Instruction/ maintenance manual of the product MR1 Fortinet
Go to page of 640
FortiSwitch-100 Version 4.0 MR1 User Guide.
FortiSwitch-100 Userl Guide Version 4.0 MR1 Revision 2 November 23, 2009 © Copyright 2009 Fortinet, Inc. All rights reserve d. No part of this publication including text, examples, diagrams or illust.
3 T able of Content s 1 INTRO DUCTION ................................................................................................................. .. 23 1.1 Switch Descrip tion .....................................................................
4 3.2 How to log in .............................................................................................................. ................................ 41 3.3 Web-Based Ma nagement Menu......................................................
5 5.2.3.2 show vlan id ........................................................................................................... ................... 71 5.2.3.3 show protocol group .....................................................................
6 5.2.6.8 lacp ......................................................................................................................................... 111 5.2.6.9 chan nel-group .......................................................................
7 5.3.3 Telnet Se ssion Commands .................................................................................................. ............ 135 5.3.3.1 telnet .......................................................................................
8 5.3.7.2 ip ssh ...................................................................................................................................... 159 5.3.7.3 ip ss h protocol ......................................................................
9 5.5.4 Configurat ion Commands ................................................................................................... ............. 184 5.5.4.1 logging buffe red ...........................................................................
10 5.8.2.3 userna me login ......................................................................................................... .............. 207 5.8.3 Dot1x Confi guration Co mmands ..............................................................
11 5.9.1.2 show c dp neighbors..................................................................................................... ........... 226 5.9.1.3 show cdp traffic ..............................................................................
12 5.11.1.17 clear radius statistics .............................................................................................. ............ 243 5.11.1.18 clea r tacacs ..............................................................................
13 5.12.3.2 drop....................................................................................................................................... 266 5.12.3.3 r edirect ............................................................................
14 5.14.1 Show Commands ........................................................................................................... ................ 288 5.14.1.1 show queue cos-map ......................................................................
15 6.2.1.7 show ip route precedence ............................................................................................... ....... 311 6.2.1.8 show ip traffic ...................................................................................
16 6.3.2.10 area nssa translator -role ............................................................................................. ......... 330 6.3.2.11 area nssa tr anslator-stab-intv ...............................................................
17 6.5 Domain Name Serv er Relay Commands .......................................................................................... ..... 350 6.5.1 Show Commands ........................................................................................
18 6.7.2 ip irdp .................................................................................................................. ............................. 367 6.7.3 ip ir dp broadcast.............................................................
19 7.2.1 Show Commands ............................................................................................................ ................. 385 7.2.1.1 show ip igmp ............................................................................
20 7.4.1.1 show ip pimdm .......................................................................................................... .............. 406 7.4.1.2 show ip pimdm interface ....................................................................
21 8.2.1.4 Defining Forw arding Database ........................................................................................... .... 437 8.2.1.5 View ing Logs .......................................................................................
22 8.2.5 QOS Menu ................................................................................................................. ...................... 591 8.2.5.1 Managing Acce ss Control Lists .....................................................
23 1 Introduction 1.1 Switch Description The Fortinet FortiSwitch-100 Ethern et Switch is a modular Gigabit Ethernet backbone switch designed for adaptability and scalability. The swit ch can utilize u p to forty-eight Gigabit Ethernet ports to function as a central distribut ion hu b for other switches, switch group s, or routers.
24 • TraceRoute support • Traffic Segmentation • TFTP upgrade • SysLog support • Simple Network Time Prot ocol • Web GUI Traffic Monitoring • SSH Secure Shell version 1 and 2 support •.
25 1.3 Front-Panel Component s The front panel of the switch consists of 48 1-Giga interfaces, 4 LE D indicators, an RS-232 communication port, and t wo SFP (Mini-GBIC) Combo ports. 4 LEDs divided into two parts. 2 LE D indicators on the upper di splay the status and power th e switch.
26 1.6 Management Options The system may be managed out-of-band throu gh the console port on the front panel or in-band using Telnet, a Web Browser, or SNMP.
27 • RFC 1850 (OSPF-MIB) • RFC 1850 (OSPF-TRAP-M IB) • RFC 2787 (VRRP-MIB) • RFC 3289 - DIFFSERV-DSCP-TC • RFC 3289 - DIFFSERV-MIB • QOS-DIFFSERV-EXTENSIONS-MIB • QOS-DIFFSERV-PRIVATE-MIB • RFC2674 802.
28 2 Inst allation and Quick S t artup 2.1 Package Content s Before you begin installing the switch, confirm that your package contains the following items: • One Fortinet FortiSwitch-100 Ethernet s.
29 2.2.2 Installing the Switch in a Rack You can install the switch in mo st standard 19-inch (48.3-cm) ra cks. Refer to the illustrations below. 1. Use the supplied screws to attach a m ounting bra cket to each side of the switch. 2. Align the holes in the mounting bracket with the holes in the rack.
30 2.3 Quick S t arting the Switch 1. Read the device Installation Guide for th e connectivity procedure. In-band connectivity allows access to the FortiSwitch- 100 switch locally or from a remote workstation. The device must be configured with IP information (IP addre ss, subnet mask, and default gateway).
31 show Interface status { < slot / port > | all } Displays the Ports slot/port Type - Indicates if the port is a special type of port Admin Mode - Selects the Port Control Administration State .
32 confirmed password match a message will be displayed. The user password should not be m ore than eight characters in length. copy running-config startup-confi g [ filename ] This will save passwords and all other changes to the device.
33 show ip interface Displays the Network Configurations IP Address - IP Addr ess of the interface Default IP is 0.0.0.0 Subnet Mask - IP Subnet Mask for the interface Default is 0.0.0.0 Default Gateway - The default Gateway for this interface Default value is 0.
34 2.4.6 Quick Start up Downloading from Out-of-Band PC to Switch (Only XMODEM) Table 2-6 Quick Start up Do w nloading from Out-of-Band PC to Switch Command Details copy xmodem startup-co nfig <filename> Sets the download datatype to be an image or config file.
35 copy running-config startup-config [filename ] Enter yes when the prompt pops up that asks if you want to save the configurations made to the switch. reload Enter yes when the prompt pops up that asks if you want to reset the system. You can reset the switch or cold b oot the switch; both work effectively.
36 ---------- ------ ---------- ---------------- --- ----------- ------ - ---------- - Total: 5 files. Note whether there is one file with the file type “Operation Code” o r two (as in the example above).
37 Note : When configuring a static IP address, y ou must also configure a default gateway. Use the following commands, sub stituting the appropriate default gat eway address for the example: (FortiSwitch-100_238) (if-vlan 1)#exit (FortiSwitch-100_238) (Co nfig)#i p default-gateway 172.
38 ---------- ------ ---------- ---------------- --- ----------- ------ - ---------- - 2007/05/14 b4b-b-0.2.0514. biz Boot-Rom image Y 127648 2007/11/20 default.cfg Config File N 28701 2008/04/03 lb4w-r-1.04.0403.img Operation Code Y 8034434 2008/08/19 lb4w-r-1.
39 • If there is no response from the TFTP se rver, verify the IP settings by typing show ip interface to ensure that the IP address and default gateway have b een entered correctly.
40 Figure 3-1: Console Setting Environment 2.6 Set Up your Switch Using T elnet Access Once you have set an IP address for your switch , you can use a Telnet prog ram (in a VT-100 compatible terminal mode) to access and contro l the switch. Most of the screens are identical, whether accessed from the console port or from a Tel net interface.
41 3 W eb-Based Management Interface 3.1 Overview The Fortinet FortiSwitch-100 Managed Switch provides a b uilt-in browser interface that lets you configure and manage it remot ely using a standard Web bro wser such as Microsoft Internet Explorer 5.0 or later or Netscape Navigat or 6.
42 4. Type the default user name of admin and default of no password, or whatever password you have set up. Once you have entered your access point name, your Web browser automati cally finds the FortiSwitch-100 Managed Switch an d display the home page, as shown below.
43 • Routing • Security • QoS • IP Multicast Figure 4-4: Main Menus Secondary Menus The Secondary Menus under the Main M enu c ontain a host of options that you can use to configure your switch. The online help cont ains a detailed description of the features on each screen.
44 • Spanning Tree — see “Spanning Tree Comm ands” • Class of Service — see “L2 Priority Commands” • Port Security — see “Port Security Con figuration Commands” Routing • ARP.
45 Figure 4-5: System- w ide menus You can also access the m ain navigation menu by right clicking on the image of the switch and browsing to the menu you want to use. Port-Specific Popup Menus The FortiSwitch-100 Mana ged Switch also provides several p opup menus for each po rt.
46 4 Command Line Interface S tructure and Mode-based CLI The Command Line Interface (CLI) syntax, c onventions, and te rminology are described in this section. Each CLI command is illu st rated using the stru cture outlined below. 4.1 CLI Command Format Commands are followed by values, parameters, or b oth.
47 The {} curly braces indicate that a parameter must be chosen from the list of choices. Values ipaddr This parameter is a valid IP address, m ade up of four decimal byte s ranging from 0 to 255. The default for all IP parameters con sists of zeros (that is, 0.
48 Empty strings (““) are not valid user defined strings. Command completion finishes spelling the command when enoug h letters of a command are typed to uniquely identify the command word.
49 5 Switching Commands 5.1 System Information and S t atistics commands 5.1.1 show arp This command displays co nnectivity between the switch and other devices. The Address Resolution Protocol (ARP) cache identifie s the MAC addre sses of the IP stations communicating with the switch.
50 show calendar Default Setting None Command Mode Privileged Exec Display Message Current Time displays syst em time 5.1.3 show eventlog This command displays the event log, which c ontains error messages from the system. The event log is not cleared on a system reset.
51 5.1.4 show running-config This command is used to display/capture the curre nt setting of different protocol packages supported on swit ch. This command di splays/captures only commands with settings/configurations with values that differ from the default value.
52 Privileged Exec Display Message System Description: The text used to identify this switch. System Name: The n ame used to identify the switch. System Location: The text used to ide ntify the location of the switch. May be up to 31 alpha-numeric characters.
53 5.1.7 show loginsession This command displays current telnet an d serial port connections to the switch. Syntax show loginsession Default Setting None Command Mode Privileged Exec Display Message ID: Login Session ID User Name: The name the user will use to login using the se rial port or Telnet .
54 <slot/port> - is the desired interface nu mber. all - This parameter displays in formation for all interfaces. Default Setting None Command Mode Privileged Exec Display Message Intf: The physical slot an d physical port. Typ e: If not blank, this field indicates that this port is a special type of port.
55 Privileged Exec Display Message The display parameters when the argum ent is '<slot/port>' are as follows: Packets Received Witho ut Error: The total number of packets (in c luding broadcast packet s and multicast packets) received by the processor.
56 Command Mode Privileged Exec Display Message The display parameters whe n the argu ment is ' <slot/port>' are as follows: Total Packets Received (Octets): The total number of octets of d a ta (including those in bad packet s ) received on the netwo rk (excluding framing bits but including FCS octets).
57 Total Packets Received Without Erro rs Unicast Packets Receiv ed: The number of subnetwork-unicast packets delivered to a higher-layer protocol. Multicast Packets Received: Th e total number of good packets received that were di rected to a multicast address.
58 Broadcast Packe ts Transmitted: The total num ber of packets that higher-level proto cols requested be transmitted to the Broadcast address, includi ng tho se that were discarded or not sent.
59 Receive Packets Discarded: The number of inbound packets which were chos en to be discarded even though no errors had been detected to pr event their being deliverabl e to a hi gher-layer protocol. A possible reason for discarding a packet could be t o free up buffer space.
60 Display Message Packets Received Witho ut Error: The total number of packets (in c luding broadcast packet s and multicast packets) received by the processor. Broadcast Packets Recei ved: The total number of packets re ceived t hat were directed to the broadcast address.
61 speed-duplex {10 | 100} {full-duplex | half-d uplex} 100 - 100BASE-T 10 - 10BASE-T full-duplex - Full duplex half-duplex - Half duplex Default Setting None Command Mode Interface Config This command is used to set the speed and du plex mode for all interfaces.
62 negotiate no negotiate no - This command disab les automatic negotiation on a port. Default Setting Enable Command Mode Interface Config This command enables automatic negoti ation on all interfaces. The default value is enabled. Syntax negotiate all no negotiate all all - This command represents all interfaces.
63 no capabilities {{10 | 100 } {full-duplex | half-duplex}} | {1000 full-duplex } 10 - 10BASE-T 100 - 100BASE-T 1000 - 1000BASE-T full-duplex - Full duplex half-duplex - Half duplex no - This command removes the advertised capability with using param eter.
64 Note: This command only applie s to full-duplex mode ports. Syntax storm-control flowcontrol no storm-control flo w control no - This command disa bles 802.3x flow control for the switch. Default Setting Disabled Command Mode Global Config This command enables 8 02.
65 Syntax shutdo w n no shutdo wn no - This command enabl es a port. Default Setting Enabled Command Mode Interface Config This command is used to disabl e all ports. Syntax shutdown all no shutdown all all - This command represents all ports. no - This command enables all po rts.
66 5.2.2 L2 MAC Address and Multicast Forwarding Database Tables 5.2.2.1 show mac-addr-table This command displays the forwarding databa se entries. If the command is e ntered with no parameter, the entire table is displayed. Th is is the sa me as entering the optional all parameter.
67 5.2.2.2 show mac-address-table gmrp This command displays the GARP Multicast Re gistration Protocol (GMRP) entries in the Multicast Forwarding Database (MFDB) table.
68 01:23:45:67:89:AB. In an IVL system the MAC address will be di splayed as 8 bytes. In an SVL system, the MAC address will be disp layed as 6 bytes. Note: This software version only supports IVL sy stems. Typ e: This displays the type of the ent ry.
69 5.2.2.5 show mac-address-table stats This command displ ays the MFDB statistics. Syntax show mac-address-table stats Default Setting None Command Mode Privileged Exec Display Message Max MFDB Table Entries: This di splays the total number of entries that can possibly be in the MFDB.
70 Syntax mac-address-table aging-time <10-1 000000> no mac-address-table aging-time <10 -1000000> <10-1000000 > - aging-time (Range: 10-1000 000) in seconds no - This command sets t he forwarding database address a ging timeout to 300 seconds.
71 5.2.3.2 show vlan id This command displays det ailed information, in cluding interface information, for a specific VLAN. Syntax show vlan {id <vlanid> | name <vlanname>} <vlanid> .
72 5.2.3.3 show protocol group This command displ ays the Protocol-Based VLAN information for either the entire system, or for the indicated Group. Syntax show protocol group {<group-name> | all} <group-name> - The grou p name of an entry in t he Protocol-based VLAN table.
73 Command Mode Privileged Exec Display Message Slot/port: Indicates by slot id and port nu mber which port is controlled by the fields on this line. It is possible to set the parameters fo r all ports by using the selectors on the top line.
74 vlan <vlanid> [<name> ] no vlan <vlanid> <vlanid> - VLAN ID (Range: 2 –3965). <name> - Configure an opt ional VLAN Name (a character string of 1 to 32 alphanumeric characters). no - This command deletes an exi sting VLAN.
75 5.2.3.8 vlan makestatic This command change s a dynamically creat ed VLAN (one that is created by GVRP registration) to a static VLAN (one that is permanently configured and defined). The ID is a valid VLAN identification number. VLAN range is 2-3965.
76 5.2.3.10 switchport acceptable-frame-type This command sets the frame accepta nce mo de per interface. For VLAN Only mode, untagged frames or priorit y frames received on this interface are discarded.
77 interface VLAN ID for this port. With either option, VLAN tagge d frames are forwarded in accordance with the IEEE 802.1Q VLAN Specification. Default Setting Admit all Command Mode Global Config 5.2.3.11 switchport ingress-filtering This command enables in gress filtering.
78 no switchport ingress-filtering all all - All interfaces. no - This command disables ingress filtering for all ports . If ingress filtering is disabled, frame s received with VLAN IDs that do not match the VLAN member ship of the receiving interface are admitted and forwarded to ports that are members of that VLAN.
79 <vlanid> - VLAN ID (Range: 1 –3965). all - All interfaces. no - This command sets the VLAN ID for all interfa ces to 1. Default Setting 1 Command Mode Global Config 5.2.3.13 switchport allowed vlan This command configure s the degree of participat ion for a specifi c interface in a VLAN.
80 switchport allowed vlan {add {tagged | untagged} | remove} all <vlanid> <vlanid> - VLAN ID (Range: 1 –3965). all - All interfaces. add - The interface is always a member of this VL AN. This is equivalent to registration fixed. tagged - all frames transmitted for this VLAN will be tagged.
81 This command configure s the tagging behavior for all interfaces in a VLAN to be enabled. If tagging is enabled, traffic is transmitted as t agged fra mes. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification number.
82 This command configure s the port priority assigned fo r untagged packets for all ports presently plugged into the device. Any subsequent per port configuration will ove rride this configuration setting. Syntax switchport priority all <0-7> <0-7> - The range for the priority is 0-7.
83 This command adds a prot ocol-based VLAN group to the system. The < group-name> is a character string of 1 to 16 characters. When it is created, the protocol group will be assig ned a unique number that will be used to ide ntify the group in subsequent commands.
84 Default Setting None Command Mode Global Config This command adds the <protocol> to the pr otocol-based VLAN identified by <group-name>. A group may have more than one protocol associ ated with it. Each interface and protocol combination can only be a ssociated with one group.
85 Syntax switchport forbidden vlan {add | rem ove} <vlanid> no switchport forbidden <vlanid> - VLAN ID (Range: 1 –3965). add - VLAND ID to add. remove - VLAND ID to remove. no - Remove the list of forbidden VLANs. Default Setting None Command Mode Interface Config 5.
86 5.2.4.2 show gvrp configuration This command displays Generi c Attributes Regi stration Protocol (GARP) information for one or all interfaces. Syntax show gvrp configuration {<slot/port> | all} <slot/port> - An interface number. all - All interfaces.
87 5.2.4.3 show gmrp configuration This command displays Generi c Attributes Regi stration Protocol (GARP) information for one or All interfaces. Syntax show gmrp configuration {<slot/port> | all} <slot/port> - An interface number. all - All interfaces.
88 Syntax show garp configuration {<slot/port> | all} <slot/port> - An interface number. all - All interfaces. Default Setting None Command Mode Privileged Exec Display Message Interface: This displays the slot/port of the interfa c e that this row in the table describes.
89 5.2.4.6 bridge-ext gmrp This command enabl es GARP Multicast Registra tion Protocol (GMRP) on the system. The default value is disabled. Syntax bridge-ext gmrp no bridge-ext gmrp no - This command disab les GARP Multicast R egistration Protocol (GMRP) on the system.
90 This command enabl es GVRP (GARP VLAN Regist ration Protocol) for all ports. Syntax switchport gvrp all no switchport gvrp all all - All interfaces. no - This command disables GVRP (GARP VLAN Registrati on Protocol ) for all ports. If GVRP is disabled, Join Time, Leave Time, and Leave All Time have no effect.
91 Interface Config This command enabl es GMRP Multicast Registra tion Protocol on all interfaces. If an interface which has GMRP enabl ed is enabled for routing or is enlisted as a member of a port-channel (LAG), GMRP functionality will be disabled on that interface.
92 no - This command sets the GVRP join time per port and per GARP to 20 centiseconds (0.2 seconds). This command has an effect only when GVRP and G MRP are enabled. Default Setting 20 centiseconds (0.2 seco nds) Command Mode Interface Config This command sets the GVRP join time for all ports and per GARP.
93 Note: This command has a n effect only when GVRP and GMRP are enabled. Syntax garp timer leave < 20-600 > no garp timer leave <20-600> - leave time (Range: 20 – 60 0) in centiseconds. no - This command sets t he GVRP leave time per port to 60 centiseconds (0.
94 Default Setting 60 centiseconds (0.6 seco nds) Command Mode Global Config This command set s how frequently Leave All PDUs are gen erated per port. A Leave All PDU indicates that all registrations will b e unregistered. Participants would need to rejoin in ord er to maintain registration.
95 Syntax garp timer leaveall all < 200-6000 > no garp timer leaveall all <200-6000> - leave time (Range: 200 – 6000) in cent iseconds. all - All interfaces. no - This command sets h ow frequently Leave All PDUs are generated for all port s to 1000 centisecond s (10 seconds).
96 Display Message Admin Mode: This indicates whether or not IGMP Snooping is a ctive on the switch. Multicast Control Frame Coun t: This displays the number of multica s t control frames that are processed by the CPU. Interfaces Enabled for IGMP Snooping: This is the l ist of interfaces on which IGMP Snoopin g is enabled.
97 <vlanid> - VLAN ID (Range: 1 – 3965). static - Displays only the configured multicast ent ries. dyn amic - Displays only entries learned through IGMP snooping. Default Setting None Command Mode Privileged Exec Display Message VLAN: This displays VLAN ID value.
98 Max Response Time This displays the amount of time the sw itch will wait after sending a query on an interface, participating in the VLAN, because it did not receive a report for a part icular group on that interface.
99 Default Setting 260 seconds Command Mode Global Config, Interface Config ip igmp snooping interfacemode This command enables IG MP Snooping on a selected interface.
100 all - All interfaces. no - This command disab les IGMP Snooping on all interfaces. Default Setting Disabled Command Mode Global Config ip igmp snooping mcrtrexpiretime This command sets the Mu lticast Router Present Expiration time on the system.
101 <sec> - Max time (Range: 1 – 3599). no - This command sets t he IGMP Maximum Response time on the syste m to 10 seconds. Default Setting 10 seconds Command Mode Global Config, Interface Config.
102 ip igmp snooping mrouter This command configure s a selected interfac e as a multicast route r interface. When configured as a multicast router interface, the interface is treated as a multicast router interface in all VLANs.
103 Command Mode Interface Config. ip igmp snooping vlan static This command is used to add a port to a multicast group. Syntax ip igmp snooping vlan <vlanid> static <macaddr > interface <slot/port> <vlanid> - VLAN ID (Range: 1 – 3965).
104 Default Setting None Command Mode Vlan Database set igmp groupmembership-interval This command set s the IGMP Group Membership Interval on a pa rticular VLAN.
105 Syntax set igmp maxresponse <1-3965 > <1-3599> no set igmp maxresponse <1-3965> <1-3965> - VLAN ID (Range: 1 – 3965). no - This command sets the IGMP maximum re sponse time on a particular VLAN to the default value.
106 Vlan Database set igmp fast-leave This command enables o r disables IGMP Snooping fast-leave admin mode o n a selected VLAN. Enabling fastleave allows the switch to immediat ely remove the layer 2.
107 5.2.6 Port Channel 5.2.6.1 show port-channel This command displ ays the static capability of all port-chann els (LAGs) on the device a s well as a summary of individual port-channels.
108 Display Message Log. Intf: The logical slot and the logical port. Port-Channel Name: The name of this port-ch annel (LAG). You may enter any string of up to 15 alphanumeric characters. Link : Indicates whether the Link is up or down. Admin Mode: May be enabled or disabl ed.
109 Command Usage 1. Max number of port-channels could be created by us er are 6 and M ax. Number of members for each port-channel are 8. 5.2.6.3 port-channel adminmode all This command sets every configure d port-channel with the same administ rative mode setting.
110 Default Setting Disabled Command Mode Interface Config 5.2.6.5 port-channel linktrap This command enables lin k trap notifications for the port-channel (LAG). The interface i s a logical slot and port for a configured port-channel. The option all sets every configured port-channel with the same administrati ve mode setting.
111 port-channel name {<logical slot/port> | all} <nam e> <logical slot/port> - Port-Channel Interface number. all - all Port-Channel interfaces. <name> - Configured Port-Cha nnel name (up to 15 characters). Default Setting None Command Mode Global Config 5.
112 Syntax lacp no lacp no - This command disab les Link Aggregati on Control Protocol (LACP) on a port. Default Setting Enabled Command Mode Interface Config This command enables Li nk Aggregation C ontrol Protocol (LACP) on all ports. Syntax lacp all no lacp all all - All interfaces.
113 Note: Before addin g a port to a port-channel, set the physical mode of the port. See ‘speed’ command. Syntax channel-group <logical slot/port> <logical slot/port> - Port-Channel Interface number. Default Setting None Command Mode Interface Config Command Usage 1.
114 Syntax delete-channel-group <logical slot/port> all <logical slot/port> - Port-Channel Interface number. all - All members for specific Port-Channel. Default Setting None Command Mode Global Config 5.2.7 Storm Control 5.2.7.1 show storm-control This command is used to display broad cast storm control information.
115 This command is used to display mu lticast storm control information. Syntax show storm-control multicast Default Setting None Command Mode Privileged Exec Display Message Intf: Displays interface number. Mode: Displays status of storm control m u lticast.
116 5.2.7.2 storm-control broadcast This command enables b roadcast storm recovery mode on the sele cted interface. If the mode is enabled, broadcast storm recov e ry with high threshold is implemented. The threshold implementation follows a percentage p attern.
117 Disabled Command Mode GlobaI Config 5.2.7.3 storm-control multicast This command enables mu lticast storm recovery mode on the selected interfa ce. Syntax storm-control multicast no storm-control multicast no - This command disab les multicast storm recovery mode on the selected interface.
118 5.2.7.4 storm-control unicast This command enabl es unicast storm recovery mo de on the selected interfa ce. Syntax storm-control unicast no storm-control unicast no - This command disab les unicast storm recovery mode on the selected inte rface.
119 5.2.7.5 switchport broadcast packet-rate This command will protect your network from broadcast storms by setting a threshold level for broadcast traffic on each port. Syntax switchport broadcast pa cket-rate {1 | 2 | 3 | 4} 1 - Threshold level represents 64 pps for 1G Port or 1042 pps for 1 0G port.
120 Level 4 Command Mode Global Config 5.2.7.6 switchport multicast packet-rate This command will protect your net work from mu lticast storms by setti ng a threshold level for multicast traffic on each port. Syntax switchport multicast packet-ra te {1 | 2 | 3 | 4} 1 - Threshold level represents 64 pps for 1G Port or 1042 pps for 1 0G port.
121 all - This command represents all interfaces. Note: pps (packet per se cond) Default Setting Level 4 Command Mode Global Config 5.2.7.7 switchport unicast packet-rate This command will protect your network from unicast storms by setting a threshold level for unicast traffic on each port.
122 switchport unicast all packet-rate {1 | 2 | 3 | 4} 1 - Threshold level represents 64 pps for 1G Port or 1042 pps for 1 0G port. 2 - Threshold level represents 128 pps for 1G Port or 2084 p ps for 10G port. 3 - Threshold level represents 256 pps for 1G Port or 3124 p ps for 10G port.
123 5.2.8.2 queue cos-map This command is used to assi gn class of se rvice (CoS) value to the CoS priority queue. Syntax queue cos-map <priority> <queue-id> no queue cos-map <queue-id> - The queue id of the CoS priority que ue (Range: 0 - 7 ).
124 Default Setting None Command Mode Privileged Exec Display Message Session ID: indicates the sessi on ID. Admin Mode: indicates whether the Port Monitoring feature is enabled or di sabled. The possible values are enabled and disabled. Probe Port: is the slot/port that is configured as the probe port.
125 Syntax no port-monitor Default Setting None Command Mode Global Config 5.2.9.3 port-monitor session mode This command configure s the administration mode of port-monitori ng function for a monitor session. Syntax port-monitor session <session-id> mode no port-monitor session <session -id> mode <session-id> - Session ID.
126 Syntax show ip interface Default Setting None Command Mode Privileged Exec Display Message IP Address: The IP address of the interface. T he factory default value is 0.0.0.0 Subnet Mask: The IP subnet mask for this interfac e. The factory default value is 0.
127 5.3.1.3 show ip ipv6 This command displays the IPv6 forwarding status of all ports. Syntax show ip ipv6 Default Setting None Command Mode Privileged Exec Display Message Intf: Interface number Typ e: Status of each interface for IPv6.
128 5.3.1.5 interface vlan This command is used to enter Interface -vlan configuration mode. Syntax interface vlan <vlanid> <vlanid> - VLAN ID (Range: 1 - 3965). Default Setting None Command Mode Global Config 5.3.1.6 ip address This command sets the IP Address, and sub net mask.
129 Interface-Vlan Config Command Usage Once the IP address is set, the VLAN ID’s value will be assigned to management VLAN. 5.3.1.7 ip default-gateway This command sets the IP Address of the default gate way.
130 <dhcp> - Obtains IP address from DHCP. <none> - Obtains IP addre ss by setting configuration. Default Setting None Command Mode Interface-Vlan Config 5.3.1.9 ip filter This command is used to enable the IP filter function. Syntax ip filter no ip filter no – Disable ip filter.
131 Default Setting None Command Mode Global Config 5.3.1.10 ip ipv6 This command is used to enable the Ip v6 function on spe cific interface. Syntax ip ipv6 no ip ipv6 no - disable IPv6. Default Setting Enabled Command Mode Interface Config This command is used to enable the Ipv 6 function on all interfaces.
132 Command Mode Global Config 5.3.2 Serial Interface Commands 5.3.2.1 show line console This command displays serial comm unication settings for the switch.
133 Syntax line console Default Setting None Command Mode Global Config 5.3.2.3 baudrate This command specifie s the communication rate of the terminal interface.
134 <0-160> - max connect time (Ra nge: 0 -160). no - This command sets the maximum connect time (in minutes) without console activity to 5. Default Setting 5 Command Mode Line Config 5.3.2.5 password-threshold This command is used to set the password inst ruction threshold limiting the number of failed login attempts.
135 <0-65535> - silent time (Range: 0 - 655 35) in seconds. no - This command sets the maximum value to the default. Default Setting 0 Command Mode Line Config 5.3.3 Telnet Session Commands 5.3.3.1 telnet This command establi shes a new outbound te lnet connection to a remote host.
136 Syntax show line vty Default Setting None Command Mode Privileged Exec Display Message Remote Connection Login Timeout (minutes): This object indicates the number of minute s a remote connection session is allowed to remain inactive before being logged off.
137 5.3.3.4 exec-timeout This command sets the re mote connection session timeout value, in minutes. A sessi on is active as long as the session has b een idle fo r the value set. A value of 0 indicates that a session remains a ctive indefinitely. The time is a decimal value from 0 to 160.
138 3 Command Mode Telnet Config 5.3.3.6 maxsessions This command specif ies the maximum number of remote connectio n sessions that can be established. A value of 0 indicates that no remote connection can be established. The range is 0 to 5. Syntax maxsessions <0-5> no maxsessions <0-5> - max session s (Range: 0 - 5).
139 no - This command disab les telnet sessions. If sess ions are disabled, no new telnet session s are established. Default Setting Enabled Command Mode Telnet Config 5.
140 Syntax telnet maxsessions <0-5> no maxsessions <0-5> - max session s (Range: 0 - 5). no - This command sets the maximum value to be 5. Default Setting 5 Command Mode Global Config 5.3.3.10 telnet exec-timeout This command sets the outbound telnet se ssion timeout value in minute.
141 5.3.3.11 show telnet This command displays the current outbound telnet settings. Syntax show telnet Default Setting None Command Mode User Exec, Privileged Exec Display Message Outbound Telnet Login Timeout (in minutes ) Indicates the number of minut es an outbound telnet session is allow ed to remain inactive before being logged off.
142 Syntax show snmp Default Setting None Command Mode Privileged Exec Display Message SNMP Community Name: The comm unity string to which this en try grants access. A valid entry is a case-sensitive alpha numeric string of up to 16 cha rac ters. Each row of this table must contain a unique community name.
143 Authentication Flag: May be enabled or disabled. The factory defa ult is enabled. Indicates whether authentication failure traps will be sent. Link Up/Down Flag: May be enabled or disabled. The factory default is enabled . Indicates whether link status traps will be sent.
144 snmp-server location <loc> <loc> - range is from 1 to 31 alpha numeric characters. Default Setting None Command Mode Global Config 5.3.4.5 snmp-server contact This command sets the org anization responsible for the network. The ran ge for contact is from 1 to 31 alphanumeric characters.
145 Syntax snmp-server community <name> no snmp-server community <name> <name> - community nam e (up to 16 case-sensitive characters). no - This command removes this community name from the table. The name is the community name to be deleted.
146 Command Mode Global Config This command set s a client IP mask for an SNMP community. The address is the associated community SNMP packet sending address and is u s ed along with the client IP address value to denote a range of IP addresses from which SNMP client s may use that community to access the device.
147 <ro> - access mode is read-only. <rw> - access mode is rea d/write. Default Setting None Command Mode Global Config 5.3.4.7 snmp-server host This command sets a client IP address for an SNMP community.
148 Syntax snmp-server enable trap s authentication no snmp-server enable traps au thentication no - This command disab les the Authentication trap. Default Setting Enabled Command Mode Global Config This command enables the DVMRP trap.
149 Default Setting Enabled Command Mode Global Config This command enables Mu ltiple User traps. When the traps are enabled, a Multiple User Trap is sent when a user logs in to the termin al interface (EIA 232 or telnet) and there is an existing terminal interface sessi on.
150 Global Config This command enables PIM traps. Syntax snmp-server enable trap s pim no snmp-server enable traps pim no - This command disab les PIM trap. Default Setting Enabled Command Mode Global Config This command enables the sendin g of new root traps and topology change notification traps.
151 5.3.5 SNMP Trap Commands 5.3.5.1 show snmptrap This command displ ays SNMP trap recei vers. Trap messages are sent across a network to an SNMP Network Manager. These messag es aler t the manager to events occurring within the switch or on the network.
152 no snmp trap link-status no - This command disab les link status traps by interface. Note: This command i s valid only when the Link Up/Down Flag is enable d. (See ‘snmpserver enable traps linkmode’ command.) Default Setting Disabled Command Mode Interface Config This command enables lin k status traps for all interfaces.
153 5.3.5.3 snmptrap <name> <ipaddr> This command adds an SNMP trap nam e. The maximum length of the name is 16 case-sensitive alpha numeric characte rs. Syntax snmptrap <name> <ipaddr> no snmptrap <name> <ipaddr > <name> - SNMP trap name (Range: up to 16 case-sensitive alphanumeri c characters).
154 Default Setting None Command Mode Global Config 5.3.5.5 snmptrap mode This command activates or deactivate s an SN MP trap. Enabled trap receivers are active (able to receive traps). Disabled trap receivers are ina ctive (not able to receive traps).
155 Default Setting None Command Mode Privileged Exec Display Message HTTP Mode (Unsecure): This field indi cates whether the HTTP mode is enabled or disabled. HTTP Port: This field specifies the port configured for HTTP. HTTP Mode (Secure): This field indicat es whether the administr ative mode of secure HTTP is enabled or disabled.
156 Syntax ip http port <1-65535> no ip http port <1-65535> - HTTP Port value. no - This command is used to reset the http port to the default value. Default Setting 80 Command Mode Global Config 5.3.6.4 ip http server This command enabl es access to the switch through the Web interface.
157 5.3.6.5 ip http secure-port This command is used to set the SSLT port where port can be 1-65535 an d the default is port 443. Syntax ip http secure-port <p ortid> no ip http secure-port <portid> - SSLT Port value. no - This command is used to reset the SSLT port to the default value.
158 5.3.6.7 ip http secure-protocol This command is u sed to set protocol levels (v ersion s). The protocol level can be set to TLS1, SSL3 or to both TLS1 and SSL3.
159 Max SSH Sessions Allowed: The maximum number of inbound SSH session s allowed on the switch. SSH Timeout: This field is the inactive timeout value for incoming SSH sessions to the switch. 5.3.7.2 ip ssh This command is used to enable SSH. Syntax ip ssh no ip ssh no - This command is used to disable SSH.
160 5.3.7.4 ip ssh maxsessions This command specifie s the maximum number of SSH connection sessions that can be established. A value of 0 indicates that no ss h connection can be e stablished. The range is 0 to 5. Syntax ip ssh maxsessions <0-5> no ip ssh maxsessions <0-5> - maximum number of sessions.
161 <1-160> - timeout interval i n seconds. no - This command set s the SSH connection session timeout value, in minute s, to the default. Changing the timeout value for active sessions does not be come effective until the session is reaccessed.
162 no ip dhcp client-identifier <text> - A text string. (Range: 1-15 characters). <hex> - The hexadecimal value (00:00:00:00:00:00). no - This command is used to restore to default value. Default Setting System Burned In MAC Address Command Mode Global Config 5.
163 Server IP Address - IP addre ss of the BOOTP/DHCP server or the IP address of the next BOOTP/DHCP Relay Agent. Circuit Id Option Mode - This is the Relay agent opti on which can be either enabled or disabl ed.
164 Syntax bootpdhcprelay serverip <ipaddr> no bootpdhcprelay serv erip <ipaddr> - A server IP address. no - This command is used to reset to the default value. Default Setting IP 0.0.0.0 Command Mode Global Config 5.4 S p anning T ree Commands This section provides detailed explanati on of the spanning tree command s.
165 None Command Mode Privileged Exec Display Message Bridge Priority: Configured value. Bridge Identifier: The MA C Address for the Bridge from which t he Bridge Identifiers used by the Spanning Tree Algorithm and Protocol. Time Since Topology Change: In se conds.
166 Privileged Exec Display Message Port Mode: The administration mode of spa nning tree. Port Up Time Since Counters Last Cleared: Time since the port was reset, displayed in days, hours, minutes, and seconds. STP BPDUs Transmitted: Spanning Tree Protocol Bridge Protocol Data Unit s sent.
167 Syntax show spanning-tree mst detailed <0-4094> <0-4094> - multiple spanning tree instance ID. Default Setting None Command Mode Privileged Exec Display Message MST Instance ID: The multiple spannin g tree instance ID. MST Bridge Priority: The bridge priority of current M ST.
168 For each MSTID: The multiple spanning tree instance ID. Associated FIDs: List of forwarding databa se identifier s associated with this instance. Associated VLANs: List of VLAN IDs associated with this instance.
169 Auto-calculate Port Path Cost: Indicat e the port auto-calculate port path cost Auto-calculate External Port Path Cost - Displays whether the external path cost is autom atically calculated (Enable d) or not (Disabled).
170 STP Mode: Indicate STP mode. Typ e: Currently not used. STP State: The forwarding state of the port in the specified spanning tree instance. Port Role: The role of the specified port within the spanning tree. 5.4.1.5 show spanning-tree summary This command displays spanning tree settings a nd parameters for the switch.
171 Default Setting None Command Mode Privileged Exec Display Message Bridge Priority: Configured value. Bridge Identifier: The bridge ID of curre nt Spanning Tree. Bridge Max Age: Configured value. Bridge Hello Time: Configured value. Bridge Forward Delay : Configured value.
172 Syntax spanning-tree protocol-m igration {<slot/port> | all} no spanning-tree protocol-migration {<slo t /port> | all} <slot/port> - is the desired interface nu mber. all - All interfaces. no - This command disables BPDU mi gration check on a given interface.
173 This command sets the Co nfiguration Identifie r Revision Level for use in identifying the configuration that this switch is currently usin g. The Configuration Ident ifier Revision Level is a number in the range of 0 to 65535.
174 Command Mode Global Config 5.4.2.5 spanning-tree forward-time This command sets the Bri dge Forward Delay parameter to a new value for the common and internal spanning tree. The forwa rd-time value is in seconds within a range of 4 to 30, with the value being greater than or equal to "(Bridge Max Age / 2) + 1".
175 <1-10> - hellotime value (Range: 1 – 1 0). no - This command sets t he Hello Time parameter f or the common and internal spanning tree to the default value, that is, 2.
176 Syntax spanning-tree max-ho ps <1-127> no spanning-tree max-hops <1-127> - the Maximum hops value (Ra nge: 1-127). no - This command sets t he Bridge Max Hops parameter for the common and internal spanning tree to the default value. Default Setting 20 Command Mode Global Config 5.
177 This command sets the bri dge priority for a specific multiple spanning tree instance. The instance <mstid> is a number that co rresponds to the desired existing multiple sp anning tree instance. The priority value is a number within a range of 0 to 61440 in increment s of 4096.
178 spanning-tree mst v lan <0-4094> <1-3965> no spanning-tree mst vl an <0-4094> <1-3965> <0-4094> - multiple spanning tree instance ID. <1-3965> - VLAN ID (Range: 1 – 3965). no - This command removes an asso ciation between a multiple spanning tree inst ance and a VLAN.
179 If the ‘cost’ token is specified, this command sets the path cost for thi s port within a multiple spanning tre e instance or the common and internal spanning tree instance, depending on the <0-4094> para meter, to the default value, that is, a pathcost value based on the Link Speed.
180 Interface Config 5.4.2.10 spanning-tree port mode This command sets the Administrative Switch Port State for this port to enabled. Syntax spanning-tree port mode no spanning-tree port mode no - This command sets t he Administrative Switch Port State for this port to disabled.
181 5.4.2.11 spanning-tree edgeport This command specifies that this port is an Edge Port within the common and internal spanning tree. This will allow this port to transition to Forwarding State without delay.
182 Display Message Logging Client Local Port The port on the collector/relay to which syslo g messages are sent CLI Command Logging The mode for CLI command loggin g. Console Logging The mode for consol e logging. Console Logging Severity F ilter The minimum severity to log to the console log.
183 Syntax show logging traplogs Default Setting None Command Mode Privileged Exec Display Message Number of Traps since last reset: The number of traps that have occurred since the last reset of this device. Trap Log Capacity: The maximum number of traps that could be stored in the switch.
184 5.5.4 Configuration Commands 5.5.4.1 logging buffered This command enables lo gging to in-memory log where up to 128 l ogs are kept. Syntax logging buffered no logging buffered no - This command disab les logging to in-memory log.
185 5.5.4.2 logging console This command enabl es logging to the console. Syntax logging console [<severity le vel> | <0-7>] no logging console [<severi tylevel> | <0-7>] - The.
186 Default Setting None Command Mode Privileged Exec This command disable s logging to hosts. Syntax logging host remove <hostindex> < hostindex > - Index of the log server. Default Setting None Command Mode Privileged Exec This command reconfigures the IP address of the log serve r.
187 Privileged Exec 5.5.4.4 logging syslog This command enables syslog logging. Syntax logging syslog no logging syslog no - Disables syslog logging. Default Setting None Command Mode Privileged Exec This command sets the local port num ber of the LOG client for logging messa ges.
188 Command Mode Privileged Exec 5.5.4.5 clear logging buffered This command clears all in-memory log. Syntax clear logging buffered Default Setting None Command Mode Privileged Exec 5.6 Script Management Commands 5.6.1 script apply This command applies the commands in the conf iguration script to the switch.
189 None Command Mode Privileged Exec 5.6.2 script delete This command deletes a specified script or all the scripts presented in the switch. Syntax script delete {<scriptnam e> | all} <scriptname> - The name of the script to be deleted.
190 Default Setting None Command Mode Privileged Exec 5.6.4 script show This command displays the content of a script file. Syntax script show <scriptname> <scriptname> - Name of the script file. Default Setting None Command Mode Privileged Exec 5.
191 Syntax show users Default Setting None Command Mode Privileged Exec Display Message User Name: The name the user will use to login using the se rial port, Telnet or Web. A new user m ay be added to the switch by entering a n ame in a blank entry. The user name may be up to eight characters, and is not case sensitive.
192 no username <username> <username> - is a new user nam e (Range: up to 8 characters). no - This command removes a user name created before. Note: The admin user account cannot b e deleted. nopassword - This command sets the password of an existi ng operator to bla nk.
193 Global Config 5.7.2.3 username snmpv3 encryption This command specifie s the encryption protocol and key to be used for the specified login user. The valid encryption protocol s are none or des . The des prot ocol requires a key , which can be specified on the co mmand line.
194 Syntax show users authentication Default Setting None Command Mode Privileged Exec Display Message User: This field lists every use r that has an authentication login list assigned. System Login: This field display s the authentication login list assigned to the user for sy stem login.
195 5.8.1.3 show authentication users This command displays information about the users assi gned to the specified authentication login list. If the login is assigned to non-configur ed users, the user “default” will appear in the user column.
196 5.8.1.5 show dot1x detail This command is used to show a summary of t he global dot1x configuration and the detailed dot1x configuration for a specified port. Syntax show dot1x detail <slot/port> <slot/port> - is the desired interface nu mber.
197 5.8.1.6 show dot1x statistics This command is used to show a summ ary of the global dot1x configuration and the dot1x statistics for a spec ified port. Syntax show dot1x statistics <slot/port> <slot/port> - is the desired interface nu mber.
198 5.8.1.7 show dot1x summary This command is used to show a summ ary of the global dot1x configuration and summary information of the dot1x configuration for a specified port or all po rts. Syntax show dot1x summary {<slot/port> | all} <slot/port> - is the desired interface nu mber.
199 None Command Mode Privileged Exec Display Message User: Users config ured locally to have access to the specified port. 5.8.1.9 show radius-servers This command is used to display item s of the configured RADIUS server s.
200 Command Mode Privileged Exec Display Message Current Server IP Address: Indicates the configured server currently in use for authentication Number of configured servers: The co nfigured IP address.
201 Requests: The number of RADIUS Accounting-Request pack ets sent to this accounting serv er. This number does not include re transmissions. Retransmission: The num ber of RADIUS Accounting-Re quest packets retransmitted to this RADIUS accounting server.
202 Access Requests: The number of RADIUS Access-Re quest pa ckets sent to this server. This number does not include retran smissions. Access Retransmission : The number of RADIUS Access-Request pac kets ret ransmitted to this RADIUS authentication server.
203 Server 1 Retry: Retry count if TACACS server ha s no response Server 1 Mode: Current TACACS serv er admin mode (disable, master or slave ) Server 2 Port: TACACS packet port number Server 2 Key: Se.
204 Syntax show port-security { <slot/port> | all } Default Setting None Command Mode Privileged Exec Display Message Intf Interface Number. Interface Admin Mode Port Locking mode for the Interface. Dynamic Limit Maximum dynamically allocated MA C Addresses.
205 None Command Mode Privileged Exec Display Message MAC addr ess Statically locked MAC address. This command displ ays the source MAC address of the last packet that was discarded on a locked port.
206 The value of local indicates that the user’s locally stor ed ID and password are used for authentication. The value of radius indicates that the user’s ID and password will be authenticated using the RADI US server. The value of reject in dicates that the user is never authenticated.
207 <listname> - an authenticat ion login list. Default Setting None Command Mode Global Config 5.8.2.3 username login This command assign s the specif ied authentication login list to the specified u ser for system login. The < username> must be a confi gured < username> and the < listname> must be a configured login list.
208 5.8.3 Dot1x Configuration Commands 5.8.3.1 dot1x initialize This command begin s the initialization sequenc e on the specified p ort. This command is only valid if the control mode for the specified port is 'auto'. If the control mode is not 'auto' an error will be returned.
209 5.8.3.3 dot1x login This command assigns the specified authenticati on login list to the specified user for 802.1x port security. The <user> param eter must be a configured user and the <listname> parameter must be a configured authe ntication login list.
210 Global Config 5.8.3.5 dot1x user This command adds the specified user to the list of users with acce ss to the specified port or all ports. The <username> parameter must be a configured user.
211 dot1x port-control all {auto | force-authorized | force-unauthorized} no dot1x port-control all all - All interfaces. no - This command sets t he authentication mode to be used on all ports to 'aut o'. Default Setting auto Command Mode Global Config This command sets the authentication m ode to be used on the specified port.
212 5.8.3.7 dot1x max-req This command sets the ma ximum number of times the authenticator state ma chine on this port will transmit an EAPOL EAP Request/Identity frame before timing out the supplicant. The <1-10> value must be in the rang e 1 - 10.
213 5.8.3.9 dot1x re-reauthenticate This command begins the re-authentication seque nce on the specified port. This command is only valid if the control mode for the specifi ed port is 'auto'. If the control mode i s not 'auto' an error will be returned.
214 server-timeout: Sets the value, in seconds, of the timer used by the authenticator state machine on this port to timeout the authentic ation se rver.
215 no - This command is used to set the RADIUS accounti ng function to the defa ult value - that is, the RADIUS accounting function is disabl ed. Default Setting Disabled Command Mode Global Config 5.8.4.2 radius-server host This command is used to configure the RA DIUS authenticatio n and accounting server.
216 Default Setting None Command Mode Global Config 5.8.4.3 radius-sever key This command is used to configure the shar ed secret betwe en the RADIUS client and the RADIUS accounting / authentication server.
217 no radius-server retransmit <retries> - the maximum n umber of times (Range: 1 - 15). no - This command sets the maximum number of time s a request packet is re-transmitted, when no response is received from the RADIUS se rver, to the default value, that is, 10.
218 Syntax radius-server msgauth <ipaddr> <ipaddr> - is a IP address. Default Setting None Command Mode Global Config 5.8.4.7 radius-server primary This command is used to configure the prim ary RADI US authentication server for this RADIUS client.
219 5.8.5 TACACS Configuration Commands 5.8.5.1 tacacs This command is used to enable /di sable the TACACS function. Syntax tacacs no tacacs no - This command is used to di sable the TACACS function. Default Setting Disabled Command Mode Global Config 5.
220 5.8.5.3 tacacs server-ip This command is used to configur e the TACACS server IP address. Syntax tacacs serv er-ip <1-3> <ipaddr > no tacacs server-ip <1-3> <ipaddr> - An IP address. <1-3> - The valid value of index is 1, 2, and 3.
221 Command Mode Global Config 5.8.5.5 tacacs key This command is used to configure the TACACS s erver share d secret key. Syntax tacacs key <1-3 > no tacacs key <1-3> Note that the length of the secr et key is up to 32 characters. <1-3> - The valid value of index is 1, 2, and 3.
222 Default Setting 5 Command Mode Global Config 5.8.5.7 tacacs timeout This command is used to configure the TACACS request timeout of an instan ce. Syntax tacacs timeout <1-3 > <1-255> no tacacs timeout <1-3> <1-255> - max timeout (Range: 1 to 255 ).
223 port-security no port-security Default Setting None Command Mode Global Config, Interface Config 5.8.6.2 port-security max-dynamic This command sets the ma ximum of dynam ically locked MAC addresses allowed on a specific port.
224 Syntax port-security max-static [<0-20>] no port-security max-static no - This command resets the maximum number of st atically locked MAC addresses allowe d on a specific port to its default value. Default Setting 20 Command Mode Interface Config 5.
225 5.8.6.5 port-security mac-address move This command converts dy namically locked MAC addresses to statically locked addresses. Syntax port-security mac-address move Default Setting None Command Mode Interface Config 5.9 CDP (Cisco Discovery Protocol) Commands 5.
226 show cdp Default Setting None Command Mode Privileged Exec Display Message CDP Admin Mode: CDP enable or di sable CDP Holdtime (sec): The l ength of time a receiving device should hold the FortiSw.
227 5.9.1.3 show cdp traffic This command displays the CDP traffic counters information. Syntax show cdp traffic Default Setting None Command Mode Privileged Exec Display Message Incoming packet number: Received le gal CDP packets number from neighbors.
228 5.9.2.2 cdp run This command is used to enable CDP on a specified interface. Syntax cdp run no cdp run no - This command is used to disable CDP on a specified interface. Default Setting Enabled Command Mode Interface Config This command is used to enable CDP for all interfaces.
229 5.9.2.3 cdp timer This command is used to configure an interval time (seconds) of the sending CDP packet. Syntax cdp timer <5-254> no cdp timer <5-254> - interval time (Range: 5 – 254 ). no - This command is used to reset the interval time to the default value.
230 5.10 SNTP (Simple Network T ime Protocol) Commands 5.10.1 Show Commands 5.10.1.1 show sntp This command displays the current time and c onfiguration settings for the SNTP client, and indicates whether the local time has been prop erly updated.
231 Command Mode Privileged Exec Display Message Client Supported Modes Supported SNTP Mode s (Broadca st, Unicast, or Multicast ). SNTP Version The highest SNTP version the client supports. Port SNTP Client Port Client Mode: Configured SNTP Client Mode.
232 5.10.2 Configuration Commands 5.10.2.1 sntp broadcast client poll-interval This command will set the poll interval for SNTP broadcast clients in seconds as a power of two where <poll-interval> can be a value from 6 to 16.
233 Default Setting None Command Mode Global Config 5.10.2.3 sntp client port This command will set the SNTP client p ort id and polling interval in seconds. Syntax sntp client port <portid> [<6-10> ] no sntp client port <portid> - SNTP client port id.
234 no sntp unicast client poll-interval <6-10> - Polling interval. It's 2^(value) seco nds where value is 6 to 10. no - This command will reset the poll interval for SNTP unica st clients to its default value. Default Setting The default value is 6.
235 Syntax sntp unicast client poll-retry <poll-retry> no sntp unicast client poll-retry < poll-retry> - Polling retry in seconds. The range is 0 to 10. no - This command will reset the poll re try for SNTP unicast clients to its default value.
236 Command Mode Global Config 5.10.2.8 sntp clock timezone This command sets the time zo ne for the switch’s internal clock. Syntax sntp clock timezone <na me> <0-12> <0-59 > {before-utc | after -utc} <name> - Name of the time zone, usu ally an acronym.
237 Syntax clear arp Default Setting None Command Mode Privileged Exec 5.11.1.2 clear traplog This command clears the trap log. Syntax clear traplog Default Setting None Command Mode Privileged Exec 5.11.1.3 clear eventlog This command is used to clear the event log, which contains error messages from the system.
238 Command Mode Privileged Exec 5.11.1.4 clear logging buffered This command is used to clear the message log maintained by the swit ch. The message log contains system trace information. Syntax clear logging buffered Default Setting None Command Mode Privileged Exec 5.
239 5.11.1.6 clear pass This command resets all user passwo rds to the factory defaults without powering off the switch. You are prompted to confirm that the password reset shoul d proceed. Syntax clear pass Default Setting None Command Mode Privileged Exec 5.
240 Syntax clear dns counter Default Setting None Command Mode Privileged Exec 5.11.1.9 clear dns cache This command clears all entries from the DNS cache. Syntax clear dns cache Default Setting None Command Mode Privileged Exec 5.11.1.10 clear cdp This command is used to clear the CDP neigh bors inf ormation and the CDP packet counters.
241 Default Setting None Command Mode Privileged Exec 5.11.1.11 clear vlan This command resets VLAN co nfigurat ion parameters to the factory defaults. Syntax clear vlan Default Setting None Command Mode Privileged Exec 5.11.1.12 enable passwd This command changes Privileged EXEC password.
242 5.11.1.13 clear igmp snooping This command clears the tables managed by t he IGMP Snooping function and will attempt to delete these entries from the Multicast Forwarding Database. Syntax clear igmp snooping Default Setting None Command Mode Privileged Exec 5.
243 clear ip filter Default Setting None Command Mode Privileged Exec 5.11.1.16 clear dot1x statistics This command resets the 802.1x statistics for the specified port or for all port s . Syntax clear dot1x statistics {all | <slot/port>} <slot/port> - is the desired interface nu mber.
244 None Command Mode Privileged Exec 5.11.1.18 clear tacacs This command is used to clear TA CACS configuration. Syntax clear tacacs Default Setting None Command Mode Privileged Exec 5.11.2 copy This command uploads a nd downloads to/from the switch.
245 copy startup-con fig <sourcefilename> <url > copy {errorlog | log | traplog} <url > copy script <sourcefilename> <url> where <url>={xmodem | tftp://ipaddr/path/file} <sourcefilen ame> - The filename of a configuration file or a script file.
246 sslpem-root - Secure Root PEM file. sslpem-server - Secure Server PEM file. sslpem-dhweak - Secure DH Weak PEM file. sslpem-dhstrong - Secure DH Strong PEM file.
247 no clibanner <url> - xmodem or tftp://ipaddr/path/file. no - Delete CLI banner. Default Setting None Command Mode Privileged Exec 5.11.3 delete This command is used to delete a config uration or image file. Syntax delete <filename> <filename> - name of the configuration or image file.
248 <filename> - name of the configuration or image file. boot-rom - bootrom. config - configuration file. opcode - run time operation code. Default Setting None Command Mode Privileged Exec Display Message Column Headin g Description date The date that the file was created.
249 5.11.6 boot-system This command is used to specify the file or image used to start up the system. Syntax boot-system {boot-rom | config | opcode} <filena me> <filename> - name of the configuration or image file. boot-rom - bootrom. config - configuration file.
250 Privileged Exec Ping on changing param eter value Syntax ping <host> count <0-200 00000> [size <32-512>] ping <host> size <32-512> [count <0-2000 0000>] <ipaddr> - an IP address. <0-20000000> - number of pings (Range: 0 - 20000000).
251 <1-255> - The maximum time to live used in outgoi ng probe packets. Default Setting None Command Mode Privileged Exec 5.11.9 logging cli-command This command enabl es the CLI command Logging fea ture. The Command Logging component enables the switch to log all Comm and Line Interface (CLI) comman ds issued on the system.
252 <2000-2099> - Year (4-digit). (Ran ge: 2000 - 2099). Default Setting None Command Mode Privileged Exec 5.11.11 reload This command resets the switch without pow ering it off. Reset means that all network connections are terminated and the bo ot code executes.
253 5.11.13 disconnect This command is used to close a teln et session. Syntax disconnect {<0-10> | all} <0-11> - telnet session ID. all - all telnet session s. Default Setting None Command Mode Privileged Exec 5.11.14 hostname This command is used to set the prompt string.
254 5.11.15 quit This command is used to exit a CLI session. Syntax quit Default Setting None Command Mode Privileged Exec 5.12 Dif ferentiated Service Command Note: This Switching Command function can onl y be used on the QoS software version. This chapter contains the CLI comman ds used fo r the QOS Differentiated Services (DiffServ) package.
255 Note that the type of class - all, any, or acl - has a bearing on the validity of match criteria specified when defining the class. A clas s type of 'any' processes its match rules in an ordered sequence; additio nal rules specified for such a class simply extend this list.
256 Syntax Diffserv Command Mode Global Config 5.12.1.2 no diffserv This command sets the DiffServ operatio nal mode to inactive. While disabled, the DiffServ configuration is retai ned and can be cha nged, but it is not activated. When ena bled, Diffserv services are activated.
257 5.12.2.1 class-map This command d efines a new DiffServ c l ass of type match-all, match-any or match-acce ss-group. Syntax class-map [ match-all ] <class-map-name> <class-map-name> is a case sensitive alphanumeric stri ng from 1 to 31 charact ers uniquely identifying the class.
258 <class-map-name> is the name of an e xisting DiffServ class. Note: The class n ame 'default' is reserved and is not allowed here. This command may be issued at any time; if the class i s currently referenced b y one or more policies or by any other class, this deletion attempt shall fail.
259 Command Mode Class-Map Config 5.12.2.5 match class-map This command adds to the spe c ified class defin ition the set of match conditions defined for another class.
260 no match class-map <refclassnam e> < refclassname> is the na me of an existing DiffServ class whose match conditi ons are being referenced by the specified class definition. Note: There is no [ not ] opt ion for this match command. Default None Command Mode Class-Map Config 5.
261 echo, ftp, ftpdata, http, smtp, snm p, telnet, tftp, www . Each of these translates into its equivalent port number, which is use d as both the start and end of a port range. To specify the match condition using a numeric notation, one layer 4 port number i s required.
262 5.12.2.10 match ip precedence This command adds to the specified class definition a match co ndition based on the value of the IP Precedence field in a packet, which is defined as the high-order three bits of the Service Type octet in the IP header (the low-order five bits are not checked).
263 Note: In essence, this the “free form ” versi on of the IP DSCP/Precedence/TOS match specification in that the user has complet e cont rol of specifying which bits of the IP Service Type field are checked. Default None Command Mode Class-Map Config 5.
264 <ipaddr> specifies an IP address. < ipmask> specifies an IP address bit mask; note th at although it resembles a standard subnet mask, this bit mask need not be contiguous.
265 5.12.3 Policy Commands The 'policy' command set is used in DiffServ to define: Traffic Conditioning Specify traffic con ditioning actions (policing, marking, sha ping) to apply to traffic classes Service Provisioning Specify bandwidth and qu eue depth management requi rements of service levels (EF, AF, etc.
266 5.12.3.2 drop This command specifies that all packets for the associated traffic stream are to be dropped at ingress. Syntax drop Command Mode Policy-Class-Map Config 5.
267 5.12.3.4 conform-color This command is used to enable color-aware traffic policing and define the conform-color class maps used. Used in conj unction with the police command where the fields for the conform level (for simple, single-rate, an d two-rate policing) are sp ecified.
268 Policy-Class-Map Config Policy Type I n 5.12.3.6 class This command creates an instan ce of a class definition within the specified policy for the purpose of defining treatment of the traffi c class through subsequ ent policy attribute statements.
269 mark ip-dscp <value> <value> is sp ecified as either an integer from 0 to 63, or symbolically through one of the following keywords: af11, af12, af13, af21, af22, a f23, af 31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef.
270 from 0-7. <set-dscp -transmit> is required and is specified as either an integer from 0 to 63, or symbolically through one of the following keywords: af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef .
271 policy-map rename <policyname> <newpolicyname> <policyname> - Old Policy name. <n ew p o li c yn am e > - New policy name. Command Mode Global Config Policy Type In 5.
272 Note: This command effectively enables DiffServ on an interface (in a particular direction). There is no separate interface admini strative 'mode' command for DiffServ. Note: This command shall fail if any attributes within the policy definition exceed the capabilities of the interface.
273 • Classes • Policies • Services This information can be displayed in eith er summary or detailed formats. The status information is only shown when the DiffServ adm i nistrative mode is enabled; it is sup pressed otherwise. There is also a 'show' command for gen era l DiffServ information that is available at any time.
274 Precedence, IP TOS, Protocol Keyword, Refere nce Class, Source IP Address, Source Layer 4 Port, Source MAC Address, and VLAN. Values This field displays the values of the Match Criteria. Excluded This field indicates wheth er this Match Crit eria is excluded.
275 Class Rule Table Size Current/Max The curre n t or maximum number of entries (rows) in the Class Rule Table. Policy Table Size Current/Max The current or maximum number of entries (ro ws) in the Policy Table. Policy Instance Table Size Current/Max The current or maximum number of entries (rows) in the Policy Instance Table.
276 Mark IP Precedence Denotes the mark/re-ma rk value used as the IP Precedence for traffic matching this class. This is not displayed if either mark DSCP or policing is in use for the class under this poli cy. Policing Style This field denotes the style of policing, if any, used simple.
277 Syntax show diffserv service <slot/port> in < slot/port> specifies a valid slot number and port number fo r the system. The direction parameter indicat es the interface direction of interest.
278 DiffServ Admin Mode The current setting of the DiffServ administ rative mode. An attache d policy is only active on an interface while DiffServ is in an enabled mode.
279 The following information is repeated for each class instance within this policy: Class Name The name of this class inst ance. In Offered Octets/Packet s A count of the octets/packets offered to this cla ss instance before the defined DiffServ treatment is applied.
280 Privileged EXEC Display Message The following information is repeated fo r each interface and direction (only those interfaces configured with an attach ed policy are shown): Interface The slot number and port number of the interface (slot/port). Operational Status The current operational status of this DiffServ service interface.
281 5.13 ACL Command 5.13.1 Show Commands 5.13.1.1 show mac access-lists This command displ ays a MAC access list and a ll of the rules that are defined for the ACL.
282 5.13.1.2 show mac access-lists This command displays a summary of all defined MAC access lists in the system. Syntax show mac access-list Default Setting None Command Mode Privileged EXEC Display Message Current number of all ACLs The number of user-configure d rules defined for this ACL.
283 Default Setting None Command Mode Privileged EXEC Display Message Current number of ACLs The number of user-configured rules def ined for this ACL. Maximum number of ACLs The maximum number of ACL rule s. ACL ID The identifier of this ACL. Rule This displays the number identifier for each rule that is defin ed for the ACL.
284 ACL Type This displays ACL type is IP or MAC. ACL ID This displays the ACL ID. Sequence Number This indicates the order of this access li st relative to other access li sts already assigned to this interface and direction. A lower n umber indicates hig her precedence order.
285 Syntax mac access-list extended rename <name> <ne w name> <name> - Old name which uniquely identifies the M AC access list. <newname> - New name which uniquel y identifies the MAC access list. Default Setting None Command Mode Global Config 5.
286 Default Setting None Command Mode Mac Access-list Config 5.13.2.4 mac access-group in This command attaches a specific MAC Access Control List (ACL) identified by <name> to an interface in a given direction. The <name> pa rameter must be the name of an exsiting MAC ACL.
287 5.13.2.5 access-list This command creates a n Access Control List (ACL) that is identified by the parameter. Syntax access-list {( <1-99> {d eny | permit} <srcip> <srcmask>) | ( .
288 no access-list {<1-99> | <100-199>} Note: The ACL number is an integer from 1 to 199. The range 1 to 99 is for the normal ACL List and 100 to 199 is for the extended ACL List. Default Setting None Command Mode Global Config 5.13.2.7 ip access-group This command a ttaches a sp ecified access-control list to an interface .
289 support independent per-port cla ss of servic e mappings. If specified, the 802.1p mapping table of the interface is displa yed. If omitted, the most recent global configuration settings are displayed. Syntax show queue cos-map <slot/port> < slot/port > The interface number.
290 Command Mode Privileged EXEC, User EXEC Display Message The following information is repeated fo r each user priority. IP Precedence The IP Precedence value. Traffic Class The traffic class internal q ueue identifier to which the IP Precedence value i s mapped.
291 5.14.1.4 show queue cos-queue This command displ ays the class-of-service qu eue configuration for the spe cified interface. The slot/port parameter is optional and i s only valid on platforms that support independent per-port class of service mappings.
292 5.14.2 Configuration Commands 5.14.2.1 queue cos-map This command maps an 80 2.1p priority to an internal traffic class on a "per-port" basis. Syntax queue cos-map <0-7> <0-6 > no queue cos-map < 0-7 > - The range of queue prio rity is 0 to 7.
293 5.14.2.2 queue ip-precedence-mapping This command maps an IP preceden ce value to an internal traffic class on a "per-port" basis. Syntax queue ip-precedence-ma pping <0-7> <0-6> no queue ip-precedence-mapping < 0-7 > - The range of IP preceden ce is 0 to 7.
294 None Command Mode Global Config. 5.14.2.3 queue trust This command sets the cla ss of service trust mode of an interface. The mode can be set to trust one of the Dot1p (802.1p), IP Precedence. Syntax queue trust {dot1p | ip-precedence | i p-dscp} no queue trust no - This command sets t he interface mode to untrusted.
295 no - This command sets t he class of service trust mode to untru sted for all interfaces. Default Setting None Command Mode Global Config. 5.14.2.4 queue cos-queue min-bandwidth This command specifies the minimum transmiss ion bandwidth gua r antee for each interface queue.
296 Syntax queue cos-queue min-band w idth all <bw-0> <bw-1> … <bw-6> no queue cos-queue min-band w idth all <bw-0> <b w -1> … <b w-6>- Each Valid range is (0 to 100) in increments of 5 and the total sum is less than or equal to 100.
297 Command Mode Interface Config. This command activates the stri ct priority scheduler mode for each specified queue on a device. Syntax queue cos-queue strict all <queue-id -0> [<queue-id-.
298 <bw> - Valid range is (0 to 100) in in crements 5. no - This command restores the defaul t shaping rate value. Default Setting None Command Mode Interface Config. This command specifies the maximum transmi ssion bandwidth limit for all interfaces.
299 6 Routing Commands VLAN Routing You can configure the Forti Switch-100 softw are with some ports supportin g VLANs and some support ing routing. You can also configur e the software to allow traffic on a VLAN to be treated as if the VLAN were a router port.
300 Figure 1. VLAN Routing Example Network Diagram Step 1: Create Two VLANs The following code sequence sh ows an example of creating two VLANs , and next specifies the VLAN ID assigned to untagged frames re ceived on the ports.
301 Step 2: Set Up VLAN Routing for the VLANs and the Switch. The following code seq uence shows how to enable routing for the VLANs: config vlan database vlan routing 10 vlan routing 20 exit # show ip vlan This returns the logical inte rface IDs that will be used instead of slot /port in subsequent routing commands.
302 6.1 Address Resolution Protocol (ARP) Commands 6.1.1 Show Commands 6.1.1.1 show ip arp This command displ ays the Address Resolution Protocol (ARP) ca che. Syntax show ip arp Default Setting None Command Mode Privileged Exec Display Message Age Time: Is the time it takes for an ARP entry to age out.
303 show ip arp brief Default Setting None Command Mode Privileged Exec Display Message Age Time: Is the time it takes for an ARP entry to age out. This value was configured into the unit. Age time is measure d in seco nds. Response Time: Is the time it takes for an ARP request ti meout.
304 6.1.2 Configuration Commands 6.1.2.1 arp This command creates an ARP entry. The va lue for <ipaddre ss> is the IP address of a device on a subnet attached to an existi ng routing interface. The value for <m acaddress> is a unicast MAC address for that device.
305 6.1.2.3 arp cachesize This command configure s the maximum number of entries in the A RP cache. Syntax arp cachesize <256-1920 > no arp cachesize <256-1920> - The range of cache size i s 256 to 1920. no - This command confi gures the default ARP cache size.
306 <ipaddr> - The IP address to be rem oved from the ARP table. Default Setting None Command Mode Privileged Exec 6.1.2.6 arp resptime This command configure s the ARP request response timeout. Syntax arp resptime <1-10> no arp resptime <1-10> - The range of defa u lt response time is 1 to 10 seconds.
307 6.1.2.8 arp timeout This command configure s the ARP entry ageout time. Syntax arp timeout <15-21600> no arp timeout <15-21600> - Represents the IP ARP entry ageout time in secon ds. The range is 15 to 2160 0 seconds. no - This command configure s the default ageout time for IP ARP entry.
308 show ip brief Default Setting None Command Mode Privileged Exec, User Exec Display Message Default Time to Live: The computed TTL (Time to Live) of forwar di ng a packet from the local router to the final destination. Routing Mode: Show whether the routing mode is enable d or disabled.
309 Link Speed Data Rate: Is an integer representing the physical link dat a rate of the specified interface. This is measured in Megabits p er second (Mbps). MAC Address: Is the physical ad dress of the specified interface. Encapsulation Type: Is the en capsulation type for the sp ecified interface.
310 Command Mode Privileged Exec Display Message Total Number of Routes: The total number of ro utes. for each next hop Network Address: Is an I P address identifying the network on the specified interface. Subnet Mask: Is a mask of the network and h ost portion of the IP address for the router interface.
311 Syntax show ip route entry <networkaddress> <networkaddress > - Is a valid network address iden tifying the network on the specified interface. Default Setting None Command Mode Privileged Exec Display Message Network Address: Is a valid network address identifying t he network on the specifie d interface.
312 Static: This field displays the static route prefe rence value. OSPF Intra: This field displays the OSPF intra route preferen ce value. OSPF Inter: This field displays the OSPF inter route preferen ce value. OSPF Ext T1: This field displays the OSPF Type-1 route preferen c e value.
313 6.2.2.2 ip routing This command enables the IP Router Admin Mode for the master switch. Syntax ip routing no ip routing no - Disable the IP Router Admin Mode for the master switch. Default Setting Enabled Command Mode Global Config 6.2.2.3 ip address This command configure s an IP address on an interface.
314 Syntax ip route <networkaddr> <subnetmask> [ <n exthopip> [<1-255 >] ] no ip route <networkaddr> <subne tmask> [ { <nexthopip> | <1-255 > } ] <ipaddr> - A valid IP address . <subnetmask> - A valid subnet mask.
315 the default precedence d oes not update the prece den ce of existing static routes, even if they were assigned the original default preceden ce. The new default precedence will only be applied to static routes created after invoking the "ip route pre cedence" command.
316 no ip directed-broadcast no - Drop network directed broadcast packets. Default Setting Enabled Command Mode Interface Config 6.2.2.9 ip mtu This command sets th e IP Maximum Transmissi on Unit (MTU) on a routing interface. The IP MTU is the size of the largest IP packet t hat can be transmitted on the interface without fragmentation.
317 The default value is ethernet. Command Mode Interface Config Restrictions Routed frames are always Ethernet enca psul ated when a frame is routed to a VLAN.
318 External LSA Checksum A number which represen ts the sum of t he LS checksums of external link-state advertisements contained i n the link-state database.
319 Syntax show ip ospf database Default Setting None Command Mode Privileged Exec, User Exec Display Messages Router ID Is a 32 bit dotted decimal number represe nting the LSDB interface.
320 Router Priority A number representing the OSPF Priority for t he specified interface. Thi s is a configured value. Retransmit Interval A number representing the OS PF Retransmit In terval for the specified interface. This is a configured value. Hello Interval A number representing the OSPF Hello Interval for the specified interface.
321 6.3.1.6 show ip ospf interface stats This command displays the statistics for a specific interface. Syntax show ip ospf interface stats <slot/port> <slot/port> - Interface number. Default Setting None Command Mode Privileged Exec, User Exec Display Messages OSPF Area ID The area id of this OSPF interface.
322 <ipaddr> - IP address of the neighbor. <slot/port> - Interface number. Default Setting None Command Mode Privileged Exec, User Exec Display Messages Interface Is the interface number. Router Id Is a 4-digit dotted-decimal number identifying neig hbor router.
323 Syntax show ip ospf neighbor brief {<slot/port> | all} Default Setting None Command Mode Privileged Exec, User Exec Display Messages Router ID A 4 digit dotted decimal number representing the neigh bor interface. IP Address An IP address representing the neighbo r interface.
324 Command Mode Privileged Exec, User Exec Display Messages Area ID The area id of the requeste d OSPF area. IP Address An IP Address which represents this a rea range. Subnet Mask A valid subnet mask for this area range. Lsdb Type The type of link advertisem ent asso ciated with this area range.
325 Syntax show ip ospf virtual-link <are aid> <neighbor> <areaid> - Area ID. <neighbor> - Neighbor's router ID. Default Setting None Command Mode Privileged Exec, User Exec Display Messages Area ID The area id of the requeste d OSPF area.
326 Neighbor Is the neighbor interface of the OSPF virtual interface. Hello Interval Is the configured hello int erval for the OSPF virtual interface. Dead Interval Is the configured dead int erval for the OSPF virtual interface. Retransmit Interval Is the configured re transmit interval for the OSPF virtual interface.
327 None Command Mode Router OSPF Config 6.3.2.3 ip ospf This command enables OS PF on a router interface. Syntax ip ospf no ip ospf <no> - This command disables OSPF on a router interface. Default Setting Disabled Command Mode Interface Config 6.
328 Router OSPF Config 6.3.2.5 area default-cost This command configure s the monetar y default cost for the stub area. Syntax area <areaid> default-cost <1-1677 7215> <areaid> - Area ID <1-16777215> - The defau lt cost value. The range is 1 to 16777215.
329 6.3.2.7 area nssa default-info-originate This command configure s the metric value and type for the default route advertised into the NSSA. Syntax area <areaid> nssa default-info-origin ate [<1-16777215>] [{co mparable | non-comparable}] <areaid> - Area ID.
330 6.3.2.9 area nssa no-summary This command configures the NSSA so that s ummary LSAs are not advertised into the NSSA Syntax area <areaid> nssa no- summary <areaid> - Area ID. Default Setting None Command Mode Router OSPF Config 6.3.2.10 area nssa translator-role This command configure s the translator role of the NSSA.
331 6.3.2.11 area nssa translator-stab-intv This command configures the tran slator stability interval of t he NSSA. The <stabil ityinterval> is the period of time that an elected translat or contin ues to perform its duties after it determines that its translator statu s has been depose d by another router.
332 Router OSPF Config 6.3.2.13 area stub This command creates a stub are a for the specified area ID. A stub area is characterized by the fact that AS External LSAs are not pr opagated into the area. Removing AS External LSAs and Summary LSAs can significan tly reduc e the link state database of routers within the stub area.
333 Disabled Command Mode Router OSPF Config 6.3.2.15 area virtual-link authentication This command configure s the authentication type and key for the OSPF virtual interface identified by <areaid> and <neighborid >.
334 Syntax area <areaid> virtual-link <neighborid> dead -interval <1-65535> no area <areaid> vi rtual-link <neighborid> dead-interv al <areaid> - Area ID. <neighbor> - Router ID of the neighbor. <1-65535> - The range of the dead interval is 1 to 65535.
335 6.3.2.18 area virtual-link retransmit-interval This command configure s the retransmit inte rval for the OSPF virtual interface on the interface identified by < areaid > and < neighborid > .
336 The default value of hello interval is 1 second. Command Mode Router OSPF Config 6.3.2.20 default-information originate This command is used to control the advertisement of default route s.
337 <1-16777215> - The rang e of default metric is 1 to 16777215. <no> - This command configure s the default advertisement of default routes. Default Setting None Command Mode Router OSPF Config 6.3.2.22 distance ospf This command sets the rou te preference va lue of OSPF in the router.
338 Syntax distribute-list <1-199> ou t {rip | static | connected} no distribute-list <1-199> out {rip | static | connected} <1-199> - The range of default list id is 1 to 199. <no> - This comman d is used to specify the access list to filter routes received from the source protocol.
339 6.3.2.25 external-lsdb-limit This command configure s the external LSDB lim it for OSPF. If the value is -1, then there is no limit. When the number of non-default AS-exter nal-LSAs in a router's link-state database reaches the external LSDB limit, the router ent e r s overflow state.
340 Default Setting None Command Mode Interface Config 6.3.2.27 ip ospf authentication This command sets the OSPF Authentication Type and Key for the spe cified interface. The value of <type> is either none, simple or encrypt. If the type is encrypt a <keyid> in the range of 0 and 255 must be specified.
341 Syntax ip ospf cost <1-65535> no ip ospf cost < 1-65535 > - The range of the cost is 1 to 65535. <no> - This command configures the def ault cost on an OSPF interface. Default Setting The default cost value is 10. Command Mode Interface Config 6.
342 6.3.2.30 ip ospf hello -interval This command sets the OSPF hello interval for the sp ecified interface. Syntax ip ospf hello-interval <1-65535> no ip ospf hello-interval < 1-65535 > - Is a valid positive integer, which re presents t he length of time in seconds.
343 Interface Config 6.3.2.32 ip ospf retransmit-interval This command sets the OSPF retransmit Interval for the specified interface. The retransmit interval is specified in seconds.
344 < 1-3600 > - The range of transmit delay is 1 to 3600. <no> - This command sets the default OSPF Transit Delay for the specified interface. Default Setting The default transmit delay is 1 second. Command Mode Interface Config 6.3.2.34 ip ospf mtu-ignore This command disable s OSPF maximum transmission unit (MTU) mismatch detection.
345 6.3.2.35 router-id This command sets a 4-digit dotted-de cimal number uniquely identifying the router ospf id. Syntax router-id <ipaddress> < ipaddress > - IP Address.
346 6.3.2.37 maximum-paths This command sets the number of paths that OSPF can report for a given destination where <maxpaths> is platform dependent. Syntax maximum-paths <1-1> no maximum-paths < 1-1 > - The maximum number of paths that OSPF can re port for a given destination.
347 Maximum Hop Count: Is the maximum allowable relay agent hops. Minimum Wait Time (Seconds) Is the minimum wait time. Admin Mode Represents whether relaying of requests i s enabled or disabled. Server IP Address Is the IP Address for the BootP/DHCP Rela y server.
348 6.4.4 bootpdhcprelay maxhopcount This command configure s the maximum allo wable relay agent hops for BootP/DHCP Relay on the system. Syntax bootpdhcprelay maxhopcount <1-16 > no bootpdhcprelay maxhopcount <count> - The range of maximum hop cou nt is 1 to 16.
349 6.4.6 bootpdhcprelay serverip This command configure s the server IP A ddress for BootP/DHCP Relay on the system. Syntax bootpdhcprelay serverip <ipaddr> no bootpdhcprelay serv erip <ipaddr> - The IP address of the BootP/DHCP server. no - Clear the IP address of the BootP/DHCP server.
350 <text> - A text string which length is 1 to 15. <hex> - A hex string which format is XX:XX:XX:XX:XX:XX (X is 0-9, A-F). Default Setting The default value for client-identifie r is a text string "fortinet". Command Mode Global Config 6.
351 show dns Default Setting None Command Mode Privileged Exec Display Message Domain Lookup Status: Enable or disable the IP Domain Naming System (DNS)-based host name-to-address translation function. Default Domain Name: The default domain name that will be use d for querying the IP address of a host.
352 6.5.2 Configuration Commands 6.5.2.1 ip hosts This command cre ates a stat ic entry in t he DNS table that maps a host nam e to an IP address. Syntax ip host <name> <ipaddr > no ip host <name> <name> - Host name. <ipaddr> - IP address of the host.
353 Command Mode Privileged Exec 6.5.2.3 ip domain-name This command defines the default domain name to be appended to incomplete host names (i.e., host names passed from a client a re not formatted with dotted notation).
354 Default Setting None Command Mode Privileged Exec 6.5.2.5 ip name-server This command specifie s the address of one or more domain name serve rs to use for name-to-address resolution.
355 <no> - This command disables the IP Domain Nami ng System (DNS)-bas ed host name-to-address translation. Default Setting None Command Mode Privileged Exec 6.5.2.7 clear domain-list This command clears all e ntries in the domain name list table.
356 Default Setting None Command Mode Privileged Exec 6.5.2.9 clear dns cache This command clears all e ntries in the DNS cache table. Syntax clear dns cache Default Setting None Command Mode Privileged Exec 6.5.2.10 clear dns counter This command clears the statistics of all entries in the DNS cache table.
357 6.6 Routing Information Protocol (RIP) Commands 6.6.1 Show Commands 6.6.1.1 show ip rip This command displays inf ormation relevant to the RIP router. Syntax show ip rip Default Setting None Command Mode Privileged Exec Display Message RIP Admin Mode: Select enable or disable from the pulldo w n menu.
358 6.6.1.2 show ip rip interface This command displ ays information related to a particular RIP interf ace. Syntax show ip rip interface <slot/port> < slot/port > - Interface number Default Setting None Command Mode Privileged Exec Display Message Interface: Valid slot and port numb er separated by a forw ard slash.
359 Syntax show ip rip interface brief Default Setting None Command Mode Privileged Exec Display Message Interfacet: Valid slot an d port number separate d by a forward slash. IP Address: The IP source address used by the specified RIP interface. Send Version: The RIP version (s) used when sending upd ates on the specified interface.
360 6.6.2.2 ip rip This command enabl es RIP on a router interface. Syntax Ip rip no ip rip no - This command disab les RIP on a router interface. Default Setting Disabled Command Mode Interface Config 6.6.2.3 auto-summary This command enables the RIP auto-summarization mode.
361 6.6.2.4 default-information originate This command is used to set the advertisement of default route s. Syntax default-information originate no default-information originate no - This command is used to cancel the adverti sement of default routes.
362 6.6.2.6 distance rip This command sets the rou te preference value of RIP in the router. Lower route preference values are preferred when determi ning the best route. Syntax distance rip <1-255> no distance rip <1 - 255> - the value for distance.
363 6.6.2.8 split-horizon This command sets the RIP split hori zon mode. None mode will not use RIP split horizon mode. Simple mode will be that a route is not advertis ed on the interface over which it is learned. Poison mode will be that routes learned over this interface should be re-advertised on the interface with a metric of infinity (16).
364 0 Command Mode Router RIP Config 6.6.2.10 redistribute This command configure s RIP protocol to redi stribute routes from the specified source protocol/routers.
365 The value for authentication key [key] must be 16 bytes or less. Th e [key] is composed of standard displayable, non-control key s trokes from a Standard 101/102-key keyboard. If the value of <type> is encrypt, a keyid in the range of 0 and 255 must be spe cified.
366 Default Setting Both Command Mode Interface Config 6.6.2.13 ip rip send version This command configure s the interface to allo w RIP control packets of the specified versio n to be sent.
367 show ip irdp {slot/port | all} <slot/port> - Show router discovery informat ion for the specified interface. <all> - Show router discovery information for all interfaces.
368 6.7.3 ip irdp broadcast This command configure s the address to be used to advertise the router for the interface. Syntax ip irdp broadcast no ip irdp broadcast broadcast - The address used is 25 5.255.255.255. no - The address used is 224.0.0.1. Default Setting The default address is 224 .
369 6.7.5 ip irdp maxadvertinterval This commands configures the maximum time, in secon ds, allowed between sending router advertisements from the interface. Syntax ip irdp maxadvertinterval < minadv ertinterval-1800 > no ip irdp maxadvertinterval < minadvertinterv al-1800 > - The range is 4 to 1800 secon ds.
370 6.7.7 ip irdp preference This command configures the preferability of t he address a s a default router address, relative to other router addresses on the same subnet. Syntax ip irdp preference < -2147483 648-2147483647 > no ip irdp preference < -2147483648-2147 483647> - The range is -2147483648 to 2147 483647.
371 Logical Interface Indicates the logical slot/port asso ciat ed with the VLAN routing interface. IP Address Displays the IP Address asso ciated with this VLAN. Subnet Mask Indicates the sub net mask that is associated with this VLAN. . 6.8.2 vlan routing This command creates routing on a VLAN.
372 None Command Mode Privileged Exec, User Exec Display Message Admin Mode Displays the admini strative mode for VRRP functionality on the switch. Router Checksum Errors Represents the total number of VRRP p a ckets received with an invalid VRRP checksum value.
373 <vrid> - Virtual router ID. Default Setting None Command Mode Privileged Exec, User Exec Display Message VRID Represents the router ID of the virtual router. Primary IP Address This field rep resents the configured IP Address for the Virtual router.
374 Authentication Failure Represents the total number of VRRP packets received that don't pa ss the authentication check. IP TTL errors Represents the total num ber of VRRP packets rece ived by the virtual router with IP TTL (tim e to live) not equal to 255.
375 ip vrrp <1-255> no ip vrrp <1-255> <1-255> - The range of virtual route r ID is 1 to 255. <no> - This command removes all VRRP configuration details of the virtual rou ter configured on a specific interface. Default Setting None Command Mode Interface Config 6.
376 Syntax ip vrrp <1-255> mode no ip vrrp <1-255> mode <1-255> - The range of virtual route r ID is 1 to 255. <no> - Disable the virtual router confi gured on the spe cified interface. Di sabling the status fiel d stops a virtual router.
377 Syntax ip vrrp <1-255> pre empt no ip vrrp <1-255> preem pt <1-255> - The range of virtual route r ID is 1 to 255. <no> - This command set s the default preemption mode value for the virtual rout er configured on a specified interface.
378 Syntax ip vrrp <1-255> ti mers adv ertise <1-255> ip vrrp <1-255> timers ad vertise <1-255> - The range of virtual route r ID is 1 to 255. < 1-255 > - The range of a d vertisement interval is 1 to 255. <no> - This command set s the default advertisement value for a virtual router.
379.
380 7 IP Multicast Commands 7.1 Dist ance V ector Multicast Routing Protocol (DVMRP) Commands This section provides a detailed ex planation of the DVMRP comm ands. The commands are divided into the following different grou ps: Show commands are used to display devic e settings, statistics and other information.
381 7.1.1.2 show ip dvmrp interface This command displays the interface inform ation for DVMRP on the specified interface. Syntax show ip dvmrp interface <slot/port> <slot/port> - Valid slot and port number separated by a forwa rd slash.
382 Nbr IP Addr This field indicates the IP Addres s of the DVMRP neighbor for which this entry contains information. State This field displays the state of the neigh bor ing router. The possible value f or this field are ACTIVE or DOWN. Up Time This field indicates the time since this neighborin g router was learned.
383 Default Setting None Command Mode Privileged Exec User EXEC Display Message Group IP This field identifies the multic ast Address that is pruned. Source IP This field displays the IP Addres s of the source that has pruned. Source Mask This field displays the network Ma sk for the prune source.
384 7.1.2 Configuration Commands 7.1.2.1 ip dvmrp This command s ets administr ative mode of DV MRP in the router to active. IGMP must be enabled before DVMRP ca n be enabled. Syntax ip dvmrp no ip dvmr p no - This command sets admini s trative mode of DVMR P in the router to inactive.
385 7.2 Internet Group Management Protocol (IGMP) Commands This section provides a detailed explan ati on of the IGMP commands. The command s are divided into the following different groups: Show commands are used to display device se ttings, statistics and other information.
386 show ip igmp groups <slot/ports> [de tail] <slot/port> - Valid slot and port number separated by a forwa rd slash. [detail] - Display details of subs cribed multic ast groups.
387 Privileged Exec User EXEC Display Message Slot/Port Valid slot and port number separated by a forwa r d slash. IGMP Admin Mode This field displays the administrative st atus of IGMP. This is a configu red value. Interface Mode This field indicates whet her IGMP is enabled or disabled on the interface.
388 IInterface Valid slot and port number s eparated by a forward slash. Interface IP This displays the IP address of the interf ace participating in the multicast group. State This displays wh ether the interface has IGMP in Queri er mode or Non-Querier mode.
389 Wrong Version Queries This field in dicates the number of queries received whose IGMP version does not match the IGMP version of the interface. Number of Joins This field displays the numbe r of times a group membership has been a dded on this interface.
390 Default Setting 3 Command Mode Interface Config 7.2.2.3 ip igmp last-member-query-count This command sets the nu mber of Group-Specif ic Queries se nt before the router assumes that there are no local me mbers on the interface.
391 no - This command resets the Maximum Response Time being inserted into Group-Specific Queri es sent in response to Leave Grou p messages on the interface to the default value. Default Setting 1 second Command Mode Interface Config 7.2.2.5 ip igmp query-interval This command config ures the query interval for the specified interfa c e.
392 no - This command reset s the maximum response time interval for the spe cified interface, which is the maximum query response time advertised in IGMPv2 queries on this interfa ce to the default value. The maximum response time interval is reset to the default time.
393 no - This command resets the number of Querie s sent out on startup, separate d by the Startup Query Interval on the interface to the default value. Default Setting 2 Command Mode Interface Config 7.2.2.9 ip igmp startup-query-interval This command sets the interval between Gene ral Queries sent by a Querier on startup on the interface.
394 Syntax show ip mcast Default Setting None Command Mode Privileged Exec Display Message Admin Mode: This field displays the administrative status of multicast. This is a configure d value. Protocol State: This field indicates the current state of t he multica st protocol.
395 Interface: Valid slot and port numb er s eparated by a forward slash. Group IP: The group IP address. Mask: The group IP mask. 7.3.1.3 show ip mcast interface This command displays the multicast information for the specified interface. Syntax show ip mcast interface <slot/po rt> < slot/port > - Interface number.
396 None Command Mode Privileged Exec Display Message If the “ detail ” parameter is specified, the following fiel ds are displayed: Source IP: This field displays the IP addre ss of the multicast data source. Group IP: This field displays the IP address of the destination of the multicast packet.
397 RPF Neighbor: This field displ ays the IP address of the RPF neighbor. Flags: This field displays the flags asso ciated with this entry. If the summary parameter is specified the follow fields are displaye d: Source IP: This field displays the IP addre ss of the multicast data source.
398 This command displays all the static routes config u red in the static mcast table if is specified or displays the static route associat ed wi th the particular <sourceipaddr>. Syntax show ip mcast mroute static [<sourceipaddr>] < sourceipaddr > - the IP Address of the multicast data source.
399 Command Mode Privileged Exec Display Message Router Interface: The IP address of this neighb or. Neighbor: The neighbo r associated with the router interface. Metric: The metric value asso ciated with this neighbor. TTL: The TTL threshold associated wit h this neighbor.
400 show mtrace Default Setting None Command Mode Privileged Exec Display Message Hops Away From Destination: The ordering of intermediate rout ers between the sou r ce and the destination. Intermediate Router Address: The ad dress of the intermediate rout er at the specified hop distance.
401 Disbale Command Mode Global Config 7.3.2.2 ip multicast staticroute This command creates a static route which is used to perform RPF chec king in multicast packet forwarding. The combination of t he <sourceipaddr> and the <mask > field s specify the network IP address of the multic ast packet source.
402 The source parameter is u sed to clear the rout es in the mroute table entries containing the specified <sourceipaddr > or < sourceipa ddr > [groupipaddr] pair. The source address is the source IP address of the multicast packet. T he group address is the Gro up Destination IP address of the multicast packet.
403 no - This command delete s an administrative scope multica st boundary specified by <g roupipaddr> and <mask> for which this multicast administrative boun dary is appli cable. <groupipaddr> is a group IP address and <mask> is a group IP mask.
404 Syntax mrinfo [<ipaddr>] <ipaddr> - the IP address of the multica st capable router. Default Setting None Command Mode Privileged Exec 7.3.2.7 mstat This command is used to find the packet rate and lo ss information path from a source to a receiver (unicast router id of the host runn ing mstat).
405 7.3.2.8 mtrace This command is use d to find the multicast path fr om a source to a receiver (uni cast router ID of the host running mtrace). A trace query is passed hop-by -hop along the reverse .
406 no disable ip multicast mdebug mtrace no - This command is u sed to enable the processi ng capability of mtrace query on this router. If the mode is enabled, the mtrace que r ies received by the rout e r are processed and forwarded appro priately by the router.
407 7.4.1.2 show ip pimdm interface This command displays the interface informat ion for PIM-DM on the specified interface. Syntax show ip pimdm interface <slot/port> < slot/port > - Interface number.
408 Privileged Exec Display Message Interface: Valid slot and port numb er s eparated by a forward slash. IP Address: This field indicates the IP Addres s t hat represents the PIM-DM interface. Nbr Count: This field displays the neig hbor count for the PIM-DM interface.
409 Syntax ip pimdm no ip pimdm no - This command disab les the administrative mode of PIM-DM in the router. IGMP must be enabled before PIM-DM can be enabled. Default Setting Disabled Command Mode Global Config 7.4.2.2 ip pimdm mode This command sets admini strative mode of PIM-DM on an interface to enabled.
410 Syntax ip pimdm query-interval <10 - 3600> no ip pimdm query-interval <10 - 3600> - This is time interval in seconds. no - This command resets the transmissi on frequency of hello messages between PIM enabled neighbors to the default value.
411 Data Threshold Rate (Kbps): This field shows the data threshold ra te for the PIM-SM router. This is a configured value. Register Threshold Rate (Kbps): Thi s field indicates the threshold rate for the RP router to switch to the shortest path. This is a conf igured value.
412 < slot/port > - Interface number. Default Setting None Command Mode Privileged Exec Display Message Slot/Port: Valid slot and port number s eparated by a forward sl ash. IP Address: This field indicates the IP addres s of the spe c ified interface.
413 Subnet Mask: This field indicates the Subnet Ma sk of this PIM-SM interface. Designated Router: This indicates the IP Address of the Designat ed Router for this interface. Neighbor Count: This fiel d displays the number of neighbors on the PIM-SM in terface.
414 < group-mask > - the multicast grou p address mask. candidate - this command display PIM-SM candi date-RP table information. all - this command display all group a ddresses. Default Setting None Command Mode Privileged Exec Display Message Group Address: This field spe cifies the IP multicast group addre ss.
415 Group Mask: This field displays the group mask for the group ad dress. 7.5.1.8 show ip pimsm staticrp This command displ ays the static RP information for the PIM-SM router. Syntax show ip pimsm staticrp Default Setting None Command Mode Privileged Exec Display Message Addres s: This field displays the IP address of the RP.
416 Disbaled Command Mode Global Config 7.5.2.2 ip pimsm message-interval This command is used to configure the global join/prune interval for PIM-SM router. The join/prune interval is specified in seconds. This parameter can be configured to a value from 10 to 3600.
417 no - This command is used to reset the Threshol d rate fo r the RP router to switch to the shortest path to the default value. Default Setting 50 Command Mode Global Config 7.5.2.4 ip pimsm spt-threshold This command is u sed to configure the Threshold ra te for the last -hop router to switch to the shortest path.
418 ip pimsm staticrp <r p-address> <group-address > <group-mask> no ip pimsm staticrp <rp-address> <group-address> <group-m ask> < rp-ad dress > - the IP Address of the RP. < group-address > - the group address sup ported by the RP.
419 7.5.2.7 ip pimsm query-interval This command configure s the transmission frequen cy of hello messages in seconds between PIM enabled neighbors. This field has a ran ge of 10 to 3600 seconds. Syntax ip pimsm query-interval <10 - 3600> no ip pimsm query-interval <10 - 3600> - This is time interval in seconds.
420 7.5.2.9 ip pimsm cbsrhashmasklength This command is used to configure the CBSR hash mask length to be adverti sed in bootstrap messages for a particular PIM-SM interface. This hash mask length will be use d in the hash algorithm for selecting the RP for a pa rticular group.
421 <-1 - 255> - The prefere nce value for the local interface. no - This command is used to reset the Can didate Re ndezvous Point (CRP) for a particular PIM-SM interface to the default value.
422.
423 8 W eb-Based Management Interface 8.1 Overview Your Layer 3 Network Switch provides a built -in browser software i nte rface that lets you configure and manage it re motely using a stan dard Web browser such as Microsoft Internet Explorer or Netscape Navigator.
424 8.2 Main Menu 8.2.1 System Menu 8.2.1.1 View ARP Cache The Address Resolution Protocol (ARP) dynamically maps ph ysical (MAC) addresse s to Internet (IP) addresses.
425 8.2.1.2 Viewing Inventory Information Use this panel to display the switch's Vit al Prod uct Data, stored in non-volatile memory at the factory. Non-Configurable Da ta System Description - The prod uct name of this switch. Machine Type - The machine type of this switch.
426 Additional Packages - A list of the optional software packa ges installed on the swit ch, if any. Command Buttons Refresh - Updates the information on the page. 8.2.1.3 Configuring Management Session and Network Parameters Viewing System Description Page Configurable Data System Name - Enter the name you want to use to identify this switch.
427 System Description - The prod uct name of this switch. System Object ID - The base object ID for the switch' s enterprise MIB. System IP Address - The IP Address a ssigned to the network int erface. System Up time - The time in days, hours a nd minutes since the last switch reboot.
428.
429 Configuring Network Connectivity Page The network interface is the logical interface us ed for in-band connectivity with the switch via any of the switch's front panel ports.
430 Configuring Telnet Session Page Configurable Data Telnet Session Timeout (minutes) - Specify how many minutes of i nactivity should occur on a telnet session before the session is logged off. You may enter any number from 1 to 160. The factory default is 5.
431 Configuring Outbound Telnet Cl ient Configuration Page Configurable Data Admin Mode - Specifies if the Outbound Telnet se rvic e is Enabled or Disabled. Default value is Enabled. Maximum Sessions - Specifies the maximum number of Outbound Telnet Sessions allo wed.
432 Baud Rate (bps) - Select the default baud rate for the seri al port connection from the pull-down men u. You may choose from 1200, 2400, 4800 , 9600, 19200, 38400, 57600, and 115 200 baud.
433 User Name Selector - You can use this screen to reconfigure a n existing account, or to create a new one. Use this pulldown me nu to select one of the exis ting accounts, or sele ct 'Create' to add a new one, provided the maximum of five 'Read Only' accounts h as not been reached.
434 Defining Authentication List Configuration Page You use this screen to configure login lists. A login list specifies the authentication method(s) you want used to validate switch or port ac cess for the users associated with the list.
435 select a method that does not time out as the secon d method, the third method will not be tried. Note that this parameter will not appear when yo u first create a new login list. Method 3 - Use the dropdo w n menu to select the method, if any, th at should appear third in the selected authentication login list.
436 Viewing Authentication List Summary Page Non-Configurable Da ta Authentication List - Identifies the authenticatio n login list summarized in this row. Method List - The ordered list of methods configu red for this login list. Login Users - The users you assigned to this login list on the User Login Config uration screen.
437 the user's access to the switch from all CLI, web, and telnet sessions will be blocked until the authentication is complete. Refer to the discussi on of maximum delay in the RADIUS configuration help. Configurable Data Authentication List - Sele ct the authentication logi n li st you want to assign to the user for system login.
438 Viewing Forwarding Database Page Use this panel to display information abo ut entries in the forwarding database. These entries are used by the transparent bridging function to determine how to forward a received frame. Configurable Data Filter - Specify the entries you want displayed.
439 8.2.1.5 Viewing Logs Viewing Buffered Log Configuration Page This log stores messages in memory bas ed upon the settings for message component and severity. Configurable Data Admin Status - A log that is "Disabled" shall n ot log messages.
440 Viewing Buffered Log Page This help message applies to the format of all logged messages which are displayed for the buffered log, persistent log, or console l og.
441 Configuring Command Logger Page Configurable Data Admin Mode - Enable/Disable the operat ion of the CLI Command logging by selecting the corresponding pulldown field and cli cking Submit. Command Buttons Submit - Update the switch with the values you entere d.
442 Viewing Event Log Page Use this panel to display the event log, which is used to hold error messages for catastrophic events. After the event is lo gged and the update d log is saved in FLASH memory, the swit ch will be reset.
443 IP Address - This is the ip address of the host configured for sysl og. Status -This specifies wet her the host has been configure d to be actively logging or not. Set the host to be active/out of service from the drop down me nu. Port -This is the port on the host to whi ch syslog me ssages are sent.
444 Messages Relayed - The count of syslog messages relayed. Messages Ignored - The count of syslog messag es ignored. Command Buttons Submit - Update the switch with the values you entere d. Refresh - Refetch the database and display it again star ting with the first entry in the table.
445 Link Trap - This object determin es whether or not to send a trap when lin k status changes. The factory default is enabled. Maximum Frame Size - The maximum Ethernet frame size the interface suppo rts or is configured, including Ethernet header, CRC, and payload.
446 Viewing Switch Interf ace Configuration Page This screen display s the status for all ports in the box. Selection Criteria MST ID - Select the Multiple Spanning Tree i nstance ID from the list of all currently configu red MST ID's to determine the values displayed for the Spanning Tree paramete rs.
447 Disable - spanning tree is disa bled for this port. Forwarding State - The port's cu rrent state Spanning Tree state. This state controls what action a port takes on recei pt of a frame. If the bridge detects a malfun ctioning port it will place that port into the broken state.
448.
449 Configuring Multiple Po rt M irroring Function Page Configurable Data Session ID - A session ID or "All Sessions" option m ay be selected. By default the First Session is selected. Session Mode - Specifies the Session Mode for a selected session ID.
450 These are well-known communities, you can use this menu to chan ge the defaults or to add other communities. Only the comm unities that you define using this menu will have access to the switch using the SNMP v1 and SNMPv2c protocols. Only those comm unities with read-write level access will have acce ss to this menu via SNMP.
451 Configuring SNMP Trap Receiver Configuration Page This menu will display an entry fo r every active Trap Receiver. Configurable Data SNMP Community Name - Enter the community string for the S N MP trap packet to be sent to the trap manager. This may be up to 16 chara cters and is case sensitive.
452 Viewing SNMP supported M IBs Page This is a list of all the MIBs supported by the swit ch. Non-configurable Data Name - The RFC number if applicable and the name of the MIB. Description - The RFC title or MIB description. Command Buttons Refresh - Update the data.
453 8.2.1.8 Viewing Statistics Viewing the whole Switch Detailed Stat istics Page Non-Configurable Da ta ifIndex - This object indicates the ifIndex of the interfac e table entry associated with the Processor of this switch.
454 Multicast Packets Received - The total number of packets receiv ed that were directed to a multicast address. Note that this number does not incl ude packets directed t o the broadcast address. Broadcast Packets Recei ved - The total number of packets re ceived that were directed to the broadcast address.
455 Command Buttons Clear Counters - Clear all the counters, resetting all switch summary and detailed statistics to default values. The discarded packets count cannot be cleared. Refresh - Refresh the data on the scree n with the present state of the data in the switch.
456 Transmit Packet Errors - The number of outbound packets that could not be transmitted b ecause of errors. Address Entries Currently in Use - The total number of Forwarding Database Address Table entries now active on the switch, including learned and static entries.
457 Packets RX and TX 128-255 Octe ts - The total number of packets (includi ng bad packets) received or transmitted that were between 128 an d 255 octets in length inclusive (excluding framing bits b ut including FCS octets).
458 Packets Received 1024-1 518 Octets - The total number of packets (including bad pa ckets) received that were between 1024 and 1518 octet s in length inclusive (excluding framing bits but including FCS octets).
459 Packets Transmitte d 65-127 Octets - The total number of packets (i ncluding bad packets) received that were between 65 and 127 octets in leng th inclusive (excluding framing bits but including FCS octets).
460 Tx Oversized - The total nummber of frames that exceeded the m ax permitted frame size. This counter has a max increment rate of 815 counts per se c at 10 Mb/s. Underrun Errors - The total number of frames di scarded be cause the transmit FIFO buffer became empty during frame transmissi on.
461 Refresh - Refresh the data on the scree n with the present state of the data in the switch..
462.
463 Viewing Each Port Summary Statistics Page Selection Criteria Slot/Port - Selects the interface for which data is to be displayed or co nfigured. Non-Configurable Da ta ifIndex - This object indicates the ifIndex of the inte rface table entry associated with this port on an adapter.
464 8.2.1.9 Managing System Utilities Saving All Configuration Changed Page Command Buttons Save - Click this button to have configuration change s you have made saved across a system reb oot. All changes submitted since the prev ious save or system reboot will be retained by the switch.
465 Resetting the Passwords to Default Values Page Command Buttons Reset - Select this button to have all password s reset to their factory default values. Downloading Specific Files to Switch Flash Page Use this menu to download a file to the switch.
466 Start File Transfer - To initiate the down load you need to ch eck this box and then select the submit button. Non-Configurable Da ta The last row of the table is used to display inform ation about the progre ss of t he file transfer. The screen will refresh automatically until the file transfer completes.
467 Defining Configuration and Ru ntime Startup File Page Specify the file used to start up the system. Configurable Data Configuration File - Configuration files. Runtime File - Run-time operation code s. Command Buttons Submit - Send the updated screen to the swit ch and specify the file start-up.
468 Copying Running Configur ation to Flash Page Use this menu to copy a start-up configu rati on file from the running configuration file on switch. Configurable Data File Name - Enter the name you want to give the file being copie d . You may enter up to 32 characters.
469 Submit - This will initiate the ping. Managing CDP Function Defining CDP Configuration Page Use this menu to configure the parameters fo r CDP, wh ich is used to discover a CISCO d evice on the LAN. Configurable Data Admin Mode - CDP administration m ode wh ich are Enable and Disable.
470.
471 Viewing Neighbors Information Page Non-Configurable Da ta Use this menu to display CDP neighbors device information in the LAN. Command Buttons Clear - Clear all the counters, re setting all switch summary and detailed statistics to default values.
472 8.2.1.10 Defining Trap Manager Configuring Trap Flags Page Use this menu to specify which traps you want to enable. When the condition identified by an active trap is encountered by the switch a trap message will be sent to any enabled SNMP Trap Receivers, and a messag e will be written to the trap log.
473 Viewing Trap Log Page This screen lists the entries in the trap log. The information can be retrieved as a file by using System Utilities, Upload File from Switch. Non-Configurable Da ta Number of Traps since last reset - The number of traps that have occu rred since the s witch were last reset.
474 8.2.1.11 Configuring SNTP Configuring SNTP Global Configuration Page Configurable Data Client Mode - Specifies the mode of operation of SNTP Client. An SNTP client may operate in one of the following modes. • Disable - SNTP is not operational. No SNTP request s are sent from the client nor are any received SNTP messages proce ssed.
475 Unicast Poll Retry - Specifies the number of times to retry a request to an SNTP server after the first time-out before attempting to use the next configured server when configured in unicast mode. Allowed range is (0 to 10). Default value is 1. Command Buttons Submit - Sends the updated configuration to the switch.
476 • Server Kiss Of Death The SNTP server indicated that no further q ueries were to be sent to this server. This is indicated by a stratu m field equal to 0 in a message received from a server. Server IP Address - Speci fies the IP address of the server for the last received valid packet.
477 Address - Specifies the addre ss of the SNTP server. This is a text string of up to 64 characters containing the encoded un icast IP address or hostna me of a SNTP server.
478 Address - Specifies all the existing Server Addresse s. If no Server configur ation exists, a message saying "No SNTP server exists" flashes on the screen. Last Update Time - Specifies the local date and time (UTC) that the response from this se rver was used to update the system clo ck.
479 Hour - Hour in 24-hour format. (Ran ge: 0 - 23). Minute - Minute. (Range: 0 - 59). Second - Second. (Range: 0 - 59). Command Buttons Submit - Send the updated screen to the switch. Changes ta ke effect on the switch but these cha nges will not be retained across a power cy cle unless a save is performed.
480 Submit - Send the updated screen to the switch. Changes ta ke effect on the switch but these cha nges will not be retained across a power cy cle unless a save is performed.
481 z Specific Text String z Specific Hexadecimal Value Text String - A text string. Hex Value - The hexadecimal value. Command Buttons Submit - Send the updated screen to the switch perfo rm the setting DHCP client identifier. 8.2.2 Switching Menu 8.
482 z Autodetect - Specifies that port may be dynamic ally registered in this VLAN via GVRP. The port will not participate in this VLAN unless it receives a GVRP request. This is equivalent to registration normal in the IEEE 802.1Q standard. Tagging - Select the tagging behavior for this port in this VLAN.
483 VLAN Name - The name of the VLAN. VLAN ID 1 is al ways named `Default`. VLAN Type - The VLAN type: Default ( VLAN ID = 1) -- always present Static -- a VLAN you have configured Dynamic -- a VLAN created by GVRP registration that you have not converted to static, and that GVRP may therefore remove.
484 Viewing VLAN Port Summary Page Non-Configurable Da ta Slot/Port - The interface. Port VLAN ID - The VLAN ID that this port will assign to untagged frames or priority tagged frames received on this port. Acceptable Frame Types - Specifies the types of frames that ma y be received on this port.
485 Resetting VLAN Configuration Page Command Buttons Reset - If you select this button and confirm your sele ction on the next screen, all VLAN configuration parameters will be reset to their factory default values. Also, all VLANs, except for the default VLAN, will be deleted.
486 8.2.2.2 Managing Protocol-based VLAN Protocol-based VLAN Configuration Page You can use a protocol-based VLA N to define f iltering criteria for untagged packets. By default, if you do not configur e any port- (IEEE 802.1Q) or pr otocol-based VLANs, untagged packets will be assigned to VLAN 1.
487 Slot/Port(s) - Select the interface(s) you want to be incl uded in the g roup. Note that a given interface can only belong to one group for a given protocol. If you hav e alrea dy added interface 0.1 to a group for IP, you cannot add it to another grou p that also include s IP, although you could add it to a new group for IPX.
488 VLAN - The VLAN ID associated with the group. Slot/Port(s) - The interfaces associated with the grou p. Command Buttons Refresh - Update the screen with the latest informati on. 8.2.2.3 Defining GARP Viewing GARP Information Page This screen shows the GARP Stat us for the switch and for the individual ports.
489 1.5*LeaveAllTime. Permissible values a re 200 to 6000 centiseconds (2 to 60 seconds). The factory default is 1000 centisecon ds (10 seconds). Configuring the whole Switch GARP Configuration Page Note: It can take up to 10 seconds for GARP configuration changes to take effect.
490 Configuring each Port GARP Configuration Page Note: It can take up to 10 seconds for GARP configuration changes to take effect. Selection Criteria Slot/Port - Select the physical interface for which dat a is to be displayed or configured. It is possible to set the parameters for all ports by selecti ng 'All'.
491 8.2.2.4 Managing IGMP Snooping Configuring IGMP Snooping Gl obal Configuration Page Use this menu to configure the parameters for IGMP Snoopin g, which is used to build forwarding lists for multicast traffic. Note that only a user with Read/Write access privileges may change the data on this screen.
492 Defining IGMP Snooping Interface Configuration Page Configurable Data Slot/Port - The single select box lists all physical ,V LAN and LAG interfaces. Select the interfa ce you want to configure. Admin Mode - Select the interface mode for the select ed interface for IGMP Snoopin g for the switch from the pulldown menu.
493 Multicast Router Present Expiration Time - Specify the amount of time y ou want the switch to wait to receive a query on an interface before re moving it fr om the list of interfaces with multicast routers attached. Enter a value between 0 and 3600 second s.
494 Configuring IGMP Snooping VLAN Page Configurable Data VLAN ID - Specifies list of VLAN IDs for which IGMP Snooping is e nabled. VLAN ID - Appears whe n "New Entry" is selected in VL AN ID com bo box. Specifies VLAN ID for which pre-configurable Snooping para meters are to be set.
495 Viewing Multicast Rout er Statistics Page Non-Configurable Da ta Slot/Port - The single select box lists all physical and L AG interfaces. Select the interface for which you want to display the statistics. Multicast Router - Specifi es for the selected interface wheth er multicast router is enable or disabl ed.
496 Viewing Multicast Router VLAN Statistics Page Selection Criteria Slot/Port - The select box lists all Slot/Ports. Select the interface for which you want to display the statistics. Non-Configurable Da ta VLAN ID - All Vlan Ids for which the Multicast Router Mode is En abled Multicast Router - Multica st Router Mode for Vlan ID.
497 Configuring L2 Static M ulti cast Group Configuration Page Non-Configurable Da ta MAC Address Table - This is the list of MAC address and VL AN ID pairings for all configu r ed L2Mcast Groups. To change the p ort mask(s) for an existing L2 Mca st Group, select the ent ry you want to change.
498 Selection Criteria Static - Displays static unit for L2Mcast Groups. Dy nam ic - Displays dynamic unit for L2Mcast Groups. All - Displays all of L2Mcast Groups. Configurable Data Filter - Specify the entries you want displayed. Static : If you choose "Static" only L2Mcast addresses that have been configured will be di splayed.
499 Viewing L2 Multicast Router Port Information Page Use this panel to display information about ent ries in t he L2Mcast Static/Dynamic router ports. These entries are used by the transparent bridging functio n to determine how to forward a received frame.
500 8.2.2.5 Managing Port-Channel Configuring Port-Channel Configuration Page Selection Criteria Port Channel Name – You can use this screen to reconfig ure an existing Port Channel, or to create a new one. Use this pull down menu to select one of the ex isting Port Channels, or select 'Cre ate' to add a new one.
501 Refresh - Refresh the data on the scree n with the present state of the data in the switch. Viewing Port-Channel Information Page Non-Configurable Da ta Port Channel - The Slot/Port identification of the Port Channel. Port Channel Name - The name of the Port Channel.
502 Active Ports - A listing of the ports that are actively participating m embers of this Port Channel, in Slot/Port notation. There can be a maximum of 8 ports assign ed to a Port Channel.
503 Refresh - Refresh the data on the scree n with the present state of the data in the switch. Viewing GMRP MFDB Table Page This screen will display all of the entries in the Multicast Forwarding Database that were created for the GARP Multicast Registrat ion Protocol.
504 Description - The text description of this multicast table entry. Possible values are Management Configured, Network Configur ed, and Network Assisted. Slot/Port(s) - The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:).
505 8.2.2.7 Managing Spanning Tree Configuring Switch Spanni ng Tree Configuration Page Configurable Data Spanning Tree Mode - Specifies wh ether spanning tree operation i s enabled on the switch. Value is enabled or disabled Force Protocol Version - Specifies the Force Protocol Versi on parameter for the switch.
506 Bridge Max Age - Specifies the bridg e max age for the Common and Internal Spanning tree (CST). The value lies between 6 and 40, with the value being less than or equal to "2 * (Bridge Forward Delay - 1)" and greater than or equal to "2 * (Bridge Hello Time + 1)".
507 Configuring Spanning Tree MST Configuration Page Selection Criteria MST ID - Create a new MST which you wish to conf igure or configure already existing MST s. Configurable Data MST ID - This is only visible when the select option of the MST ID select box is selected.
508 Topology change - The value of the topology change param et er for the switch indicating if a topology change is in progress on any port assig ned to the selected MST instance. It takes a value if True or False. Designated root - The bridge identifier o f the root bridge.
509 Port Path Cost - Set the Path Cost to a new value for the specified port in the common an d internal spanning tree. It takes a value in the range of 1 to 200 000000. Non-Configurable Da ta Auto-calculate Port Path Cost - Displ ays whether the path cost is automatically calculated (Enable d ) or not (Disabled).
510 Configuring each Port MS T Configuration Page Selection Criteria MST ID - Selects one MST inst ance from exist ing MST instance s. Slot/Port - Selects one of the physical or LAG interfa c es associated with VLANs associated with the selected MST instan ce.
511 Port ID - The port identifier for the specified port within the sele cted MST instance. It is made up from the port priority and the interface number of the port. Port Up Time Since Counters Last Cleared - Time since the counters were last cleared, displaye d in Days, Hours, Minutes, and Seconds.
512 Viewing Spanning Tree Statistics Page Selection Criteria Slot/Port - Selects one of the physical or LAG interfa c es of the switch. Non-Configurable Da ta STP BPDUs Received - Number of STP BPDUs received at the selected port. STP BPDUs Transmitted - Number of STP BPDUs tran smitted from the selected port.
513 Submit - Update the switch with the values on this scr een. If you want the switch to retain th e new values across a power cycle, you must perform a save. 8.2.2.9 Managing Port Security Configuring Port Security Administration Mode Page Configurable Data Allow Port Security - Used to enable or disable the Port Secu rity feature.
514 Slot/Port - Selects the interface to be configured. Configurable Data Allow Port Security - Used to enable or disabl e the Port Secu rity feature for the selected interface. Maximum Dynamic MAC Addresses allo w ed - Sets the maximum number of dynamically locked MAC addresses on the sel ected interface.
515 Deleting Port Security Statical ly Configured MAC Address Page Selection Criteria Slot/Port - Select the physical interface for which you want to display data. VLAN ID - selects the VLAN ID corresp onding to the MAC address being del eted. Configurable data MAC Address - Accepts user input for the MAC ad dress to be deleted.
516 Number of Dynamic MAC addresses learned - Displays the nu mber of dynamically learned MAC addresses on a specific port. Viewing Port Security Violation Status Page Selection Criteria Slot/Port - Select the physical interface for which you want to display data.
517 IP - Specifies all the existing static ARP along with an additional option "Create". When the user selects "Create" another text boxes " IP Address" and "MAC Address" appear where the user may enter IP address and MAC address to be configured.
518 Remove from Table - Allows the user t o remove certain entries from the ARP Table. The choices listed specify the type of ARP Entry to be deleted: All Dynamic Entries All Dynamic and Gatew.
519 8.2.3.2 Managing IP Interfaces Configuring IP Use this menu to configure routing parameters for the swit ch as opposed to an interface. Configurable Data Routing Mode - Select enable or disa ble from the pull down menu. You must enable routing for the switch before you can ro ute through any of the interfaces.
520 Viewing IP Statistics The statistics reported on this panel are as specified i n RFC 1213. Non-Configurable Da ta IpInReceives - The total number of input datagrams received from interfaces, in cluding those received in error.
521 that this counter would incl ude datagrams counted in ipForwDatagrams if any such packets met this (discretionary) discard criterion. IpNoRoutes - The number of IP datagrams discarded bec ause no route could be found to transmit them to their destination.
522 IcmpInTimestampReps - The number of ICMP Timestamp Reply messages received. IcmpInAddrMasks - The numbe r of ICMP Address Ma sk Request message s received. IcmpInAddrMaskReps - The number of ICMP Address Mask Reply messages received. IcmpOutMsgs - The total number of ICMP message s which this entity attempted to send.
523.
524 Configuring IP Interfaces Selection Criteria Slot/Port - Select the interface for which data is to be displayed or configured. Configurable Data IP Address - Enter the IP address for the interface. Subnet Mask - Enter the subnet mask for the interface.
525 8.2.3.3 Managing OSPF Configuring OSPF Configurable Data Router ID - The 32 bit integer in dotted decimal format that uniquely identifies the router withi n the autonomous system (AS). If you want to change the R outer ID you must first disable OSPF.
526 non-default AS-external-LS As. If you enter 0, the rout er will not leave Overflow State until restarted. The range is 0 to 2147483647 second s. Default Metric - Sets a def ault for the metric of redistri buted routes.This field di splays the default metric if one has already been set or blank if not configured earlier.
527 Configuring Area Selection Criteria Area ID - Select the area to be configured. Configurable Data Import Summary LSAs - Select enable or disable fro m the pulldown menu. If you select enable summary LSAs will be imported into stub areas. Metric Value - Enter the metric value you want applied for the default route advertised into the stub area.
528 Translator Stability Interval - Enter the translator stability interval of the NSSA. The stability interval is the period of time that an elected translator continue s to perform its duties after it determines that its translator status has be en deposed by another r outer.
529 Delete Stub Area - Delete the stub area des ignation. The area will be re turned to normal state. Create NSSA - Configure the area ads a NSSA Delete NSSA - Delete the DSSA. The area will e returned to normal state. Submit - Send the updated configuration to the switch.
530 Viewing Stub Area Summary Information Non-Configurable Da ta Area ID - The Area ID of the Stub area Type of Service - The type of service associated wit h the stub metric. The switch supports Normal only. Metric Value - Set the metric value you want applied for t he default route advertised into the area.
531 LSDB Type - Select the type of Link Advertisement a s sociated with the specified area and addre ss range. The default type is 'Network Summary'. Advertisement - Select en able or disable from the pul ldown menu. If you sele cted enable the address range will be advertised outside the area via a Network Summa ry LSA.
532 SPF Runs - The number of times that the intra-area rout e table has been calculated usi ng this area's link-state database. Area Border Router Count - The total number of are a border routers reachable within this area. This is initially zero, and is calculated in each SPF Pass.
533 Configuring OSPF Interface Selection Criteria Slot/Port - Select the interface for which data is to be displayed or configured. Configurable Data OSPF Admin Mode* - You may select enable or disa ble from the pulldown menu. The defa ult value is 'disable.
534 Retransmit Interval - Enter the OSPF retransmit interval for the specified interfa ce. This is the number of seconds between link-st ate advertisements for adja cenci es belonging to this router interface. This value is also used wh en retransmitting database de scriptions and link-state requ est packets.
535 LSA Ack Interval - The numbe r of seconds between LSA A cknowled gment packet transmission s, which must be less than the Retransmit Interval. OSPF Interface Type - The OSPF interface type, which will alway s be broadcast. State - The current state of the sele cted router interface.
536 Submit - Send the updated configuration to the switch. C onfiguration changes take effect immediately. These changes will not be reta ined across a power cycle unless a save is performed. Viewing Neighbor Table Information This panel displays the OSPF neighbor table list.
537 designated router. The Neighbo r IP address is learned when Hello packets are received from the neighbor. For virtual links, the Nei ghbor IP address is learned durin g the routing table build process. Neighbor Interface Index - A Slot/Port identifying the neighb or interface index.
538 Down - This is the initial state of a neighbor conversat ion. It indicates that there has been no recent information received from the nei ghbor. On NBMA netw orks, Hello packets may still be sent to "Down" neighbors, although at a reduced freque ncy.
539 Viewing OSPF Link State Database Non-Configurable Da ta Router ID - The 32 bit integer in dotted decimal format that uniquely identifies the router withi n the autonomous system (AS). The Ro uter ID is set on th e IP Configuration page. If you want to change the Router ID you must first disable OSPF.
540 Checksum - The checksum is used to detect data corrupt ion of an advertisem ent. This corruption can occur while an adverti sement is being floode d, or while it is being held in a router's memory. This field is the checksum of the complete co ntents of t he advertisement, except the LS age field.
541 Dead Interval - Enter the OSPF dead int erval for the specifie d interface in seco nds. This specifi es how long a router will wait to see a neighbor router's Hello packets before declaring t hat the router is down. This parameter must be th e same for all routers attached to a network.
542 network-LSA for the network node. The network- LSA will contain lin ks to all routers (including the Designated Router itself) attached to the netwo rk. Backup Designated Router - Thi s router is itself the Backup Desi gnated Router on the attached network.
543 Viewing OSPF Virtual Link Summary Table Non-Configurable Da ta Area ID - The Area ID portion of the virtual link identificat ion for which data is to b e displayed. The Area ID and Neighbor Router ID together define a virtual link. Neighbor Router ID - The neighbor p ortion of the virtual link identification.
544 Configuring OSPF R oute Redistribution This screen can be used to configure the OSPF Route Redistribution parameters. The allowable values for each fields are displ ayed next to the field. If any invalid values are entered, an alert message will be displayed wi th the list of all the valid values.
545 Viewing OSPF Route Redistribution Summary Information This screen displays th e OSPF R oute Redistribution Configurations. Non Configurable Data Source - The Source Route to be Redistributed by O SPF. Metric - The Metric of re distributed routes fo r the giv en Source Route.
546 8.2.3.4 Managing BOOTP/DHCP Relay Agent Configuring BOOTP/DHCP Relay Agent Configurable Data Maximum Hop Count - Enter the maximum number of hops a client requ est can take before being discarded. Server IP Address - Enter either the IP address of the B OOTP/DHCP server o r the IP address of the next BOOTP/DHCP Relay Agent.
547 Viewing BOOTP/DHCP Relay Agent Status Non-Configurable Da ta Maximum Hop Count - The maximum number of Ho ps a client request can go without bei ng discarded. Server IP Address - IP addre ss of the BOOTP/DHCP se rver or the IP address of the next BOOTP/DHCP Relay Agent.
548 8.2.3.5 Managing DNS Relay Configuring DNS Relay The DNS protocol controls the Domain Name System (DNS), a distributed database with which you can map host names to IP addresses.
549 Configuring Domain Name You can use this panel to change the configuration parameters for the domain names that can be appended to incomplete host names (i.e., host names passed from a client that are not formatted with dotted notation). You can also us e this screen to display the contents of the table.
550 Configuring Name Server You can use this panel to change the configuration parameters for the domain name servers. You can also use this screen to display the contents of the table. Configurable Data Name Server - Specifies all the existing domain name serv ers along with an additional option "Cre ate".
551 TTL - The time to live reported by the name server. Flag - The flag of the record. Command Buttons Refresh - Refresh the page with the latest DNS ca che entries. Clear All - Clear all entries in the DNS cache. Configuring DNS Host You can use this screen to change the configuration parameters for the static entry in the DNS table.
552 8.2.3.6 Managing Routing Information Protocol (RIP) Configuring RIP Global Configuration Page Configurable Data RIP Admin Mode - Select enable or disable from the pulldo wn menu. If you select enable RIP will be enabled for the switch. The default is disabled.
553 Viewing Each Routing Interfac e’s RIP Configuration Page Non-Configurable Da ta Slot/Port - The slot and port for whi c h the information is bein g displayed. IP Address - The IP Address of the router interface. Send Version - The RIP version to which RIP co ntrol packets sent from the interface conform.
554 Defining The Routing Interface ’s RIP Configuration Page Selection Criteria Slot/Port - Select the interface for which data is to be configured. Configurable Data Send Version - Select the version of RIP control packets the interf ace should send from the pulldown menu.
555 Encrypt - If you select 'Encrypt' you will be prom pted to enter both an authentication key and an authentication ID. Encryption uses the MD5 Me ssage- Digest algorithm. All routers on the net work must be configured with the same key and ID.
556 Configuring Route Redist ribution Configuration This screen can be used to configure the RIP Route Redistribut ion parameters. The allowable values for each field are displayed next to the field. If any invalid values are entered, an alert message will be displayed with the list of all the valid values.
557 Viewing Route Redistri bution Configuration This scre en displays the RIP R oute Redistribution Configurations. Non Configurable Data Source - The Source Route to be Redistributed by RI P. Metric - The Metric of redistributed ro utes for the given Source Route.
558 Command Buttons Refresh - Displays the latest RIP Route R edi stribution Configuration data. 8.2.3.7 Managing Router Discovery Configuring Router Discovery Selection Criteria Slot/Port - Select the router interface for which data is to be config ured.
559 Viewing Router Discovery Status Non-Configurable Da ta Slot/Port - The router interface for whi ch data is displayed. Advertise Mode - The values are enable or disable. Enabl e denot es that Router Discovery is enabled on that interface. Advertise Address - The IP Address u sed to advertise the router.
560 8.2.3.8 Managing Route Table Viewing Router Route Table Non-Configurable Da ta Network Address - The IP route prefix for the destination. Subnet Mask - Also referred to as the subnet/network mask, this i ndicates the portion of the IP interface address that identifies the attached network.
561 OSPF Type-1 OSPF Type-2 RIP BGP4 Next Hop Slot/Port - The outgoing router interfa c e to use w hen forwarding traffic to the destination. Next Hop IP Address - The outgoing router IP address to use when forwarding traffic to the next router (if any) in the path towards the destination.
562 OSPF Type-2 RIP BGP4 Next Hop Slot/Port - The outgoing router interfa c e to use w hen forwarding traffic to the destination. Next Hop IP Address - The outgoing router IP address to use when forwarding traffic to the next router (if any) in the path towards the destination.
563 OSPF Intra OSPF Inter OSPF Type-1 OSPF Type-2 RIP BGP4Local Next Hop Slot/Port - The outgoing router interfa c e to use w hen forwarding traffic to the destination. Next Hop IP Address - The outgoing router IP address to use when forwarding traffic to the next router (if any) in the path towards the destination.
564 Preference - Specifies a preference valu e for the configured next hop. Command Buttons Add Route - Go to a separate page where a route ca n be created. Configuring Router Route Preference Use this panel to configure the default preference for each protocol (e.
565 Local - This field displays the local route preference value. Command Buttons Submit - Send the updated configuration to the switch. C onfiguration changes take effect immediately. These changes will not be reta ined across a power cycle unless a save is performed.
566 Instructions for creating a VLAN Enter a new VLAN ID in the field labeled VLAN ID. Click on the Create button. The page wi ll be updat ed to display the interface and MAC address assigned to this new VLAN. The IP address a nd Subnet Mask fields will be 0.
567 8.2.3.10 Managing VRRP Configuring VRRP Configurable Data VRRP Admin Mode - This sets the administrative status of VRRP in the router to active or inactive. Select enable or disable from the pulldo wn menu. The default is disable. Command Buttons Submit - Send the updated configuration to the switch.
568 Slot/Port - This field is only configurable if you are cre at ing new Virtual Router, in which case select the Slot/Port for the new Virtual Router from the pulldown menu.
569 Viewing Virtual Router Status Non-Configurable Da ta VRID - Virtual Router Identifier. Slot/Port - Indicates the interface associate with the VRID. Priority - The priority value used by the VRRP router in the election for the mast er virtual router.
570 Ow n er - Set to 'True' if the Virtual IP Address and t he Interface IP Address are the same, oth erwise set to 'False'. If this parameter is set to 'True', the Virt ual Router is the owner of the Virtual IP Address, and will always win an election for mast er router when it is active.
571 Router Checksum Errors - The total number of VRRP packets received with an invalid VRRP checksum value. Router Version Errors - The total n umber of VRRP packets re ceived with an unknown or un supported version number. Router VRID Errors - The total number of VRRP packets received with an invalid VRID for this virtual router.
572 Refresh - Refresh the data on the scree n with the present state of the data in the switch. 8.2.4 Security Menu 8.2.4.1 Managing Access Control (802.1x) Defining Access Control Page Configurable Data Administrative Mode - This sel ector lists the two options for administrative mode: enable and disable.
573 Command Buttons Submit - Sends the updated screen to the swit ch and ca uses the changes to take effect on the switch but these changes will not be re tained across a powe r cycle unless a save is performed. Configuring each Port Access C ontrol Configuration Page Selection Criteria Port - Selects the port to be configured.
574 Maximum Requests - This input field allows the user to enter the maximum requests for the selected port. The maximum requests value is the maximum num ber of times the authentic ator state machine on this port will retransmit an EAPOL EAP Request/Iden tity before timing out the supplicant.
575 Port - Selects the port to be displayed. When the selection i s changed, a screen refre sh will occur causing all fields to be updated for the newly sel ected port. All physical interfaces are valid. Non-Configurable Da ta Contro l Mode - Displays the configured control mode for the specif ied port.
576 "Initialize" "Disconnec ted" "Connecting" "Authenticating" "Authenticated" "Aborting" "Held" "ForceAuthorized" "ForceUnauthorized". Backend State - This field displays the current state of the backend authentic ation state machine.
577 Viewing Access Control Summary Page Non-Configurable Da ta Port - Specifies the port whose settings are displayed in the current table row. Contro l Mode - This field indicates the configured control mode for the port.
578 Viewing each Port Access Control Statistics Page Selection Criteria Port - Selects the port to be displayed. When the selection i s changed, a screen refre sh will occur causing all fields to be updated for the newly sel ected port. All physical interfaces are valid.
579 Last EAPOL Frame Source - This displ ays the source MAC add ress ca rried in the most rece ntly received EAPOL frame. EAP Response/Id Frames Receiv ed - This displays the number of EAP response /identity frames that have been received by this authenticator.
580 Configurable Data Login - Selects the login to apply to the specified user. All configured logins are displayed. Command Buttons Submit - Sends the updated screen to the swit ch and ca uses the changes to take effect on the switch but these changes will not be re tained across a powe r cycle unless a save is performed.
581 Port - Displays the port in Slot/Port format. Users - Displays the users that have access to the p ort. Command Buttons Refresh - Update the information on the page.
582 sum of (retransmit times timeout) for all configure d servers. If the RADIUS request was generated by a user login attempt, all user interfaces wil l be bloc ked until the RADIUS application returns a response. Timeout Duration (secs) - The timeout value, in seco nds, for request retransmissi ons.
583 Configuring RADIUS Server Configuration Page Selection Criteria RADIUS Server IP Address - Selects the RADI US server to be co nfigured. Select add to add a server. Configurable Data IP Address - The IP address of the server being add ed. Port - The UDP port used by this server.
584 RADIUS Server IP Address - Selects the IP addre ss of the RA DIUS server for which to display statistics. Non-Configurable Da ta Round Trip Time (secs) - The time interval, in hundredths of a second, betwe en the most recent Access-Reply/Access-Chall enge and the Access-Req u e st that matched it from this RADIUS authentication server.
585 Defining RADIUS Accounting Se rver Configuration Page Selection Criteria Accounting Server IP Address - Selects the accounting server fo r which data is to be display ed or configured. If the add item is selected, a new accou nting server can be configured.
586 Viewing RADIUS Accounting Server Statistics Page Non-Configurable Statistics Accounting Server IP Address - Identifies the accounting server associated wi th the statistics.
587 Resetting All RADIUS Statistics Page Command Buttons Clear All RADIUS Statistics - This button will clear the acco unt ing server, authentication server, and RADIUS statistics.
588 Authen. Port - The TCP port number of TACACS+. Server Time Out - Timeout value of TACACS+ packet transmit. Retry Count - Retry count after transmit timeout. Status - The TACACS+ server status which ar e "di sable”, “master" and "slave".
589 Command Buttons Submit - Send the updated screen to the switch. Changes ta ke effect on the switch but these changes will not be retained across a power cy cle unless a save is performed.
590 8.2.4.6 Defining Secure Shell Configuration Configuring Secure She ll Configuration Page Configurable Data Admin Mode - This select field is used to Enable or Disable the administrative mode of SSH. The currently configured value is sh own when the web page is displaye d.
591 8.2.5 QOS Menu 8.2.5.1 Managing Access Control Lists Configuring IP Access Contro l List Configuration Page An IP ACL consists of a set of rules which are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit/Deny) is taken and the additional rules are not checked for a match.
592 Viewing IP Access Control List Summary Page Non-Configurable Da ta IP ACL ID - The IP ACL identifier. Rules - The number of rul es currently configured for the IP ACL. Direction - The direction of packet traffic affected by the IP ACL. Direction can only be: Inbound Slot/Port(s) - The interfaces to which the IP ACL applies.
593 Selection Criteria IP ACL ID - Use the pulldown menu to select the IP ACL for which to create or update a rule. Rule - Select an existing rule from the pulldown menu, or select 'Create New Rul e.' ACL as well as an option to add a new Rule.
594 Destination IP Address - Enter an IP address using dotted-decimal notation to be com pared to a packet's destination IP Address as a match criteria for the sele cted extended IP ACL rule. Destination IP Mask - Specify the IP Mask in dotted-deci mal notation to be used with the Destination IP Address value.
595 Configuring MAC Access Control List Configuration Page A MAC ACL consists of a set of rules which are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit/Deny) is taken and the additional rules are not checked for a match.
596 Viewing MAC Access Control List Summary Page Non-Configurable Da ta MAC ACL Name - MAC ACL identifier. Rules - The number of rul es currently configured for the MAC ACL. Direction - The direction of packet traffic affected by the MAC ACL. Valid Directions Inbound Slot/Port - The interfaces to which the MAC ACL applies.
597 Configurable Data Rule - Enter a whole number in the range of (1 to 8) that will be used to identify the rule. Action - Specify what action should b e taken if a pack et matches the rule's criteria.
598 Command Buttons Submit - Send the updated configuration to the switch. C onfiguration changes take effect immediately. These changes will not be reta ined across a power cycle unless a save is performed. Delete - Remove the currently selected Rule from the selected ACL.
599 number. If the sequence number is not spe cified by the user, a sequence number that is one greater than the highest sequence numbe r currently in use fo r this interface and direction will be used. Valid range is (1 to 4294967295). Non-Configurable Da ta Slot/Port - Displays select ed interface.
600 on a per-class instan ce basis, and it is these attributes that are applied when a match o ccurs. The configuration pro cess begins with defining on e or more mat ch criteria for a class. Then one or more classes are a dded to a policy. Policies are then added to interfaces.
601 Class Selector - Along with an option to create a new class, this lists all the existing DiffServ class names, from which o ne can be selecte d. The content of this screen varies base d on the selection of this field. If an existing class is selected then the screen will display the configured class.
602 Class Type - Displays types of the configure d classes as 'all', 'any', or 'acl'. Class types are platform dependent. Reference Class/ACL Number - Di splays name of the configured class of type ' all' or 'any' referenced by the specified class of th e same type.
603 Viewing DiffServ Policy Summary Page Non-Configurable Da ta Policy Name - Displays name of the DiffServ policy. Policy Type - Displays type of the policy as 'In'.
604 Viewing DiffServ Policy Attribute Summary Page Non-Configurable Da ta Policy Name - Displays name of the specified DiffServ policy. Policy Type - Displays type of the specified policy as 'In’ or 'Out'. Class Name - Displays name of the DiffServ class to which this policy is attached.
605 Slot/Port - Shows the Slot/Port that uni quely specifies an interface. Direction - Shows the traffic direction of this service interface. Oper. Status - Shows the operational status of this se rvice interface, either Up or Down. Policy Name - Shows the name of the attached policy.
606 Viewing DiffServ Service Detailed Statistics Page This screen displays class-oriented statistical in format ion for the policy, which is specified by the interface and direction. T he 'Mem ber Classes' drop down list is populated on the basis of the specified interface and direction an d hence the attached policy (if any).
607 8.2.5.3 Configuring Diffserv Wizard Page Operation The DiffServ Wizard enables DiffServ on the sw itch by creating a traffic class, adding the traffic class to a policy, and then adding the policy to the port s selected on DiffServ Wizard page.
608 8.2.5.4 Managing Class of Service Managing Table Configuration Page Selection Criteria Slot/Port - Specifies all CoS configurable interfaces. The option "Global" represent s the most recent global configuration settings. These may be overridden on a per-interface basi s.
609 Non-IP Traffic Class - Displays traffic class (i.e. queue) to which all non-IP traffic is directed when in 'trust ip-precedence' or 'trust ip-d scp' mode. Valid Range is (0 to 6). 802.1p Priority - Displays the 802.1p pri ority to be mapped.
610 Slot/Port - Specifies all CoS configurable interfaces. The option "Global" represent s the most recent global configuration settings. These may be overridden on a per-interface basi s. Configurable Data Interface Shaping Rate - Specifies the maximum ba ndwidth a llowed, typically used to shape the outbound transmission rate.
611 Scheduler Type - Specifies the type of scheduli ng used for this queue. Scheduler Type can only be one of the following: strict weighted Default value is weighted. Queue Management Ty pe - Queue depth management technique used for queues on this interface.
612 Minimum Bandwidth - Specifies the minimum gu aranteed bandwidth allotted to this que ue. The value 0 means no guaranteed minimum. Sum of individual Minimum Ban d width values for all queues in the selected interface cannot exceed defined maximum (100).
613 Non-Configurable Da ta Version - The current value of the DVMRP version string. Total Number of Routes - The number of route s in the DVMRP routing table. Reachable Routes - The number of rout es in the DVMRP rout ing table that have a non-infinite metric.
614 Viewing DVMRP Configuration Summary Selection Criteria o Slot/Port - Select the interface for which data is to be displayed. You must configure at least one router interface before you can display data for a DVMRP in terface.
615 Neighbor Expiry Time - The DVMRP expiry time for the specif ied neighbor on the sel ected interface. This is the time left before this neighbor entry will age out, and is not applicable if the neighbor router's state is down. Generation ID - The DVM RP generation ID for the specified neighbor on the selected interf ace.
616 Viewing DVMRP Next Hop Configuration Summary Non-Configurable Da ta Source IP - The IP address used with the source mask to identify the source network for this table entry. Source Mask - The network mask used with the source IP address. Next Hop Interface - The outgoin g interface for this next hop.
617 Viewing DVMRP Prune Summary Non-Configurable Da ta Group IP - The group address which has bee n pruned. Source IP - The address of the sou rce or source network whi ch has been pruned. Source Mask - The subnet mask to be combined wit h the source IP address to identify the source or source network which has been p runed.
618 Source Mask - The subnet mask to be combi ned with the s ource address to identify the sources for this entry. Upstream Neighbor - The address of the upstream neigh bor (e.g., RPF neighbor) from which IP datagrams from these source s are received.
619 Configuring IGMP Interface Configuration Page Selection Criteria Slot/Port - Select the slot and port for which data is to be displayed or configu red from the pulldown m enu.
620 Command Buttons Submit - Send the updated configuration to the router. C onfiguration changes take effect immediately. These changes will not be reta ined across a power cycle unless a save is performed. Viewing IGMP Configuration Summary Selection Criteria Slot/Port - Select the slot and port for which data is to be displayed.
621 Query Max Response Time - The maxi mum query response time advertised in IGMPv2 queries sent from the selected interface. Robustness - The robu stness parameter for the selected in terface. This variable allows tuning for the expected packet loss on a subnet.
622 Viewing IGMP Cache Information Selection Criteria Slot/Port - Select the Slot and port for which data is to be displayed. Slot 0 is the base unit. Multicast Group IP - Select the IP multi cast group address for whic h data is to be displayed.
623 Version 1 Host Timer - Th e time remaining until the local router will assume that there are no longer any IGMP version 1 members on the IP subnet attac hed to this interfa ce. When an IGMPv1 membership report is recei ved, this timer is reset to the group me mbership timer.
624 Source Filter Mode - The source filter mode (Include/Exc lude/NA ) for the specified group on this interface. Source Hosts - This parameter shows sou rce addresses which are membe rs of this multicast addre ss. Expiry Time - This parameter shows ex piry time in terval against each sour ce address which are members of this multicast group.
625 Configuring Interface’s Mult icast Configuration Page Selection Criteria Slot/Port - Select the routing interface you want to configure from the dropdo wn menu. Configurable Data TTL Threshold - Enter the TTL thresh old below which a multicast data packet will not be forwarded from the selected interface.
626 Source IP - Enter the IP address of the multicast packet sour ce to be combined with the Group IP to fully identify a single route whose Mroute table entry you w ant to display or clear. You may leave this field blank. Group IP - Enter the destination group IP address whose mult icast route(s) you want to display or clear.
627 Configurable Data Source IP - Enter the IP Address that identifies the multicast packet so urce for the entry you are creating. Source Mask - Enter the subnet mask to be applie d to the Source IP address. RPF Neighbor - Enter the IP address of the neighbo r router on the path to the source.
628 Configuring Multicast Admin B oundary Configuration Page The definition of an administratively scoped bo undary is a mechanism is a way to stop the ingress and egress of multi cast traffic for a gi ven range of multicast addresse s on a given routing interface.
629 Slot/Port - The router interface to which the admin istratively scop ed address range is applied. Group IP - The multicast group address for the sta rt of the range of addresses to be exclude d. Group Mask - The mask that is applied to the multicast group address.
630 Non-Configurable Da ta Router Interface - The IP address of the router interfac e for which configuration information was requested. Neighboring router's IP Address - Th e IP address of the neighboring route r . Metric - The routing metric for this router.
631 Viewing Mstat Summary Page This screen is used to display the results of an mstat command. Non-Configurable Da ta This screen shows the path taken by multicast tra ffic between the specified IP a ddresses. Forward data flow is indicated by arrows pointing downward and t he query path is indicated by arrows pointin g upward.
632 Admin Mode - Select enable or disabl e from the pulldow n menu. If you select enable the router will process and forward mtrace requests received fro m other routers, otherwise received mtrace requests will be discarded. This field is non-confi gurable for read-only users.
633 Viewing Mtrace Summary Page This screen d isplays the results of an mtrace command. The mtr ace command is used to trace the path from source to a destinatio n branch for a multicast distribution tree. Non-Configurable Da ta Number of hops away from destination - The number of hops away from the destination.
634 Configuring Interface’s PI M-DM Configuration Page Selection Criteria Slot/Port - Select the Slot and port for which data is to be displayed or co nfigured.
635 Protocol State - The operational state of the PIM-DM protocol on this interfa ce. Hello Interval - The frequency at whi ch PIM hello messages are transmitted on the selected interface. IP Address - The IP address of the selected interface. Neighbor Count - The number of PIM neigh bors on the selected interface.
636 Data Threshold Rate - Enter the minimum source data rate in K bits/se cond above which the last-hop router will switch to a source-specific sh ortest path tr ee.
637 Configuring Interface’s PI M-SM Configuration Page Selection Criteria Slot/Port - Select the slot and port for which data is to be displayed or configured. Slot 0 is the base unit. Configurable Data Mode - Select enable or disable from the pulldo wn menu to set the administrative status of PIM-SM in the router.
638 Protocol State - The operational state of the PIM-SM protocol on this interfa ce. IP Address - The IP address of the selected PIM interface. Net Mask - The network mask for the IP addre ss of the selected PIM interface. Designated Router - The De signated Router on the selected PIM interface.
639 Component Index - Uniqu e number identifying the component index. Component BSR Address - Displays t he IP address of the bootst rap router (BSR) for the lo cal PIM region. Component BSR Expiry Time - Displays the minimum time remaining befo re the bootstrap router in the local domain will be declared.
640 Group Address - The group addre ss transmitted in Candidate-RP-Advertisements. Group Mask - The group addres s mask transmitted in Candi date-RP-Advertisements to fully identify the scope of the group which t he router will su pport if elected as a Rendezvous Point.
An important point after buying a device Fortinet MR1 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Fortinet MR1 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Fortinet MR1 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Fortinet MR1 you will learn all the available features of the product, as well as information on its operation. The information that you get Fortinet MR1 will certainly help you make a decision on the purchase.
If you already are a holder of Fortinet MR1, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Fortinet MR1.
However, one of the most important roles played by the user manual is to help in solving problems with Fortinet MR1. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Fortinet MR1 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center