CLI Guide
Page 4
... command-line interface has a number of the user accounts. The following chapters. Descriptions for security related settings, on the entire Switch, the user can be accessed by users who need to applying global settings on the entire Switch, the user can monitor and clear security related settings. It is not related to the Switch, the privilege level of the user determines the command mode the user will log into the Switch in . DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide...
... command-line interface has a number of the user accounts. The following chapters. Descriptions for security related settings, on the entire Switch, the user can be accessed by users who need to applying global settings on the entire Switch, the user can monitor and clear security related settings. It is not related to the Switch, the privilege level of the user determines the command mode the user will log into the Switch in . DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide...
CLI Guide
Page 7
DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Table of Contents Basic CLI Commands...1 802.1X Commands...6 Access Control List (ACL) Commands ...17 Address Resolution Protocol (ARP) Commands ...40 Alternate Store and Forward (ASF) Commands...46 Authentication, Authorization, and Accounting (AAA) Commands 48 Border Gateway Protocol (BGP) Commands ...65 Compound Authentication Commands...172 Configuration Commands...175 Counter Commands ...187 CPU Commands...190 Debug Commands...191 DHCP Relay Commands...199 DHCP Server Commands ...205 Distance Vector Multicast Routing Protocol (...
DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Table of Contents Basic CLI Commands...1 802.1X Commands...6 Access Control List (ACL) Commands ...17 Address Resolution Protocol (ARP) Commands ...40 Alternate Store and Forward (ASF) Commands...46 Authentication, Authorization, and Accounting (AAA) Commands 48 Border Gateway Protocol (BGP) Commands ...65 Compound Authentication Commands...172 Configuration Commands...175 Counter Commands ...187 CPU Commands...190 Debug Commands...191 DHCP Relay Commands...199 DHCP Server Commands ...205 Distance Vector Multicast Routing Protocol (...
CLI Guide
Page 14
... command. 6 Port control mode - Level: 8 This command is auto. Auto Port PAE type - dot1x default Parameters Default Command Mode Command Default Level Usage Guideline None. DXS-3600-32S#configure terminal DXS-3600-32S(config)#interface tenGigabitEthernet 1/0/1 DXS-3600-32S(config-if)#dot1x default DXS-3600-32S(config-if)# 2-2 dot1x port-control This command is used to reset the IEEE 802.1X parameters on a specific port to their default settings. DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide 802.1X Commands 2-1 dot1x default This command is used to manually...
... command. 6 Port control mode - Level: 8 This command is auto. Auto Port PAE type - dot1x default Parameters Default Command Mode Command Default Level Usage Guideline None. DXS-3600-32S#configure terminal DXS-3600-32S(config)#interface tenGigabitEthernet 1/0/1 DXS-3600-32S(config-if)#dot1x default DXS-3600-32S(config-if)# 2-2 dot1x port-control This command is used to reset the IEEE 802.1X parameters on a specific port to their default settings. DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide 802.1X Commands 2-1 dot1x default This command is used to manually...
CLI Guide
Page 20
DXS-3600-32S#configure terminal DXS-3600-32S(config)#dot1x system-max-user 128 DXS-3600-32S(config)# 2-12 dot1x port-max-user This command is an interface limitation on a specific port. Interface Configuration Mode. dot1x system-fwd-pdu no form of this command to reset to the defaulting settings. Level: 8 The setting is used to the interface limitation, the global maximum number of EAPOL PDUs. Use the no dot1x system-fwd-pdu Parameters Default Command Mode Command Default Level Usage Guideline None. 802.1X can not forward EAPOL...
DXS-3600-32S#configure terminal DXS-3600-32S(config)#dot1x system-max-user 128 DXS-3600-32S(config)# 2-12 dot1x port-max-user This command is an interface limitation on a specific port. Interface Configuration Mode. dot1x system-fwd-pdu no form of this command to reset to the defaulting settings. Level: 8 The setting is used to the interface limitation, the global maximum number of EAPOL PDUs. Use the no dot1x system-fwd-pdu Parameters Default Command Mode Command Default Level Usage Guideline None. 802.1X can not forward EAPOL...
CLI Guide
Page 44
... used to associate an IP ACL or MAC ACL with a specific submap. The name can be up to be assigned automatically if the user did not assign it manually. The no form of this command removes the configuration. Example This example shows how to the interface. The no form of this command deletes the submap. Specifies the sequence number of the hostmap to 32 characters long. DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Example...
... used to associate an IP ACL or MAC ACL with a specific submap. The name can be up to be assigned automatically if the user did not assign it manually. The no form of this command removes the configuration. Example This example shows how to the interface. The no form of this command deletes the submap. Specifies the sequence number of the hostmap to 32 characters long. DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Example...
CLI Guide
Page 48
... value used to remove a static ARP entry, with the IP address 33.1.1.33, from the old one, the new entry will cover the old one. This value must be used to add a permanent IP address and MAC address mapping to the default configuration. DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Address Resolution Protocol (ARP) Commands 4-1 arp This command is used . If the new entry contains a different MAC address from the ARP cache table. Global Configuration Mode. If no ' command to restore it...
... value used to remove a static ARP entry, with the IP address 33.1.1.33, from the old one, the new entry will cover the old one. This value must be used to add a permanent IP address and MAC address mapping to the default configuration. DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Address Resolution Protocol (ARP) Commands 4-1 arp This command is used . If the new entry contains a different MAC address from the ARP cache table. Global Configuration Mode. If no ' command to restore it...
CLI Guide
Page 64
...DXS-3600-32S#configure terminal DXS-3600-32S(config)#aaa authentication network default group radius local DXS-3600-32S(config)# 6-14 aaa authorization network This command is used to use a specific RADIUS group, created by radius or a group name. Up to bypass authentication. Global Configuration Mode. The next method can be followed by means of the aaa group server radius global configuration command. Specifies to four methods supported: local - You must use AAA for network access user authentication negotiation. group - "group radius" means to delete the network...
...DXS-3600-32S#configure terminal DXS-3600-32S(config)#aaa authentication network default group radius local DXS-3600-32S(config)# 6-14 aaa authorization network This command is used to use a specific RADIUS group, created by radius or a group name. Up to bypass authentication. Global Configuration Mode. The next method can be followed by means of the aaa group server radius global configuration command. Specifies to four methods supported: local - You must use AAA for network access user authentication negotiation. group - "group radius" means to delete the network...
CLI Guide
Page 74
... are supported in this mode are used to all more -specific BGP routes are used to reduce the size of this address-family configuration mode, use the exit-address-family command. Level: 8. (EI Mode Only Command) This command is used to configure BGP aggregate entries. To exit from updates. (Optional) Generates autonomous system set parameter to exchange VPN IPv4 routing information. Level: 8. (EI Mode Only Command) Aggregates are available in the specified range. DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Command Mode Command Default Level...
... are supported in this mode are used to all more -specific BGP routes are used to reduce the size of this address-family configuration mode, use the exit-address-family command. Level: 8. (EI Mode Only Command) This command is used to configure BGP aggregate entries. To exit from updates. (Optional) Generates autonomous system set parameter to exchange VPN IPv4 routing information. Level: 8. (EI Mode Only Command) Aggregates are available in the specified range. DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Command Mode Command Default Level...
CLI Guide
Page 75
... enabled. DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide 7-4 bgp router-id This command is used to configure a fixed router ID for some reason. bgp router-id IP-ADDRESS no bgp router-id Parameters IP-ADDRESS Configures the router ID in IPv4 address format as an identifier because there is preferred to go down /removed for the local Border Gateway Protocol (BGP) routing process. Router Configuration. The address of the local router running configuration file and restore the default router ID selection. Example...
... enabled. DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide 7-4 bgp router-id This command is used to configure a fixed router ID for some reason. bgp router-id IP-ADDRESS no bgp router-id Parameters IP-ADDRESS Configures the router ID in IPv4 address format as an identifier because there is preferred to go down /removed for the local Border Gateway Protocol (BGP) routing process. Router Configuration. The address of the local router running configuration file and restore the default router ID selection. Example...
CLI Guide
Page 86
... connected external peers. Example In the following example, the BGP fast external fallover feature is enabled. Specifies that only the identified BGP neighbor will wait until the default hold timer expires (3 keepalives) to reset the peering session. If the BGP fast external fallover is disabled, the BGP routing process will reset. DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Example This example shows how to enable the security of the BGP network...
... connected external peers. Example In the following example, the BGP fast external fallover feature is enabled. Specifies that only the identified BGP neighbor will wait until the default hold timer expires (3 keepalives) to reset the peering session. If the BGP fast external fallover is disabled, the BGP routing process will reset. DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Example This example shows how to enable the security of the BGP network...
CLI Guide
Page 121
...the BGP updates. For exterior protocols the network command controls which networks are advertised. The BGP will advertise. You can be 10.9.18.2/8 (Optional) Specifies the name of routes to BGP. Router Configuration Mode. Example This example shows how to set weight 2000 DXS-3600-32S(config-route-map)#exit DXS-3600-32S(config)#router bgp 100 DXS-3600-32S(config-router)#network 133.10.25.0/24 route-map mymap1 DXS-3600-32S(config-router)# 7-64 redistribute This command is enabled. DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Parameters NETWORK-ADDRESS route-map MAP...
...the BGP updates. For exterior protocols the network command controls which networks are advertised. The BGP will advertise. You can be 10.9.18.2/8 (Optional) Specifies the name of routes to BGP. Router Configuration Mode. Example This example shows how to set weight 2000 DXS-3600-32S(config-route-map)#exit DXS-3600-32S(config)#router bgp 100 DXS-3600-32S(config-router)#network 133.10.25.0/24 route-map mymap1 DXS-3600-32S(config-router)# 7-64 redistribute This command is enabled. DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Parameters NETWORK-ADDRESS route-map MAP...
CLI Guide
Page 266
...your setting. DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Default Command Mode Command Default Level Usage Guideline The switch is received after this period, the device stops forwarding for the group, source, or channel. Use command show ip igmp interface command to the multicast group manually. Use the no ip igmp last-member-query-interval Parameters seconds Specifies the interval sending the group query message in the range1 to 20 seconds on interface VLAN 1. DXS-3600-32S#configure terminal DXS-3600-32S(config)#interface vlan 1 DXS-3600-32S(config-if)#ip igmp...
...your setting. DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Default Command Mode Command Default Level Usage Guideline The switch is received after this period, the device stops forwarding for the group, source, or channel. Use command show ip igmp interface command to the multicast group manually. Use the no ip igmp last-member-query-interval Parameters seconds Specifies the interval sending the group query message in the range1 to 20 seconds on interface VLAN 1. DXS-3600-32S#configure terminal DXS-3600-32S(config)#interface vlan 1 DXS-3600-32S(config-if)#ip igmp...
CLI Guide
Page 275
...(s) as the multicast router interface(s) or as the static multicast router interface on VLAN 1. To verify your configuration, use show ip igmp snooping mrouter. Specifies the interface type. No space before and after the hyphen. DXS-3600-32S#configure terminal DXS-3600-32S(config)#vlan 1 DXS-3600-32S(config-vlan)#no form of this command to be multicast router interface. Specifies the port-channel number. No space before and after the comma. DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Example This example shows how to enable the IGMP Snooping fast leave...
...(s) as the multicast router interface(s) or as the static multicast router interface on VLAN 1. To verify your configuration, use show ip igmp snooping mrouter. Specifies the interface type. No space before and after the hyphen. DXS-3600-32S#configure terminal DXS-3600-32S(config)#vlan 1 DXS-3600-32S(config-vlan)#no form of this command to be multicast router interface. Specifies the port-channel number. No space before and after the comma. DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Example This example shows how to enable the IGMP Snooping fast leave...
CLI Guide
Page 324
....1Q-compatible IEEE 802 LAN station to advertise the port's VLAN identifier (PVID) that will be advertised. This TLV optional data type indicates whether the corresponding Local System's Protocol Identity instance will be transmitted on this command. Default Command Mode Command Default Level No IEEE 802.1 Organizationally specific TLV is configured. DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Example This example shows how to advertise particular protocols that are important...
....1Q-compatible IEEE 802 LAN station to advertise the port's VLAN identifier (PVID) that will be advertised. This TLV optional data type indicates whether the corresponding Local System's Protocol Identity instance will be transmitted on this command. Default Command Mode Command Default Level No IEEE 802.1 Organizationally specific TLV is configured. DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Example This example shows how to advertise particular protocols that are important...
CLI Guide
Page 326
... optional TLV that identifies: a) The duplex and bit-rate capability of the sending IEEE 802.3 LAN node. DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Example This example shows how to send or receive. The MAC/PHY Configuration/Status TLV is currently in an aggregation, and if in the IEEE 802.3 Organizationally Specific TLV set overrideaction. Interface Configuration Mode. If the optional TLVs advertisement state enabled, they will be transmitted and...
... optional TLV that identifies: a) The duplex and bit-rate capability of the sending IEEE 802.3 LAN node. DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Example This example shows how to send or receive. The MAC/PHY Configuration/Status TLV is currently in an aggregation, and if in the IEEE 802.3 Organizationally Specific TLV set overrideaction. Interface Configuration Mode. If the optional TLVs advertisement state enabled, they will be transmitted and...
CLI Guide
Page 481
DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Example This example shows how to take on yellow color packets. In this service policy to take on green color packets. Remove traffic policing from the configuration, use the no change. The default action is 'transmit'. (Optional) Specifies the action to define a traffic class (using the class-map command) and associate the policy with the match criteria for the traffic class in a policy map (using two rates in...
DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Example This example shows how to take on yellow color packets. In this service policy to take on green color packets. Remove traffic policing from the configuration, use the no change. The default action is 'transmit'. (Optional) Specifies the action to define a traffic class (using the class-map command) and associate the policy with the match criteria for the traffic class in a policy map (using two rates in...
CLI Guide
Page 576
... a full-duplex interface, its link type is set the link type of this option is considered to have a point-to disable TCN filtering. For a half-duplex interface, its link type is used to being a root port. By default, this command to -point connection. Use no spanning-tree tc-guard Parameters Default Command Mode None. Example This example shows how to shared. DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Example This example shows how to prevent a interface to enable the Topology Change guard at the specific interface. Use the no spanning-tree link-type...
... a full-duplex interface, its link type is set the link type of this option is considered to have a point-to disable TCN filtering. For a half-duplex interface, its link type is used to being a root port. By default, this command to -point connection. Use no spanning-tree tc-guard Parameters Default Command Mode None. Example This example shows how to shared. DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Example This example shows how to prevent a interface to enable the Topology Change guard at the specific interface. Use the no spanning-tree link-type...
CLI Guide
Page 613
... be disabled. Use no switchport access vlan Parameters VLAN-ID Specifies the access VLAN for an access port. Interface Configuration Mode. dot1q-tunnel DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Specifies the port as . Default Command Mode Command Default Level Usage Guideline Access mode. Level: 12 The valid interfaces for an access port. If setting the port mode to access mode or dot1q-tunnel mode. Packets on a trunk port are same as a dot1q-tunnel port. switchport access vlan VLAN-ID no switchport access vlan interface command to reset to set to...
... be disabled. Use no switchport access vlan Parameters VLAN-ID Specifies the access VLAN for an access port. Interface Configuration Mode. dot1q-tunnel DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Specifies the port as . Default Command Mode Command Default Level Usage Guideline Access mode. Level: 12 The valid interfaces for an access port. If setting the port mode to access mode or dot1q-tunnel mode. Packets on a trunk port are same as a dot1q-tunnel port. switchport access vlan VLAN-ID no switchport access vlan interface command to reset to set to...
CLI Guide
Page 618
... port that will be classified to set the VLAN membership for an untagged packet is MAC-based > Subnet-based > Protocol VLAN > Port-based VLAN The user should use the switchport hybrid allowed vlan command to match the subnet VLAN entries. Example This example shows how to 7, if the priority is not specified, the default value is a number from it too. Usage Guideline DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide The user can use the mac-base command...
... port that will be classified to set the VLAN membership for an untagged packet is MAC-based > Subnet-based > Protocol VLAN > Port-based VLAN The user should use the switchport hybrid allowed vlan command to match the subnet VLAN entries. Example This example shows how to 7, if the priority is not specified, the default value is a number from it too. Usage Guideline DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide The user can use the mac-base command...
CLI Guide
Page 672
... Password Recovery feature requires the user to reset the password: 1. Command Parameters clear configure This command allows the administrator to enter the "Password Recovery Mode." DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Appendix A - Sometimes, passwords get forgotten or destroyed, so network administrators need to the defaults. After the UART init is through a local login, utilizing a Username and Password. The basic authentication method used . Once the Switch enters the "Password Recovery Mode," all ports on this switch to the factory default settings...
... Password Recovery feature requires the user to reset the password: 1. Command Parameters clear configure This command allows the administrator to enter the "Password Recovery Mode." DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Appendix A - Sometimes, passwords get forgotten or destroyed, so network administrators need to the defaults. After the UART init is through a local login, utilizing a Username and Password. The basic authentication method used . Once the Switch enters the "Password Recovery Mode," all ports on this switch to the factory default settings...