ]

3.9.11.9 (config)# erps <group> version { 1 | 2 }

Syntax: (config)# erps <group> version { 1 | 2 }

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 57

Chapter 3 Introduction to CLI Installation and Operation Manual

Explanation: Configure ERPS version for a specific profile.

Parameters:

<group: 1-64>: Specify a group number. The allowed range is from 1 to 64.

{ 1 | 2 }: Specify ERPS version 1 or 2.

Negation: (config)# no erps <group> version

Show: # show erps [ <groups> ] [ detail | statistics ]

3.9.11.10 (config)# erps <group> vlan { none | [ add | remove ]

<vlans> }

Syntax: (config)# erps <group> vlan { none | [ add | remove ] <vlans> }

Explanation: Configure VLANs for a specific ERPS profile.

Parameters:

<group: 1-64>: Specify a group number. The allowed range is from 1 to 64.

{ none | [ add | remove ] <vlans> } : Specify an option.

none: Do not include any VLANs.

[ add | remove ] <vlans>: Add or remove a specific VLAN.

Negation: (config)# no erps <group> vlan

Show: # show erps [ <groups> ] [ detail | statistics ]

3.9.12 (config-if)# excessive-restart

58 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Syntax: (config-if)# excessive-restart

Explanation: Restart backoff algorithm after 16 collisions (No excessive-restart

means discard frames after 16 collisions.)

Negation: (config-if)# no excessive-restart

Show: > show interface ( <port_type> [ <v_port_type_list> ] ) status

# show interface ( <port_type> [ <v_port_type_list> ] ) status

3.9.13 (config-if)# flowcontrol { on | off }

Syntax: (config-if)# flowcontrol { on | off }

Explanation: Enable or disable flow confrol for this specific interface.

Parameters:

{ on | off }: Enable or disable flow control.

Negation: (config-if)# no flowcontrol

Show: > show interface ( <port_type> [ <v_port_type_list> ] ) status

# show interface ( <port_type> [ <v_port_type_list> ] ) status

3.9.14 (config)# gvrp

3.9.14.1 (config)# gvrp

Syntax: (config)# gvrp

Explanation: Globally enable GVRP function.

Parameters: None.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 59

Chapter 3 Introduction to CLI Installation and Operation Manual

Example: Globally enable GVRP function.

# config t
(config)# gvrp
(config)#

Negation: (config)# no gvrp

3.9.14.2 (config)# gvrp max-vlans

Syntax: (config)# gvrp max-vlans <maxvlans>

Explanation: Set up the maximum number of VLANs can be learned via GVRP.

Parameters:

<maxvlans>: Specify the number of VLANs learned via GVRP.

Example: Set the maximum number of VLANs can be learned via GVRP to 20.

# config t
(config)# gvrp
(config)# gvrp max-vlans 20

Negation: (config)# no gvrp max-vlans <maxvlans>

3.9.14.3 (config)# gvrp time

Syntax: (config)# gvrp time { [ join-time <jointime> ] [ leave-time <leavetime> ]

[ leave-all-time <leavealltime> ] }

Explanation: Set up the maximum number of VLANs can be learned via GVRP.

Parameters:

60 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

[ join-time <jointime> ]: Specify the amount of time in units of centi-seconds that PDUs are
transmitted. The default value is 20 centi-seconds. The valid value is 1~20.

[ leave-time <leavetime> ]: Specify the amount of time in units of centi-seconds that the device
waits before deleting the associated etry. The leave time is activated by a “Leave All-time”
message sent/received and cancelled by the Join message. The default value is 60 centi-
seconds.

NOTE: The “LeaveAll-time” parameter must be greater than the “Leave-time”

parameter.

[ leave-all-time <leavealltime> ]: Specify the amount of time that “LeaveAll” PDUs are created.
A LeaveAll PDU indicates that all registrations are shortly de-registered. Participants will need to
rejoin in order to maintain registration. The valid value is 1000 to 5000 centi-seconds. The
factory default 1000 centi-seconds.

NOTE: The “LeaveAll-time” parameter must be greater than the “Leave-time”

parameter.

Negation: (config)# no gvrp time { [ join-time <jointime> ] [ leave-time <leavetime>

] [ leave-all-time <leavealltime> ] }

3.9.14.4 (config-if)# gvrp

Syntax: (config-if)# gvrp

Explanation: Enable GVRP function on the specified interfaces.

Parameters: None.

Example: Enable GVRP function on port 1~5.

# config t
(config)# interface GigabitEthernet 1/1-5
(config-if)# gvrp
(config-if)#

Negation: (config-if)# no gvrp

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 61

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.15 (config)# hostname

Syntax: (config)# hostname <WORD>

Explanation: Specify a descriptive name for this switch.

Parameters:

<WORD32>: Specify a descriptive name for this device. Indicate the hostname for this device.
Alphabets (A-Z; a-z), digits (0-9) and minus sign (-) can be used. However, space characters are
not allowed. The first character must be an alphabet character. The first and last character
must not be a minus sign. The allowed string length is 0 – 255.

Example: Set the hostname to AccessSW.

# config t
(config)# hostname AccessSW

Negation: (config)# no hostname

Show: > show version

# show version

3.9.16 (config)# interface

3.9.16.1(config)# interface ( <port_type> [ <plist> ] )

Syntax: (config)# interface ( <port_type> [ <plist> ] )

Explanation: Enter Config Interface mode for this specific interface.

Parameters:

<port_type> [ <plist> ]: Specify the port type and port number.

62 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Example: Enter Config Interface mode for Gigabit Ethernet port 1.

# config t
(config)#
(config)# interface GigabitEthernet 1/1
(config-if)#

Show: > show interface ( <port_type> [ <in_port_list> ] ) switchport [ access | trunk

| hybrid ]
> show interface ( <port_type> [ <v_port_type_list> ] ) capabilities
> show interface ( <port_type> [ <v_port_type_list> ] ) statistics [ { packets | bytes | errors |
discards | filtered | { priority [ <priority_v_0_to_7> ] } } ] [ { up | down } ]
> show interface ( <port_type> [ <v_port_type_list> ] ) status
> show interface vlan [ <vlist> ]

# show interface ( <port_type> [ <in_port_list> ] ) switchport [ access | trunk | hybrid ]

# show interface ( <port_type> [ <v_port_type_list> ] ) capabilities

# show interface ( <port_type> [ <v_port_type_list> ] ) statistics [ { packets | bytes | errors |

discards | filtered | { priority [ <priority_v_0_to_7> ] } } ] [ { up | down } ]
# show interface ( <port_type> [ <v_port_type_list> ] ) status
# show interface vlan [ <vlist> ]

Clear: # clear statistics { [ interface ] ( <port_type> [ <v_port_type_list> ] ) }

3.9.16.2 (config)# interface vlan

Syntax: (config)# interface vlan <vlist>

Explanation: Enter Config Interface VLAN mode for this specific interface.

Example: Enter Config Interface VLAN 1 for port 1.

# config t
(config)#
(config)# interface vlan 1
(config-if-vlan)#

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 63

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.17 (config)# ip

3.9.17.1 (config)# ip arp inspection

Syntax: (config)# ip arp inspection

Explanation: Enable ARP inspection function.

Negation: (config)# no ip arp inspection

Show: > show ip arp inspection [ interface ( <port_type> [ <in_port_type_list> ] ) |

vlan <in_vlan_list> ]
# show ip arp inspection [ interface ( <port_type> [ <in_port_type_list> ] ) |
vlan <in_vlan_list> ]

Clear: # clear ip arp

3.9.17.2 (config)# ip arp inspection entry interface

Syntax: (config)# ip arp inspection entry interface <port_type> <in_port_type_id>

<vlan_var> <mac_var> <ipv4_var>

Explanation: Create ARP static entry.

Parameters:

<port_type> <in_port_type_id>: Specify the port type and port number.

<vlan_var>: Specify a configured VLAN ID.

<mac_var>: Specify an allowed source MAC address in ARP request packets.

<ipv4_var>: Specify an allowed source IP address in ARP request packets.

Negation: (config)# no ip arp inspection entry interface <port_type>

<in_port_type_id> <vlan_var> <mac_var> <ipv4_var>

64 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Show: # show ip arp inspection entry [ dhcp-snooping | static ] [ interface

( <port_type> [ <in_port_type_list> ] ) ]

Clear: # clear ip arp

3.9.17.3 (config)# ip arp inspection translate

Syntax: (config)# ip arp inspection translate [ interface <port_type>

<in_port_type_id> <vlan_var> <mac_var> <ipv4_var> ]

Explanation: Translate the dynamic entry to static one.

Parameters:

<port_type> <in_port_type_id>: Specify the port type and port number.

<vlan_var>: Specify a configured VLAN ID.

<mac_var>: Specify an allowed source MAC address in ARP request packets.

<ipv4_var>: Specify an allowed source IP address in ARP request packets.

Show: # show ip arp inspection entry [ dhcp-snooping | static ] [ interface

( <port_type> [ <in_port_type_list> ] ) ]

3.9.17.4 (config)# ip arp inspection vlan

Syntax: (config)# ip arp inspection vlan <in_vlan_list>

Explanation: Specify ARP inspection is enabled on which VLAN.

Parameters:

<in_vlan_list>: Specify a list of VLAN ID to be used for ARP inspection.

Negation: (config)# no ip arp inspection vlan <in_vlan_list>

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 65

Chapter 3 Introduction to CLI Installation and Operation Manual

Show: < show ip arp

# show ip arp

Clear: # clear ip arp

3.9.17.5 (config)# ip arp inspection vlan <in_vlan_list> logging

Syntax: (config)# ip arp inspection vlan <in_vlan_list> logging { deny | permit | all }

Explanation: Enable log function.

Parameters:

{ deny | permit | all }: Specify one of the log types.

Deny: Log denied entries.

Permit: Log permitted entries.

All: Log all entries.

Negation: (config)# no ip arp inspection vlan <in_vlan_list> logging

Show: < show ip arp

# show ip arp

Clear: # clear ip arp

3.9.17.6 (config)# ip dhcp excluded-address

Syntax: (config)# ip dhcp excluded-address <low_ip> [ <high_ip> ]

Parameters:

<low_ip> [ <high_ip> ]: Specify the IP address range that will not be used for
DHCP IP assignment.

66 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Explanation: Configure IP addresses that are not used for DHCP IP allocation.

Example: Exclude IP address 1.2.3.4 to 1.2.3.10 from DHCP IP allocation pool..

# config t
(config)# ip dhcp excluded-address 1.2.3.4 1.2.3.10
(config)# exit
# show ip dhcp excluded-address
Low Address High Address
--------------- ---------------
01 1.2.3.4 1.2.3.10

Negation: (config)# no ip dhcp excluded-address <low_ip> [ <high_ip> ]

Show: # show ip dhcp excluded-address

3.9.17.7 (config)# ip dhcp pool

Syntax: (config)# ip dhcp pool <pool_name>

Parameters:

<pool_name>: Specify the DHCP pool name in 32 characters.

Explanation: Configure the pool name for DHCP IP addresses.

Negation: (config)# no ip dhcp pool <pool_name>

Show: # show ip dhcp pool

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 67

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.17.7.1 (config-dhcp-pool)# broadcast

Syntax: (config-dhcp-pool)# broadcast <ip>

Explanation: Specify the broadcast address in use on the client’s subnet for the
specified IP dhcp pool.

Parameters:

<ip>: Specify the broadcast address in use on the client’s subnet

Negation: (config-dhcp-pool)# no broadcast

Show: < show ip dhcp pool [ <pool_name> ]

# show ip dhcp pool [ <pool_name> ]

68 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.17.7.2 (config-dhcp-pool)# client-identifier

Syntax: (config-dhcp-pool)# client-identifier { fqdn <identifier> | mac-address

<mac> }

Explanation: Specify client's unique identifier to be used when the pool is the
type of host.

Parameters:

{ fqdn <identifier> | mac-address <mac> }: Specify the client identifier either

in FQDN (Fully Qualified Domain Name) or MAC address format.

Negation: (config-dhcp-pool)# no client-identifier

Show: < show ip dhcp pool [ <pool_name> ]

# show ip dhcp pool [ <pool_name> ]

3.9.17.7.3 (config-dhcp-pool)# client-name

Syntax: (config-dhcp-pool)# client-name <host_name>

Explanation: Specify the name of client to be used when the pool is the type of
host.

Parameters:

<host_name>: Specify the name of client to be used when the pool is the
type of host.

Negation: (config-dhcp-pool)# no client-name

Show: < show ip dhcp pool [ <pool_name> ]

# show ip dhcp pool [ <pool_name> ]

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 69

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.17.7.4 (config-dhcp-pool)# default-router

Syntax: (config-dhcp-pool)# default-router <ip> [ <ip1> [ <ip2> [ <ip3> ] ] ]

Explanation: Specify a list of IP addresses for routers on the clients’ subnet.

Parameters:

<ip> [ <ip1> [ <ip2> [ <ip3> ] ] ]: Specify a list of IP addresses for routers on

the clients’ subnet.

Negation: (config-dhcp-pool)# no default-router

Show: < show ip dhcp pool [ <pool_name> ]

# show ip dhcp pool [ <pool_name> ]

70 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.17.7.5 (config-dhcp-pool)# designated interface

Syntax: (config-dhcp-pool)# designated interface <port_type> <port> ip-address

<designated_ip>

Explanation: Designate a specific IP address to an interface.

Parameters:

<port_type> <port>: Specify port type and port number for DHCP interface-IP
addresss mapping.

ip-address <designated_ip>: Designate a specific IP to the specified

interface.

Show: < show ip dhcp pool [ <pool_name> ]

# show ip dhcp pool [ <pool_name> ]

3.9.17.7.6 (config-dhcp-pool)# dns-server

Syntax: (config-dhcp-pool)# dns-server <ip> [ <ip1> [ <ip2> [ <ip3> ] ] ]

Explanation: Specify a list of Domain Name System name servers available to the
client.

Parameters:

<ip> [ <ip1> [ <ip2> [ <ip3> ] ] ]: Specify a list of Domain Name Servers

available to the client.

Negation: (config-dhcp-pool)# no dns-server

Show: < show ip dhcp pool [ <pool_name> ]

# show ip dhcp pool [ <pool_name> ]

3.9.17.7.7 (config-dhcp-pool)# domain-name

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 71

Chapter 3 Introduction to CLI Installation and Operation Manual

Syntax: (config-dhcp-pool)# domain-name <domain_name>

Explanation: Specify a list of Domain Name System name servers available to the
client.

Parameters:

<domain_name>: Specify the domain name that a client use when resolving
hostname via DNS.

Negation: (config-dhcp-pool)# no domain-name

Show: < show ip dhcp pool [ <pool_name> ]

# show ip dhcp pool [ <pool_name> ]

72 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.17.7.8 (config-dhcp-pool)# hardware-address

Syntax: (config-dhcp-pool)# hardware-address <mac>

Explanation: Specify client's hardware (MAC) address to be used when the pool is
the type of host.

Parameters:

<mac>: Specify client's hardware (MAC) address to be used when the pool is
the type of host.

Negation: (config-dhcp-pool)# no hardware-address

Show: < show ip dhcp pool [ <pool_name> ]

# show ip dhcp pool [ <pool_name> ]

3.9.17.7.9 (config-dhcp-pool)# host

Syntax: (config-dhcp-pool)# host <ip> <subnet_mask>

Explanation: Specify the Network IP and subnet mask of the DHCP address pool.

Parameters:

<ip>: Specify the network IP of the DHCP address pool.

<subnet_mask>: Specify subnet mask of the DHCP address pool.

Negation: (config-dhcp-pool)# no host

Show: < show ip dhcp pool [ <pool_name> ]

# show ip dhcp pool [ <pool_name> ]

3.9.17.7.10 (config-dhcp-pool)# lease

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 73

Chapter 3 Introduction to CLI Installation and Operation Manual

Syntax: (config-dhcp-pool)# lease { <day> [ <hour> [ <min> ] ] | infinite }

Explanation: Specify lease time that a client needs to send requests to the DHCP
server for renewed IP address.

Parameters:

{ <day> [ <hour> [ <min> ] ] | infinite }: Specify lease time that a client needs to send requests
to the DHCP server for renewed IP address. Specify "infinite" to mean the lease time is infinite.

Negation: (config-dhcp-pool)# no lease

Show: < show ip dhcp pool [ <pool_name> ]

# show ip dhcp pool [ <pool_name> ]

3.9.17.7.11 (config-dhcp-pool)# netbios-name-server

Syntax: (config-dhcp-pool)# netbios-name-server <ip> [ <ip1> [ <ip2>

[ <ip3> ] ] ]

Explanation: Specify a list of NBNS name servers.

Parameters:

[ <ip1> [ <ip2> [ <ip3> ] ] ]: Specify a list of NBNS name servers IP in order of preference.

Negation: (config-dhcp-pool)# no netbios-name-server

Show: < show ip dhcp pool [ <pool_name> ]

# show ip dhcp pool [ <pool_name> ]

3.9.17.7.12 (config-dhcp-pool)# netbios-node-type

Syntax: (config-dhcp-pool)# netbios-node-type { b-node | h-node | m-node | p-

node }

74 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Explanation: Specify NetBIOS node type option to allow Netbios over TCP/IP
clients as described in RFC 1001/1002.

Parameters:

{ b-node | h-node | m-node | p-node }: Specify NetBIOS node type.

Negation: (config-dhcp-pool)# no netbios-node-type

Show: < show ip dhcp pool [ <pool_name> ]

# show ip dhcp pool [ <pool_name> ]

3.9.17.7.13 (config-dhcp-pool)# netbios-scope

Syntax: (config-dhcp-pool)# netbios-scope <netbios_scope>

Explanation: Specify the NetBIOS over TCP/IP scope parameter for the client as
specified in RFC 1001/1002.

Parameters:

<netbios_scope>: Specify NetBIOS scope identifier.

Negation: (config-dhcp-pool)# no netbios-scope

Show: < show ip dhcp pool [ <pool_name> ]

# show ip dhcp pool [ <pool_name> ]

3.9.17.7.14 (config-dhcp-pool)# network

Syntax: (config-dhcp-pool)# network <ip> <subnet_mask>

Explanation: The pool defines a pool of IP addresses to service more than one
DHCP client

Parameters:

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 75

Chapter 3 Introduction to CLI Installation and Operation Manual

<ip> <subnet_mask>: Specify IP address and subnet mask for this specific IP address.

Negation: (config-dhcp-pool)# no network

Show: < show ip dhcp pool [ <pool_name> ]

# show ip dhcp pool [ <pool_name> ]

3.9.17.7.15 (config-dhcp-pool)# nis-domain-name

Syntax: (config-dhcp-pool)# nis-domain-name <domain_name>

Explanation: Specify the name of the client's NIS domain.

Parameters:

<domain_name>: Specify NIS domain name.

Negation: (config-dhcp-pool)# no nis-domain-name

Show: < show ip dhcp pool [ <pool_name> ]

# show ip dhcp pool [ <pool_name> ]

3.9.17.7.16 (config-dhcp-pool)# nis-server

Syntax: (config-dhcp-pool)# nis-server <ip> [ <ip1> [ <ip2> [ <ip3> ] ] ]

Explanation: Specify a list of IP addresses indicating NIS servers available to the

client.

Parameters:

[ <ip1> [ <ip2> [ <ip3> ] ] ]: Specify a list of IP addresses indicating NIS servers available to the
client.

Negation: (config-dhcp-pool)# no nis-server

76 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Show: < show ip dhcp pool [ <pool_name> ]

# show ip dhcp pool [ <pool_name> ]

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 77

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.17.7.17 (config-dhcp-pool)# ntp-server

Syntax: (config-dhcp-pool)# ntp-server <ip> [ <ip1> [ <ip2> [ <ip3> ] ] ]

Explanation: Specify a list of IP addresses indicating NTP servers available to the

client.

Parameters:

[ <ip1> [ <ip2> [ <ip3> ] ] ]: Specify a list of IP addresses indicating NTP servers available to the
client.

Negation: (config-dhcp-pool)# no ntp-server

Show: < show ip dhcp pool [ <pool_name> ]

# show ip dhcp pool [ <pool_name> ]

3.9.17.7.18 (config-dhcp-pool)# vendor class-identifier

Syntax: (config-dhcp-pool)# vendor class-identifier <class_id> specific-info

<hexval>

Explanation: Identify the vendor type and vendor specific information. DHCP
server will deliver the corresponding option 43 specific information to the client
that sends option 60 vendor class identifier.

Parameters:

<class_id>: Specify the specifc vendor class identifier (option 60).

<hexval>: Specify specific information.

Negation: (config-dhcp-pool)# no vendor class-identifier <class_id>

Show: < show ip dhcp pool [ <pool_name> ]

# show ip dhcp pool [ <pool_name> ]

78 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.17.8 (config)# ip dhcp relay

Syntax: (config)# ip dhcp relay

Explanation: Enable DHCP relay function.

Example: Enable DHCP relay function.

# config t
(config)# ip dhcp relay

Negation: (config)# no ip dhcp relay

Show: > show ip dhcp relay [statistics]

# show ip dhcp relay [statistics]

Clear: # clear ip dhcp relay statistics

3.9.17.9 (config)# ip dhcp relay information circuit-id format

Syntax: (config)# ip dhcp relay information circuit-id format { standard | tr101 |

alias }

Parameters:

{ standard | tr101 | alias }: Specify the DHCP relay circuit ID format.

standard: Used for defining the switch port and VLAN ID according to
RFC 3046.

tr-101: Used for defining the switch IP, switch port and VLAN ID according to TR-101.

alias: Use the individual values for port Alias.

Explanation: Specify the appropriate circuit ID format.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 79

Chapter 3 Introduction to CLI Installation and Operation Manual

Negation: (config)# no ip dhcp relay information circuit-id format

3.9.17.10 (config)# ip dhcp relay information option

Syntax: (config)# ip dhcp relay information option

Explanation: Enable DHCP Relay option 82 function. Please note that “Relay
Mode” must be enabled before this function is able to take effect.

Example: Enable DHCP Relay option 82 function

# config t
(config)# ip dhcp relay information option

Negation: (config)# no ip dhcp relay information option

3.9.17.11 (config)# ip dhcp relay information policy {drop |

keep |replace}

Syntax: (config)# ip dhcp relay information policy { drop | keep | replace }

Explanation: Specify DHCP Relay information reforwarding policy action.

Parameters:

{ drop | keep | replace }: Specify one of the relay information policy options.

drop: Drop the packet when it receives a DHCP message that already contains relay
information.

keep: Keep the client’s DHCP information.

80 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

replace: Replace (rewrite) the DHCP client packet information with the switch’s relay
information. This is the default setting.

Example: Keep the client’s DHCP information.

# config t
(config)# ip dhcp relay information policy keep

Negation: (config)# no ip dhcp relay information policy

3.9.17.12 (config)# ip dhcp relay information remote-id

Syntax: (config)# ip dhcp relay information remote-id <v_line63>

Parameters:

<v_line63>: Specify remote ID string.

Explanation: Specify the remoted ID inserted in DHCP Relay information option.

Negation: (config)# no ip dhcp relay information remote-id

Show: # show ip dhcp relay

3.9.17.13 (config)# ip dhcp relay information remote-id

format

Syntax: (config)# ip dhcp relay information remote-id format { none | mac |

configured }

Parameters:

{ none | mac | configured }: Specify remote ID format.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 81

Chapter 3 Introduction to CLI Installation and Operation Manual

none: Sub-option 2 is not used.

mac: Add MAC address to Option 82 information.

configured: Use the desire remote ID format.

Explanation: Specify the remoted ID format inserted in DHCP Relay information

option.

Negation: (config)# no ip dhcp relay information remote-id format

Show: # show ip dhcp relay

3.9.17.14 (config)# ip dhcp server

Syntax: (config)# ip dhcp server

Explanation: Enable DHCP server function globally.

Example: Enable DHCP server function.

# config t
(config)# ip dhcp server

Negation: (config)# no ip dhcp server

Show: > show ip dhcp server

# show ip dhcp server

3.9.17.15 (config)# ip dhcp snooping

Syntax: (config)# ip dhcp snooping

Explanation: Enable DHCP snooping function globally. When DHCP snooping mode
operation is enabled, the DHCP request messages will be forwarded to trusted
ports and only allow reply packets from trusted ports.

82 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Example: Enable DHCP snooping function.

Example: Set the holdtime to 5.

# config t
(config)# ip dhcp snooping

Negation: (config)# no ip dhcp snooping

Show: > show ip dhcp snooping [ interface ( <port_type> [ <in_port_list> ] ) ]

# show ip dhcp snooping [ interface ( <port_type> [ <in_port_list> ] ) ]
# show ip dhcp snooping table

Clear: # clear ip dhcp snooping statistics [ interface ( <port_type>

[ <in_port_list> ] ) ]

3.9.17.16 (config)# ip dhcp snooping vlan

Syntax: (config)# ip dhcp snooping vlan { all | none | [ add | remove | except ]
<vlan_list> }

{ all | none | [ add | remove | except ] <vlan_list> }: A single VLAN or a range of VLANs specified
here will be treated as authorized and secure VLANs. Packets from specified VLANs are
forwarded normally.

Explanation: Configure the allowed VLAN when DHCP Snooping is enabled.

Show: > show ip dhcp snooping [ interface ( <port_type> [ <in_port_list> ] ) ]

# show ip dhcp snooping [ interface ( <port_type> [ <in_port_list> ] ) ]
# show ip dhcp snooping table

3.9.17.17 (config)# ip dns proxy

Syntax: (config)# ip dns proxy

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 83

Chapter 3 Introduction to CLI Installation and Operation Manual

Explanation: Enable DNS (Domain Name System) proxy function.

Example: Enable DNS (Domain Name System) proxy function.

# config t
(config)# ip dns proxy

Negation: (config)# no ip dns proxy

3.9.17.18 (config)# ip helper-address

Syntax: (config)# ip helper-address <v_ipv4_ucast>

Explanation: Configure DHCP Relay server IPv4 address.

Parameters:

<v_ipv4_ucast>: Specify DHCP Relay server IPv4 address that is used by the
switch’s DHCP relay agent

Negation: (config)# no ip helper-address

3.9.17.19 (config)# ip http secure-server

Syntax: (config)# ip http secure-server

Explanation: Enable the HTTPS operation mode. When the current connection is
HTTPS and HTTPS mode operation is disabled, web browser will automatically
redirect to an HTTP connection.

Example: Enable the HTTPS operation mode.

84 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

# config t
(config)# ip http secure-server

Negation: (config)# no ip http secure-server

Show: # show ip http server secure status

3.9.17.20 (config)# ip http secure-redirect

Syntax: (config)# ip http secure-redirect

Explanation: Enable the HTTPS redirect mode operation. It applies only if HTTPS
mode is "Enabled". Automatically redirects HTTP of web browser to an HTTPS
connection when both HTTPS mode and Automatic Redirect are enabled.

Example: Enable HTTPs automatic redirect mode.

# config t
(config)# ip http secure-redirect

Negation: (config)# no ip http secure-redirect

Show: # show ip http server secure status

3.9.17.21 (config)# ip igmp host-proxy

Syntax: (config)# ip igmp host-proxy [ leave-proxy ]

Explanation: When enabled, the switch suppresses leave messages unless received
from the last member port in the group. IGMP leave proxy suppresses all
unnecessary IGMP leave messages so that a non-querier switch forwards an IGMP
leave packet only when the last dynamic member port leaves a multicast group.

Parameters:

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 85

Chapter 3 Introduction to CLI Installation and Operation Manual

[leave-proxy]: The parameter is optional. Enable leave-proxy function.

Negation: (config)# no ip igmp host-proxy [leave-proxy]

Show: # show ip igmp snooping detail

3.9.17.22 (config)# ip igmp snooping

Syntax: (config)# ip igmp snooping

Explanation: Globally enable IGMP Snooping feature. When enabled, this device will
monitor network traffic and determine which hosts will receive multicast traffic.
The switch can passively monitor or snoop on IGMP Query and Report packets
transferred between IP multicast routers and IP multicast service subscribers to
identify the multicast group members. The switch simply monitors the IGMP packets
passing through it, picks out the group registration information and configures the
multicast filters accordingly.

Negation: (config)# no ip igmp snooping

Show: # show ip igmp snooping [ vlan <v_vlan_list> ] [ group-database [ interface

( <port_type> [ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]

Clear: # clear ip igmp snooping [ vlan <v_vlan_list> ] statistics

3.9.17.23 (config)# ip igmp snooping vlan

Syntax: (config)# ip igmp snooping vlan <v_vlan_list>

Explanation: Enable IGMP function for specific VLANs.

Parameters:

<v_vlan_list>: Specify valid IGMP VLANs.

Negation: (config)# no ip igmp snooping vlan [ <v_vlan_list> ]

Show: # show ip igmp snooping

86 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Clear: # clear ip igmp snooping [ vlan <v_vlan_list> ] statistics

3.9.17.24 (config)# ip igmp ssm-range

Syntax: (config)# ip igmp ssm-range <v_ipv4_mcast> <ipv4_prefix_length>

Explanation: SSM (Source-Specific Multicast) Range allows the SSM-aware hosts

and routers run the SSM service model for the groups in the address range.

Parameters:

<v_ipv4_mcast>: Specify valid IPv4 multicast address.

<ipv4_prefix_length>: Specify the prefix length ranging from 4 to 32.

Negation: (config)# no ip igmp ssm-range

3.9.17.25 (config)# ip igmp unknown-flooding

Syntax: (config)# ip igmp unknown-flooding

Explanation: Set forwarding mode for unregistered (not-joined) IP multicast traffic.

Select the checkbox to flood traffic.

Negation: (config)# no ip igmp unknown-flooding

3.9.17.26 (config)# ip name-server

Syntax: (config)# ip name-server { <v_ipv4_ucast> | dhcp [ interface vlan

<v_vlan_id> ] }

Explanation: Set up DNS IP address manually or obtain DNS IP address via specific
VLAN DHCP server.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 87

Chapter 3 Introduction to CLI Installation and Operation Manual

Parameters:

<v_ipv4_ucast>: Manually specify unicast IPv4 name server address.

dhcp [ interface vlan <v_vlan_id> ]: Configure DNS IP address via specific VLAN
DHCP server.

Negation: (config)# no ip name-server

Show: > show ip name-server

# show ip name-server

3.9.17.27 (config)# ip route

Syntax: (config)# ip route <v_ipv4_addr> <v_ipv4_netmask> <v_ipv4_gw>

Explanation: Configure a static IP route.

Parameters:

<v_ipv4_addr>: Specify IPv4 address. The IP route is the destination IP network or host address
of this route. Valid format is dotted decimal notation.

<v_ipv4_netmask>: The route mask is a destination IP network or host mask, in number of bits
(prefix length). It defines how much of a network address that must match, in order to qualify
for this route. Only a default route will have a mask length of 0 (as it will match anything).

<v_ipv4_gw>: This is the IP address of the gateway. Valid format is dotted decimal notation.
Gateway and Network must be of the same type.

Example: Add a new ip route with the following settings.

# config t
(config)# ip route 192.168.1.240 255.255.255.0 192.168.1.254

Negation: (config)# no ip route <v_ipv4_addr> <v_ipv4_netmask> <v_ipv4_gw>

Show: > show ip route

88 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

# show ip route

3.9.17.28 (config)# ip routing

Syntax: (config)# ip routing

Explanation: Enable IPv4 and IPv6 routing.

Example: Enable IPv4 and IPv6 routing.

# config t
(config)# ip routing

Negation: (config)# no ip routing

Show: > show ip route

> show ipv6 route [interface vlan <vlan_list>]
# show ip route
# show ipv6 route [interface vlan<vlan_list>]

# show ip route
127.0.0.1/32 via 127.0.0.1 <UP HOST>
224.0.0.0/4 via 127.0.0.1 <UP>
# show ipv6 route interface vlan 1
::1/128 via ::1 <UP HOST>

3.9.17.29 (config)# ip source binding interface

Syntax: (config)# ip source binding interface <port_type> <in_port_type_id>

<vlan_var> <ipv4_var> <mask_var>

Explanation: Create a static entry.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 89

Chapter 3 Introduction to CLI Installation and Operation Manual

Parameters:

<port_type> <in_port_type_id>: Specify a port type and port number to which a

static entry is bound.

<vlan_var>: Specify VLAN ID that has been configured.

<ipv4_var>: Specify a valid IPv4 address.

<mask_var>: Specify the subnet mask for the entered IP address.

Negation: (config)# no ip source binding interface <port_type> <in_port_type_id>

<vlan_var> <ipv4_var> <mask_var>

Show: # show ip source binding [ dhcp-snooping | static ] [ interface ( <port_type>

[ <in_port_type_list> ] ) ]

3.9.17.30 (config)# ip ssh

Syntax: (config)# ip ssh

Explanation: Enable SSH mode.

Example: Enable SSH mode.

# config t
(config)# ip ssh

Negation: (config)# no ip ssh

Show: # show ip ssh

NOTE: SSH is preferred to Telnet, unless the management network is trusted.

Telnet passes authentication credentials in plain text, making those credentials

90 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

susceptible to packet capture and analysis. SSH provides a secure authentication

method. The SSH in this device uses version 2 of SSH protocol.

3.9.17.31 (config)# ip verify source

Syntax: (config)# ip verify source

Explanation: Enable IP source guard function.

Negation: (config)# no ip verify source

Show: > show ip verify source [ interface ( <port_type> [ <in_port_type_list> ] ) ]

# show ip verify source [ interface ( <port_type> [ <in_port_type_list> ] ) ]

3.9.17.32 (config)# ip verify source translate

Syntax: (config)# ip verify source translate

Explanation: Translate Dynamic entries to Static ones.

3.9.17.33 (config-if)# ip arp inspection check-type

Syntax: (config-if)# ip arp inspection check-type { request | reply | both }

Parameters:

{ request | reply | both }: Specify the check type.

rquqest: Check ARP rquest packets.

reply: Check ARP reply packets.

both: Check both ARP request and reply packets.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 91

Chapter 3 Introduction to CLI Installation and Operation Manual

Explanation: Specify the check type for ARP inspection.

Negation: (config-if)# no ip arp inspection check-type

3.9.17.34 (config-if)# ip arp inspection check-vlan

Syntax: (config-if)# ip arp inspection check-vlan

Explanation: Enable check vlan function.

Negation: (config-if)# no ip arp inspection check-vlan

3.9.17.35 (config-if)# ip arp inspection logging

Syntax: (config-if)# ip arp inspection logging { deny | permit | all }

Explanation: Enable log function on a specific interface.

Parameters:

{ deny | permit | all }: Specify one of the log types.

deny: Log denied entries.

permit: Log permitted entries.

all: Log all entries.

Negation: (config-if)# no ip arp inspection logging

3.9.17.36 (config-if)# ip arp inspection trust

Syntax: (config-if)# ip arp inspection trust

92 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Explanation: Enable trust state on the selected interfaces.

Negation: (config-if)# no ip arp inspection trust

3.9.17.37 (config-if)# ip dhcp snooping trust

Syntax: (config-if)# ip dhcp snooping trust

Explanation: Set this interface to DHCP Snooping trusted port.

Negation: (config-if)# no ip dhcp snooping trust

Show: > show ip dhcp snooping [ interface ( <port_type> [ <in_port_list> ] ) ]

# show ip dhcp snooping [ interface ( <port_type> [ <in_port_list> ] ) ]

3.9.17.38 (config-if)# ip dhcp relay information subscriber-id

Syntax: (config-if)# ip dhcp relay information subscriber-id <v_line63>

Explanation: Use this command to configure DHCP Option 82 subscriber ID on a

per port basis.

Parameters:

<v_line63>: Specify DHCP Option 82 suboption 6 (subscriber ID).

Show: > show ip dhcp relay [ statistics ]

# show ip dhcp relay [ statistics ]

3.9.17.39 (config-if)# ip dhcp snooping limit

Syntax: (config-if)# ip dhcp snooping limit

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 93

Chapter 3 Introduction to CLI Installation and Operation Manual

Explanation: Enable DHCP Snooping client limit function.

Negation: (config-if)# no ip dhcp snooping limit

Show: > show ip dhcp snooping [ interface ( <port_type> [ <in_port_list> ] ) ]

#show ip dhcp snooping [ interface ( <port_type> [ <in_port_list> ] ) ]

3.9.17.40 (config-if)# ip dhcp snooping limit maximum

Syntax: (config-if)# ip dhcp snooping limit maximum <cnt_var>

Parameter:

<cnt_var: 1-32>: Specify the maximum number of DHCP clients that can be learnt on this specific
port. The valid number is 1 to 32.

Explanation: Enable DHCP Snooping client limit function.

Negation: (config-if)# no ip dhcp snooping limit maximum

Show: > show ip dhcp snooping [ interface ( <port_type> [ <in_port_list> ] ) ]

#show ip dhcp snooping [ interface ( <port_type> [ <in_port_list> ] ) ]

3.9.17.41 (config-if)# ip dhcp snooping trust

Syntax: (config-if)# ip dhcp snooping trust

Explanation: Enable the selected port or ports are DHCP Snooping trusted ports.
DHCP requests from Trusted ports are processed.

Negation: (config-if)# no ip dhcp snooping trust

Show: > show ip dhcp snooping [ interface ( <port_type> [ <in_port_list> ] ) ]

#show ip dhcp snooping [ interface ( <port_type> [ <in_port_list> ] ) ]

94 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.17.42 (config-if)# ip igmp snooping filter

Syntax: (config-if)# ip igmp snooping filter <profile_name>

Explanation: Use this command to filter specific multicast traffic on a per port
basis.

Parameters:

<profile_name>: Specify the configured multicast groups that are denied on a port. When a
certain multicast group is selected on a port, IGMP join reports received on a port are dropped.

Negation: (config-if)# no ip igmp snooping filter

Show: > show ip igmp snooping [ vlan <v_vlan_list> ] [ group-database [ interface ( <port_type>
[ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
# show ip igmp snooping [ vlan <v_vlan_list> ] [ group-database [ interface ( <port_type>
[ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]

3.9.17.43 (config-if)# ip igmp snooping immediate-leave

Syntax: (config-if)# ip igmp snooping immediate-leave

Explanation: Enable fast leave function on a specific port. When a leave packet is
received, the switch immediately removes it from a multicast service without
sending an IGMP group-specific (GS) query to that interface.

Negation: (config-if)# no ip igmp snooping immediate-leave

Show: > show ip igmp snooping [ vlan <v_vlan_list> ] [ group-database [ interface ( <port_type>
[ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
# show ip igmp snooping [ vlan <v_vlan_list> ] [ group-database [ interface ( <port_type>
[ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]

3.9.17.44 (config-if)# ip igmp snooping max-groups

Syntax: (config-if)# ip igmp snooping max-groups <throttling>

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 95

Chapter 3 Introduction to CLI Installation and Operation Manual

Explanation: Specify the maximum number of multicast groups that a port can
join at the same time.

Parameters:

<throttling>: This field limits the maximum number of multicast groups that a port can join at
the same time. When the maximum number is reached on a port, any new IGMP join reports will
be dropped. By default, unlimited is selected. The allowed range can be specified is 1 to 10.

Negation: (config-if)# no ip igmp snooping max-groups

Show: > show ip igmp snooping [ vlan <v_vlan_list> ] [ group-database [ interface ( <port_type>
[ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
# show ip igmp snooping [ vlan <v_vlan_list> ] [ group-database [ interface ( <port_type>
[ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]

3.9.17.45 (config-if)# ip igmp snooping mrouter

Syntax: (config-if)# ip igmp snooping mrouter

Explanation: Set this interface to Router port. If IGMP snooping cannot locate the
IGMP querier, you can manually designate a port which is connected to a known
IGMP querier (i.e., a multicast router/switch). This interface will then join all the
current multicast groups supported by the attached router/switch to ensure that
multicast traffic is passed to all appropriate interfaces within the switch.

Negation: (config-if)# no ip igmp snooping mrouter

Show: > show ip igmp snooping mrouter [ detail ]

# show ip igmp snooping mrouter [ detail ]

3.9.17.46 (config-if)# ip verify source

Syntax: (config-if)# ip verify source

Explanation: Enable IP Source Guard on this interface

Negation: (config-if)# no ip verify source

96 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Show: > show ip verify source [ interface ( <port_type> [ <in_port_type_list> ] ) ]

# show ip verify source [ interface ( <port_type> [ <in_port_type_list> ] ) ]

3.9.17.47 (config-if)# ip verify source limit

Syntax: (config-if)# ip verify source limit <0-2>

Explanation: Specify the maximum number of dynamic clients that can be learned
on a port. The available options are 0, 1, 2. If the port mode is enabled and the
maximum number of dynamic clients is equal 0, the switch will only forward IP
packets that are matched in static entries for a given port.

Parameters:

<0-2>: Specify the maximum number of dynamic clients that can be learned
on a port.

Negation: (config-if)# no ip verify source limit

Show: > show ip verify source [ interface ( <port_type> [ <in_port_type_list> ] ) ]

# show ip verify source [ interface ( <port_type> [ <in_port_type_list> ] ) ]

3.9.17.48 (config-if-vlan)# ip address

Syntax: (config-if-vlan)# ip address { { <address> <netmask> } | { dhcp [ fallback

<fallback_address> <fallback_netmask> [ timeout <fallback_timeout> ] ] } }

Explanation: Configure IPv4 address for this VLAN interface.

Parameters:

<address> <netmask>: Specify IPv4 address and subnet mask.

dhcp [ fallback <fallback_address> <fallback_netmask> [ timeout <fallback_timeout> ] ]: Use

DHCP server to automatically assign IP address.

fallback <fallback_address> <fallback_netmask>: specify Fallback IP address and subnet

mask.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 97

Chapter 3 Introduction to CLI Installation and Operation Manual

timeout <fallback_timeout>: Specify Fallback timeout value.

Negation: (config-if-vlan)# no ip address

Show: > show ip interface brief

# show ip interface brief

3.9.17.49 (config-if-vlan)# ip dhcp server

Syntax: (config-if-vlan)# ip dhcp server

Explanation: Eanble DHCP server on this specific VLAN.

Negation: (config-if-vlan)# no ip dhcp server

Show: > show ip dhcp server

# show ip dhcp server

3.9.17.50 (config-if-vlan)# ip igmp snooping

Syntax: (config-if-vlan)# ip igmp snooping

Explanation: Eanble IGMP Snooping on this specific VLAN.

Negation: (config-if-vlan)# no ip igmp snooping

Show: > show ip statistics [ system ] [ interface vlan <v_vlan_list> ] [ icmp ] [ icmp-
msg <type> ]
# show ip statistics [ system ] [ interface vlan <v_vlan_list> ] [ icmp ] [ icmp-
msg <type> ]

3.9.17.51 (config-if-vlan)# ip igmp snooping compatibility

98 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Syntax: (config-if-vlan)# ip igmp snooping compatibility { auto | v1 | v2 | v3 }

Explanation: Configure IGMP Snooping version used for this specific VLAN.

Parameters:

{ auto | v1 | v2 | v3 }: Specify one of the IGMP Snooping options.

auto: Compatible with Version 1, Version 2, and Version 3.

v1: Compatible with IGMP version 1.

v2: Compatible with IGMP version 2.

v3: Compatible with IGMP version 3.

Negation: (config-if-vlan)# no ip igmp snooping compatibility

3.9.17.52 (config-if-vlan)# ip igmp snooping last-member-

query-interval

Syntax: (config-if-vlan)# ip igmp snooping last-member-query-interval

<ipmc_lmqi>

Explanation: LMQI stands for Last Member Query Interval and is to configure the
maximum time to wait for IGMP/MLD report memberships on a receiver port
before removing the port from multicast group membership. The allowed range is
0~31744 tenths of a second.

Parameters:

<ipmc_lmqi: 0-31744>: Specify LMQI (Last Member Query Interval) value.

Negation: (config-if-vlan)# no ip igmp snooping last-member-query-interval

3.9.17.53 (config-if-vlan)# ip igmp snooping priority

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 99

Chapter 3 Introduction to CLI Installation and Operation Manual

Syntax: (config-if-vlan)# ip igmp snooping priority <cos_priority>

Explanation: Specify the priority for transmitting IGMP/MLD control frames. By

default, priority is set to 0. Allowed priority values is 0 -7.

Parameters:

<cos_priority: 0-7>: Specify COS for this specific VLAN. The valid range is 0 to
7.

Negation: (config-if-vlan)# no ip igmp snooping priority

100 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.17.54 (config-if-vlan)# ip igmp snooping querier

Syntax: (config-if-vlan)# ip igmp snooping querier { election | address

<v_ipv4_ucast> }

Parameters:

{ election | address <v_ipv4_ucast> }: Elect the IGMP Snooping querier or use the specified IPv4
unicast address as a querier.

Explanation: Elect or specify IGMP Snooping querier IP address.

Negation: (config-if-vlan)# no ip igmp snooping querier { election | address }

3.9.17.55 (config-if-vlan)# ip igmp snooping query-interval

Syntax: (config-if-vlan)# ip igmp snooping query-interval <ipmc_qi>

Explanation: Specify IPMC Query interval value.

Parameters:

<ipmc_qi: 1-31744>: Specify IPMC Query interval value. The valid value is
1~31744.

Negation: (config-if-vlan)# no ip igmp snooping query-interval

3.9.17.56 (config-if-vlan)# ip igmp snooping query-max-

response-time

Syntax: (config-if-vlan)# ip igmp snooping query-max-response-time <ipmc_qri>

Explanation: Specify IPMC Query Response time value.

Parameters:

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 101

Chapter 3 Introduction to CLI Installation and Operation Manual

<ipmc_qri>: Specify IPMC Query Response time value. The valid value is
1~31744.

Negation: (config-if-vlan)# no ip igmp snooping query-max-response-time

3.9.17.57 (config-if-vlan)# ip igmp snooping robustness-

variable

Syntax: (config-if-vlan)# ip igmp snooping robustness-variable <ipmc_rv>

Explanation: The robustness variable (RV) allows tuning for the expected packet
loss on a subnet. If a subnet is susceptible to packet loss, this value can be
increased. The RV value must not be zero and should not be one. The value
should be 2 or greater. By default, it is set to 2.

Parameters:

<ipmc_rv: 1-255>: Specify IPMC Robustness Variable value. The valid value is
1~255.

Negation: (config-if-vlan)# no ip igmp snooping robustness-variable

3.9.17.58 (config-if-vlan)# ip igmp snooping unsolicited-

report-interval

Syntax: (config-if-vlan)# ip igmp snooping unsolicited-report-interval <ipmc_uri>

Explanation: The Unsolicited Report Interval is the amount of time that the
upstream interface should transmit unsolicited IGMP reports when report
suppression/proxy reporting is enabled. The allowed range for URI is 0 -31744
seconds.

Parameters:

<ipmc_uri: 0-31744>: Specify Unsolicited Report Interval value. The valid value
is 0~31744.

Negation: (config-if-vlan)# no ip igmp snooping unsolicited-report-interval

102 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.17.59 (config-if-vlan)# ipv6 address

Syntax: (config-if-vlan)# ipv6 address <subnet>

Explanation: Configure IPv6 address for this VLAN interface.

Parameters:

<subnet>: Specify IPv6 address in X:X:X:X::X/<0-128> format.

Negation: (config-if-vlan)# no ipv6 address [ <ipv6_subnet> ]

Show: > show ip interface brief

> show ipv6 interface [ vlan <v_vlan_list> { brief | statistics } ]
# show ip interface brief
# show ipv6 interface [ vlan <v_vlan_list> { brief | statistics } ]

3.9.17.60 (config-if-vlan)# ipv6 mld snooping

Syntax: (config-if-vlan)# ipv6 mld snooping

Explanation: Eanble MLD (Multicast Listener Discovery) Snooping on this specific

VLAN.

Negation: (config-if-vlan)# no ipv6 mld snooping

Show: > show ipv6 statistics [ system ] [ interface vlan <v_vlan_list> ] [ icmp ]
[ icmp-msg <type> ]
# show ipv6 statistics [ system ] [ interface vlan <v_vlan_list> ] [ icmp ] [ icmp-
msg <type> ]

3.9.17.61 (config-if-vlan)# ipv6 mld snooping compatibility

Syntax: (config-if-vlan)# ipv6 mld snooping compatibility { auto | v1 | v2 }

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 103

Chapter 3 Introduction to CLI Installation and Operation Manual

Explanation: Configure MLD Snooping version used for this specific VLAN.

Parameters:

{ auto | v1 | v2 | v3 }: Specify one of the MLD Snooping options.

auto: Compatible with Version 1, Version 2.

v1: Compatible with MLD version 1.

v2: Compatible with MLD version 2.

Negation: (config-if-vlan)# no ipv6 mld snooping compatibility

3.9.17.62 (config-if-vlan)# ipv6 mld snooping last-member-

query-interval

Syntax: (config-if-vlan)# ipv6 mld snooping last-member-query-interval

<ipmc_lmqi>

Explanation: LMQI stands for Last Member Query Interval and is to configure the
maximum time to wait for IGMP/MLD report memberships on a receiver port
before removing the port from multicast group membership. The allowed range is
0~31744 tenths of a second.

Parameters:

<ipmc_lmqi: 0-31744>: Specify LMQI (Last Member Query Interval) value.

Negation: (config-if-vlan)# no ipv6 mld snooping last-member-query-interval

3.9.17.63 (config-if-vlan)# ipv6 mld snooping priority

<cos_priority>

Syntax: (config-if-vlan)# ipv6 mld snooping priority <cos_priority>

Explanation: Specify the priority for transmitting IGMP/MLD control frames. By

104 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

default, priority is set to 0. Allowed priority values is 0 -7.

Parameters:

<cos_priority: 0-7>: Specify COS for this specific VLAN. The valid range is 0 to
7.

Negation: (config-if-vlan)# no ipv6 mld snooping priority

3.9.17.64 (config-if-vlan)# ipv6 mld snooping querier election

Syntax: (config-if-vlan)# ipv6 mld snooping querier election

Explanation: Enable MLD Snooping querier election function.

Negation: (config-if-vlan)# no ipv6 mld snooping querier election

3.9.17.65 (config-if-vlan)# ipv6 mld snooping query-interval

<ipmc_qi>

Syntax: (config-if-vlan)# ipv6 mld snooping query-interval <ipmc_qi>

Explanation: Specify MLD Query interval value.

Parameters:

<ipmc_qi: 1-31744>: Specify IPMC Query interval value. The valid value is
1~31744.

Negation: (config-if-vlan)# no ipv6 mld snooping query-interval

3.9.17.66 (config-if-vlan)# ipv6 mld snooping query-max-

response-time <ipmc_qri>

Syntax: (config-if-vlan)# ipv6 mld snooping query-max-response-time <ipmc_qri>

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 105

Chapter 3 Introduction to CLI Installation and Operation Manual

Explanation: Specify MLD Query Response time value.

Parameters:

<ipmc_qri>: Specify MLD Query Response time value. The valid value is
1~31744.

Negation: (config-if-vlan)# no ipv6 mld snooping query-max-response-time

3.9.17.67 (config-if-vlan)# ipv6 mld snooping robustness-

variable <ipmc_rv>

Syntax: (config-if-vlan)# ipv6 mld snooping robustness-variable <ipmc_rv>

Explanation: The robustness variable (RV) allows tuning for the expected packet
loss on a subnet. If a subnet is susceptible to packet loss, this value can be
increased. The RV value must not be zero and should not be one. The value
should be 2 or greater. By default, it is set to 2.

Parameters:

<ipmc_rv: 1-255>: Specify IPMC Robustness Variable value. The valid value is
1~255.

Negation: (config-if-vlan)# no ipv6 mld snooping robustness-variable

3.9.17.68 (config-if-vlan)# ipv6 mld snooping unsolicited-

report-interval <ipmc_uri>

Syntax: (config-if-vlan)# ipv6 mld snooping unsolicited-report-interval <ipmc_uri>

Explanation: The Unsolicited Report Interval is the amount of time that the
upstream interface should transmit unsolicited IGMP reports when report
suppression/proxy reporting is enabled. The allowed range for URI is 0 -31744
seconds.

Parameters:

106 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

<ipmc_uri: 0-31744>: Specify Unsolicited Report Interval value. The valid value
is 0~31744.

Negation: (config-if-vlan)# no ipv6 mld snooping unsolicited-report-interval

3.9.18 (config)# ipmc

3.9.18.1 (config)# ipmc profile

Syntax: (config)# ipmc profile

Explanation: Enable IPMC (IP multicast) profile globally.

Negation: (config)# no ipmc profile

Show: # show ipmc profile

3.9.18.2 (config)# ipmc profile <profile_name>

Syntax: (config)# ipmc profile <profile_name>

Parameters:

<profile_name: word16>: Specify the desired profile name in 16 characters. When entered is
pressed, the command will change to (config-ipmc-profile)#.

Explanation: Set up an IPMC profile.

Example: Create an IPMC profile named “goldpass”.

# config t
(config)# ipmc profile goldpass
(config-ipmc-profile)#

Negation: (config)# no ipmc profile <profile_name>

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 107

Chapter 3 Introduction to CLI Installation and Operation Manual

Show: # show ipmc profile [ <profile_name> ] [ detail ]

3.9.18.3 (config)# ipmc range

Syntax: (config)# ipmc range <entry_name> { <v_ipv4_mcast> [ <v_ipv4_mcast_1> ]

| <v_ipv6_mcast> [ <v_ipv6_mcast_1> ] }

Explanation: Specify the multicast IP range. The available IP range is from

224.0.0.0~239.255.255.255.

Parameters:

<entry_name>: The name used in specifying the address range.

{ <v_ipv4_mcast> [ <v_ipv4_mcast_1> ] | <v_ipv6_mcast> [ <v_ipv6_mcast_1> ] }: Specify the

multicast IP range. The available IP range is from 224.0.0.0~239.255.255.255.

Negation: (config)# no no ipmc range <entry_name>

Show: # show ipmc profile [ <profile_name> ] [ detail ]

3.9.18.4 (config-ipmc-profile)# default range

Syntax: (config-ipmc-profile)# default range <entry_name>

Parameters:

<entry_name: word16>: Specify an entry name in 16 characters for this IPMC

profile.

Explanation: To set default IPMC Profile Rule for a specific IPMC Profile.

Example: To default IPMC Profile Rule (Entry 1) for specific IPMC Profile.

108 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

# config t
(config)# ipmc profile goldpass
(config-ipmc-profile)# default range 1

Negation: (config-ipmc-profile)# no range <entry_name>

Show: # show ipmc profile

#show ipmc profile [ <profile_name> ] [ detail ]

3.9.18.5 (config-ipmc-profile)# description

Syntax: (config-ipmc-profile)# description <profile_desc>

Parameters:

<profile_desc: line 64>: Additional description for the designated profile in 64

characters.

Explanation: Specify descriptive information for the designated profile.

Example: Provide descriptive information for IPMC profile goldpass.

# config t
(config)# ipmc profile goldpass
(config-ipmc-profile)# description 1stclasscustomer

Negation: (config-ipmc-profile)# no description

Show: # show ipmc profile

#show ipmc profile [ <profile_name> ] [ detail ]

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 109

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.18.6 (config-ipmc-profile)# range

Syntax: (config-ipmc-profile)# range <entry_name> { permit | deny } [ log ] [ next

<next_entry> ]

Parameters:

<entry_name>: Specify an entry name.

{ permit | deny }: Specify the action taken upon receiving the Join/Report frame that has the
group address matches the address range of the rule.

Permit: Group address matches the range specified in the rule will be learned.

Deny: Group address matches the range specified in the rule will be
dropped.

[ log ]: Log when matching

[ next <next_entry> ]: Specify next entry used in profile

Explanation: To set action of an entry for a specific IPMC profile.

Negation: (config-ipmc-profile)# no range <entry_name>

Show: # show ipmc profile

#show ipmc profile [ <profile_name> ] [ detail ]

3.9.19 (config)# ipv6 mld host-proxy

3.9.19.1 (config)# ipv6 mld host-proxy

Syntax: (config)# ipv6 mld host-proxy

Explanation: Enable IPv6 MLD proxy. When MLD proxy is enabled, the switch
exchanges MLD messages with the router on its upstream interface, and
performs the host portion of the MLD task on the upstream interface as follows:

 When queried, it sends multicast listener reports to the group.

110 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

 When a host joins a multicast group to which no other host belongs, it sends unsolicited
multicast listener reports to that group.
 When the last host in a particular multicast group leaves, it sends an unsolicited multicast
listener done report to the all-routers address (FF02::2) for MLDv1.

Example: Enable IPv6 MLD Proxy.

Example: Enable IPv6 MLD proxy.

# config t
(config)# ipv6 mld host-proxy
(config)#

Negation: (config)# no ipv6 mld host-proxy

Show: > show ipv6 mld snooping [ vlan <v_vlan_list> ] [ group-database [ interface ( <port_type>
[ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
# show ipv6 mld snooping [ vlan <v_vlan_list> ] [ group-database [ interface ( <port_type>
[ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]

3.9.19.2 (config)# ipv6 mld host-proxy leave-proxy

Syntax: (config)# ipv6 mld host-proxy leave-proxy

Explanation: Enable IPv6 MLD leave proxy. To prevent multicast router from
becoming overloaded with leave messages, MLD snooping suppresses leave
messages unless received from the last member port in the group. When the
switch acts as the querier, the leave proxy feature will not function.

Example: Enable IPv6 MLD leave proxy.

# config t
(config)# ipv6 mld host-proxy leave-proxy
(config)#

Negation: (config)# no ipv6 mld host-proxy leave-proxy

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 111

Chapter 3 Introduction to CLI Installation and Operation Manual

Show: > show ipv6 mld snooping [ vlan <v_vlan_list> ] [ group-database [ interface ( <port_type>
[ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
# show ipv6 mld snooping [ vlan <v_vlan_list> ] [ group-database [ interface ( <port_type>
[ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]

3.9.19.3 (config)# ipv6 mld snooping

Syntax: (config)# ipv6 mld snooping

Explanation: Enable MLD Snooping feature globally. When enabled, this device will
monitor network traffic and determine which hosts would like to receive multicast
traffic. The switch can passively monitor or snoop on MLD Listener Query and
Report packets transferred between IP multicast routers and IP multicast service
subscribers to identify the multicast group members. The switch simply monitors
the IGMP packets passing through it, picks out the group registration information
and configures the multicast filters accordingly.

Example: Enable IPv6 MLD snooping.

# config t
(config)# ipv6 mld snooping
(config)#

Negation: (config)# no ipv6 mld snooping

Show: > show ipv6 mld snooping [ vlan <v_vlan_list> ] [ group-database [ interface ( <port_type>
[ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
# show ipv6 mld snooping [ vlan <v_vlan_list> ] [ group-database [ interface ( <port_type>
[ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]

112 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.19.4 (config)# ipv6 mld snooping vlan

Syntax: (config)# ipv6 mld snooping vlan <v_vlan_list>

Parameters:

<v_vlan_list>: Specify VLAN ID for MLD.

Negation: (config)# no ipv6 mld snooping vlan [ <v_vlan_list> ]

Show: > show ipv6 mld snooping [ vlan <v_vlan_list> ] [ group-database [ interface ( <port_type>
[ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
> show ipv6 mld snooping mrouter [ detail ]
# show ipv6 mld snooping [ vlan <v_vlan_list> ] [ group-database [ interface ( <port_type>
[ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
# show ipv6 mld snooping mrouter [ detail ]

Clear: # clear ipv6 mld snooping [ vlan <v_vlan_list> ] statistics

3.9.19.5 (config)# ipv6 mld ssm-range

Syntax: (config)# ipv6 mld ssm-range <v_ipv6_mcast> <ipv6_prefix_length>

Parameters:

<v_ipv6_mcast>: Specify valid IPv6 mluticast address.

<ipv6_prefix_length>: Specify prefix length range from 8 to 128.

Explanation: Specify SSM (Source-Specific Multicast) Range. This setting allows

the SSM-aware hosts and routers run the SSM service model for the groups in the
address range.

Example: Configure MLD SSM with the ff3e::7728/128 settings.

Example: Enable IPv6 MLD proxy.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 113

Chapter 3 Introduction to CLI Installation and Operation Manual

# config t
(config)# ipv6 mld ssm-range ff3e::7728 128

Negation: (config)# no ipv6 mld ssm-range

Show: > show ipv6 mld snooping [ vlan <v_vlan_list> ] [ group-database [ interface ( <port_type>
[ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
# show ipv6 mld snooping [ vlan <v_vlan_list> ] [ group-database [ interface ( <port_type>
[ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]

3.9.19.6 (config)# ipv6 mld unknown-flooding

Syntax: (config)# ipv6 mld unknown-flooding

Explanation: Enable forwarding mode for unregistered (not-joined) IP multicast

traffic.

Example: To flood unregistered IPv6 multicast traffic

Example: Enable IPv6 MLD proxy.

# config t
(config)# ipv6 mld unknown-flooding

Negation: (config)# no ipv6 mld unknown-flooding

Show: > show ipv6 mld snooping [ vlan <v_vlan_list> ] [ group-database [ interface ( <port_type>
[ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
> show ipv6 mld snooping mrouter [ detail ]
# show ipv6 mld snooping [ vlan <v_vlan_list> ] [ group-database [ interface ( <port_type>
[ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
# show ipv6 mld snooping mrouter [ detail ]

3.9.19.7 (config)# ipv6 route

114 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Syntax: (configure)# ipv6 route <v_ipv6_subnet> { <v_ipv6_ucast> | interface vlan

<v_vlan_id> <v_ipv6_addr> }

Parameters:

<v_ipv6_subnet>: Specify IPv6 route address.

{ <v_ipv6_ucast> | interface vlan <v_vlan_id> <v_ipv6_addr> }: Specify one of the options. This
could be either IPv6 next hop unicast address or an interface.

Explanation: Configure a static IPv6 route.

Negation: (config)# no ipv6 route <v_ipv6_subnet> { <v_ipv6_ucast> | interface

vlan <v_vlan_id> <v_ipv6_addr> }

Show: # show ipv6 route [ interface vlan <v_vlan_list> ]

3.9.19.8 (config-if)# ipv6 mld snooping filter

Syntax: (config-if)# ipv6 mld snooping filter <profile_name>

Explanation: Use this command to filter specific multicast traffic on a per port
basis.

Parameters:

<profile_name>: Specify the configured multicast groups that are denied on a port. When a
certain multicast group is selected on a port, IGMP join reports received on a port are dropped.

Negation: (config-if)# no ipv6 mld snooping filter

Show: > show ipv6 mld snooping [ vlan <v_vlan_list> ] [ group-database [ interface ( <port_type>
[ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
# show ipv6 mld snooping [ vlan <v_vlan_list> ] [ group-database [ interface ( <port_type>
[ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 115

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.19.9 (config-if)# ipv6 mld snooping immediate-leave

Syntax: (config-if)# ipv6 igmp snooping immediate-leave

Explanation: Enable fast leave function on a specific port. When a leave packet is
received, the switch immediately removes it from a multicast service without
sending an IGMP group-specific (GS) query to that interface.

Negation: (config-if)# no ipv6 mld snooping immediate-leave

Show: > show ipv6 mld snooping [ vlan <v_vlan_list> ] [ group-database [ interface ( <port_type>
[ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
# show ipv6 mld snooping [ vlan <v_vlan_list> ] [ group-database [ interface ( <port_type>
[ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]

3.9.19.10 (config-if)# ipv6 mld snooping max-groups

Syntax: (config-if)# ip igmp snooping max-groups <throttling>

Explanation: Specify the maximum number of multicast groups that a port can
join at the same time.

Parameters:

<throttling>: This field limits the maximum number of multicast groups that a port can join at
the same time. When the maximum number is reached on a port, any new IGMP join reports will
be dropped. By default, unlimited is selected. The allowed range can be specified is 1 to 10.

Negation: (config-if)# no ipv6 mld snooping max-groups

Show: > show ipv6 mld snooping [ vlan <v_vlan_list> ] [ group-database [ interface ( <port_type>
[ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
# show ipv6 mld snooping [ vlan <v_vlan_list> ] [ group-database [ interface ( <port_type>
[ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]

3. 9.19.11 (config-if)# ipv6 mld snooping mrouter

Syntax: (config-if)# ipv6 mld snooping mrouter

116 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Explanation: Set this interface to Router port. If IGMP snooping cannot locate the
IGMP querier, you can manually designate a port which is connected to a known
IGMP querier (i.e., a multicast router/switch). This interface will then join all the
current multicast groups supported by the attached router/switch to ensure that
multicast traffic is passed to all appropriate interfaces within the switch.

Negation: (config-if)# no ipv6 mld snooping mrouter

Show: > show ipv6 mld snooping [ vlan <v_vlan_list> ] [ group-database [ interface ( <port_type>
[ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
> show ipv6 mld snooping mrouter [ detail ]
# show ipv6 mld snooping [ vlan <v_vlan_list> ] [ group-database [ interface ( <port_type>
[ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
# show ipv6 mld snooping mrouter [ detail ]

3.9.20 (config)# lacp

3.9.20.1 (config)# lacp system-priority

Syntax: (configure)# lacp system-priority <v_1_to_65535>

Parameters:

<v_1_to_65535>: The priority of the port. The allowed value range is from 1 to 65535.

Explanation: Configure system priority for LACP function. The lower number
means greater priority. This priority value controls which ports will be active and
which ones will be in a backup role.

Example: Set LACP system priority value to 100.

Example: Enable IPv6 MLD proxy.

# config t
(config)# lacp system-priority 100

Negation: (config)# no lacp system-priority <v_1_to_65535>

Show: # show lacp { internal | statistics | system-id | neighbour }

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 117

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.20.2 (config-if)# lacp

Syntax: (config-if)# lacp

Explanation: Enable LACP on this interface.

Example: Enable LACP on port 1.

# config t
(config)# interface GigabitEthernet 1/1
(config-if)# lacp
(config-if)#

Negation: (config-if)# no lacp

Show: # show lacp { internal | statistics | system-id | neighbour }

Clear: # clear lacp statistics

3.9.20.3 (config-if)# lacp key

Syntax: (config-if)# lacp key { <v_1_to_65535> | auto }

Explanation: Configure a LACP key for this interface.

Parameters:

{ <v_1_to_65535> | auto }: Specify a LACP key for this interface. The “auto” setting sets the key
as appropriate by the physical link speed. If you want a user-defined key value, enter a value
between 1 and 65535. Ports in an aggregated link group must have the same LACP port Key. In
order to allow a port to join an aggregated group, the port Key must be set to the same value.

Negation: (config-if)# no lacp key { <v_1_to_65535> | auto }

Show: # show lacp { internal | statistics | system-id | neighbour }

118 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.20.4 (config-if)# lacp port-priority <v_1_to_65535>

Syntax: (config-if)# lacp port-priority <v_1_to_65535>

Explanation: Configure a LACP key for this interface.

Parameters:

<v_1_to_65535>}: Specify a LACP port priority for this interface. The lower number means
greater priority. This priority value controls which ports will be active and which ones will be in
a backup role.

Negation: (config-if)# no lacp port-priority <v_1_to_65535>

Show: # show lacp { internal | statistics | system-id | neighbour }

3.9.20.5 (config-if)# lacp role { active | passive }

Syntax: (config-if)# lacp role { active | passive }

Explanation: Configure LACP role for this interface.

Parameters:

{ active | passive }: Specify either “Active” or “Passive” role depending on the device’s capability
of negotiating and sending LACP control packets. Ports that are designated as “Active” are able
to process and send LACP control frames. Hence, this allows LACP compliant devices to negotiate
the aggregated like so that the group may be changed dynamically as required. In order to add
or remove ports from the group, at least one of the participating devices must set to “Active”
LACP ports.

Negation: (config-if)# no lacp role { active | passive }

Show: # show lacp { internal | statistics | system-id | neighbour }

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 119

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.20.6 (config-if)# lacp timeout { fast | slow }

Syntax: (config-if)# lacp timeout { fast | slow }

Explanation: Configure timeout mode.

Parameters:

{ fast | slow }: The Timeout controls the period between BPDU transmissions. Fast will transmit
LACP packets each second, while Slow will wait for 30 seconds before sending a LACP packet.

Negation: (config-if)# no lacp timeout { fast | slow }

Show: # show lacp { internal | statistics | system-id | neighbour }

3.9.21 (config)# line

3.9.21.1 (config)# line

Syntax: (configure)# line { <0~16> | console 0 | vty <0~15> }

Explanation: Enter the specific line. When Enter is pressed, the command line
changes to “(config-line)#”.

Parameters:

{ <0~16> | console 0 | vty <0~15> }: Specify one of the options.

<0~16> : List of line numbers.

console 0: Console line connection.

vty <0~15>: VTY lines are the Virtual Terminal lines of the device, used solely to control
inbound Telnet connections. They are virtual, in the sense that they are a function of
software - there is no hardware associated with them.

Example: Enter Console 0 mode.

120 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

# config t
(config)# line console 0
(config-line)#

Show: > show line [ alive ]

# show line [ alive ]

3.9.21.2 (config-line)# do

Syntax: (config-line)# do <command>

Explanation: To run EXEC. commands.

Parameters:

<command>: Enter the EXEC. command

Example: Show aaa settings.

# config t
(config)# line console 0
(config-line)# do show aaa
console : local
telnet : local
ssh : local
http : local
(config-line)#

3.9.21.3 (config-line)# editing

Syntax: (config-line)# editing

Explanation: Enable command line editing.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 121

Chapter 3 Introduction to CLI Installation and Operation Manual

Negation: (config-line)# no editing

Show: > show line [ alive ]

# show line [ alive ]

3.9.21.4 (config-line)# end

Syntax: (config-line)# end

Explanation: Return to EXEC. mode.

Example: Return to EXEC. mode.

Example: Enable IPv6 MLD proxy.

# config t
(config)# line console 0
(config-line)# end
#

3.9.21.5 (config-line)# exec-banner

Syntax: (config-line)# exec-banner

Explanation: Enable the display of EXEC banner.

Example: Enable the display of EXEC banner.

# config t
(config)# line console 0
(config-line)# exec-banner

122 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Negation: (config-line)# no exec-banner

Show: > show line [ alive ]

# show line [ alive ]

3.9.21.6 (config-line)# exec-timeout

Syntax: (config-line)# exec-timeout <min> [ <sec> ]

Parameters:

<min>: Specify timeout in minutes. The allowed range is 0 to 1440. Specify "0" to disable
timeout function (CLI session will never timeout.)

[<sec>]: Specify timeout in seconds. The allowed range is 0 to 3600.

Negation: (config-line)# no exec-timeout

Show: > show line [ alive ]

# show line [ alive ]

3.9.21.7 (config-line)# exit

Syntax: (config-line)# exit

Explanation: Return to Config mode.

Example: Return to Config mode.

# config t
(config)# line console 0
(config-line)# exit
(config)#

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 123

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.21.8 (config-line)# help

Syntax: (config-line)# help

Explanation: Show the Help explanation.

Example: Show Help explanation.

# config t
(config)# line console 0
(config-line)# help
Help may be requested at any point in a command by entering
a question mark '?'. If nothing matches, the help list will
be empty and you must backup until entering a '?' shows the
available options.
Two styles of help are provided:
1. Full help is available when you are ready to enter a
command argument (e.g. 'show ?') and describes each possib
argument.
2. Partial help is provided when an abbreviated argument is
entered
and you want to know what Parameters match the input
(e.g. 'show pr?'.)

124 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.21.9 (config-line)# history size

Syntax: (config-line)# history size <history_size>

Explanation: Control how many history commands are displayed.

Parameters:

<history_size>: The allowed range is 0 to 32. 0 means “disable”.

Example: Set history size to 10.

# config t
(config)# line console 0
(config-line)# history size 10

Negation: (config-line)# no history size

Show: > show line [ alive ]

# show line [ alive ]

3.9.21.10 (config-line)# length

Syntax: (config-line)# length <length>

Explanation: Configure the number of lines displayed on the screen.

Parameters:

<length>: Specify the number of lines displayed on the screen. The allowed range is 3 to 512.
Specify “0” for no pausing.

Example: Display 20 lines on the screen.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 125

Chapter 3 Introduction to CLI Installation and Operation Manual

# config t
(config)# line console 0
(config-line)# length 20
(config-line)#

Negation: (config-line)# no length

Show: > show line [ alive ]

# show line [ alive ]

3.9.21.11 (config-line)# location

Syntax: (config-line)# location <location>

Explanation: Configure the descriptive location of this device.

Parameters:

<location>: Location description for the terminal. The characters allowed are 32.

Example: Configure the location “cabinet5a”.

# config t
(config)# line console 0
(config-line)# location cabinet5a
(config-line)#

Negation: (config-line)# no location

Show: > show line [ alive ]

126 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

# show line [ alive ]

3.9.21.12 (config-line)# motd-banner

Syntax: (config-line)# motd-banner

Explanation: Enable the display of motd (message of the day) banner.

Example: Enable motd banner.

# config t
(config)# line console 0
(config-line)# motd-banner
(config-line)#

Negation: (config-line)# no motd-banner

Show: > show line [ alive ]

# show line [ alive ]

3.9.21.13 (config-line)# privilege level

Syntax: (config-line)# privilege level <privileged_level>

Explanation: Configure the privilege level for the terminal line.

Parameters:

<privileged_level>: Privilege level for the terminal line. The allowed range is 0
to 15.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 127

Chapter 3 Introduction to CLI Installation and Operation Manual

Example: Change the privilege level to 5 for vty 1.

# config t
(config)# line vty 1
(config-line)# privilege level 5
(config-line)#

Negation: (config-line)# no privilege level

Show: > show line [ alive ]

# show line [ alive ]

3.9.21.14 (config-line)# width

Syntax: (config-line)# width <width>

Explanation: Configure the width of the terminal line.

Parameters:

<width>: Specify the width of the terminal line. The allowed range is 40 to 512. Specify “0” for
unlimited width.

Example: Change of width of vty 1 to 60.

128 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

# config t
(config)# line vty 1
(config-line)# width 60
(config-line)#

Negation: (config-line)# no width

Show: > show line [ alive ]

# show line [ alive ]

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 129

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.22 (config)# lldp

3.9.22.1 (config)# lldp holdtime

Syntax: (config)# lldp holdtime <val>

Explanation: This setting defines how long LLDP frames are considered valid and
is used to compute the TTL. The default is 4.

Parameters:

<val>: Specify the holdtime value. The allowed value is 2 to 10.

Example: Set the holdtime to 5.

# config t
(config)# lldp holdtime 5

Negation: (config)# no lldp holdtime

3.9.22.2 (config)# lldp reinit

Syntax: (config)# lldp reinit <val>

Explanation: Configure a delay between the shutdown frame and a new LLDP
initialization.

Parameters:

<val>: Specify a value between 1 and 10 (seconds).

Example: Set the LLDP re-initiation value to 3.

# config t
(config)# lldp reinit 3

130 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Negation: (config)# no lldp reinit

3.9.22.3 (config)# lldp timer

Syntax: (config)# lldp timer <val>

Explanation: Configure the interval between LLDP frames are sent to its neighbors
for updated discovery information. The default is 30 seconds.

Parameters:

<val>: Specify a value between 5 and 32768 (seconds).

Example: Set the LLDP timer value to 35.

# config t
(config)# lldp timer 35

Negation: (config)# no lldp timer

3.9.22.4 (config)# lldp transmission-delay

Syntax: (config)# lldp transmission-delay <val>

Parameters:

<val>: Specify a value between 1 and 8192 (seconds).

Explanation: Configure a delay between the LLDP frames that contain changed
configurations. Tx Delay cannot be larger than 1/4 of the Tx interval value.

Example: Set the LLDP transmission delay value to 2.

# config t
(config)# lldp transmission-delay 2

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 131

Chapter 3 Introduction to CLI Installation and Operation Manual

Negation: (config)# no lldp transmission-delay

3.9.22.5 (config)# lldp med datum

Syntax: (config)# lldp med datum { wgs84 | nad83-navd88 | nad83-mllw }

Explanation: The Map Datum is used for the coordinates given in above options.

Parameters:

{ wgs84 | nad83-navd88 | nad83-mllw }: Specify one of the options.

WGS84: (Geographical 3D) - World Geodesic System 1984, CRS Code 4327, Prime Meridian
Name: Greenwich.

NAD83/NAVD88: North American Datum 1983, CRS Code 4269, Prime Meridian Name:
Greenwich; The associated vertical datum is the North American Vertical Datum of 1988
(NAVD88). This datum pair is to be used when referencing locations on land, not near tidal
water (which would use Datum = NAD83/MLLW).

NAD83/MLLW: North American Datum 1983, CRS Code 4269, Prime Meridian Name:
Greenwich; The associated vertical datum is Mean Lower Low Water (MLLW). This datum
pair is to be used when referencing locations on water/sea/ocean.

Example: Set the map datum to wgs84.

# config t
(config)# lldp med datum wgs84

Negation: (config)# no lldp med datum

132 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.22.6 (config)# lldp med fast

Syntax: (config)# lldp med fast <v_1_to_10>

Explanation: Rapid startup and Emergency Call Service Location Identification

Discovery of endpoints is a critically important aspect of VoIP systems in general.
In addition, it is best to advertise only those pieces of information which are
specifically relevant to particular endpoint types (for example only advertise the
voice network policy to permitted voice-capable devices), both in order to
conserve the limited LLDPU space and to reduce security and system integrity
issues that can come with inappropriate knowledge of the network policy. With
this in mind, LLDP-MED defines an LLDP-MED Fast Start interaction between the
protocol and the application layers on top of the protocol, in order to achieve
these related properties. With Fast start repeat count it is possible to specify the
number of times the fast start transmission is repeated. The recommended value
is 4 times, giving that 4 LLDP frames with a 1 second interval will be transmitted,
when a LLDP frame with new information is received. It should be noted that
LLDP-MED and the LLDP-MED Fast Start mechanism is only intended to run on
links between LLDP-MED Network Connectivity Devices and Endpoint Devices, and
as such does not apply to links between LAN infrastructure elements, including
between Network Connectivity Devices, or to other types of links.

Parameters:

<v_1_to_10>: Specify a valid value between 1 and 10.

Example: Set the value to 5.

Example: Set the holdtime to 5.

# config t
(config)# lldp med fast 5

Negation: (config)# no lldp med fast

3.9.22.7 (config)# lldp med location-tlv altitude

Syntax: (config)# lldp med location-tlv altitude { meters | floors } <v_word11>

Explanation: Altitude SHOULD be normalized to within -32767 to 32767 with a

maximum of 4 digits. It is possible to select between two altitude types (floors or
meters). “meters” means meters of Altitude defined by the vertical datum
specified; while, “floors” means altitude in a form more relevant in buildings

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 133

Chapter 3 Introduction to CLI Installation and Operation Manual

which have different floor-to-floor dimensions.

Parameters:

{ meters | floors }: Specify one of the options.

<v_word11>: Specify a value for the specified option.

Example: Set the altitude value to “floors 10”.

Example: Set the holdtime to 5.

# config t
(config)# lldp med location-tlv altitude floors 10

Negation: (config)# no lldp med location-tlv altitude

3.9.22.8 (config)# lldp med location-tlv civic-addr

Syntax: (config)# lldp med location-tlv civic-addr { country | state | county | city |
district | block | street | leading-street-direction | trailing-street-suffix | street-
suffix | house-no | house-no-suffix | landmark | additional-info | name | zip-code |
building | apartment | floor | room-number | place-type | postal-community-name |
p-o-box | additional-code } <v_string250>

Explanation: Configure civic address information.

Parameters:

{ country | state | county | city | district | block | street | leading-street-direction | trailing-street-

suffix | street-suffix | house-no | house-no-suffix | landmark | additional-info | name | zip-code |
building | apartment | floor | room-number | place-type | postal-community-name | p-o-box |
additional-code }: Specify one of the options.

country: The two-letter ISO 3166 country code in capital ASCII letters - Example: DK, DE or
US.

state: National subdivisions (state, canton, region, province, prefecture).

134 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

county: County, parish, gun (Japan), district.

city: City, township, shi (Japan) - Example: Copenhagen.

district: City division, borough, city district, ward, chou (Japan).

block: Neighbourhood, block.

street: Street - Example: Poppelvej.

leading-street-direction: Example: N.

trailings-street-suffix: Example: SW.

street-suffix: Ave, Platz.

house-no: Specify house number.

house-no-suffix: Example: A, 1/2.

landmark: Landmark or vanity address - Example: Columbia University.

additional-info: Example: South Wing.

Name: Example: Flemming Jahn.

zip-code: Postal/zip code - Example: 2791.

building: Building (structure). Example: Low Library.

apartment: Unit (Apartment, suite). Example: Apt 42.

floor: Example: 4.

room-number: Room number - Example: 450F.

place-type: Example: Office.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 135

Chapter 3 Introduction to CLI Installation and Operation Manual

postal-community-name: Example: Leonia.

p-o-box: Example: 12345.

additional code: Example: 1320300003.

Example: Set the country code to “UK”.

Example: Set the holdtime to 5.

# config t
(config)# lldp med location-tlv civic-addr country UK

Negation: (config)# no lldp med location-tlv civic-addr { country | state | county |

city | district | block | street | leading-street-direction | trailing-street-suffix | street-
suffix | house-no | house-no-suffix | landmark | additional-info | name | zip-code |
building | apartment | floor | room-number | place-type | postal-community-name |
p-o-box | additional-code }

3.9.22.9 (config)# lldp med location-tlv elin-addr

Syntax: (config)# lldp med location-tlv elin-addr <v_word25>

Explanation: Configure a value for Emergency Location Information.

Parameters:

<v_word25>: A value for Emergency Location Information (ELIN).

Example: Set the emergency location information to “911”.

# config t
(config)# lldp med location-tlv elin-addr 911

Negation: (config)# no lldp med location-tlv elin-addr

136 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.22.10 (config)# lldp med location-tlv latitude

Syntax: (config)# lldp med location-tlv latitude { north | south } <v_word8>

Explanation: Configure a value for latitude. Latitude value should be between 0

and 90.

Parameters:

{ north | south }: Specify one of the options, either north or south.

<v_word8>: Specify latitude value for the selected option.

Example: Set the north latitude to 5.

Example: Set the holdtime to 5.

# config t
(config)# lldp med location-tlv latitude north 5

Negation: (config)# no lldp med location-tlv latitude

3.9.22.11 (config)# lldp med location-tlv longitude

Syntax: (config)# lldp med location-tlv longitude { west | east } <v_word9>

Explanation: Configure a value for longitude. Longitude value should be between

0 and 180.

Parameters:

{ west | east }: Specify one of the options, either west or east.

<v_word9>: Specify longitude value for the selected option.

Example: Set the west longitude to 90.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 137

Chapter 3 Introduction to CLI Installation and Operation Manual

Example: Set the holdtime to 5.

# config t
(config)# lldp med location-tlv longitude west 90

Negation: (config)# no lldp med location-tlv longitude

3.9.22.12 (config)# lldp med media-vlan-policy

Syntax: (config)# lldp med media-vlan-policy <policy_index> { voice | voice-

signaling | guest-voice-signaling | guest-voice | softphone-voice | video-
conferencing | streaming-video | video-signaling } { tagged <v_vlan_id> |
untagged } [ l2-priority <v_0_to_7> ] [ dscp <v_0_to_63> ]

Explanation: Configure a LLDP MED policy ID for a service.

Parameters:

<policy_index>: Specify a policy ID. The valid range is from 0 to 31.

{ voice | voice-signaling | guest-voice-signaling | guest-voice | softphone-voice | video-

conferencing | streaming-video | video-signaling }: Specify one of the services for this policy ID.

{ tagged <v_vlan_id> | untagged }: Specify whether this service is tagged or untagged. When
“tagged” is specified, a VLAN ID should be provided.

[ l2-priority <v_0_to_7> ]: Specify a value for L2 priority. The valid value is

from 0 to 7.

[ dscp <v_0_to_63> ]: Specify a value for DSCP. The valid value is from 0 to
63.

Example: Create a policy ID 1 for tagged Voice VLAN.

Example: Set the holdtime to 5.

138 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

# config t
(config)# lldp med media-vlan-policy 1 voice tagged 100 l2-
priority 7 DSCP 63

Negation: (config)# no lldp med media-vlan-policy <policies_list>

Show: > show lldp med media-vlan-policy [ <v_0_to_31> ]

# show lldp med media-vlan-policy [ <v_0_to_31> ]

3.9.22.13 (config-if)# lldp cdp-aware

Syntax: (config-if)# lldp cdp-aware

Explanation: Configures if the interface shall be CDP aware (CDP discovery

information is added to the LLDP neighbor table).

Example: Set interface 1 to CDP aware.

# config t
(config)# interface GigabitEthernet 1/1
(config-if)# lldp cdp-aware

Negation: (config-if)# no lldp cdp-aware

Show: > show lldp neighbors [ interface ( <port_type> [ <v_port_type_list> ] ) ]

# show lldp neighbors [ interface ( <port_type> [ <v_port_type_list> ] ) ]

3.9.22.14 (config-if)# lldp med media-vlan policy-list

Syntax: (config-if)# lldp med media-vlan policy-list <v_range_list>

Explanation: To apply MED Media-VLAN policy of LLDP on this interface.

Parameters:

<v_range_list>: Assign a policy to this interface.

Negation: (config-if)# no lldp med media-vlan policy-list <v_range_list>

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 139

Chapter 3 Introduction to CLI Installation and Operation Manual

Show: > show lldp med media-vlan-policy [ <v_0_to_31> ]

# show lldp med media-vlan-policy [ <v_0_to_31> ]

3.9.22.15 (config-if)# lldp med transmit-tlv

Syntax: (config-if)# lldp med transmit-tlv [ capabilities ] [ location ] [ network-
policy ]

Explanation: To configure LLDP-MED TLV Type for specific interface.

Parameters:

[ capabilities ]: Enable transmission of the optional capabilities TLV.

[ location ]: Enable transmission of the optional location TLV.

[ network-policy ]: Enable transmission of the optional network policy TLV.

Negation: (config-if)# no lldp med transmit-tlv [ capabilities ] [ location ]

[ network-policy ]

Show: > show lldp med media-vlan-policy [ <v_0_to_31> ]

# show lldp med media-vlan-policy [ <v_0_to_31> ]

3.9.22.16 (config-if)# lldp receive

Syntax: (config-if)# lldp receive

Explanation: The switch will analyze LLDP information received from neighbours.

Negation: (config-if)# no lldp receive

Show: > show lldp statistics [ interface ( <port_type> [ <v_port_type_list> ] ) ]

# show lldp statistics [ interface ( <port_type> [ <v_port_type_list> ] ) ]

140 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.22.17 (config-if)# lldp tlv-select

Syntax: (config-if)# lldp tlv-select { management-address | port-description |
system-capabilities | system-description | system-name }

Explanation: To configure LLDP-MED TLV attributes for specific interface.

Parameters:

{ management-address | port-description | system-capabilities | system-description | system-

name }: Specify a LLDP TLV attribute. LLDP uses several attributes to discover neighbour
devices. These attributes contains type, length, and value descriptions and are referred to TLVs.
Details such as port description, system name, system description, system capabilities,
management address can be sent from this device.

Negation: (config-if)# no lldp tlv-select { management-address | port-description |

system-capabilities | system-description | system-name }

Show: > show lldp neighbors [ interface ( <port_type> [ <v_port_type_list> ] ) ]

# show lldp neighbors [ interface ( <port_type> [ <v_port_type_list> ] ) ]

3.9.22.18 (config-if)# lldp transmit

Syntax: (config-if)# lldp transmit

Explanation: To configure LLDP Tx only mode for specific interface

Negation: (config-if)# no lldp transmit

Show: # show lldp statistics [ interface ( <port_type> [ <v_port_type_list> ] ) ]

3.9.23 (config)# logging

3.9.23.1 (config)# logging on

Syntax: (config)# logging on

Explanation: This sets the server mode operation. When the mode of operation is
enabled (on), the syslog message will send out to syslog server (at the server
address). The syslog protocol is based on UDP communication and received on

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 141

Chapter 3 Introduction to CLI Installation and Operation Manual

UDP port 514. Syslog server will not send acknowledgments back to the sender
since UDP is a connectionless protocol and it does not provide acknowledgments.
The syslog packet will always send out, even if the syslog server does not exist.
When the mode of operation is disabled, no syslog packets are sent out.

Example: Enable log server operation.

# config t
(config)# logging on

Negation: (config)# no logging on

Show: # show logging

Clear: # clear logging [ info ] [ warning ] [ error ] [ switch <switch_list> ]

3.9.23.2 (config)# logging host

Syntax: (config)# logging host { <v_ipv4_ucast> | <v_word45> }

Parameters:

{ <hostname> | <ipv4_ucast> }: Specify one of the options. The hostname is the domain name
of the log server; while the latter is IPv4 address of the log server.

Explanation: Configure log server address.

Example: Use IPv4 address to configure log server.

Example: Set the holdtime to 5.

# config t
(config)# logging host 192.168.1.253

Negation: (config)# no logging host

Show: # show logging

142 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

# show logging <logging_id: 1-4294967295>

# show logging [info] [warning] [error]

3.9.23.3 (config)# logging level

Syntax: (config)# logging level { info | warning | error }

Explanation: Configure what kind of messages will send to syslog server.

Parameters:

{ info | warning | error }: Specify one of the log message options.

Info: Send information, warnings and errors.

Warning: Send warnings and errors.

Error: Send errors only.

Example: Send error messages to log server.

# config t
(config)# logging level error

Show: # show logging

# show logging <logging_id: 1-4294967295>
# show logging [info] [warning] [error]

3.9.24 (config)# loop-protect

3.9.24.1 (config)# loop-protect

Syntax: (config)# loop-protect

Explanation: Enable loop protection function.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 143

Chapter 3 Introduction to CLI Installation and Operation Manual

Example: Enable loop protection function.

# config t
(config)# loop-protect

Negation: (config)# no loop-protect

Show: # show loop-protect [ interface ( <port_type> [ <plist> ] ) ]

3.9.24.2 (config)# loop-protect shutdown-time

Syntax: (config)# loop-protect shutdown-time <t>

Explanation: Configure the period for which a port will be kept disabled.

Parameters:

<t: 0-604800>: Specify a shutdown time value. The valid values are from 0 to 604800 seconds.
0 means that a port is kept disabled until next device restart.

Example: Set the shutdown time value to 180 seconds.

# config t
(config)# loop-protect shutdown-time 180

Negation: (config)# no loop-protect shutdown-time

Show: # show loop-protect [ interface ( <port_type> [ <plist> ] ) ]

3.9.24.3 (config)# loop-protect transmit-time

Syntax: (config)# loop-protect transmit-time <t>

144 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Explanation: Configure the interval between each loop protection PDU sent on
each port.

Parameters:

<t: 1-10>: Specify a transmit time value. The valid values are from 1 to 10 seconds.

Example: Set the transmit time value to 5 seconds.

# config t
(config)# loop-protect transmit-time 5

Negation: (config)# no loop-protect transmit-time

Show: # show loop-protect [ interface ( <port_type> [ <plist> ] ) ]

3.9.24.4 (config-if)# loop-protect

Syntax: (config-if)# loop-protect

Explanation: Enable loop protection function on this interface.

Negation: (config-if)# no loop-protect

Show: # show loop-protect [ interface ( <port_type> [ <plist> ] ) ]

3.9.24.5 (config-if)# loop-protect action

Syntax: (config-if)# loop-protect action { [ shutdown ] [ log ] }

Explanation: Configure the action taken when loops are detected on a port.

Parameters:

{ [ shutdown ] [ log ] }: When a loop is detected on a port, the loop protection will immediately
take appropriate actions. Actions will be taken include “Shutdown Port”, “Shutdown Port and
Log” or “Log Only”.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 145

Chapter 3 Introduction to CLI Installation and Operation Manual

Negation: (config-if)# no loop-protect action

Show: # show loop-protect [ interface ( <port_type> [ <plist> ] ) ]

3.9.24.6 (config-if)# loop-protect tx-mode

Syntax: (config-if)# loop-protect tx-mode

Explanation: Enable a port to actively generate loop protection PDUs.

Negation: (config-if)# no loop-protect tx-mode

Show: # show loop-protect [ interface ( <port_type> [ <plist> ] ) ]

3.9.25 (config)# mac

3.9.25.1 (config)# mac address-table aging-time

Syntax: (config)# mac address-table aging-time <v_0_10_to_1000000>

Explanation: Configure the aging time for a learned MAC to be appeared in MAC
learning table.

Parameters:

<v_0_10_to_1000000>: Specify an aging time value for MAC address table. The valid values are
from 10 to 1000000 (seconds). Using “0” to disable aging time function.

Example: Set the aging time to 600 seconds.

Example: Set the holdtime to 5.

# config t
(config)# mac address-table aging-time 600

146 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Negation: (config)# no mac address-table aging-time

(config)# no mac address-table aging-time <v_0_10_to_1000000>

Show: > show mac address-table [ conf | static | aging-time | { { learning | count } [ interface
( <port_type> [ <v_port_type_list> ] ) ] } | { address <v_mac_addr> [ vlan <v_vlan_id> ] } | vlan
<v_vlan_id_1> | interface ( <port_type> [ <v_port_type_list_1> ] ) ]
# show mac address-table [ conf | static | aging-time | { { learning | count } [ interface
( <port_type> [ <v_port_type_list> ] ) ] } | { address <v_mac_addr> [ vlan <v_vlan_id> ] } | vlan
<v_vlan_id_1> | interface ( <port_type> [ <v_port_type_list_1> ] ) ]
# show mac address-table aging-time

3.9.25.2 (config)# mac address-table static

Syntax: (config)# mac address-table static <v_mac_addr> vlan <v_vlan_id>

interface ( <port_type> [ <v_port_type_list> ] )

Explanation: Configure the static MAC address mapping table.

Parameters:

<v_mac_addr>: Specify MAC address in “xx:xx:xx:xx:xx:xx” format.

vlan <v_vlan_id>: Specify the VLAN ID for this entry.

interface ( <port_type> [ <v_port_type_list> ] ): Specify the interface port type and the port
number.

Example: Add a static MAC address “11:11:22:22:33:33” to MAC address table.

Example: Set the holdtime to 5.

# config t
(config)# mac address-table static 11:11:22:22:33:33 vlan 1
interface GigabitEthernet 1/1-10

Negation: (config)# no mac address-table static <v_mac_addr> vlan <v_vlan_id>

interface ( <port_type> [ <v_port_type_list> ] )

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 147

Chapter 3 Introduction to CLI Installation and Operation Manual

Show: > show mac address-table [ conf | static | aging-time | { { learning | count } [ interface
( <port_type> [ <v_port_type_list> ] ) ] } | { address <v_mac_addr> [ vlan <v_vlan_id> ] } | vlan
<v_vlan_id_1> | interface ( <port_type> [ <v_port_type_list_1> ] ) ]
# show mac address-table [ conf | static | aging-time | { { learning | count } [ interface
( <port_type> [ <v_port_type_list> ] ) ] } | { address <v_mac_addr> [ vlan <v_vlan_id> ] } | vlan
<v_vlan_id_1> | interface ( <port_type> [ <v_port_type_list_1> ] ) ]

Clear: # clear mac address-table

3.9.25.3 (config-if)# mac address-table learning

Syntax: (config)# mac address-table learning [ secure ]

Explanation: Set this interface to secure mode.

Parameters:

[ secure ]: Only static MAC entries listed in “Static MAC Table Configuration” are learned. Others
will be dropped.

NOTE: Make sure that the link used for managing the switch is added to the
Static Mac Table before changing to secure learning mode, otherwise the
management link is lost and can only be restored by using another non-secure
port or by connecting to the switch via the serial interface.

Negation: (config-if)# no mac address-table learning [ secure ]

Show: > show mac address-table [ conf | static | aging-time | { { learning | count } [ interface
( <port_type> [ <v_port_type_list> ] ) ] } | { address <v_mac_addr> [ vlan <v_vlan_id> ] } | vlan
<v_vlan_id_1> | interface ( <port_type> [ <v_port_type_list_1> ] ) ]
# show mac address-table [ conf | static | aging-time | { { learning | count } [ interface
( <port_type> [ <v_port_type_list> ] ) ] } | { address <v_mac_addr> [ vlan <v_vlan_id> ] } | vlan
<v_vlan_id_1> | interface ( <port_type> [ <v_port_type_list_1> ] ) ]

Clear: # clear mac address-table

3.9.26 (config-if)# media-type

Syntax: (config-if)# media-type { rj45 | sfp | dual }

148 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Explanation: Configure the media type supported for this specific interface.

Parameters:

{ rj45 | sfp | dual }: The options are RJ-45, SFP, or dual (both RJ-45 & SFP are supported.).

Negation: (config-if)# no media-type

3.9.27 (config-if)# mtu

Syntax: (config-if)# mtu <max_length>

Explanation: Configure the maximum transmission unit for this specific interface.

Parameters:

<max_length: 1518-9600>}: Specify the MTU. The range is 1518 to 9600 bytes.

Negation: (config-if)# no mtu

Show: # show interface ( <port_type> [ <v_port_type_list> ] ) status

3.9.28 (config)# mep

3.9.28.1 (config)# mep <inst>

Syntax: (config)# mep <inst> [ mip ] { up | down } domain { port | evc | vlan } [ vid
<vid> ] flow <flow> level <level> interface <port_type> <port>

Explanation: Create a MEP instance.

Parameters:

<inst>: Specify an instance ID number.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 149

Chapter 3 Introduction to CLI Installation and Operation Manual

[ mip ]: Mip (Maintenance Entity Intermediate Point) mode.

{ up | down }: Specify the traffic direction either Ingress or Egress for monitoring on a residence
port.

domain { port | evc | vlan }: Specify a domain option.

Port: This is a MEP in the Port Domain. 'Flow Instance' is a Port.

(CURRENTLY, Port is available for use.)

Evc: This is a MEP in the EVC Domain. 'Flow Instance' is a EVC. The EVC must be created.

VLAN: This is a MEP in the VLAN Domain. 'Flow Instance' is a VLAN. The VLAN must be created.

[ vid <vid> ]: A C-tag or S-tag (depending on VLAN port type) is added with this VID. Entering
“0” means no tag will be added.

flow <flow>: The MEP related to this flow.

level <level>: The MGP level of this MEP.

interface <port_type> <port>: Specify a port number that you want to moinitor.

Negation: (config)# no mep <inst>

Show: # show mep [ <inst> ] [ peer | cc | lm | dm | lt | lb | tst | aps | client | ais |

lck ] [ detail ]

150 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.28.2 (config)# mep <inst> ais

Syntax: (config)# mep <inst> ais [ fr1s | fr1m ] [ protect ]

Explanation: To configure AIS of a MEP instance.

Parameters:

<inst>: Specify an instance ID number.

ais [ fr1s | fr1m ]: Ais stands for Alarm Indication Signal. “fr1s” means that frame rate is 1 f/s.
“fr1m” means that frame rate is 1 f/min.

[ protect ]: The AIS can be used for protection. At the point of state change three AIS PDUs
are transmitted as fast as possible.

Negation: (config)# no mep <inst> ais

Show: # show mep [ <inst> ] [ peer | cc | lm | dm | lt | lb | tst | aps | client | ais |

lck ] [ detail ]

3.9.28.3 (config)# mep <inst> aps

Syntax: (config)# mep <inst> aps <prio> [ multi | uni ] { laps | { raps [ octet
<octet> ] } }

Explanation: Configure APS of a MEP instance.

Parameters:

<inst>: Specify an instance ID number.

aps <prio>: The priority to be inserted as PCP bits in TAG (if any).

[ multi | uni ]: Specify an option.

multi: OAM PDU is transmitted with multicast MAC. Must be “multi” in case of RAPS (Ring
Automatic Protection Switching Protocol).

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 151

Chapter 3 Introduction to CLI Installation and Operation Manual

uni: OAM PDU is transmitted with unicast MAC. The MAC is taken from peer MEP MAC
database. This option is only possible in case of LAPS (Linear Automatic Protection
Switching Protocol).

{ laps | { raps [ octet <octet> ] } }: Specify an option.

laps: APS PDU is transmitted as L-APS (this is for ELPS).

raps: APS PDU is transmitted as R-APS (this is for ERPS).

octet: This is the last octet of the transmitted and expected RAPS multi-cast MAC. In
G.8031 (03/2010) a RAPS multi-cast MAC is defined as 01-19-A7-00-00-XX. In current
standard the value for this last octet is '01' and the usage of other values is for further
study.

Negation: (config)# no mep <inst> aps

Show: # show mep [ <inst> ] [ peer | cc | lm | dm | lt | lb | tst | aps | client | ais |

lck ] [ detail ]

3.9.28.4 (config)# mep <inst> cc

Syntax: (config)# mep <inst> cc <prio> [ fr300s | fr100s | fr10s | fr1s | fr6m | fr1m
| fr6h ]

Explanation: Configure Continuity Check of a MEP instance.

Parameters:

<inst>: Specify an instance ID number.

cc: Continuity Check

<prio: 0-7>: The priority to be inserted as PCP bits in TAG (if any).

[ fr300s | fr100s | fr10s | fr1s | fr6m | fr1m | fr6h ]: The frame rate is 300 f/s, 100 f/s, 10 f/s,
1 f/s, 6 f/min, 1 f/min, 6 f/hour.

Negation: (config)# no mep <inst> cc

152 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Show: # show mep [ <inst> ] [ peer | cc | lm | dm | lt | lb | tst | aps | client | ais |

lck ] [ detail ]

3.9.28.5 (config)# mep <inst> client domain

Syntax: (config)# mep <inst> client domain { evc | vlan }

Explanation: Configure client domain of a MEP instance.

Parameters:

<inst>: Specify an instance ID number.

cc: Continuity Check

{ evc | vlan }: The client layer domain. Options available are EVC and VLAN
domain.

Show: # show mep [ <inst> ] [ peer | cc | lm | dm | lt | lb | tst | aps | client | ais |

lck ] [ detail ]

3.9.28.6 (config)# mep <inst> client flow

Syntax: (config)# mep <inst> client flow <cflow> level <level> [ ais-prio
[ <aisprio> | ais-highest ] ] [ lck-prio [ <lckprio> | lck-highest ] ]

Explanation: Configure the priority to be used when transmitting AIS in each client
flow.

Parameters:

<inst>: Specify an instance ID number.

client flow <cflow: unit>: The client layer flow number.

level <level: 0-7>: The MEG level value.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 153

Chapter 3 Introduction to CLI Installation and Operation Manual

[ ais-prio [ <aisprio:0-7> | ais-highest ] ]: Configure AIS injection priority. Specify either 0-7 or
the highest possible number.

[ lck-prio [ <lckprio: 0-7> | lck-highest ] ]: Configure LCK injection priority. Specify either 0-7 or
the highest possible number.

Negation: (config)# no mep <inst> client-flow { <cflow> | all }

Show: # show mep [ <inst> ] [ peer | cc | lm | dm | lt | lb | tst | aps | client | ais |

lck ] [ detail ]

3.9.28.7 (config)# mep <inst> dm

Syntax: (config)# mep <inst> dm <prio> [ multi | { uni mep-id <mepid> } ] [ single
| dual ] [ rdtrp | flow ] interval <interval> last-n <lastn>

Explanation: To configure Delay Measurement of a MEP.

Parameters:

<inst>: Specify an instance ID number.

dm <prio: 0-7>: Configure Delay Measurement (DM) priority value. Priority in case of tagged
OAM. In the EVC domain this is the COS-ID.

[ multi | { uni mep-id <mepid> } ]: Specify multicast or unicast MEP ID.

[ single | dual ]: One-Way or Two-Way Delay Measurement implemented on 1DM or DMM/DMR,

respectively.

[ rdtrp | flow ]: Specify one value.

rdtrp: The frame delay calculated by the transmitting and receiving timestamps of
initiators. Frame Delay = RxTimeb-TxTimeStampf.

Flow: The frame delay calculated by the transmitting and receiving timestamps of initiators
and remotes. Frame Delay = (RxTimeb-TxTimeStampf)-(TxTimeStampb-RxTimeStampf).

interval <interval>: Interval between PDU transmission in 10ms. Min value is 10.

154 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

last-n <lastn>: The last N dalays used for average last N calculation. Min value is 10.

Negation: (config)# no mep <inst> dm

Show: # show mep [ <inst> ] [ peer | cc | lm | dm | lt | lb | tst | aps | client | ais |

lck ] [ detail ]

Clear: # clear mep <inst> { lm | dm |tst }

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 155

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.28.8 (config)# mep <inst> dm ns

Syntax: (config)# mep <inst> dm ns

Explanation: Configure Delay Measurement (nanosecond) of a MEP.

Parameters:

<inst>: Specify an instance ID number.

Negation: (config)# no mep <inst> dm ns

Show: # show mep [ <inst> ] [ peer | cc | lm | dm | lt | lb | tst | aps | client | ais |

lck ] [ detail ]

Clear: # clear mep <inst> { lm | dm |tst }

3.9.28.9 (config)# mep <inst> dm overflow-reset

Syntax: (config)# mep <inst> dm overflow-reset

Explanation: Reset all Delay Measurement results on total delay counter overflow.

Parameters:

<inst>: Specify an instance ID number.

Negation: (config)# no mep <inst> dm overflow-reset

Show: # show mep [ <inst> ] [ peer | cc | lm | dm | lt | lb | tst | aps | client | ais |

lck ] [ detail ]

Clear: # clear mep <inst> { lm | dm |tst }

3.9.28.10 (config)# mep <inst> dm proprietary

156 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Syntax: (config)# mep <inst> dm proprietary

Explanation: Use proprietary Delay Measurement.

Parameters:

<inst>: Specify an instance ID number.

Negation: (config)# no mep <inst> dm proprietary

Show: # show mep [ <inst> ] [ peer | cc | lm | dm | lt | lb | tst | aps | client | ais |

lck ] [ detail ]

Clear: # clear mep <inst> { lm | dm |tst }

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 157

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.28.11 (config)# mep <inst> dm syncronized

Syntax: (config)# mep <inst> dm syncronized

Explanation: Configure time sync of Delay Measurement.

Parameters:

<inst>: Specify an instance ID number.

Negation: (config)# no mep <inst> dm syncronized

Show: # show mep [ <inst> ] [ peer | cc | lm | dm | lt | lb | tst | aps | client | ais |

lck ] [ detail ]

Clear: # clear mep <inst> { lm | dm |tst }

3.9.28.12 (config)# mep <inst> lb

Syntax: (config)# mep <inst> lb <prio> [ dei ] [ multi | { uni { { mep-id <mepid> } |
{ mac <mac> } } } ] count <count> size <size> interval <interval>

Explanation: Configure loopback of a MEP.

Parameters:

<inst>: Specify an instance ID number.

lb <prio: 0-7>: Configure loopback priority. The priority to be inserted as PCP bits in TAG (if
any).

[ dei ]: The DEI to be inserted as PCP bits in TAG (if any).

[ multi | { uni { { mep-id <mepid> } | { mac <mac> } } } ]: Specify LBM PDU to be transmitted as
unicast or multicast. The unicast MAC will be configured through 'Peer MEP' or 'Unicast Peer
MAC'. To-wards MIP only unicast Loop Back is possible.

count <count>: The number of LBM PDU to be sent.

158 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

size <size>: The number of bytes in the LBM PDU Data Pattern TLV.

interval <interval>: The number of bytes in the LBM PDU Data Pattern TLV.

Negation: (config)# no mep <inst> lb

Show: # show mep [ <inst> ] [ peer | cc | lm | dm | lt | lb | tst | aps | client | ais |

lck ] [ detail ]

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 159

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.28.13 (config)# mep <inst> lck

Syntax: (config)# mep <inst> lck [ fr1s | fr1m ]

Explanation: Configure Locked Frame Rate of a MEP.

Parameters:

<inst>: Specify an instance ID number.

[ fr1s | fr1m ]: Frame rate is 1 f/s or 1 f/min.

Negation: (config)# no mep <inst> lck

Show: # show mep [ <inst> ] [ peer | cc | lm | dm | lt | lb | tst | aps | client | ais |

lck ] [ detail ]

3.9.28.14 (config)# mep <inst> level

Syntax: (config)# mep <inst> level <level>

Explanation: Configure MEG level of a MEP.

Parameters:

<inst>: Specify an instance ID number.

<level:0-7>: The MEG level value.

Show: # show mep [ <inst> ] [ peer | cc | lm | dm | lt | lb | tst | aps | client | ais |

lck ] [ detail ]

3.9.28.15 (config)# mep <inst> lm

Syntax: (config)# mep <inst> lm <prio> [ multi | uni ] [ single | dual ] [ fr10s | fr1s
| fr6m | fr1m | fr6h ] [ flr <flr> ]

160 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Explanation: Configure Locked Frame Rate of a MEP.

Parameters:

<inst>: Specify an instance ID number.

lm <prio: 0-7>: Configure loss measurement priority in case of tagged OAM.

In the EVC domain this is the COS-ID.

[ multi | uni ]: multi OAM PDU is transmitted with multicast MAC. uni OAM PDU is transmitted
with unicast MAC. The MAC is taken from peer MEP MAC database. In case of LM there is only
one peer MEP.

[ single | dual ]: Dual ended LM is based on CCM PDU. Single ended LM is

based on LMM/LMR PDU.

[ fr10s | fr1s | fr6m | fr1m | fr6h ]: Specify a frame rate.

fr10s: Frame rate is 10 f/s.

fr1s: Frame rate is 1 f/s.

fr6m: Frame rate is 6 f/min.

fr1m: Frame rate is 1 f/min.

fr6h: Frame rate is 6 f/hour.

[ flr <flr: unit> ]: The Frame Loss Ratio interval value.

Negation: (config)# no mep <inst> lm

Show: # show mep [ <inst> ] [ peer | cc | lm | dm | lt | lb | tst | aps | client | ais |

lck ] [ detail ]

Clear: # clear mep <inst> { lm | dm |tst }

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 161

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.28.16 (config)# mep <inst> lt

Syntax: (config)# mep <inst> lt <prio> { { mep-id <mepid> } | { mac <mac> } } ttl
<ttl>

Explanation: Configure link trace of a MEP.

Parameters:

<inst>: Specify an instance ID number.

lt <prio: 0-7>: Configure link trace priority in case of tagged OAM. In the EVC
domain this is the COS-ID.

{ { mep-id <mepid> } | { mac <mac> } }: Specify Peer MEP-ID for Link Trace target unicast MAC
or Link Trace target unicast MAC address.

ttl <ttl> Time to live value.

Negation: (config)# no mep <inst> lt

Show: # show mep [ <inst> ] [ peer | cc | lm | dm | lt | lb | tst | aps | client | ais |

lck ] [ detail ]

3.9.28.17 (config)# mep <inst> meg-id

Syntax: (config)# mep <inst> meg-id <megid> { itu | itu-cc | { ieee [ name
<name> ] } }

Explanation: To configure MEG-ID format.

Parameters:

<inst>: Specify an instance ID number.

meg-id <megid>: Specify a MEG ID string. This is either the ITU MEG-ID or the IEEE Short MA,
depending on the selected MEG-ID format. The ITU max. is 13 characters. The ITU-CC max. is 15
characters. The IEEE max. is 16 characters..

162 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

{ itu | itu-cc | { ieee [ name <name> ] } }: Specify a MEG-ID format.

itu:The MEG-ID has ITU format (ICC - UMC). The meg-id max. is 13 characters.

itu-cc:The MEG-ID has ITU Country Code format (CC - ICC - UMC). The meg-id max. is 15
characters.

ieee: The MEG-ID (Short MA Name) has IEEE Character String format. The meg-id max. is 16 characters.

name <name>: This is only relevant for IEEE.

3.9.28.18 (config)# mep <inst> peer-mep-id

Syntax: (config)# mep <inst> peer-mep-id <mepid> [ mac <mac> ]

Explanation: Configure peer MEP-ID of a MEP.

Parameters:

<inst>: Specify an instance ID number.

peer-mep-id <mepid>: Configure the peer MEP-ID value.

[ mac <mac> ]: The peer MAC address.

Negation: (config)# no mep <inst> peer-mep-id { <mepid> | all }

3.9.28.19 (config)# mep <inst> performance-monitoring

Syntax: (config)# mep <inst> performance-monitoring

Explanation: Enable perofmrance monitoring of MEP.

Parameters:

<inst>: Specify an instance ID number.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 163

Chapter 3 Introduction to CLI Installation and Operation Manual

Negation: (config)# no mep <inst> performance-monitoring

3.9.28.20 (config)# mep <inst> tst

Syntax: (config)# mep <inst> tst <prio> [ dei ] mep-id <mepid> [ sequence ] [ all-
zero | all-one | one-zero ] rate <rate> size <size>

Explanation: Enable test signal of MEP.

Parameters:

<inst>: Specify an instance ID number.

tst <prio: 0-7>: Configure the test signal priority in case of tagged OAM. In the EVC domain this
is the COS-ID.

[ dei ]: Drop Eligible Indicator in case of tagged OAM.

mep-id <mepid>: Configure Peer MEP-ID value for unicast TST. The MAC is taken from peer MEP
MAC database.

[ sequence ]: Enable sequence number in TST PDU.

[ all-zero | all-one | one-zero ]: Specify an option.

all-zero: Test pattern is set to all zero.

all-one: Test pattern is set to all one.

one-zero: Test pattern is set to 10101010.

rate <rate>: Transmission rate value.

size <size>: Frame size value.

Show: # show mep [ <inst> ] [ peer | cc | lm | dm | lt | lb | tst | aps | client | ais |

lck ] [ detail ]

Clear: # clear mep <inst> { lm | dm |tst }

164 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.28.21 (config)# mep <inst> tst rx

Syntax: (config)# mep <inst> tst rx

Explanation: Enable test signal RX transmission of MEP.

Parameters:

<inst>: Specify an instance ID number.

Negation: (config)# no mep <inst> tst rx

Show: # show mep [ <inst> ] [ peer | cc | lm | dm | lt | lb | tst | aps | client | ais |

lck ] [ detail ]

Clear: # clear mep <inst> { lm | dm |tst }

3.9.28.22 (config)# mep <inst> tst tx

Syntax: (config)# mep <inst> tst tx

Explanation: Enable test signal TX transmission of MEP.

Parameters:

<inst>: Specify an instance ID number.

Negation: (config)# no mep <inst> tst tx

Show: # show mep [ <inst> ] [ peer | cc | lm | dm | lt | lb | tst | aps | client | ais |

lck ] [ detail ]

Clear: # clear mep <inst> { lm | dm |tst }

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 165

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.28.23 (config)# mep <inst> vid

Syntax: (config)# mep <inst> vid <vid>

Explanation: To configure VID of MEP.

Parameters:

<inst>: Specify an instance ID number.

<vid>: The MEP VID value.

Negation: (config)# no mep <inst> vid

Show: # show mep [ <inst> ] [ peer | cc | lm | dm | lt | lb | tst | aps | client | ais |

lck ] [ detail ]

3.9.28.24 (config)# mep <inst> voe

Syntax: (config)# mep <inst> voe

Explanation: MEP is VOE based.

Parameters:

<inst>: Specify an instance ID number.

Negation: (config)# no mep <inst> voe

Show: # show mep [ <inst> ] [ peer | cc | lm | dm | lt | lb | tst | aps | client | ais |

lck ] [ detail ]

3.9.29 (config)# monitor

3.9.29.1 (config)# monitor destination interface

166 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Syntax: (config)# monitor destination interface <port_type> <in_port_type>

Explanation: Configure which port traffic should be mirrored to.

Parameters:

<port_type>: Specify the interface type.

<in_port_type>: Specify the port number.

Example: Set the traffic to be mirrored to Gigabit Ethernet port 10.

# config t
(config)# monitor destination interface gigabitethernet 1/10

Negation: (config)# no monitor destination

3.9.29.2 (config)# monitor source

Syntax: (config)# monitor source{ [ interface ( <port_type>)

[ <v_port_type_list> ] ]} | { cpu [ <cpu_switch_range> ] } { both | rx | tx }

Explanation: Configure which source ports’ RX or TX traffic should be mirrored to

the destination port.

Parameters:

{ [ interface ( <port_type>) [ <v_port_type_list> ] ]}: Specify one of the options. * means all
interfaces.

{ both | rx | tx }: Specify which direction of traffic should be mirrored to the destination port.
“both” means both received and transmitted traffic. “rx” means received traffic. “tx” means
transmitted traffic.

Example: Set port 1 to 5’s RX traffic to be mirrored to the destination port.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 167

Chapter 3 Introduction to CLI Installation and Operation Manual

# config t
(config)# monitor source interface GigabitEthernet 1/1-5 rx

Negation: (config)# no monitor source { { interface ( <port_type>

[ <v_port_type_list> ] ) } | { cpu [ <cpu_switch_range> ] } }

3.9.30 (config)# mvr

3.9.30.1 (config)# mvr

Syntax: (config)# mvr

Explanation: Enable MVR function.

Example: Enable MVR function.

# config t
(config)# mvr

Negation: (config)# no mvr

Show: > show mvr

# show mvr

3.9.30.2 (config)# mvr name <mvr_name> channel

Syntax: (config)# mvr name <mvr_name> channel <profile_name>

Explanation: Configure MVR name and channel.

Parameters:

<mvr_name>: Specify a name for this MVR entry. The allowed characters are
16.

168 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

<profile_name>: Specify a channel name for this MVR entry. The allowed
characters are 16.

Example: Set up a MVR entry “video1” and its corresponding channel profile name
“1”.

# config t
(config)# mvr name video1 channel 1

Negation: (config)# no mvr name <mvr_name> channel

Show: > show mvr [ vlan <v_vlan_list> | name <mvr_name> ] [ group-database [ interface
( <port_type> [ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
# show mvr [ vlan <v_vlan_list> | name <mvr_name> ] [ group-database [ interface
( <port_type> [ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]

3.9.30.3 (config)# mvr name <mvr_name> frame priority

Syntax: (config)# mvr name <mvr_name> frame priority <cos_priority>

Explanation: Configure the priority for transmitting IGMP/MLD control frames for
the specified MVR entry.

Parameters:

<mvr_name>: Specify a name for this MVR entry. The allowed characters are
16.

<cos_priority>: Specify a Cos priority for this MVR entry. The allowed range is
from 0 to 7.

Example: Set up a MVR entry “video1” and its corresponding priority value “0”.

# config t
(config)# mvr name video1 frame priority 0

Negation: (config)# no mvr name <mvr_name> frame priority

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 169

Chapter 3 Introduction to CLI Installation and Operation Manual

Show: > show mvr [ vlan <v_vlan_list> | name <mvr_name> ] [ group-database [ interface
( <port_type> [ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
# show mvr [ vlan <v_vlan_list> | name <mvr_name> ] [ group-database [ interface
( <port_type> [ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]

3.9.30.4 (config)# mvr name <mvr_name> frame tagged

Syntax: (config)# mvr name <mvr_name> frame tagged

Explanation: Tagged IGMP/MLD frames will be sent.

Parameters:

<mvr_name>: Specify a name for this MVR entry. The allowed characters are
16.

Example: Set “video1” MVR entry to send tagged IGMP/MLD frames.

# config t
(config)# mvr name video1 frame tagged

Negation: (config)# no mvr name <mvr_name> frame tagged

Show: > show mvr [ vlan <v_vlan_list> | name <mvr_name> ] [ group-database [ interface
( <port_type> [ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
# show mvr [ vlan <v_vlan_list> | name <mvr_name> ] [ group-database [ interface
( <port_type> [ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]

3.9.30.5 (config)# mvr name <mvr_name> igmp-address

Syntax: (config)# mvr name <mvr_name> igmp-address <v_ipv4_ucast>

Explanation: Configure IGMP IPv4 address for the specified MVR entry.

Parameters:

170 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

<mvr_name>: Specify a name for this MVR entry. The allowed characters are
16.

<v_ipv4_ucast>: Specify the IPv4 unicast address as source address used in IP

header for IGMP control frames.

Example: Set up a MVR entry “video1” and its corresponding IGMP address
“10.1.1.100”.

# config t
(config)# mvr name video1 igmp-address 10.1.1.100

Negation: (config)# no mvr vlan <mvr_name> igmp-address

Show: > show mvr [ vlan <v_vlan_list> | name <mvr_name> ] [ group-database [ interface
( <port_type> [ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
# show mvr [ vlan <v_vlan_list> | name <mvr_name> ] [ group-database [ interface
( <port_type> [ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]

3.9.30.6 (config)# mvr name <mvr_name> last-member-query-

interval

Syntax: (config)# mvr name <mvr_name> last-member-query-interval <ipmc_lmqi>

Explanation: Configure the maximum time to wait for IGMP/MLD report

memberships on a receiver port before removing the port from multicast group
membership.

Parameters:

<mvr_name>: Specify a name for this MVR entry. The allowed characters are
16.

<ipmc_lmqi>: Specify the LMQI (Last Member Query Interval) value. By default, LMQI is set to 5
tenths of a second (0.5 second). The allowed range is from 0 to 31744 tenths of a second.

Example: Set LMQI value to 600 tenths of a second.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 171

Chapter 3 Introduction to CLI Installation and Operation Manual

# config t
(config)# mvr name video1 last-member-query-interval 600

Negation: (config)# no mvr vlan <mvr_name> last-member-query-interval

Show: > show mvr [ vlan <v_vlan_list> | name <mvr_name> ] [ group-database [ interface
( <port_type> [ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
# show mvr [ vlan <v_vlan_list> | name <mvr_name> ] [ group-database [ interface
( <port_type> [ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]

3.9.30.7 (config)# mvr name <mvr_name> mode

Syntax: (config)# mvr name <mvr_name> mode { dynamic | compatible }

Explanation: Configure MVR mode.

Parameters:

<mvr_name>: Specify a name for this MVR entry. The allowed characters are
16.

{ dynamic | compatible }: Specify one of the options.

Dynamic: MVR allows dynamic MVR membership reports on source ports. (This is the
default mode.)

Compatible: MVR membership reports are forbidden on source ports.

Example: Set MVR mode to dynamic.

# config t
(config)# mvr name video1 mode dynamic

Negation: (config)# no mvr name <mvr_name> mode

Show: > show mvr [ vlan <v_vlan_list> | name <mvr_name> ] [ group-database [ interface
( <port_type> [ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]

172 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

# show mvr [ vlan <v_vlan_list> | name <mvr_name> ] [ group-database [ interface

( <port_type> [ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]

3.9.30.8 (config)# mvr vlan <v_vlan_list>

Syntax: (config)# mvr vlan <v_vlan_list> [ name <mvr_name> ]

Explanation: Configure a MVR VLAN and its corresponding MVR name.

Parameters:

<v_vlan_list>: Specify multicast VLAN ID.

[ name <mvr_name> ]: Specify a name for this MVR entry. This argument is
optional.

Example: Set up MVR VLAN 201 and its corresponding name.

# config t
(config)# mvr vlan 201 video1

Negation: (config)# no mvr vlan <v_vlan_list>

Show: > show mvr [ vlan <v_vlan_list> | name <mvr_name> ] [ group-database [ interface
( <port_type> [ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
# show mvr [ vlan <v_vlan_list> | name <mvr_name> ] [ group-database [ interface
( <port_type> [ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]

3.9.30.9 (config)# mvr vlan <v_vlan_list> channel

Syntax: (config)# mvr vlan <v_vlan_list> channel <profile_name>

Explanation: Configure MVR name and channel.

Parameters:

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 173

Chapter 3 Introduction to CLI Installation and Operation Manual

<v_vlan_list>: Specify MVR VLAN ID for this entry.

<profile_name>: Specify a channel name for this MVR entry. The allowed
characters are 16.

Example: Set up Set up MVR VLAN 201 and its corresponding channel.

# config t
(config)# mvr vlan 201 channel 1

Negation: (config)# no mvr vlan <v_vlan_list> channel

Show: > show mvr [ vlan <v_vlan_list> | name <mvr_name> ] [ group-database [ interface
( <port_type> [ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
# show mvr [ vlan <v_vlan_list> | name <mvr_name> ] [ group-database [ interface
( <port_type> [ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]

3.9.30.10 (config)# mvr vlan <v_vlan_list> frame priority

Syntax: (config)# mvr vlan <v_vlan_list> frame priority <cos_priority>

Explanation: Configure the priority for transmitting IGMP/MLD control frames for
the specified MVR VLAN ID.

Parameters:

<v_vlan_list>: Specify MVR VLAN ID for this entry.

<cos_priority>: Specify a Cos priority for this MVR entry. The allowed range is
from 0 to 7.

Example: Set up a MVR VLAN 201 and its corresponding priority value “0”.

# config t
(config)# mvr vlan 201 frame priority 0

Negation: (config)# no mvr vlan <v_vlan_list> frame priority

174 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Show: > show mvr [ vlan <v_vlan_list> | name <mvr_name> ] [ group-database [ interface
( <port_type> [ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
# show mvr [ vlan <v_vlan_list> | name <mvr_name> ] [ group-database [ interface
( <port_type> [ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]

3.9.30.11 (config)# mvr vlan <v_vlan_list> frame tagged

Syntax: (config)# mvr vlan <v_vlan_list> frame tagged

Explanation: Tagged IGMP/MLD frames will be sent.

Parameters:

<v_vlan_list>: Specify MVR VLAN ID for this entry.

Example: Set MVR VLAN 201 to send tagged IGMP/MLD frames.

# config t
(config)# mvr vlan 201 frame tagged

Negation: (config)# no mvr vlan <v_vlan_list> frame tagged

Show: > show mvr [ vlan <v_vlan_list> | name <mvr_name> ] [ group-database [ interface
( <port_type> [ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
# show mvr [ vlan <v_vlan_list> | name <mvr_name> ] [ group-database [ interface
( <port_type> [ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]

3.9.30.12 (config)# mvr vlan <v_vlan_list> igmp-address

Syntax: (config)# mvr vlan <v_vlan_list> igmp-address <v_ipv4_ucast>

Explanation: Configure IGMP IPv4 address for the specified MVR entry.

Parameters:

<v_vlan_list>: Specify MVR VLAN ID for this entry.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 175

Chapter 3 Introduction to CLI Installation and Operation Manual

<v_ipv4_ucast>: Specify the IPv4 unicast address as source address used in IP

header for IGMP control frames.

Example: Set up a MVR VLAN 201 and its corresponding IGMP address
“10.1.1.100”.

# config t
(config)# mvr vlan 201 igmp-address 10.1.1.100

Negation: (config)# no mvr vlan <v_vlan_list> igmp-address

Show: > show mvr [ vlan <v_vlan_list> | name <mvr_name> ] [ group-database [ interface
( <port_type> [ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
# show mvr [ vlan <v_vlan_list> | name <mvr_name> ] [ group-database [ interface
( <port_type> [ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]

176 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.30.13 (config)# mvr vlan <v_vlan_list> last-member-query-

interval

Syntax: (config)# mvr vlan <v_vlan_list> last-member-query-interval <ipmc_lmqi>

Explanation: Configure the maximum time to wait for IGMP/MLD report

memberships on a receiver port before removing the port from multicast group
membership.

Parameters:

<v_vlan_list>: Specify MVR VLAN ID for this entry.

<ipmc_lmqi>: Specify the LMQI (Last Member Query Interval) value. By default, LMQI is set to 5
tenths of a second (0.5 second). The allowed range is from 0 to 31744 tenths of a second.

Example: Set LMQI value to 600 tenths of a second.

# config t
(config)# mvr vlan 201 last-member-query-interval 600

Negation: (config)# no mvr vlan <v_vlan_list> last-member-query-interval

Show: > show mvr [ vlan <v_vlan_list> | name <mvr_name> ] [ group-database [ interface
( <port_type> [ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
# show mvr [ vlan <v_vlan_list> | name <mvr_name> ] [ group-database [ interface
( <port_type> [ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]

3.9.30.14 (config)# mvr vlan <v_vlan_list> mode

Syntax: (config)# mvr vlan <v_vlan_list> mode { dynamic | compatible }

Explanation: Configure MVR mode.

Parameters:

<v_vlan_list>: Specify MVR VLAN ID for this entry.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 177

Chapter 3 Introduction to CLI Installation and Operation Manual

{ dynamic | compatible }: Specify one of the options.

Dynamic: MVR allows dynamic MVR membership reports on source ports. (This is the
default mode.)

Compatible: MVR membership reports are forbidden on source ports.

Example: Set MVR mode to dynamic.

# config t
(config)# mvr vlan 201 mode dynamic

Negation: (config)# no mvr vlan <v_vlan_list> mode

Show: > show mvr [ vlan <v_vlan_list> | name <mvr_name> ] [ group-database [ interface
( <port_type> [ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]
# show mvr [ vlan <v_vlan_list> | name <mvr_name> ] [ group-database [ interface
( <port_type> [ <v_port_type_list> ] ) ] [ sfm-information ] ] [ detail ]

3.9.30.15 (config-if)# mvr immediate-leave

Syntax: (config-if)# mvr immediate-leave

Explanation: Enable immediate leave function. When enabled, the device

immediately removes a port from a multicast stream as soon as it receives leave
message for that group. This option only applies to an interface configured as
MVR receivers.

Example: Enable immediate leave function on port 1.

# config t
(config)# interface GigabitEthernet 1/1
(config-if)# mvr immediate-leave

Negation: (config-if)# no mvr immediate leave

178 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.30.16 (config-if)# mvr name

Syntax: (config-if)# mvr name <mvr_name> type { source | receiver }

Explanation: Configure port role of specific MVR profile for specific interface.

Parameters:

<mvr_name>: Specify a MVR name. The maximum length of the MVR name string
is 16. Both alphabets and numbers are allowed for use.

{ source | receiver }: Specify MVR port role.

source: MVR source port.

receiver: MVR receiver port.

Negation: (config-if)# no mvr name <mvr_name> type

3.9.30.17 (config-if)# mvr vlan

Syntax: (config-if)# mvr vlan <v_vlan_list> type { source | receiver }

Explanation: Configure port role of a specific MVR VLAN ID for this specific
interface.

Parameters:

<v_vlan_list>: MVR Multicast VLAN list

{ source | receiver }: Specify MVR port role.

source: MVR source port.

receiver: MVR receiver port.

Negation: (config-if)# no mvr immediate leave

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 179

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.31 (config)# ntp

3.9.31.1 (config)# ntp

Syntax: (config)# ntp

Explanation: Enable NTP function.

Example: Enable NTP function.

# config t
(config)# ntp

Negation: (config)# no ntp

Show: # show ntp status

3.9.31.2 (config)# ntp server

Syntax: (config)# ntp server <index_var> ip-address { <ipv4_var> | <ipv6_var> |

<name_var> }

Explanation: Configure a list of NTP server’s address.

Parameters:

< index_var: 1-5>: Specify the index number of NTP server. The allowed range is from 1 to 5.
The NTP servers are tried in numeric order. If 'Server 1' is unavailable, the NTP client will try to
contact 'Server 2'.

{ <ipv4_var> | <ipv6_var> | <name_var> }: Specify one of the three options.

<ipv4_var>: IPv4 address.

<ipv6_var>: IPv6 address is in 128-bit records represented as eight fields of up to four

hexadecimal digits with a colon separating each field (:). For example,

180 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

'fe80::215:c5ff:fe03:4dc7'. The symbol '::' is a special syntax that can be used as a

shorthand way of representing multiple 16-bit groups of contiguous zeros; but it can
appear only once.

<name_var>: The domain name for NTP server.

Example: Set the NTP server 1 to 192.168.1.253.

# config t
(config)# ntp server 1 ip-address 192.168.1.253

Negation: (config)# no ntp server <index_var>

Show: # show ntp status

3.9.32 (config)# port-security

3.9.32.1 (config)# port-security

Syntax: (config)# port-security

Explanation: Enable port security function globally.

Example: Enable port security function globally.

# config t
(config)# port-security

Negation: (config)# no port-security

Show: > show port-security switch [ interface ( <port_type> [ <v_port_type_list> ] ) ]

# show port-security switch [ interface ( <port_type> [ <v_port_type_list> ] ) ]

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 181

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.32.2 (config)# port-security aging

Syntax: (config)# port-security aging

Explanation: Enable port security aging function. If enabled, secured MAC

addresses are subject to aging as discussed in “Aging time” command. With aging
enabled, a timer is started once the end-host gets secured. When the timer
expires, the switch starts looking for frames from the end-host, and if such
frames are not seen within the next Aging Period, the end-host is assumed to be
disconnected, and the corresponding resources are freed on the switch.

Example: Enable port security aging function.

# config t
(config)# port-security aging

Negation: (config)# no port-security aging

Show: > show port-security port [ interface ( <port_type> [ <v_port_type_list> ] ) ]

# show port-security port [ interface ( <port_type> [ <v_port_type_list> ] ) ]

3.9.32.3 (config)# port-security aging time

Syntax: (config)# port-security aging time <v_10_to_10000000>

Explanation: Configure a desired aging time value. If “Aging” is enabled, secured

MAC addresses are subject to aging as discussed this command. With aging
enabled, a timer is started once the end-host gets secured. When the timer
expires, the switch starts looking for frames from the end-host, and if such
frames are not seen within the next Aging Period, the end-host is assumed to be
disconnected, and the corresponding resources are freed on the switch.

Parameters:

<v_10_to_10000000>: Specify the aging time value. The allowed range is

between 10 and 10,000,000 seconds.

Example: Set the aging time value to 1800 seconds.

182 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

# config t
(config)# port-security aging time 1800

Negation: (config)# no port-security aging time

Show: > show port-security port [ interface ( <port_type> [ <v_port_type_list> ] ) ]

# show port-security port [ interface ( <port_type> [ <v_port_type_list> ] ) ]

3.9.32.4 (config-if)# port-security

Syntax: (configt-if)# port-security

Explanation: Enable the port security function on the selected ports.

Example: Enable Gigabit Ethernet port 1-10’s port security function.

# config t
(config)# interface gigabitethernet 1/1-10
(config-if)# port-security

Negation: (configt-if)# no port-security

Show: > show port-security switch [ interface ( <port_type> [ <v_port_type_list> ] ) ]

# show port-security switch [ interface ( <port_type> [ <v_port_type_list> ] ) ]

3.9.32.5 (config-if)# port-security maximum

Syntax: (configt-if)# port-security maximum [ <v_1_to_1024> ]

Explanation: The maximum number of MAC addresses that can be secured on this

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 183

Chapter 3 Introduction to CLI Installation and Operation Manual

port. The number cannot exceed 1024. If the limit is exceeded, the corresponding
action is taken.

Parameters:

[ <v_1_to_1024> ]: Specify a value between 1 and 1024.

Example: Limit Gigabit Ethernet port 1-10’s MAC addresses can be learnt to 5.

# config t
(config)# interface gigabitethernet 1/1-10
(config-if)# port-security maximum 5

Negation: (configt-if)# no port-security maximum

Show: > show port-security port [ interface ( <port_type> [ <v_port_type_list> ] ) ]

# show port-security port [ interface ( <port_type> [ <v_port_type_list> ] ) ]

3.9.32.6 (config-if)# port-security violation

Syntax: (configt-if)# port-security violation { protect | trap | trap-shutdown |

shutdown }

Explanation: If the limit is exceeded, the specified action will take effect.

Parameters:

{ protect | trap | trap-shutdown | shutdown }: Specify one of the actions

taken when the limit is exceeded.

protect: Do not allow more than the specified limit of MAC addresses to access on a port.
No action is further taken.

184 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

trap: If Limit + 1 MAC addresses are seen on the port, send an SNMP trap. If Aging is disabled,
only one SNMP trap will be sent, but with Aging enabled, new SNMP traps will be sent every
time the limit is exceeded.

trap-shutdown: If Limit + 1 MAC addresses is seen on the port, both the “Trap” and the
“Shutdown” actions described above will be taken.

shutdown: If Limit + 1 MAC addresses is seen on the port, shut down the port. This implies
that all secured MAC addresses will be removed from the port, and no new addresses will be
learned. Even if the link is physically disconnected and reconnected on the port (by
disconnecting the cable), the port will remain shut down. There are three ways to re-open
the port:
* Boot the switch
* Disable and re-enable Limit Control on the port or the switch
* Click the “Reopen” button

Example: Send a SNMP trap when the limit is exceeded.

# config t
(config)# interface gigabitethernet 1/1-10
(config-if)# port-security violation trap

Negation: (configt-if)# no port-security violation

Show: > show port-security port [ interface ( <port_type> [ <v_port_type_list> ] ) ]

# show port-security port [ interface ( <port_type> [ <v_port_type_list> ] ) ]

3.9.33 (config)# privilege

Syntax: (config)# privilege { exec | configure | config-vlan | line | interface | if-vlan |

ipmc-profile | snmps-host | stp-aggr | dhcp-pool | rfc2544-profile } level
<privilege> <cmd>

Explanation: This command is used to change the privilege level of commands

available in Configuration mode.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 185

Chapter 3 Introduction to CLI Installation and Operation Manual

Parameters:

{ exec | configure | config-vlan | line | interface | if-vlan | ipmc-profile | snmps-host | stp-aggr |

dhcp-pool | rfc2544-profile }: Specify the group command that you want to configure.

level <privilege>: Specify the privilege level. The allowed range is 0 to 15.

<cmd>: Initial valid words and literals of the command to modify, in 128 characters.

Example: The following example sets the privilege level to 15 for any Exec mode
(user or privileged) command that start with the letter "v"

# config t
(config)# privilege exec level 15 host

Negation: (config)# no privilege { exec | configure | config-vlan | line | interface | if-

vlan | ipmc-profile | snmps-host | stp-aggr | dhcp-pool | rfc2544-profile } level <0-
15> <cmd>

Show: > show privilege

# show privilege

3.9.34 (config-if)# pvlan

3.9.34.1 (config-if)# pvlan

Syntax: (config-if)# pvlan <pvlan_list>

Explanation: This command is used to configure private VLANs. New Private VLANs
can be added and existing VLANs can be modified. Private VLANs are based on
the source port mask and there are no connections to VLANs which means that
VLAN IDs and Private VLAN IDs can be identical. A port must be a member of both
a VLAN and a Private VLAN to be able to forward packets. By default, all ports are
VLAN unaware and members of VLAN 1 and Private VLAN 1. A VLAN unaware port
can only be a member of one VLAN, but it can be a member of multiple Private
VLANs.

Parameters:

186 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

<pvlan_list>: Specify the private VLAN ID.

Negation: (config-if)# no pvlan <pvlan_list>

Show: # show pvlan <pvlan_list>

3.9.34.2 (config-if)# pvlan isolation

Syntax: (config-if)# pvlan isolation

Explanation: Enable Port Isolation function on this specific interface. Port Isolation
is used to prevent communications between customer ports in a same Private
VLAN. The port that is isolated from others cannot forward any unicast, multicast
or broadcast traffic to any other ports in the same PVLAN.

Negation: (config-if)# no pvlan isolation

Show: # show pvlan isolation [ interface ( <port_type> [<plist>] ) ]

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 187

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.35 (config)# qos

3.9.35.1 (config)# qos map cos-dscp

Syntax: (config)# qos map cos-dscp <cos> dpl <dpl> dscp { <dscp_num> | { be |
af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1
| cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | ef | va } }

Parameters:

cos-dscp <cos>: Map COS to DSCP. Indicate the Class of Service level. The allowed range is 0 to
7. A CoS class of 0 has the lowest priority, while 7 has the highest priority.

dpl <dpl>: Specify the Drop Precedence Level. The allowed range is 0 to 7.

dscp { <dscp_num> | { be | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 |
af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | ef | va } }: Specify one of the DSCP values.

<dscp_num: 0-63>: The allowed number is from 0 to 63.

be: Default PHB (DSCP 0) for best effort traffic.

af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43: Assured
Forwarding PHB AF 11 (DSCP 10), 12 (DSCP 12), 13 (DSCP 14), 21 (DSCP 18), 22 (DSCP
20), 23 (DSCP 22), 31 (DSCP 26), 32 (DSCP 28), 33 (DSCP 30), 41 (DSCP 34), 42 (DSCP
36).

cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7: Class selector PHB CS1 precedence 1 (DSCP 8), CS2
precedence 2 (DSCP 16), CS3 precedence 3 (DSCP 24), CS4 precedence 4 (DSCP 32), CS5
precedence 5 (DSCP 40), CS6 precedence 6 (DSCP 48), CS7 precedence 7 (DSCP 56).

ef: Expedited Forwarding PHB (DSCP 46).

va: Voice Admit PHB (DSCP 44).

Explanation: Configure the COS-DSCP mapping.

Example: The following example sets DPL to 4, DSCP to cs4.

# config t
(config)# qos map cos-dscp 4 dpl 4 dscp cs4

188 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Negation: (config)# no qos map cos-dscp <cos> dpl <dpl>

Show: # show qos

# show qos [ { interface [ ( <port_type> [ <port> ] ) ] } | wred | { maps [ dscp-
cos ] [ dscp-ingress-translation ] [ dscp-classify ] [ cos-dscp ] [ dscp-egress-
translation ] } | storm | { qce [ <qce> ] } ]

3.9.35.2 (config)# qos map dscp-classify

Syntax: (config)# qos map dscp-classify { <dscp_num> | { be | af11 | af12 | af13 |

af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 |
cs5 | cs6 | cs7 | ef | va } }

Parameters:

dscp-classify { <dscp_num> | { be | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 |
af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | ef | va } }: Specify one of the DSCP
values.

<dscp_num: 0-63>: The allowed number is from 0 to 63.

be: Default PHB (DSCP 0) for best effort traffic.

af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43: Assured
Forwarding PHB AF 11 (DSCP 10), 12 (DSCP 12), 13 (DSCP 14), 21 (DSCP 18), 22 (DSCP
20), 23 (DSCP 22), 31 (DSCP 26), 32 (DSCP 28), 33 (DSCP 30), 41 (DSCP 34), 42 (DSCP
36).

cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7: Class selector PHB CS1 precedence 1 (DSCP 8), CS2
precedence 2 (DSCP 16), CS3 precedence 3 (DSCP 24), CS4 precedence 4 (DSCP 32), CS5
precedence 5 (DSCP 40), CS6 precedence 6 (DSCP 48), CS7 precedence 7 (DSCP 56).

ef: Expedited Forwarding PHB (DSCP 46).

va: Voice Admit PHB (DSCP 44).

Explanation: Configure the DSCP Ingress classification.

Example: The following example sets DSCP Ingress classification to cs4.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 189

Chapter 3 Introduction to CLI Installation and Operation Manual

# config t
(config)# qos map dscp-classify cs4

Negation: (config)# no qos map dscp-classify { <dscp_num> | { be | af11 | af12 |

af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 |
cs4 | cs5 | cs6 | cs7 | ef | va } }

Show: # show qos

# show qos [ { interface [ ( <port_type> [ <port> ] ) ] } | wred | { maps [ dscp-cos ] [ dscp-
ingress-translation ] [dscp-classify ] [ cos-dscp ] [ dscp-egress-translation ] } | storm | { qce
[ <qce> ] } ]

3.9.35.3 (config)# qos map dscp-cos

Syntax: (config)# qos map dscp-cos { <dscp_num> | { be | af11 | af12 | af13 | af21
| af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 |
cs6 | cs7 | ef | va } } cos <cos> dpl <dpl>

Explanation: Configure the DSCP-based QoS Ingress classification.

Parameters:

dscp-cos { <dscp_num> | { be | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 |
af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | ef | va } }: Specify one of the DSCP values.

<dscp_num: 0-63>: The allowed number is from 0 to 63.

be: Default PHB (DSCP 0) for best effort traffic.

af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43: Assured
Forwarding PHB AF 11 (DSCP 10), 12 (DSCP 12), 13 (DSCP 14), 21 (DSCP 18), 22 (DSCP
20), 23 (DSCP 22), 31 (DSCP 26), 32 (DSCP 28), 33 (DSCP 30), 41 (DSCP 34), 42 (DSCP
36).

cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7: Class selector PHB CS1 precedence 1 (DSCP 8), CS2
precedence 2 (DSCP 16), CS3 precedence 3 (DSCP 24), CS4 precedence 4 (DSCP 32), CS5
precedence 5 (DSCP 40), CS6 precedence 6 (DSCP 48), CS7 precedence 7 (DSCP 56).

ef: Expedited Forwarding PHB (DSCP 46).

190 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

va: Voice Admit PHB (DSCP 44).

cos <cos>: Indicate the Class of Service level. The allowed range is 0 to 7. A CoS class of 0 has
the lowest priority, while 7 has the highest priority.

dpl <dpl>: Specify the Drop Precedence Level. The allowed range is 0 to 7.

Negation: (config)# no qos map dscp-cos { <dscp_num> | { be | af11 | af12 | af13 |

af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5
| cs6 | cs7 | ef | va } }

Show: # show qos

# show qos [ { interface [ ( <port_type> [ <port> ] ) ] } | wred | { maps [ dscp-cos ] [ dscp-
ingress-translation ] [ dscp-classify ] [ cos-dscp ] [ dscp-egress-translation ] } | storm | { qce
[ <qce> ] } ]

3.9.35.4 (config)# qos map dscp-egress-translation

Syntax: (config)# qos map dscp-egress-translation { <dscp_num> | { be | af11 |

af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 |
cs3 | cs4 | cs5 | cs6 | cs7 | ef | va } } to { <dscp_num_tr> | { be | af11 | af12 | af13 |
af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 |
cs5 | cs6 | cs7 | ef | va } }

Explanation: Configure the DSCP Egress Mapping Table.

Parameters:

dscp-egress-translation { <dscp_num> | { be | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32
| af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | ef | va } }: Specify one of the
DSCP values.

<dscp_num: 0-63>: The allowed number is from 0 to 63.

be: Default PHB (DSCP 0) for best effort traffic.

af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43: Assured
Forwarding PHB AF 11 (DSCP 10), 12 (DSCP 12), 13 (DSCP 14), 21 (DSCP 18), 22 (DSCP
20), 23 (DSCP 22), 31 (DSCP 26), 32 (DSCP 28), 33 (DSCP 30), 41 (DSCP 34), 42 (DSCP
36).

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 191

Chapter 3 Introduction to CLI Installation and Operation Manual

cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7: Class selector PHB CS1 precedence 1 (DSCP 8), CS2
precedence 2 (DSCP 16), CS3 precedence 3 (DSCP 24), CS4 precedence 4 (DSCP 32), CS5
precedence 5 (DSCP 40), CS6 precedence 6 (DSCP 48), CS7 precedence 7 (DSCP 56).

ef: Expedited Forwarding PHB (DSCP 46).

va: Voice Admit PHB (DSCP 44).

Example: The following example maps cs4 to cs5.

# config t
(config)# qos map dscp-egress-translation cs4 to cs5

Negation: (config)# no qos map dscp-egress-translation { <dscp_num> | { be | af11

| af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 |
cs3 | cs4 | cs5 | cs6 | cs7 | ef | va } } <dpl>

Show: # show qos

# show qos [ { interface [ ( <port_type> [ <port> ] ) ] } | wred | { maps [ dscp-cos ] [ dscp-
ingress-translation ] [ dscp-classify ] [ cos-dscp ] [ dscp-egress-translation ] } | storm | { qce
[ <qce> ] } ]

3.9.35.5 (config)# qos map dscp-ingress-translation

Syntax: (config)# qos map dscp-ingress-translation { <dscp_num> | { be | af11 |

af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 |
cs3 | cs4 | cs5 | cs6 | cs7 | ef | va } } to { <dscp_num_tr> | { be | af11 | af12 | af13 |
af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 |
cs5 | cs6 | cs7 | ef | va } }

Explanation: Configure the DSCP Ingress Mapping Table.

Parameters:

dscp-ingress-translation { <dscp_num> | { be | af11 | af12 | af13 | af21 | af22 | af23 | af31 |

af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | ef | va } }: Specify one of
the DSCP values.

<dscp_num: 0-63>: The allowed number is from 0 to 63.

192 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

be: Default PHB (DSCP 0) for best effort traffic.

af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43: Assured
Forwarding PHB AF 11 (DSCP 10), 12 (DSCP 12), 13 (DSCP 14), 21 (DSCP 18), 22 (DSCP
20), 23 (DSCP 22), 31 (DSCP 26), 32 (DSCP 28), 33 (DSCP 30), 41 (DSCP 34), 42 (DSCP
36).

cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7: Class selector PHB CS1 precedence 1 (DSCP 8), CS2
precedence 2 (DSCP 16), CS3 precedence 3 (DSCP 24), CS4 precedence 4 (DSCP 32), CS5
precedence 5 (DSCP 40), CS6 precedence 6 (DSCP 48), CS7 precedence 7 (DSCP 56).

ef: Expedited Forwarding PHB (DSCP 46).

va: Voice Admit PHB (DSCP 44).

Example: The following example maps cs4 to cs5.

# config t
(config)# qos map dscp-ingress-translation cs4 to cs5

Negation: (config)# no qos map dscp-ingress-translation { <dscp_num> | { be | af11

| af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 |
cs3 | cs4 | cs5 | cs6 | cs7 | ef | va } }

Show: # show qos

# show qos [ { interface [ ( <port_type> [ <port> ] ) ] } | wred | { maps [ dscp-cos ] [ dscp-
ingress-translation ] [ dscp-classify ] [ cos-dscp ] [ dscp-egress-translation ] } | storm | { qce
[ <qce> ] } ]

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 193

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.35.6 (config)# qos qce refresh

Syntax: (config)# qos qce refresh

Explanation: To refresh QCE.

Example: Refresh QCE.

# config t
(config)# qos qce refresh

3.9.35.7 (config)# qos qce update

Syntax: (config)# qos qce { [ update ] } <qce_id> [ { next <qce_id_next> } | last ]

[ interface ( <port_type> [ <port_list> ] ) ] [ smac { <smac> | <smac_24> | any } ]
[ dmac { <dmac> | unicast | multicast | broadcast | any } ] [ tag { [ type { untagged
| tagged | c-tagged | s-tagged | any } ] [ vid { <ot_vid> | any } ] [ pcp { <ot_pcp> |
any } ] [ dei { <ot_dei> | any } ] }*1 ] [ inner-tag { [ type { untagged | tagged | c-
tagged | s-tagged | any } ] [ vid { <it_vid> | any } ] [ pcp { <it_pcp> | any } ] [ dei
{ <it_dei> | any } ] }*1 ] [ frame-type { any | { etype [ { <etype_type> | any } ] } |
{ llc [ dsap { <llc_dsap> | any } ] [ ssap { <llc_ssap> | any } ] [ control
{ <llc_control> | any } ] } | { snap [ { <snap_data> | any } ] } | { ipv4 [ proto { <pr4>
| tcp | udp | any } ] [ sip { <sip4> | any } ] [ dip { <dip4> | any } ] [ dscp { <dscp4> |
{ be | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43
| cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | ef | va } | any } ] [ fragment { yes | no |
any } ] [ sport { <sp4> | any } ] [ dport { <dp4> | any } ] } | { ipv6 [ proto { <pr6> |
tcp | udp | any } ] [ sip { <sip6> | any } ] [ dip { <dip6> | any } ] [ dscp { <dscp6> |
{ be | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43
| cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | ef | va } | any } ] [ sport { <sp6> | any } ]
[ dport { <dp6> | any } ] } } ] [ action { [ cos { <action_cos> | default } ] [ dpl
{ <action_dpl> | default } ] [ pcp-dei { <action_pcp> <action_dei> | default } ]
[ dscp { <action_dscp_dscp> | { be | af11 | af12 | af13 | af21 | af22 | af23 | af31 |
af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | ef | va } |
default } ] [ policy { <action_policy> | default } ] }*1 ]

Explanation: To update the QCE.

Parameters:

{ [ update ] }: Update the QCE.

194 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

<qce_id>: Specify the QCE ID.

[ { next <qce_id_next> } | last ]: Put this QCE next to the specified one or to
the last one.

[ interface ( <port_type> [ <port_list> ] ) ]: Specify port type and port number

that apply to this updated QCE rule.

[ smac { <smac> | <smac_24> | any } ]: Set up the matched SMAC.

[ dmac { <dmac> | unicast | multicast | broadcast | any } ]: Set up the

matached DMAC.

[ tag { [ type { untagged | tagged | c-tagged | s-tagged | any } ]: Set up the matched tag type.
[ vid { <ot_vid> | any } ]: Specify a specific VID or VID range or specify “any” to allow any VIDs.

[ pcp { <ot_pcp> | any } ]: Specify a specific PCP or PCP range or specify “any” to allow any PCP
values.

[ dei { <ot_dei> | any } ] } ]: Specify a specific DEI or specify “any” to allow any DEI.

[ frame-type { any | { etype [ { <etype_type> | any } ] } | { llc [ dsap { <llc_dsap> | any } ] [ ssap
{ <llc_ssap> | any } ] [ control { <llc_control> | any } ] } | { snap [ { <snap_data> | any } ] } | { ipv4
[ proto { <pr4> | tcp | udp | any } ] [ sip { <sip4> | any } ] [ dip { <dip4> | any } ] [ dscp
{ <dscp4> | { be | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 |
cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | ef | va } | any } ] [ fragment { yes | no | any } ] [ sport
{ <sp4> | any } ] [ dport { <dp4> | any } ] } | { ipv6 [ proto { <pr6> | tcp | udp | any } ] [ sip
{ <sip6> | any } ] [ dip { <dip6> | any } ] [ dscp { <dscp6> | { be | af11 | af12 | af13 | af21 | af22
| af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | ef | va } |
any } ] [ sport { <sp6> | any } ] [ dport { <dp6> | any } ] } } ]: Specify the frame type that
applies to this QCE rule.

any: By default, any is used which means that all types of frames are
allowed.

etype: This option can only be used to filter Ethernet II formatted packets. (Options: Any,
Specific – 600-ffff hex; Default: ffff). Note that 800 (IPv4) and 86DD (IPv6) are excluded. A
detailed listing of Ethernet protocol types can be found in RFC 1060. A few of the more
common types include 0800 (IP), 0806 (ARP), 8137 (IPX).

llc: LLC refers to Link Logical Control and further provides three options.

dsap: DSAP stands for Destination Service Access Point address. By default, any is
used. Specify “any” or indicate a value (0x00 to 0xFF).

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 195

Chapter 3 Introduction to CLI Installation and Operation Manual

ssap: SSAP stands for Source Service Access Point address. By default, any is used.
Specify “any” or indicate a value (0x00 - 0xFF).

control: Control field may contain command, response, or sequence information

depending on whether the LLC frame type is Unnumbered, Supervisory, or
Information. By default, any is used. Specify “any” or indicate a value (0x00 to 0xFF).

snap: SubNetwork Access Protocol can be distinguished by an OUI and a Protocol ID. (Options
for PID: Any, Specific (0x00-0xffff); Default: Any) If the OUI is hexadecimal 000000, the
protocol ID is the Ethernet type (EtherType) field value for the protocol running on top of
SNAP. If the OUI is that of a particular organization, the protocol ID is a value assigned by
that organization to the protocol running on top of SNAP. In other words, if value of the OUI
field is 00-00-00, then value of the PID will be etherType (0x0600-0xffff), and if value of the
OUI isother than 00-00-00, then valid value of the PID will be any value from 0x0000 to 0xffff.

ipv4:

proto: IPv4 frame type includes Any, TCP, UDP, Other. If “TCP” or “UDP” is specified,
you might further define Sport (Source port number) and Dport (Destination port
number).

sip: Specify source IP type. By default, any is used. Indicate self-defined source IP and
submask format. The address and mask must be in the format x.y.z.w where x, y, z,
and w are decimal numbers between 0 and 255. When the mask is converted to a 32-
bit binary string and read from left to right, all bits following the first zero must also
be zero

dscp: By default, any is used. Indicate a DSCP value or a range of DSCP value.

fragment: By default, any is used. Datagrams sometimes may be fragmented to

ensure they can pass through a network device that uses a maximum transfer unit
smaller than the original packet’s size.

ipv6:

proto: IPv6 protocol includes Any, TCP, UDP, Other. If “TCP” or “UDP” is specified, you
may need to further define Sport (Source port number) and Dport (Destination port
number).

sip: Specify source IP type. By default, any is used. You can also indicate self-
defined source IP and submask format.

dscp: By default, any is used. You can also indicate a DSCP value or a range of DSCP
value.

196 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

[ action { [ cos { <action_cos> | default } ]: Specify the classification action taken on ingress
frame if the parameters match the frame’s content. If a frame matches the QCE, it will be put
in the queue corresponding to the specified QoS class or placed in a queue based on basic
classification rules.

[ dpl { <action_dpl> | default } ]: If a frame matches the QCE, the drop precedence level will be
set to the specified value or left unchanged.

[ pcp-dei { <action_pcp> <action_dei> | default } ]: If a frame matches the QCE, the PCP or DEI
value will be set to the specified one.

[ dscp { <action_dscp_dscp> | { be | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 |
af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | ef | va } | default } ] [ policy
{ <action_policy> | default } ] }*1 ]: If a frame matches the QCE, the DSCP value will be set to
the specified one.

Negation: (config)# no qos qce <qce_id_range>

Show: # show qos

# show qos [ { interface [ ( <port_type> [ <port> ] ) ] } | wred | { maps [ dscp-
cos ] [ dscp-ingress-translation ] [ dscp-classify ] [ cos-dscp ] [ dscp-egress-
translation ] } | storm | { qce [ <qce> ] } ]

3.9.35.8 (config)# qos wred queue

Syntax: (config)# qos wred queue <queue> min-th <min_th> mdp-1 <mdp_1>
mdp-2 <mdp_2> mdp-3 <mdp_3>

Explanation: Apply RED on a particular queue or set up the minimum threshold &
drop probability value.

Parameters:

queue <queue>: Specify the queue number. Queue 0 to 5 can apply to Random Early Detection
(RED). However, RED cannot be applied to Queue 6 and 7.

min-th <min_th>: Specify the lowest RED threshold. If the average queue filling level is below
this threshold, the drop probability is zero. This valid value for this field is 0~100.

mdp-1 <mdp_1>: Controls the drop probability for the frames marked in drop precedence level
1 when the average queue filling level is 100%. The valid value is 0~100.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 197

Chapter 3 Introduction to CLI Installation and Operation Manual

mdp-2 <mdp_2>: Controls the drop probability for the frames marked in drop precedence level
2 when the average queue filling level is 100%. The valid value is 0~100.

mdp-3 <mdp_3>: Controls the drop probability for the frames marked in drop precedence level
3 when the average queue filling level is 100%. The valid value is 0~100.

Negation: (config)# no qos wred queue <queue>

Show: # show qos [ { interface [ ( <port_type> [ <port> ] ) ] } | wred | { maps [ dscp-

cos ] [ dscp-ingress-translation ] [ dscp-classify ] [ cos-dscp ] [ dscp-egress-
translation ] } | storm | { qce [ <qce> ] } ]

198 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.35.9 (config-if)# qos dscp-classify

Syntax: (config-if)# qos dscp-classify { zero | selected | any }

Explanation: Configure a classification method.

Parameters:

{ zero | selected | any }: Specify a classification method.

zero: Classify if incoming DSCP is 0.

selected: Classify only selected DSCP for which classification is enabled in DSCP Translation
table

any: Classify all DSCP.

Negation: (config-if)# no qos dscp-classify

Show: # show qos

# show qos [ { interface [ ( <port_type> [ <port> ] ) ] } | wred | { maps [ dscp-cos ] [ dscp-
ingress-translation ] [ dscp-classify ] [ cos-dscp ] [ dscp-egress-translation ] } | storm | { qce
[ <qce> ] } ]

3.9.35.10 (config-if)# qos dscp-remark

Syntax: (config-if)# qos dscp-remark { rewrite | remap | remap-dp }

Explanation: Configure port egress rewriting of DSCP values.

Parameters:

{ rewrite | remap | remap-dp }: Specify an option.

rewrite: Rewrite DSCP field with classified DSCP value.

remap: Frame with DSCP from analyzer is remapped and remarked with the remapped
DSCP value. Depending on the frame’s DP level, the remapped DSCP value is either taken
from the DSCP Translation table, Egress Remap DP0 or DP1 field.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 199

Chapter 3 Introduction to CLI Installation and Operation Manual

remap-dp: Frame with DSCP from analyzer is remapped and remarked with the remapped
DSCP value. The remapped DSCP value is always taken from the DSCP Translation table,
Egress Remap DP0 field.

Negation: (config-if)# no qos dscp-remark

Show: # show qos

# show qos [ { interface [ ( <port_type> [ <port> ] ) ] } | wred | { maps [ dscp-cos ] [ dscp-
ingress-translation ] [ dscp-classify ] [ cos-dscp ] [ dscp-egress-translation ] } | storm | { qce
[ <qce> ] } ]

3.9.35.11 (config-if)# qos dscp-translate

Syntax: (config-if)# qos dscp-translate

Explanation: Configure DSCP ingress translation of QoS for specific interface.

Negation: (config-if)# no qos dscp-translate

Show: # show qos

# show qos [ { interface [ ( <port_type> [ <port> ] ) ] } | wred | { maps [ dscp-
cos ] [ dscp-ingress-translation ] [ dscp-classify ] [ cos-dscp ] [ dscp-egress-
translation ] } | storm | { qce [ <qce> ] } ]

3.9.35.12 (config-if)# qos map cos-tag

Syntax: (config-if)# qos map cos-tag cos <cos> dpl <dpl> pcp <pcp> dei <dei>

Explanation: Configure (QoS class, DP level) to (PCP, DEI) Mapping of QoS for
specific interface.

Parameters:

cos <cos: 0-7>: Specify a QoS class value.

dpl <dpl:0-1>: Specify a DPL value (0 or 1).

200 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

pcp <pcp: 0-7>: Specify a PCP (Priority Code Point) value.

dei <dei: 0-1>: Specify a DEI value (0 or 1).

Negation: (config-if)# no qos map cos-tag cos <cos> dpl <dpl>

Show: # show qos

# show qos [ { interface [ ( <port_type> [ <port> ] ) ] } | wred | { maps [ dscp-cos ] [ dscp-
ingress-translation ] [ dscp-classify ] [ cos-dscp ] [ dscp-egress-translation ] } | storm | { qce
[ <qce> ] } ]

3.9.35.13 (config-if)# qos ingress queue-shaper

Syntax: (config-if)# qos egress queue-shaper queue <queue> <rate> [ excess ]

Explanation: Configure Egress Queue shaper Rate of QoS for specific interface.

Parameters:

<queue: 0-7>: Specify a queue or a range.

<rate: 100-13200000>: Specify shaper rate in kbps.

[ excess ]: Allow all excess bandwidth.

Negation: (config-if)# no qos egress queue-shaper queue <queue>

Show: # show qos

# show qos [ { interface [ ( <port_type> [ <port> ] ) ] } | wred | { maps [ dscp-cos ] [ dscp-
ingress-translation ] [ dscp-classify ] [ cos-dscp ] [ dscp-egress-translation ] } | storm | { qce
[ <qce> ] } ]

3.9.35.14 (config-if)# qos egress shaper

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 201

Chapter 3 Introduction to CLI Installation and Operation Manual

Syntax: (config-if)# qos egress shaper <rate>

Explanation: Configure Egress Queue Policers Rate of QoS for specific interface.

Parameters:

<rate: 100-13200000>: Specify shaper rate in kbps.

Negation: (config-if)# no qos egress shaper

Show: # show qos

# show qos [ { interface [ ( <port_type> [ <port> ] ) ] } | wred | { maps [ dscp-
cos ] [ dscp-ingress-translation ] [ dscp-classify ] [ cos-dscp ] [ dscp-egress-
translation ] } | storm | { qce [ <qce> ] } ]

3.9.35.15 (config-if)# qos egress tag-remark

Syntax: (config-if)# qos egress tag-remark { pcp <pcp> dei <dei> | mapped }

Explanation: Configure the appropriate egress remarking mode used by this port.

Parameters:

{ pcp <pcp> dei <dei> | mapped }: Specify a remarking mode.

pcp <pcp> dei <dei>: Specify PCP and DEI value.

mapped: Use the mapping of the classified QoS class values and DP levels to PCP/DEI values.

Negation: (config-if)# no qos egress tag-remark

Show: # show qos

# show qos [ { interface [ ( <port_type> [ <port> ] ) ] } | wred | { maps [ dscp-cos ] [ dscp-
ingress-translation ] [ dscp-classify ] [ cos-dscp ] [ dscp-egress-translation ] } | storm | { qce
[ <qce> ] } ]

202 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.35.16 (config-if)# qos egress wrr

Syntax: (config-if)# qos egress wrr <w0> <w1> <w2> <w3> <w4> <w5>

Explanation: Assign egress weight for QoS queueing method. WRR stands for
Weighted Round Robin and uses default queue weights. The number of packets
serviced during each visit to a queue depends on the percentages you configure
for the queues.

Parameters:

<w0: 1-100>: Specify weight for queue 0.

<w1: 1-100>: Specify weight for queue 1.

<w2: 1-100>: Specify weight for queue 2.

<w3: 1-100>: Specify weight for queue 3.

<w4: 1-100>: Specify weight for queue 4.

<w5: 1-100>: Specify weight for queue 5.

Negation: (config-if)# no qos egress wrr

Show: # show qos

# show qos [ { interface [ ( <port_type> [ <port> ] ) ] } | wred | { maps [ dscp-cos ] [ dscp-
ingress-translation ] [ dscp-classify ] [ cos-dscp ] [ dscp-egress-translation ] } | storm | { qce
[ <qce> ] } ]

3.9.35.17 (config-if)# qos ingress cos

Syntax: (config-if)# qos ingress cos <cos>

Explanation: Configure CoS value on this selecte infterface.

Parameters:

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 203

Chapter 3 Introduction to CLI Installation and Operation Manual

<cos>: Specify COS value (1-7).

Negation: (config-if)# no qos ingress cos

Show: # show qos

# show qos [ { interface [ ( <port_type> [ <port> ] ) ] } | wred | { maps [ dscp-cos ] [ dscp-
ingress-translation ] [ dscp-classify ] [ cos-dscp ] [ dscp-egress-translation ] } | storm | { qce
[ <qce> ] } ]

3.9.35.18 (config-if)# qos ingress dei

Syntax: (config-if)# qos ingress dei <dei>

Explanation: Configure DEI (Drop Eligible Indicator) value on this selecte

infterface.

Parameters:

<dei>: Specify DEI for untagged frames.

Negation: (config-if)# no qos ingress dei

Show: # show qos

# show qos [ { interface [ ( <port_type> [ <port> ] ) ] } | wred | { maps [ dscp-cos ] [ dscp-
ingress-translation ] [ dscp-classify ] [ cos-dscp ] [ dscp-egress-translation ] } | storm | { qce
[ <qce> ] } ]

3.9.35.19 (config-if)# qos ingress dpl

Syntax: (config-if)# qos ingress dpl <dpl>

Explanation: Configure DPL value on this selecte infterface.

Parameters:

<dpl>: Specify the default Drop Precedence Level

204 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Negation: (config-if)# no qos ingress dpl

Show: # show qos

# show qos [ { interface [ ( <port_type> [ <port> ] ) ] } | wred | { maps [ dscp-cos ] [ dscp-
ingress-translation ] [ dscp-classify ] [ cos-dscp ] [ dscp-egress-translation ] } | storm | { qce
[ <qce> ] } ]

3.9.35.20 (config-if)# qos ingress map tag-cos

Syntax: (config-if)# qos ingress map tag-cos pcp <pcp> dei <dei> cos <cos> dpl
<dpl>

Explanation: Configure (QoS class, DP level) to (PCP, DEI) Mapping of QoS for
specific interface.

Parameters:

pcp <pcp: 0-7>: Specify a PCP (Priority Code Point) value.

dei <dei: 0-1>: Specify a DEI value (0 or 1).

cos <cos: 0-7>: Specify a QoS class value.

dpl <dpl:0-1>: Specify a DPL value (0 or 1).

Negation: (config-if)# no qos ingress map tag-cos pcp <pcp> dei <dei>

Show: # show qos

# show qos [ { interface [ ( <port_type> [ <port> ] ) ] } | wred | { maps [ dscp-cos ] [ dscp-
ingress-translation ] [ dscp-classify ] [ cos-dscp ] [ dscp-egress-translation ] } | storm | { qce
[ <qce> ] } ]

3.9.35.21 (config-if)# qos ingress pcp

Syntax: (config-if)# qos ingress pcp <pcp>

Explanation: Configure PCP value for specific interface.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 205

Chapter 3 Introduction to CLI Installation and Operation Manual

Parameters:

pcp <pcp: 0-7>: Specify a PCP (Priority Code Point) value.

Negation: (config-if)# no qos ingress pcp

Show: # show qos

# show qos [ { interface [ ( <port_type> [ <port> ] ) ] } | wred | { maps [ dscp-cos ] [ dscp-
ingress-translation ] [ dscp-classify ] [ cos-dscp ] [ dscp-egress-translation ] } | storm | { qce
[ <qce> ] } ]

3.9.35.22 (config-if)# qos policer

Syntax: (config-if)# qos policer <rate> [ fps ] [ flowcontrol ]

Explanation: Configure PCP value for specific interface.

Parameters:

<rate>: Indicate the rate for the policer. By default, 500kbps is used. The allowed range for
kbps and fps is 100 to 1000000. The allowed range for Mbps and kfps is 1 to 3300Mbps.

[ fps ]: Rate is fps. By default, kbps is used.

[ flowcontrol ]: Enable Flow Control. If flow control is enabled and the port is in flow control
mode, then pause frames are sent instead of discarding frames

Negation: (config-if)# no qos ingress policer

Show: # show qos

# show qos [ { interface [ ( <port_type> [ <port> ] ) ] } | wred | { maps [ dscp-
cos ] [ dscp-ingress-translation ] [ dscp-classify ] [ cos-dscp ] [ dscp-egress-
translation ] } | storm | { qce [ <qce> ] } ]

3.9.35.23 (config-if)# qos ingress queue-policer

Syntax: (config-if)# qos ingress queue-policer queue <queue> <rate>

206 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Explanation: Configure Egress Queue shaper Rate of QoS for specific interface.

Parameters:

<queue: 0-7>: Specify a queue or a range.

<rate: 100-13200000>: Specify shaper rate in kbps.

Negation: (config-if)# no qos ingress queue-policer queue <queue>

Show: # show qos

# show qos [ { interface [ ( <port_type> [ <port> ] ) ] } | wred | { maps [ dscp-cos ] [ dscp-
ingress-translation ] [ dscp-classify ] [ cos-dscp ] [ dscp-egress-translation ] } | storm | { qce
[ <qce> ] } ]

3.9.35.24 (config-if)# qos ingress shaper

Syntax: (config-if)# qos ingress shaper <rate> [ burst <has_burst_size> ]

Explanation: Configure ingress shaper rate of QoS for specific interface.

Parameters:

<rate: 100-13200000>: Specify shaper rate in kbps.

[ burst <has_burst_size> ]: Specify the burst size. The allowed range is 0-252Kbytes. By default,
the burst size is 4Kbytes.

Negation: (config-if)# no qos ingress shaper

Show: # show qos

# show qos [ { interface [ ( <port_type> [ <port> ] ) ] } | wred | { maps [ dscp-
cos ] [ dscp-ingress-translation ] [ dscp-classify ] [ cos-dscp ] [ dscp-egress-
translation ] } | storm | { qce [ <qce> ] } ]

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 207

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.35.25 (config-if)# qos ingress trust dscp

Syntax: (config-if)# qos ingress trust dscp

Explanation: Enable DSCP Classification of QoS for specific interface.

Negation: (config-if)# no qos ingress trust dscp

Show: # show qos

# show qos [ { interface [ ( <port_type> [ <port> ] ) ] } | wred | { maps [ dscp-cos ] [ dscp-
ingress-translation ] [ dscp-classify ] [ cos-dscp ] [ dscp-egress-translation ] } | storm | { qce
[ <qce> ] } ]

3.9.35.26 (config-if)# qos ingress trust tag

Syntax: (config-if)# qos ingress trust tag

Explanation: Enable VLAN tag Classification of QoS for specific interface.

Negation: (config-if)# no qos ingress trust tag

Show: # show qos

# show qos [ { interface [ ( <port_type> [ <port> ] ) ] } | wred | { maps [ dscp-cos ] [ dscp-
ingress-translation ] [ dscp-classify ] [ cos-dscp ] [ dscp-egress-translation ] } | storm | { qce
[ <qce> ] } ]

3.9.35.27 (config-if)# qos storm

Syntax: (config-if)# qos storm { unicast | broadcast | unknown } <rate> [ fps ]

Explanation: Configure broadcast storm control rate for QoS on the selected
ports.

Parameters:

{ unicast | multicast | broadcast }: Specify the storm type that you want to configure.

208 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

{ { <rate> [ kfps ] } | { 1024 kfps } }: User-define storm frame rate or set storm rate to 1024
kfps.

Example: The following example sets broadcast storm control for QoS to 1024
kfps.

# config t
(config)# interface GigabitEthernet 1/1
(config-if)# qos storm broadcast 1024 kfps

Negation: (config-if)# no qos storm { unicast | multicast | broadcast }

Show: # show qos storm

3.9.36 (config)# radius-server

3.9.36.1 (config)# radius-server attribute 32

Syntax: (config)# radius-server attribute 32 <id>

Explanation: Configure Radius attribute 32 string.

Parameters:

<id>: Specify Radius server identifier. The allowed characters are 1 to 253.

Example: Set RADIUS attribute 32 string to “cabinet5aSW”.

# config t
(config)# radius-server attribute 32 cabinet5aSW

Negation: (config)# no radius-server attribute 32

Show: # show radius-server [statistics]

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 209

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.36.2 (config)# radius-server attribute 4

Syntax: (config)# radius-server attribute 4 <ipv4>

Explanation: Configure NAS IPv4 address.

Parameters:

<ipv4>: Specify NAS IPv4 address.

Example: Set NAS IPv4 address to 100.1.1.25.

# config t
(config)# radius-server attribute 4 100.1.1.25

Negation: (config)# no radius-server attribute 4

Show: # show radius-server [statistics]

3.9.36.3 (config)# radius-server attribute 95

Syntax: (config)# radius-server attribute 95 <ipv6>

Explanation: Configure NAS IPv6 address.

Parameters:

<ipv6>: Specify NAS IPv6 address.

Negation: (config)# no radius-server attribute 95

Show: # show radius-server [statistics]

210 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.36.4 (config)# radius-server deadtime

Syntax: (config)# radius-server deadtime <minutes>

Explanation: Configure RADIUS server deadtime value. Deadtime is the period

during which the switch will not send new requests to a server that has failed to
respond to a previous request. This will stop the switch from continually trying to
contact a server that it has already determined as dead.

Parameters:

<deadtime>: Specify RADIUS server deadtime value. The valid range is 1 to

1440 (minutes).

Example: Set RADIUS server to 60.

# config t
(config)# radius-server deadtime 60

Negation: (config)# no radius-server deadtime

Show: # show radius-server [statistics]

3.9.36.5 (config)# radius-server host

Syntax: (config)# radius-server host <host_name> [ auth-port <auth_port> ]

[ acct-port <acct_port> ] [ timeout <seconds> ] [ retransmit <retries> ] [ key
<key> ]

Explanation: This command is used to configure Radius server.

Parameters:

<host_name>: Specify the hostname or IP address for the radius server. The
allowed characters are 1 to 255.

[ auth-port <auth_port> ]: Specify the UDP port to be used on the RADIUS

server for authentication.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 211

Chapter 3 Introduction to CLI Installation and Operation Manual

[ acct-port <acct_port> ]: Specify the UDP port to be used on the RADIUS

server for accounting.

[ timeout <seconds> ]: Specify a timeout value. If timeout value is specified here, it will replace
the global timeout value. If you prefer to use the global value, leave this field blank.

[ retransmit <retries> ]: Specify a value for retransmit retry. If retransmit value is specified
here, it will replace the global retransmit value. If you prefer to use the global value, leave this
field blank.

[ key <key> ]: Specify a secret key. If secret key is specified here, it will replace the global
secret key. If you prefer to use the global value, leave this field blank.

Negation: (config)# no radius-server host <host_name> [ auth-port <auth_port> ]

[ acct-port <acct_port> ]

Show: # show radius-server [statistics]

3.9.36.6 (config)# radius-server key

Syntax: (config)# radius-server key <key>

Explanation: Configure RADIUS server key value. This key is shared between the
RADIUS sever and the switch.

Parameters:

<key>: Specify RADIUS server secret key value. The valid range is 1 to 63.

Example: Set RADIUS server secret key to 803321

# config t
(config)# radius-server key 803321

Negation: (config)# no radius-server key

212 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.36.7 (config)# radius-server retransmit

Syntax: (config)# radius-server retransmit <retries>

Explanation: Configure the number of times to retransmit request packets to an

authentication server that does not respond. If the server does not respond after
the last retransmit is sent, the switch considers the authentication server is dead.

Parameters:

<retries>: Specify RADIUS server retransmit value. The valid range is 1 to

1000.

Example: Set RADIUS server retransmit value to 5

# config t
(config)# radius-server retransmit 5

Negation: (config)# no radius-server retransmit

Show: # show radius-server [statistics]

3.9.36.8 (config)# radius-server timeout

Syntax: (config)# radius-server timeout <seconds>

Explanation: Configure the time the switch waits for a reply from an
authentication server before it retransmits the request.

Parameters:

<seconds>: Specify RADIUS server timeout value. The valid range is 1 to 1000.

Example: Set RADIUS server timeout to 60

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 213

Chapter 3 Introduction to CLI Installation and Operation Manual

# config t
(config)# radius-server timeout 60

Negation: (config)# no radius-server timeout

Show: # show radius-server [statistics]

3.9.37 (config)# ring

3.9.37.1 (config)# ring <instance> chain

Syntax: (config)# ring <instance> chain [ master ] east interface <port_type>

<east_port> [ edge ] west interface <port_type> <west_port> [ edge ]

Parameters:

<instance: 0-5>: Specify the ring instance number.

chain: This is a chain ring.

[ master ]: Set this ring to master ring.

east interface <port_type> <east_port> [ edge ]: Specify the east port type (Fast Ethernet or
Gigabit Ethernet) and port number. If this port is the edge port, add “edge” after the port
number.

west interface <port_type> <west_port> [ edge ]: Specify the west port type (Fast Ethernet or
Gigabit Ethernet) and port number. If this port is the edge port, add “edge” after the port
number.

Explanation: Create a chain ring instance.

Example: Create a chain instance 1.

# config t
(config)# ring 1 chain east interface GigabitEthernet 1/1 wes
interface GigabitEthernet 1/2

214 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Negation: (config)# no ring <instance>

Show: # show ring [ <instances> ]

3.9.37.2 (config)# ring <instance> ring

Syntax: (config)# ring <instance> ring [ master ] east interface <port_type>

<east_port> west interface <port_type> <west_port>

Parameters:

<instance: 0-5>: Specify the ring instance number.

ring: This is a closed ring type.

[ master ]: Set this ring to master ring.

east interface <port_type> <east_port>: Specify the east port type (Fast Ethernet or Gigabit
Ethernet) and port number.

west interface <port_type> <west_port>: Specify the west port type (Fast Ethernet or Gigabit
Ethernet) and port number.

Explanation: Create a closed ring instance.

Example: Create a ring instance 2.

# config t
(config)# ring 2 ring east interface GigabitEthernet 1/3 west
interface GigabitEthernet 1/4

Negation: (config)# no ring <instance>

Show: # show ring [ <instances> ]

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 215

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.37.3 (config)# ring <instance> sub

Syntax: (config)# ring <instance> sub [ master ] east interface <port_type>

<east_port>

Parameters:

<instance: 0-5>: Specify the ring instance number.

sub: This is a sub-ring type.

[ master ]: Set this ring to master ring.

east interface <port_type> <east_port>: Specify the east port type (Fast Ethernet or Gigabit
Ethernet) and port number.

Explanation: Create a sub ring instance.

Example: Create a ring instance 3.

# config t
(config)# ring 3 ring east interface GigabitEthernet 1/1

Negation: (config)# no ring <instance>

Show: # show ring [ <instances> ]

3.9.38 (config)# rmon

3.9.38.1 (config)# rmon alarm

Syntax: (config)# rmon alarm <id> <oid_str> <interval> { absolute | delta } rising-
threshold <rising_threshold> [ <rising_event_id> ] falling-threshold
<falling_threshold> [ <falling_event_id> ] { [ rising | falling | both ] }

Syntax: (config)# rmon alarm <id> { ifInOctets | ifInUcastPkts | ifInNUcastPkts |

ifInDiscards | ifInErrors | ifInUnknownProtos | ifOutOctets | ifOutUcastPkts |
ifOutNUcastPkts | ifOutDiscards | ifOutErrors } <ifIndex> <interval> { absolute |

216 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

delta } rising-threshold <rising_threshold> [ <rising_event_id> ] falling-threshold

<falling_threshold> [ <falling_event_id> ] { [ rising | falling | both ] }

Explanation: Configure RMON alarm settings. RMON Alarm configuration defines

specific criteria that will generate response events. It can be set to test data over
any specified time interval and can monitor absolute or changing values. Alarms
can also be set to respond to rising or falling thresholds.

Parameters:

<id>: Indicates the index of the entry. The range is from 1 to 65535.

<oid_str>: The object number of the MIB variable to be sampled. Only variables of the type
ifEntry.n.n may be sampled. Possible variables are ifInOctets, ifInUcastPkts, ifInNUcastPkts,
ifOutDiscards, ifErrors, ifInUnknownProtos, ifOutOctets, ifOutUcastPkts, ifOutNUcastPkts,
ifOutDiscards, ifOutErrors.

<interval>: The polling interval for sampling and comparing the rising and falling threshold. The
range is from 1to 2^31 (2147483647) seconds.

{ absolute | delta }: Test for absolute or relative change in the specified

variable.

Absolute: The variable is compared to the thresholds at the end of the

sampling period.

Delta: The last sample is subtracted from the current value and the difference is compared
to the thresholds.

rising-threshold <rising_threshold>: If the current value is greater than the rising threshold and
the last sample value is less than this threshold, then an alarm will be triggered. After a rising
event has been generated, another such event will not be generated until the sampled value
has fallen below the rising threshold, reaches the falling threshold, and again moves back up to
the rising threshold. The threshold range is -2147483647 to 2147483647.

[ <rising_event_id> ]: Indicates the rising index of an event. The range is 1 -

65535.

falling-threshold <falling_threshold>: If the current value is less than the falling threshold, and
the last sample value was greater than this threshold, then an alarm will be generated. After a
falling event has been generated, another such event will not be generated until the sampled
value has risen above the falling threshold, reaches the rising threshold, and again moves back
down to the failing threshold. (Range: -2147483647 to 2147483647)

[ <falling_event_id> ]: Indicates the falling index of an event. The range is 0 -

65535.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 217

Chapter 3 Introduction to CLI Installation and Operation Manual

{ [ rising | falling | both ] }: Specify a method that is used to sample the selected variable and
calculate the value to be compared against the thresholds.

rising: Trigger alarm when the first value is larger than the rising
threshold.

falling: Trigger alarm when the first value is less than the falling
threshold.

both: Trigger alarm when the first value is larger than the rising
threshold or less than the falling threshold.

Negation: (config)# no rmon alarm <id>

Show: # show rmon alarm [ <id_list> ]

# show rmon history [ <id_list> ]
# show rmon statistics [ <id_list> ]

3.9.38.2(config)# rmon event

Syntax: (config)# rmon event <id> [ log ] [ trap <community> ] { [ description

<description> ] }

Explanation: Configure RMON Event settings.

Parameters:

<id>: Specify an ID index. The range is 1 - 65535.

[ log ]: When the event is triggered, a RMON log entry will be generated.

[ trap <community> ]: A password-like community string sent with the trap. Although the
community string can be set on this configuration page, it is recommended that it be defined
on the SNMP trap configuration page prior to configuring it here. The allowed characters are 0 -
127.

{ [ description <description> ] }: Enter a descriptive comment for this entry.

Negation: (config)# no rmon event <id>

218 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Show: # show rmon alarm [ <id_list> ]

# show rmon history [ <id_list> ]

3.9.38.3 (config-if)# rmon collection history

Syntax: (config-if)# rmon collection history <id> [ buckets <buckets> ] [ interval

<interval> ]

Explanation: RMON History Configuration is to collect statistics on a physical

interface to monitor network utilization, packet types, and errors. A RMON
historical record can be used to monitor intermittent problems.

Parameters:

<id>: Specify an ID index. The range is 1~65535.

[ buckets <buckets> ]: The number of buckets requested for this entry. The allowed range is
1~65535.

[ interval <interval> ]: Indicates the polling interval. By default, 1800 seconds is specified. The
allowed range is 1~3600 seconds.

Negation: (config-if)# no rmon collection history <id>

Show: # show rmon history [ <id_list> ]

3.9.38.4 (config-if)# rmon collection stats

Syntax: (config-if)# rmon collection stats <id>

Explanation: Configure RMON Statistics table using this command.

Parameters:

<id>: Specify an ID index. The range is 1~65535.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 219

Chapter 3 Introduction to CLI Installation and Operation Manual

Negation: (config-if)# no rmon collection stats <id>

Show: # show rmon statistics [ <id_list> ]

3.9.39 (config-if)# shutdown

Syntax: (config-if)# shutdown

Explanation: Shutdown this specific interface.

Negation: (config-if)# no shutdown

Show: # show interface ( <port_type> [ <v_port_type_list> ] ) status

3.9.40 (config)# snmp-server

3.9.40.1 (config)# snmp-server

Syntax: (config)# snmp-server

Explanation: Enable SNMP server service.

Example: Enable SNMP server service.

# config t
(config)# snmp-server

Negation: (config)# no snmp-server

Show: # show snmp

220 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.40.2 (config)# snmp-server access

Syntax: (configt)# snmp-server access <group_name> model { v1 | v2c | v3 | any }

level { auth | noauth | priv } [ read <view_name> ] [ write <write_name> ]

Explanation: Configure SNMP access settings.

Parameters:

<group_name>: A string identifying the group name that this entry should belong to. The
allowed string length is 1 to 32, and the allowed content is ASCII characters from 0x21 to 0x7E.

model { v1 | v2c | v3 | any }: Indicates the security model that this entry should belong to.
Possible security models are:

any: Any security model accepted(v1|v2c|usm).

v1: Reserved for SNMPv1.

v2c: Reserved for SNMPv2c.

v3: User-based Security Model (USM) for SNMPv3.

level { auth | noauth | priv }: Indicates the security level that this entry should belong to.
Possible security models are:

auth: Authentication and no privacy.

noauth: No authentication and no privacy.

priv: Authentication and privacy.

[ read <view_name> ]: The name of the MIB view defining the MIB objects for which this
request may request the current values. The allowed string length is 1 to 32, and the allowed
content is ASCII characters from 0x21 to 0x7E.

[ write <write_name> ]: The name of the MIB view defining the MIB objects for which this
request may potentially set new values. The allowed string length is 1 to 32, and the allowed
content is ASCII characters from 0x21 to 0x7E.

Negation: (config)# no snmp-server access <group_name> model { v1 | v2c | v3 |

any } level { auth | noauth | priv }

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 221

Chapter 3 Introduction to CLI Installation and Operation Manual

Show: # show snmp access [ <group_name> { v1 | v2c | v3 | any } { auth | noauth |

priv } ]

3.9.40.3 (config)# snmp-server community v2c

Syntax: (config)# snmp-server community v2c <comm> [ ro | rw ]

Explanation: Configure Read or Write community string.

Parameters:

<comm >: Indicate a community read or write access string to permit access to the SNMP
agent. The allowed string length is 0 to 255, and the allowed content is the ASCII characters
from 0x21 to 0x7E.

[ ro | rw ]: Indicates whether the specified community applies to read only access string or read
& write access string.

Example: Set Write community access string to private123.

# config t
(config)# snmp-server community v2c private124 rw

Negation: (config)# no snmp-server community v2c

Show: # show snmp

3.9.40.4 (config)# snmp-server community v3

Syntax: (config)# snmp-server community v3 <v3_comm> [ <v_ipv4_addr>

<v_ipv4_netmask> ]

Explanation: Configure SNMP server community v3 value.

Parameters:

222 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

<v3_comm>: Specify SNMPv3 community string.

[ <v_ipv4_addr> <v_ipv4_netmask> ]: Specify IPv4 address and subnet mask

address.

Negation: (config)# no snmp-server community v3 <word127>

Show: # show snmp

# show snmp community v3

3.9.40.5 (config)# snmp-server contact

Syntax: (config)# snmp-server contact <v_line255>

Explanation: Configure system contact information.

Parameters:

<v_line255>: Specify system contact information. This could be a person’s

name, email address or other descriptions. The allowed string length is 0 – 255
and the allowed content is the ASCII characters from 32 – 126.

Example: Set system contact information to “[email protected]”

# config t
(config)# snmp-server contact [email protected]

Negation: (config)# no snmp-server contact

3.9.40.6 (config)# snmp-server engine-id local

Syntax: (config)# snmp-server engine-id local <engineID>

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 223

Chapter 3 Introduction to CLI Installation and Operation Manual

Explanation: Configure SNMP server v3 Engine ID value.

Parameters:

<engineID>: Indicates the SNMPv3 engine ID. The string must contain an even number (in
hexadecimal format) with number of digits between 10 and 64, but all-zeros and all-'F's are not
allowed. Changes to the Engine ID will clear all original local users.

Negation: (config)# no snmp-server engined-id local

Show: # show snmp

3.9.40.7 (config)# snmp-server host

Syntax: (config)# snmp-server host <conf_name>

Explanation: Configure SNMP server hostname.

Parameters:

<conf_name: word 32>: Specify a host name. Once “Enter” is pressed, the CLI prompt changes
to (config-snmps-host)#.

Example: Set SNMP server hostname to RemoteSnmp

# config t
(config)# snmp-server host RemoteSnmp

Negation: (config)# snmp-server host <conf_name>

Show: # show snmp host [ <conf_name> ] [ system ] [ switch ] [ power ]

[ interface ] [ aaa ]

3.9.40.8 (config)# snmp-server location

Syntax: (config)# snmp-server location <v_line255>

224 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Parameters:

<v_line255>: Specify the descriptive location of this device. The allowed string
length is 0 – 255.

Example: Set the location to “Cabinet A22”

# config t
(config)# snmp-server location Cabinet A22

Negation: (config)# no snmp-server location

3.9.40.9 (config)# snmp-server security-to-group model

Syntax: (configt)# snmp-server security-to-group model { v1 | v2c | v3 } name

<security_name> group <group_name>

Explanation: Configure SNMPv3 Group settings.

Parameters:

{ v1 | v2c | v3 }: Indicates the security model that this entry should belong to.

<security_name>: A string identifying the security name that this entry should belong to.
The allowed string length is 1 to 32, and the allowed content is ASCII characters from 0x21
to 0x7E.

<group_name>: A string identifying the group name that this entry should belong to. The
allowed string length is 1 to 32, and the allowed content is ASCII characters from 0x21 to
0x7E.

Negation: (config)# no snmp-server security-to-group model { v1 | v2c | v3 } name

<security_name>

Show: # show snmp security-to-group [ { v1 | v2c | v3 } <security_name> ]

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 225

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.40.10 (config)# snmp-server trap

Syntax: (config)# snmp-server trap

Explanation: Enable SNMP server trap function.

Example: Enable SNMP server trap function.

# config t
(config)# snmp-server trap

Negation: (config)# no snmp-server trap

Show: # show snmp

3.9.40.11 (config)# snmp-server user

Syntax: (configt)# snmp-server user <username> engine-id <engineID> [ { md5

<md5_passwd> | sha <sha_passwd> } [ priv { des | aes } <priv_passwd> ] ]

Explanation: Configure SNMPv3 User settings.

Parameters:

<username: word 32>: A string identifying the user name that this entry should belong to. The
allowed string length is 1 to 32, and the allowed content is ASCII characters from 0x21 to 0x7E.

engine-id <engineID>: An octet string identifying the engine ID that this entry should belong to.
The string must contain an even number (in hexadecimal format) with number of digits
between 10 and 64, but all-zeros and all-'F's are not allowed. The SNMPv3 architecture uses
the User-based Security Model (USM) for message security and the View-based Access Control
Model (VACM) for access control. For the USM entry, the usmUserEngineID and usmUserName
are the entry's keys. In a simple agent, usmUserEngineID is always that agent's own
snmpEngineID value. The value can also take the value of the snmpEngineID of a remote SNMP
engine with which this user can communicate. In other words, if user engine ID equal system
engine ID then it is local user; otherwise it is a remote user.

226 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

{ md5 <md5_passwd> | sha <sha_passwd> }: Indicates the authentication protocol that this
entry should belong to. Possible authentication protocols are:

md5 <md5_passwd>: An optional flag to indicate that this user uses MD5 authentication
protocol. A string identifying the authentication password phrase. For MD5 authentication
protocol, the allowed string length is 8 to 32 characters. For SHA authentication protocol,
the allowed string length is 8 to 40 characters. The allowed content is ASCII characters
from 0x21 to 0x7E.

sha <sha_passwd>: An optional flag to indicate that this user uses SHA authentication
protocol. A string identifying the authentication password phrase. For MD5 authentication
protocol, the allowed string length is 8 to 32 characters. For SHA authentication protocol,
the allowed string length is 8 to 40 characters. The allowed content is ASCII characters
from 0x21 to 0x7E.

[ priv { des | aes } <priv_passwd> ] ]: Indicates the privacy protocol that this entry should
belong to. Possible privacy protocols are:

DES: An optional flag to indicate that this user uses DES authentication protocol.

AES: An optional flag to indicate that this user uses AES authentication protocol.

<priv_passwd>: A string identifying the privacy password phrase. The allowed string length
is 8 to 32, and the allowed content is ASCII characters from 0x21 to 0x7E.

Negation: (config)# no snmp-server user <username> engine-id <engineID>

Show: #show snmp user [ <username> <engineID> ]

3.9.40.12 (config)# snmp-server version

Syntax: (config)# snmp-server version { v1 | v2c | v3 }

Explanation: Configure SNMP server version.

Parameters:

{ v1 | v2c | v3 }: Specify which SNMP server version you want to use.

Example: Set SNMP server version to v3.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 227

Chapter 3 Introduction to CLI Installation and Operation Manual

# config t
(config)# snmp-server version v3

Negation: (config)# no snmp-server version

Show: # show snmp

3.9.40.13 (config)# snmp-server view

Syntax: (configt)# snmp-server view <view_name> <oid_subtree> { include |

exclude }

Explanation: Configure SNMPv3 MIB view name.

Parameters:

<view_name>: A string identifying the view name that this entry should belong to. The
allowed string length is 1 to 32, and the allowed content is ASCII characters from 0x21 to
0x7E.

<oid_subtree>: The OID defining the root of the subtree to add to the named view. The
allowed OID length is 1 to 128.

{ include | exclude }: Indicates the view type that this entry should belong to. Possible view
types are:

included: An optional flag to indicate that this view subtree should be included.

excluded: An optional flag to indicate that this view subtree should be excluded. In
general, if a view entry's view type is 'excluded', there should be another view entry
existing with view type as 'included' and it's OID subtree should overstep the
'excluded' view entry.

Negation: (config)# no snmp-server view <view_name> <oid_subtree>

Show: # show snmp view [ <view_name> <oid_subtree> ]

228 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.40.14 (config-if)# snmp-server host <conf_name> traps

Syntax: (config-if)# snmp-server host <conf_name> traps [ linkup ] [ linkdown ]

[ lldp ]

Explanation: Configure SNMP trap events for the selected interface.

Parameters:

<conf_name: word 32>: Specify the name of the trap.

traps [ linkup ] [ linkdown ] [ lldp ]: Enable the selected interfaces’ trap

events.

[ linkup ]: Port link up trap.

[ linkdown ]: Port link down trap.

[ lldp ]: LLDP (Link Layer Discovery Protocol) trap.

Negation: (config-if)# no snmp-server host <conf_name> traps

3.9.40.15 (config-snmps-host)# alarm

Syntax: (config-snmps-host)# alarm [ power [ power1 ] [ power2 ] ]

Explanation: Configure power alarms for this host.

Parameters:

[ power [ power1 ] [ power2 ] ]: Initiate power alarms when Power 1 or

Power 2 fails.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 229

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.40.16 (config-snmps-host)# host <v_ipv6_ucast>

Syntax: (config-snmps-host)# host <v_ipv6_ucast> [ <udp_port> ] [ traps |

informs ]

Explanation: Indicates the SNMP trap destination address.

Parameters:

<v_ipv6_ucast>: Specify the IPv6 address. It allows a valid IP address in dotted decimal notation
('x.y.z.w'). Also allowed is a valid hostname. A valid hostname is a string drawn from the
alphabet (A-Z; a-z), digits (0-9), dot (.) and dash (-). Spaces are not allowed. The first character
must be an alpha character, and the first and last characters cannot be a dot or a dash.

[ <udp_port> ]: Indicates the SNMP trap destination port. SNMP Agent will send SNMP message
via this port, the port range is 1~65535. The default SNMP trap port is 162.

[ traps | informs ]: Specify one of the options.

Negation: (config-snmps-host)# no host

3.9.40.17 (config-snmps-host)# host <v_ipv4_ucast>

Syntax: (config-snmps-host)# host { <v_ipv4_ucast> | <v_word45> } [ <udp_port> ]

[ traps | informs ]

Explanation: Configure the SNMP trap destination IPv4 address.

Parameters:

{ <v_ipv4_ucast> | <v_word45> }: Indicates the SNMP trap destination address. It allows a valid
IP address in dotted decimal notation ('x.y.z.w'). Also allowed is a valid hostname. A valid
hostname is a string drawn from the alphabet (A-Z; a-z), digits (0-9), dot (.) and dash (-).
Spaces are not allowed. The first character must be an alpha character, and the first and last
characters cannot be a dot or a dash.

[ <udp_port> ]: Indicates the SNMP trap destination port. SNMP Agent will send SNMP message
via this port, the port range is 1~65535. The default SNMP trap port is 162.

[ traps | informs ]: Specify one of the options.

230 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Negation: (config-snmps-host)# no host

3.9.40.18 (config-snmps-host)# version

Syntax: (config-snmps-host)# version { v1 [ <v1_comm> ] | v2 [ <v2_comm> ] | v3

[ probe | engineID <v_word10_to_32> ] [ <securtyname> ] }

Parameters:

{ v1 [ <v1_comm> ] | v2 [ <v2_comm> ] | v3 [ probe | engineID <v_word10_to_32> ]

[ <securtyname> ] }: Specify one of the SNMP versions.

v1 [v1_comm]: Support SNMPv1 and trap community access string when sending SNMP
trap packet. The allowed string length is 0 to 255, and the allowed content is ASCII
characters from 0x21 to 0x7E.

v2 [v2_comm]: Support SNMPv2c and trap community access string when sending SNMP
trap packet. The allowed string length is 0 to 255, and the allowed content is ASCII
characters from 0x21 to 0x7E.

v3 [ probe | engineID <v_word10_to_32> ] [ <securtyname> ]: Support SNMPv3.

[ probe | engineID <v_word10_to_32> ]: Indicates the SNMP trap probe security engine
ID or SNMP trap security engine ID. SNMPv3 sends traps and informs use USM for
authentication and privacy. A unique engine ID for these traps and informs is needed.
When "Trap Probe Security Engine ID" is enabled, the ID will be probed automatically.
Otherwise, the ID specified in this field is used. The string must contain an even
number (in hexadecimal format) with number of digits between 10 and 64, but all-
zeros and all-'F's are not allowed.

[ <securtyname> ]: Indicates the SNMP trap security name. SNMPv3 traps and informs
use USM for authentication and privacy. A unique security name is needed when traps
and informs are enabled.

Explanation: Configure SNMP version and its corresponding values.

Example: Support SNMPv2c version.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 231

Chapter 3 Introduction to CLI Installation and Operation Manual

# config t
(config-snmps-host)# version v2 public

Negation: (config-snmps-host)# no version

3.9.40.19 (config-snmps-host)# informs retries

Syntax: (config-snmps-host)# informs retries <retries> timeout <timeout>

Explanation: Configure SNMP trap retry times and timeout.

Parameters:

<retries>: Indicates the SNMP trap inform retry times. The allowed range is 0
to 255.

<timeout>: Indicates the SNMP trap inform timeout. The allowed range is 0
to 2147.

Negation: (config-snmps-host)# no informs

3.9.40.20 (config-snmps-host)# shutdown

Syntax: (config-snmps-host)# shutdown

Parameters: None.

Explanation: Disable the SNMP trap mode.

Example: Disable the SNMP trap mode.

# config t
(config-snmps-host)# shutdown

232 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Negation: (config-snmps-host)# no shutdown

3.9.40.21 (config-snmps-host)# traps

Syntax: (config-snmps-host)# traps [ aaa authentication ] [ system [ coldstart ]

[ warmstart ] ] [ switch [ stp ] [ rmon ] ]

Explanation: Configure SNMP trap events.

Parameters:

[ aaa authentication ]: Authentication, Authorization and Accounting. A trap will be issued at

any authentication failure.

[ system [ coldstart ] [ warmstart ] ]: The system trap events include the

following.

coldstart: The switch has booted from a powered off or due to power cycling (power
failure).

warmstart: The switch has been rebooted from an already powered on

state.

[ switch [ stp ] [ rmon ] ]: Indicates that the Switch group's traps. Possible
traps are:

stp: Enable STP trap.

rmon: Enable RMON trap.

Example: Send a trap notice when any authentication fails.

# config t
(config-snmps-host)# traps aaa authentication

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 233

Chapter 3 Introduction to CLI Installation and Operation Manual

Negation: (config-snmps-host)# no traps

Show: # show snmp host [ <conf_name> ] [ system ] [ switch ] [ interface ]

[ aaa ]

3.9.41 (config)# spanning-tree

3.9.41.1 (config)# spanning-tree aggregation

Syntax: (config)# spanning-tree aggregation

Explanation: Enable aggregation mode of Spanning Tree.

Example: Enter aggregation mode.

# config t
(config)# spanning-tree aggregation
(config-stp-aggr)#

Show: # show spanning-tree

3.9.41.2 (config-stp-aggr)# spanning-tree

Syntax: (config-stp-aggr)# spanning-tree

Explanation: Enable Spanning Tree under aggregation mode.

Negation: (config-stp-aggr)# no spanning-tree

Show: # show spanning-tree

234 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.41.3 (config-stp-aggr)# spanning-tree auto-edge

Syntax: (config-stp-aggr)# spanning-tree auto-edge

Explanation: Enable auto edge function. When enabled, a port is automatically

determined to be at the edge of the network when it receives no BPDUs.

Negation: (config-stp-aggr)# no spanning-tree auto-edge

Show: # show spanning-tree

3.9.41.4 (config-stp-aggr)# spanning-tree bpdu-guard

Syntax: (config-stp-aggr)# spanning-tree bpdu-guard

Explanation: Enable BPDU guard function. This feature protects ports from
receiving BPDUs. It can prevent loops by shutting down a port when a BPDU is
received instead of putting it into the spanning tree discarding state. If enabled,
the port will disable itself upon receiving valid BPDU's.

Negation: (config-stp-aggr)# no spanning-tree bpdu-guard

Show: # show spanning-tree

3.9.41.5 (config-stp-aggr)# spanning-tree edge

Syntax: (config-stp-aggr)# spanning-tree edge

Explanation: If an interface is attached to end nodes, you can set it to “Edge”.

Negation: (config-stp-aggr)# no spanning-tree edge

Show: # show spanning-tree

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 235

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.41.6 (config-stp-aggr)# spanning-tree link-type

Syntax: (config-stp-aggr)# spanning-tree link-type { point-to-point | shared |

auto }

Explanation: Configure the link type attached to an interface.

Parameters:

{ point-to-point | shared | auto }: Select the link type attached to an interface.

point-to-point: It is a point-to-point connection.

shared: It is a shared medium connection

auto: The switch automatically determines whether the interface is attached to a point-to-
point link or shared medium.

Negation: (config-stp-aggr)# no spanning-tree link-type

Show: # show spanning-tree

3.9.41.7 (config-stp-aggr)# spanning-tree mst <instance> cost

Syntax: (config-stp-aggr)# spanning-tree mst <instance> cost { <cost> | auto }

Explanation: Configure MSTI and its’ path cost value.

Parameters:

mst <instance: 0-15>: Specify MST instance number. Specify “0” to denote CIST. Specify “1-15”
to denote MSTI 1-15.

cost { <cost> | auto }: Specify a Path cost value that is used to determine the best path between
devices. Valid values are 1 to 200000000. If “auto” mode is specified, the system automatically
detects the speed and duplex mode to decide the path cost. Please note that path cost takes
precedence over port priority.

Negation: (config-stp-aggr)# no spanning-tree mst <instance> cost

236 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Show: # show spanning-tree

3.9.41.8 (config-stp-aggr)# spanning-tree mst <instance>

port-priority

Syntax: (config-stp-aggr)# spanning-tree mst <instance> port-priority <prio>

Explanation: Configure MSTI and its’ port priority.

Parameters:

mst <instance: 0-15>: Specify MST instance number. Specify “0” to denote CIST. Specify “1-15”
to denote MSTI 1-15.

port-priority <prio>: Specify a port priority value.

Negation: (config-stp-aggr)# no spanning-tree mst <instance> port-priority

Show: # show spanning-tree

3.9.41.9 (config-stp-aggr)# spanning-tree restricted-role

Syntax: (config-stp-aggr)# spanning-tree restricted-role

Explanation: Enable restricted role function. If enabled, this causes the port not
to be selected as Root Port for the CIST or any MSTI, even if it has the best
spanning tree priority.

Negation: (config-stp-aggr)# no spanning-tree restricted-role

Show: # show spanning-tree

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 237

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.41.10 (config-stp-aggr)# spanning-tree restricted-tcn

Syntax: (config-stp-aggr)# spanning-tree restricted-tcn

Explanation: Enable restricted TCN function. If enabled, this causes the port not
to propagate received topology change notifications and topology changes to
other ports.

Negation: (config-stp-aggr)# no spanning-tree restricted-tcn

Show: # show spanning-tree

3.9.41.11 (config)# spanning-tree edge bpdu-filter

Syntax: (config)# spanning-tree edge bpdu-filter

Explanation: Enable edge BPDU filtering function. The purpose of Port BPDU
Filtering is to prevent the switch from sending BPDU frames on ports that are
connected to end devices.

Example: Enable edge BPDU filtering function.

# config t
(config)# spanning-tree edge bpdu-filter

Negation: (config)# no spanning-tree edge bpdu-filter

Show: # show spanning-tree

3.9.41.12 (config)# spanning-tree edge bpdu-guard

Syntax: (config)# spanning-tree edge bpdu-guard

Explanation: Enable edge BPDU guard function. Edge ports generally connect
directly to PC, file servers or printers. Therefore, edge ports are configured to allow
rapid transition. Under normal situations, edge ports should not receive
configuration BPDUs. However, if they do, this probably is due to malicious attacks

238 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

or mis-settings. When edge ports receive configuration BPDUs, they will be

automatically set to non-edge ports and start a new spanning tree calculation
process.

BPDU Guard is therefore used to prevent the device from suffering malicious
attacks. With this function enabled, when edge ports receive configuration
BPDUs, STP disables those affected edge ports. After a period of recovery time,
those disabled ports are re-activated.

Example: Enable edge BPDU guard function.

# config t
(config)# spanning-tree edge bpdu-guard

Negation: (config)# no spanning-tree edge bpdu-guard

Show: # show spanning-tree

3.9.41.13 (config)# spanning-tree mode

Syntax: (config)# spanning-tree mode { stp | rstp | mstp }

Parameters:

{ stp | rstp | mstp }: Specify one of the STP protocol versions.

Explanation: Configure the desired STP protocol version.

Example: Set the spanning tree mode to MSTP.

# config t
(config)# spanning-tree mode mstp

Negation: (config)# no spanning-tree mode

Show: # show spanning-tree

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 239

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.41.14 (config)# spanning-tree mst <instance> priority

<prio>

Syntax: (config)# spanning-tree mst <instance> priority <prio>

Parameters:

<instance: 0-7>: Specify an instance ID. “0” means CIST. “1-7” means MSTI 1-
7.

<prio: 0-61440>: Specify a priority value.

Explanation: Specify an appropriate priority for a MSTI instance. Bridge priority is

used in selecting the root device, root port, and designated port. The device with
the highest priority becomes the root device. However, if all devices have the same
priority, the device with the lowest MAC address will then become the root device.
Note that lower numeric values indicate higher priority. The bridge priority plus the
MSTI instance number, concatenated with the 6-byte MAC address of the switch
forms a Bridge Identifier.

Example: Map MST Instance 1 to priority 61440.

# config t
(config)# spanning-tree mst 1 priority 61440

Negation: (config)# no spanning-tree mst <instance> priority

Show: # show spanning-tree

3.9.41.15 (config)# spanning-tree mst <instance> vlan

<v_vlan_list>

Syntax: (config)# spanning-tree mst <instance> vlan <v_vlan_list>

Parameters:

<instance: 0-7>: Specify an instance ID. “0” means CIST. “1-7” means MSTI 1-
7.

240 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

<v_vlan_list>: Specify a list of VLANs for the specified MST instance. Separate VLANs with a
comma and use hyphen to denote a range of VLANs. (Example: 2,5,20-40)

Explanation: Specify VLANs mapped to a certain MSTI. Both a single VLAN and a
range of VLANs are allowed.

Example: Map MST Instance 1 to VLAN 90 and VLAN 101-105.

# config t
(config)# spanning-tree mst 1 vlan 90,101-105

Negation: (config)# no spanning-tree mst <instance> vlan

3.9.41.16 (config)# spanning-tree mst forward-time

Syntax: (config)# spanning-tree mst forward-time <fwdtime>

Parameters:

<fwdtime: 4-30>: Specify forward delay value between 4 and 30 (seconds).

Explanation: Fort STP bridges, the Forward Delay is the time spent in each Listening
and Learning state before the Forwarding state is entered. This delay occurs when
a new bridge comes onto a network.

Example: Set the forward delay to 15 seconds.

# config t
(config)# spanning-tree mst forward-time 15

Negation: (config)# no spanning-tree mst forward-time

Show: # show spanning-tree

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 241

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.41.17 (config)# spanning-tree mst max-age

Syntax: (config)# spanning-tree mst max-age <maxage> [ forward-time

<fwdtime> ]

Parameters:

<maxage: 6-40>: Specify the max age value. The valid range is from 6 to 40.

[ forward-time <fwdtime> ]: Fort STP bridges, the Forward Delay is the time spent in each
Listening and Learning state before the Forwarding state is entered. This delay occurs when a
new bridge comes onto a network. Valid values are 4-30 seconds.

Explanation: If another switch in the spanning tree does not send out a hello packet
for a period of time, it is considered to be disconnected. Valid values are 6 to 40
seconds, and Max Age values must be smaller than or equal to (Forward Delay-
1)*2.

Example: Set the max age to 20 seconds.

# config t
(config)# spanning-tree mst max-age 20

Negation: (config)# no spanning-tree mst max-age

Show: # show spanning-tree

3.9.41.18 (config)# spanning-tree mst max-hops

Syntax: (config)# spanning-tree mst max-hops <maxhops>

Parameters:

<maxhops>: Specify the maximum hop count value. The valid range is from 6
to 40.

242 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Explanation: The maximum number of hops allowed for MST region before a BPDU
is discarded. Each bridge decrements the hop count by one before passing on the
BPDU. When the hop count reaches zero, the BPDU is discarded. The default hop
count is 20. The allowed range is 6-40.

Example: Set the maximum hop count to 20.

# config t
(config)# spanning-tree mst max-hops 20

Negation: (config)# no spanning-tree mst max-hops

Show: # show spanning-tree

3.9.41.19 (config)# spanning-tree mst name

Syntax: (config)# spanning-tree mst name <name> revision <v_0_to_65535>

Parameters:

name <name>: Specify a name for this MSTI. By default, the switch’s MAC address is used. The
maximum length is 32 characters. In order to share spanning trees for MSTI, bridges must have
the same configuration name and revision value.

revision <v_0_to_65535>: Specify a revision number for this MSTI. The

allowed range is 0 – 65535.

Explanation: Configure a name and revision number for this MSTI.

Negation: (config)# no spanning-tree mst name

Show: # show spanning-tree

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 243

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.41.20 (config)# spanning-tree recovery interval

Syntax: (config)# spanning-tree recovery interval <interval>

Parameters:

<interval>: The time that has to pass before a port in the error-disabled state can be enabled.
The allowed range is 30 – 86400 (seconds).

Explanation: When enabled, a port that is in the error-disabled state can

automatically be enabled after a certain time.

Example: Set the spanning tree recovery interval to 50.

# config t
(config)# spanning-tree recovery interval 50

Negation: (config)# no spanning-tree recovery interval

Show: # show spanning-tree

3.9.41.21 (config)# spanning-tree transmit hold-count

Syntax: (config)# spanning-tree transmit hold-count <holdcount>

Parameters:

<holdcount:1-10>: Specify the transmit hold-count. The allowed transmit hold count is 1 to 10.

Explanation: The number of BPDU sent by a bridge port per second. When
exceeded, transmission of the next BPDU will be delayed. By default, it is set to 6.
The allowed transmit hold count is 1 to 10. Please note that increasing this value
might have a significant impact on CPU utilization and decreasing this value might
slow down convergence. It is recommended to remain Transmit Hold Count to the
default setting.

244 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Example: Set the spanning tree transmit hold-count to 6.

# config t
(config)# spanning-tree transmit hold-count 6

Negation: (config)# no spanning-tree transmit hold-count

Show: # show spanning-tree

3.9.41.22 (config-if)# spanning-tree

Syntax: (config-if)# spanning-tree

Explanation: Enable Spanning Tree on this interface.

Negation: (config-if)# no spanning-tree

Show: # show spanning-tree

3.9.41.23 (config-if)# spanning-tree auto-edge

Syntax: (config-if)# spanning-tree auto-edge

Explanation: Enable auto edge function on this interface. When enabled, a port is
automatically determined to be at the edge of the network when it receives no
BPDUs.

Negation: (config-if)# no spanning-tree auto-edge

Show: # show spanning-tree

3.9.41.24 (config-if)# spanning-tree bpdu-guard

Syntax: (config-if)# spanning-tree bpdu-guard

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 245

Chapter 3 Introduction to CLI Installation and Operation Manual

Explanation: Enable BPDU guard function on this interface. This feature protects
ports from receiving BPDUs. It can prevent loops by shutting down a port when a
BPDU is received instead of putting it into the spanning tree discarding state. If
enabled, the port will disable itself upon receiving valid BPDU's.

Negation: (config-if)# no spanning-tree bpdu-guard

Show: # show spanning-tree

3.9.41.25 (config-if)# spanning-tree edge

Syntax: (config-if)# spanning-tree edge

Explanation: If an interface is attached to end nodes, you can set it to “Edge”.

Negation: (config-if)# no spanning-tree edge

Show: # show spanning-tree

3.9.41.26 (config-if)# spanning-tree link-type

Syntax: (config-if)# spanning-tree link-type { point-to-point | shared | auto }

Explanation: Configure the link type attached to an interface.

Parameters:

{ point-to-point | shared | auto }: Select the link type attached to an interface.

point-to-point: It is a point-to-point connection.

shared: It is a shared medium connection

auto: The switch automatically determines whether the interface is attached to a point-to-
point link or shared medium.

246 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Negation: (config-if)# no spanning-tree link-type

Show: # show spanning-tree

3.9.41.27 (config-if)# spanning-tree mst <instance> cost

Syntax: (config-if)# spanning-tree mst <instance> cost { <cost> | auto }

Explanation: Configure MSTI and its’ path cost value.

Parameters:

mst <instance: 0-15>: Specify MST instance number. Specify “0” to denote CIST. Specify “1-15”
to denote MSTI 1-15.

cost { <cost> | auto }: Specify a Path cost value that is used to determine the best path between
devices. Valid values are 1 to 200000000. If “auto” mode is specified, the system automatically
detects the speed and duplex mode to decide the path cost. Please note that path cost takes
precedence over port priority.

Negation: (config-if)# no spanning-tree mst <instance> cost

Show: # show spanning-tree

3.9.41.28 (config-if)# spanning-tree mst <instance> port-

priority

Syntax: (config-if)# spanning-tree mst <instance> port-priority <prio>

Explanation: Configure MSTI and its’ port priority.

Parameters:

mst <instance: 0-15>: Specify MST instance number. Specify “0” to denote CIST. Specify “1-15”
to denote MSTI 1-15.

port-priority <prio>: Specify a port priority value.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 247

Chapter 3 Introduction to CLI Installation and Operation Manual

Negation: (config-if)# no spanning-tree mst <instance> port-priority

Show: # show spanning-tree

248 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.41.29 (config-if)# spanning-tree restricted-role

Syntax: (config-if)# spanning-tree restricted-role

Explanation: Enable restricted role function. If enabled, this causes the port not
to be selected as Root Port for the CIST or any MSTI, even if it has the best
spanning tree priority.

Negation: (config-if)# no spanning-tree restricted-role

Show: # show spanning-tree

3.9.41.30 (config-if)# spanning-tree restricted-tcn

Syntax: (config-if)# spanning-tree restricted-tcn

Explanation: Enable restricted TCN function. If enabled, this causes the port not
to propagate received topology change notifications and topology changes to
other ports.

Negation: (config-if)# no spanning-tree restricted-tcn

Show: # show spanning-tree

3.9.42 (config-if)# speed

Syntax: (config-if)# speed { 10g| 1000 | 100 | 10 | twin| auto { [ 10 ] [ 100 ]
[ 1000 ] } }

Explanation: Configure port speed for this specific interface.

Negation: (config-if)# no speed

Show: # show interface ( <port_type> [ <v_port_type_list> ] ) status

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 249

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.43 (config)# switchport

3.9.43.1 (config)# switchport vlan mapping

Syntax: (config)# switchport vlan mapping <group ID> <vlan_list>

<translation_vlan>

Explanation: VLAN Translation is especially useful for users who want to translate
the original VLAN ID to a new VLAN ID so as to exchange data across different
VLANs and improve VLAN scaling. VLAN translation replaces an incoming C-VLAN
tag with an S-VLAN tag instead of adding an additional tag. When configuring VLAN
Translation, both ends of the link normally must be able to replace tags
appropriately. In other words, both ends must be configured to translate the C-
VLAN tag to S-VLAN tag and S-VLAN tag to C-VLAN tag appropriately in a network.
Note that only access ports support VLAN translation. It is not recommended to
configure VLAN Translation on trunk ports.

Parameters:

<group ID: 1-28>: Indicate the Group ID that applies to this translation rule.

<vlan_list>: Indicate the VLAN ID that will be mapped to a new VID.

<translation_vlan>: Indicate the new VID to which VID of ingress frames will be changed.

Example: Map the group ID 5 with VLAN ID 100 to be translated to 201.

# config t
(config)# switchport vlan mapping 5 100 201

Negation: (config)# no switchport vlan mapping <group> <v_vlan_id_from>

3.9.43.2 (config-if)# switchport access vlan

Syntax: (config-if)# switchport access vlan <pvid>

Explanation: Configure access VLAN ID for this interface.

Parameters:

250 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

<pvid>: Indicate the access VLAN ID (PVID) for this interface.

Example: Set the interface 1’s access VLAN ID to 10.

# config t
(config)# interface GigabitEthernet 1/1
(config-if)# switchport access vlan 10
(config-if)#

Negation: (config-if)# no switchport access vlan

Show: # show vlan status

3.9.43.3 (config-if)# switchport forbidden vlan

Syntax: (config-if)# switchport forbidden vlan { add | remove } <vlan_list>

Explanation: Add or remove a port from the forbidden VLAN list.

Parameters:

{ add | remove }: Add or remove this specific interface from the forbidden VLAN list.

<vlan_list>: Specify the VLAN ID.

Negation: (config-if)# no switchport access vlan

Show: > show switchport forbidden [ { vlan <vid> } | { name <name> } ]

# show switchport forbidden [ { vlan <vid> } | { name <name> } ]

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 251

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.43.4 (config-if)# switchport hybrid acceptable-frame-type

Syntax: (config-if)# switchport hybrid acceptable-frame-type { all | tagged |

untagged }

Explanation: Configure the accepted frame types. Available options include “all”
(accept all frames), “tagged” (accept only tagged frames), “untagged” (accept only
untagged frames). This parameter affects VLAN ingress processing. If the port only
accepts tagged frames, untagged frames received on the port are discarded. By
default, frame type is set to All.

Parameters:

{ all | tagged | untagged }: Specify the frame type for this interface. Available options include
“all” (accept all frames), “tagged” (accept only tagged frames), “untagged” (accept only
untagged frames).

Negation: (config-if)# no switchport hybrid acceptable-frame-type

Show: # show vlan status

3.9.43.5 (config-if)# switchport hybrid allowed vlan

Syntax: (config-if)# switchport hybrid allowed vlan { all | none | [ add | remove |
except ] <vlan_list> }

Explanation: Configure allowed VLANs when this interface is in hybrid mode.

Parameters:

{ all | none | [ add | remove | except ] <vlan_list> }: Specify one of the options.

all: All VLANs.

none: No VLANs.

add: Add VLANs to the current list.

remove: Remove VLANs from the current list

252 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

except: All VLANs except the following specified in <vlan_list>.

<vlan_list>: Specify the VLAN list.

Negation: (config-if)# no switchport hybrid allowed vlan

Show: # show vlan status

3.9.43.6 (config-if)# switchport hybrid egress-tag

Syntax: (config-if)# switchport hybrid egress-tag { none | all [ except-native ] }

Explanation: Determines egress tagging of a port.

Parameters:

{ none | all [ except-native ] }: Determines egress tagging of a port.

none: All VLANs are untagged.

all: All VLANs are tagged.

all [except-native]: All VLANs except the configured PVID will be tagged.

Negation: (config-if)# no switchport hybrid egress-tag

Show: # show vlan status

3.9.43.7 (config-if)# switchport hybrid ingress-filtering

Syntax: (config-if)# switchport hybrid ingress-filtering

Explanation: Enable ingress filtering function on this specific interface. If Ingress

Filtering is enabled and the ingress port is not a member of a VLAN, the frame from
the ingress port is discarded. By default, ingress filtering is disabled.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 253

Chapter 3 Introduction to CLI Installation and Operation Manual

Negation: (config-if)# no switchport hybrid ingress-filtering

Show: # show vlan status

3.9.43.8 (config-if)# switchport hybrid native vlan

Syntax: (config-if)# switchport hybrid native vlan <pvid>

Explanation: Configures the VLAN identifier in Hybrid mode for the port. The
allowed values are from 1 through 4095. The default value is 1.

Parameters:

<pvid>: Specify the port VLAN ID for this specific interface.

Negation: (config-if)# no switchport hybrid native vlan

Show: # show vlan status

254 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.43.9 (config-if)# switchport hybrid port-type

Syntax: (config-if)# switchport hybrid port-type { unaware | c-port | s-port | s-

custom-port }

Explanation: Configures the port type in Hybrid mode for the port.

Parameters:

{ unaware | c-port | s-port | s-custom-port }: There are four port types available. Each port
type’s ingress and egress action is described in the following table.

Action Egress
Ingress Action
Port Action
Type
When a tagged The TPID of
frame is received frame
on a port, transmitted
1. If the tagged frame with by Unaware
TPID=0x8100, it becomes a port will be
double-tag frame and is set to
forwarded. 0x8100. The
2. If the TPID of tagged frame is final status
Unaware not 0x8100 (ex. 0x88A8), it will of the frame
be discarded. after
egressing
When an
are also
untagged frame
affected by
is received on a
egress rule.
port, a tag (PVID)
is attached and
then forwarded.
When a tagged The TPID of
frame is received frame
on a port, transmitted
1. If a tagged frame with by C-port will
TIPID=0x8100, it is forwarded. be set to
2. If the TPID of tagged frame is 0x8100.
not 0x8100 (ex. 0x88A8), it will
C-port be discarded.
When an
untagged frame
is received on a
port, a tag (PVID)
is attached and
then forwarded.
When a tagged The TPID of
S-port frame is received frame
on a port, transmitted

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 255

Chapter 3 Introduction to CLI Installation and Operation Manual

1. If a tagged frame with by S-port will

TPID=0x88A8, it is forwarded. be set to
2. If the TPID of tagged frame is 0x88A8
not 0x88A8 (ex. 0x8810), it will
be discarded.
When an
untagged frame
is received on a
port, a tag (PVID)
is attached and
then forwarded.
When a tagged The TIPID of
frame is received frame
on a port, transmitted
1. If a tagged frame with by S-
TPID=0x88A8, it is forwarded. custom-port
2. If the TPID of tagged frame is will be set to
not 0x88A8 (ex. 0x8810), it will an self-
S-
be discarded. customized
custom
value, which
port When an
can be set
untagged frame
by the user
is received on a
using the
port, a tag (PVID)
column of
is attached and
Ethertype
then forwarded.
for Custom
S-ports.

Negation: (config-if)# no switchport hybrid port-type

Show: # show vlan status

3.9.43.10 (config-if)# switchport mode

Syntax: (config-if)# switchport mode { access | trunk | hybrid }

Explanation: Configure VLAN mode for this specific interface.

Parameters:

{ access | trunk | hybrid }: Specify the VLAN mode.

Negation: (config-if)# no switchport mode

Show: # show vlan status

256 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.43.11 (config-if)# switchport trunk allowed vlan

Syntax: (config-if)# switchport trunk allowed vlan { all | none | [ add | remove |
except ] <vlan_list> }

Explanation: Configure allowed VLANs when this interface is in trunk mode.

Parameters:

{ all | none | [ add | remove | except ] <vlan_list> }: Specify one of the options.

all: All VLANs.

none: No VLANs.

add: Add VLANs to the current list.

remove: Remove VLANs from the current list

except: All VLANs except the following specified in <vlan_list>.

<vlan_list>: Specify the VLAN list.

Negation: (config-if)# no switchport trunk allowed vlan

Show: # show vlan status

3.9.43.12 (config-if)# switchport trunk native vlan

Syntax: (config-if)# switchport trunk native vlan <pvid>

Explanation: Configure native VLAN ID in trunk mode for this specific interface.

Parameters:

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 257

Chapter 3 Introduction to CLI Installation and Operation Manual

<pvid>: Specify the port VLAN ID for this specific interface.

Negation: (config-if)# no switchport trunk native vlan

Show: # show running-config

3.9.43.13 (config-if)# switchport trunk vlan tag native

Syntax: (config-if)# switchport trunk vlan tag native

Explanation: Configure this specific interface to tag native VLAN traffic.

Negation: (config-if)# no switchport trunk vlan tag native

3.9.43.14 (config-if)# switchport vlan ip-subnet id

Syntax: (config-if)# switchport vlan ip-subnet id <vce_id> <ipv4> vlan <vid>

Explanation: IP Subnet-based VLAN configuration is to map untagged ingress

frames to a specific VLAN if the source address is found in the IP subnet-to-VLAN
mapping table. When IP subnet-based VLAN classification is enabled, the source
address of untagged ingress frames are checked against the IP subnet-to-VLAN
mapping table. If an entry is found for that subnet, these frames are assigned to
the VLAN indicated in the entry. If no IP subnet is matched, the untagged frames
are classified as belonging to the receiving port’s VLAN ID (PVID).

Parameters:

<vce_id: 1-128>: Specify index of the entry. Valid range is 1~128.

<ipv4>: Specify IP address and subnet mask. The format is xx.xx.xx.xx/mm.mm.mm.mm.

<vid>: Indicate the VLAN ID.

Negation: (config-if)# no switchport vlan ip-subnet id <vce_id_list>

258 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Show: # show vlan ip-subnet [ id <subnet_id> ]

3.9.43.15 (config-if)# switchport vlan mac

Syntax: (config-if)# switchport vlan mac <mac_addr> vlan <vid>

Explanation: This command is to set up VLANs based on source MAC addresses.

When ingress untagged frames are received by a port, source MAC address is
processed to decide which VLAN these untagged frames belong. When source MAC
addresses does not match the rules created, untagged frames are assigned to the
receiving port’s native VLAN ID (PVID).

Parameters:

<mac_addr>: Indicate the source MAC address. Please note that the source MAC address can only
map to one VLAN ID.

vlan <vid>: Map this MAC address to the associated VLAN ID.

Negation: (config-if)# no switchport vlan mac <mac_addr> vlan <vid>

Show: # show vlan mac [ address <mac_addr> ]

3.9.43.16 (config-if)# switchport vlan mapping

Syntax: (config-if)# switchport vlan mapping <group>

Explanation: Configure group VLAN mapping table for this specific interface.

Parameters:

<group: 1-20>: Indicate the Group ID that applies to this rule.

Negation: (config-if)# no switchport vlan mapping

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 259

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.43.17 (config-if)# switchport vlan protocol group

Syntax: (config-if)# switchport vlan protocol group <grp_id> vlan <vid>

Explanation: Configure VLAN protocol group for this specific interface.

Parameters:

<grp_id: word 16>: Indicate the descriptive name for this entry. This field only allows 16 alphabet
characters (a-z; A-Z) or integers (0-9).

<vid>: Specify the VLAN ID that applies to this rule.

Negation: (config-if)# no switchport vlan protocol group <grp_id> vlan <vid>

Show: # show vlan protocol [ eth2 { <etype> | arp | ip | ipx | at } ] [ snap { <oui> |
rfc-1042 | snap-8021h } <pid> ] [ llc <dsap> <ssap> ]

3.9.43.18 (config-if)# switchport voice vlan discovery-protocol

Syntax: (config-if)# switchport voice vlan discovery-protocol { oui | lldp | both }

Explanation: Configure a method for detecting VoIP traffic. By default, OUI is used.

Parameters:

oui: Traffic from VoIP devices is detected by the Organizationally Unique Identifier (OUI) of the
source MAC address. OUI numbers are assigned to manufacturers and form the first three octets
of a device MAC address. MAC address OUI numbers must be configured in the Telephony OUI list
so that the switch recognizes the traffic as being from a VoIP device.

lldp: Use LLDP (IEEE 802.1ab) to discover VoIP devices attached to a port. LLDP checks that the
“telephone bit” in the system capability TLV is turned on or not.

both: Use both OUI table and LLDP to detect VoIP traffic on a port.

Negation: (config-if)# no switchport voice vlan discovery-protocol

Show: # show voice vlan [ oui <oui> | interface ( <port_type> [ <port_list> ] ) ]

260 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.43.19 (config-if)# switchport voice vlan mode

Syntax: (config-if)# switchport voice vlan mode { auto | force | disable }

Explanation: Configure Voice VLAN mode on a per port basis.

Parameters:

auto: Enable the Voice VLAN auto detection mode. When voice (VoIP) traffic is detected on a
port, the port will be added as a tagged member to the Voice VLAN. When Auto mode is selected,
you need to further decide a method for detecting voice traffic in “Discovery Protocol” field,
either OUI or LLDP (802.1ab).

force: Enable Voice VLAN feature on a particular port.

disabled: Disable Voice VLAN feature on a particular port.

Negation: (config-if)# no switchport voice vlan mode

Show: # show voice vlan [ oui <oui> | interface ( <port_type> [ <port_list> ] ) ]

3.9.43.20 (config-if)# switchport voice vlan security

Syntax: (config-if)# switchport voice vlan security

Explanation: Enable security filtering feature on a per port basis. When enabled,
any non-VoIP packets received on a port with Voice VLAN ID will be discarded. VoIP
traffic is identified by source MAC addresses configured in the telephony OUI list
or through LLDP which is used to discover VoIP devices attached to the switch.

Negation: (config-if)# no switchport voice vlan security

Show: # show voice vlan [ oui <oui> | interface ( <port_type> [ <port_list> ] ) ]

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 261

Chapter 3 Introduction to CLI Installation and Operation Manual

3.9.44 (config)# tacacs-server

3.9.44.1 (config)# tacacs-server timeout

Syntax: (config)# tacacs-server timeout <seconds>

Explanation: The time the switch waits for a reply from a TACACS+ server before
it retransmits the request.

Parameters:

<seconds:1-1000>: Specify a value for timeout. The allowed timeout range is

between 1 and 1000.

Negation: (config)# no tacacs-server timeout

Show: # show tacacs-server

262 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.44.2 (config)# tacacs-server deadtime

Syntax: (config)# tacacs-server deadtime <minutes>

Explanation: Deadtime is the period during which the switch will not send new
requests to a server that has failed to respond to a previous request. This will
stop the switch from continually trying to contact a server that it has already
determined as dead.

Parameters:

<minutes:1-1440>: Specify a value for tacacs-server deadtime. The allowed deadtime range is
between 1 to 1440 minutes.

Negation: (config)# no tacacs-server deadtime

Show: # show tacacs-server

3.9.44.3 (config)# tacacs-server key

Syntax: (config)# tacacs-server key <key>

Explanation: Specify the secret key up to 63 characters. This is shared between a

TACACS+ sever and the switch.

Parameters:

<key:1-63>: Specify a shared secret key value.

Negation: (config)# no tacacs-server key

Show: # show tacacs-server

3.9.44.4 (config)# tacacs-server host

Syntax: (config)# tacacs-server host <host_name> [ port <port> ] [ timeout

<seconds> ] [ key <key> ]

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 263

Chapter 3 Introduction to CLI Installation and Operation Manual

Explanation: Configure radius server settings.

Parameters:

<host_name>: Specify a hostname or IP address for the TACACS+ server.

[ port <port> ]: Specify the TCP port number to be used on a TACACS+ server
for authentication.

[ timeout <seconds> ]: If timeout value is specified here, it will replace the global timeout
value. If you prefer to use the global value, leave this field blank.

[ key <key> ]: If secret key is specified here, it will replace the global secret key. If you prefer to
use the global value, leave this field blank.

Negation: (config)# no tacacs-server host <host_name> [ port <port> ]

Show: # show tacacs-server

3.9.45 (config)# upnp

3.9.45.1 (config)# upnp

Syntax: (config)# upnp

Explanation: Enable upnp operation.

Example: Enable upnp operation

# config t
(config)# upnp
(config)#

Negation: (config)# no upnp

Show: # show upnp

264 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.45.2 (config)# upnp advertising-duration

Syntax: (config)# upnp advertising-duration <v_100_to_86400>

Parameters:

<v_100_to_86400>: Specify the advertising duration. The allowed range is 100

to 86400 (seconds).

Explanation: This defines how often an UPnP advertisement is sent. The duration
is carried in Simple Service Discover Protocol (SSDP) packets which informs a
control point how often it should receive a SSDP advertisement message from the
switch. By default, the advertising duration is set to 100 seconds. However, due
to the unreliable nature of UDP, it is recommended to set to the shorter duration
since the shorter the duration, the fresher is UPnP status.

Example: Set the upnp advertising duration to 150 seconds.

# config t
(config)# upnp advertising-duration 150

Negation: (config)# no upnp advertising-duration

Show: # show upnp

3.9.45.3 (config)# upnp ttl

Syntax: (config)# upnp ttl <v_1_to_255>

Parameters:

<v_1_to_255>: Specify the ttl (time to live) value. The allowed range is 1 to
255.

Explanation: TTL (Time to live) is used to configure how many steps an UPnP
advertisement can travel before it disappears.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 265

Chapter 3 Introduction to CLI Installation and Operation Manual

Example: Set the upnp ttl value to 10.

# config t
(config)# upnp ttl 10

Negation: (config)# no upnp ttl

Show: # show upnp

3.9.46 (config)# username

3.9.46.1 (config)#
username<username>privilege<priv>password encrypted

Syntax: (config)# username <username> privilege <priv> password encrypted

<encry_password>

Explanation: By default, there is only one user, 'admin', assigned the highest
privilege level of 15. Use this command to configure a new user account.

Parameters:

username <username: word31>: Specify a new username. The allowed

characters are 31.

privilege <priv: 0-15>: Specify the privilege level for this new user account. The allowed range is
1 to 15. If the privilege level value is 15, it can access all groups, i.e. that is granted the fully
control of the device. But other values need to refer to each group privilege level. User's
privilege should be same or greater than the group privilege level to have the access of that
group. By default setting, most groups privilege level 5 has the read-only access and privilege
level 10 has the read-write access. And the system maintenance (software upload, factory
defaults and etc.) need user privilege level 15. Generally, the privilege level 15 can be used for
an administrator account, privilege level 10 for a standard user account and privilege level 5 for
a guest account.

password encrypted <encry_password: 4-44>: Specify the encrypted password for this new
user account. The ENCRYPTED (hidden) user password. Notice the ENCRYPTED password will be
decoded by system internally. You cannot directly use it as same as the Plain Text and it is not
human-readable text normally.

266 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Example: Create the new user account with the following settings.

# config t
(config)# username mis4jack privilege 15 password encrypted
jack30125

Negation: (config)# no username <username>

Show: > show users

# show users

3.9.46.2 (config)#
username<username>privilege<priv>password none

Syntax: (config)# username <username> privilege <priv> password none

Explanation: By default, there is only one user, 'admin', assigned the highest
privilege level of 15. Use this command to configure a new user account without
password

Parameters:

username <username: word31>: Specify a new username. The allowed

characters are 31.

privilege <priv: 0-15>: Specify the privilege level for this new user account. The allowed range is
1 to 15. If the privilege level value is 15, it can access all groups, i.e. that is granted the fully
control of the device. But other values need to refer to each group privilege level. User's
privilege should be same or greater than the group privilege level to have the access of that
group. By default setting, most groups privilege level 5 has the read-only access and privilege
level 10 has the read-write access. And the system maintenance (software upload, factory
defaults and etc.) need user privilege level 15. Generally, the privilege level 15 can be used for
an administrator account, privilege level 10 for a standard user account and privilege level 5 for
a guest account.

password none: No password for this user account.

Example: Create the new user account with the following settings.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 267

Chapter 3 Introduction to CLI Installation and Operation Manual

# config t
(config)# username mis4jack privilege 15 password none

Negation: (config)# no username <username>

Show: > show users

# show users

3.9.46.3 (config)#
username<username>privilege<priv>password unencrypted

Syntax: (config)# username <username> privilege <priv> password unencrypted

<password>

Explanation: By default, there is only one user, 'admin', assigned the highest
privilege level of 15. Use this command to configure a new user account with
unencrypted password.

Parameters:

username <username: word31>: Specify a new username. The allowed

characters are 31.

privilege <priv: 0-15>: Specify the privilege level for this new user account. The allowed range is
1 to 15. If the privilege level value is 15, it can access all groups, i.e. that is granted the fully
control of the device. But other values need to refer to each group privilege level. User's
privilege should be same or greater than the group privilege level to have the access of that
group. By default setting, most groups privilege level 5 has the read-only access and privilege
level 10 has the read-write access. And the system maintenance (software upload, factory
defaults and etc.) need user privilege level 15. Generally, the privilege level 15 can be used for
an administrator account, privilege level 10 for a standard user account and privilege level 5 for
a guest account.

password unencrypted <password: line31>: Specify the unencrypted password for this user
account. The UNENCRYPTED (Plain Text) user password. Any printable characters including
space is accepted.

Example: Create the new user account with the following settings.

268 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

# config t
(config)# username mis4jack privilege 15 password unencrypted
jack30125

Negation: (config)# no username <username>

Show: > show users

# show users

3.9.47 (config)# vlan

3.9.47.1 (config)# vlan

Syntax: (config)# vlan <vlist>

Explanation: Configure allowed VLANs.

Parameters:

<vlist>: This shows the allowed access VLANs. This setting only affects ports set in “Access”
mode. Ports in other modes are members of all VLANs specified in “Allowed VLANs” field. By
default, only VLAN 1 is specified. More allowed access VLANs can be entered by specifying the
individual VLAN ID separated by comma. If you want to specify a range, separate it by a dash.
For example, 1, 5,10,12-15,100. Once Enter is pressed, the prompt changes to (config-vlan)#

Example: Add VID 1,5,10,12-15,100 to the allowed VLAN list.

# config t
(config)# vlan 1,510,12-15,100
(config-vlan)#

Negation: (config)# no vlan { { ethertype s-custom-port } | <vlan_list> }

3.9.47.2 (config)# vlan ethertype s-custom-port

Syntax: (config)# vlan ethertype s-custom-port <etype>

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 269

Chapter 3 Introduction to CLI Installation and Operation Manual

Explanation: Configure ether type used for customer s-ports.

Parameters:

ethertype s-custom-port <etype>: Specify ether type used for customer s-ports. The valid
range is 0x0600 to 0xffff.

Example: Set ether type for customer s-port to 0x88a8.

# config t
(config)# vlan ethertype s-custom-port 0x88a8

Negation: (config)# no vlan { { ethertype s-custom-port } | <vlan_list> }

270 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

3.9.47.3 (config)# vlan protocol

Syntax: (config)# vlan protocol { { eth2 { <etype> | arp | ip | ipx | at } } | { snap

{ <oui> | rfc-1042 | snap-8021h } <pid> } | { llc <dsap> <ssap> } } group <grp_id>

Explanation: The network devices required to support multiple protocols cannot be

easily grouped into a common VLAN. This may require non-standard devices to pass
traffic between different VLANs in order to encompass all the devices participating
in a specific protocol. This kind of configuration deprives users of the basic benefits
of VLANs, including security and easy accessibility.

To avoid these problems, you can configure this switch with protocol-based VLANs
that divide the physical network into logical VLAN groups for each required
protocol. When a frame is received at a port, its VLAN membership can then be
determined based on the protocol type being used by the inbound packets.

Parameters:

protocol { { eth2 { <etype> | arp | ip | ipx | at } } | { snap { <oui> | rfc-1042 | snap-8021h }

<pid> } | { llc <dsap> <ssap> } }: There are three frame types available for selection; these are
“Ethernet”, “SNAP”, and “LLC”. The value field will need to be changed accordingly.

eth2 (Ethernet): Ether Type (etype) value. By default, it is set to 0x0800. The range allowed
is 0x0600 to 0xffff.

SNAP: This includes OUI (Organizationally Unique Identifier) and PID

(Protocol ID) values.

OUI: A value in the format of xx-xx-xx where each pair (xx) in the string is a hexadecimal
value in the ranges of 0x00-0xff.

PID: If the OUI is hexadecimal 000000, the protocol ID is the Ethernet type field value
for the protocol running on top of SNAP. If the OUI is that of a particular organization,
the protocol ID is a value assigned by that organization to the protocol running on top
of SNAP. In other words, if value of the OUI field is 00-00-00, then value of the PID will
be etherType (0x0600-0xffff), and if value of the OUI is other than 00-00-00, then valid
value of the PID will be any value from 0x0000 to 0xffff.

LLC (Logical Link Control): This includes DSAP (Destination Service Access Point) and
SSAP (Source Service Access Point) values. By default, the value is 0xff. Valid range is
0x00 to 0xff.

group <grp_id>: Indicate the descriptive name for this entry. This field only allows 16
alphabet characters (a-z; A-Z) or integers (0-9).

Example: Set VLAN protocol to eth2 0x88a8.

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 271

Chapter 3 Introduction to CLI Installation and Operation Manual

# config t
(config)# vlan protocol eth2 0x88a8 group a12

Negation: (config)# no vlan protocol { { eth2 { <etype> | arp | ip | ipx | at } } | { snap

{ <oui> | rfc-1042 | snap-8021h } <pid> } | { llc <dsap> <ssap> } } group <grp_id>

Show: # show vlan protocol [ eth2 { <etype> | arp | ip | ipx | at } ] [ snap { <oui> |
rfc-1042 | snap-8021h } <pid> ] [ llc <dsap> <ssap> ]

3.9.48 (config)# web privilege group

Syntax: (config)# web privilege group <group_name> level { [ cro <cro> ] [ crw
<crw> ] [ sro <sro> ] [ srw <srw> ] }*1

Explanation: Assign web privilege level to the specified group.

Parameters:

group <group_name>: This name identifies the privilege group. Valid words are Aggregation'
'DHCP' 'Dhcp_Client' 'Diagnostics' 'EEE' 'ERPS' 'Green_Ethernet' 'IP2' 'IPMC_Snooping' 'LACP' 'LLDP'
'Loop_Protect' 'MAC_Table' 'MVR' 'Maintenance' 'Mirroring' 'NTP' 'POE' 'PTP' 'Ports'
'Private_VLANs' 'QoS' 'RPC' 'SMTP' 'Security' 'Smart_Config' 'Spanning_Tree' 'System'
'Timer' 'UPnP' 'VCL' 'VLAN_Translation' 'VLANs' 'XXRP' 'u-Ring'

level { [ cro <cro: 0-15> ] [ crw <crw: 0-15> ] [ sro <sro: 0-15> ] [ srw <srw: 0-15> ] }*1: Every
group has an authorization Privilege level for the following sub groups:

cro (configuration read-only): The privilege level is 1 to 15.

crw (configuration/execute read-write): The privilege level is 1 to 15.

sro (status/statistics read-only): The privilege level is 1 to 15.

srw (status/statistics read-write): The privilege level is 1 to 15.

User Privilege should be the same or greater than the authorization Privilege level to have
access to that group.

272 3.9 Commands in Config Mode PowerFlow-2-10G

Installation and Operation Manual Chapter 3 Introduction to CLI

Example: Assign Aggregation group to crw (configuration/excute read-write) level

15.

# config t
(config)# web privilege group aggregation level crw 15
(config)# exit
# show web privilege group level
Group Name Privilege Level
CRO CRW SRO SRW
-------------------------------- --- --- --- ---
Aggregation 5 15 5 10
DHCP 5 10 5 10
Dhcp_Client 5 10 5 10
Diagnostics 5 10 5 10
EEE 5 10 5 10
ERPS 5 10 5 10
Green_Ethernet 5 10 5 10
IP2 5 10 5 10
IPMC_Snooping 5 10 5 10
LACP 5 10 5 10
LLDP 5 10 5 10
Loop_Protect 5 10 5 10
MAC_Table 5 10 5 10
Maintenance 15 15 15 15
Mirroring 5 10 5 10
MVR 5 10 5 10
NTP 5 10 5 10
POE 5 10 5 10
Ports 5 10 1 10
-- more --, next page: Space, continue: g, quit: ^C

Negation: (config)# no web privilege group <group_name> level

Show: > show web privilege group <group_name> level

# show web privilege group <group_name> level

PowerFlow-2-10G PowerFlow-2-10G 3.9 Commands in Config Mode 273

 Chapter 4
Web Operation and
Configuration
PowerFlow-2-10G provides a wide range of basic and advanced management
functions that can help network engineers to design and implement their own
network. The user can manage PowerFlow-2-10G via the console port or using
Web interface. For the first-time users who want to use the Web interface, it is
very important to know how to connect the device correctly so as to successfully
access the device.

4.1 Web Management Interface Connection &

Login
PowerFlow-2-10G provides one MGMT port on the front panel for accessing Web
Management via IP connectivity. For the first time user, connect one end of RJ-45
cable to the PowerFlow-2-10G and the other end of RJ-45 cable to your
management PC. Then, open the web browser such as IE, Firefox, etc and input
the default IP address 169.254.1.1. Then, a standard login prompt will appear
depending on the type of browser used. The example below is with Firefox
browser.

PowerFlow-2-10G Web Management Interface Connection & Login 4-1

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Enter the factory default username “admin” with “no password”. After
successfully entering the web based management, the Port State page will
appear.

Web Home Page

4.2 Icons & Buttons

This switch provides some basic and frequently-used functions as icons on the
top of Web management page. You can use these icons for a quick help or
logout.

4.2.1 Port Status

The initial page, when logged in, displays a graphical overview of the port status
for all optical ports. For port 1 to port 24, the "Yellow" colored port indicates a
connection with a speed of 1000M; whereas, the “Green” colored port indicates
a connection with a speed of 100M. For port 25 to port 26 or 25 to port 28, the
"Amber" colored port indicates a connection with a speed of 1000M; whereas,
the "Blue" colored port indicates a connection speed of 10G.

The status display can be reached by using the left side menu, and return to
Monitor>Ports>State.

4-2 Icons & Buttons PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.2.2 Refresh
To update the screen, click the "Refresh" button. For automatic updating of the
screen, the "Auto-refresh" tick box may be ticked. The screen will be auto
refreshed every 3 seconds.

Unless connected directly on a local LAN, we recommend not using the auto-
refresh function as it does generate a bit of traffic.

4.2.3 Help System

The PowerFlow-2-10G device has an online "help" system to aid the engineer
when setting the parameters of the device. Each functional setting page is
accompanied by a specific "help" for that functional page. The user can display
this help "pop up" at any time by clicking the "help" icon.

4.2.4 Logout
After completing configuration, we recommend logging out of the web GUI. This
is easily accomplished by clicking the logout icon.

After clicking the logout icon, a confirmation screen will be displayed. Click "OK"
to finish logging out or click "Cancel" to return to the web configuration GUI.

PowerFlow-2-10G Icons & Buttons 4-3

Chapter 4 Web Operation and Configuration Installation and Operation Manual

For the remainder of this section, each menu item will be explained one by one,
in order as they descend down the menu screen, starting with the "System"
menu.

4.3 Configuration
This section offers explanations for both basic and advanced management
functions available in PowerFlow-2-10G. They are introduced below individually in
separate sub-sections.

4.3.1 System
The configurations under the "System" menu include device settings such as IP
address, time server, etc.

4.3.1.1 System Information Configuration

The configuration information entered here will be reported in the standard
SNMP MIB2 for 'sysContact' (OID 1.3.6.1.2.1.1.4), 'sysName' (OID 1.3.6.1.2.1.1.5)
and 'sysLocation' (OID 1.3.6.1.2.1.1.6). Remember to click the “Save” button
after entering the configuration information.

System Contact: Indicate the descriptive contact information. This could be a

person’s name, email address or other descriptions. The allowed string length is 0
– 255 and the allowed content is the ASCII characters from 32 – 126.

4-4 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

System Name: Indicate the hostname for this device. Alphabets (A-Z; a-z), digits
(0-9) and minus sign (-) can be used. However, space characters are not allowed.
The first character must be an alphabet character. The first and last character
must not be a minus sign. The allowed string length is 0 – 255.

System Location: Indicate the location of this device. The allowed string length is
0 – 255.

PowerFlow-2-10G Configuration 4-5

Chapter 4 Web Operation and Configuration Installation and Operation Manual

4.3.1.2 System Information

The system information screen will display the configuration information, the
hardware MAC address and version, the system time, the system "uptime" and
the software version and build date.

4.3.1.3 System IP
Setup the IP configuration, interface and routes.

IP Configuration
Mode: The "Mode" pull-down configures whether the IP stack should act as a
Host or a Router. In Host mode, IP traffic between interfaces will not be routed.
In Router mode traffic is routed between all interfaces. When configuring this
device for multiple VLANs, the Router mode should be chosen. Router mode is
the default mode.

4-6 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

DNS Server: This setting controls the DNS name resolution done by the switch. The
following modes are supported:

From any DHCP interfaces: The first DNS server offered from a DHCP lease to a
DHCP-enabled interface will be used.

No DNS server: No DNS server will be used.

Configured: Explicitly provide the IP address of the DNS Server in dotted decimal
notation.

From this DHCP interface: Specify from which DHCP-enabled interface a provided
DNS server should be preferred.

DNS Proxy: When DNS proxy is enabled, the system will relay DNS requests to the
currently configured DNS server, and reply as a DNS resolver to the client devices
on the network.

IP Interfaces
Click "Add Interface" to add a new IP interface. A maximum of 128 interfaces is
supported.

VLAN: This is the VLAN associated with the IP interface. Only ports in this VLAN
will be able to access the IP interface. This field is only available for input when
creating a new interface.

IPv4 DHCP: When this checkbox is enabled, the system will configure the IPv4
address and mask of the interface using the DHCP protocol. The DHCP client will
announce the configured System Name as hostname to provide DNS lookup.

Fallback: The number of seconds for trying to obtain a DHCP lease. After this
period expires, a configured IPv4 address will be used as IPv4 interface address. A
value of zero disables fallback mechanism. The DHCP will keep retrying until a
valid lease is obtained when fallback is disabled. Valid value is from 0 to
4294967295.

IPv4 Address: The IPv4 address of the interface is entered in dotted decimal
notation. If DHCP is enabled, this field is not used. The field may also be left
blank if IPv4 operation on the interface is not desired.

IPv4 Mask: The IPv4 network mask is entered by a number of bits (prefix length).
Valid values are between 0 and 30 bits for a IPv4 address. If DHCP is enabled, this

PowerFlow-2-10G Configuration 4-7

Chapter 4 Web Operation and Configuration Installation and Operation Manual

field is not used. The field may also be left blank if IPv4 operation on the
interface is not desired.

IPv4 Current Lease: For DHCP interfaces with an active lease, this column shows
the current interface address, as provided by the DHCP server.

IPv6 Address: A IPv6 address is a 128-bit record represented as eight fields of up

to four hexadecimal digits with a colon separating each field (:). For example,
fe80::215:c5ff:fe03:4dc7. The symbol :: is a special syntax that can be used as a
shorthand way of representing multiple 16-bit groups of contiguous zeros; but it
can appear only once. It can also represent a legally valid IPv4 address. For
example, ::192.1.2.34. The field may be left blank if IPv6 operation on the
interface is not desired.

IPv6 Mask: The IPv6 network mask is entered by a number of bits (prefix length).
Valid values are between 1 and 128 bits for an IPv6 address. The field may be left
blank if IPv6 operation on the interface is not desired.

IP Routes
Route Network: The IP route is the destination IP network or host address of this
route. Valid format is dotted decimal notation or a valid IPv6 notation. A default
route can use the value 0.0.0.0 or for IPv6 use the :: notation.

Route Mask: The route mask is a destination IP network or host mask, in number
of bits (prefix length). It defines how much of a network address that must
match, in order to qualify for this route. Valid values are between 0 and 32 bits
respectively 128 for IPv6 routes. Only a default route will have a mask length of 0
(as it will match anything).

Gateway: This is the IP address of the gateway. Valid format is dotted decimal
notation or a valid IPv6 notation. Gateway and Network must be of the same
type.

Next Hop VLAN: This field is only for IPv6 and is the VLAN ID (VID) of the specific
IPv6 interface associated with the gateway. The VID can range from 1 to 4096
and will be effective when the corresponding IPv6 interface is valid. If the IPv6
gateway address is link-local, you must specify the next hop VLAN for the
gateway. If it is not link-local, they system ignores the next hop VLAN for the
gateway.

4-8 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.1.4 System IP Status

Display the status of IP interfaces and routes.

Please refer to “System IP” for the configuration of the interfaces and routes.
This page is informational only.

4.3.1.5 System NTP

Setup the Network Time Protocol configuration, to synchronize this device’s clock
to network time.

Mode: Configure the NTP mode operation. Possible modes are:

Enabled: Enable NTP client mode operation.

Disabled: Disable NTP client mode operation.

PowerFlow-2-10G Configuration 4-9

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Server #: Enter the IPv4 or IPv6 address of an NTP server. IPv6 address is in 128-
bit records represented as eight fields of up to four hexadecimal digits with a
colon separating each field (:). For example, 'fe80::215:c5ff:fe03:4dc7'. The
symbol '::' is a special syntax that can be used as a shorthand way of
representing multiple 16-bit groups of contiguous zeros; but it can appear only
once. NTP servers can also be represented by a legally valid IPv4 address. For
example, '::192.1.2.34'. The NTP servers are tried in numeric order. If 'Server 1' is
unavailable, the NTP client will try to contact 'Server 2'.

4.3.1.6 System Time

Setup the device time.

The setting example above is for Eastern Standard Time in the United States.
Daylight savings time starts on the second Sunday in March at 2:00AM. Daylight
savings ends on the first Sunday in November at 2:00AM. The daylight savings
time offset is 60 minutes (1 hour).

Time Zone Configuration

Time Zone: Lists various Time Zones worldwide. Select appropriate Time Zone
from the drop down and click Save to set.

4-10 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Acronym: Set the acronym of the time zone.

Daylight Saving Time Configuration

Daylight Saving Time: This is used to set the clock forward or backward according
to the configurations set below for a defined Daylight Saving Time duration.
Select “Disable” to disable the Daylight Saving Time configuration. Select
“Recurring” and configure the Daylight Saving Time duration to repeat the
configuration every year. Select “Non-Recurring” and configure the Daylight
Saving Time duration for single time configuration. (Default is Disabled)

Recurring & Non-Recurring Configurations:

Start time settings: Select the starting week, day, month, year, hours, and
minutes.

End time settings: Select he ending week, day, month, year, hours, and minutes.

Offset settings: Enter the number of minutes to add during Daylight Saving Time.
The allowed range is 1 to 1440.

4.3.1.7 System Log Configuration

Configure System Log on this page.

Server Mode: This sets the server mode operation. When the mode of operation
is enabled, the syslog message will send out to syslog server (at the server
address). The syslog protocol is based on UDP communication and received on
UDP port 514. Syslog server will not send acknowledgments back to the sender
since UDP is a connectionless protocol and it does not provide acknowledgments.
The syslog packet will always send out, even if the syslog server does not exist.
When the mode of operation is disabled, no syslog packets are sent out.

Server Address: This sets the IPv4 host address of syslog server. If the switch
provides DNS feature, it also can be a host name.

PowerFlow-2-10G Configuration 4-11

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Syslog Level: This sets what kind of messages will send to syslog server. Possible
levels are:

Info: Send information, warnings and errors.

Warning: Send warnings and errors.

Error: Send errors only.

4.3.1.8 System Log Information

Displays the collected log information.

Level: Use this pull down to display all messages or messages of type info,
warning or error.

Clear Level: Use this pull down to clear selected message types from the log.

Browsing buttons: Use these buttons to quickly go to the beginning or end of the
log or to page through the log.

4-12 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.1.9 System Detailed Log

Displays individual log records.

View each log, by ID number.

4.3.1.10 Power
This screen page displays the current state of the built-in power. If there is
something wrong with power modules, error messages will be displayed here.

4.3.1.11 System CPU Load

This page displays the CPU load, using an SVG graph.

PowerFlow-2-10G Configuration 4-13

Chapter 4 Web Operation and Configuration Installation and Operation Manual

The load is measured as averaged over the last 100ms, 1sec and 10 seconds
intervals. The last 120 samples are graphed, and the last numbers are displayed
as text as well. In order to display the SVG graph, your browser must support the
SVG format. Automatic refresh occurs every 3 seconds.

4.3.1.12 System SMTP

Configure the email alert system.

SMTP Configuration
SMTP Mode: Set the SMTP mode operation. Possible modes are:

4-14 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Enabled: Enable SMTP client mode operation.

Disabled: Disable SMTP client mode operation.

SMTP Server: Set the SMTP server IP address (this is the server that will forward
email).

SMTP Port: Set the SMTP port number. The default SMTP port is 25.

Server requires authentication: Check this box if your server requires

authentication. In most cases, this is required and the following must be entered.

Username: Enter the valid authentication username for SMTP server

Password: Enter the authentication password for username of SMTP

server

Recipient mail address: Up to four recipient's E-mail addresses may be entered to

be sent alert emails.

SMTP Mail Event

These check boxes select what events will result in alert email messages being
generated and sent.

System: Enable/disable the System group's mail events. Possible mail events are:

Warm Start: Enable/disable Warm Start mail event.

Cold Start: Enable/disable Cold Start mail event.

Power: Enable/disable the Power group's mail events. Possible mail events are:

Power 1 Status: Enable/disable Power 1 status mail event.

Power 2 Status: Enable/disable Power 2 status mail event.

PowerFlow-2-10G Configuration 4-15

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Interface: Enable/disable the Interface group's mail events. Possible mail events
are:

Port Link Up: Enable/disable Port Link up mail event.

Port Link Down: Enable/disable Port Link down mail event.

PoE Status: Enable/disable PoE Status mail event.

4.3.2 Ports
Configurations related to the fiber and electrical ports are performed under the
Ports menu.

4.3.2.1 Configuration

This page displays current port configurations and allows some configuration
here.

4-16 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Port: This device is a L2 carrier Ethernet access switch with 20 SFP ports
(numbered 1 to 20), 4 combo ports (numbered 21~24) and 4 or 2 SFP-based
uplink ports (numbered 25~28 or 25~26). Each logical port number is displayed in
a row. The select all "*" port will apply actions on all ports.

Link: The current link state for each port is displayed graphically. Green indicates
the link is up and red is down.

Current Speed: This column provides the current link speed of each port.

Configured Speed: This pull down selects any available link speed for the given
switch port. Only speeds supported by the specific port are shown.

Options for Port 1~20 Options for Port 21~24

Options for Port 25~26 or 25~28

Disabled: Disables the switch port operation.

Twin Rate Fiber: When this option is selected, the device will automatically detect
the slide-in SFP transceiver’s speed and choose the most appropriate speed
(either 100M or 1000M) for this port.

Auto: Port auto negotiating speed with the link partner, selecting the highest
speed that is compatible with the link partner.

100Mbps FDX: Forces the port to 100Mbps full duplex mode.

1Gbps FDX: Forces the port to 1Gbps full duplex mode.

PowerFlow-2-10G Configuration 4-17

Chapter 4 Web Operation and Configuration Installation and Operation Manual

10Gbps FDX: Forces the fiber port to 10Gbps full duplex mode.

Auto Media Select (AMS) is used for dual media ports (ports supporting both
copper and fiber SFP cables). AMS automatically determines if a SFP or copper
cable is inserted and switches to the corresponding media. If both SFP and
copper cables are inserted, the port will select the preferred media.

SFP_Auto_AMS: Automatically determines the speed of the SFP. Note: There is no

standardized way to do SFP auto detect, so here it is done by reading the SFP
rom. Due to the missing standardized way of doing SFP auto detect some SFPs
might not be detectable. The port is set in AMS mode with SFP preferred.

100-FX_AMS: Port in AMS mode with SFP preferred. SFP port in 100-FX speed.
Copper port in Auto mode.

1000-X_AMS: Port in AMS mode with SFP preferred. SFP port in 1000-X speed.
Copper port in Auto mode.

100-FX: SFP port in 100-FX speed. Copper port is disabled

1000-X: SFP port in 1000-X speed. Copper port is disabled.

Maximum Frame Size: Enter the maximum frame size allowed for the switch port,
including FCS. This switch supports up to 10056 byte packets.

Alias Name: Specify an alternate and descriptive name for a given port. By
convention, this is the node's fully-qualified domain name. A domain name is a
text string drawn from the alphabet (A-Z; a-z), digits (0-9), minus sign (-). No
space characters are permitted as part of a name. The allowed string length is 0
to 40.

Excessive Collision Mode: This setting configures the port transmit collision
behavior to either "Discard" (Discard frame after 16 collisions - default) or to
"Restart" (Restart backoff algorithm after 16 collisions).

4.3.2.2 Ports State

Display an overview graphic of the switch.

4-18 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

This is the same graphic overview shown when first logging into the switch for
management. "Black" ports have no link. "Green" colored ports indicate a 100M
linked state, while "Amber" colored ports indicate a 1G linked state. For port
25~28, "Blue" colored ports indicate 10G linked state. The link status display can
be updated by clicking the "Refresh" button. When "Auto-refresh" is checked, the
display will be updated every 3 seconds.

4.3.2.3 Ports Traffic Overview

Displays a comprehensive overview of traffic on all ports.

The displayed counters are:

Port: The logical port (1~29) for the data contained in the same row.

Packets: The number of received and transmitted packets per port.

PowerFlow-2-10G Configuration 4-19

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Bytes: The number of received and transmitted bytes per port.

Errors: The number of frames received in error and the number of incomplete
transmissions per port.

Drops: The number of frames discarded due to ingress or egress congestion.

Filtered: The number of received frames filtered by the forwarding process.

The counter display can be updated by clicking the "Refresh" button. When
"Auto-refresh" is checked, the display will be updated every 3 seconds. Clicking
the "Clear" button will zero all counters and start counting again.

4.3.2.4 Ports QoS Statistics

This page provides statistics for the different queues for all switch ports.

The displayed counters are:

Port: The logical port for the settings contained in the same row.

4-20 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Qn: There are 8 QoS queues per port. Q0 is the lowest priority queue.

Rx/Tx: The number of received and transmitted packets per queue.

4.3.2.5 Ports QCL Status

This page shows the QCL status by different QCL users.

Each row describes the QCE that is defined. It is a conflict if a specific QCE is not
applied to the hardware due to hardware limitations. The maximum number of
QCEs is 256 on each switch.

User: Indicates the QCL user.

QCE#: Indicates the index of QCE.
Frame Type: Indicates the type of frame to look for incoming frames. Possible
frame types are:
Any: The QCE will match all frame type.
Ethernet: Only Ethernet frames (with Ether Type 0x600-0xFFFF) are allowed.
LLC: Only (LLC) frames are allowed.
SNAP: Only (SNAP) frames are allowed.
IPv4: The QCE will match only IPV4 frames.
IPv6: The QCE will match only IPV6 frames.
Port: Indicates the list of ports configured with the QCE.
Action: Indicates the classification action taken on ingress frame if parameters
configured are matched with the frame's content. There are three action fields:
Class, DPL and DSCP.
Class: Classified QoS class; if a frame matches the QCE it will be put in the queue.
DPL: Drop Precedence Level; if a frame matches the QCE then DP level will set to
value displayed under DPL column.
DSCP: If a frame matches the QCE then DSCP will be classified with the value
displayed under DSCP column.

PowerFlow-2-10G Configuration 4-21

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Conflict: Displays Conflict status of QCL entries. As H/W resources are shared by
multiple applications, it may happen that resources required to add a QCE may
not be available. In that case it shows conflict status as 'Yes', otherwise it is
always 'No'. Please note that conflict can be resolved by releasing the H/W
resources required to add QCL entry on pressing 'Resolve Conflict' button.

4.3.2.6 Ports Detailed Statistics

This page provides detailed traffic statistics for a specific switch port. The
displayed counters are the totals for receive and transmit, the size counters for
receive and transmit, and the error counters for receive and transmit. Use the
port select pull down to select which switch port details to display.

Receive Total and Transmit Total

Rx and Tx Packets: The number of received and transmitted (good and bad)
packets.

Rx and Tx Octets: The number of received and transmitted (good and bad) bytes.
Includes FCS, but excludes framing bits.

Rx and Tx Unicast: The number of received and transmitted (good and bad)
unicast packets.

4-22 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Rx and Tx Multicast: The number of received and transmitted (good and bad)
multicast packets.

Rx and Tx Broadcast: The number of received and transmitted (good and bad)
broadcast packets.

Rx and Tx Pause: A count of the MAC Control frames received or transmitted on

this port that have an opcode indicating a PAUSE.

Receive and Transmit Size Counters: Displays the number of received and
transmitted (good and bad) packets split into categories based on their
respective frame sizes.

Receive and Transmit Queue Counters: Displays the number of received and
transmitted packets per input and output queue.

Receive Error Counters

Rx Drops: The number of frames dropped due to lack of receive buffers or egress
congestion.

Rx CRC/Alignment: The number of frames received with CRC or alignment errors.

Rx Undersize: The number of short 1 frames received with valid CRC.

Rx Oversize: The number of long 2 frames received with valid CRC.

Rx Fragments: The number of short 1 frames received with invalid CRC.

2
Rx Jabber: The number of long frames received with invalid CRC.

Rx Filtered: The number of received frames filtered by the forwarding process.

1
Short frames are frames that are smaller than 64 bytes.
2
Long frames are frames that are longer than the configured maximum frame
length for this port.

Transmit Error Counters

Tx Drops: The number of frames dropped due to output buffer congestion.

PowerFlow-2-10G Configuration 4-23

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Tx Late/Exc. Coll.: The number of frames dropped due to excessive or late

collisions.

4.3.2.7 Ports SFP

This page displays current SFP status for all three fiber ports.

Vendor Name: SFP vendor (manufacturer's) name.

Vendor Part: Manufacture's part number, provided by SFP vendor.

Fiber Type: Fiber type of either single or multi mode.

Wave Length: Laser wavelength Tx.

Wave Length 2: Laser wavelength Rx. (not all SFP support this reading)

Link Length: Link Length. (This is a marketing specification for this SFP module,
not an actual measurement.)

TX Power: The laser diode transmit power is reported by the SFP that support DDI
(Digital Diagnostic monitoring Interface).

RX Power: The receive optical power is reported by SFP that support DDI.

RX Sensitivity: The Receive Sensitivity is reported by SFP that support DDI.

Temperature: The internal temperature is reported by SFP that support DDI.

4-24 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.3 Security
Under the security heading are three major icons, switch, network and RADIUS.

4.3.3.1 Switch

4.3.3.1.1 Users
This page provides an overview of the current users. Currently the only way to
login as another user on the web server is to close and reopen the browser.

By default, there is only one user, 'admin', assigned the highest privilege level of
15.

Click the entries in User Name column to edit the existing users. Or click the “Add
New User” button to insert a new user entry.

PowerFlow-2-10G Configuration 4-25

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Add User

User Name: Enter the new user name.

Password: Enter the password for this user account.
Password (again): Retype the password for this user account.
Privilege Level: Select the appropriate privilege level for this user account. The
allowed range is 1 to 15. If the privilege level value is 15, it can access all groups,
i.e. that is granted the fully control of the device. But other values need to refer
to each group privilege level. User's privilege should be same or greater than the
group privilege level to have the access of that group. By default setting, most
groups privilege level 5 has the read-only access and privilege level 10 has the read-
write access. And the system maintenance (software upload, factory defaults and
etc.) need user privilege level 15. Generally, the privilege level 15 can be used for
an administrator account, privilege level 10 for a standard user account and
privilege level 5 for a guest account.

4.3.3.1.2 Privilege Levels

This page provides an overview of the privilege levels.

Group Name: This name identifies the privilege group. In most cases, a privilege
level group consists of a single module (e.g. LACP, RSTP or QoS), but a few of them

4-26 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

contains more than one. The following description defines these privilege level
groups in details:

System: Contact, Name, Location, Timezone, Daylight Saving Time, Log.

Security: Authentication, System Access Management, Port (contains Dot1x port, MAC based and
the MAC Address Limit), ACL, HTTPS, SSH, ARP Inspection, IP source guard.

IP: Everything except 'ping'.

Port: Everything except 'VeriPHY'.

Diagnostics: 'ping' and 'VeriPHY'.

Maintenance: CLI- System Reboot, System Restore Default, System Password, Configuration
Save, Configuration Load and Firmware Load. Web- Users, Privilege Levels and everything in
Maintenance.

Privilege Levels: Every group has an authorization Privilege level for the following
sub groups:

configuration read-only

configuration/execute read-write

status/statistics read-only

status/statistics read-write (e.g. for clearing of statistics)

User Privilege should be the same or greater than the authorization Privilege level
to have access to that group.

4.3.3.1.3 Auth Method

This page allows you to configure how users are authenticated when they log into
the switch via one of the management client interfaces.

PowerFlow-2-10G Configuration 4-27

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Client: The management client for which the configuration below applies.

Methods: Method can be set to one of the following values:

no: Authentication is disabled and login is not possible.

local: Use the local user database on the switch for authentication.

radius: Use remote RADIUS server(s) for authentication.

tacacs+: Use remote TACACS+ server(s) for authentication.

Note: Methods that involve remote servers will time out if the remote servers are offline. In this
case the next method is tried. Each method is tried from left to right and continues until a
method either approves or rejects a user. If a remote server is used for primary authentication
it is recommended to configure secondary authentication as 'local'. This will enable the
management client to login via the local user database if none of the configured authentication
servers are alive.

4.3.3.1.4 SSH
Configure SSH on this page.

Mode: Indicates the SSH mode operation. Possible modes are:

Enabled: Enable SSH mode operation. By default, SSH mode operation is

enabled.

Disabled: Disable SSH mode operation.

4-28 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

NOTE: SSH is preferred to Telnet, unless the management network is trusted.

Telnet passes authentication credentials in plain text, making those credentials
susceptible to packet capture and analysis. SSH provides a secure authentication
method. The SSH in this device uses version 2 of SSH protocol.

4.3.3.1.5 HTTPS
Configure HTTPS on this page.

Mode: Indicates the HTTPS operation mode. When the current connection is
HTTPS and HTTPS mode operation is disabled, web browser will automatically
redirect to an HTTP connection. Possible modes are:

Enabled: Enable HTTPS mode operation.

Disabled: Disable HTTPS mode operation.

Automatic Redirect: Indicates the HTTPS redirect mode operation. It applies only
if HTTPS mode "Enabled" is selected. Automatically redirects HTTP of web browser
to an HTTPS connection when both HTTPS mode and Automatic Redirect are
enabled. Possible modes are:

Enabled: Enable HTTPS redirect mode operation.

Disabled: Disable HTTPS redirect mode operation.

4.3.3.1.6 Access Management

4.3.3.1.6.1 Access Management Configuration

Configure the access management table on this page. The maximum number of
entries is 16. If the application's type matches any one of the access
management entries, it will be allowed access to the switch.

PowerFlow-2-10G Configuration 4-29

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Mode: Indicates the access management mode operation. Possible modes are:

Enabled: Enable access management mode operation.

Disabled: Disable access management mode operation.

VLAN ID: Indicates the VLAN ID for the access management entry.

Start IP address: Indicates the start IP address for the access management entry.

End IP address: Indicates the end IP address for the access management entry.

HTTP/HTTPS: Checked indicates that the matched host can access the switch
from HTTP/HTTPS interface.

SNMP: Checked indicates that the matched host can access the switch from
SNMP.

TELNET/SSH: Indicates that the matched host can access the switch from
TELNET/SSH interface.

Click the “Add New Entry” button to insert a new entry to the list.

Click the “Delete” button to remove a newly-inserted entry or select the

checkbox to remove a saved entry during the next save.

Click the “Save” button to save settings or changes.

Click the “Reset” button to restore changed settings to the default settings.

4-30 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.3.1.6.2 Access Management Statistics

This page provides statistics for access management.

Interface: The interface type through which any remote host can access the
switch.

Received Packets: The number of received packets from the interface when
access management mode is enabled.

Allowed Packets: The number of allowed packets from the interface when access
management mode is enabled.

Discarded Packets: The number of discarded packets from the interface when
access management mode is enabled.

4.3.3.1.7 SNMP

4.3.3.1.7.1 SNMP System Configuration

Configure SNMP on this page.

Mode: Indicates the SNMP mode operation. Possible modes are:

Enabled: Enable SNMP mode operation.

Disabled: Disable SNMP mode operation.

Version: Indicates the SNMP supported version. Possible versions are:

PowerFlow-2-10G Configuration 4-31

Chapter 4 Web Operation and Configuration Installation and Operation Manual

SNMP v1: Set SNMP supported version 1.

SNMP v2c: Set SNMP supported version 2c.

SNMP v3: Set SNMP supported version 3.

Read Community: Indicates the community read access string to permit access to
the SNMP agent. The allowed string length is 0 to 255, and the allowed content is
the ASCII characters from 0x21 to 0x7E.

Write Community: Indicates the community write access string to permit access to
the SNMP agent. The allowed string length is 0 to 255, and the allowed content is
the ASCII characters from 0x21 to 0x7E. These two fields are applicable only for
SNMP version v1 or v2c. If SNMP version is v3, the community string will be
associated with SNMPv3 communities table. SNMPv3 provides more flexibility to
configure security name than a SNMPv1 or SNMPv2c community string. In addition
to community string, a particular range of source addresses can be used to restrict
source subnet.

Engine ID: Indicates the SNMPv3 engine ID. The string must contain an even number
(in hexadecimal format) with number of digits between 10 and 64, but all-zeros
and all-'F's are not allowed. Changes to the Engine ID will clear all original local
users.

Relay Mode: This device provides 3-pin alarm terminal on the front panel. It
controls how your alarm circuit works when alarm situion happen.

Normal: In normal situation, it is normally closed. When alarms occur, it is

open.

Reverse: In normal situation, it is normally open. When alarms occur, it is

closed.

4-32 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.3.1.7.2 Alarm Configuration

Configure SNMP trap on this page.

Global Settings
Mode: Globally enable or disable trap function.

Click the “Add New Entry” to insert a SNMP trap entry.

SNMP Trap Configuration

Trap Config Name: Indicates a descriptive name for this SNMP trap entry.

PowerFlow-2-10G Configuration 4-33

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Trap Mode: Indicates the SNMP trap mode operation.

Enabled: Enable SNMP trap mode operation.

Disabled: Disable SNMP trap mode operation.

Trap Version: Indicates the SNMP trap supported version. Possible versions are:

SNMP v1: Set SNMP trap supported version 1.

SNMP v2c: Set SNMP trap supported version 2c.

SNMP v3: Set SNMP trap supported version 3.

Trap Community: Indicates the community access string when sending SNMP trap
packet. The allowed string length is 0 to 255, and the allowed content is ASCII
characters from 0x21 to 0x7E.

Trap Destination Address: Indicates the SNMP trap destination address. It allows
a valid IP address in dotted decimal notation ('x.y.z.w'). Also allowed is a valid
hostname. A valid hostname is a string drawn from the alphabet (A-Z; a-z), digits
(0-9), dot (.) and dash (-). Spaces are not allowed. The first character must be an
alpha character, and the first and last characters cannot be a dot or a dash.

Trap Destination port: Indicates the SNMP trap destination port. SNMP Agent will
send SNMP message via this port, the port range is 1~65535. The default SNMP
trap port is 162.

Trap Inform Mode: Indicates the SNMP trap inform mode operation. Possible
modes are:

Enabled: Enable SNMP trap inform mode operation.

Disabled: Disable SNMP trap inform mode operation.

Trap Inform Timeout (seconds): Indicates the SNMP trap inform timeout. The
allowed range is 0 to 2147.

Trap Inform Retry Times: Indicates the SNMP trap inform retry times. The allowed
range is 0 to 255.

4-34 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Trap Probe Security Engine ID: Indicates the SNMP trap probe security engine ID
mode of operation. Possible values are:

Enabled: Enable SNMP trap probe security engine ID mode of operation.

Disabled: Disable SNMP trap probe security engine ID mode of operation.

Trap Security Engine ID: Indicates the SNMP trap security engine ID. SNMPv3 sends
traps and informs use USM for authentication and privacy. A unique engine ID for
these traps and informs is needed. When "Trap Probe Security Engine ID" is
enabled, the ID will be probed automatically. Otherwise, the ID specified in this
field is used. The string must contain an even number (in hexadecimal format) with
number of digits between 10 and 64, but all-zeros and all-'F's are not allowed.

Trap Security Name: Indicates the SNMP trap security name. SNMPv3 traps and
informs use USM for authentication and privacy. A unique security name is needed
when traps and informs are enabled.

SNMP Trap Event

System: The system trap events include the following.

Warm Start: The switch has been rebooted from an already powered on
state.

Cold Start: The switch has booted from a powered off or due to power
cycling (power failure).

AAA: Authentication, Authorization and Accounting; A trap will be issued at any

authentication failure.

Switch: Indicates that the Switch group's traps. Possible traps are:

STP: Select the checkbox to enable STP trap. Clear to disable STP trap.

RMON: Select the checkbox to enable RMON trap. Clear to disable RMON
trap.

Power: Indicates the Power group's traps. Possible trap event are:

Power 1 Status: Select the checkbox to enable Power 1 status trap. Clear the
checkbox to disable Power 1 status trap.

PowerFlow-2-10G Configuration 4-35

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Power 2 Status: Select the checkbox to enable Power 2 status trap. Clear the
checkbox to disable Power 2 status trap.

Interface: Indicates the Interface group's traps. Possible traps are:

Link Up: none/specific/all ports Link up trap.

Link Down: none/specific/all ports Link down trap.

LLDP: none/specific/all ports LLDP (Link Layer Discovery Protocol) trap.

When the "specific" radio button is selected, a popup graphic with port
checkboxes allows selection specific ports.

After completing all the trap settings, click the "Save" button.

Alarm Relay

Power: Indicates the Power group's alarm relay. Possible options are:

Power 1 Status: Select the checkbox to enable Power 1 status alarm relay
function. Once power 1 fails, the alarm relay contacts are open and Fault LED
indicator is on in amber. Clear the checkbox to disable Power 1 status alarm relay.

Power 2 Status: Select the checkbox to enable Power 2 status alarm relay
function. Once power 2 fails, the alarm relay contacts are open and Fault LED
indicator is on in amber. Clear the checkbox to disable Power 2 status alarm relay.

Interface: Indicates the Interface group's alarm relay. Possible options are:

Link Down: none/specific/all ports Link down alarm relay. Once link down occurs
on the selected interfaces, the alarm relay contacts are open, Fault LED indicator
is on in amber. Clear the checkbox to disable alarm relay function.

When the "specific" radio button is selected, a popup graphic with port
checkboxes allows selection specific ports.

NOTE: For more information about alarm relay circuit on the terminal block,
please see Power & Alarm section.

4-36 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.3.1.7.3 SNMPv3 Community Configuration

Configure SNMPv3 community table on this page. The entry index key is
Community.

Delete: Check to delete the entry. It will be deleted during the next save.

Community: Indicates the community access string to permit access to SNMPv3

agent. The allowed string length is 1 to 32, and the allowed content is ASCII
characters from 0x21 to 0x7E. The community string will be treated as security
name and map a SNMPv1 or SNMPv2c community string. This string is case
sensitive.

Source IP: Indicates the SNMP access source address. A particular range of
source addresses can be used to restrict source subnet when combined with
source mask.

Source Mask: Indicates the SNMP access source address mask.

4.3.3.1.7.4 SNMPv3 User Configuration

Configure SNMPv3 user table on this page. The entry index keys are Engine ID and
User Name.

Engine ID: An octet string identifying the engine ID that this entry should belong
to. The string must contain an even number (in hexadecimal format) with number
of digits between 10 and 64, but all-zeros and all-'F's are not allowed. The SNMPv3
architecture uses the User-based Security Model (USM) for message security and
the View-based Access Control Model (VACM) for access control. For the USM entry,
the usmUserEngineID and usmUserName are the entry's keys. In a simple agent,
usmUserEngineID is always that agent's own snmpEngineID value. The value can

PowerFlow-2-10G Configuration 4-37

Chapter 4 Web Operation and Configuration Installation and Operation Manual

also take the value of the snmpEngineID of a remote SNMP engine with which this
user can communicate. In other words, if user engine ID equal system engine ID
then it is local user; otherwise it is a remote user.

User Name: A string identifying the user name that this entry should belong to.
The allowed string length is 1 to 32, and the allowed content is ASCII characters
from 0x21 to 0x7E.

Security Level: Indicates the security model that this entry should belong to.
Possible security models are:

NoAuth, NoPriv: No authentication and no privacy.

Auth, NoPriv: Authentication and no privacy.

Auth, Priv: Authentication and privacy.

The value of security level cannot be modified if entry already exists. That means
it must first be ensured that the value is set correctly.

Authentication Protocol: Indicates the authentication protocol that this entry

should belong to. Possible authentication protocols are:

None: No authentication protocol.

MD5: An optional flag to indicate that this user uses MD5 authentication
protocol.

SHA: An optional flag to indicate that this user uses SHA authentication
protocol.

The value of security level cannot be modified if entry already exists. That means
it must first be ensured that the value is set correctly.

Authentication Password: A string identifying the authentication password

phrase. For MD5 authentication protocol, the allowed string length is 8 to 32
characters. For SHA authentication protocol, the allowed string length is 8 to 40
characters. The allowed content is ASCII characters from 0x21 to 0x7E.

Privacy Protocol: Indicates the privacy protocol that this entry should belong to.
Possible privacy protocols are:

None: No privacy protocol.

4-38 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

DES: An optional flag to indicate that this user uses DES authentication
protocol.

AES: An optional flag to indicate that this user uses AES authentication
protocol.

Privacy Password: A string identifying the privacy password phrase. The allowed
string length is 8 to 32, and the allowed content is ASCII characters from 0x21 to
0x7E.

Click the “Add New Entry” button to insert a new entry to the list.

Click the “Delete” button to remove a newly-inserted entry or select the

checkbox to remove a saved entry during the next save.

Click the “Save” button to save settings or changes.

Click the “Reset” button to restore changed settings to the default settings.

4.3.3.1.7.5 SNMPv3 Group Configuration

Configure SNMPv3 group table on this page. The entry index keys are Security
Model and Security Name.

Security Model: Indicates the security model that this entry should belong to.
Possible security models are:

v1: Reserved for SNMPv1.

v2c: Reserved for SNMPv2c.

PowerFlow-2-10G Configuration 4-39

Chapter 4 Web Operation and Configuration Installation and Operation Manual

usm: User-based Security Model (USM) for SNMPv3.

Security Name: A string identifying the security name that this entry should
belong to. The allowed string length is 1 to 32, and the allowed content is ASCII
characters from 0x21 to 0x7E.

Group Name: A string identifying the group name that this entry should belong
to. The allowed string length is 1 to 32, and the allowed content is ASCII
characters from 0x21 to 0x7E.

4.3.3.1.7.6 SNMPv3 View Configuration

Configure SNMPv3 view table on this page. The entry index keys are View Name
and OID Subtree.

View Name: A string identifying the view name that this entry should belong to.
The allowed string length is 1 to 32, and the allowed content is ASCII characters
from 0x21 to 0x7E.

View Type: Indicates the view type that this entry should belong to. Possible view
types are:

included: An optional flag to indicate that this view subtree should be

included.

excluded: An optional flag to indicate that this view subtree should be excluded.
In general, if a view entry's view type is 'excluded', there should be another view
entry existing with view type as 'included' and it's OID subtree should overstep
the 'excluded' view entry.

OID Subtree: The OID defining the root of the subtree to add to the named view.
The allowed OID length is 1 to 128. The allowed string content is digital number
or an asterisk(*).

4-40 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.3.1.7.7 SNMPv3 Access Configuration

Configure SNMPv3 access table on this page. The entry index keys are Group
Name, Security Model and Security Level.

Delete: Check to delete the entry. It will be deleted during the next save.

Group Name: A string identifying the group name that this entry should belong
to. The allowed string length is 1 to 32, and the allowed content is ASCII
characters from 0x21 to 0x7E.

Security Model: Indicates the security model that this entry should belong to.
Possible security models are:

any: Any security model accepted(v1|v2c|usm).

v1: Reserved for SNMPv1.

v2c: Reserved for SNMPv2c.

usm: User-based Security Model (USM) for SNMPv3.

Security Level: Indicates the security level that this entry should belong to.
Possible security models are:

NoAuth, NoPriv: No authentication and no privacy.

Auth, NoPriv: Authentication and no privacy.

Auth, Priv: Authentication and privacy.

Read View Name: The name of the MIB view defining the MIB objects for which
this request may request the current values. The allowed string length is 1 to 32,
and the allowed content is ASCII characters from 0x21 to 0x7E.

PowerFlow-2-10G Configuration 4-41

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Write View Name: The name of the MIB view defining the MIB objects for which
this request may potentially set new values. The allowed string length is 1 to 32,
and the allowed content is ASCII characters from 0x21 to 0x7E.

4.3.3.1.8 RMON

4.3.3.1.8.1 RMON Statistics Configuration

Configure RMON Statistics table on this page. The entry index key is ID.

Delete: Check to delete the entry. It will be deleted during the next save.

ID: Indicates the index of the entry. The range is from 1 to 65535.

Data Source: Indicates the port ID which wants to be monitored.

4.3.3.1.8.2 RMON History Configuration

RMON History Configuration is to collect statistics on a physical interface to
monitor network utilization, packet types, and errors. A RMON historical record can
be used to monitor intermittent problems.

ID: Indicates the index of the entry. The range is from 1 to 65535.

Data Source: Indicates the port ID which wants to be monitored.

Interval: Indicates the polling interval. By default, 1800 seconds is specified. The
allowed range is 1 - 3600 seconds.

4-42 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Buckets: The number of buckets requested for this entry. By default, 50 is

specified. The allowed range is 1 - 3600.

Buckets Granted: The number of buckets granted.

Click the “Add New Entry” button to insert a new entry to the list.

Click the “Delete” button to remove a newly-inserted entry or select the

checkbox to remove a saved entry during the next save.

Click the “Save” button to save settings or changes.

Click the “Reset” button to restore changed settings to the default settings.

4.3.3.1.8.3 RMON Alarm Configuration

RMON Alarm configuration defines specific criteria that will generate response
events. It can be set to test data over any specified time interval and can monitor
absolute or changing values. Alarms can also be set to respond to rising or falling
thresholds.

ID: Indicates the index of the entry. The range is from 1 to 65535.

Interval: The polling interval for sampling and comparing the rising and falling
threshold. The range is from 1to 2^31 seconds.

Variable: The object number of the MIB variable to be sampled. Only variables of
the type ifEntry.n.n may be sampled. Possible variables are InOctets, InUcastPkts,
InNUcastPkts, InDiscards, InErrors, InUnknownProtos, OutOctets, OutUcastPkts,
OutNUcastPkts, OutDiscards, OutErrors, and OutQLen.

Sample Type: Test for absolute or relative change in the specified variable.

Absolute: The variable is compared to the thresholds at the end of the

sampling period.

PowerFlow-2-10G Configuration 4-43

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Delta: The last sample is subtracted from the current value and the
difference is compared to the thresholds.

Value: The statistic value during the last sampling period.

Startup Alarm: Select a method that is used to sample the selected variable and
calculate the value to be compared against the thresholds.

Rising or Falling: Trigger alarm when the first value is larger than the rising
threshold or less than the falling threshold.

Rising: Trigger alarm when the first value is larger than the rising threshold.

Falling: Trigger alarm when the first value is less than the falling threshold.

Rising Threshold: If the current value is greater than the rising threshold and the
last sample value is less than this threshold, then an alarm will be triggered. After
a rising event has been generated, another such event will not be generated until
the sampled value has fallen below the rising threshold, reaches the falling
threshold, and again moves back up to the rising threshold. The threshold range
is -2147483647 to 2147483647.

Rising Index: Indicates the rising index of an event. The range is 1~65535.

Falling Threshold: If the current value is less than the falling threshold, and the
last sample value was greater than this threshold, then an alarm will be
generated. After a falling event has been generated, another such event will not
be generated until the sampled value has risen above the falling threshold,
reaches the rising threshold, and again moves back down to the failing threshold.
(Range: -2147483647 to 2147483647)

Falling Index: Indicates the falling index of an event. The range is 1~65535.

Click the “Add New Entry” button to insert a new entry to the list.

Click the “Delete” button to remove a newly-inserted entry or select the

checkbox to remove a saved entry during the next save.

Click the “Save” button to save settings or changes.

Click the “Reset” button to restore changed settings to the default settings.

4-44 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.3.1.8.4 RMON Event Configuration

RMON Event Configuration page is used to set an action taken when an alarm is
triggered.

Delete: Check to delete the entry. It will be deleted during the next save.

ID: Specify an ID index. The range is 1~65535.

Desc: Enter a descriptive comment for this entry.

Type: Select an event type that will take when an alarm is triggered.

None: No event is generated.

Log: When the event is triggered, a RMON log entry will be generated.

snmptrap: Sends a trap message to all configured trap managers.

logandtrap: Logs an event and sends a trap message.

Community: A password-like community string sent with the trap. Although the
community string can be set on this configuration page, it is recommended that it
be defined on the SNMP trap configuration page prior to configuring it here. The
allowed characters are 0~127.

Event Last Time: The value of sysUpTime when an event was last generated for this
entry.

4.3.3.1.8.5 RMON Statistics Overview

This RMON statistics overview page shows interface statistics. All values displayed
have been accumulated since the last system reboot and are shown as counts per
second. The system will automatically refresh every 60 seconds by default.

PowerFlow-2-10G Configuration 4-45

Chapter 4 Web Operation and Configuration Installation and Operation Manual

ID: Display an ID index.

Data Source: Port ID to Monitor.

Drop: The total number of dropped packets due to lack of resources.

Octets: The total number of octets of data received.

Pkts: The total number of packets (including bad packets, broadcast packets)
received.

Broadcast: The total number of good packets received that were directed to the
broadcast address.

Multicast: The total number of good packets received that were directed to a
multicast address.

CRC Errors: The total number of packets received that had a length (excluding
framing bits, but including FCS octets) of between 64 and 1518 octets.

Undersize: The total number of packets received that were less than 64 octets.

Oversize: The total number of packets received that were longer than 1518
octets.

Frag.: The number of frames which size is less than 64 octets received with
invalid CRC.

Jabb.: The number of frames which size is larger than 64 octets received with
invalid CRC.

Coll.: The best estimate of the total number of collisions on this Ethernet
segment.

64 Bytes: The total number of packets (including bad packets) received that were

4-46 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

64 octets in length.

X~Y (65~127, 128~255, 256~511, 512~1023, 1024~1588): The total number

packets received between X and Y octets in length.

4.3.3.1.8.6 History Overview

History Index: Display Index of History control entry.

Sample Index: Display Index of the data entry associated with the control entry.

Sample Start: The time at which this sample started, expressed in seconds since
the switch booted up.

Drop: The total number of dropped packets due to lack of resources.

Octets: The total number of octets of data received.

Pkts: The total number of packets (including bad packets, broadcast packets)
received.

Broadcast: The total number of good packets received that were directed to the
broadcast address.

Multicast: The total number of good packets received that were directed to a
multicast address.

CRC Errors: The total number of packets received that had a length (excluding
framing bits, but including FCS octets) of between 64 and 1518 octets.

Undersize: The total number of packets received that were less than 64 octets.

Oversize: The total number of packets received that were longer than 1518
octets.

PowerFlow-2-10G Configuration 4-47

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Frag.: The number of frames which size is less than 64 octets received with
invalid CRC.

Jabb.: The number of frames which size is larger than 64 octets received with
invalid CRC.

Coll.: The best estimate of the total number of collisions on this Ethernet
segment.

Utilization: The best estimate of the mean physical layer network utilization on
this interface during this sampling interval, in hundredths of a percent.

4.3.3.1.8.7 Alarm Overview

ID: Display an alarm control index.

Interval: Interval in seconds for sampling and comparing the rising and falling
threshold.

Variable: MIB object that is used to be sampled.

Sample Type: The method of sampling the selected variable and calculating the
value to be compared against the thresholds.

Value: The value of the statistic during the last sampling period.

Startup Alarm: The alarm that may be triggered when this entry is first set to
valid.

Rising Threshold: If the current value is greater than the rising threshold, and the
last sample value was less than this threshold, then an alarm will be generated.

Rising Index: The index of the event to use if an alarm is triggered by monitored
variables crossing above the rising threshold.

4-48 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Falling Threshold: If the current value is less than the falling threshold, and the
last sample value was greater than this threshold, then an alarm will be
generated.

Falling Index: The index of the event to use if an alarm is triggered by monitored
variables crossing below the falling threshold.

4.3.3.1.8.8 Event Overview

Event Index: Display the event entry index.

Log Index: Display the log entry index.

Log Time: Display Event log time.

Log Description: Display Event description.

4.3.3.2 Network

4.3.3.2.1 Port Security

Port Security Limit Control can restrict the number of users that can access the
switch based on users’ MAC address and VLAN ID on a per port basis. Once the
number of users that wants to access the switch exceeds the specified number, a
selected action will be taken immediately.

PowerFlow-2-10G Configuration 4-49

Chapter 4 Web Operation and Configuration Installation and Operation Manual

4.3.3.2.1.1 Limit Control

System Configuration

Mode: Enable or disable port security limit control globally. If globally disabled,
other modules may still use the underlying functionality, but limit checks and
corresponding actions are disabled.

Aging Enabled: If enabled, secured MAC addresses are subject to aging as discussed
under Aging Period. With aging enabled, a timer is started once the end-host gets
secured. When the timer expires, the switch starts looking for frames from the
end-host, and if such frames are not seen within the next Aging Period, the end-
host is assumed to be disconnected, and the corresponding resources are freed on
the switch.

Aging Period: If Aging Enabled is checked, then the aging period can be set up with
the desired value. By default, the aging period is set to 3600 seconds. The allowed
range is 10~10,000,000 second.

Port Configuration

Port: Display the port number. “Port *” rules apply to all ports.

4-50 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Mode: Enable or disable port security limit control on a per port basis. To make
limit control function work, port security limit control needs to be enabled globally
and on a port.

Limit: The maximum number of MAC addresses that can be secured on this port.
The number cannot exceed 1024. If the limit is exceeded, the corresponding action
is taken.

Action: If the limit is exceeded, the selected action will take effect.

None: Do not allow more than the specified limit of MAC addresses to access
on a port. No action is further taken.

Trap: If Limit + 1 MAC addresses are seen on the port, send an SNMP trap. If Aging
is disabled, only one SNMP trap will be sent, but with Aging enabled, new SNMP
traps will be sent every time the limit is exceeded.

Shutdown: If Limit + 1 MAC addresses is seen on the port, shut down the port. This
implies that all secured MAC addresses will be removed from the port, and no new
addresses will be learned. Even if the link is physically disconnected and
reconnected on the port (by disconnecting the cable), the port will remain shut
down. There are three ways to re-open the port:
* Boot the switch
* Disable and re-enable Limit Control on the port or the switch
* Click the “Reopen” button

Trap & Shutdown: If Limit + 1 MAC addresses is seen on the port, both the “Trap”
and the “Shutdown” actions described above will be taken.

State: Display the current state of the port from the port security limit control's
point of view. The displayed state might be one of the following:

Disabled: Limit control is either globally disabled or disabled on a port.

Ready: The limit is not reached yet.

Limit Reached: The limit is reached on a port. This state can only be shown if
Action is set to None or Trap.

Shutdown: The port is shut down by the Limit Control module. This state can only
be shown if Action is set to Shutdown or Trap & Shutdown.

Re-open Button: If a port is shut down by this module, you may reopen it by clicking
this button, which will only be enabled if this is the case. For other methods, refer

PowerFlow-2-10G Configuration 4-51

Chapter 4 Web Operation and Configuration Installation and Operation Manual

to Shutdown in the Action section. Note that clicking the Reopen button causes
the page to be refreshed, so non-committed changes will be lost.

4.3.3.2.1.2 Switch Status

User Module Legend

User Module Name: The full name of a module that may request Port Security
services.

Abbr: This column is the abbreviation for the user module used in the “Users”
column in the “Port Status”.

Port Status

Port: Port number. Click a particular port number to see its port status.

Users: Each of the user modules has a column that shows whether that module
has enabled Port Security or not. A '-' means that the corresponding user module
is not enabled, whereas a letter indicates that the user module abbreviated by

4-52 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

that letter has enabled port security.

State: This shows the current status of a port. It can be one of the following states:

Disabled: No user modules are currently using the Port Security service.

Ready: The Port Security service is in use by at least one user module, and is
awaiting frames from unknown MAC addresses to arrive.

Limit Reached: The Port Security service is enabled by at least the Limit Control
user module, and that module has indicated that the limit is reached and no more
MAC addresses should be taken in.

Shutdown: The Port Security service is enabled by at least the Limit Control user
module and that module has indicated that the limit is exceeded. No MAC
addresses can be learned on the port until it is administratively re-opened on the
Limit Control configuration page.

MAC Count (Current/Limit): The two columns indicate the number of currently
learned MAC addresses (forwarding as well as blocked) and the maximum number
of MAC addresses that can be learned on the port, respectively. If no user
modules are enabled on the port, the Current column will show a dash (-). If the
Limit Control user module is not enabled on the port, the Limit column will show
a dash (-).

4.3.3.2.1.3 Port Statistics

This page shows MAC addresses learned on a particular port.

MAC Address: When “Port Security Limit Control” is enabled globally and on a port,
MAC addresses learned on a port show in here.

VLAN ID: Display VLAN ID that is seen on this port.

State: Display whether the corresponding MAC address is forwarding or blocked. In

the blocked state, it will not be allowed to transmit or receive traffic.

PowerFlow-2-10G Configuration 4-53

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Time of Addition: Display the date and time when this MAC address was seen on
the port.

Age/Hold: If at least one user module has decided to block this MAC address, it
will stay in the blocked state until the hold time (measured in seconds) expires. If
all user modules have decided to allow this MAC address to forward, and aging is
enabled, the Port Security module will periodically check that this MAC address is
still forwarding traffic. If the
age period (measured in seconds) expires and no frames have been seen, the MAC
address will be removed from the MAC table. Otherwise a new age period will begin.
If aging is disabled or a user module has decided to hold the MAC address
indefinitely, a dash (-) will be shown.

4.3.3.2.2 NAS
Network Access Server configuration is useful to the networking environment that
wants to authenticate clients (supplicants) before they can access resources on
the protected network. To effectively control access to unknown clients, 802.1X
defined by IEEE provides a port-based authentication procedure that can prevent
unauthorized access to a network by requiring users to first submit credentials for
authentication purposes.

A switch interconnecting clients and radius server usually acts as an authenticator

and uses EAPOL (Extensible Authentication Protocol over LANs) to exchange
authentication protocol messages with clients and a remote RADIUS authentication
server to verify user identity and user’s access right. This section is for setting up
authenticator’s configurations either on the system or on a per port basis. To
configure backend server, please go to RADIUS configuration page.

4-54 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.3.2.2.1 Configuration

System Configuration

Mode: Enable 802.1X and MAC-based authentication globally on the switch. If

globally disabled, all ports are
allowed to forward frames.

Reauthentication Enabled: Select the checkbox to set clients to be re-authenticated

after an interval set in "Reauthentication Period" field. Re-autentication can be
used to detect if a new device is attached to a switch port.

Reauthentication Period: Specify the time interval for a connected device to be re-
authenticated. By default, the re-authenticated period is set to 3600 seconds. The
allowed range is 1~3600 seconds.

EAPOL Timeout: Specify the time that the switch waits for a supplicant response
during an authentication session before transmitting a Request Identify EAPOL
packet. By default, it is set to 30 seconds. The allowed range is 1~65535 seconds.

Aging Period: Specify the period that is used to age out a client’s allowed access
to the switch via 802.1X and MAC-based authentication. The default period is 300
seconds. The allowed range is 10~1000000 seconds.

Hold Time: The time after an EAP Failure indication or RADIUS timeout that a client
is not allowed access. This setting applies to ports running Single 802.1X, Multi
802.1X, or MAC-based authentication. By default, hold time is set to 10 seconds.

PowerFlow-2-10G Configuration 4-55

Chapter 4 Web Operation and Configuration Installation and Operation Manual

The allowed range is 10~1000000 seconds.

Radius-Assigned QoS Enabled: Select the checkbox to globally enable RADIUS

assigned QoS.

Radius-Assigned VLAN Enabled: RADIUS-assigned VLAN provides a means to

centrally control the VLAN on which a successfully authenticated supplicant is
placed on the switch. Incoming traffic will be classified to and switched on the
RADIUS-assigned VLAN. The RADIUS server must be configured to transmit special
RADIUS attributes to take advantage of this feature.

The "RADIUS-Assigned VLAN Enabled" checkbox provides a quick way to globally

enable/disable RADIUS-server assigned VLAN functionality. When checked, the
individual ports' ditto setting determines whether RADIUS-assigned VLAN is
enabled on that port. When unchecked, RADIUS-server assigned VLAN is disabled
on all ports.

Guest VLAN Enabled: A Guest VLAN is a special VLAN typically with limited network
access. When checked, the individual ports' ditto setting determines whether the
port can be moved into Guest VLAN. When unchecked, the ability to move to the
Guest VLAN is disabled on all ports.

Guest VLAN ID: This VLAN ID is functional only when Guest VLAN is enabled. This is
the value that a port’s Port VLAN ID is set to if a port is moved into the Guest VLAN.
The range is 1~4095.

Max. Reauth. Count: The maximum number of times the switch transmits an EAPOL
Request Identity frame without receiving a response before adding a port to the
Guest VLAN. The value can only be changed when the Guest VLAN option is globally
enabled. The range is 1~255.

Allow Guest VLAN if EAPOL Seen: The switch remembers if an EAPOL frame has
been received on the port for the life-time of the port. Once the switch considers
whether to enter the Guest VLAN, it will first check if this option is enabled or
disabled. If disabled (unchecked; default), the switch will only enter the Guest VLAN
if an EAPOL frame has not been received on the port for the life-time of the port.
If enabled (checked), the switch will consider entering the Guest VLAN even if an
EAPOL frame has been received on the port for the life-time of the port. The value
can only be changed if the Guest VLAN option is globally enabled.

Port Configuration

Port: The port number. “Port *” rules apply to all ports.

Admin State: Select the authentication mode on a port. This setting works only
when NAS is globally enabled. The following modes are available:

4-56 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Force Authorized: In this mode, the switch will send one EAPOL Success frame when
the port link comes up, and any client on the port will be allowed network access
without authentication.

Force Unauthorized: In this mode, the switch will send one EAPOL Failure frame
when the port link comes up, and any client on the port will be disallowed network
access.

Port-Based 802.1X: This mode requires a dot1x-aware client to be authorized by

the authentication server. Clients that are not dot1x-aware will be denied access.

Single 802.1X: In Single 802.1X, at most one supplicant can get authenticated on
the port at a time. Normal EAPOL frames are used in the communication between
the supplicant and the switch. If more than one supplicant is connected to a port,
the one that comes first when the port's link comes up will be the first one
considered. If that supplicant doesn't provide valid credentials within a certain
amount of time, another supplicant will get a chance. Once a supplicant is
successfully authenticated, only that supplicant will be allowed access. This is the
most secure of all the supported modes. In this mode, the “Port Security” module
is used to secure a supplicant's MAC address once successfully authenticated.

Multi 802.1X: In Multi 802.1X, one or more supplicants can get authenticated on
the same port at the same time. Each supplicant is authenticated individually and
secured in the MAC table using the “Port Security” module.

MAC-based Auth.: Unlike port-based 802.1X, MAC-based authentication do not

transmit or receive EAPOL frames. In MAC-based authentication, the switch acts
as the supplicant on behalf of clients. The initial frame (any kind of frame) sent by
a client is snooped by the switch, which in turn uses the client's MAC address as
both username and password in the subsequent EAP exchange with the RADIUS
server. The 6-byte MAC address is converted to a string on the following form "xx-
xx-xx-xx-xx-xx", that is, a dash (-) is used as separator between the lower-cased
hexadecimal digits. The switch only supports the MD5-Challenge authentication
method, so the RADIUS server must be configured accordingly.

RADIUS-Assigned QoS Enabled: Select the checkbox to enable RADIUS-Assigned

QoS on a port.

Radius-Assigned VLAN Enabled: Select the checkbox to enable RADIUS-Assigned

VLAN on a port.

Guest VLAN Enabled: Select the checkbox to enable Guest VLAN on a port.

Port State: Display the current state of the port from 802.1X authentication point
of view. The possible states are as follows:

Globally Disabled: 802.1X and MAC-based authentication are globally disabled.

PowerFlow-2-10G Configuration 4-57

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Link Down: 802.1X and MAC-based authentication are enabled but there is no
link on a port.

Authorized: The port is forced in authorized mode and the supplicant is

successfully authorized.

Unauthorized: The port is forced in unauthorized mode and the supplicant is not
successfully authorized by the RADIUS server.

X Auth/Y Unauth: The port is in a multi-supplicant mode. X clients are

authorized and Y are unauthorized.

Restart: Restart client authentication using one of the methods described below.
Note that the restart buttons are only enabled when the switch’s authentication
mode is globally enabled (under System Configuration) and the port's Admin State
is an EAPOL-based or MACBased mode. Clicking these buttons will not cause
settings changed on the page to take effect.

Reauthenticate: Schedules reauthentication to whenever the quiet-period of the

port runs out (EAPOL-based authentication). For MAC-based authentication,
reauthentication will be attempted immediately. The button only has effect for
successfully authenticated clients on the port and will not cause the clients to get
temporarily unauthorized.

Reinitialize: This forces the reinitialization of the clients on the port and thereby a
reauthentication immediately. The clients will transfer to the unauthorized state
while the reauthentication is in progress.

4-58 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.3.2.2.2 Switch Status

Port: The port number. Click a port to view the detailed NAS statistics.

Admin State: Display the port’s current administrative state.

Port Status: Display the port state.

Last Source: The source MAC address carried in the most recently received EAPOL
frame for EAPOL-based authentication.

Last ID: The user name (supplicant identity) carried in the most recently received
Response Identity EAPOL frame for EAPOL-based authentication.

QoS Class: Display the QoS class that NAS assigns to the port. This field is left
blank if QoS is not set by NAS.

Port VLAN ID: The VLAN ID of the port assigned by NAS. This field is left blank if
VLAN ID is not set by NAS.

PowerFlow-2-10G Configuration 4-59

Chapter 4 Web Operation and Configuration Installation and Operation Manual

4.3.3.2.2.3 Port Statistics

Port State

Admin State: Display the port’s current administrative state.

Port Status: Display the port state.

Receive EAPOL Counters

Total: The number of valid EAPOL frames of any type that has been received by
the switch.

Response ID: The number of valid EAPOL Response Identity frames that have
been received by the switch.

Responses: The number of valid EAPOL response frames (other than Response
Identity frames) that have been received by the switch.

Start: The number of EAPOL Start frames that have been received by the switch.

Logoff: The number of valid EAPOL Logoff frames that have been received by the
switch.

Invalid Type: The number of EAPOL frames that have been received by the switch
in which the frame type is not recognized.

Invalid Length: The number of EAPOL frames that have been received by the
switch in which the Packet Body Length field is invalid.

4-60 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Transmit EAPOL Counters

Total: The number of EAPOL frames of any type that has been transmitted by the
switch.

Request ID: The number of valid EAPOL Request Identity frames that have been
received by the switch.

Requests: The number of valid EAPOL request frames (other than Request
Identity frames) that have been received by the switch.

4.3.3.2.3 ACL
ACL is a sequential list established to allow or deny users to access information
or perform tasks on the network. In this switch, users can establish rules applied
to port numbers to permit or deny actions or restrict rate limit.

4.3.3.2.3.1 Ports

Port: The port number.

PowerFlow-2-10G Configuration 4-61

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Policy Id: Assign an ACL policy ID to a particular port. A port can only use one policy
ID; however, a policy ID can apply to many ports. The default ID is 0. The allowed
range is 0~255.

Action: Permit or deny a frame based on whether it matches a rule defined in the
assigned policy.

Rate Limiter ID: Select a rate limiter ID to apply to a port. Rate Limiter rule can be
set up in “Rate Limiters” configuration page.

Port Redirect: Select a port to which matching frames are redirected.

Mirror: Enable or disable mirroring feature. When enabled, a copy of matched

frames will be mirrored to the destination port specified in “Mirror” configuration
page. ACL-based port mirroring set by this parameter and port mirroring set on the
general Mirror Configuration page are implemented independently. To use ACL-
based mirroring, enable the Mirror parameter on the ACL Ports Configuration page.
Then open the Mirror Configuration page, set the “Port to mirror on” field to the
required destination port, and leave the “Mode” field Disabled.

Logging: Enable logging of matched frames to the system log. To view log entries,
go to System menu and then click the “System Log Information” option.

Shutdown: This field is to decide whether to shut down a port when matched
frames are seen or not.

State: Select a port state.

Enabled: To re-open a port.

Disabled: To close a port.

Counters: The number of frames that have matched the rules defined in the
selected policy.

4-62 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.3.2.3.2 Rate Limiters

Rate Limiter ID: Display every rate limiter ID.

Rate: Specify the threshold above which packets are dropped. The allowed values
are 0~3276700 pps or 1, 100, 200, 300…1000000 kbps.

Unit: Select the unit of measure used in rate.

4.3.3.2.3.3 Access Control List

Access Control List is to establish filtering rules for an ACL policy, for a particular
port or for all ports. Rules applied to a port take effect immediately.

Ingress Port: The ingress port of the access control entry. Select “All” to apply to
all ports or select a particular port.

Policy Bitmask: The policy number and bitmask of the ACE.

PowerFlow-2-10G Configuration 4-63

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Frame Type: The type of frame that matches to this rule.

Action: Display the action type, either to permit or deny.

Rate Limiter: Display rate limiter is enabled or disabled when matched frames are
found.

Port Redirect: Display port redirect is enabled or disabled.

Mirror: Display mirror function is enabled or disabled.

Counter: Display the number of frames that have matched any of the rules defined
for this ACL.

Click the plus sign to add a new ACE entry.

ACE Configuration

Ingress Port: Select the ingress port of the access control entry. Select “All” to
apply an ACL rule to all ports or select a particular port.

Policy Filter: Select the policy filter type. “Any” means no policy filter is assigned
to this rule (or don’t care). Select “Specific” to filter specific policy with this ACE.

Frame Type: Select a frame type to match. Available frame types include Any,
Ethernet, ARP, IPv4. By default, any frame type is used.

4-64 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Action: Select the action type, either to permit or deny.

Rate Limiter: Enable or disable the rate limiter when matched frames are found.

Mirror: Enable or disable mirror function.

Logging: Enable or disable logging when a frame is matched.

Shutdown: Enable or disable shutdown a port when a frame is matched.

Counter: Display the number of frames that have matched any of the rules defined
for this ACL.

VLAN Parameters

802.1Q Tagged: Select whether or not the frames should be tagged.

VLAN ID Filter: Select the VLAN ID filter for this ACE.

Any: No VLAN ID filter is specified. (Don’t care)

Specific: Specify a VLAN ID. A frame with the specified VLAN ID matches this
ACE rule.

Tag Priority: Select the User Priority value found in the VLAN tag to match this rule.

MAC Parameter

SMAC Filter: The type of source MAC address. Select “Any” to allow all types of
source MAC addresses or select “Specific” to define a source MAC address. (This
field is for Any and Ethernet frame type only.)

DMAC Filter: The type of destination MAC address.

Any: To allow all types of destination MAC addresses

MC: Multicast MAC address

PowerFlow-2-10G Configuration 4-65

Chapter 4 Web Operation and Configuration Installation and Operation Manual

BC: Broadcast MAC address

UC: Unicast MAC address

Specific: Use this to self-define a destination MAC address. (This option is for
Ethernet frame type only.)

Ethernet Type Parameter

Ether Type Filter: This option can only be used to filter Ethernet II formatted
packets. Select “Specific” to define an Ether Type value.

ARP Parameter

ARP/RARP: Specify the type of ARP packet.

Any: No ARP/RARP opcode flag is specified

ARP: The frame must have ARP/RARP opcode set to ARP,

RARP: The frame must have ARP/RARP opcode set to RARP

Other: The frame has unknown ARP/RARP opcode flag

Request/Reply: Specify whether the packet is an ARP request, reply, or either type.

Any: No ARP/RARP opcode flag is specified

Request: The frame must have ARP Request or RARP Request opcode flag set.

Reply: The frame must have ARP Reply or RARP Reply opcode flag set.

Sender IP Filter: Specify the sender’s IP address.

Any: No sender IP filter is specified.

Host: Specify the sender IP address.

4-66 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Network: Specify the sender IP address and sender IP mask.

Target IP Filter: Specify the destination IP address.

Any: No target IP filter is specified.

Host: Specify the target IP address.

Network: Specify the target IP address and target IP mask.

ARP Sender SMAC Match: Select “0” to indicate that the SHA (Sender Hardware
Address) field in the ARP/RARP frame is not equal to source MAC address. Select
“1” to indicate that SHA field in the ARP/RARP frame is equal to source MAC
address. Select “Any” to indicate a match and not a match.

RARP Target MAC Match: Select “0” to indicate that the THA (Target Hardware
Address) field in the ARP/RARP frame is not equal to source MAC address. Select
“1” to indicate that THA field in the ARP/RARP frame is equal to source MAC
address. Select “Any” to indicate a match and not a match.

IP/Ethernet Length: Select “0” to indicate that HLN (Hardware Address Length)
field in the ARP/RARP frame is not equal to Ethernet (0x6) and the Protocol
Address Length field is not equal to IPv4 (0x4). Select “1” to indicate that HLN
(Hardware Address Length) field in the ARP/RARP frame is equal to Ethernet
(0x6) and the Protocol Address Length field is equal to IPv4 (0x4). Select “Any” to
indicate a match and not a match.

IP: Select “0” to indicate that Protocol Address Space field in ARP/RARP frame is
not equal to IP (0x800). Select “1” to indicate that Protocol Address Space is
equal to IP (0x800). Select “Any” to indicate a match and not a match.

Ethernet: Select “0” to indicate that Hardware Address Space field in ARP/RARP
frame is not equal to Ethernet (1). Select “1” to indicate that Hardware Address
Space field is equal to Ethernet (1). Select “Any” to indicate a match and not a
match.

IP Parameters

IP Protocol Filter: Select “Any”, “ICMP”, “UDP”, “TCP”, or “Other” protocol from
the pull-down menu for IP Protocol filtering.

PowerFlow-2-10G Configuration 4-67

Chapter 4 Web Operation and Configuration Installation and Operation Manual

IP TTL: Select “Zero” to indicate that the TTL filed in IPv4 header is 0. If the value
in TTL field is not 0, use “Non-Zero” to indicate that. You can also select “any” to
denote the value which is either 0 or not 0.

IP Fragment: Select “Any” to allow any values. “Yes” denotes that IPv4 frames
where the MF bit is set or the FRAG OFFSET field is greater than zero must match
this entry. “No” denotes that IPv4 frames where the MF bit is set or the FRAG
OFFSET field is greater than zero must not match this entry.

IP Option: Specify the options flag setting for this rule. Select “Any” to allow any
values. “Yes” denotes that IPv4 frames where the options flag is set must match
this entry. “No” denotes that Pv4 frames where the options flag is set must not
match this entry

SIP Filter: Select “Any”, “Host”, or “Network” for source IP filtering. If “Host” is
selected, you need to indicate a specific host IP address. If “Network” is selected,
you need to indicate both network address and subnet mask.

SIP Address: Specify a source IP address.

SIP Mask: Specify a source subnet mask.

DIP Filter: Select “Any”, “Host”, or “Network” for destination IP filtering. If “Host”
is selected, you need to indicate a specific host IP address. If “Network” is
selected, you need to indicate both network address and subnet mask.

DIP Address: Specify a destination IP address.

DIP Mask: Specify a destination subnet mask.

IPv6 Parameters

Next Header Filter: Select next header filter option. Available options include ICMP,
UDP, TCP, Other.

SIP Filter: Select a source IP filter. “Any” denotes that any SIP filter is allowed.
Select “Specific” to enter self-define SIP filter.

Hop Limit: Select “Any” to allow any values in this field. Select” “0” if IPv6 frames
with a hop limit field greater than zero must not be able to match this entry. “1”
denotes that IPv6 frames with a hop limit field greater than zero must be able to
match this entry.

4-68 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.3.2.3.4 ACL Status

This page shows the ACL status by different ACL users. Each row describes
the ACE that is defined. It is a conflict if a specific ACE is not applied to the
hardware due to hardware limitations. The maximum number of ACEs is 256 on
each switch.
User: Display the ACL user.

ACE: Display ACE entry ID.

Frame Type: Display the frame type of the ACE. Possible values are:

Any: The ACE will match any frame type.

EType: The ACE will match Ethernet Type frames. Note that an Ethernet Type
based ACE will not get matched by IP and ARP frames.

ARP: The ACE will match ARP/RARP frames.

IPv4: The ACE will match all IPv4 frames.

IPv4/ICMP: The ACE will match IPv4 frames with ICMP protocol.

IPv4/UDP: The ACE will match IPv4 frames with UDP protocol.

IPv4/TCP: The ACE will match IPv4 frames with TCP protocol.

IPv4/Other: The ACE will match IPv4 frames, which are not ICMP/UDP/TCP.

IPv6: The ACE will match all IPv6 standard frames.

Action: Display the forwarding action of the ACE.

Permit: Frames matching the ACE may be forwarded and learned.

PowerFlow-2-10G Configuration 4-69

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Deny: Frames matching the ACE may be forwarded and learned.

Filtered: Frames matching the ACE are filtered.

Rate Limiter: Indicates the rate limiter number of the ACE. The allowed range
is 1 to 16. When Disabled is displayed, the rate limiter operation is disabled.

Port Redirect: Indicates the port redirect operation of the ACE. Frames matching
the ACE are redirected to the port number. The allowed values are Disabled or a
specific port number. When Disabled is displayed, the port redirect operation is
disabled.

Mirror: Specify the mirror operation of this port. The allowed values are:

Enabled: Frames received on the port are mirrored.

Disabled: Frames received on the port are not mirrored. The default value is
"Disabled".

CPU: Forward packet that matched the specific ACE to CPU.

Counter: The counter indicates the number of times the ACE was hit by a frame.

Conflict: Indicate the hardware status of the specific ACE. The specific ACE is not
applied to the hardware due to hardware limitations.

4.3.3.2.4 DHCP

4-70 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.3.2.4.1 DHCP Server Statistics

Database Counters

Pool: The number of pool that has been configured.

Excluded IP Address: The number of excluded IP address.

Declined IP Address: The number of declined IP address.

Binding Counters

Automatic Binding: The number of bindings with network-type pools.

Manual Binding: The number of bindings that the network engineer assigns an IP
address to a client. In other words, the pool is of host type.

Expired Binding: The number of bindings that their lease time expired or they are
cleared from Automatic or Manual type bindings.

DHCP Message Received Counters

Discover: The number of DHCP DISCOVER messages received.

Request: The number of DHCP REQUEST messages received.

Decline: The number of DHCP DECLINE messages received.

PowerFlow-2-10G Configuration 4-71

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Release: The number of DHCP RELEASE messages received.

Inform: The number of DHCP INFORM messages received.

DHCP Message Sent Counters

OFFER: The number of DHCP OFFER messages sent.

ACK: The number of DHCP ACK messages sent.

NAK: The number of DHCP NAK messages sent.

4.3.3.2.4.2 DHCP Server Binding IP

IP: The IP address allocated to DHCP client.

Type: The type of binding method. This field can be “Automatic”, “Manual” or
“Expired”.

State: The state of binding. Possible states are “Committed”, “Allocated”, or

“Expired”.

Pool Name: The pool that generates the binding.

Server ID: The server IP address to create the binding.

4-72 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.3.2.4.3 DHCP Server Declined IP

Declined IP: Displays a list of declined IP addresses.

4.3.3.2.4.4 DHCP Server Mode Configuration

Global Mode

Mode: Enable or disable DHCP server mode. When enabled, this device can act as
a DHCP server and provide IP address to clients that request for one.

VLAN Mode

Click “Add VLAN Range” to create a new entry.

VLAN Range: Enter the VLAN Range in which DHCP server is enabled or disabled.
The starting VLAIN ID must be smaller than or equal to the ending VLAN ID. If
there is only one VLAN ID, then it can be entered either in starting or ending
VLAN ID field.

Mode: Indicates the operation mode per VLAN.

Enabled: Enable DHCP server per VLAN.

PowerFlow-2-10G Configuration 4-73

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Disabled: Disable DHCP server per VLAN.

NOTE: If you would like to disable DHCP server on an existing VLAN range, then
follow the steps below.
1. Add one “Add VLAN Range” entry.
2. Enter the VLAN range that you want to disable.
3. Choose “Disabled” mode.
4. Click “Save” to apply the change.

4.3.3.2.4.5 DHCP Server Excluded IP Configuration

Click “Add IP Range” to set up IP pool range.

IP Range: Enter the starting and ending IP address that are not allocated to DHCP
clients. The starting IP address must be smaller or equal to the ending IP address.
If there is only one excluded IP address, it can be entered either in starting or
ending IP address field. The total Excluded IP address ranges can be supported is
16.

4.3.3.2.4.6 DHCP Server Pool Configuration

Click “Add New Pool” to add a new entry to the list. The maximum entries
supported are 640.

4-74 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Name: Enter the pool name for this entry. All printable characters are supported
except white space. Click on the pool name after save to configure its detailed
settings.

Type: Display which type the pool is. The displayed options include Network and
Host. If “-“ is displayed, it means this field has not been defined yet.

IP: Display network number of the DHCP address pool. If “-“ is displayed, it
means this field has not been defined yet.

Subnet Mask: Display subnet mask of the DHCP address pool. If “-“ is displayed, it
means this field has not been defined yet.

Lease Time: Display the lease time of the configured pool.

Click on the pool name to configure its detailed settings.

Pool

Name: Select the pool name that you want to configure from the pull-down
menu.

Setting

PowerFlow-2-10G Configuration 4-75

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Pool Name: Display the pool name for this configured entry.

Type: Select the pool type.

Network: The pool defines a pool of IP addresses to service more than one
DHCP client.

Host: The pool services for a specific DHCP client identified by client identifier
or hardware address.

IP: Specify the network IP of the DHCP address pool.

Subnet Mask: Specify subnet mask of the DHCP address pool.

Lease Time: Specify lease time that a client needs to send requests to the DHCP
server for renewed IP address. If all are 0’s, then it means the lease time is
infinite.

Domain Name: Specify the domain name that a client use when resolving
hostname via DNS.

Broadcast Address: Specify the broadcast address in use on the client’s subnet.

Default Router: Specify a list of IP addresses for routers on the clients’ subnet.

DNS Server: Specify a list of Domain Name System name servers available to the
client.

NTP Server: Specify a list of IP addresses indicating NTP servers available to the
client.

NetBios Node Type: Select NetBIOS node type option to allow Netbios over TCP/IP
clients which are configurable to be configured as described in RFC 1001/1002.

NetBIOS Scope: Specify the NetBIOS over TCP/IP scope parameter for the client as
specified in RFC 1001/1002.

NetBIOS Name Server: Specify a list of NBNS name servers listed in order of
preference.

4-76 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

NIS Domain Name: Specify the name of the client's NIS domain.

NIS Server: Specify a list of IP addresses indicating NIS servers available to the
client.

Client Identifier: Specify client's unique identifier to be used when the pool is the
type of host.

Hardware Address: Specify client's hardware (MAC) address to be used when the
pool is the type of host.

Client Name: Specify the name of client to be used when the pool is the type of
host.

Vendor 1~8 Class Identifier: Specify to be used by DHCP client to optionally

identify the vendor type and configuration of a DHCP client. DHCP server will
deliver the corresponding option 43 specific information to the client that sends
option 60 vendor class identifier.

Vendor 1~8 Specific Information: Specify vendor specific information according to

option 60 vendor class identifier.

4.3.3.2.4.7 Snooping Configuration

DHCP Snooping allows the switch to protect a network from attacking by other
devices or rogue DHCP servers. When DHCP Snooping is enabled on the switch, it
can filter IP traffic on insecure (untrusted) ports that the source addresses cannot
be identified by DHCP Snooping. The addresses assigned to connected clients on
insecure ports can be carefully controlled by either using the dynamic binding
registered with DHCP Snooping or using the static binding configured with IP Source
Guard.

PowerFlow-2-10G Configuration 4-77

Chapter 4 Web Operation and Configuration Installation and Operation Manual

DHCP Snooping Configuration

Snooping Mode: Enable or disable DHCP Snooping function globally. When DHCP
snooping mode operation is enabled, the DHCP request messages will be forwarded
to trusted ports and only allow reply packets from trusted ports.

Port Mode Configuration

Port: Port number. "Port *" rules apply to all ports.

Mode: Select the DCHP Snooping port mode. Ports can be set to either “Trusted”
or “Untrusted”.

4.3.3.2.4.8 Snooping Table

DHCP clients who obtained the dynamic IP address from the DHCP server will be
listed in this table except for local VLAN interface IP addresses. Items displayed
include the following:

MAC Address: Client hardware MAC address.

VLAN ID: VLAN number of the client interface.

Will Expire In: The remaining time the release will be expired.

Source Port: The port number of the client that binds with IP address.

IP Address: Client IP address assigned from the DHCP server.

IP Subnet Mask: Client IP subnet mask.

DHCP Server: The DHCP Server that assigns IP address.

4-78 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.3.2.4.9 Relay Configuration

Relay Mode: Enable or disable the DHCP relay function.

Relay Server: Enter DHCP server IP address that is used by the switch’s DHCP relay
agent.

Relay Information Mode: Enable or disable DHCP Relay option 82 function. Please
note that “Relay Mode” must be enabled before this function is able to take effect.

Relay Information Policy: Select Relay Information policy for DHCP client that
includes option 82 information.

Replace: Replace the DHCP client packet information with the switch’s relay
information. This is the default setting.

Keep: Keep the client’s DHCP information.

Drop: Drop the packet when it receives a DHCP message that already contains
relay information.

PowerFlow-2-10G Configuration 4-79

Chapter 4 Web Operation and Configuration Installation and Operation Manual

DHCP Relay Agent Information

Circuit ID Format: Select the appropriate circuit ID format.

Standard: Used for defining the switch port and VLAN ID according to RFC 3046.

TR-101: Used for defining the switch IP, switch port and VLAN ID according to
TR-101.

Port Alias: Use the individual values for port Alias.

Remote ID Format: Select the appropriate remote ID format.

None: Sub-option 2 is not used.

MAC Address: Add MAC address to Option 82 information.

4-80 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Configured: The Remote ID can be user-defined when this option is selected. The
maximum length of the Remote ID is 63.

Subscriber ID

Format: Select the appropriate Subscriber ID format.

None: Sub-option 6 is not used.

Port Alias: Use the individual values for port Alias on a per port basis.

Configured: Configure the desired Subscriber ID in the “Configuration” field.

Configuration: Specify the desired Subscriber ID. The maximum length of a

Subscriber ID is 63.

4.3.3.2.4.10 Relay Statistics

DHCP Relay Statistics

Transmit to Server: The number of packets that are relayed from client to server.

Transmit Error: The number of packets that resulted in errors while being sent to
clients.

Receive from Server: The number of packets received from server.

Receive Missing Agent Option: The number of packets received without agent
information options.

PowerFlow-2-10G Configuration 4-81

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Receive Missing Circuit ID: The number of packets received with the Circuit ID option
missing.

Receive Missing Remote ID: The number of packets received with the Remote ID
option missing.

Receive Missing Subscriber ID: The number of packets received with the subscriber
ID missing.

Receive Bad Circuit ID: The number of packets whose Circuit ID option did not match
known circuit ID.

Receive Bad Remote ID: The number of packets whose Remote ID option did not
match known Remote ID.

Receive Bad Subscriber ID: The number of packets whose subscriber ID option did
not match known subscriber ID.

Client Statistics

Transmit to Client: The number of relayed packets from server to client.

Transmit Error: The number of packets that resulted in error while being sent to
servers.

Receive from Client: The number of received packets from server.

Receive Agent Option: The number of received packets with relay agent
information option.

Replace Agent Option: The number of packets which were replaced with relay agent
information option.

Keep Agent Option: The number of packets whose relay agent information was
retained.

Drop Agent Option: The number of packets that were dropped which were received
with relay agent information.

4-82 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.3.2.5 IP Source Guard

4.3.3.2.5.1 Configuration

IP Source Guard Configuration

Mode: Enable or disable IP source guard globally.

Translate dynamic to static: Click this button to translate dynamic entries to static
ones.

Port Mode Configuration

Port: The port number. “Port *” rules apply to all ports.

Mode: Enable or disable IP source guard on a port. Please note that to make IP
source guard work, both global mode and port mode must be enabled.

Max Dynamic Clients: Select the maximum number of dynamic clients that can be
learned on a port. The available options are 0, 1, 2, unlimited. If the port mode is
enabled and the maximum number of dynamic clients is equal 0, the switch will
only forward IP packets that are matched in static entries for a given port.

PowerFlow-2-10G Configuration 4-83

Chapter 4 Web Operation and Configuration Installation and Operation Manual

4.3.3.2.5.2 Static Table

Port: Select a port to which a static entry is bound.

VLAN ID: Enter VLAN ID that has been configured.

IP Address: Enter a valid IP address.

MAC Address: Enter a valid MAC address.

Click the “Add New Entry” button to insert an entry to the table.

Select the “Delete” checkbox to remove the entry during the next save.

Click the “Save” button to save settings or changes.

Click the “Reset” button to restore settings to default settings or previously

configured settings.

4.3.3.2.5.3 Dynamic Table

The Dynamic IP Source Guard table shows entries sorted by port, VLAN ID, IP
address and MAC address. By default, each page displays 20 entries. However, it
can display 999 entries by entering the number in “entries per page” input field.

4-84 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.3.2.6 ARP inspection

4.3.3.2.6.1 Port Configuration

ARP Inspection Configuration

Mode: Enable or disable ARP inspection function globally.

Port Mode Configuration

Port: The port number. “Port *” rules apply to all ports.

Mode: Enable or disable ARP Inspection on a port. Please note that to make ARP
inspection work, both global mode and port mode must be enabled.

Check VLAN: Enable or disable check VLAN operation.

Log Type: There are four log types available.

None: Log nothing.

PowerFlow-2-10G Configuration 4-85

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Deny: Log denied entries.

Permit: Log permitted entries.

All: Log all entries.

4.3.3.2.6.2 VLAN Configuration

VLAN ID: Specify ARP Inspection is enabled on which VLANs. First, you have to
enable the port setting on Port mode configuration web page. Only when both
Global Mode and Port Mode on a given port are enabled, ARP Inspection is
enabled on this given port. Second, you can specify which VLAN will be inspected
on VLAN mode configuration web page. The log type also can be configured on
per VLAN setting.

Log Type: There are four log types available.

None: Log nothing.

Deny: Log denied entries.

Permit: Log permitted entries.

All: Log all entries.

Click the “Add New Entry” button to insert an entry to the table.

Select the “Delete” checkbox to remove the entry during the next save.

Click the “Save” button to save newly-configured settings or changes.

Click the “Reset” button to restore settings to default settings or previously

configured settings.

4-86 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.3.2.6.3 Static Table

Port: Select a port to which a static entry is bound.

VLAN ID: Specify a configured VLAN ID.

MAC Address: Specify an allowed source MAC address in ARP request packets.

IP Address: Specify an allowed source IP address in ARP request packets.

Click the “Add New Entry” button to insert an entry to the table.

Select the “Delete” checkbox to remove the entry during the next save.

Click the “Save” button to save newly-configured settings or changes.

Click the “Reset” button to restore settings to default settings or previously

configured settings.

4.3.3.2.6.4 Dynamic Table Configuration

Port: The port number of this entry.

PowerFlow-2-10G Configuration 4-87

Chapter 4 Web Operation and Configuration Installation and Operation Manual

VLAN ID: VLAN ID in which the ARP traffic is permitted.

MAC Address: User MAC address of this entry.

IP Address: User IP address of this entry.

Translate to static: Click the button to translate the dynamic entry to static one.

4.3.3.2.6.5 Dynamic Table Status

Port: The port number of this entry.

VLAN ID: VLAN ID in which the ARP traffic is permitted.

MAC Address: User MAC address of this entry.

4.3.3.3 RADIUS

4.3.3.3.1 Configuration

4-88 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Global Configuration

Timeout: The time the switch waits for a reply from an authentication server before
it retransmits the request.

Retransmit: Specify the number of times to retransmit request packets to an

authentication server that does not respond. If the server does not respond after
the last retransmit is sent, the switch considers the authentication server is dead.

Deadtime: Deadtime is the period during which the switch will not send new
requests to a server that has failed to respond to a previous request. This will stop
the switch from continually trying to contact a server that it has already determined
as dead. Setting the Deadtime to a value greater than 0 (zero) will enable this
feature, but only if more than one server has been configured. The allowed
deadtime range is between 0 to 1440minutes.

Key: Specify the secret key up to 64 characters. This is shared between the RADIUS
sever and the switch.

NAS-IP-Address: The IPv4 address is used as attribute 4 in RADIUS Access-Request

packets. If this field is left blank, the IP address of the outgoing interface is used.

NAS-IPv6-Address: The IPv6 address is used as attribute 95 in RADIUS Access-

Request packets. If this field is left blank, the IP address of the outgoing interface
is used.

NAS Identifier: The identifier, up to 256 characters long, is used as attribute 32 in

RADIUS Access-Request packets. If this field is left blank, the NAS-Identifier is not
included in the packet.

Sever Configuration

Hostname: The hostname or IP address for the RADIUS server.

Auth Port: The UDP port to be used on the RADIUS server for authentication.

Acct Port: The UDP port to be used on the RADIUS server for accounting.

Timeout: If timeout value is specified here, it will replace the global timeout value.
If you prefer to use the global value, leave this field blank.

PowerFlow-2-10G Configuration 4-89

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Retransmit: If retransmit value is specified here, it will replace the global retransmit
value. If you prefer to use the global value, leave this field blank.

Key: If secret key is specified here, it will replace the global secret key. If you prefer
to use the global value, leave this field blank.

4.3.3.3.2 RADIUS Overview

#: The number of Authentication & Accounting server. Five Authentication &

Accounting servers are supported. Click on the number to view each server’s details.

IP Address: The configured IP address and UPD port number.

Status: The current state of RADIUS authentication server. Displayed states include
the following:

Disabled: This server is disabled.

Not Ready: The server is ready but IP communication is not yet up and running.

Ready: The server is ready and IP communication is not yet up and running. The
RADIUS server is ready to accept access attempts.

4-90 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.3.3.3 RADIUS Details

RADIUS Authentication Statistics for Server

Access Accepts: The number of RADIUS Access-Accept packets (valid or invalid)

received from the server.

Access Rejects: The number of RADIUS Access-Reject packets (valid or invalid)

received from the server.

Access Challenges: The number of RADIUS Access-Challenge packets (valid or invalid)

received from the server.

Malformed Access Responses: The number of malformed RADIUS Access-Response

packets received from the server. Malformed packets include packets with an
invalid length. Bad authenticators or Message Authenticator attributes or unknown
types are not included as malformed access responses.

Bad Authenticators: The number of RADIUS Access-Response packets containing

invalid authenticators or Message Authenticator attributes received from the server.

Unknown Types: The number of RADIUS packets that were received with unknown
types from the server on the authentication port and dropped.

Packets Dropped: The number of RADIUS packets that were received from the
server on the authentication port and dropped for some other reason.

PowerFlow-2-10G Configuration 4-91

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Access Requests: The number of RADIUS Access-Request packets sent to the server.
This does not include retransmissions.

Access Retransmissions: The number of RADIUS Access-Request packets

retransmitted to the RADIUS authentication server.

Pending Requests: The number of RADIUS Access-Request packets destined for the
server that have not yet timed out or received a response. This variable is
incremented when an Access-Request is sent and decremented due to receipt of
an Access-Accept, Access-Reject, Access-Challenge, timeout, or retransmission.

Timeouts: The number of authentication timeouts to the server. After a timeout,

the client may retry to the same server, send to a different server, or give up. A
retry to the same server is counted as a retransmit as well as a timeout. A send to
a different server is counted as a Request as well as a timeout.

IP Address: IP address and UDP port for the authentication server in question.

State: Shows the state of the server. It takes one of the following values:

Disabled: The selected server is disabled.

Not Ready: The server is enabled, but IP communication is not yet up and
running.

Ready: The server is enabled, IP communication is up and running, and the

RADIUS module is ready to accept access attempts.

Dead (X seconds left): Access attempts were made to this server, but it did not
reply within the configured timeout. The server has temporarily been disabled,
but will get re-enabled when the dead-time expires. The number of seconds left
before this occurs is displayed in parentheses. This state is only reachable when
more than one server is enabled.

Round-Trip Time: The time interval (measured in milliseconds) between the most
recent Access-Reply/Access-Challenge and the Access-Request that matched it
from the RADIUS authentication server. The granularity of this measurement is 100
ms. A value of 0 ms indicates that there hasn't been round-trip communication
with the server yet.

RADIUS Accounting Statistics for Server

4-92 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Responses: The number of RADIUS packets (valid or invalid) received from the
server.

Malformed Responses: The number of malformed RADIUS packets received from

the server. Malformed packets include packets with an invalid length. Bad
authenticators or unknown types are not included as malformed access responses.

Bad Authenticators: The number of RADIUS packets containing invalid

authenticators received from the server.

Unknown Types: The number of RADIUS packets of unknown types that were
received from the server on the accounting port.

Packets Dropped: The number of RADIUS packets that were received from the
server on the accounting port and dropped for some other reason.

Requests: The number of RADIUS packets sent to the server. This does not include
retransmissions.

Retransmissions: The number of RADIUS packets retransmitted to the RADIUS

accounting server.

Pending Requests: The number of RADIUS packets destined for the server that have
not yet timed out or received a response. This variable is incremented when a
Request is sent and decremented due to receipt of a Response, timeout, or
retransmission.

Timeouts: The number of accounting timeouts to the server. After a timeout, the
client may retry to the same server, send to a different server, or give up. A retry
to the same server is counted as a retransmit as well as a timeout. A send to a
different server is counted as a Request as well as a timeout.

IP Address: IP address and UDP port for the accounting server in question.

State: Shows the state of the server. It takes one of the following values:

Disabled: The selected server is disabled.

Not Ready: The server is enabled, but IP communication is not yet up and
running.

Ready: The server is enabled, IP communication is up and running, and the

RADIUS module is ready to accept accounting attempts.

PowerFlow-2-10G Configuration 4-93

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Dead (X seconds left): Accounting attempts were made to this server, but it did
not reply within the configured timeout. The server has temporarily been
disabled, but will get re-enabled when the dead-time expires. The number of
seconds left before this occurs is displayed in parentheses. This state is only
reachable when more than one server is enabled.

Round-Trip Time: The time interval (measured in milliseconds) between the most
recent Response and the Request that matched it from the RADIUS accounting
server. The granularity of this measurement is 100 ms. A value of 0 ms indicates
that there hasn't been round-trip communication with the server yet.

4.3.3.3.4 TACACS+

Global Configuration

Timeout: The time the switch waits for a reply from a TACACS+ server before it
retransmits the request.

Deadtime: Deadtime is the period during which the switch will not send new
requests to a server that has failed to respond to a previous request. This will stop
the switch from continually trying to contact a server that it has already determined
as dead. Setting the Deadtime to a value greater than 0 (zero) will enable this
feature, but only if more than one server has been configured. The allowed
deadtime range is between 0 to 1440 minutes.

Key: Specify the secret key up to 63 characters. This is shared between a TACACS+
sever and the switch.

Server Configuration

Hostname: The hostname or IP address for a TACACS+ server.

4-94 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Port: The TCP port number to be used on a TACACS+ server for authentication.

Timeout: If timeout value is specified here, it will replace the global timeout value.
If you prefer to use the global value, leave this field blank.

Key: If secret key is specified here, it will replace the global secret key. If you prefer
to use the global value, leave this field blank.

4.3.4 Aggregation
Compared with adding cost to install extra cables to increase the redundancy and
link speed, link aggregation is a relatively inexpensive way to set up a high-speed
backbone network that transfers much more data than any one single port or
device can deliver. Link aggregation uses multiple ports in parallel to increase the
link speed. And there are two types of aggregation that are available, namely
“Static” and “LACP”.

Under the Aggregation heading are two major icons, static and LACP.

4.3.4.1 Static

PowerFlow-2-10G Configuration 4-95

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Aggregation Mode Configuration

Source MAC Address: All traffic from the same Source MAC address is output on
the same link in a trunk.

Destination MAC Address: All traffic with the same Destination MAC address is
output on the same link in a trunk.

IP Address: All traffic with the same source and destination IP address is output on
the same link in a trunk.

TCP/UDP Port Number: All traffic with the same source and destination TCP/UDP
port number is output on the same link in a trunk.

Aggregation Group Configuration

Group ID: Trunk ID number. “Normal” means that no aggregation is used. 14

aggregation groups are available for use. Each group contains at least 2 to 8 links
(ports). Please note that each port can only be used once in Group ID 1~14.

Port Members: Select ports to belong to a certain trunk.

4.3.4.2 LACP

4.3.4.2.1 LACP Configuration

The Switch supports dynamic Link Aggregation Control Protocol (LACP) which is
specified in IEEE 802.3ad. Static trunks have to be manually configured at both
ends of the link. In other words, LACP configured ports can automatically negotiate
a trunked link with LACP configured ports on another devices. You can configure
any number of ports on the Switch as LACP, as long as they are not already
configured as part of a static trunk. If ports on other devices are also configured
as LACP, the Switch and the other devices will negotiate a trunk link between them.

4-96 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Port: The port number.

LACP Enabled: Enable LACP on a switch port.

Key: The “Auto” setting sets the key as appropriate by the physical link speed.
Select “Specific” if you want a user-defined key value. The allowed key value range
is 1~65535. Ports in an aggregated link group must have the same LACP port Key.
In order to allow a port to join an aggregated group, the port Key must be set to
the same value.

Role: The user can select either “Active” or “Passive” role depending on the device’s
capability of negotiating and sending LACP control packets.

Ports that are designated as “Active” are able to process and send LACP control
frames. Hence, this allows LACP compliant devices to negotiate the aggregated like
so that the group may be changed dynamically as required. In order to add or
remove ports from the group, at least one of the participating devices must set to
“Active” LACP ports.

On the other hand, LACP ports that are set to “Passive” cannot send LACP control
frames. In order to allow LACP-enabled devices to form a LACP group, one end of
the connection must designate as “Passive” LACP ports.

Timeout: The Timeout controls the period between BPDU transmissions. Fast will
transmit LACP packets each second, while Slow will wait for 30 seconds before
sending a LACP packet.

PowerFlow-2-10G Configuration 4-97

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Prio: The priority of the port. The lower number means greater priority. This priority
value controls which ports will be active and which ones will be in a backup role.

4.3.4.2.2 System Status

Aggr ID: Display the aggregation ID associated with the Link Aggregation Group
(LAG).

Partner System ID: LAG’s partner system ID (MAC address).

Partner Key: The partner key assigned to this LAG.

Partner Prio: The priority value of the partner.

Last Changed: The time since this LAG changed.

Local Ports: The local ports that are a port of this LAG.

4-98 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.4.2.3 Port Status

Port: The port number.

LACP: Show LACP status on a port.

Yes: LACP is enabled and the port link is up.

No: LACP is not enabled or the port link is down.

Backup: The port is in a backup role. When other ports leave LAG group, this
port will join LAG.

Key: The aggregation key value on a port.

Aggr ID: Display the aggregation ID active on a port.

Partner System ID: LAG partner’s system ID.

Partner Port: The partner port connected to this local port.

PowerFlow-2-10G Configuration 4-99

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Partner Prio: The priority value of the partner.

4.3.4.2.4 Port Statistics

Port: The port number.

LACP Received: The number of LACP packets received on a port.

LACP Transmitted: The number of LACP packets transmitted by a port

Discarded: The number of unknown and illegal packets that have been discarded
on a port.

4-100 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.5 Redundancy
Designing redundant paths that can protect networks from unexpected failovers
is extremely important in mission-critical networks that need to provide
uninterrupted services. However, redundant paths mean that possible loops may
occur in networks and bring down networks eventually if they are not treated
carefully. In practice, several loop protection methods are implemented to ensure
that networks function normally without loops and recover as soon as possible
when a point of failure occurs. The most popular ones are STP (802.1d), RSTP
(802.1w) and MSTP (802.1s). For industrial applications, the proprietary PF-ring
and ERPS (G.8032) are highly recommended since they can achieve faster
recovery time than any STP protocol.

In this section, the redundancy-related functions will be introduced individually.

The functions covered in this section can be seen from the “Redundancy” menu.

4.3.5.1 PF-Ring
PF-Ring is a proprietary redundancy technology that supports 250 units in a ring
topology and can bring redundant paths into service within 10 ms when link
failures occur. Compared with spanning tree protocol, PF-Ring achieves faster
recovery time on the network and is more flexible and scalable in network
architecture. PF-Ring redundancy technology can automatically self identifies the
ring Master (the user-defined Master is also supported) and then block a port
resided in Master device for backup purposes. Once the disconnection is detected
on the network, PF-Ring can bring backup ports back into “forwarding” mode so
that the disconnected path can keep contact with the whole network.

PowerFlow-2-10G Configuration 4-101

Chapter 4 Web Operation and Configuration Installation and Operation Manual

4.3.5.1.1 Configuration

Click “Add New Instance” button to add a new entry.

Instance: The instance number. The total instances supported are 14.

Type: PF-Ring supports 3 ring types. They are explained below individually.

PF-Ring: PF-Ring type is used in a closed ring topology. All participating devices
must support PF-Ring redundancy technology.

Figure 1. Single ring Figure 2. Two rings

PF-Chain: PF-Chain type is used when PF-Ring supported devices interconnect to a network or
devices that does not support PF-Ring redundancy technology.

Figure 3. PF-Chain ring connects to a network

4-102 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Sub-Ring: Sub-Ring is used in an open ring and only has one node. In a networking topology,
Sub-Ring type must co-exist with PF-Ring type or PF-Chain type. No third-party devices are used
in this ring type.

Figure 4. Sub-Ring

Master: The Master is generally used to decide which segment acts as a backup
path. The user can manually select the checkbox to set the device in a ring as a
Master. However, if all devices’ Master checkboxes are left unchecked, the PF-Ring
protocol will assign one of the devices in the ring as the Master depending on their
MAC address. The election process is explained below in “Determining a Master and
blocking a port”.

Port: Select the west and east port from the pull-down menu.

Edge: This field appears only when you select PF-Chain type. Select the checkbox
to set the selected port as a PF-Chain edge port.

PowerFlow-2-10G Configuration 4-103

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Determining a Master and blocking a port

PF-Ring PF-Chain Sub-Ring

Step 1. Manually select the Master Manually select the Master in a Manually select the Master in a
Determining in a ring. ring. ring.
a Master

If several devices are set to The device with a configured If several devices are set to
Master, the PF-Ring edge port that has the Master, the PF-Ring
redundancy protocol biggest MAC address is redundancy protocol decides
decides the Master in a ring selected as the Master. the Master in a ring depending
depending on devices’ MAC on devices’ MAC address. The
address. The device with device with the biggest MAC
If the Master is mis-assigned to
the biggest MAC address becomes the Master
the device that does not have
address becomes the in a ring.
an edge, the PF-Ring
Master in a ring.
redundancy protocol will ignore
this mis-configuration. If no device in a ring is set to
If no device in a ring is set Master, the PF-Ring
to Master, the PF-Ring redundancy protocol decides
redundancy protocol the Master in a ring depending
decides the Master in a ring Note: When selecting PF-Chain on devices’ MAC address. The
depending on devices’ MAC type, only the devices with an device with the biggest MAC
address. The device with edge port or edge ports are address becomes the Master
the biggest MAC eligible to be elected as the in a ring.
address becomes the Master.
Master in a ring.

Step 2. The port with higher port The edge port in Master device The port with higher port
Blocking a number in Master device is blocked. number in Master device is
port is blocked. blocked.

If the Master has two edge

ports, the port with higher
port number is blocked.
Example

4-104 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.5.1.2 Status

Instance: The instance number.

Type: Display the type of redundancy ring.

Role: This field can be Master or Slave (paths in Slave device will not be blocked).

East & West Port Number: The configured port number in a instance.

East & West Port State: The current state of the configured port in a ring. The
displayed state can be one of the following:

Forwarding: The path is in normal transmission.

Blocking: The path is blocked and acts as a backup path.

Down: No physical connection.

East & West Port Edge: This field shows whether the configured port is an edge
port or not.

Healthy: This field graphically displays the current ring status.

: The path is never ringed.

: The Master is elected and backup path is blocked. The network with a
redundant path works normally.

: The physical link or connection in the ring is down. The status of backup path
is changed from “blocked” to “forwarding” status when one of the forwarding
paths is down.

PowerFlow-2-10G Configuration 4-105

Chapter 4 Web Operation and Configuration Installation and Operation Manual

4.3.5.2 Loop Protection

Loops sometimes occur in a network due to improper connecting, hardware
problem or faulty protocol settings. When loops are seen in a switched network,
they consume switch resources and thus downgrade switch performance. Loop
Protection feature is provided in this switch and can be enabled globally or on a
per port basis. Using loop protection enables the switch to automatically detect
loops on a network. Once loops are detected, ports received the loop protection
packet form the switch can be shut down or loopped events can be logged.

4.3.5.2.1 Configuration

General Settings

Enable Loop Protection: Enable or disable loop protection function.

Transmission Time: The interval between each loop protection PDU sent on each
port. Valid values are 1 to 10 seconds.

Shutdown Time: The period for which a port will be kept disabled. Valid values are
0 to 604800 seconds. 0 means that a port is kept disabled until next device restart.

Port Configuration

4-106 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Port: List the number of each port. “Port *” settings apply to all ports.

Enable: Enable or disable the selected ports’ loop protection function.

Action: When a loop is detected on a port, the loop protection will immediately
take appropriate actions. Actions will be taken include “Shutdown Port”,
“Shutdown Port and Log” or “Log Only”.

Shutdown Port: A loop-detected port is shutdown for a period of time

configured in “Shutdown Time”.

Shutdown Port and Log: A loop-detected port is shutdown for a period of time configured in
“Shutdown Time” and the event is logged.

Log Only: The event is logged and the port remains enable.

Tx Mode: Enable or disable a port to actively generate loop protection PDUs or to

passively look for looped PDUs.

4.3.5.2.2 Status

Port: The port number.

PowerFlow-2-10G Configuration 4-107

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Action: Display the configured action that the switch will react when loops occur.

Transmit: Display the configured transmit (Tx) mode.

Loops: The number of loops detected on a port.

Status: The current loop status detected on a port.

Loop: Loops detected on a port or not.

Time of Last Loop: The time of the last loop event detected.

4.3.5.3 Spanning Tree

For some networking services, always-on connections are required to ensure that
end users’ online related activities are not interrupted due to unexpected
disconnections. In these circumstances, multiple active paths between network
nodes are established to prevent disconnections from happening. However,
multiple paths interconnected with each other have a high tendency to cause
bridge loops that make networks unstable and in worst cases make networks
unusable. For example, the MAC address table used by the switch or bridge can fail,
since the same MAC addresses (and hence the same network hosts) are seen on
multiple ports. Second, a broadcast storm occurs. This is caused by broadcast
packets being forwarded in an endless loop between switches. A broadcast storm
can consume all available CPU resources and bandwidth.

To solve problems causing by bridge loops, spanning tree allows a network design
to include redundant links to provide automatic backup paths if an active link fails,
without the danger of bridge loops, or the need for manually enabling/disabling
these backup links.

The Spanning Tree Protocol (STP), defined in the IEEE Standard 802.1s, can create
a spanning tree within a mesh network of connected layer-2 bridges (typically
Ethernet switches) and disable the links which are not part of that tree, leaving a
single active path between any two network nodes.

To provide faster spanning tree convergence after a topology change, an evolution

of the Spanning Tree Protocol “Rapid Spanning Tree Protocol (RSTP)”, is introduced
by IEEE 802.1w. RSTP is a refinement of STP; therefore, it shares most of its basic
operation characteristics. This essentially creates a cascading effect away from the
root bridge where each designated bridge proposes to its neighbors to determine
if it can make a rapid transition. This is one of the major elements which allows
RSTP to achieve faster convergence times than STP.

4-108 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

The other extension of RSTP is IEEE 802.1s Multiple Spanning Tree protocol (MSTP)
that allows different VLANs to travel along separate instances of spanning tree.
Unlike STP and RSTP, MSTP eliminates the needs for having different STP for each
VLAN. Therefore, in a large networking environment that employs many VLANs,
MSTP can be more useful than legacy STP.

4.3.5.3.1 Bridge Settings

Basic Settings

Protocol Version: Select the appropriate spanning tree protocol. Protocol versions
provided include “STP”, “RSTP”, and “MSTP”.

Bridge Priority: Each switch has a relative priority and cost that is used to decide
what the shortest path is to forward a packet. The lowest cost path (lowest
numeric value) has a higher priority and is always used unless it is down. If you
have multiple bridges and interfaces then you need to adjust the priorities to
achieve optimized performance. For MSTP operation, this is the priority of the CIST.
Otherwise, this is the priority of the STP/RSTP bridge.

Forward Delay: Fort STP bridges, the Forward Delay is the time spent in each
Listening and Learning state before the Forwarding state is entered. This delay
occurs when a new bridge comes onto a network. Valid values are 4-30 seconds.

PowerFlow-2-10G Configuration 4-109

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Max Age: If another switch in the spanning tree does not send out a hello packet
for a period of time, it is considered to be disconnected. Valid values are 6 to 40
seconds, and Max Age values must be smaller than or equal to (Forward Delay-
1)*2.

Maximum Hop Count: The maximum number of hops allowed for MST region before
a BPDU is discarded. Each bridge decrements the hop count by one before passing
on the BPDU. When the hop count reaches zero, the BPDU is discarded. The default
hop count is 20. The allowed range is 6-40.

Transmit Hold Count: The number of BPDU sent by a bridge port per second. When
exceeded, transmission of the next BPDU will be delayed. By default, it is set to 6.
The allowed transmit hold count is 1 to 10. Please note that increasing this value
might have a significant impact on CPU utilization and decreasing this value might
slow down convergence. It is recommended to remain Transmit Hold Count to the
default setting.

Advanced Settings

Edge Port BPDU Filtering: The purpose of Port BPDU Filtering is to prevent the
switch from sending BPDU frames on ports that are connected to end devices.

Edge Port BPDU Guard: Edge ports generally connect directly to PC, file servers or
printers. Therefore, edge ports are configured to allow rapid transition. Under
normal situations, edge ports should not receive configuration BPDUs. However, if
they do, this probably is due to malicious attacks or mis-settings. When edge ports
receive configuration BPDUs, they will be automatically set to non-edge ports and
start a new spanning tree calculation process.

BPDU Guard is therefore used to prevent the device from suffering malicious
attacks. With this function enabled, when edge ports receive configuration BPDUs,
STP disables those affected edge ports. After a period of recovery time, those
disabled ports are re-activated.

Port Error Recovery: When enabled, a port that is in the error-disabled state can
automatically be enabled after a certain time.

Port Error Recovery Timeout: The time that has to pass before a port in the error-
disabled state can be enabled. The allowed range is 30 – 86400 seconds.

4-110 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.5.3.2 MSTI Mapping

Configuration Identification

Configuration Name: The name for this MSTI. By default, the switch’s MAC address
is used. The maximum length is 32 characters. In order to share spanning trees for
MSTI, bridges must have the same configuration name and revision value.

Configuration Revision: The revision number for this MSTI. The allowed range is 0
– 65535.

MSTI Mapping

MSTI: MSTI instance number.

VLAN Mapped: Specify VLANs mapped to a certain MSTI. Both a single VLAN and a
range of VLANs are allowed. Separate VLANs with a comma and use hyphen to
denote a range of VLANs. (Example: 2,5,20-40) Leave the field empty for unused
MSTI.

PowerFlow-2-10G Configuration 4-111

Chapter 4 Web Operation and Configuration Installation and Operation Manual

4.3.5.3.3 MSTI Priorities

MSTI: Display MSTI instance number. “MSTI *” priority rule applies to all ports.

Priority: Select an appropriate priority for each MSTI instance. Bridge priority is used
in selecting the root device, root port, and designated port. The device with the
highest priority becomes the root device. However, if all devices have the same
priority, the device with the lowest MAC address will then become the root device.
Note that lower numeric values indicate higher priority. The bridge priority plus the
MSTI instance number, concatenated with the 6-byte MAC address of the switch
forms a Bridge Identifier.

4.3.5.3.4 CIST Ports

CIST Aggregated Port Configuration

Port: The port number.

4-112 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

STP Enabled: Enable STP function

Path Cost: Path cost is used to determine the best path between devices. If “Auto”
mode is selected, the system automatically detects the speed and duplex mode to
decide the path cost. Select “Specific”, if you want to use user-defined value. Valid
values are 1 to 200000000. Please note that path cost takes precedence over port
priority.

Priority: Select port priority.

Admin Edge: If an interface is attached to end nodes, you can set it to “Edge”.

Auto Edge: Select the checkbox to enable this feature. When enabled, a port is
automatically determined to be at the edge of the network when it receives no
BPDUs.

Restricted Role: If enabled, this causes the port not to be selected as Root Port
for the CIST or any MSTI, even if it has the best spanning tree priority.

Restricted TCN: If enabled, this causes the port not to propagate received
topology change notifications and topology changes to other ports.

BPDU Guard: This feature protects ports from receiving BPDUs. It can prevent
loops by shutting down a port when a BPDU is received instead of putting it into
the spanning tree discarding state. If enabled, the port will disable itself upon
receiving valid BPDU's.

Point-to-Point: Select the link type attached to an interface.

Auto: The switch automatically determines whether the interface is attached to a

point-to-point link or shared medium.

Forced True: It is a point-to-point connection.

Forced False: It is a shared medium connection.

PowerFlow-2-10G Configuration 4-113

Chapter 4 Web Operation and Configuration Installation and Operation Manual

4.3.5.3.5 MSTI Ports

Select a specific MSTI that you want to configure and then click the “Get” button.

Port: The port number.

Path Cost: Path cost is used to determine the best path between devices. If “Auto”
mode is selected, the system automatically detects the speed and duplex mode to
decide the path cost. Select “Specific”, if you want to use user-defined value. Valid
values are 1 to 200000000. Please note that path cost take precedence over port
priority.

Priority: Select port priority.

4-114 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.5.3.6 Bridge Status

STP Bridge

MSTI: The bridge instance. Click this instance to view STP detailed bridge status.

Bridge ID: The unique bridge ID for this instance consisting a priority value and MAC
address of the bridge switch.

Root ID: Display the root device’s priority value and MAC address.

Root Port: The number of the port on this switch that is closest to the root. This
switch communicates with the root device through this port. If there is no root
port, then this switch has been accepted as the root device of the Spanning Tree
network.

Root Cost: The path cost from the root port on the switch to the root device. For
the root bridge this is zero. For all other bridges, it is the sum of the port path
costs on the least cost path to the root bridge.

Topology Flag: The current state of the Topology Change Notification flag for this
bridge instance.

Topology Change Last: The time since this spanning tree was last configured.

Click the MSTI instance to view STP detailed bridge status.

PowerFlow-2-10G Configuration 4-115

Chapter 4 Web Operation and Configuration Installation and Operation Manual

STP Detailed Bridge Status

Bridge Instance: The bridge instance.

Bridge ID: The unique bridge ID for this instance consisting a priority value and MAC
address of the bridge switch.

Root ID: Display the root device’s priority value and MAC address.

Root Cost: The path cost from the root port on the switch to the root device. For
the root bridge this is zero. For all other bridges, it is the sum of the port path
costs on the least cost path to the root bridge.

Root Port: The number of the port on this switch that is closest to the root. This
switch communicates with the root device through this port. If there is no root
port, then this switch has been accepted as the root device of the Spanning Tree
network.

Regional Root: The Bridge ID of the currently elected regional root bridge, inside
the MSTP region of this bridge. (This parameter only applies to the CIST instance.)

Internal Root Cost: The Regional Root Path Cost. For the Regional Root Bridge the
cost is zero. For all other CIST instances in the same MSTP region, it is the sum of
the Internal Port Path Costs on the least cost path to the Internal Root Bridge. (This
parameter only applies to the CIST instance.)

Topology Flag: The current state of the Topology Change Notification flag for this
bridge instance.

Topology Change Last: The time since this spanning tree was last configured.

4-116 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

CIST Ports & Aggregations State

Port: Display the port number.

Port ID: The port identifier used by the RSTP protocol. This port ID contains the
priority and the port number.

Role: The role assigned by Spanning Tree Algorithm. Roles can be “Designated Port”,
“Backup Port”, “Root Port”.

State: Display the current state of a port.

Blocking: Ports only receive BPDU messages but do not forward them.

Learning: Port has transmitted configuration messages for an interval set by the
Forward Delay parameter without receiving contradictory information. Port
address table is cleared, and the port begins learning addresses

Forwarding: Ports forward packets and continue to learn addresses.

Edge: Display whether this port is an edge port or not.

Point-to-Point: Display whether this point is in point-to-point connection or not.

This can be both automatically and manually configured.

Uptime: The time since the bridge port was last initialized.

PowerFlow-2-10G Configuration 4-117

Chapter 4 Web Operation and Configuration Installation and Operation Manual

4.3.5.3.7 Port Status

Port: The port number.

CIST Role: The role assigned by Spanning Tree Algorithm. Roles can be “Designated
Port”, “Backup Port”, “Root Port” or “Non-STP”.

CIST State: Display the current state of a port. The CIST state must be one of the
following:

Discarding: Ports only receive BPDU messages but do not forward them.

Learning: Port has transmitted configuration messages for an interval set by the
Forward Delay parameter without receiving contradictory information. Port
address table is cleared, and the port begins learning addresses

Forwarding: Ports forward packets and continue to learn addresses.

Uptime: The time since the bridge port was last initialized.

4-118 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.5.3.8 Port Statistics

Port: Display the port number.

Transmitted & Received MSTP/RSTP/STP: The number of MSTP/RSTP/STP

configuration BPDU messages transmitted and received on a port.

Transmitted & Received TCN: The number of TCN messages transmitted and
received on a port.

Discarded Unknown/Illegal: The number of unknown and illegal packets discarded

on a port.

4.3.5.4 MEP (Y.1731)

Instance: Specify the MEP instance ID. After saving an entry, click the number of
each instance to further configure details of this MEP entry.

Domain (Port): This is a MEP in the Port Domain. 'Flow Instance' is a Port.

Mode: Select either Mep (Maintenance Entity End Point) or Mip (Maintenance Entity
Intermediate Point).

Direction: Select the traffic direction either Down or Up for monitoring on a

residence port.

Down: This is a Down (Ingress) MEP - monitoring ingress OAM and traffic on
'Residence Port'.

Up: This is an Up (Egress) MEP - monitoring egress OAM and traffic on 'Residence
Port'.

PowerFlow-2-10G Configuration 4-119

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Residence Port: Specify a port to monitor.

Level: The MGP level of this MEP.

Flow Instance: The MEP related to this flow.

Tagged VID: A C-tag or S-tag (depending on VLAN port type) is added with this VID.
Entering “0” means no tag will be added.

This MAC: The MAC of this MEP (can be used by other MEP when unicast is selected).

Alarm: There is an active alarm on the MEP.

Delete: Remove the entry from the table.

Click the instance number to configure detailed settings of MEP.

Instance Data

The details of the current instance item.

Instance Configuration

Level: Select a MEP level. The allowed range is 0~7.

4-120 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Format: Two formats are available.

ITU ICC: This is defined by ITU in Y.1731 ANNEX A. “Domain Name” is not used.
MEG id must be maximum 13 characters.

IEEE String: This is defined by IEEE in 802.1ag. “Domain Name” can be maximum
16 characters. “MEG ID” (Short MA Name) can be maximum 16 characters.

ITU CC ICC: This is defined by ITU in Y.1731. “Domain Name” is not used. MEG id
must be maximum 15 characters.

ICC/Domain Name: Depending on the format selected, enter ITU ICC or IEEE
Maintenance Domain Name.

MEG id: This is either ITU UMC (MEG ID value [7-13]) or IEEE Short MA Name
depending on “Format”.

MEP id: This value will become the transmitted two byte CCM MEP ID.

Tagged VID: This C-port tag is added to the OAM PDU and is only applicable to
port MEP.

MEP STATE

cLevel: Fault Cause indicating that a CCM is received with a lower level than the
configured for this MEP.

cMEG: Fault Cause indicating that a CCM is received with a MEG ID different from
configured for this MEP.

cMEP: Fault Cause indicating that a CCM is received with a MEP ID different from
all 'Peer MEP ID' configured for this MEP.

cAIS: Fault Cause indicating that AIS PDU is received.

cLCK: Fault Cause indicating that LCK PDU is received.

cSSF: Fault Cause indicating that server layer is indicating Signal Fail.

PowerFlow-2-10G Configuration 4-121

Chapter 4 Web Operation and Configuration Installation and Operation Manual

aBLK: The consequent action of blocking service frames in this flow is active.

aTSF: The consequent action of indicating Trail Signal Fail to-wards protection is
active.

Peer MEP Configuration

Click the “Add New Peer MEP” button to create a new entry.

Click the “Delete” button to remove an entry from the table.

Peer MEP ID: The peer MEP ID of the target MEP. This is used only when Unicast
Peer MAC is all zeros.

Unicast Peer MAC: The target switch or device’s unicast MAC address. You can
specify unicast MAC address in “xx-xx-xx-xx-xx-xx”, “xx.xx.xx.xx.xx.xx” or
“xxxxxxxxxxxx” format where x is a hexadecimal digit.

NOTE: When “Peer MEP ID” field is configured, the device can auto-negotiate the
neighboring device’s MAC address. Therefore, the user can set “Unicast Peer
MAC” field to all zeros “00-00-00-00-00-00” for initial configurations.

cLOC: Fault Cause indicating that no CCM has been received (in 3,5 periods) -
from this peer MEP

cRDI: Fault Cause indicating that a CCM is received with Remote Defect Indication
- from this peer MEP.

cPeriod: Fault Cause indicating that a CCM is received with a period different what
is configured for this MEP - from this peer MEP.

cPriority: Fault Cause indicating that a CCM is received with a priority different
what is configured for this MEP - from this peer MEP.

Functional Configuration

Continuity Check

Enable: Select the checkbox to enable Continuity Check that CCM PDU is
transmitted and received. The CCM PDU is always transmitted as Multicast Class 1.

4-122 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Priority: The priority to be inserted as PCP bits in TAG (if any).

Frame rate: Select the transmitting frame rate of CCM PDU.

APS Protocol

Enable: Select the checkbox to enable APS (Automatic Protection Switching)

protocol.

Priority: The priority to be inserted as PCP bits in TAG (if any).

Cast: Select whether APS PDU transmitted unicast or multicast. The unicast MAC
will be taken from the “Unicast Peer MAC” configuration. Unicast is only valid for
L-APS type. The R-APS PDU is always transmistted with multicast MAC described
in G.8032.

Type:
R-APS: APS PDU is transmitted as R-APS (this is for ERPS).

L-APS: APS PDU is transmitted as L-APS (this is for ELPS).

Last Octet: This is the last octet of the transmitted and expected RAPS multi-cast
MAC. In G.8031 (03/2010) a RAPS multi-cast MAC is defined as 01-19-A7-00-00-
XX. In current standard the value for this last octet is '01' and the usage of other
values is for further study.

Click the “Fault Management” button.

PowerFlow-2-10G Configuration 4-123

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Loop Back

Enable: Select the checkbox to enable Loop Back based on transmitting and
receiving LBM/LBR PDU. Loop Back is automatically disabled when all “To Send”
LBM PDU has been transmitted.

Dei: The DEI to be inserted as PCP bits in TAG (if any).

Priority: The priority to be inserted as PCP bits in TAG (if any).

Cast: Select LBM PDU to be transmitted as unicast or multicast. The unicast MAC
will be configured through 'Peer MEP' or 'Unicast Peer MAC'. To-wards MIP only
unicast Loop Back is possible.

Peer MEP: This is only used if the “Unicast MAC” is configured to all zero. The LBM
unicast MAC will be taken from the “Unicast Peer MAC” configuration of this peer.

Unicast MAC: This is only used if NOT configured to all zero. This will be used as
the LBM PDU unicast MAC. This is the only way to configure Loop Back to-wards a
MIP.

4-124 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

To Send: The number of LBM PDU to send in one loop test. The value 0 indicate
infinite transmission (test behaviour). This is HW based LBM/LBR and Requires VOE.

Size: The number of bytes in the LBM PDU Data Pattern TLV.

Interval: The interval between transmitting LBM PDU. In 10ms. in case 'To Send' !=
0 (max 100 - '0' is as fast as possible) In 1us. in case 'To Send' == 0 (max 10.000)".

Loop Back State

Transaction ID: The transaction ID of the first LBM transmitted. For each LBM
transmitted the transaction ID in the PDU is incremented.

Transmitted: The total number of LBM PDU transmitted.

Reply MAC: The MAC of the replying MEP/MIP. In case of multi-cast LBM, replies can
be received from all peer MEP in the group. This MAC is not shown in case of “To
Send”= 0.

Received: The total number of LBR PDU received from this “Reply MAC”.

Out of Order: The number of LBR PDU received from this “Reply MAC” with incorrect
“Transaction ID”.

Link Trace

Enable: Select the checkbox to enable Link Trace based on transmitting and
receiving LTM/LTR PDU. Link Trace is automatically disabled when all 5 transactions
are done with 5 sec. interval - waiting 5 sec. for all LTR in the end. The LTM PDU is
always transmitted as Multi-cast Class 2.

Priority: The priority to be inserted as PCP bits in TAG (if any).

Peer MEP: This is only used if the “Unicast MAC” is configured to all zero. The Link
Trace Target MAC will be taken from the “Unicast Peer MAC” configuration of this
peer.

Unicast MAC: This is only used if NOT configured to all zero. This will be used as
the Link Trace Target MAC. This is the only way to configure a MIP as Target MAC.

PowerFlow-2-10G Configuration 4-125

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Time To Live: This is the LTM PDU TTL value as described in Y.1731. This value is
decremented each time forwarded by a MIP. PDU will not be forwarded when the
TTL value reaches zero.

Link Trace State

Transaction ID: The transaction id is incremented for each LTM send. This value is
inserted the transmitted LTM PDU and is expected to be received in the LTR PDU.
Received LTR with wrong transaction id is ignored. There are five transactions in
one Link Trace activated.

Time To Live: This is the TTL value taken from the LTM received by the MIP/MEP
sending this LTR - decremented as if forwarded.

Mode: This indicates if it was a MEP/MIP sending this LTR.

Direction: This indicates if MEP/MIP sending this LTR is ingress or egress.

Relayed: This indicates if MEP/MIP sending this LTR has relayed or forwarded the
LTM.

Last MAC: The MAC identifying the last sender of the LBM causing this LTR -
initiating MEP or previous MIP forwarding.

Next MAC: The MAC identifying the next sender of the LBM causing this LTR - MIP
forwarding or terminating MEP.

Test Signal

Tx/Rx: Enable or disable test signal to send or receive TST PDU.

Dei: The DEI to be inserted as PCP bits in TAG (if any).

Priority: The priority to be inserted as PCP bits in TAG (if any).

Peer MEP: The TST frame destination MAC will be taken from the “Unicast Peer
MAC” configuration of this peer.

Rate: The TST frame transmission bit rate - in Mega bits pr. second. Limit on
Caracal is 400 Mbps. Limit on Serval is 1Gbps.

4-126 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Size: The TST frame size. This is entered as the wanted size (in bytes) of a un-
tagged frame containing TST OAM PDU - including CRC (four bytes).

Pattern: The 'empty' TST PDU has the size of 12 bytes. In order to achieve the
configured frame size a data TLV will be added with a pattern.

All Zero: Pattern will be 00000000

All One: Pattern will be 11111111

10101010: Pattern will be 10101010

Sequence Number: Enable the sequence number feature.

Test Signal State

TX frame count: The number of transmitted TST frames since last 'Clear'.

RX frame count: The number of received TST frames since last 'Clear'.

RX rate: The current received TST frame bit rate in 100 Kbps. This is calculated on
a 1 s. basis, starting when first TST frame is received after 'Clear'. The frame size
used for this calculation is the first received after 'Clear'

Test time: The number of seconds passed since first TST frame received after last
'Clear'.

Clear: This will clear all Test Signal State. Transmission of TST frame will be
restarted. Calculation of 'Rx frame count', 'RX rate' and 'Test time' will be started
when receiving first TST frame.

PowerFlow-2-10G Configuration 4-127

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Client Configuration

Domain: The domain of the client layer. It must be EVC.

Level: The client layer level which means that PDU transmitted in client layer flows
will be on this level.

Flow: Client layer flow instance numbers. It must only be configured in case of
Port MEP.

AIS

Enable: Enable or disable the insertion of AIS signal (AIS PDU transmission) in
client layer flows.

Priority: On Caracal this priority is used in sink direction (client layer). On Serval,
for each client EVC, the highest COS-ID (ECE Class) is used.

Frame Rate: Select the frame rate of AIS PDU. This is the inverse of transmission
period as described in Y.1731.

Protection: Select the checkbox to enable protection. This means that the first 3
AIS PDU is transmitted as fast as possible - in case of using this for protection in
the end point.

Lock

Enable: Enable or disable the insertion of LOCK signal (LCK PDU transmission) in
client layer flows.

Priority: The priority to be inserted in MEP source direction. On Caracal, this

priority is also used in sink direction (client layer). On Serval, for each client EVC,
the highest COS-ID (ECE Class) is used.

Frame Rate: Select the frame rate of LCK PDU. This is the inverse of transmission
period as described in Y.1731.

Click the “Performance Monitoring” button.

4-128 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Enable: When enabled, this MEP instance will contribute to the 'PM Data Set'
gathered by the PM Session.

Loss Measurement

Enable: Loss Measurement based on transmitting/receiving CCM or LMM/LMR PDU

can be enabled/disabled - see 'Ended'. This is only valid with one Peer MEP
configured.

Priority: The priority to be inserted as PCP bits in TAG (if any). In case of enable
of Continuity Check and Loss Measurement both implemented on SW based CCM,
'Priority' has to be the same.

Frame rate: Select the frame rate of CCM/LMM PDU. This is the inverse of
transmission period as described in Y.1731. Selecting 300f/sec or 100f/sec is not
valid. In case of enable of Continuity Check and Loss Measurement both
implemented on SW based CCM, 'Frame Rate' has to be the same.

Cast: Selection of CCM or LMM PDU transmitted unicast or multicast. The unicast
MAC will be taken from the 'Unicast Peer MAC' configuration. In case of enable of
Continuity Check and dual ended Loss Measurement both implemented on SW
based CCM, 'Cast' has to be the same.

Ended:

Single: Single ended Loss Measurement implemented on LMM/LMR.

PowerFlow-2-10G Configuration 4-129

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Dual: Dual ended Loss Measurement implemented on SW based CCM.

FLR Interval: This is the interval in seconds where the Frame Loss Ratio is
calculated.

Loss Measurement State

Near End Loss Count: The accumulated near end frame loss count - since last
'clear'.

Far End Loss Count: The accumulated far end frame loss count - since last 'clear'.

Near End Loss Ratio: The near end frame loss ratio calculated based on the near
end frame loss count and far end frame transmitted - in the latest 'FLR Interval'.
The result is given in percent.

Far End Loss Ratio: The far end frame loss ratio calculated based on the far end
frame loss count and near end frame transmitted - in the latest 'FLR Interval'. The
result is given in percent.

Clear: Set of this check and save will clear the accumulated counters and restart
ratio calculation.

Delay Measurement

Enable: Select the checkbox to enable Delay Measurement based on transmitting

1DM/DMM PDU. Delay Measurement based on receiving and handling 1DM/DMR
PDU is always enabled.

Priority: The priority to be inserted as PCP bits in TAG (if any).

Cast: Selection of 1DM/DMM PDU transmitted unicast or multicast. The unicast

MAC will be configured through 'Peer MEP'.

Peer MEP: This is only used if the 'Cast' is configured to Uni. The 1DM/DMR
unicast MAC will be taken from the 'Unicast Peer MAC' configuration of this peer.

Way: One-Way or Two-Way Delay Measurement implemented on 1DM or

DMM/DMR, respectively.

4-130 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Tx Mode:

Standardize: Y.1731 standardize way to transmit 1DM/DMR.

Proprietary: The proprietary way with follow-up packets to transmit

1DM/DMR.

Calc: This is only used if the 'Way' is configured to Two-way.

Round trip: The frame delay calculated by the transmitting and receiving
timestamps of initiators. Frame Delay = RxTimeb-TxTimeStampf

Flow: The frame delay calculated by the transmitting and receiving timestamps of
initiators and remotes. Frame Delay = (RxTimeb-TxTimeStampf)-(TxTimeStampb-
RxTimeStampf)

Gap: The gap between transmitting 1DM/DMM PDU in 10ms. The range is 10 to
65535.

Count: The number of last records to calculate. The range is 10 to 2000.

Unit: The time resolution.

D2forD1: Enable to use DMM/DMR packet to calculate one-way DM. If the option
is enabled, the following action will be taken. When DMR is received, two-way delay
(roundtrip or flow) and both near-end-to-far-end and far-end-to-near-end one-
way delay are calculated. When DMM or 1DM is received, only far-end-to-near-end
one-way delay is calculated.

Counter Overflow Action: The action to counter when overflow happens.

Delay Measurement State

PowerFlow-2-10G Configuration 4-131

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Tx: The accumulated transmit count - since last 'clear'.

Rx Timeout: The accumulated receive timeout count for two-way only - since last
'clear'.

Rx: The accumulated receive count - since last 'clear'.

Rx Error: The accumulated receive error count - since last 'clear'. The frame delay
is larger than 1 second (timeout).

Average Total: The average delay - since last 'clear'. The unit is microsecond.

Average last N: The average delay of the last n packets - since last 'clear'. The
unit is microsecond.

Average Variation Total: The average delay variation - since last 'clear'. The unit is
microsecond.

Average Variation last N: The average delay variation of the last n packets - since
last 'clear'. The unit is microsecond.

Min.: The minimum delay - since last 'clear'. The unit is microsecond.

Max.: The maximum delay - since last 'clear'. The unit is microsecond.

Overflow: The number of counter overflow - since last 'clear'.

Clear: Click the checkbox and save this setting will clear the accumulated
counters.

4-132 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.5.5 ERPS (G.8032)

Ethernet Ring Protection Switching (ERPS), defined in ITU-T G8032, implements
protection switching mechanism for Ethernet traffic in a ring topology. By
performing ERPS function, potential loops in a network can be avoided by
blocking traffic to flow to ring protection link (RPL) so as to protect the entire
Ethernet ring.

In a ring topology that runs ERPS, only one switch is assigned as an owner that is
responsible for blocking traffic in RPL so as to avoid loops. The switch adjacent to
the RPL owner is called RPL neighbor node that is responsible for blocking its end
of the RPL under normal condition. Other participating switches adjacent to RPL
owner or neighbor in a ring are members or RPL next-neighbor nodes to this
topology and normally forward receive traffic.

Nodes on the ring periodically use control messages called Ring Automatic
Protection Switching message to ensure that a ring is up and loop-free. Once RPL
owner misses poll packets or learns from fault detection packets, RPL owner
detects signal failure (SF) in a ring. Upon learning of a fault, the RPL owner
unblocks ring protection link (RPL) allowing protected VLAN traffic through.

ERPS, like STP, provides a loop-free network by using polling packets to detect
faults. However, when a fault occurs, ERPS heals itself by sending traffic over a
protected reverse path instead of making a calculation to find out the forwarding
path. Because of this fault detection mechanism, ERPS can converge in less than
50 milliseconds and recover quickly to forward traffic.

ERPS ID: Specify an ID for this group.

Port 0: Port 0 is also known as E port (East port) which is used by some of the
other vendors. Specify the east port of the switch in the ring.

Port 1: Port 1 is also known as W port (West port) which is used by some of the
other vendors. When this port is interconnected with the other sub-ring, “0” is
used in this field to indicate that no west port is associated with this instance.
Specify the west port of the switch in the ring.

Port 0 APS MEP: Specify the East APS PDU handling MEP.

PowerFlow-2-10G Configuration 4-133

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Port 1 APS MEP: Specify the West APS PDU handling MEP. When interconnected
with the other sub-ring, “0” is used in this field to indicate that no west APS MEP
is associated with this instance.

Port 0 SF MEP: This is also known as East Signal Fail APS MEP. Assign the East Signal
Fail reporting MEP in this field.

Port 1 SF MEP: This is also known as West Signal Fail APS MEP. When
interconnected with the other sub-ring, “0” is used in this field to indicate that no
west SF MEP is associated with this instance. Assign the West Signal Fail reporting
MEP in this field.

Ring Type: Select the type of protection ring which can be either “major” ring or
“sub” ring.

Interconnected Node: Select the checkbox to indicate that this is an interconnected

node for this instance. Leave this checkbox unchecked if the configured instance
is not interconnected.

Virtual Channel: Sub rings can either have virtual channel or not on the
interconnected node. Select the checkbox if this instance is an interconnected
node with virtual channel. Leave this checkbox unchecked if sub ring does not have
virtual channel.

Major Ring ID: This field is used for an interconnected sub ring for sending topology
change updates on major ring. If ring is set to major, this value is same as the
protection group ID of this ring.

Alarm: When settings are complete, then the switch will show an alarm status on
the ERPS.

Click the “Add New Protection Group” button to create a new entry.

Click the “Delete” button to remove a new entry.

Click “Save” to save changes.

Click “Reset” to undo any changes made locally and restore changes to previously
saved (default) values.

Click “Refresh” to manually refresh ERPS information.

4-134 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.6 IPMC Profile

The "IPMC Profile" includes the following two sub menus.

4.3.6.1 Profile Table

IPMC Profile Configuration

Global Profile Mode: Enable or disable IPMC Profile feature globally.

IPMC Profile Table Setting

Profile Name: Enter a name for this profile.

Profile Description: Enter a brief description for this profile.

Click the "Add New IPMC Profile" to insert a new entry to the table.

Select the "Delete" checkbox to delete an entry.

Click the "e" button to edit this profile's detailed settings.

PowerFlow-2-10G Configuration 4-135

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Profile Name & Index: Display the profile name and index.

Entry Name: The name used in specifying the address range. Only the existing
profile address entries are selectable in the drop-down menu.

Address Range: Specify the multicast IP range. The available IP range is from
224.0.0.0~239.255.255.255

Action: Select the action taken upon receiving the Join/Report frame that has the
group address matches the address range of the rule.

Permit: Group address matches the range specified in the rule will be learned.

Deny: Group address matches the range specified in the rule will be dropped.

Log: Select the logging preference receiving the Join/Report frame that has the
group address matches the address range of the rule.

Enable: Corresponding information of the group address, that matches the range
specified in the rule, will be logged.

Disable: Corresponding information of the group address, that matches the range
specified in the rule, will not be logged.

You can manage rules and the corresponding precedence order by using the following
buttons:

: Insert a new rule before the current entry of rule.

: Delete the current entry of rule.
: Moves the current entry of rule up in the list.
: Moves the current entry of rule down in the list.

4.3.6.2 Address Entry

4-136 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Entry Name: Enter a name which is used for indexing the address entry table.

Start Address: Enter the starting IPv4 or IPv6 multicast address used in this address
range.

End Address: Enter the ending IPv4 or IPv6 multicast address used in this address
range.

Click the "Add new Address (Range) Entry" button to insert a new entry.

Select the "Delete" checkbox to delete an entry during the next save.

4.3.7 MVR
Multicast VLAN Registration protocol (MVR) allows a media server to transmit
multicast stream in a single multicast VLAN when clients receiving multicast VLAN
stream can reside in different VLANs. Clients in different VLANs intend to join or
leave the multicast group simply by sending the IGMP Join or Leave message to a
receiver port. The receiver port that belongs to one of the multicast groups can
receive multicast stream from the media server.

MVR further isolates users who are not intended to receive multicast traffic and
hence provide data security by VLAN segregation that allows only multicast traffic
into other VLANs to which the subscribers belong. Even though common multicast
streams are passed onto different VLAN groups from the MVR VLAN, users in
different IEEE 802.1Q or private VLANs cannot exchange any information (except
through upper-level routing services).

PowerFlow-2-10G Configuration 4-137

Chapter 4 Web Operation and Configuration Installation and Operation Manual

4.3.7.1 Configuration

MVR Configurations

MVR Mode: Enable or disable MVR feature globally on this device. Any multicast
data from source ports will be sent to associated receiver ports registered in the
table. By default, MVR feature is turned off.

VLAN Interface Setting

MVR ID: Specify multicast VLAN ID. Please note that MVR source ports are not
recommended to be used as management VLAN ports. MVR source ports should
be configured as members of the MVR VLAN, but MVR receiver ports should not
be manually configured as members of this VLAN.

MVR Name: Optionally specify a user-defined name for this multicast VLAN. The
maximum length of the MVR name string is 32. Both alphabets and numbers are
allowed for use.

IGMP Address: Specify the IPv4 unicast address as source address used in IP header
for IGMP control frames.

Mode: Two MVR operation modes are provided.

4-138 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Dynamic: MVR allows dynamic MVR membership reports on source ports. (This
is the default mode.)

Compatible: MVR membership reports are forbidden on source ports.

Tagging: Specify whether IGMP/MLD control frames will be sent tagged with MVR
VID or untagged.

Priority: Specify the priority for transmitting IGMP/MLD control frames. By default,
priority is set to 0. Allowed priority values is 0 -7.

LLQI: LLQI stands for Last Listener Query Interval and is to configure the maximum
time to wait for IGMP/MLD report memberships on a receiver port before removing
the port from multicast group membership. By default, LLQI is set to 5 tenths of a
second (0.5 second). The allowed range is 0 – 31744 tenths of a second.

Interface Channel Profile: Select an IPMC profile from the drop-down menu. Click
the button to view a summary about the selected IPMC profile settings.

Port Role: Click the Port Role symbol to change the role status.

Inactive (I): By default, all ports are set to inactive. Inactive ports do not
participate in MVR operations.

Source (S): Set a port (uplink ports) to source port. Source ports will receive and
send multicast data. Subscribers can not directly be connected to source ports.
Please also note that source ports cannot be management ports at the same
time.

Receiver (R): Set a port to receiver port. Client or subscriber ports are configured
to receiver ports so that they can issue IGMP/MLD messages to receive multicast
data.

Immediate Leave Setting

Port: The port number. “Port *” rule applies to all ports.

Immediate Leave: Enable for disable immediate leave function. When enabled, the
device immediately removes a port from a multicast stream as soon as it receives
leave message for that group. This option only applies to an interface configured
as MVR receivers.

PowerFlow-2-10G Configuration 4-139

Chapter 4 Web Operation and Configuration Installation and Operation Manual

4.3.7.2 MVR Statistics

This page displays MVR statistics information on queries, joins, reports and leaves
messages.

VLAN ID: Display VLAN ID that is used for processing multicast traffic.

IGMP/MLD Queries Received: The number of received queries for IGMP and MLD.

IGMP/MLD Queries Transmitted: The number of transmitted queries for IGMP/MLD.

IGMPv1 Joins Received: The number of IGMPv1 received joins

IGMPv2/MLDv1 Reports Received: The number of IGMPv2 and MLDv1 received

reports.

IGMPv3/MLDv2 Reports Received: The number of IGMPv3 and MLDv2 received

reports.

IGMPv2/MLDv1 Leaves Received: The number of IGMPv2 and MLDv1 received leaves.

4.3.7.3 MVR Channel Groups

Start from VLAN ____ and Group Address _______ with 20 entries per page.

This table displays MVR channels (groups) information and is sorted by VLAN ID.

4-140 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

VLAN ID: VLAN ID of the group.

Groups: Group ID

Port Members: Ports that belong to this group.

4.3.7.4 MVR SFM Information

VLAN ID: VLAN ID of the group.

Group: The group address.

Port: Switch port number.

Mode: Indicates the filtering mode maintained per (VLAN ID, port number, Group
Address) basis. It can be either Include or Exclude.

Source Address: The source IP Address. Currently, the system limits the total
number of source IP addresses for filtering to be 128. When there is no source
filtering address, "None" is shown in the Source Address field.

Type: Indicates the Type. It can be either Allow or Deny.

Hardware Filter/Switch: Indicate whether data plane destined to the specific group
address from the source IPv4/IPv6 address could be handled by chip or not.

4.3.8 IPMC
The “IPMC” menu includes IGMP Snooping and MLD Snooping sub menu. Select
the appropriate menu to set up detailed configurations.

PowerFlow-2-10G Configuration 4-141

Chapter 4 Web Operation and Configuration Installation and Operation Manual

4.3.8.1 IGMP Snooping

The Internet Group Management Protocol (IGMP) is a communications protocol
used to manage the membership of Internet Protocol multicast groups. IGMP is
used by IP hosts and adjacent multicast routers to establish multicast group
memberships. It can be used more efficiently when supporting activities, such as,
online streaming video and gaming.

IGMP Snooping is the process of listening to IGMP traffic. IGMP snooping, as

implied by the name, is a feature that allows the switch to “listen in” on the IGMP
conversation between hosts and routers by processing the layer 3 packets that
IGMP packets sent in a multicast network.

When IGMP snooping is enabled in a switch, it analyses all the IGMP packets
between hosts connected to the switch and multicast routers in the network.
When a switch receives an IGMP report for a given multicast group from a host,
the switch adds the host's port number to the multicast list for that group. When
the switch hears an IGMP Leave, it removes the host's port from the table entry.

IGMP snooping can reduce multicast traffic from streaming and other bandwidth
intensive IP applications more effectively. A switch using IGMP snooping will only
forward multicast traffic to the hosts in that traffic. This reduction of multicast
traffic reduces the packet processing at the switch (at the cost of needing
additional memory to handle the multicast tables) and also decreases the
workload at the end hosts since their network cards (or operating system) will
not receive and filter all the multicast traffic generated in the network.

4-142 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.8.1.1 Basic Configuration

Global Configuration

Snooping Enabled: Select the checkbox to globally enable IGMP Snooping feature.
When enabled, this device will monitor network traffic and determine which hosts
will receive multicast traffic. The switch can passively monitor or snoop on IGMP
Query and Report packets transferred between IP multicast routers and IP multicast
service subscribers to identify the multicast group members. The switch simply
monitors the IGMP packets passing through it, picks out the group registration
information and configures the multicast filters accordingly.

Unregistered IPMCv4 Flooding Enabled: Set forwarding mode for unregistered (not-
joined) IP multicast traffic. Select the checkbox to flood traffic.

IGMP SSM Range: SSM (Source-Specific Multicast) Range allows the SSM-aware
hosts and routers run the SSM service model for the groups in the address range.

Leave Proxy Enabled: Suppresses leave messages unless received from the last
member port in the group. IGMP leave proxy suppresses all unnecessary IGMP leave
messages so that a non-querier switch forwards an IGMP leave packet only when
the last dynamic member port leaves a multicast group.

Proxy Enabled: When enabled, the switch performs like “IGMP Snooping with
Proxy Reporting” (as defined in DSL Forum TR-101, April 2006).

PowerFlow-2-10G Configuration 4-143

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Port Related Configuration

Port: The port number.

Router Port: Tick the checkbox on a given port to assign it as a router port. If IGMP
snooping cannot locate the IGMP querier, you can manually designate a port which
is connected to a known IGMP querier (i.e., a multicast router/switch). This
interface will then join all the current multicast groups supported by the attached
router/switch to ensure that multicast traffic is passed to all appropriate interfaces
within the switch.

Fast Leave: Enable fast leave function if the checkbox is ticked. When a leave packet
is received, the switch immediately removes it from a multicast service without
sending an IGMP group-specific (GS) query to that interface.

Throttling: This field limits the maximum number of multicast groups that a port
can join at the same time. When the maximum number is reached on a port, any
new IGMP join reports will be dropped. By default, unlimited is selected. Other
allowed options are 1 – 10

4.3.8.1.2 VLAN Configuration

This page is used to configure IGMP Snooping for an interface.

Click the “Add New IGMP VLAN” button to add a new entry.

VLAN ID: Specify VLAN ID for IGMP snooping.

Snooping Enabled: Select the checkbox to enable snooping feature on an interface

basis. When enabled, the switch will monitor network traffic on the specified
interface to determine which hosts want to receive multicast services. If IGMP
snooping is enabled globally and an interface’s IGMP snooping is enabled on an
interface, IGMP snooping on an interface will take precedence. When disabled,
snooping can still be configured on an interface. However, settings will only take
effect until IGMP snooping is enabled globally.

4-144 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Querier Election: Enable to join querier election in the VLAN. When disabled, it will
act as an IGMP non-querier.

Querier Address: Specify the IPv4 unicast source address used in IP header for IGMP
querier election. When the field is not specified, the switch uses the first available
IPv4 management address of the IP interface associated with this VLAN.

Compatibility: This configures how hosts and routers take actions within a network
depending on IGMP version selected. Available options are “IGMP-Auto”, “Forced
IGMPv1”, “Forced IGMPv2”, “Forced IGMPv3”. By default, IGMP-Auto is used.

PRI: Select the priority of interface. This field indicates the IGMP control frame
priority level generated by the system which is used to prioritize different classes
of traffic. The allowed range is 0 (best effort) to 7 (highest). By default, interface
priority value is set to 0.

RV: The robustness variable (RV) allows tuning for the expected packet loss on a
subnet. If a subnet is susceptible to packet loss, this value can be increased. The
RV value must not be zero and should not be one. The value should be 2 or greater.
By default, it is set to 2.

QI (sec): The Query Interval is the interval between IGMP General Query messages
sent by the Querier. The default Querier Interval is 125 seconds.

QRI: The Query Response Interval is the maximum amount of time that the IGMP
router waits to receive a response to a General Query message. The QRI applies
when the switch is acting as the querier and is used to inform other devices of the
maximum time this system waits for a response to general queries. By default, RQI
is set to 10 seconds. The allowed range is 10 – 31744 tenths of a second.

LLQI: The Last Listener Query Interval sets the interval that waits for a response to
a group-specific or group-and-source specific query message.

URI: The Unsolicited Report Interval is the amount of time that the upstream
interface should transmit unsolicited IGMP reports when report suppression/proxy
reporting is enabled. By default, URI is set to 1 second. The allowed range for URI
is 0 -31744 seconds.

4.3.8.1.3 Port Filtering Profile

The Port Filtering Configuration page is to filter specific multicast traffic on a per
port basis. Before you select a filtering profile for filtering purposes, you must set
up profiles in IPMC Profile page.

PowerFlow-2-10G Configuration 4-145

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Port: The port number.

Filtering Profile: Select the configured multicast groups that are denied on a port.
When a certain multicast group is selected on a port, IGMP join reports received on
a port are dropped.

: Click the summary button to view details of the selected IPMC profile.

4.3.8.1.4 IGMP Snooping Status

4-146 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Statistics

VLAN ID: The VLAN ID of this entry.

Querier Version: The current working Querier version.

Host Version: The current host version.

Querier Status: Show the Querier status that is either "ACTIVE" or "IDLE".
"DISABLE" denotes the specific interface is administratively disabled.

Queries Transmitted: The number of queries transmitted.

Queries Received: The number of queries received.

V1 Reports Received: The number of Received V1 Reports.

V2 Reports Received: The number of Received V2 Reports.

V3 Reports Received: The number of Received V3 Reports.

V2 Leaves Received: The number of Received V2 Leaves.

Router Port

Port: The port number.

Status: Indicate whether a specific port is a router port or not.

4.3.8.1.5 Grops Information

PowerFlow-2-10G Configuration 4-147

Chapter 4 Web Operation and Configuration Installation and Operation Manual

VLAN ID: Display the VLAN ID of the group.

Groups: Display the group address.

Port Members: Ports that belong to this group.

NOTE: The maximum number of IGMP Snooping groups can be learned is 32.

4.3.8.1.6 IPv4 SFM Information

VLAN ID: Display the VLAN ID of the group.

Groups: Display the IP address of a multicast group.

Port: The switch port number.

Mode: The filtering mode maintained per VLAN ID, port number and group address.

Source Address: The source IP address available for filtering.

Type: Display either Allow or Deny type.

Hardware Filter/Switch: Indicates whether the data plane destined to the specific
group address from the source IPv4 address can be handled by the chip or not.

4.3.8.2 MLD Snooping

Multicast Listener Discovery (MLD) snooping, similar to IGMP snooping for IPv4,
operates on IPv6 for multicast traffic. In other words, MLD snooping configures
ports to limit or control IPv6 multicast traffic so that multicast traffic is forwarded
to ports (or users) who want to receive it. In this way, MLD snooping can reduce
the flooding of IPV6 multicast packets in the specified VLANs. Please note that
IGMP Snooping and MLD Snooping are independent of each other. They can both
be enabled and function at the same time.

4-148 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.8.2.1 Basic Configuration

Global Configuration

Snooping Enabled: Select the checkbox to globally enable MLD Snooping feature.
When enabled, this device will monitor network traffic and determine which hosts
would like to receive multicast traffic. The switch can passively monitor or snoop
on MLD Listener Query and Report packets transferred between IP multicast
routers and IP multicast service subscribers to identify the multicast group
members. The switch simply monitors the IGMP packets passing through it, picks
out the group registration information and configures the multicast filters
accordingly.

Unregistered IPMCv6 Flooding Enabled: Set forwarding mode for unregistered

(not-joined) IP multicast traffic. Select the checkbox to flood traffic.

MLD SSM Range: SSM (Source-Specific Multicast) Range allows the SSM-aware
hosts and routers run the SSM service model for the groups in the address range.

Leave Proxy Enabled: To prevent multicast router from becoming overloaded with
leave messages, MLD snooping suppresses leave messages unless received from
the last member port in the group. When the switch acts as the querier, the leave
proxy feature will not function.

Proxy Enabled: When MLD proxy is enabled, the switch exchanges MLD messages
with the router on its upstream interface, and performs the host portion of the
MLD task on the upstream interface as follows:
• When queried, it sends multicast listener reports to the group.

PowerFlow-2-10G Configuration 4-149

Chapter 4 Web Operation and Configuration Installation and Operation Manual

• When a host joins a multicast group to which no other host belongs, it sends
unsolicited multicast listener reports to that group.
• When the last host in a particular multicast group leaves, it sends an
unsolicited multicast listener done report to the all-routers address (FF02::2)
for MLDv1.

Port Related Configuration

Port: The port number.

Router Port: Tick the checkbox on a given port to assign it as a router port. If
MLD snooping cannot locate the MLD querier, you can manually designate a port
which is connected to a known MLD querier (i.e., a multicast router/switch). This
interface will then join all the current multicast groups supported by the attached
router/switch to ensure that multicast traffic is passed to all appropriate
interfaces within the switch.

Fast Leave: Enable fast leave function if the checkbox is ticked. When a leave packet
is received, the switch immediately removes it from a multicast service without
sending a MLD group-specific (GS) query to that interface.

Throttling: This field limits the maximum number of multicast groups that a port
can join at the same time. When the maximum number is reached on a port, any
new MLD join reports will be dropped. By default, unlimited is selected. Other
allowed options are 1 – 10.

4.3.8.2.2 VLAN Configuration

This page is used to configure MLD Snooping for an interface.

VLAN ID: Specify VLAN ID for MLD snooping.

Snooping Enabled: Select the checkbox to enable snooping feature on an interface

basis. When enabled, the switch will monitor network traffic on the specified
interface to determine which hosts want to receive multicast services.

4-150 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Querier Election: Enable to join querier election in the VLAN. When enabled, the
switch can serve as the MLDv2 querier in the bidding process with other competing
multicast routers or switches. Once it becomes querier, it will be responsible for
asking hosts periodically if they want to receive multicast traffic. When disabled, it
will act as an IGMP non-querier.

Compatibility: This configures how hosts and routers take actions within a network
depending on MLD version selected. Available options are “MLD-Auto”, “Forced
MLDv1”and “Forced MLDv2”. By default, MLD-Auto is used.

PRI: Select the priority of interface. This field indicates the MLD control frame
priority level generated by the system which is used to prioritize different classes
of traffic. The allowed range is 0 (best effort) to 7 (highest). By default, interface
priority value is set to 0.

RV: The robustness variable (RV) allows tuning for the expected packet loss on a
subnet. If a subnet is susceptible to packet loss, this value can be increased. The
RV value must not be zero and should not be one. The value should be 2 or greater.
By default, it is set to 2. The allowed range is 1 -255.

QI (sec): The Query Interval is the interval between IGMP General Query messages
sent by the Querier. The default Querier Interval is 125 seconds. The allowed
interval range is 1 – 255 seconds.

QRI: The Query Response Interval is the maximum amount of time that the IGMP
router waits to receive a response to a General Query message. The QRI applies
when the switch is acting as the querier and is used to inform other devices of the
maximum time this system waits for a response to general queries. By default, RQI
is set to 10 seconds. The allowed range is 10 – 31744 tenths of a second.

LLQI: The Last Listener Query Interval sets the interval that waits for a response to
a group-specific or group-and-source specific query message.

URI: The Unsolicited Report Interval is the amount of time that the upstream
interface should transmit unsolicited IGMP reports when report suppression/proxy
reporting is enabled. By default, URI is set to 1 second. The allowed range for URI
is 0 -31744 seconds.

Click the “Add New MLD VLAN” button to add a new entry.

4.3.8.2.3 Port Filtering Profile

The Port Filtering Configuration page is to filter specific multicast traffic on a per
port basis. Before you select a filtering profile for filtering purposes, you must set
up profiles in IPMC Profile page.

PowerFlow-2-10G Configuration 4-151

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Port: List the number of each port.

Filtering Profile: Select the configured multicast groups that are denied on a port.
When a certain multicast group is selected on a port, MLD join reports received on
a port are dropped.

: Click the summary button to view details of the selected IPMC profile.

4.3.8.2.4 MLD Snooping Status

4-152 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Statistics

VLAN ID: The VLAN ID of this entry.

Querier Version: The current working Querier version.

Host Version: The current host version.

Querier Status: Show the Querier status that is either "ACTIVE" or "IDLE".
"DISABLE" denotes the specific interface is administratively disabled.

Queries Transmitted: The number of queries transmitted.

Queries Received: The number of queries received.

V1 Reports Received: The number of Received V1 Reports.

V2 Reports Received: The number of Received V2 Reports.

V2 Leaves Received: The number of Received V2 Leaves.

Router Port

Port: The port number.

Status: Indicate whether a specific port is a router port or not.

4.3.8.2.5 Groups Information

PowerFlow-2-10G Configuration 4-153

Chapter 4 Web Operation and Configuration Installation and Operation Manual

VLAN ID: Display the VLAN ID of the group.

Groups: Display the group address.

Port Members: Ports that belong to this group.

NOTE: The maximum number of MLD Snooping groups can be learned is 32.

4.3.8.2.6 IPv6 SFM Information

VLAN ID: Display the VLAN ID of the group.

Group: Display the IP address of a multicast group.

Port: The switch port number.

Mode: The filtering mode maintained per VLAN ID, port number and group address.

Source Address: The source IP address available for filtering.

Type: Display either Allow or Deny type.

Hardware Filter/Switch: Indicates whether the data plane destined to the specific
group address from the source IPv4 address can be handled by the chip or not.

4-154 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.9 LLDP
LLDP (Link Layer Discovery Protocol) runs over data link layer which is used for
network devices to send information about themselves to other directly connected
devices on the network. By using LLDP, two devices running different network layer
protocols can learn information about each other. A set of attributes referred to
TLVs are used to discover neighbour devices. Details such as port description,
system name, system description, system capabilities, management address can
be sent and received on this device.

The “LLDP” menu contains the following sub menus. Select the appropriate menu
to set up detailed configurations.

4.3.9.1 LLDP Configuration

LLDP Parameters

Tx Interval: Specify the interval between LLDP frames are sent to its neighbors for
updated discovery information. The valid values are 5 - 32768 seconds. The default
is 30 seconds.

Tx Hold: This setting defines how long LLDP frames are considered valid and is used
to compute the TTL. Valid range is 2~10 times. The default is 4.

PowerFlow-2-10G Configuration 4-155

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Tx Delay: Specify a delay between the LLDP frames that contain changed
configurations. Tx Delay cannot be larger than 1/4 of the Tx interval value. The valid
values are 1 - 8192 seconds.

Tx Reinit: Specify a delay between the shutdown frame and a new LLDP
initialization. The valid values are 1 - 10 seconds.

LLDP Port Configuration

Port: The port number. “Port *” settings apply to all ports.

Mode: Select the appropriate LLDP mode.

Disabled: LLDP information will not be sent and LLDP information received from
neighbours will be dropped.

Enabled: LLDP information will be sent and LLDP information received from
neighbours will be analyzed.

Rx Only: The switch will analyze LLDP information received from neighbours.

Tx Only: The switch will send out LLDP information but will drop LLDP
information received from neighbours.

CDP Aware: CDP aware operation is used to decode incoming CDP (Cisco Discovery
Protocol) frames. If enabled, CDP TLVs that can be mapped into a corresponding
field in the LLDP neighbors table are decoded, all others are discarded. CDP TLVs
are mapped into LLDP neighbors table as shown below:

Optional TLVs: LLDP uses several attributes to discover neighbour devices. These
attributes contains type, length, and value descriptions and are referred to TLVs.
Details such as port description, system name, system description, system
capabilities, management address can be sent from this device. Uncheck the boxes
if they are not appropriate to be known by other neighbour devices.

4.3.9.2 LLDP-MED
LLDP for Media Endpoint Devices (LLDP-MED) is an extension to LLDP that operates
between endpoint devices such as IP phones and network devices such as switches.
It specifically provides support for voice over IP (VoIP) applications and provides
additional TLVs for capabilities discovery, network policy, Power over Ethernet,
inventory management and location information.

4-156 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Fast Start Repeat Count

Fast Start Repeat Count: Rapid startup and Emergency Call Service Location
Identification Discovery of endpoints is a critically important aspect of VoIP systems
in general. In addition, it is best to advertise only those pieces of information which
are specifically relevant to particular endpoint types (for example only advertise
the voice network policy to permitted voice-capable devices), both in order to
conserve the limited LLDPU space and to reduce security and system integrity
issues that can come with inappropriate knowledge of the network policy. With
this in mind, LLDP-MED defines an LLDP-MED Fast Start interaction between the
protocol and the application layers on top of the protocol, in order to achieve these
related properties. With Fast start repeat count it is possible to specify the number
of times the fast start transmission is repeated. The recommended value is 4 times,
giving that 4 LLDP frames with a 1 second interval will be transmitted, when a LLDP
frame with new information is received. It should be noted that LLDP-MED and the
LLDP-MED Fast Start mechanism is only intended to run on links between LLDP-
MED Network Connectivity Devices and Endpoint Devices, and as such does not
apply to links between LAN infrastructure elements, including between Network
Connectivity Devices, or to other types of links.

Coordinates Location

Latitude: Latitude SHOULD be normalized to within 0-90 degrees with a maximum

of 4 digits. It is possible to specify the direction to either North of the equator
or South of the equator.

Longitude: Longitude SHOULD be normalized to within 0-180 degrees with a

maximum of 4 digits. It is possible to specify the direction to either East of the
prime meridian or West of the prime meridian.

PowerFlow-2-10G Configuration 4-157

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Altitude: Altitude SHOULD be normalized to within -32767 to 32767 with a

maximum of 4 digits. It is possible to select between two altitude types (floors or
meters).

Meters: Representing meters of Altitude defined by the vertical datum

specified.

Floors: Representing altitude in a form more relevant in buildings which have

different floor-to-floor dimensions. An altitude = 0.0 is meaningful even outside a
building, and represents ground level at the given latitude and longitude. Inside a
building, 0.0 represents the floor level associated with ground level at the main
entrance.

Map Datum: The Map Datum is used for the coordinates given in these options:

WGS84: (Geographical 3D) - World Geodesic System 1984, CRS Code 4327,
Prime Meridian Name: Greenwich.

NAD83/NAVD88: North American Datum 1983, CRS Code 4269, Prime Meridian
Name: Greenwich; The associated vertical datum is the North American Vertical
Datum of 1988 (NAVD88). This datum pair is to be used when referencing
locations on land, not near tidal water (which would use Datum = NAD83/MLLW).

NAD83/MLLW: North American Datum 1983, CRS Code 4269, Prime Meridian
Name: Greenwich; The associated vertical datum is Mean Lower Low Water
(MLLW). This datum pair is to be used when referencing locations on
water/sea/ocean.

Civic Address Location

IETF Geopriv Civic Address based Location Configuration Information (Civic

Address LCI).

Country Code: The two-letter ISO 3166 country code in capital ASCII letters -
Example: DK, DE or US.

State: National subdivisions (state, canton, region, province, prefecture).

County: County, parish, gun (Japan), district.

City: City, township, shi (Japan) - Example: Copenhagen.

4-158 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

City District: City division, borough, city district, ward, chou (Japan).

Block (Neighbourhood): Neighbourhood, block.

Street: Street - Example: Poppelvej.

Leading street direction: Example: N.

Trailing street suffix: Example: SW.

Street suffix: Example: Ave, Platz.

House no.: Example: 21.

House no. suffix: Example: A, 1/2.

Landmark: Landmark or vanity address - Example: Columbia University.

Additional location info: Example: South Wing.

Name: Name (residence and office occupant): Example: Flemming Jahn.

Zip code: Postal/zip code - Example: 2791.

Building: Building (structure). Example: Low Library.

Apartment: Unit (Apartment, suite). Example: Apt 42.

Floor: Example: 4.

Room no.: Room number - Example: 450F.

Place type: Example: Office.

Postal community name: Example: Leonia.

P.O. Box: Example: 12345.

PowerFlow-2-10G Configuration 4-159

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Additional code: Example: 1320300003.

Emergency Call Service

Emergency Call Service: Emergency Call Service (e.g. E911 and others), such as
defined by TIA or NENA.

Policies

Policy ID: Specify the ID for this policy.

Application Type: The application types include “Voice”, “Voice Signalling”, “Guest
Voice”, “Guest Voice Signalling”, “Softphone Voice”, “Video Conferencing”,
“Streaming”, “Video Signalling”.

Tag: Tag indicating whether the specified application type is using a “tagged” or an
“untagged” VLAN.

VLAN ID: Specify the VLAN ID for the port.

L2 Priority: Specify one of eight priority levels (0-7) as defined by 802.1D-2004.

DSCP: Specify one of 64 code point values (0-63) as defined in IETF RFC 2474.

4.3.9.3 Neighbours

Local Port: The local port that a remote LLDP-capable device is attached.

Chassis ID: An ID indicating the particular chassis in this system.

Port ID: A remote port ID that LDPDUs were transmitted.

4-160 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Port Description: A remote port's description.

System Name: The system name assigned to the remote system.

System Capabilities: This shows the neighbour unit’s capabilities. When a

capability is enabled, the capability is followed by (+). If disabled, the capability is
followed by (-).

Management Address: The IPv4 address of the remote device. If no management

address is available, the address should be the MAC address for the CPU or for the
port sending this advertisement. If the neighbor device allows management access,
clicking on an entry in this field will re-direct the web browser to the neighbor’s
management interface.

4.3.9.4 LLDP-MED Neighbours

This page displays information about LLDP-MED neighbours detected on the

network.

PowerFlow-2-10G Configuration 4-161

Chapter 4 Web Operation and Configuration Installation and Operation Manual

4.3.9.5 Port Statistics

Global Counters

Total Neighbours Entries Added: Shows the number of new entries added since
the switch was rebooted, and for which the remote TTL has not yet expired.

Total Neighbors Entries Deleted: The number of LLDP neighbors which have been
removed from the LLDP remote systems MIB for any reason.

Total Neighbors Entries Dropped: The number of times which the remote
database on this switch dropped an LLDPDU because the entry table was full.

Total Neighbors Entries Aged Out: The number of times that a neighbor’s
information has been deleted from the LLDP remote systems MIB because the
remote TTL timer has expired.

LLDP Statistics Local Counters

Local Port: The port number.

Tx Frames: The number of LLDP PDUs transmitted.

Rx Frames: The number of LLDP PDUs received.

4-162 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Rx Errors: The number of received LLDP frames with some kind of error.

Frames Discarded: The number of frames discarded because they did not conform
to the general validation rules as well as any specific usage rules defined for the
particular Type Length Value (TLV).

TLVs Discarded: Each LLDP frame can contain multiple pieces of information, known
as TLVs. If a TLV is malformed, it is counted and discarded.

TLVs Unrecognized: The number of well-formed TLVs, but with an unknown type
value.

Org. Discarded: The number of organizational TLVs discarded.

Age-Outs: Each LLDP frame contains information about how long the LLDP
information is valid (age-out time). If no new LLDP frame is received within the
age-out time, the LLDP information is removed, and the Age-Out counter is
incremented.

4.3.10 MAC Table

4.3.10.1 Configuration

Aging Configuration

Disable Automatic Aging: Learned MAC addresses will appear in the table
permanently.

PowerFlow-2-10G Configuration 4-163

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Aging Time: Set up the aging time for a learned MAC to be appeared in MAC learning
table. The allowed range is 10 to 1000000 seconds.

MAC Learning Table

MAC Learning Table: Three options are available on each port.

Auto: On a given port, learning is automatically done once unknown SMAC is

received.

Disable: Disable MAC learning function.

Secure: Only static MAC entries listed in “Static MAC Table Configuration” are
learned. Others will be dropped.
NOTE: Make sure that the link used for managing the switch is added to the
Static Mac Table before changing to secure learning mode, otherwise the
management link is lost and can only be restored by using another non-secure
port or by connecting to the switch via the serial interface.

Static MAC Table Configuration

Static MAC Table Configuration: This table is used to manually set up static MAC
entries. The total entries that can be entered are 64.

Delete: Delete this MAC address entry.

VLAN ID: Specify the VLAN ID for this entry.

Port Members: Check or uncheck the ports. If the incoming packet has the same
destination MAC address as the one specified in VID, it will be forwarded to the
checked port directly.

4.3.10.2 MAC Address Table

The MAC Address Table shows both static and dynamic MAC addresses learned from
CPU or switch ports. You can enter the starting VLAN ID and MAC addresses to view
the desired entries.

4-164 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Type: Display whether the learned MAC address is static or dynamic.

VLAN ID: The VLAN ID associated with this entry.

MAC Address: The MAC address learned on CPU or certain ports.

Port Members: Ports associated with this entry.

4.3.11 VLANs
IEEE 802.1Q VLAN (Virtual Local Area Network) is a popular and cost-effectively
way to segment your networking deployment by logically grouping devices with
similar attributes irrespective of their physical connections. VLANs also segment
the network into different broadcast domains so that packets are forwarded to
ports within the VLAN that they belong. Using VLANs provides the following main
benefits:

VLANs provide extra security: Devices that frequently communicate with each
other are grouped into the same VLAN. If devices in a VLAN want to communicate
with devices in a different VLAN, the traffic must go through a routing device or
Layer 3 switching device.

VLANs help control traffic: Traditionally, when networks are not segmented into
VLANs, congestion can be easily caused by broadcast traffic that is directed to all
devices. To minimize the possibility of broadcast traffic damaging the entire
network, VLANs can help group devices that communicate frequently with other
in the same VLAN so as to divide the entire network into several broadcast
domains.

VLANs make changes of devices or relocation more easily: In traditional networks,

when moving a device geographically to a new location (for example, move a device
in floor 2 to floor 4), the network administrator may need to change the IP or even
subnet of the network or require re-cabling. However, by using VLANs, the original
IP settings can remain the same and re-cabling can be reduced to minimal.

PowerFlow-2-10G Configuration 4-165

Chapter 4 Web Operation and Configuration Installation and Operation Manual

4.3.11.1 Configuration

Global VLAN Configuration

Allowed Access VLANs: This shows the allowed access VLANs. This setting only
affects ports set in “Access” mode. Ports in other modes are members of all VLANs
specified in “Allowed VLANs” field. By default, only VLAN 1 is specified. More
allowed access VLANs can be entered by specifying the individual VLAN ID
separated by comma. If you want to specify a range, separate it by a dash. For
example, 1, 5, 10, 12-15, 100

Ethertype for Custom S-ports: Specify ether type used for customer s-ports.

Port VLAN Configuration

4-166 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Port: List the number of each port. “Port *” settings apply to all ports.

Mode: The port mode (default is Access) determines the fundamental behavior of
the port in question. A port can be in one of three modes as described below.
Whenever a particular mode is selected, the remaining fields in that row will be
either grayed out or made changeable depending on the mode in question.
Grayed out fields show the value that the port will get when the mode is applied.

Access: Access ports are normally used to connect to end stations. Dynamic
features like Voice VLAN may add the port to more VLANs behind the scenes.
Access ports have the following characteristics:

• Member of exactly one VLAN, the Port VLAN (a.k.a. Access VLAN), which by
default is 1.
• Accepts untagged and C-tagged frames.
• Discards all frames that are not classified to the Access VLAN.
• On egress all frames classified to the Access VLAN are transmitted untagged.
Other (dynamically added VLANs) are transmitted tagged.

Trunk: Trunk ports can carry traffic on multiple VLANs simultaneously, and are
normally used to connect to other switches. Trunk ports have the following
characteristics:

• By default, a trunk port is member of all VLANs (1-4095).

• The VLANs that a trunk port is member of may be limited by the use of
“Allowed VLANs”.
• Frames classified to a VLAN that the port is not a member of are discarded.
• By default, all frames but frames classified to the Port VLAN (a.k.a. Native
VLAN) get tagged on egress. Frames classified to the Port VLAN do not get C-
tagged on egress.
• Egress tagging can be changed to tag all frames, in which case only tagged
frames are accepted on ingress.

Hybrid: Hybrid ports resemble trunk ports in many ways, but adds additional port
configuration features. In addition to the characteristics described for trunk
ports, hybrid ports have these abilities:

• Can be configured to be VLAN tag unaware, C-tag aware, S-tag aware, or S-

custom-tag aware.
• Ingress filtering can be controlled.
• Ingress acceptance of frames and configuration of egress tagging can be
configured independently.

PowerFlow-2-10G Configuration 4-167

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Port VLAN: Configures the VLAN identifier for the port. The allowed values are
from 1 through 4095. The default value is 1.

The Port VLAN is called an "Access VLAN" for ports in Access mode and Native VLAN
for ports in Trunk or Hybrid mode.

Port Type: When you select “Hybrid” mode, the Port Type field becomes selectable.
There are four port types available. Each port type’s ingress and egress action is
described in the following table.

Action Ingress Action Egress Action

Port Type

When a tagged frame is received on a port, The TPID of frame transmitted by

If the tagged frame with TPID=0x8100, it Unaware port will be set to
becomes a double-tag frame and is 0x8100. The final status of the
forwarded. frame after egressing are also
affected by egress rule.
Unaware If the TPID of tagged frame is not 0x8100
(ex. 0x88A8), it will be discarded.

When an untagged frame is received on a

port, a tag (PVID) is attached and then
forwarded.

When a tagged frame is received on a port, The TPID of frame transmitted by

If a tagged frame with TIPID=0x8100, it is C-port will be set to 0x8100.
forwarded.
If the TPID of tagged frame is not 0x8100
C-port
(ex. 0x88A8), it will be discarded.

When an untagged frame is received on a

port, a tag (PVID) is attached and then
forwarded.

When a tagged frame is received on a port, The TPID of frame transmitted by

If a tagged frame with TPID=0x88A8, it is S-port will be set to 0x88A8
forwarded.
If the TPID of tagged frame is not 0x88A8
S-port
(ex. 0x8810), it will be discarded.

When an untagged frame is received on a

port, a tag (PVID) is attached and then
forwarded.

When a tagged frame is received on a port, The TIPID of frame transmitted by

If a tagged frame with TPID=0x88A8, it is S-custom-port will be set to an
S-custom port forwarded. self-customized value, which can
be set by the user using the
If the TPID of tagged frame is not 0x88A8
(ex. 0x8810), it will be discarded.

4-168 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

When an untagged frame is received on a column of Ethertype for Custom

port, a tag (PVID) is attached and then S-ports.
forwarded.

Ingress Filtering: If Ingress Filtering is enabled and the ingress port is not a member
of a VLAN, the frame from the ingress port is discarded. By default, ingress filtering
is disabled.

Ingress Acceptance: Select the acceptable ingress traffic type on a port.

Tagged and Untagged: Both tagged and untagged ingress packets are
acceptable on a port.

Tagged Only: Only tagged ingress packets are acceptable on a port. Untagged
packets will be dropped.

Untagged Only: Only untagged ingress packets are acceptable on a port. Tagged
packets will be dropped.

Egress Tagging: The action taken when packets are sent out from a port.

Untag Port VLAN: Frames that carry PVID will be removed when leaving from a
port. Frames with tags other than PVID will be transmitted with the carried tags.

Tag All: Frames are transmitted with a tag.

Untag All: Frames are transmitted without a tag. This option is only available
for ports in Hybrid mode.

Allowed VLAN: Ports in Trunk and Hybrid mode may control which VLANs they are
allowed to become members of. Access ports can only be member of one VLAN,
the Access VLAN. By default, a Trunk or Hybrid port will become member of all
VLANs, and is therefore set to 1-4095.

Forbidden VLAN: A port may be configured to never be member of one or more

VLANs. This is particularly useful when dynamic VLAN protocols like MVRP and GVRP
must be prevented from dynamically adding ports to VLANs. The trick is to mark
such VLANs as forbidden on the port in question. By default, the field is left blank,
which means that the port may become a member of all possible VLANs.

PowerFlow-2-10G Configuration 4-169

Chapter 4 Web Operation and Configuration Installation and Operation Manual

4.3.11.2 Membership

This page shows the current VLAN membership saved on the Switch.

VLAN ID: VLANs that are already created.

Port members: Display member ports on the configured VLANs.

4.3.11.3 Ports

This page shows the current VLAN settings on a per-port basis saved on the Switch.

Port: The port number.

4-170 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Port Type: Display the selected port type on a port.

Ingress Filtering: Display whether Ingress Filtering is enabled or disabled.

Frame Type: Display the accepted frame type on a port.

Port VLAN ID: The port VLAN ID assigned to a port.

Tx Tag: Display the Egress action on a port.

Untagged VLAN ID: Display the untagged VLAN ID. A port's UVID determines the
packet's behavior at the egress side. If the VID of Ethernet frames leaving a port
match the UVID, these frames will be sent untagged.

Conflicts: Display whether conflicts exist or not. When a software module

requests to set VLAN membership or VLAN port configuration, the following
conflicts can occur:

*Functional conflicts between features.

*Conflicts due to hardware limitations.
*Direct conflicts between user modules.

4.3.11.4 VLAN Translation

VLAN Translation is especially useful for users who want to translate the original
VLAN ID to a new VLAN ID so as to exchange data across different VLANs and
improve VLAN scaling. VLAN translation replaces an incoming C-VLAN tag with an
S-VLAN tag instead of adding an additional tag. When configuring VLAN Translation,
both ends of the link normally must be able to replace tags appropriately. In other
words, both ends must be configured to translate the C-VLAN tag to S-VLAN tag
and S-VLAN tag to C-VLAN tag appropriately in a network. Note that only access
ports support VLAN translation. It is not recommended to configure VLAN
Translation on trunk ports.

The “VLAN Translation” menu contains the following sub menus. Select the
appropriate one to configure settings or view its status.

PowerFlow-2-10G Configuration 4-171

Chapter 4 Web Operation and Configuration Installation and Operation Manual

4.3.11.4.1 Port to Group Mapping

Group ID: The total VLAN Translation group can be used is 11 which is automatically
created in Group Mapping Table when entering “Port to Group Mapping” page. A
port can be mapped to any of the groups. Multiple ports can be mapped to a single
group with the same Group ID.
NOTE: By default, each port is mapped to a group with a group ID equal to the port
number. For example, port 2 is mapped to the group with ID is 2.

Port Number: Click the appropriate radio button to include a port into a group.

4.3.11.4.2 VID Translation Mapping

Group ID: Indicate the Group ID that applies to this translation rule.

VLAN ID: Indicate the VLAN ID that will be mapped to a new VID.

4-172 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Translated to VID: Indicate the new VID to which VID of ingress frames will be
changed.

Click the “Add New Entry” button once to add a new VLAN Translation entry.

4.3.12 Private VLANs

The “Private VLANs” menu contains the following sub menus. Select the
appropriate one to configure its detailed settings.

4.3.12.1 PVLAN Membership

This page is used to configure private VLANs. New Private VLANs can be added here
and existing VLANs can be modified. Private VLANs are based on the source port
mask and there are no connections to VLANs which means that VLAN IDs and
Private VLAN IDs can be identical. A port must be a member of both a VLAN and a
Private VLAN to be able to forward packets. By default, all ports are VLAN unaware
and members of VLAN 1 and Private VLAN 1. A VLAN unaware port can only be a
member of one VLAN, but it can be a member of multiple Private VLANs.

PVLAN ID: Specify the PVLAN ID. Valid values are 1 to 11.

Port Members: Select the checkbox, if you would like a port to belong to a certain
Private VLAN. Uncheck the checkbox to remove a port from a Private VLAN.

Delete: Delete this VLAN membership entry.

Add New VLAN: Click the button once to add a new VLAN entry.

Save: VLAN membership changes will be saved and new VLANs are enabled after
clicking “Save” button.

PowerFlow-2-10G Configuration 4-173

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Reset: Click “Reset” button to clear all unsaved VLAN settings and changes.

4.3.12.2 Port Isolation

Private VLAN is used to group ports together so as to prevent communications

within PVLAN. Port Isolation is used to prevent communications between customer
ports in a same Private VLAN. The port that is isolated from others cannot forward
any unicast, multicast or broadcast traffic to any other ports in the same PVLAN.

Port Number: Select the checkbox if you want a port or ports to be isolated from
other ports.

4.3.13 GVRP
GVRP (GVRP VLAN Registration Protocol) is defined in the IEEE 802.1Q standard and
enables the switch to dynamically create IEEE 802.1Q compliant VLANs between
GVRP-enabled devices. With GVRP, VLAN information can be automatically
propagated from device to device so as to reduce errors when creating VLANs
manually and provide VIDs consistency across network.

This section provides configuration pages for users to set up GVRP timers and
enable GVRP on a per-port basis.

4.3.13.1 Global Config

4-174 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Enable GVRP: Select the checkbox to globally enable GVRP function.

Join-time: Specify the amount of time in units of centi-seconds that PDUs are
transmitted. The default value is 20 centi-seconds. The valid value is 1~20.
Note: The “Leave-time” parameter must be three times greater than or equal to
Join time.

Leave-time: Specify the amount of time in units of centi-seconds that the device
waits before deleting the associated etry. The leave time is activated by a “Leave
All-time” message sent/received and cancelled by the Join message. The default
value is 60 centi-seconds.

LeaveAll-time: Specify the amount of time that “LeaveAll” PDUs are created. A
LeaveAll PDU indicates that all registrations are shortly de-registered. Participants
will need to rejoin in order to maintain registration. The valid value is 1000 to
5000 centi-seconds. The factory default 1000 centi-seconds.
NOTE: The “LeaveAll-time” parameter must be greater than the “Leave-time”
parameter.

Max VLANs: The maximum number of VLANs can be learned via GVRP.

PowerFlow-2-10G Configuration 4-175

Chapter 4 Web Operation and Configuration Installation and Operation Manual

4.3.13.2 Port Config

Port: The port number.

Mode: Enable GVRP on a per port basis.

4.3.14 VCL
The “VCL” menu contains the following sub menus.

4.3.14.1 MAC-based VLAN

MAC-based VLAN configuration page is to set up VLANs based on source MAC
addresses. When ingress untagged frames are received by a port, source MAC

4-176 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

address is processed to decide which VLAN these untagged frames belong. When
source MAC addresses does not match the rules created, untagged frames are
assigned to the receiving port’s native VLAN ID (PVID).

MAC Address: Indicate the source MAC address. Please note that the source MAC
address can only map to one VLAN ID.

VLAN ID: Map this MAC address to the associated VLAN ID.

Port Members: Ports that belong to this VLAN.

Save: Changes will be saved and newly entered rules are enabled after clicking
“Save” button.

Click “Add New Entry” to create a new rule.

Delete: Click “Delete” to remove this entry.

4.3.14.2 Protocol-based VLAN

The network devices required to support multiple protocols cannot be easily
grouped into a common VLAN. This may require non-standard devices to pass
traffic between different VLANs in order to encompass all the devices participating
in a specific protocol. This kind of configuration deprives users of the basic benefits
of VLANs, including security and easy accessibility.

To avoid these problems, you can configure this switch with protocol-based VLANs
that divide the physical network into logical VLAN groups for each required protocol.
When a frame is received at a port, its VLAN membership can then be determined
based on the protocol type being used by the inbound packets.

4.3.14.2.1 Protocol to Group

PowerFlow-2-10G Configuration 4-177

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Frame Type: There are three frame types available for selection; these are
“Ethernet”, “SNAP”, and “LLC”. The value field will change accordingly.

Value: This field specifically indicates the protocol type. This value field varies
depending on the frame type you selected.

Ethernet: Ether Type (etype) value. By default, it is set to 0x0800. The range
allowed is 0x0600 to 0xffff.

SNAP: This includes OUI (Organizationally Unique Identifier) and PID (Protocol
ID) values.

OUI: A value in the format of xx-xx-xx where each pair (xx) in the string is a
hexadecimal value in the ranges of 0x00-0xff.

PID: If the OUI is hexadecimal 000000, the protocol ID is the Ethernet type field
value for the protocol running on top of SNAP. If the OUI is that of a particular
organization, the protocol ID is a value assigned by that organization to the
protocol running on top of SNAP. In other words, if value of the OUI field is 00-
00-00, then value of the PID will be etherType (0x0600-0xffff), and if value of
the OUI is other than 00-00-00, then valid value of the PID will be any value from
0x0000 to 0xffff.

4-178 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

LLC (Logical Link Control): This includes DSAP (Destination Service Access Point)
and SSAP (Source Service Access Point) values. By default, the value is 0xff. Valid
range is 0x00 to 0xff.

Group Name: Indicate the descriptive name for this entry. This field only allows 16
alphabet characters (a-z; A-Z) or integers (0-9).

4.3.14.2.2 Group to VLAN

Group Name: Indicate the descriptive name for this entry. This field only allows 16
alphabet characters (a-z; A-Z) or integers (0-9).

VLAN ID: Indicate the VLAN ID.

Port Members: Assign ports to this rule.

Click the “Add New Entry” button to insert a new entry to the list.

Click the “Delete” button to remove a newly-inserted entry or select the

checkbox to remove a saved entry during the next save.

4.3.14.3 IP Subnet-based VLAN

IP Subnet-based VLAN configuration is to map untagged ingress frames to a specific
VLAN if the source address is found in the IP subnet-to-VLAN mapping table. When
IP subnet-based VLAN classification is enabled, the source address of untagged
ingress frames are checked against the IP subnet-to-VLAN mapping table. If an
entry is found for that subnet, these frames are assigned to the VLAN indicated in
the entry. If no IP subnet is matched, the untagged frames are classified as
belonging to the receiving port’s VLAN ID (PVID).

PowerFlow-2-10G Configuration 4-179

Chapter 4 Web Operation and Configuration Installation and Operation Manual

VCE ID: Index of the entry. Valid range is 0-256.

IP Address: Indicate the IP address for this rule.

Mask Length: Indicate the network mask length.

VLAN ID: Indicate the VLAN ID

Port Members: Assign ports to this rule.

Click the “Add New Entry” button to insert a new entry to the list.

Click the “Delete” button to remove a newly-inserted entry or select the

checkbox to remove a saved entry during the next save.

4.3.15 QoS
Network traffic is always unpredictable and the only basic assurance that can be
offered is the best effort traffic delivery. To overcome this challenge, Quality of
Service (QoS) is applied throughout the network. This ensures that network traffic
is prioritized according to specified criteria and receives preferential treatments.

QoS enables you to assign various grades of network service to different types of
traffic, such as multi-media, video, protocol-specific, time critical, and file-backup
traffic. To set up the priority of packets in this switch, go to “Port Classification”
page.

The “QoS” menu contains the following sub menus.

4-180 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.15.1 Ingress

4.3.15.1.1 Port Classification

Port: List of the number of each port. “Port *” rules will apply to all ports.

CoS: Indicate the Class of Service level. A CoS class of 0 has the lowest priority. By
Default, 0 is used.

DPL: Select the default Drop Precedence Level.

PCP: Select the appropriate value for the default Priority Code Point (or User Priority)
for untagged frames.

PowerFlow-2-10G Configuration 4-181

Chapter 4 Web Operation and Configuration Installation and Operation Manual

DEI: Select the appropriate value for the default Drop Eligible Indicator for untagged
frames.

Tag Class: This field displays classification mode for tagged frames on this port:

Disabled: Use the default QoS class and DP level for tagged frames.

Enabled: Use the mapped versions of PCP and DEI for tagged frames.

DSCP Based: Select the checkbox to enable DSCP based QoS (Ingress Port).

4.3.15.1.2 Port Shaping

Enabled: Select the checkbox to enable port shaping function on a port.

Rate: Indicate the rate for the port shaping. By default, 500kbps is used. The
allowed range for kbps and fps is 100 to 1000000. The allowed range for Mbps
and kfps is 1 to 3300Mbps.

Unit: Select the unit of measure for the port shaping.

Burst Size: Indicate in bits (or bytes) per burst how much traffic can be sent within
a given unit of time to not create scheduling concerns.

4-182 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.2.15.1.3 Port Policing

This page allows users to set each port’s allowed bandwidth.

Port: The port number. “Port *” settings apply to all ports.

Enabled: Select the checkbox to enable port policing function on a port.

Rate: Indicate the rate for the policer. By default, 500kbps is used. The allowed
range for kbps and fps is 100 to 1000000. The allowed range for Mbps and kfps is
1 to 3300Mbps.

Unit: Select the unit of measure for the policer.

PowerFlow-2-10G Configuration 4-183

Chapter 4 Web Operation and Configuration Installation and Operation Manual

4.3.15.1.4 Queue Policing

Port: The port number. “Port *” settings apply to all ports.

Queue 0~7 Enable: Select the appropriate checkboxes to enable queue policing
function on switch ports.
When enabled, the following image will appear:

4-184 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Rate: Indicate the rate for the ingress queue policer. By default, 500kbps is used.
Allowed range for kbps is 100 to 1000000. Allowed range for Mbps is 1 to
3300Mbps.

Unit: Select he unit of measure for the ingress queue policer.

Save: Save the current running configurations to memory.

Reset: Clear all selected settings.

PowerFlow-2-10G Configuration 4-185

Chapter 4 Web Operation and Configuration Installation and Operation Manual

4.3.15.2 Egress

4.3.15.2.1 Port Scheduler

Port: Click the port to set up detailed settings for port scheduler.

Mode: Display scheduler mode selected.

Weight: Display the weight in percentage assigned to Q0 – Q5.

4-186 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

This page allows you to set up the Schedulers and Shapers for a specific port.

Scheduler Mode: The device offers two modes to handle queues.

Strict mode: This gives egress queues with higher priority to be transmitted first
before lower priority queues are serviced.

PowerFlow-2-10G Configuration 4-187

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Weight mode: Deficit Weighted Round-Robin (DWRR) queuing which specifies a

scheduling weight for each queue. (Options: Strict, Weighted; Default: Strict)
DWRR services the queues in a manner similar to WRR, but the next queue is
serviced only when the queue’s Deficit Counter becomes smaller than the packet
size to be transmitted.

Queue Shaper/Port Shaper/Queue Shaper

Enable: Select the checkbox to enable queue shaper on a certain queue for this
selected port.

Rate: Indicate the rate for the queue shaper. By default, 500kbps is used. Allowed
range for kbps is 100 to 1000000. Allowed range for Mbps is 1 to 13200Mbps.

Unit: Select he unit of measure for the queue shaper.

Excess: Select the checkbox to allow excess bandwidth.

Queue Schedule

Queue Scheduler: When Scheduler Mode is set to Weighted, the user needs to
indicate a relative weight for each queue. DWRR uses a predefined relative weight
for each queue that determines the percentage of service time the switch
services each queue before moving on to the next queue. This prevents the head-
of-line blocking that can occur with strict priority queuing.

Weight: Assign a weight to each queue. This weight sets the frequency at which
each queue is polled for service and subsequently affects the response time
software applications assigned a specific priority value.

Percent: The weight as a percentage for this queue.

Port Shaper

Enable: Select the checkbox to enable Port shaper.

Rate: Indicate the rate for Port Shaper. By default, 500kbps is used. Allowed range
for kbps is 100 to 1000000. Allowed range for Mbps is 1 to 13200Mbps.

Unit: Select the rate of measure

4-188 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.15.2.2 Port Shaping

This displays each port’s queue shaper and port shaper’s rate.

Click the port number to modify or reset queue shaper and port shaper’s rates.
See “Port Scheduler” for detailed explanation on each configuration option.

4.3.15.2.3 Port Tag Remarking

PowerFlow-2-10G Configuration 4-189

Chapter 4 Web Operation and Configuration Installation and Operation Manual

Tag Remarking Mode: Select the appropriate remarking mode used by this port.

Classified: Use classified PCP/DEI values.

Default: Use default PCP/DEI values (Default PCP:0; Default DEI:0).

Mapped: Use the mapping of the classified QoS class values and DP levels to
PCP/DEI values.

QoS class/DP level: Show the mapping options for QoS class values and DP levels
(drop precedence).

PCP: Remarks matching egress frames with the specified Priority Code Point (or
User Priority) value. (Range: 0-7; Default: 0)

DEI: Remarks matching egress frames with the specified Drop Eligible Indicator.
(Range: 0-1; Default: 0)

4-190 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.15.3 Port DSCP

Port: The port number. “Port *” settings apply to all ports.

Ingress Translate: Select the checkbox to enable ingress translation of DSCP values
based on the selected classification method.

Ingress Classify: Select the appropriate classification method:

Disable: No ingress DSCP classification is performed.

DSCP=0: Classify if incoming DSCP is 0.

Selected: Classify only selected DSCP for which classification is enabled in

DSCP Translation table

All: Classify all DSCP.

Egress Rewrite: Configure port egress rewriting of DSCP values.

Disable: Egress rewriting is disabled.

Enable: Enable egress rewriting is enabled but with remapping.

Remap: DSCP from analyzer is remapped and frame is remarked with remapped
DSCP value.

PowerFlow-2-10G Configuration 4-191

Chapter 4 Web Operation and Configuration Installation and Operation Manual

4.3.15.4 DSCP-Based QoS Ingress Classification

DSCP: DSCP value in ingress packet. DSCP range is from 0 to 63.

Trust: Select the checkbox to indicate that DSCP value is trusted. Only trusted DSCP
values are mapped to a specific QoS class and drop precedence level (DPL). Frames
with untrusted DSCP values are treated as non-IP frames.

QoS Class: Select the QoS class to the corresponding DSCP value for ingress
processing. By default, 0 is used. Allowed range is 0 to 7.

DPL: Select the drop precedence level to the corresponding DSCP value for ingress
processing. By default, 0 is used. The value “1” has the higher drop priority.

4-192 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.15.5 DSCP Translation

DSCP: DSCP value in ingress packet. DSCP range is from 0 to 63.

Ingress Translate: Enable Ingress Translation of DSCP values based on the specified
classification method.

Ingress Classify: Enable classification at ingress side as defined in the QoS port
DSCP Configuration Table.

Egress Remap: Enable egress remap based on the specified classification method.

4.3.15.6 DSCP Classification

Map DSCP values to QoS class and DPL value.

PowerFlow-2-10G Configuration 4-193

Chapter 4 Web Operation and Configuration Installation and Operation Manual

QoS Class: List of actual QoS class values.

DSCP: Select the DSCP value to map QoS class and DPL value. DSCP value selected
for “*” will map to all QoS class and DPL value.

4.3.15.7 QoS Control List

Quality of Service control list is used to establish policies for handling ingress
packets based on frame type, MAC address, VID, PCP, DEI values. Once a QCE is
mapped to a port, traffic matching the first entry in the QoS Control List is assigned
to the QoS class, drop precedence level, and DSCP value defined by that entry.
Traffic not matching any of the QCEs are classified to the default QoS Class for the
port.

This page displays rules created in QoS control list (QCL) only. The maximum
number of QCL is 256 on this device. Click the plus sign to insert a new QCL to
the list.

QCE#: Display Quality Control Entry index.

Port: Display the port number that uses this QCL.

DMAC: Destination MAC address. Possible values are Any, Broadcast, Multicast,
Unicast.

SMAC: Source MAC address.

Tag Type: The value of tag field can be “Untagged”, “Tagged” or “Any”.

VID: Display VLAN ID (1-4095)

PCP: Display PCP value.

DEI: Display DEI value.

Frame Type: Display the frame type to look for in incoming frames. Possible frame
types are Any, Ethernet, LLC SNAP, IPv4, IPv6.

4-194 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

Action: Display the classification action taken on ingress frames when the
configured parameters are matched in the frame’s content. If a frame matches the
QCL, the following actions will be taken.

CoS: If a frame matches the QCL, it will be put in the queue corresponding to
the specified QoS class.

DPL: The drop precedence level will be set to the specified value.

DSCP: The DSCP value will be set to the specified value.

You can modify each QCE (QoS Control Entry) in the table using the following
buttons:
: Insert a new QCE before the current row.
: Edit the QCE entry.
: Move the QCE up the list.
: Move the QCE down the list.
: Delete the QCE.
: The lowest plus sign add a new entry at the bottom of the QCE listings.

Once is clicked in display page, the following page will appear.

QCE Configuration

Port Members: Select ports that use this rule.

Key Parameters

PowerFlow-2-10G Configuration 4-195

Chapter 4 Web Operation and Configuration Installation and Operation Manual

SMAC: Select source MAC address type. By default, any is used. Select “Specific” to
specify a source MAC (first three bytes of the MAC address or OUI).

DMAC Type: Select destination MAC address type. By default, any is used. Other
options available are “UC” for unicast, “MC” for multicast, and “BC” for broadcast.

Tag: Select VLAN tag type (Tag or Untag). By default, any type is used.

VID: Select VID preference. By default, any VID is used. Select “Specific”, if you
would like to designate a VID to this QCL entry. Or Select “Range”, if you would like
to map a range of VIDs to this QCL entry.

PCP: Select a PCP value (either specific value or a range of values are provided). By
default, any is used.

DEI: Select a DEI value. By default, any is used.

Frame Type: The frame types can be selected are listed below.

Any: By default, any is used which means that all types of frames are allowed.

Ethernet: This option can only be used to filter Ethernet II formatted packets
(Options: Any, Specific – 600-ffff hex; Default: ffff). Note that 800 (IPv4) and
86DD (IPv6) are excluded. A detailed listing of Ethernet protocol types can be
found in RFC 1060. A few of the more common types include 0800 (IP), 0806
(ARP), 8137 (IPX).

LLC: LLC refers to Link Logical Control and further provides three options.

SSAP: SSAP stands for Source Service Access Point address. By default, any is
used. Select specific to indicate a value (0x00 - 0xFF).

DSAP: DSAP stands for Destination Service Access Point address. By default, any
is used. Select specific to indicate a value (0x00 to 0xFF).

Control: Control field may contain command, response, or sequence information

depending on whether the LLC frame type is Unnumbered, Supervisory, or
Information. By default, any is used. Select specific to indicate a value (0x00 to
0xFF).

SNAP: SubNetwork Access Protocol can be distinguished by an OUI and a Protocol

ID. (Options for PID: Any, Specific (0x00-0xffff); Default: Any) If the OUI is
hexadecimal 000000, the protocol ID is the Ethernet type (EtherType) field value

4-196 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

for the protocol running on top of SNAP. If the OUI is that of a particular
organization, the protocol ID is a value assigned by that organization to the
protocol running on top of SNAP. In other words, if value of the OUI field is 00-
00-00, then value of the PID will be etherType (0x0600-0xffff), and if value of
the OUI isother than 00-00-00, then valid value of the PID will be any value from
0x0000 to 0xffff.

IPv4:

Protocol: IPv4 frame type includes Any, TCP, UDP, Other. If “TCP” or “UDP” is
selected, you might further define Sport (Source port number) and Dport
(Destination port number).

Source IP: Select source IP type. By default, any is used. Select “Specific” to
indicate self-defined source IP and submask format. The address and mask must
be in the format x.y.z.w where x, y, z, and w are decimal numbers between 0 and
255. When the mask is converted to a 32-bit binary string and read from left to
right, all bits following the first zero must also be zero

IP Fragment: By default, any is used. Datagrams sometimes may be fragmented

to ensure they can pass through a network device that uses a maximum transfer
unit smaller than the original packet’s size.

DSCP: By default, any is used. Select “Specific” to indicate a DSCP value. Select
“Range” to indicate a range of DSCP value.

IPv6:

Protocol: IPv6 protocol includes Any, TCP, UDP, Other. If “TCP” or “UDP” is
selected, you may need to further define Sport (Source port number) and Dport
(Destination port number).

SIP (32 LSB): Select source IP type. By default, any is used. Select “Specific” to
indicate self-defined source IP and submask format.

DSCP: By default, any is used. Select “Specific” to indicate a DSCP value. Select
“Range” to indicate a range of DSCP value.

Action Parameters
Specify the classification action taken on ingress frame if the parameters match
the frame’s content. The actions taken include the following:

PowerFlow-2-10G Configuration 4-197

Chapter 4 Web Operation and Configuration Installation and Operation Manual

CoS: If a frame matches the QCE, it will be put in the queue corresponding to the
specified CoS class.

DPL: If a frame matches the QCE, the drop precedence level will be set to the
selected value or left unchanged.

DSCP: If a frame matches the QCE, the DSCP value will be set to the selected one.

4.3.15.8 Storm Control

Storm Control is used to keep a network from downgraded performance or a
complete halt by setting up a threshold for traffic like broadcast, unicast and
multicast. When a device on the network is malfunctioning or application programs
are not well designed or properly configured, storms may occur and will degrade
network performance or even cause a complete halt. The network can be protected
from storms by setting a threshold for specified traffic on the device. Any specified
packets exceeding the specified threshold will then be dropped.

Enable: Enable Unicast storm, Multicast storm or Broadcast storm protection.

Rate (pps): Select the packet threshold. The packets received exceed the selected
value will be dropped.

4-198 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.15.9 WRED

Queue: The queue number. Queue 0 to 5 can apply to Random Early Detection
(RED). However, RED cannot be applied to Queue 6 and 7.

Enable: Select the checkbox to enable RED on a particular queue.

Min. threshold: Specify the lowest RED threshold. If the average queue filling level
is below this threshold, the drop probability is zero. This valid value for this field
is 0~100.

Max. DP 1: Controls the drop probability for the frames marked in drop
precedence level 1 when the average queue filling level is 100%. The valid value is
0~100.

Max. DP 2: Controls the drop probability for the frames marked in drop
precedence level 2 when the average queue filling level is 100%. The valid value is
0~100.

Max. DP 3: Controls the drop probability for the frames marked in drop
precedence level 3 when the average queue filling level is 100%. The valid value is
0~100.

PowerFlow-2-10G Configuration 4-199

Chapter 4 Web Operation and Configuration Installation and Operation Manual

4.3.16 Mirroring

Port to mirror: Select the mirror port to which rx or tx traffic will be mirrored. Or
disable port mirroring function.

Mode: There are four modes that can be used on each port.

Disabled: Disable the port mirroring function on a given port.

Rx only: Only frames received on this port are mirrored on the mirror port.

Tx only: Only frames transmitted on this port are mirrored on the mirror port.

Enable: Both frames received and transmitted re mirrored on the mirror port.

4.3.17 UPnP

Mode: Enable or disable UPnP operation.

4-200 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

TTL: TTL (Time to live) is used to configure how many steps an UPnP advertisement
can travel before it disappears.

Advertising Duration: This defines how often an UPnP advertisement is sent. The
duration is carried in Simple Service Discover Protocol (SSDP) packets which informs
a control point how often it should receive a SSDP advertisement message from
the switch. By default, the advertising duration is set to 100 seconds. However,
due to the unreliable nature of UDP, it is recommended to set to the shorter
duration since the shorter the duration, the fresher is UPnP status.

4.3.18 L2CP
L2CP stands for Layer 2 Control Protocol and contains Ethernet control protocols
such as Spanning Tree BPDUs, LACP, Pause frames, etc. A L2CP frame has a specific
destination address (DA) belonging to reserved multicast MAC address ranges. MEF
defines L2CP processing rules for Ethernet Frames carrying a MAC destination
address (DA) within the range of 01-80-C2-00-00-00 through 01-80-C2-00-00-0F
and 01-80-C2-00-00-20 through 01-80-C2-00-00-2F. Therefore, if a vendor
defines L2CP frames outside the specified MAC DA ranges, the L2CP handling rules
do not apply to these frames.

DMAC: The destination MAC address. The MAC DA range for Bridge block of protocol
is 01-80-C2-00-00-00 through 01-80-C2-00-00-0F and for GARP block of protocol
is 01-80-C2-00-00-20 through 01-80-C2-00-00-2F.

PowerFlow-2-10G Configuration 4-201

Chapter 4 Web Operation and Configuration Installation and Operation Manual

L2CP Mode: Select the L2CP frame handling mode for the corresponding
destination MAC address (DMAC).

Peer: Redirect to CPU to allow peering/tunneling/discard depending on ECE and

protocol configuration.

Forward: Allow peering/forwarding/tunneling/discarding depending on ECE and

protocol configuration.

4.3.19 Diagnostics
The “Diagnostics” menu provides ping function to test the connectivity of a certain
IP.

4.3.19.1 Ping
This Ping function is for ICMPv4 packets.

IP Address: Enter the IP address that you wish to ping.

Ping Length: The size or length of echo packets.

Ping Count: The number of echo packets will be sent.

Ping Interval: The time interval between each ping request.

4-202 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.19.2 Ping6
This Ping function is for ICMPv6 packets.

IP Address: Enter the IP address that you wish to ping.

Ping Length: The size or length of echo packets.

Ping Count: The number of echo packets will be sent.

Ping Interval: The time interval between each ping request.

Egress Interface: The VLAN ID (VID) of the specific egress IPv6 interface which ICMP
packet goes. The VID ranges from 1 to 4094 and will be effective only when the
corresponding IPv6 interface is valid. When this field is not specified, Ping6 will find
the best match interface for destination. Do not specify egress interface for
loopback address. Do specify egress interface for link-local or multicast address.

4.3.20 Maintenance
The “Maintenance” menu contains several sub menus. Select the appropriate sub
menu to restart the device, set the device to the factory default or upgrade
firmware image.

PowerFlow-2-10G Configuration 4-203

Chapter 4 Web Operation and Configuration Installation and Operation Manual

4.3.20.1 Reboot

Click “Yes” button to reboot the switch.

4.3.20.2 Factory Defaults

Click “Yes” button to reset your device to factory defaults settings. Please note
that all changed settings will be lost. It is recommended that a copy of the current
configuration is saved to your local device.

4.3.20.3 Software

4.3.20.3.1 Upload

Update the latest Firmware file.

Select a Firmware file from your local device and then click “Upload” to start
updating.

4-204 Configuration PowerFlow-2-10G

Installation and Operation Manual Chapter 4 Web Operation and Configuration

4.3.20.3.2 Image Select

Select the image file to be used in this device.

4.3.20.4 Configuration

4.3.20.4.1 Save running-config to startup-config

Click on the “Save Configuration” button to save current running configurations to

startup configurations.

4.3.20.4.2 Backup

running-config: Download a copy of the current running configurations to your

local device.

default-config: Download a copy of the factory default configurations to your local

device.

startup-config: Download a copy of startup configurations to your local device.

PowerFlow-2-10G Configuration 4-205

Chapter 4 Web Operation and Configuration Installation and Operation Manual

4.3.20.4.3 Restore

Select a file and then click “Upload Configuration” to start uploading the file.

4.3.20.4.4 Activate

Select the file that you would like to use. Click on the “Activate Configuration” to
replace configurations to the selected one.

4.3.20.4.5 Delete

Select the file that you would like to delete. Click on the “Delete Configuration
File” to remove the file from the device.

4-206 Configuration PowerFlow-2-10G

Publication No. 738-200-12/18

Order this publication by Catalog No. 805098

International Headquarters
24 Raoul Wallenberg Street
Tel Aviv 69719, Israel
Tel. 972-3-6458181
Fax 972-3-6498250, 6474436
E-mail [email protected]

North American Headquarters

900 Corporate Drive
Mahwah, NJ 07430, USA
Tel. 201-5291100
Toll free 1-800-4447234
Fax 201-5295777
E-mail [email protected]

www.rad.com