0% found this document useful (0 votes)

46 views1,822 pages

TCS CLI 8.4.2.4 20-Jul-2011

Uploaded by

Michele Brunelli

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

46 views1,822 pages

TCS CLI 8.4.2.4 20-Jul-2011

Uploaded by

Michele Brunelli

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 1822

FTOS Command Line Reference Guide

FTOS Version 8.4.2.4 July 20, 2011

Copyright 2011 Force10 Networks

All rights reserved. Printed in the USA. July 2011. Force10 Networks reserves the right to change, modify, revise this publication without notice. Trademarks Force10 Networks, Force10, E-Series, Traverse, Traverseedge, and Turin Networks are registered trademarks of Force10 Networks, Inc. Force10, the Force10 logo, E1200, E600, E600i, E300, EtherScale, TeraScale, FTOS, C-Series, and S-Series are trademarks of Force10 Networks, Inc. All other brand and product names are registered trademarks or trademarks of their respective holders. Statement of Conditions In the interest of improving internal design, operational function, and/or reliability, Force10 Networks reserves the right to make changes to products described in this document without notice. Force10 Networks does not assume any liability that may occur due to the use or application of the product(s) described herein.
=

Contents
Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii Preface About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xv Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xv Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xv Information Symbols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi Related Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi

Chapter 1 CLI Basics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Accessing the Command Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Multiple Configuration Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Navigating the Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Obtaining Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Using the Keyword No . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Filtering show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Displaying All Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Filtering Command Output Multiple Times . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Command Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 EXEC Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 EXEC Privilege Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 CONFIGURATION Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 INTERFACE Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 LINE Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 TRACE-LIST Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 MAC ACCESS LIST Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 IP ACCESS LIST Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 ROUTE-MAP Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 PREFIX-LIST Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 AS-PATH ACL Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 IP COMMUNITY LIST Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 REDIRECT-LIST Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Command Line Reference for FTOS version 8.4.2.4 Publication Date: July 20, 2011 iii

SPANNING TREE Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Per-VLAN SPANNING TREE Plus Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . RAPID SPANNING TREE Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MULTIPLE SPANNING TREE Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PROTOCOL GVRP Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ROUTER OSPF Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ROUTER RIP Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ROUTER ISIS Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ROUTER BGP Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Determining the Chassis Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10 11 11 11 11 12 12 12 12 13

Chapter 2 File Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Basic File Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Upgrading the C-Series FPGA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Chapter 3 BOOT_USER Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Chapter 4 Control and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Chapter 5 802.1ag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

Chapter 6 802.3ah . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Chapter 7 802.1X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

Chapter 8 Access Control Lists (ACL). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Commands Common to all ACL Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Common IP ACL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Standard IP ACL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Extended IP ACL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Common MAC Access List Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Standard MAC ACL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Extended MAC ACL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IP Prefix List Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Route Map Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . AS-Path Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IP Community List Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 199 202 206 213 247 251 255 261 267 286 290

Chapter 9 ACL VLAN Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295

Chapter 10 Bidirectional Forwarding Detection (BFD). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

Chapter 11 Border Gateway Protocol IPv4 (BGPv4) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . BGPv4 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MBGP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . BGP Extended Communities (RFC 4360) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317 318 399 428

Chapter 12 Content Addressable Memory (CAM) for ExaScale . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439 Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440

Chapter 13 Content Addressable Memory (CAM). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449 CAM Profile Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449 Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450 Command Line Reference for FTOS version 8.4.2.4 Publication Date: July 20, 2011 v

CAM IPv4flow Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463 CAM Layer 2 ACL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466

Chapter 14 Configuration Rollback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469

Chapter 15 Dynamic Host Configuration Protocol (DHCP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479 Commands to Configure the System to be a DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479 Commands to Configure Secure DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488

Chapter 16 Equal Cost Multi-Path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495

Chapter 17 Far-End Failure Detection (FEFD). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501

Chapter 18 Force10 Resilient Ring Protocol (FRRP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507 Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507

Chapter 19 Force10 Service Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517

Chapter 20 GARP VLAN Registration (GVRP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555 Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556

Chapter 21 High Availability (HA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 565

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 565 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 565

Chapter 22 Internet Group Management Protocol (IGMP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 577

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IGMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IGMP Snooping Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Important Points to Remember for IGMP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Important Points to Remember for IGMP Querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 577 577 577 589 589 589

Chapter 23 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 595

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Basic Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Port Channel Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Time Domain Reflectometer (TDR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . UDP Broadcast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 595 595 657 667 667 669 669

Chapter 24 IPv4 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 673

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 673 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 673

Chapter 25 IPv6 Access Control Lists (IPv6 ACLs). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 731

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IPv6 ACL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IPv6 Route Map Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 731 731 732 759

Chapter 26 IPv6 Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 765

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 765 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 765

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

vii

Chapter 27 IPv6 Border Gateway Protocol (IPv6 BGP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 781

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 781 IPv6 BGP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 781 IPv6 MBGP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 850

Chapter 28 Intermediate System to Intermediate System (IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 877

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 877 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 877

Chapter 29 Link Aggregation Control Protocol (LACP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 925

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 925 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 925

Chapter 30 Layer 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 933

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 933 MAC Addressing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 933 Virtual LAN (VLAN) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 956

Chapter 31 Link Layer Detection Protocol (LLDP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 967

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 967 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 967 LLDP-MED Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 976

Chapter 32 Multicast Listener Discovery (MLD) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 985

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 985 MLD Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 985 MLD Snooping Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 992

Chapter 33 Multicast Source Discovery Protocol (MSDP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 997

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 997 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 997

Chapter 34 Multiple Spanning Tree Protocol (MSTP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1009

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1009 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1009 viii

Chapter 35 Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1027

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1027 IPv4 Multicast Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1027 IPv6 Multicast Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1038

Chapter 36 Neighbor Discovery Protocol (NDP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1045

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1045 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1045

Chapter 37 Object Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1053

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1053 IPv4 Object Tracking Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1053 IPv6 Object Tracking Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1067

Chapter 38 Open Shortest Path First (OSPFv2 and OSPFv3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1073

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1073 OSPFv2 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1074 OSPFv3 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1137

Chapter 39 Policy-based Routing (PBR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1163

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1163 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1163

Chapter 40 PIM-Dense Mode (PIM-DM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1173

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1173 IPv4 PIM-Dense Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1173

Chapter 41 PIM-Sparse Mode (PIM-SM). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1175

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1175 IPv4 PIM-Sparse Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1175 IPv6 PIM-Sparse Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1202

Chapter 42 PIM-Source Specific Mode (PIM-SSM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1215

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1215 IPv4 PIM Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1215 Command Line Reference for FTOS version 8.4.2.4 Publication Date: July 20, 2011 ix

IPv4 PIM-Source Specific Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1215 IPv6 PIM Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1217 IPv6 PIM-Source Specific Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1217

Chapter 43 Power over Ethernet (PoE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1219

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1219 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1219

Chapter 44 Port Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1227

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1227 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1227 Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1228

Chapter 45 Private VLAN (PVLAN). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1241

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1241 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1241 Private VLAN Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1241

Chapter 46 Per-VLAN Spanning Tree plus (PVST+) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1251

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1251 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1251

Chapter 47 Quality of Service (QoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1267

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Global Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Per-Port QoS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Policy-Based QoS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Important Points to Remembermulticast-bandwidth option . . . . . . . . . . . . . . . . . . . . . . . . . Queue-Level Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1267 1267 1268 1277 1292 1316

Chapter 48 Router Information Protocol (RIP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1329

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1329 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1329

Chapter 49 Remote Monitoring (RMON) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1349

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1349

Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1349

Chapter 50 Rapid Spanning Tree Protocol (RSTP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1361

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1361 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1361

Chapter 51 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1373

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . AAA Accounting Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Authorization and Privilege Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Authentication and Password Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . RADIUS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . TACACS+ Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Port Authentication (802.1X) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . SSH Server and SCP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Trace List Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Secure DHCP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1373 1373 1373 1377 1380 1392 1397 1400 1401 1409 1422 1432

Chapter 52 Service Provider Bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1439

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1439 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1439 Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1439

Chapter 53 sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1445

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1445 Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1445 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1446

Chapter 54 SNMP and Syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1457

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Syslog Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1457 1457 1458 1475

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

Chapter 55 SONET. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1489

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1489 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1489

Chapter 56 S-Series Stacking Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1509

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1509 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1509

Chapter 57 Storm Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1519

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1519 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1519 Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1519

Chapter 58 Spanning Tree Protocol (STP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1529

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1529 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1529

Chapter 59 Time and Network Time Protocol (NTP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1541

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1541 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1541

Chapter 60 Uplink Failure Detection (UFD) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1557

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1557 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1557

Chapter 61 VLAN Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1569

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1569 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1569 Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1569

Chapter 62 Virtual Routing and Forwarding (VRF). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1579

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1579 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1579

xii

Chapter 63 Virtual Router Redundancy Protocol (VRRP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1589

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1589 IPv4 VRRP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1589 IPv6 VRRP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1604

Chapter 64 C-Series Diagnostics and Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1609

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Inter-process Communication Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . RPM Management Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Data Path Debugging Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Interface Troubleshooting Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Advanced ASIC Debugging Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ACL and System-Flow Debug Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Interface Management Debug Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Layer 2 Debug Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Trace Logging Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Offline Diagnostic Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PoE Hardware Status Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Buffer Tuning Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1609 1609 1615 1617 1620 1624 1628 1631 1633 1634 1640 1642 1643

Chapter 65 E-Series ExaScale Debugging and Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1651

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Diagnostics and Monitoring Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Offline Diagnostic Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Hardware Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1651 1651 1652 1670 1673

Chapter 66 E-Series Debugging and Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1697

Chapter 67 S-Series Debugging and Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1741

Offline Diagnostic Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1741 Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1741 Buffer Tuning Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1743 Command Line Reference for FTOS version 8.4.2.4 Publication Date: July 20, 2011 xiii

Hardware Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1749

Appendix A ICMP Message Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1761 Appendix B SNMP Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1763 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1767 Command Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1789

xiv

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

Preface

About this Guide

This book provides information on the FTOS Command Line Interface (CLI). It includes some information on the protocols and features found in FTOS and on the Force10 systems supported by FTOS (C-Series c, E-Series e, and S-Series s). This chapter includes: Objectives Audience Conventions Related Documents

Objectives
This document is intended as a reference guide for the FTOS command line interface (CLI) commands, with detailed syntax statements, along with usage information and sample output. For details on when to use the commands, refer to the FTOS Configuration Guide. That guide contains an Appendix with a list of the RFCs and MIBs (management information base files) supported.

Audience
This document is intended for system administrators who are responsible for configuring or maintaining networks. This guide assumes you are knowledgeable in Layer 2 and Layer 3 networking technologies.

Conventions
This document uses the following conventions to describe command syntax: Convention keyword parameter
{X}

Description
Keywords are in bold and should be entered in the CLI as listed. Parameters are in italics and require a number or word to be entered in the CLI. Keywords and parameters within braces must be entered in the CLI.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

[X] x|y x||y

Keywords and parameters within brackets are optional. Keywords and parameters separated by bar require you to choose one. Keywords and parameters separated by a double bar enables you to choose any or all of them.

Information Symbols
Table 1 describes symbols contained in this guide. Table 1 Information Symbols Symbol Brief
Danger

Description This symbol signals information about hardware handling that could result in injury.

Caution

This symbol signals information about situations that could result in equipment damage or loss of data. This symbol signals information about situations that could reduce your component or system performance. This symbol signals important operational information.

Warning

Note

c e et ex s

C-Series E-Series

This symbol indicates that the selected feature is supported on the C-Series. This symbol indicates that the selected feature is supported on the E-Series TeraScale AND E-Series ExaScale. This symbol indicates that the selected feature is supported on the E-Series TeraScale platform only. This symbol indicates that the selected feature is supported on the E-Series ExaScale platform only. This symbol indicates that the selected feature is supported on the S-Series.

E-Series TeraScale E-Series ExaScale S-Series

Related Documents
For more information about the system, refer to the following documents: FTOS Configuration Guide Installation and maintenance guides for your system Release Notes for your system and FTOS version

xvi

About this Guide

Chapter 1

CLI Basics

This chapter describes the command structure and command modes. FTOS commands are in a text-based interface that allows you to use launch commands, change the command modes, and configure interfaces and protocols. This chapter covers the following topics: Accessing the Command Line Multiple Configuration Users Navigating the Command Line Interface Obtaining Help Using the Keyword No Filtering show Commands Command Modes

Accessing the Command Line

When the system boots successfully, you are positioned on the command line in the EXEC mode and not prompted to log in. You can access the commands through a serial console port or a Telnet session. When you Telnet into the switch, you are prompted to enter a login name and password. Figure 1 is an example of a successful Telnet login session. Figure 1 Login Example
telnet 172.31.1.53 Trying 172.31.1.53... Connected to 172.31.1.53. Escape character is '^]'. Login: username Password: Force10>

Once you log into the switch, the prompt provides you with current command-level information (refer to Table 2).

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

Multiple Configuration Users

When a user enters the CONFIGURATION mode and another user(s) is already in that configuration mode, FTOS generates an alert warning message similar to the following: Figure 2 Configuration Mode User Alert
Force10#conf % Warning: The following users are currently configuring the system: User User User User "" on line "admin" on "admin" on "Irene" on console0 line vty0 ( 123.12.1.123 ) line vty1 ( 123.12.1.123 ) line vty3 ( 123.12.1.321 )

Force10(conf)#Force10#

When another user enters the CONFIGURATION mode, FTOS sends a message similar to the following, where the user in this case is admin on vty2:
% Warning: User "admin" on line vty2 "172.16.1.210" is in configuration

Navigating the Command Line Interface

The Command Line Interface (CLI) prompt displayed by FTOS is comprised of: hostname the initial part of the prompt, Force10 by default. You can change it with the hostname command, as described in hostname. The second part of the prompt, reflecting the current CLI mode, as shown in Table 2.

The CLI prompt changes as you move up and down the levels of the command structure. Table 2 lists the prompts and their corresponding command levels, called modes. Starting with the CONFIGURATION mode, the command prompt adds modifiers to further identify the mode. The command modes are explained in Command Modes.

Note: Some of the following modes are not available on C-Series or S-Series.

Table 2 Command Prompt and Corresponding Command Mode Prompt

Force10> Force10# Force10(conf)#

CLI Command Mode

EXEC EXEC Privilege CONFIGURATION

CLI Basics

Table 2 Command Prompt and Corresponding Command Mode Prompt

Force10(conf-if)# Force10(conf-if-gi-0/0)# Force10(conf-if-te-0/0)# Force10(conf-if-lo-0)# Force10(conf-if-nu-0)# Force10(conf-if-po-0)# Force10(conf-if-vl-0)# Force10(conf-if-so-0/0)# Force10(conf-if-ma-0/0)# Force10(conf-if-range)# Force10(config-ext-nacl)# Force10(config-std-nacl)# Force10(config-line-aux)# Force10(config-line-console)# Force10(config-line-vty)# Force10(config-ext-macl)# Force10(config-std-macl)# Force10(config-mon-sess)# Force10(config-span)# Force10(config-mstp)# Force10(config-pvst)# Force10(config-rstp)# Force10(config-gvrp)# Force10(config-route-map)# Force10(conf-nprefixl)# Force10(conf-router_rip)# Force10(conf-redirect-list)# Force10(conf-router_bgp)# Force10(conf-router_ospf)# Force10(conf-router_isis)# Force10(conf-trace-acl)#

CLI Command Mode

INTERFACE

IP ACCESS LIST LINE

MAC ACCESS LIST MONITOR SESSION STP MULTIPLE SPANNING TREE Per-VLAN SPANNING TREE Plus RAPID SPANNING TREE PROTOCOL GVRP ROUTE-MAP PREFIX-LIST ROUTER RIP REDIRECT ROUTER BGP ROUTER OSPF ROUTER ISIS TRACE-LIST

Obtaining Help
As soon as you are in a command mode there are several ways to access help. To obtain a list of keywords at any command mode, do the following: Enter a ? at the prompt or after a keyword. There must always be a space before the ?. To obtain a list of keywords with a brief functional description, do the following: Enter help at the prompt. Publication Date: July 20, 2011 3

Command Line Reference for FTOS version 8.4.2.4

To obtain a list of available options, do the following: Type a keyword followed by a space and a ? Type a partial keyword followed by a ? A display of keywords beginning with the partial keyword is listed.

Figure 3 illustrates the results of entering ip ? at the prompt. Figure 3 Partial Keyword Example
Force10(conf)#ip ? access-list as-path community-list domain-list domain-lookup domain-name fib ftp host max-frag-count multicast-routing name-server pim prefix-list radius redirect-list route scp source-route ssh tacacs telnet tftp trace-group trace-list Force10(conf)#ip Named access-list BGP autonomous system path filter Add a community list entry Domain name to complete unqualified host name Enable IP Domain Name System hostname translation Define the default domain name FIB configuration commands FTP configuration commands Add an entry to the ip hostname table Max. fragmented packets allowed in IP re-assembly Enable IP multicast forwarding Specify addess of name server to use Protocol Independent Multicast Build a prefix list Interface configuration for RADIUS Named redirect-list Establish static routes SCP configuration commands Process packets with source routing header options SSH configuration commands Interface configuration for TACACS+ Specify telnet options TFTP configuration commands Named trace-list Named trace-list

When entering commands, you can take advantage of the following timesaving features: The commands are not case sensitive. You can enter partial (truncated) command keywords. For example, you can enter int gig int interface for the interface gigabitethernet interface command. Use the TAB key to complete keywords in commands. Use the up arrow key to display the last enabled command. Use either the Backspace key or the Delete key to erase the previous character.

CLI Basics

Use the left and right arrow keys to navigate left or right in the FTOS command line. Table 3 defines the key combinations valid at the FTOS command line. Table 3 Short-cut Keys and their Actions Key Combination
CNTL-A CNTL-B CNTL-D CNTL-E CNTL-F CNTL-I CNTL-K CNTL-L CNTL-N CNTL-P CNTL-R CNTL-U CNTL-W CNTL-X CNTL-Z Esc B Esc F Esc D

Action
Moves the cursor to the beginning of the command line. Moves the cursor back one character. Deletes character at cursor. Moves the cursor to the end of the line. Moves the cursor forward one character. Completes a keyword. Deletes all characters from the cursor to the end of the command line. Re-enters the previous command. Return to more recent commands in the history buffer after recalling commands with Ctrl-P or the up arrow key Recalls commands, beginning with the last command Re-enters the previous command. Deletes the line. Deletes the previous word. Deletes the line. Ends continuous scrolling of command outputs. Moves the cursor back one word. Moves the cursor forward one word. Deletes all characters from the cursor to the end of the word.

Using the Keyword No

To disable, delete, or return to default values, use the no form of the commands. For most commands, if you type the keyword no in front of the command, you will disable that command or delete it from the running configuration. In this document, the no form of the command is discussed in the Command Syntax portion of the command description.

Filtering show Commands

You can filter the display output of a show command to find specific information, to display certain information only, or to begin the command output at the first instance of a regular expression or phrase.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

When you execute a show command, followed by a pipe ( | ) and one of the parameters listed below and a regular expression, the resulting output either excludes or includes those parameters, as defined by the parameter: display display additional configuration information except display only text that does not match the pattern (or regular expression) find search for the first occurrence of a pattern grep display text that matches a pattern no-more do not paginate the display output save - copy output to a file for future use

Note: FTOS accepts a space before or after the pipe, no space before or after the
pipe, or any combination. For example: Force10#command | grep gigabit |except regular-expression | find regular-expression The grep command option has an ignore-case sub-option that makes the search case-insensitive. For example, the commands: show run | grep Ethernet would return a search result with instances containing a capitalized Ethernet, such as interface GigabitEthernet 0/0. show run | grep ethernet would not return the search result, above, because it only searches for instances containing a non-capitalized ethernet.

Executing the command show run | grep Ethernet ignore-case would return instances containing both Ethernet and ethernet.

Displaying All Output

To display the output all at once (not one screen at a time), use the no-more after the pipe. This is similar to the terminal length screen-length command except that the no-more option affects the output of just the specified command.For example:
Force10#show running-config|no-more

Filtering Command Output Multiple Times

CLI Basics

Command Modes
To navigate to various CLI modes, you need to use specific commands to launch each mode. Navigation to these modes is discussed in the following sections.

Note: Some of the following modes are not available on C-Series or S-Series.

EXEC Mode
When you initially log in to the switch, by default, you are logged into the EXEC mode. This mode allows you to view settings and to enter the EXEC Privilege mode to configure the device. While you are in the EXEC mode, the > prompt is displayed following the hostname prompt, as described above. which is Force10 by default. You can change it with the hostname command. See the command hostname. Each mode prompt is preceded by the hostname.

EXEC Privilege Mode

The enable command accesses the EXEC Privilege mode. If an administrator has configured an Enable password, you will be prompted to enter it here. The EXEC Privilege mode allows you to access all commands accessible in EXEC mode, plus other commands, such as to clear ARP entries and IP addresses. In addition, you can access the CONFIGURATION mode to configure interfaces, routes, and protocols on the switch. While you are logged in to the EXEC Privilege mode, the # prompt is displayed.

CONFIGURATION Mode
In the EXEC Privilege mode, use the configure command to enter the CONFIGURATION mode and configure routing protocols and access interfaces. To enter the CONFIGURATION mode: 1. Verify that you are logged in to the EXEC Privilege mode. 2. Enter the configure command. The prompt changes to include (conf). From this mode, you can enter INTERFACE by using the interface command.

INTERFACE Mode
Use the INTERFACE mode to configure interfaces or IP services on those interfaces. An interface can be physical (for example, a Gigabit Ethernet port) or virtual (for example, the Null interface). To enter INTERFACE mode: 1. Verify that you are logged into the CONFIGURATION mode.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

2. Enter the interface command followed by an interface type and interface number that is available on the switch. 3. The prompt changes to include the designated interface and slot/port number, as outlined in Table 4. Table 4 Interface prompts Prompt
Force10(conf-if)# Force10(conf-if-gi-0/0)# Force10(conf-if-te-0/0)# Force10(conf-if-lo-0)# Force10(conf-if-nu-0)# Force10(conf-if-po-0)# Force10(conf-if-vl-0)# Force10(conf-if-so-0/0)# Force10(conf-if-ma-0/0)# Force10(conf-if-range)#

Interface Type
INTERFACE mode Gigabit Ethernet interface followed by slot/port information Ten Gigabit Ethernet interface followed by slot/port information Loopback interface number. Null Interface followed by zero Port-channel interface number VLAN Interface followed by VLAN number (range 1 to 4094) SONET interface followed by slot/port information. Management Ethernet interface followed by slot/port information Designated interface range (used for bulk configuration; see interface range).

LINE Mode
Use the LINE mode to configure console or virtual terminal parameters. To enter LINE mode: 1. Verify that you are logged in to the CONFIGURATION mode. 2. Enter the line command. You must include the keywords console or vty and their line number available on the switch.The prompt changes to include (config-line-console) or (config-line-vty). You can exit this mode by using the exit command.

TRACE-LIST Mode
When in the CONFIGURATION mode, use the trace-list command to enter the TRACE-LIST mode and configure a Trace list. 1. Verify that you are logged in to the CONFIGURATION mode. 2. Enter the ip trace-list command. You must include the name of the Trace list. The prompt change to include (conf-trace-acl). You can exit this mode by using the exit command.

MAC ACCESS LIST Mode

While in the CONFIGURATION mode, use the mac access-list standard or mac access-list extended command to enter the MAC ACCESS LIST mode and configure either standard or extended access control lists (ACL). 8 CLI Basics

To enter MAC ACCESS LIST mode: 1. Verify that you are logged in to the CONFIGURATION mode. 2. Use the mac access-list standard or mac access-list extended command. You must include a name for the ACL.The prompt changes to include (conf-std-macl) or (conf-ext-macl). You can return to the CONFIGURATION mode by entering the exit command.

IP ACCESS LIST Mode

While in the CONFIGURATION mode, use the ip access-list standard or ip access-list extended command to enter the IP ACCESS LIST mode and configure either standard or extended access control lists (ACL). To enter IP ACCESS LIST mode: 1. Verify that you are logged in to the CONFIGURATION mode. 2. Use the ip access-list standard or ip access-list extended command. You must include a name for the ACL.The prompt changes to include (conf-std-nacl) or (conf-ext-nacl). You can return to the CONFIGURATION mode by entering the exit command.

ROUTE-MAP Mode
While in the CONFIGURATION mode, use the route-map command to enter the ROUTE-MAP mode and configure a route map. To enter ROUTE-MAP mode: 1. Verify that you are logged in to the CONFIGURATION mode. 2. Use the route-map map-name [permit | deny] [sequence-number] command. The prompt changes to include (route-map). You can return to the CONFIGURATION mode by entering the exit command.

PREFIX-LIST Mode
While in the CONFIGURATION mode, use the ip prefix-list command to enter the PREFIX-LIST mode and configure a prefix list. To enter PREFIX-LIST mode: 1. Verify that you are logged in to the CONFIGURATION mode. 2. Enter the ip prefix-list command. You must include a name for the prefix list.The prompt changes to include (conf-nprefixl). You can return to the CONFIGURATION mode by entering the exit command.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

AS-PATH ACL Mode

Use the AS-PATH ACL mode to configure an AS-PATH Access Control List (ACL) on the E-Series. See Chapter 8, Access Control Lists (ACL). To enter AS-PATH ACL mode: 1. Verify that you are logged in to the CONFIGURATION mode. 2. Enter the ip as-path access-list command. You must include a name for the AS-PATH ACL.The prompt changes to include (config-as-path). You can return to the CONFIGURATION mode by entering the exit command.

IP COMMUNITY LIST Mode

Use the IP COMMUNITY LIST mode to configure an IP Community ACL on the E-Series. See Chapter 8, Access Control Lists (ACL). To enter IP COMMUNITY LIST mode: 1. Verify that you are logged in to the CONFIGURATION mode. 2. Enter the ip community-list command. You must include a name for the Community list.The prompt changes to include (config-community-list). You can return to the CONFIGURATION mode by entering the exit command.

REDIRECT-LIST Mode
Use the REDIRECT-LIST mode to configure a Redirect list on the E-Series, as described in Chapter 39, Policy-based Routing (PBR). To enter REDIRECT-LIST mode: 1. Verify that you are logged in to the CONFIGURATION mode. 2. Use the ip redirect-list command. You must include a name for the Redirect-list.The prompt changes to include (conf-redirect-list). You can return to the CONFIGURATION mode by entering the exit command.

SPANNING TREE Mode

Use the STP mode to enable and configure the Spanning Tree protocol, as described in Chapter 58, Spanning Tree Protocol (STP). To enter STP mode: 1. Verify that you are logged into the CONFIGURATION mode. 2. Enter the protocol spanning-tree stp-id command. You can return to the CONFIGURATION mode by entering the exit command.

CLI Basics

Per-VLAN SPANNING TREE Plus Mode

Use PVST+ mode to enable and configure the Per-VLAN Spanning Tree (PVST+) protocol, as described in Chapter 46, Per-VLAN Spanning Tree plus (PVST+).

Note: The protocol is PVST+, but the plus sign is dropped at the CLI prompt

To enter PVST+ mode: 1. Verify that you are logged into the CONFIGURATION mode. 2. Enter the protocol spanning-tree pvst command. You can return to the CONFIGURATION mode by entering the exit command.

RAPID SPANNING TREE Mode

Use PVST+ mode to enable and configure the RSTP protocol, as described in Chapter 50, Rapid Spanning Tree Protocol (RSTP). To enter RSTP mode: 1. Verify that you are logged into the CONFIGURATION mode. 2. Enter the protocol spanning-tree rstp command. You can return to the CONFIGURATION mode by entering the exit command.

MULTIPLE SPANNING TREE Mode

Use MULTIPLE SPANNING TREE mode to enable and configure the Multiple Spanning Tree protocol, as described in Chapter 34, Multiple Spanning Tree Protocol (MSTP). To enter MULTIPLE SPANNING TREE mode: 1. Verify that you are logged into the CONFIGURATION mode. 2. Enter the protocol spanning-tree mstp command. You can return to the CONFIGURATION mode by entering the exit command.

PROTOCOL GVRP Mode

Use the PROTOCOL GVRP mode to enable and configure GARP VLAN Registration Protocol (GVRP), as described in Chapter 20, GARP VLAN Registration (GVRP). To enter PROTOCOL GVRP mode: 1. Verify that you are logged into the CONFIGURATION mode. 2. Enter the protocol gvrp command syntax. You can return to the CONFIGURATION mode by entering the exit command.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

ROUTER OSPF Mode

Use the ROUTER OSPF mode to configure OSPF, as described in Chapter 38, Open Shortest Path First (OSPFv2 and OSPFv3). To enter ROUTER OSPF mode: 1. Verify that you are logged into the CONFIGURATION mode. 2. Use the router ospf {process-id} command.The prompt changes to include (conf-router_ospf-id). You can switch to the INTERFACE mode by using the interface command or you can switch to the ROUTER RIP mode by using the router rip command.

ROUTER RIP Mode

Use the ROUTER RIP mode to configure RIP on the C-Series or E-Series, as described in Chapter 48, Router Information Protocol (RIP). To enter ROUTER RIP mode: 1. Verify that you are logged into the CONFIGURATION mode. 2. Enter the router rip command.The prompt changes to include (conf-router_rip). You can switch to the INTERFACE mode by using the interface command or you can switch to the ROUTER OSPF mode by using the router ospf command.

ROUTER ISIS Mode

Use the ROUTER ISIS mode to configure ISIS on the E-Series, as described in Intermediate System to Intermediate System (IS-IS). To enter ROUTER ISIS mode: 1. Verify that you are logged into the CONFIGURATION mode. 2. Enter the router isis [tag] command.The prompt changes to include (conf-router_isis). You can switch to the INTERFACE mode by using the interface command or you can switch to the ROUTER RIP mode by using the router rip command.

ROUTER BGP Mode

Use the ROUTER BGP mode to configure BGP on the C-Series or E-Series, as described in Chapter 11, Border Gateway Protocol IPv4 (BGPv4). To enter ROUTER BGP mode: 1. Verify that you are logged into the CONFIGURATION mode. 2. Enter the router bgp as-number command.The prompt changes to include (conf-router_bgp). You can return to the CONFIGURATION mode by entering the exit command.

CLI Basics

Determining the Chassis Mode

The chassis mode in FTOS determines which hardware is being supported in an E-Series chassis. The chassis mode is programmed into an EEPROM on the backplane of the chassis and the change takes place only after the chassis is rebooted. Configuring the appropriate chassis mode enables the system to use all the ports on the card and recognize all software features.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

CLI Basics

Chapter 2
Overview

File Management

This chapter contains commands needed to manage the configuration files and includes other file management commands found in FTOS. This chapter contains these sections: Basic File Management Commands Upgrading the C-Series FPGA

Basic File Management Commands

The commands included in this chapter are: boot config boot host boot network boot system boot system gateway cd change bootflash-image copy copy (Streamline Upgrade) copy running-config startup-config delete dir download alt-boot-image download alt-full-image download alt-system-image format (C-Series and E-Series) format flash (S-Series) logging coredump logging coredump server pwd rename boot system show bootvar Publication Date: July 20, 2011 15

Command Line Reference for FTOS version 8.4.2.4

boot config

show file show file-systems show linecard show os-version show running-config show startup-config show version upgrade (E-Series version) upgrade (C-Series version) upgrade (S-Series management unit) on page 45 upgrade fpga-image

boot config
ce
Syntax Parameters

Set the location and name of the configuration file that is loaded at system start-up (or reload) instead of the default startup-configuration. boot config {remote-first | rpm0 file-url | rpm1 file-url} remote-first rpm0 rpm1 file-url
Enter the keywords remote-first to attempt to load the boot configuration files from a remote location. Enter the keywords rpm0 first to specify the local boot configuration file for RPM 0. Enter the keywords rpm1 first to specify the local boot configuration file for RPM 1. Enter the location information: For a file on the internal Flash, enter flash:// followed by the filename. For a file on the external Flash, enter slot0:// followed by the filename.

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 7.5.1.0 Introduced on C-Series

E-Series original Command Usage Information

To display these changes in the show bootvar command output, you must save the running configuration to the startup configuration (copy running-config startup-config or write). Force10 Networks strongly recommends using local files for configuration (RPM0 or RPM1 flash or slot0). When you specify a file as the boot config file, it is listed in the boot variables (bootvar) as LOCAL CONFIG FILE. If you do not specify a boot config file, then the startup-configuration is used, although the bootvar shows LOCAL CONFIG FILE = variable does not exist. When you specify a boot config file, the switch reloads with that config file, rather than the startup-config. Note that if you specify a local config file which is not present in the specified location, then the startup-configuration is loaded.

File Management

boot host The write memory command always saves the running-configuration to the file labeled startup-configuration. When using a LOCAL CONFIG FILE other than the startup-config, use the copy command to save any running-configuration changes to that local file. Output for show bootvar with no boot configuration configured
Force10#show bootvar PRIMARY IMAGE FILE = flash://FTOS-EF-8.2.1.0.bin SECONDARY IMAGE FILE = flash://FTOS-EF-7.6.1.0.bin DEFAULT IMAGE FILE = flash://FTOS-EF-7.5.1.0.bin LOCAL CONFIG FILE = variable does not exist PRIMARY HOST CONFIG FILE = variable does not exist SECONDARY HOST CONFIG FILE = variable does not exist PRIMARY NETWORK CONFIG FILE = variable does not exist SECONDARY NETWORK CONFIG FILE = variable does not exist CURRENT IMAGE FILE = flash://FTOS-EF-8.2.1.0.bin CURRENT CONFIG FILE 1 = flash://startup-config CURRENT CONFIG FILE 2 = variable does not exist CONFIG LOAD PREFERENCE = local first BOOT INTERFACE GATEWAY IP ADDRESS = variable does not exist

Output for show bootvar with boot configuration configured

Force10#show bootvar PRIMARY IMAGE FILE = flash://FTOS-EF-8.2.1.0.bin SECONDARY IMAGE FILE = flash://FTOS-EF-7.6.1.0.bin DEFAULT IMAGE FILE = flash://FTOS-EF-7.5.1.0.bin LOCAL CONFIG FILE = variable does not exist PRIMARY HOST CONFIG FILE = variable does not exist SECONDARY HOST CONFIG FILE = variable does not exist PRIMARY NETWORK CONFIG FILE = variable does not exist SECONDARY NETWORK CONFIG FILE = variable does not exist CURRENT IMAGE FILE = flash://FTOS-EF-8.2.1.0.bin CURRENT CONFIG FILE 1 = flash://CustomerA.cfg CURRENT CONFIG FILE 2 = variable does not exist CONFIG LOAD PREFERENCE = local first BOOT INTERFACE GATEWAY IP ADDRESS = variable does not exist

Related Commands

show bootvar

Display the variable settings for the E-Series boot parameters.

boot host
ce
Syntax Parameters

Set the location of the configuration file from a remote host. boot host {primary | secondary} remote-url primary secondary remote-url
Enter the keywords primary to attempt to load the primary host configuration files. Enter the keywords secondary to attempt to load the secondary host configuration files. Enter the following location keywords and information: For a file on an FTP server, enter ftp://user:password@hostip/

filepath

For a file on a TFTP server, enter tftp://hostip/filepath

Defaults

Not configured. Publication Date: July 20, 2011 17

Command Line Reference for FTOS version 8.4.2.4

boot network

Command Modes Command History

CONFIGURATION
Version 7.5.1.0 Introduced on C-Series

E-Series original Command Usage Information Related Commands

To display these changes in the show bootvar command output, you must save the running configuration to the startup configuration (using the copy command).
show bootvar

Display the variable settings for the E-Series boot parameters.

boot network
ce
Syntax Parameters

Set the location of the configuration file in a remote network. boot network {primary | secondary} remote-url primary secondary remote-url
Enter the keywords primary to attempt to load the primary network configuration files. Enter the keywords secondary to attempt to load the secondary network configuration files. Enter the following location keywords and information: For a file on an FTP server, enter ftp://user:password@hostip/filepath For a file on a TFTP server, enter tftp://hostip/filepath

Defaults Command Modes Command History

None CONFIGURATION
Version 7.5.1.0 Introduced on C-Series

E-Series original Command Usage Information Related Commands

To display these changes in the show bootvar command output, you must save the running configuration to the startup configuration (using the copy command).
show bootvar

Display the variable settings for the E-Series boot parameters.

File Management

boot system

boot system
ce
Syntax Parameters

Tell the system where to access the FTOS image used to boot the system. boot system {rpm0 | rpm1} (default | primary | secondary} file-url rpm0 rpm1 default
Enter the keyword rpm0 to configure boot parameters for RPM0. Enter the keyword rpm1 to configure boot parameters for RPM1. After entering rpm0 or rpm1, enter the keyword default to specify the parameters to be used if those specified by primary or secondary fail. The default location should always be the internal flash device (flash:), so that you can be sure that a verified image is available there. After entering rpm0 or rpm1, enter the keyword primary to configure the boot parameters used in the first attempt to boot FTOS. After entering rpm0 or rpm1, enter the keyword secondary to configure boot parameters used if the primary operating system boot selection is not available. To boot from a file: on the internal Flash, enter flash:// followed by the filename. on an FTP server, enter ftp://user:password@hostip/filepath on the external Flash, enter slot0:// followed by the filename. on a TFTP server, enter tftp://hostip/filepath

primary secondary file-url

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 7.5.1.0 Introduced on C-Series

E-Series original Command Usage Information Related Commands

To display these changes in the show bootvar command output, you must save the running configuration to the startup configuration (using the copy command) and reload system.
change bootflash-image boot system gateway Change the primary, secondary, or default boot image configuration. Specify the IP address of the default next-hop gateway for the management subnet.

boot system gateway

ce
Syntax Parameters

Specify the IP address of the default next-hop gateway for the management subnet. boot system gateway ip-address ip-address
Enter an IP address in dotted decimal format.

Command Modes

CONFIGURATION

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

Usage Information Command History

Saving the address to the startup configuration file preserves the address in NVRAM in case the startup configuration file is deleted.
Version 7.5.1.0 Introduced on C-Series

E-Series original Command Related Commands

change bootflash-image

Change the primary, secondary, or default boot image configuration.

cd
ces
Syntax Parameters

Change to a different working directory. cd directory directory

(OPTONAL) Enter one of the following:

flash: (internal Flash) or any sub-directory slot0: (external Flash) or any sub-directory (C-Series and E-Series only)

Command Modes Command History

EXEC Privilege
Version 7.6.1.0 Version 7.5.1.0 Introduced on S-Series Introduced on C-Series

E-Series original Command

change bootflash-image
ce
Syntax Parameters

Change boot flash image from which to boot. change bootflash-image {cp | linecard linecard-slot | rp} cp linecard linecard-slot
Enter the keyword cp to change the bootflash image on the Control Processor on the RPM. Enter the keyword linecard followed by the slot number to change the bootflash image on a specific line card. C-Series Range: 0-7 E-Series Range: 0 to 13 on the E1200; 0 on 6 on the E600, and 0 to 5 on the E300. Enter the keyword rp to change the bootflash image on the RPM Route Processor.

Defaults Command Modes

Not configured. EXEC Privilege File Management

copy

Command History

Version 7.5.1.0

Introduced on C-Series

E-Series original Command Usage Information

A system message appears stating that the bootflash image has been changed. You must reload the system before the system can switch to the new bootflash image.

copy
ces
Syntax Parameters

Copy one file to another location. FTOS supports IPv4 and IPv6 addressing for FTP, TFTP, and SCP (in the hostip field). copy source-file-url destination-file-url file-url
Enter the following location keywords and information: To copy a file from the internal FLASH, enter flash:// followed by the filename. To copy a file on an FTP server, enter ftp://user:password@hostip/filepath To copy a file from the internal FLASH on RPM0, enter rpm0flash://filepath To copy a file from the external FLASH on RPM0, enter rpm0slot0://filepath To copy a file from the internal FLASH on RPM1, enter rpm1flash://filepath To copy a file from the external FLASH on RPM1, enter rpm1slot0://filepath To copy the running configuration, enter the keyword running-config. To copy the startup configuration, enter the keyword startup-config. To copy using Secure Copy (SCP), enter the keyword scp: (If scp: is entered in the source position, then enter the target URL; If scp: is entered in the target position, first enter the source URL; see below for examples.) To copy a file on the external FLASH, enter slot0:// followed by the filename. To copy a file on a TFTP server, enter tftp://hostip/filepath To copy a file from a USB drive on RPM0, enter rpm0usbflash://filepath To copy a file from an external USB drive, enter usbflash://filepath

Command Modes Command History

ExaScale only

EXEC Privilege
Version 8.4.1.0 Version 8.2.1.0 Version 7.6.1.0 Version 7.5.1.0 Added IPv6 addressing support for FTP, TFTP, and SCP. Added usbflash and rpm0usbflash commands on E-Series ExaScale Introduced on S-Series and added SSH port number to SCP prompt sequence on all systems. Introduced on C-Series

E-Series original Command Usage Information

FTOS supports a maximum of 100 files, at the root directory level, on both the internal and external Flash. The usbflash and rpm0usbflash commands are supported on E-Series ExaScale platform only. Refer to the FTOS Release Notes for a list of approved USB vendors.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

copy (Streamline Upgrade)

When copying a file to a remote location (for example, using Secure Copy (SCP)), enter only the keywords and FTOS prompts you for the rest of the information. For example, when using SCP, you can enter copy running-config scp: The running-config is the source, and the target is specified in the ensuing prompts. FTOS prompts you to enter any required information, as needed for the named destinationremote destination, destination filename, user ID and password, etc. When you use the copy running-config startup-config command to copy the running configuration (the startup configuration file amended by any configuration changes made since the system was started) to the startup configuration file, FTOS creates a backup file on the internal flash of the startup configuration. FTOS supports copying the running-configuration to a TFTP server or to an FTP server: copy running-config tftp: copy running-config ftp: Command Example: copy running-config scp:
Force10#copy running-config scp:/ Address or name of remote host []: 10.10.10.1 Destination file name [startup-config]? old_running User name to login remote host? sburgess Password to login remote host? dilling

In this example copy scp: flash: specifying SCP in the first position indicates that the target is to be specified in the ensuing prompts. Entering flash: in the second position means that the target is the internal Flash. In this example the source is on a secure server running SSH, so the user is prompted for the UDP port of the SSH server on the remote host. Using scp to copy from an SSH Server
Force10#copy scp: flash: Address or name of remote host []: 10.11.199.134 Port number of the server [22]: 99 Source file name []: test.cfg User name to login remote host: admin Password to login remote host: Destination file name [test.cfg]: test1.cfg

Related Commands

Change working directory.

copy (Streamline Upgrade)

ce
Syntax

Copy a system image to a local file and update the boot profile. copy source-url target-url [boot-image [synchronize-rpm [external]]]

File Management

copy running-config startup-config

Parameters

source-url target-url boot-image synchronize-rpm external

Enter the source file in url format. The source file is a valid Force10 release image. Image validation is automatic. Enter the local target file in url format. Enter the keyword boot-image to designate this copy command as a streamline update. Enter the keyword synchronize-rpm to copy the new image file to the peer RPM. Enter the keyword external to designate the target device on the peer RPM as external flash (instead of the default internal flash). Default: Internal Flash

Defaults Command Modes Command History

No default behavior CONFIGURATION

Version 8.4.1.0 Version 7.5.1.0 Version 6.1.1.0 Added IPv6 addressing support for FTP, TFTP, and SCP. Introduced on C-Series Introduced

Usage Information

In this streamline copy command, the source image is copied to the primary RPM and then, if specified, to the standby RPM. After the copy is complete, the new image file path on each RPM is automatically configured as the primary image path for the next boot. The current system image (the one from which the RPM booted) is automatically configured as the secondary image path. FTOS supports IPv4 and IPv6 addressing for FTP, TFTP, and SCP.

Note: The keywords boot-image, synchronize-rpm, and external can be used

on the Primary RPM only.

copy running-config startup-config

ce
Syntax Command Modes Command History

Copy running configuration to the startup configuration. copy running-config startup-config {duplicate} EXEC Privilege
Version 7.5.1.0 Version 6.3.1.0 Introduced on C-Series Introduced

Usage Information

This command is useful for quickly making a changed configuration on one chassis available on external flash in order to move it to another chassis.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

delete When you use the copy running-config startup-config duplicate command to copy the running configuration to the startup configuration, FTOS creates a backup file on the internal flash of the startup configuration.

delete
ces
Syntax Parameters

Delete a file from the flash. Once deleted, files cannot be restored. delete flash-url [no-confirm] flash-url
Enter the following location and keywords: For a file or directory on the internal Flash, enter flash:// followed by the filename or directory name. For a file or directory on the external Flash, enter slot0:// followed by the filename or directory name.

no-confirm

(OPTIONAL) Enter the keyword no-confirm to specify that FTOS does not require user input for each file prior to deletion.

Command Modes Command History

EXEC Privilege
Version 7.6.1.0 Version 7.5.1.0 Introduced on S-Series Introduced on C-Series

E-Series original Command

dir
ces
Syntax Parameters

Display the files in a file system. The default is the current directory. dir [filename | directory name:] filename | directory name:
(OPTIONAL) Enter one of the following: For a file or directory on the internal Flash, enter flash:// followed by the filename or directory name. For a file or directory on the external Flash, enter slot0:// followed by the filename or directory name:

Command Modes Command History

EXEC Privilege
Version 7.6.1.0 Version 7.5.1.0 Introduced on S-Series Introduced on C-Series

E-Series original Command

File Management

download alt-boot-image Command Example dir for the Internal Flash

Force10#dir Directory of flash: 1 -rwx 6478482 May 13 101 16:54:34 E1200.BIN

Example

flash: 64077824 bytes total (57454592 bytes free) Force10#

Related Commands

Change working directory.

download alt-boot-image
ce
Syntax Command Modes Command History

Download an alternate boot image to the chassis. download alt-boot-image file-url EXEC Privilege
Version 7.7.1.0 Version 7.5.1.0 Removed from E-Series and C-Series Introduced on C-Series

E-Series original Command Usage Information

Starting with FTOS 7.7.1.0, the functions of this command are incorporated into the upgrade command. For software upgrade details, see the FTOS Release Notes.

Related Commands

upgrade (E-Series version) upgrade (C-Series version)

Upgrade the bootflash or boot selector versions. Upgrade the bootflash or boot selector versions.

download alt-full-image
e
Syntax Command Modes Command History

Download an alternate FTOS image to the chassis. download alt-full-image file-url EXEC Privilege
Version 7.7.1.0 Version 6.5.1.0 Removed form E-Series Introduced

Usage Information

Starting with FTOS 7.7.1.0, the functions of this command are incorporated into the upgrade command.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

download alt-system-image

For software upgrade details, see the FTOS Release Notes.

Related Commands upgrade (E-Series version) Upgrade the bootflash or boot selector versions

download alt-system-image
e
Syntax Command Modes Command History

Download an alternate system image (not the boot flash or boot selector image) to the chassis. download alt-system-image file-url EXEC Privilege
Version 7.7.1.0 Version 6.5.1.0 Removed from E-Series Introduced

Usage Information

Starting with FTOS 7.7.1.0, the functions of this command are incorporated into the upgrade command. For software upgrade details, see the FTOS Release Notes.

Related Commands

upgrade (E-Series version)

Upgrade the bootflash or boot selector versions

format (C-Series and E-Series)

ce
Syntax Parameters

Erase all existing files and reformat a file system. Once the file system is formatted, files cannot be restored. format filesystem: [dosFs1.0 | dosFs2.0] filesystem:
Enter one of the following: To reformat the internal Flash, enter flash: To reformat the external Flash, enter slot0:

dosFs1.0 dosFs2.0
Default Command Modes Command History

Enter the keyword dosFs1.0 to format in DOS 1.0 (the default) Enter the keyword dosFs2.0 to format in DOS 2.0

DOS 1.0 (dosFs1.0) EXEC Privilege

Version 7.5.1.0 Introduced on C-Series

E-Series original Command

File Management

format flash (S-Series)

Usage Information

When you format flash: 1 2 3 4 5 6 The startup-config is erased. All cacheboot data files are erased and you must reconfigure cacheboot to regain it. All generated SSH keys are erased and you must recreate them. All archived configuration files are erased. All trace logs, crash logs, core dumps, and call-home logs are erased. In-service Process patches are erased.

After reformatting is complete, three empty directories are automatically created on flash: CRASH_LOG_DIR, TRACE_LOG_DIR and NVTRACE_LOG_DIR.

Note: Version option is available on LC-ED-RPM only. LC-EE3-RPM, LC-EF-RPM, and

LC-EF3-RPM supports DOS 2.0 only.
Related Commands

show file show file-systems

Display contents of a text file in the local filesystem. Display information about the file systems on the system.

format flash (S-Series)

s
Syntax Default Command Modes Command History Usage Information

Erase all existing files and reformat the filesystem in the internal flash memory. Once the filesystem is formatted, files cannot be restored. format flash: flash memory EXEC Privilege
Version 7.8.1.0 Introduced on S-Series

You must include the colon (:) when entering this command.

Caution: This command deletes all files, including the startup configuration file. So, after
executing this command, consider saving the running config as the startup config (use the write memory command or copy run start).
Related Commands

copy show file show file-systems

Copy the current configuration to either the startup-configuration file or the terminal. Display contents of a text file in the local filesystem. Display information about the file systems on the system.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

logging coredump

logging coredump
ce
Syntax Parameters

Enable coredump. logging coredump {cp | linecard {number | all} | rps} cp linecard rps
Enable coredump for the CP. Enable coredump for a linecard. Enable coredump for RP 1 and 2.

Defaults

The kernal coredump is enabled by default for RP 1 and 2 on E-Series. The kernel coredump for CP and application coredump are disabled on all systems by default. CONFIGURATION
Version 7.7.1.0 Version 6.5.1.0 Version 6.1.1.0 Restructured command to accommodate core dumps for CP. Introduced on C-Series and S-Series Application coredump naming convention enhanced to include application. Introduced

Command Modes Command History

Usage Information

The Kernel core dump can be large and may take up to 5 to 30 minutes to upload. FTOS does not overwrite application core dumps so you should delete them as necessary to conserve space on the flash; if the flash is out of memory, the coredump is aborted. On the S-Series, if the FTP server is not reachable, the application coredump is aborted. FTOS completes the coredump process and wait until the upload is complete before rebooting the system. logging coredump server
Designate a sever to upload kernel core-dumps.

Related Commands

logging coredump server

ces
Syntax

Designate a server to upload core dumps. logging coredump server {ipv4-address | ipv6-address} username name password [type] password {ipv4-address | ipv6-address} name type
Enter the server IPv4 address (A.B.C.D) or IPv6 address (X:X:X:X::X). Enter a username to access the target server. Enter the password type: Enter 0 to enter an unencrypted password. Enter 7 to enter a password that has already been encrypted using a Type 7 hashing algorithm.

Parameters

password
Defaults

Enter a password to access the target server.

Crash kernel files are uploaded to flash by default. File Management

pwd

Command Modes Command History

CONFIGURATION
Version 8.4.1.0 Version 7.7.1.0 Version 6.1.1.0 Added support for IPv6. Restructured command to accommodate core dumps for CP. Introduced on C-Series and S-Series. Introduced

Usage Information

Since flash space may be limited, using this command ensures your entire crash kernel files are uploaded successfully and completely. Only a single coredump server can be configured. Configuration of a new coredump server will over-write any previously configured server.

Note: You must disable logging coredump before you designate a new server
destination for your core dumps.
Related Commands

logging coredump

Disable the kernel coredump

pwd
ce
Syntax Command Modes Command History

Display the current working directory. pwd EXEC Privilege

Version 7.5.1.0 Introduced on C-Series

E-Series original Command Example

Command Example: pwd

Force10#pwd flash: Force10#

Related Commands

Change directory.

rename
ces
Syntax

Rename a file in the local file system. rename url url

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

show boot system

Parameters

url

Enter the following keywords and a filename: For a file on the internal Flash, enter flash:// followed by the filename. For a file on the external Flash, enter slot0:// followed by the filename.

Command Modes Command History

EXEC Privilege
Version 7.6.1.0 Version 7.5.1.0 Introduced on S-Series Introduced on C-Series

E-Series original Command

show boot system

ce
Syntax Parameters

Displays information about boot images currently configured on the system. show boot system {all | linecard [slot | all] | rpm} all linecard rpm
Enter this keyword to display boot image information for all linecards and RPMs. Enter this keyword to display boot image information for the specified line card(s) on the system. Enter this keyword to display boot image information for all RPMs on the system.

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History

Version 7.7.1.0

Introduced on C-Series and E-Series

File Management

show bootvar

Example
Force10#show boot system all Current system image information in the system: ============================================= Type Boot Type A B ---------------------------------------------------------------CP DOWNLOAD BOOT invalid invalid RP1 DOWNLOAD BOOT invalid invalid RP2 DOWNLOAD BOOT invalid invalid linecard 0 is not present. linecard 1 DOWNLOAD BOOT invalid invalid linecard 2 DOWNLOAD BOOT 4.7.5.387 6.5.1.8 linecard 3 DOWNLOAD BOOT invalid invalid linecard 4 DOWNLOAD BOOT invalid invalid linecard 5 is not present.

Peer RPM: ============================================= Type Boot Type A B ---------------------------------------------------------------CP DOWNLOAD BOOT invalid invalid RP1 DOWNLOAD BOOT invalid invalid RP2 DOWNLOAD BOOT invalid invalid

show bootvar
ce
Syntax Command Modes Command History

Display the variable settings for the E-Series boot parameters. show bootvar EXEC Privilege
Version 7.5.1.0 Introduced on C-Series

E-Series original Command Example

Command Output example: show bootvar

Force10#show bootvar PRIMARY IMAGE FILE = ftp://box:[email protected]//home/5.3.1/5.3.1.0/FTOS-ED-RPM1-5.3.1.0.bin SECONDARY IMAGE FILE = variable does not exist DEFAULT IMAGE FILE = flash://FTOS-ED-5.3.1.0.bin LOCAL CONFIG FILE = variable does not exist PRIMARY HOST CONFIG FILE = variable does not exist SECONDARY HOST CONFIG FILE = variable does not exist PRIMARY NETWORK CONFIG FILE = variable does not exist SECONDARY NETWORK CONFIG FILE = variable does not exist CURRENT IMAGE FILE = ftp://box:[email protected]//home/5.3.1/5.3.1.0/FTOS-ED-RPM1-5.3.1.0.bin CURRENT CONFIG FILE 1 = flash://startup-config CURRENT CONFIG FILE 2 = variable does not exist CONFIG LOAD PREFERENCE = local first BOOT INTERFACE GATEWAY IP ADDRESS = variable does not exist Force10#

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

show file

Related Commands

boot config boot host boot network boot system boot system gateway

Set the location of configuration files on local devices. Set the location of configuration files from the remote host. Set the location of configuration files from a remote network. Set the location of FTOS image files. Specify the IP address of the default next-hop gateway for the management subnet.

show file
ces
Syntax Parameters

Display contents of a text file in the local filesystem. show file filesystem filesystem
Enter one of the following:

flash: for the internal Flash slot0: for the external Flash

Command Modes Command History

EXEC Privilege
Version 7.6.1.0 Version 7.5.1.0 Introduced on S-Series Introduced on C-Series

E-Series original Command Example

Command output example (Partial): show file

Force10#show file flash://startup-config ! boot system rpm0 primary ftp://test:[email protected]//home/images/ E1200_405-3.1.2b1.86.bin boot system rpm0 secondary flash://FTOS-ED-6.1.1.0.bin boot system rpm0 default ftp://:@/\ ! redundancy auto-synchronize persistent-data redundancy primary rpm0 ! hostname E1200-20 ! enable password 7 94849d8482d5c3 ! username test password 7 93e1e7e2ef ! enable restricted 7 948a9d848cd5c3 ! protocol spanning-tree 0 bridge-priority 8192 rapid-root-failover enable ! interface GigabitEthernet 0/0 no ip address shutdown

File Management

show file-systems

Related Commands

format (C-Series and E-Series) format flash (S-Series) show file-systems

Erase all existing files and reformat a filesystem on the E-Series or C-Series platform. Erase all existing files and reformat the filesystem in the internal flash memory on and S-Series. Display information about the file systems on the system.

show file-systems
ces
Syntax Command Modes Command History

Display information about the file systems on the system. show file-systems EXEC Privilege
Version 7.6.1.0 Version 7.5.1.0 Introduced on S-Series Introduced on C-Series

E-Series original Command Example

Command Output example: show file-system

Force10#show file-systems Size(b) Free(b) 63938560 51646464 63938560 18092032 Force10# Feature dosFs2.0 dosFs1.0 Type MMC MMC network network network Flags rw rw rw rw rw Prefixes flash: slot0: ftp: tftp: scp:

show file-systems Command Output Fields Field

size(b) Free(b) Feature Type Flags

Description
Lists the size in bytes of the storage location. If the location is remote, no size is listed. Lists the available size in bytes of the storage location. If the location is remote, no size is listed. Displays the formatted DOS version of the device. Displays the type of storage. If the location is remote, the word

network is listed.
Displays the access available to the storage location. The following letters indicate the level of access: Prefixes r = read access w = write access

Displays the name of the storage location.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

show linecard

Related Commands

format (C-Series and E-Series) format flash (S-Series) show file

show sfm

Erase all existing files and reformat a filesystem. Erase all existing files and reformat the filesystem in the internal flash memory. Display contents of a text file in the local filesystem. Display the current SFM status.

show linecard
ce
Syntax Parameters

View the current linecard status. show linecard [number | all | boot-information] number all boot-information
Enter a number to view information on that linecard. Range: 0 to 6. (OPTIONAL) Enter the keyword all to view a table with information on all present linecards. (OPTIONAL) Enter the keyword boot-information to view cache boot information of all line cards in table format.

Command Modes Command History

EXEC Privilege
Version 7.5.1.0 Introduced on C-Series

E-Series original Command Example

Command output example (E-Series): show linecard boot-information

Force10#show linecard boot-information -Line cards Booted Next Cache Boot # Status CurType number from boot boot flash -------------------------------------------------------------------------------------------------------------0 1 2 3 online E48TF FX000032632 4.7.7.171 4.7.7.171 A: invalid B: invalid A: 2.3.2.1 [b] B: 2.3.2.1 4 5 6 Force10# -Serial

File Management

show os-version

show os-version
ces
Syntax Parameters

Display the release and software image version information of the image file specified or, optionally, the image loaded on the RPM (C-Series and E-Series only). show os-version [file-url] file-url
(OPTIONAL) Enter the following location keywords and information: For a file on the internal Flash, enter flash:// followed by the filename. For a file on an FTP server, enter ftp://user:password@hostip/

filepath

For a file on the external Flash, enter slot0:// followed by the filename. For a file on a TFTP server, enter tftp://hostip/filepath Note: ftp and tftp are the only S-Series options. Defaults Command Modes Command History

No default values or behavior EXEC Privilege

Version 7.6.1.0 Version 7.5.1.0 Introduced on S-Series Introduced on C-Series

E-Series original Command Usage Information

Note: A filepath that contains a dot ( . ) is not supported.

Command output example (E-Series): show os-version
Force10#show os-version RELEASE IMAGE INFORMATION : --------------------------------------------------------------------Platform Version Size ReleaseTime E-series: EF 7.5.1.0 27676168 Aug 15 2007 10:06:21 TARGET IMAGE INFORMATION : --------------------------------------------------------------------Type Version Target checksum runtime 7.5.1.0 control processor passed runtime 7.5.1.0 route processor passed runtime 7.5.1.0 terascale linecard passed boot flash 2.4.1.1 control processor passed boot flash 2.4.1.1 route processor passed boot flash 2.3.1.3 terascale linecard passed boot selector 2.4.1.1 control processor passed boot selector 2.4.1.1 route processor passed boot selector 2.3.1.3 terascale linecard passed Force10#

Example

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

show running-config Command output example (C-Series): show os-version

Force10#show os-version RELEASE IMAGE INFORMATION : --------------------------------------------------------------------Platform Version Size ReleaseTime C-series: CB 7.5.1.0 23734363 Aug 18 2007 11:49:51 TARGET IMAGE INFORMATION : --------------------------------------------------------------------Type Version Target checksum runtime 7.5.1.0 control processor passed runtime 7.5.1.0 linecard passed boot flash 2.7.0.1 control processor passed boot flash 1.0.0.40 linecard passed boot selector 2.7.0.1 control processor passed boot selector 1.0.0.40 linecard passed FPGA IMAGE INFORMATION : --------------------------------------------------------------------Card Version Release Date Primary RPM 4.1 May 02 2007 Secondary RPM 4.1 May 02 2007 LC0 3.2 May 02 2007 LC5 3.2 May 02 2007 LC6 2.2 May 02 2007 Force10#

Example

show running-config
ces
Syntax

Display the current configuration and display changes from the default values. show running-config [entity] [configured] [status]

File Management

show running-config

Parameters

entity

(OPTIONAL) Enter one of the keywords listed below to display that entitys current (non-default) configuration. Note that, if nothing is configured for that entity, nothing is displayed and the prompt returns:

aaa for the current AAA configuration acl for the current ACL configuration arp for the current static ARP configuration as-path for the current AS-path configuration bgp for the current BGP configuration boot for the current boot configuration cam-profile for the current CAM profile in the configuration. class-map for the current class-map configuration community-list for the current community-list configuration fefd for the current FEFD configuration ftp for the current FTP configuration fvrp for the current FVRP configuration host for the current host configuration hardware-monitor for hardware-monitor action-on-error
settings igmp for the current IGMP configuration interface for the current interface configuration isis for the current ISIS configuration line for the current line configuration load-balance for the current port-channel load-balance configuration logging for the current logging configuration

mac for the current MAC ACL configuration mac-address-table for the current MAC configuration management-route for the current Management port
forwarding configuration mroute for the current Mroutes configuration ntp for the current NTP configuration ospf for the current OSPF configuration pim for the current PIM configuration policy-map-input for the current input policy map configuration policy-map-output for the current output policy map configuration prefix-list for the current prefix-list configuration privilege for the current privilege configuration radius for the current RADIUS configuration redirect-list for the current redirect-list configuration redundancy for the current RPM redundancy configuration resolve for the current DNS configuration rip for the current RIP configuration route-map for the current route map configuration

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

show running-config

snmp for the current SNMP configuration spanning-tree for the current spanning tree configuration static for the current static route configuration tacacs+ for the current TACACS+ configuration tftp for the current TFTP configuration trace-group for the current trace-group configuration trace-list for the current trace-list configuration users for the current users configuration wred-profile for the current wred-profile configuration

configured status

(OPTIONAL) Enter the keyword configuration to display line card interfaces with non-default configurations only. (OPTIONAL) Enter the keyword status to display the checksum for the running configuration and the start-up configuration.

Command Modes Command History

EXEC Privilege
Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 Version 6.5.4.0 Added hardware-monitor option Introduced on S-Series Introduced on C-Series Expanded to include last configuration change and start-up last updated (date and time) and who made the change Added status option

Example

Command output example (partial): show running-config

Force10#show running-config Current Configuration ... ! Version 7.4.1.0 ! Last configuration change at Tue Apr 10 17:43:38 2007 by admin ! Startup-config last updated at Thu Mar 29 02:35:08 2007 by default ! boot system rpm0 primary flash://FTOS-EF-7.4.1.0.bin boot system rpm0 secondary flash://FTOS-EF-6.3.1.2.bin boot system rpm0 default flash://FTOS-EF-6.5.1.8.bin ! ...

Example

Command output example: show running-config

Force10#show running-config status running-config checksum 0xB4B9BF03 startup-config checksum 0x8803620F Force10#

Usage Information

The status option enables you to display the size and checksum of the running configuration and the startup configuration.

File Management

show sfm

show sfm
ce
Syntax Parameters

View the current SFM status. show sfm [number [brief] | all] number all brief
Enter a number to view information on that SFM. Range: 0 to 8. (OPTIONAL) Enter the keyword all to view a table with information on all present SFMs. (OPTIONAL) Enter the keyword brief to view a list with SFM status.

Note: The brief option is not available on C-Series.

Command Modes

EXEC EXEC Privilege

Command History

Version 7.5.1.0

Introduced on C-Series

E-Series original Command E-Series Example

Command output example (Partial) on E-Series: show sfm

Force10#show sfm Switch Fabric State: -- SFM card 0 Status Card Type Up Time Temperature Power Status Serial Number Part Number Vendor Id Date Code Country Code up

-: active : SFM - Switch Fabric Module : 37 min, 24 sec : 49C : PEM0: absent or down PEM1: up : 0018102 : 7520012900 Rev 02 : 02 : 06182004 : 01

show sfm Command Output Fields Field

Switch Fabric State: Status Card Type Up Time Temperature Power Status Serial Num Part Num Vendor ID

Description
States that the Switch Fabric is up (8 SFMs are online and operating). Displays the SFMs active status. States the type of SFM. Displays the number of hours and minutes since the RPMs last reboot. Displays the temperature of the RPM. Minor alarm status if temperature is over 65 C. Displays power status: absent, down, or up Displays the line card serial number. Displays the line card part number. Displays an internal code, which specifies the manufacturing vendor.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

show startup-config

show sfm Command Output Fields Field

Date Code Country Code

Description
Displays the line cards manufacturing date. Displays the country of origin. 01 = USA

Command output example: show sfm all

Force10#show sfm all Switch Fabric State: up

show startup-config
ces
Syntax Command Modes Command History

Display the startup configuration. show startup-config EXEC Privilege

Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 Introduced on S-Series Introduced on C-Series Expanded to include last configuration change and start-up last updated (date and time) and who made the change.

Example

Command output example (partial): show startup-config

Force10#show startup-config ! Version 7.4.1.0 ! Last configuration change at Thu Mar 29 02:16:07 2007 by default ! Startup-config last updated at Thu Mar 29 02:35:08 2007 by default ! boot system rpm0 primary flash://FTOS-EF-7.4.1.0.bin boot system rpm0 secondary flash://FTOS-EF-6.3.1.2.bin boot system rpm0 default flash://FTOS-EF-6.5.1.8.bin ! ...

Related Commands

show running-config

Display current (running) configuration.

File Management

show version

show version
ce s
Syntax Command Modes Command History

Display the current FTOS version information on the system. show version EXEC Privilege
Version 7.6.1.0 Version 7.5.1.0 Introduced on S-Series Introduced on C-Series

E-Series original Command E-Series Example

Command output example on E-Series: show version

Force10#show version Force10 Networks Real Time Operating System Software Force10 Operating System Version: 1.0 Force10 Application Software Version: 5.3.1.0 Copyright (c) 1999-2004 by Force10 Networks, Inc. Build Time: Sun May 9 00:57:03 PT 2004 Build Path: /local/local0/Release/5-4-1/SW/Bsp/Diag Force10 uptime is 1 days, 3 hours, 16 minutes System image file is "/home/5.3.1/5.3.1.0/FTOS-ED-RPM1-5.3.1.0.bin" Chassis Type: E1200 Control Processor: IBM PowerPC 405GP (Rev D) with 268435456 bytes of memory. Route Processor 1: IBM PowerPC 405GP (Rev D) with 536870912 bytes of memory. Route Processor 2: IBM PowerPC 405GP (Rev D) with 536870912 bytes of memory. 128K bytes of non-volatile configuration memory. 1 Route Processor Module 9 Switch Fabric Module 1 24-port GE line card with SFP optics (EE) 1 12-port GE Flex line card with SFP optics (EE) 1 2-port OC48c line card with SR optics (EC) 2 24-port GE line card with SX optics (EB) 1 2-port 10GE WAN PHY line card with 10Km (1310nm) optics (EE) 1 12-port GE Flex line card with SFP optics (EC) 1 2-port 10GE LAN PHY line card with 10Km (1310nm) optics (ED) 1 12-port OC12c/3c PoS line card with IR optics (EC) 1 24-port GE line card with SFP optics (ED) 1 FastEthernet/IEEE 802.3 interface(s) 120 GigabitEthernet/IEEE 802.3 interface(s) 14 SONET network interface(s) 4 Ten GigabitEthernet/IEEE 802.3 interface(s) Force10#

show version Command Fields Lines beginning with

Force10 Network ... Force10 Operating... Force10 Application... Copyright (c)... Build Time... Build Path... Force10 uptime is...

Description
Name of the operating system OS version number Software version Copyright information Software builds date stamp Location of the software build files loaded on the system Amount of time the system has been up

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

upgrade (E-Series version)

show version Command Fields Lines beginning with

System image... Chassis Type: Control Processor: ... Route Processor 1:... Route Processor 2: ... 128K bytes... 1 Route Processor...

Description
Image file name Chassis type (E1200, E600, E600i, E300, C300, C150) Control processor information and amount of memory on processor. E-Series route processor 1 information and the amount of memory on that processor. E-Series route processor 2 information and the amount of memory on that processor. Amount and type of memory on system. Hardware configuration of the system, including the number and type of physical interfaces available.

S-Series Example

Command output example on an S50V: show version

Force10#show version Force10 Networks Real Time Operating System Software Force10 Operating System Version: 1.0 Force10 Application Software Version: E7-8-1-13 Copyright (c) 1999-2008 by Force10 Networks, Inc. Build Time: Mon Nov 24 18:59:27 2008 Build Path: /sites/sjc/work/sw/build/build2/Release/E7-8-1/SW/SRC Force10 uptime is 1 minute(s) System Type: S50V Control Processor: MPC8451E with 252739584 bytes of memory. 32M bytes of boot flash memory. 1 48-port E/FE/GE with POE (SB) 48 GigabitEthernet/IEEE 802.3 interface(s) 4 Ten GigabitEthernet/IEEE 802.3 interface(s) Force10#

upgrade (E-Series version)

e
Syntax

Upgrade the bootflash, boot selector, or system image on a processor. upgrade {bootflash-image | bootselector-image | system-image} {all | linecard linecard-slot | rpm} {booted | file-url } bootflash-image bootselector-image
Enter the keyword bootflash-image to upgrade the bootflash image. Enter the keyword bootselector-image to upgrade the boot selector image. Use with TAC supervision only. Enter the keyword system-image to upgrade the cache boot image.

Parameters

system-image

File Management

upgrade (C-Series version)

all

Enter the keyword all to upgrade the bootflash/boot selector image on all processors in the E-Series. This keyword does not upgrade the bootflash on the standby RPM. Enter the keyword linecard followed by the slot number to change the bootflash image on a specific line card. E-Series Range: 0 to 13 on the E1200; 0 to 6 for the E600; 0 to 5 on the E300 Enter the keyword rpm to upgrade the bootflash/boot selector image on all processors on the RPM. Enter this keyword to upgrade using the image packed with the currently running FTOS image. Enter the following location keywords and information to upgrade using an FTOS image other than the one currently running: Enter the transfer method and file location:

linecard linecard-slot

rpm booted file-url

flash://filename ftp://userid:password@hostip/filepath slot0://filename tftp://hostip/filepath

Defaults Command Modes Command History

No configuration or default values EXEC Privilege

Version 7.7.1.0 Removed alt-bootflash-image, alt-bootselector-image, alt-system-image options, rp1, rp2, and cp options.

E-Series original Command Usage Information

A system message appears stating the Bootflash upgrade status. Reload the system to boot from the upgraded boot images. Once the URL is specified, the same downloaded image can be used for upgrading an individual RPM, line cards, SFM FPGA, and system-image for cache-boot without specifying the file-url again using the command upgrade {bootflash-image | bootselector-image | system-image} {all | linecard linecard-slot | rpm}. After 20 minutes, the cached memory is released and returned for general use, but the URL is maintained and you do not have to specify it for subsequent upgrades.

Related Commands

upgrade fpga-image boot system

Upgrade the FPGA version in the specified E-Series SFM. Display configured boot image information

upgrade (C-Series version)

c
Syntax

Upgrade the bootflash or boot selector image on a processor. upgrade {bootflash-image | bootselector-image | system-image} {all | linecard {number | all} | rpm} [booted | file-url | repair]

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

upgrade (C-Series version)

Parameters

bootflash-image bootselector-image system-image all

Enter the keyword bootflash-image to upgrade the bootflash image. Enter the keyword bootselector-image to upgrade the boot selector image. Use with TAC supervision only. Enter the keyword system-image to upgrade the system image. Use with TAC supervision only. Enter the keyword all to upgrade the bootflash or boot selector image on all processors. This keyword does not upgrade the bootflash on the standby RPM. Enter the keyword all after the keyword linecard to upgrade the bootflash or boot selector image on all linecards.

linecard number

rpm repair

Enter the keyword rpm to upgrade the system image of a selector image on all processors on the RPM. Enter this keyword to upgrade a line card newly inserted into an already upgraded chassis. This option is only available with the system-image keyword. Upgrade the bootflash or bootselector image using the currently running FTOS image. Enter the following location keywords and information to upgrade using an FTOS image other than the one currently running: To specify an FTOS image on the internal flash, enter flash:// file-path/filename. To specify an FTOS image on an FTP server, enter ftp:// user:password@hostip/filepath To specify an FTOS image on the external flash on the primary RPM, slot0://file-path/filename To copy a file on a TFTP server, enter tftp://hostip/

booted file-url

filepath/filename

Defaults Command Modes Command History

FTOS uses the boot flash image that was packed with it if no URL is specified. EXEC Privilege
Version 7.7.1.0 Version 7.5.1.0 Introduced system-image option Introduced on C-Series

E-Series original Command Usage Information

A system message appears stating the Bootflash upgrade status. Reload the system to boot from the upgraded boot images.

File Management

upgrade (S-Series management unit)

Once the URL is specified, the same downloaded image can be used for upgrading an individual RPM, line cards, SFM FPGA, and system-image for cache-boot without specifying the file-url again using the command upgrade {bootflash-image | bootselector-image | system-image} {all | linecard linecard-slot | rpm}. After 20 minutes, the cached memory is released and returned for general use, but the URL is maintained and you do not have to specify it for subsequent upgrades.
Related Commands

upgrade fpga-image boot system

Upgrade the FPGA version in the specified E-Series SFM. Display configured boot image information

upgrade (S-Series management unit)

s
Syntax Parameters

Upgrade the bootflash image or system image of the S-Series management unit. upgrade {boot | system} {ftp: | scp: | tftp:} file-url boot system ftp:
Enter this keyword to change the boot image. Enter this keyword to change the system image. After entering this keyword you can either follow it with the location of the source file in this form: //userid:password@hostip/filepath,or press Enter to launch a prompt sequence. After entering this keyword you can either follow it with the location of the source file in this form: //userid:password@hostip/filepath, or press Enter to launch a prompt sequence. After entering this keyword you can either follow it with the location of the source file in this form: //hostlocation/filepath, or press Enter to launch a prompt sequence.

scp:

tftp:

Defaults Command Modes Command History

No configuration or default values EXEC Privilege

Version 7.7.1.0 Version 7.6.1.0 Added support for TFTP and SCP. Introduced on S-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

upgrade fpga-image

Usage Information

You must reload FTOS after executing this command. Use the command upgrade system stack-unit (S-Series stack member) on page 242 to copy FTOS from the management unit to one or more stack members.

Force10#upgrade system ? ftp: Copy from remote file system (ftp://userid:password@hostip/filepath) scp: Copy from remote file system (scp://userid:password@hostip/filepath) tftp: Copy from remote file system (tftp://hostip/filepath) Force10#$pgrade system ftp://username:[email protected]/FTOS-SB-7.7.1.0.bin !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!! Erasing Sseries ImageUpgrade Table of Contents, please wait .!.................................................................................................. .................................................................................................... .................................................................................................... .................................................................................................... .................................................................................................... .................................................................................................... .................................................................................................... .................................................................................................... .................................................................................................... ....................................! 12946259 bytes successfully copied Force10#reload

upgrade fpga-image
e
This command only be used on systems with SFM3 modules (and only when required by the upgrade procedure in the release notes). Upgrade the FPGA version in the specified E-Series SFM3 and automatically initiate an automatic reset to complete the version upgrade. upgrade fpga-image {sfm} {all | id} [booted | flash:// | ftp: |slot0: | tftp] sfm rpm all id
Enter the keyword sfm to upgrade the FPGA on the SFMs. Enter the keyword rpm to upgrade all processors on the RPM. Enter the keyword all to upgrade the FPGA on all the SFMs. Enter the keyword id to upgrade the FPGA on all a specific SFM. Enter the path to the upgrade source. Entering <CR> updates the FPGA from the flash. Defaults Command Modes Command History

Syntax Parameters

No default values or behavior EXEC Privilege

Version 8.3.1.0 Version 7.5.1.0 Added rpm option Introduced on E-Series

File Management

restore fpga-image Command example: upgrade sfm autoreset

Force10#upgrade sfm 1 autoreset SFM1: upgrade in progress !!! !!! !!! SFM1: upgrade complete SFM1 is active. Resetting it might temporarily impact traffic. Proceed with reset [confirm yes/no]: yes Force10#

Example

Related Commands

show sfm

Display the SFM status. Upgrade the E-Series.

upgrade (E-Series version)

Usage Information
0

On E-Series ExaScale, you cannot upgrade SFMs using this command when Cache Boot is configured. If you attempt an upgrade, you must reload the chassis to recover.

Upgrading the C-Series FPGA

These commands are for upgrading the FPGA for C-Series RPMs and line cards. restore fpga-imagee upgrade fpga-image

restore fpga-image
c
Syntax Parameters

Copy the backup C-Series FPGA image to the primary FPGA image. restore fpga-image {rpm | linecard} number rpm linecard number
Enter rpm to upgrade an RPM FPGA. Enter linecard to upgrade a line card FPGA. Enter the line card or RPM slot number. C-Series Line Card Range: 0-7, RPM Range: 0-1

Defaults Command Mode Command History

None. EXEC Privilege

Version 7.7.1.0 Version 7.5.1.0 Renamed keyword primary-fpga-flash to fpga-image. Introduced on C-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

upgrade fpga-image Command example: restore fpga-image

Force10#restore fpga-image linecard 4 Current FPGA information in the system: ======================================= Card FPGA Name Current Version New Version -----------------------------------------------------------------------LC4 48 Port 1G LCM FPGA A: 3.6 restore *********************************************************************** * Warning - Upgrading FPGA is inherently risky and should * * only be attempted when necessary. A failure at this upgrade may * * cause a board RMA. Proceed with caution ! * *********************************************************************** Restore fpga image for linecard 4 [yes/no]: yes FPGA restore in progress. Please do NOT power off the card. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Upgrade result : ================ Linecard 4 FPGA restore successful.

Example

Usage Information Related Commands

Reset the card using the power-cycle option after restoring the FPGA command.

reset

Reset a card.

upgrade fpga-image
c
Syntax

Upgrade the primary FPGA image. upgrade fpga-image {rpm {number | all}| linecard {number | all} [system-fpga | link-fpga] | all} {booted | file-url} rpm number
Enter rpm followed by the RPM slot number to upgrade an RPM FPGA Range: 0-1 Enter linecard followed by the line card slot number to upgrade a linecard FPGA. Range: 0-7 on the C300, 0-3 on the C150 Enter the keyword all to upgrade all RPM and linecard FPGAs. Enter the keyword all after the keyword rpm to upgrade all FPGAs on all RPMs. Enter the keyword all after the keyword linecard to upgrade all FPGAs on all linecards.

Parameters

linecard number

all

system-fpga

(OPTIONAL) Enter system-fpga to upgrade only the system FPGA on a fiber linecard. Contact the Force10 TAC before using this keyword. (OPTIONAL) Enter link-fpga to upgrade only the link FPGA on a fiber linecard. Contact the Force10 TAC before using this keyword.

link-fpga

File Management

upgrade fpga-image

booted file-url

Upgrade the FPGA image using the currently running FTOS image. Enter the following location keywords and information to upgrade the FPGA using an FTOS image other than the one currently running: To specify an FTOS image on the internal flash, enter flash:// file-path/filename. To specify an FTOS image on an FTP server, enter ftp:// user:password@hostip/filepath To specify an FTOS image on the external flash on the primary RPM, slot0://file-path/filename To copy a file on a TFTP server, enter tftp://hostip/

filepath/filename

Defaults Command Mode Command History

None. EXEC Privilege

Version 7.7.1.0 Version 7.6.1.0 Version 7.5.1.0 Renamed the primary-fpga-flash keyword to fpga-image. Added support for upgrading using a remote FTOS image. Added support for the all keyword Introduced on C-Series

Example

Command example: upgrade fpga-image

Force10#conf Force10(conf)# upgrade primary-fpga-flash rpm Proceed to upgrade primary fpga flash for rpm 0 [confirm yes/no]: yes !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Force10#

Usage Information Related Commands

Reset the card using the power-cycle option after restoring the FPGA command.

reset restore fpga-image

Reset a line card or RPM. This command copies the backup FPGA image to the primary FPGA image.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

upgrade fpga-image

File Management

Chapter 3
Overview

BOOT_USER Mode

All commands in this chapter are in the BOOT_USER mode except for format, which is in the BOOT_ADMIN mode. Command support on Force10 platforms is indicated by the characters that appear below each command heading:

c = C-Series e = E-Series s = S-Series

To access this mode in the C-Series and E-Series, enter a control break sequence (Ctrl^, which is Ctrl Shift-6) when the following line appears on the console during a system boot:
Send the Break Signal to stop Operating System auto-boot...

On the S-Series, the following is displayed twice. Press any key when the following line is displayed the second time:
Hit any key to break into BOOT_USER mode

Commands
boot change boot messages boot selection boot zero default-gateway delete dir enable format ignore enable-password ignore startup-config interface management ethernet ip address interface management ethernet mac-address interface management ethernet port interface management port config reload rename

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

boot change

restore factory-defaults save show boot selection show bootflash show bootvar show default-gateway show interface management ethernet

Note: You cannot use the Tab key to complete commands in this mode.

Note: The question mark (?) key to get help does not work in this mode. Note: Instead, enter help.

boot change
c es
Syntax Parameters

Change the primary, secondary, or default FTOS boot configuration. boot change {primary | secondary | default} primary secondary default
Enter the keyword primary to configure the boot parameters used in the first attempt to boot FTOS. Enter the keyword secondary to configure boot parameters used if the primary operating system boot selection is not available. Enter the keyword default to configure boot parameters used if the secondary operating system boot parameter selection is not available. The default location should always be the internal flash device (flash:), and a verified image should be stored there.

Defaults Command Modes Command History Usage Information

Not configured. BOOT_USER

Version 7.8.1.0 Introduced on S-Series

After entering the boot change keywords and selecting among parameters, above, press Enter, and the software prompts you to enter the following: The boot device (ftp, tftp, flash, slot0) (Note: tftp and flash are the only options available for the S-Series), image file name, IP address of the server containing the image, username and password (only for FTP)

BOOT_USER Mode

boot messages

Note: When you enter a new parameter that extends beyond 80 characters, you cannot use the Backspace key to correct any mistakes. If you make a mistake, you must re-enter the parameter. Note: The IP address of the designated download port must be set before you execute this command. Otherwise, an error message will alert you that the configuration cannot proceed. See the command interface management ethernet ip address.
Figure 4 shows the first field after you enter boot change primary. At this point: Press Enter to accept the information already configured, or Change that information. To do so, press the . (period) key and enter new information. After you enter the information, press Enter.

Figure 4 First Field in the boot change Command

BOOT_USER # boot change primary '.' = clear field; boot device '-' = clear non-essential field : ftp

Figure 5 shows the completed command: Figure 5 Completed boot change Command Example
BOOT_USER # boot change primary '.' = clear field; boot device file name Server IP address username password BOOT_USER # '-' = go to previous field : : : : : ftp tt/latestlabel 10.16.1.209 amsterdam ******

In the runtime CLI of C-Series and E-Series, use the boot system command to change the boot image file and location. To view the current boot configuration, use the show bootvar command.
Related Commands boot system boot zero show boot selection show bootvar Set the location of FTOS image files. Remove the primary, secondary, or default boot image configuration. Display the current Boot Flash image selected. Display boot configuration information.

boot messages
ce
Syntax

Limit the number of messages seen during system boot-up. boot messages {disable | enable} Publication Date: July 20, 2011 53

Command Line Reference for FTOS version 8.4.2.4

boot selection

Parameters

disable enable

Enter the keyword disable to display fewer messages during boot-up. Enter the keyword enable to display all messages during boot-up.

Defaults Command Modes

enable (that is, all messages are displayed during boot up) BOOT_USER

boot selection
ce
Syntax Parameters

Specify the boot flash partition in the internal Flash from which to boot the system. boot selection [a | b] a b
Enter the keyword a to select the boot code in partition A. Enter the keyword b to select the boot code in partition B.

Defaults Command Modes Usage Information Related Commands

None. BOOT_USER To view the current boot flash image, enter the show boot selection command.

boot change show boot selection

Change the primary, secondary or default boot image configuration Display the current Boot Flash image selected.

boot zero
ces
Syntax Parameters

Erase the configured primary, secondary, or default boot image parameters. If all three parameters are erased, the S-Series switch will boot from its internal Flash. boot zero {primary | secondary | default} primary secondary default
Enter the keyword primary to configure the boot parameters used in the first attempt to boot the system. Enter the keyword secondary to configure boot parameters used if the primary operating system boot selection is not available. Enter the keyword default to configure boot parameters used if the secondary operating system boot parameter selection is not available. The default parameters always reside on the internal flash device (flash:).

Defaults Command Modes

Not configured. BOOT_USER BOOT_USER Mode

default-gateway

Command History Usage Information

Version 7.8.1.0

Introduced on S-Series

This command reverses changes made with the boot change command. Figure 6 Completed boot zero Command Example
BOOT_USER BOOT_USER BOOT_USER BOOT_USER # # # # boot boot boot show zero primary zero secondary zero default bootvar

PRIMARY OPERATING SYSTEM BOOT PARAMETERS: ======================================== No Operating System boot parameters specified! SECONDARY OPERATING SYSTEM BOOT PARAMETERS: ========================================== No Operating System boot parameters specified! DEFAULT OPERATING SYSTEM BOOT PARAMETERS: ======================================== No Operating System boot parameters specified! BOOT_USER #

Related Commands

boot change show boot selection

Change the primary, secondary or default boot image configuration Display the current Boot Flash image selected.

default-gateway
c es
Syntax Parameters

Assign an IP address as the default gateway for the system. [no] default-gateway ip-address ip-address Not configured. BOOT_USER
Version 7.8.1.0 Introduced on S-Series Enter the IP address of the gateway router in dotted decimal format (A.B.C.D).

Defaults Command Modes Command History Usage Information Related Commands

Use the show default-gateway command to view the current default gateway.

show default-gateway show boot selection

Change the primary, secondary or default boot image configuration Display the current Boot Flash image selected.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

delete

delete
ce
Syntax Parameters

Erase a file on the internal or external Flash. delete file-url file-url

Enter the location keywords and information: For a file on the internal Flash, enter flash:// followed by the filename. For a file on the external Flash, enter slot0:// followed by the filename.

Defaults Command Modes

Not configured. BOOT_USER

dir
ce
Syntax Parameters

Display files in a directory dir file-url file-url

Enter the location keywords and information: For a file on the internal Flash, enter flash:// followed by the filename. For a file on the external Flash, enter slot0:// followed by the filename.

Defaults Command Modes Usage Information Example

Not configured. BOOT_USER The maximum number of files allowed on an MMC card (internal or external flash) is 100 files. Figure 7 dir Command Example
BOOT_USER # dir flash: Displaying files in flash: size date time -----------------8681647 MAR-21-2004 11:08:50 4905 MAR-17-2004 18:16:34 1182431 FEB-29-2004 22:08:14 8807825 MAR-30-2004 12:49:14 1182431 FEB-24-2004 22:52:00 14729 MAR-14-2004 17:55:26 1182431 MAR-10-2004 10:57:30 6858 MAR-07-2004 09:52:58 1182431 MAR-22-2004 12:17:34 7819238 MAR-22-2004 12:23:14 8989646 MAR-17-2004 15:13:06 14517 MAR-30-2004 09:48:44 14506 MAR-30-2004 09:49:34 BOOT_USER #

name -------E1200-3.1.a3.78.bin nimule dohuk E1200-3.1.0.309.bin t1 erbil vW RPM0CP1 tunis E1200-3.1.0.316.bin E1200-3.1.0.390.bin.dos2 RPM0CPlog1 RPM0CPlog2

BOOT_USER Mode

enable

enable
ce
Syntax Parameters

Change the privilege level of user access to FTOS commands. enable {user | admin} admin user
Used only by Force10 TAC personnel. Used only by Force10 TAC personnel.

Defaults Command Modes Usage Information

Not configured. BOOT_USER Only Force10 TAC staff use this command.

format
ce
Syntax Parameters

Format the internal or external flash memory. format file-url file-url

Enter the location keywords and information: For a file on the internal Flash, enter flash:// followed by the filename. For a file on the external Flash, enter slot0:// followed by the filename.

Defaults Command Modes Usage Information Related Commands

Not configured. BOOT_ADMIN The maximum number of files allowed on an MMC card (internal or external flash) is 100 files.

format (C-Series and E-Series) show file show file-systems

Erase all existing files and reformat a filesystem (EXEC Privilege mode). Display contents of a text file in the local filesystem. Display information about the file systems on the system.

ignore enable-password
c es
Syntax

Reload the system software without the enable password configured. This command is hidden on the C-Series and E-Series, so it is not listed when you enter ? or help in this mode. ignore enable-password

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

ignore startup-config

Defaults Command Modes Command History Usage Information

Not configured. BOOT_USER

Version 7.8.1.0 Introduced on S-Series

When you enter the reload command and the system reboots, you will not be prompted for a password to enter the EXEC Privilege mode (normally you are required to enter the enable command.) If your console or Telnet session expires after you used the ignore enable-password command, you are prompted for an enable password when you re-establish the session.

Related Commands

reload
show running-config

Exit from this mode and reload FTOS. Display the current configuration and the changes from the default values.

ignore startup-config
s
Syntax Defaults Command Modes Command History Usage Information

During a reload, do not load the startup-config file. ignore startup-config disabled BOOT_USER
Version 7.8.1.0 Introduced on S-Series

This command might be used if a the user has authentication procedures in the startup-config other than the enable-password setting.

interface management ethernet ip address

ces
Syntax

Assign an IP address to the Management Ethernet interface. [no] interface management ethernet ip address ip-address mask To delete the IP address on the C-Series and E-Series (not on S-Series), enter no interface management ethernet ip address.

Parameters

ip-address mask

Enter the IP address in dotted decimal format (A.B.C.D) and the mask in / prefix-length format (/x).

Defaults

Not configured.

BOOT_USER Mode

interface management ethernet mac-address

Command Modes Command History Usage Information

BOOT_USER
Version 7.8.1.0 Introduced on S-Series

In the runtime CLI of the C-Series and E-Series (not on S-Series), use the ip address command in the INTERFACE mode to change the Management interfaces IP address. If there is a mac address programmed in the eeprom, the show interface management ethernet command gets the mac address from there and displays it. If there is no mac address programmed, the following is used by default - 00:10:18:00:00:01. To view the current IP address configured on the Management interface, enter the show interfaces management ethernet command.

Related Commands

ip address
show default-gateway show interface management ethernet

Assign a primary and secondary IP address to the interface. Display the IP address configured for the default gateway. Display the IP address configured for the Management interface.

interface management ethernet mac-address

s
Syntax Parameters

Assign a MAC address to the Management Ethernet interface. interface management ethernet mac-address mac-address mac-address Not configured. BOOT_USER
Version 7.8.1.0 Introduced on S-Series Enter a MAC address in standard format (xx:xx:xx:xx:xx:xx).

Defaults Command Modes Command History Usage Information Related Commands

Use this command to assign a MAC address if FTOS cannot find a default MAC address.

show default-gateway show interface management ethernet

Display the IP address configured for the default gateway. Display the IP address configured for the Management interface.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

interface management ethernet port

s
Syntax Parameters

Assign a port to be the Management Ethernet interface. interface management ethernet port portID portID
Enter an S-Series port ID as an integer. Range: 1 to 48

Defaults Command Modes Command History Usage Information Related Commands

Not configured. BOOT_USER

Version 7.8.1.0 Introduced on S-Series

Assign any copper port to be the Management Ethernet interface.

show interface management ethernet

Display the IP address configured for the Management interface.

interface management port config

ce
Syntax

Configure speed, duplex, and negotiation settings for the management interface. interface management port config {half-duplex | full-duplex | 10m | 100m | auto-negotiation | no auto-negotiation | show} half-duplex full-duplex 10m 100m auto-negotiation no auto-negotiation show
Enter the keyword half-duplex to set the Management interface to half-duplex mode. Enter the keyword full-duplex to set the Management interface to full-duplex mode. Enter the keyword 10m to set the speed on the Management interface to 10 Mb/s. Enter the keyword 100m to set the speed of the Management interface to 100 Mb/s. Enter the keyword auto-negotiation to enable negotiation on the Management interface. Enter the keyword no auto-negotiation to disable auto-negotiation on the Management interface. Enter the keyword show to display the settings on the Management interface.

Parameters

Defaults Command Modes

full duplex; auto-negotiation BOOT_USER

BOOT_USER Mode

reload

Usage Information Related Commands

This command is only available in Boot Flash version 2.0.0.21 and higher.

show default-gateway show interface management ethernet

Display the IP address configured for the default gateway. Display the IP address configured for the Management interface.

reload
c es
Syntax Command Modes Command History Related Commands

Exit from this mode and reload FTOS. reload BOOT_USER

Version 7.8.1.0 Introduced on S-Series

save

Save configurations created in BOOT_USER mode (BLI).

rename
ce
Syntax Parameters

Rename a file. rename file-url file-url

Enter the location keywords and information: For a file on the internal Flash, enter flash:// followed by the filename. For a file on the external Flash, enter slot0:// followed by the filename.

Defaults Command Modes

None. BOOT_USER

restore factory-defaults
s
Syntax

Erase all NVRAM sectors, EEPROM sectors, and user boot configurations. restore factory-defaults

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

save

Command Modes Command History

BOOT_USER
Version 7.8.1.0 Introduced on S-Series

save
s
Command History Usage Information

Save configurations created in BOOT_USER mode (BLI).

Version 7.8.1.0 Introduced on S-Series

A basic difference between S-Series and other Force10 platforms is that, on the S-Series, FTOS does not save configurations into NVRAM while the user enters them in the BLI. Instead, the configurations are saved in a software cache and are written into NVRAM only on the execution of this save command or of the reload command.
reload write

Related Commands

Exit from this mode and reload FTOS. Save the running configuration to the startup configuration file.

show boot selection

ce
Syntax Command Modes Example

Display the current FTOS boot image. show boot selection BOOT_USER Figure 8 show boot selection Command Example
BOOT_USER # show boot selection ROM BOOTSTRAP SELECTOR PARMETERS: ================================ Current ROM bootstrap selection set to Bootflash partition B. Last ROM bootstrap occurred from Bootflash partition B. BOOT_USER #

Related Commands

boot change boot selection

Change the primary, secondary or default boot image configuration Change the boot flash image on the internal Flash.

BOOT_USER Mode

show bootflash

show bootflash
ce
Syntax Command Modes Example

Display information on the boot flash. show bootflash BOOT_USER Figure 9 show bootflash Command Example
BOOT_USER # show bootflash GENERAL BOOTFLASH INFO ====================== Bootflash Partition A: Force10 Networks System Boot Copyright 1999-2004 Force10 Networks, Inc. ROM Header Version 1.0 Engineering CP_IMG_BOOT, BSP Release 2.0.0.19, Checksum 0x39303030 Created Mon Mar 20 10:56:53 US/Pacific 2004 by xxx on Unknown host Bootflash Partition B: Force10 Networks System Boot Copyright 1999-2004 Force10 Networks, Inc. ROM Header Version 1.0 Engineering CP_IMG_BOOT, BSP Release 2.0.0.19, Checksum 0x36313031 Created Mon Mar 6 18:15:10 2004 by xxx on hostname Boot Selector Partition: Force10 Networks System Boot Copyright 1999-2004 Force10 Networks, Inc. ROM Header Version 1.0 Official CP_IMG_BOOT_SELECTOR, BSP Release 2.0.0.15, Checksum 0x30314348 Created Mon Jan 21 17:15:47 US/Pacific 2004 by xxx on Unknown host BOOT_USER #

show bootvar
c es
Syntax Command Modes Command History

Display boot configuration information. show bootvar BOOT_USER

Version 7.8.1.0 Introduced on S-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

show default-gateway

Example

Figure 10 show bootvar Command Example

BOOT_USER # show bootvar PRIMARY OPERATING SYSTEM BOOT PARAMETERS: ======================================== boot device : ftp file name : tt/latestlabel Management Ethernet IP address : 10.16.1.181/24 Server IP address : 10.16.1.209 username : amsterdam password : ****** SECONDARY OPERATING SYSTEM BOOT PARAMETERS: ========================================== boot device : flash file name : /E1200-3.1.1.3.bin DEFAULT OPERATING SYSTEM BOOT PARAMETERS: ======================================== boot device : flash file name : /E1200-3.1.1.2.bin BOOT_USER #

Related Commands

boot change boot zero

Change the primary, secondary or default boot image configuration.

Erase the configured primary, secondary, or default boot image parameters.

show default-gateway
c es
Syntax Command Mode Command History Example

Display the IP address configured for the default gateway. show default-gateway BOOT_USER
Version 7.8.1.0 Introduced on S-Series

Figure 11 show default-gateway Command Example

BOOT_USER # show default-gateway Gateway IP address: 10.1.1.1 BOOT_USER #

Related Commands

default-gateway interface management ethernet ip address

Configure the IP address for the default gateway. Assign an IP address to the Management Ethernet interface.

BOOT_USER Mode

show interface management ethernet

c es
Syntax Command Modes Command History Example

Display the IP address configured for the Management interface. show interface management ethernet BOOT_USER
Version 7.8.1.0 Introduced on S-Series

Figure 12 show interface management ethernet Command Example

BOOT_USER # show interfaces management ethernet Management ethernet IP address: 10.16.1.181/24 BOOT_USER #

On the S-Series, the output of this command includes the MAC address and port number of the assigned management port.
Example

Figure 13 show interface management ethernet Command Example

BOOT_USER # show interface management ethernet Management ethernet IP address: 10.16.1.181/24 Management ethernet MAC address: 00:01:e8:43:13:16 Management ethernet port number: 1 BOOT_USER #

Related Commands

interface management ethernet ip address interface management port config

Assign an IP address to the Management Ethernet interface.

Configure speed, duplex, and negotiation settings for the management interface.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

show interface management ethernet

BOOT_USER Mode

Chapter 4
Overview

Control and Monitoring

This chapter contains the following commands to configure and monitor the system, including Telnet, FTP, and TFTP as they apply to platforms c e s.

Commands
audible cut-off banner exec banner login banner motd cam-audit linecard clear alarms clear command history clear line configure debug cpu-traffic-stats debug ftpserver disable do enable enable xfp-power-updates end epoch exec-banner exec-timeout exit ftp-server topdir ftp-server username send service timestamps show alarms show chassis show command-history show command-tree show console lp show cpu-traffic-stats show debugging show environment (C-Series and E-Series) show environment (S-Series) show inventory (C-Series and E-Series) show inventory (S-Series) show linecard show linecard boot-information show memory (C-Series and E-Series) show memory (S-Series) show processes cpu (C-Series and E-Series) show processes cpu (S-Series) show processes ipc flow-control show processes memory (C-Series and E-Series) show processes memory (S-Series)

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

audible cut-off

hostname ip ftp password ip ftp source-interface ip ftp username ip telnet server enable ip telnet source-interface ip tftp source-interface line linecard module power-off motd-banner ping power-off power-on reload reset rpm <slot> location-led

show rpm show software ifm show switch links show system (S-Series) show tech-support (C-Series and E-Series) show tech-support (S-Series) ssh-peer-rpm telnet telnet-peer-rpm terminal length terminal xml traceroute undebug all upload trace-log virtual-ip write

audible cut-off
e
Syntax Defaults Command Modes

Turn off an audible alarm. audible cut-off Not configured. EXEC Privilege

banner exec
ces
Syntax Parameters

Configure a message that is displayed when a user enters the EXEC mode. banner exec c line c c line
Enter the keywords banner exec, and then enter a character delineator, represented here by the letter c, and press ENTER. Enter a text string for your banner message ending the message with your delineator. In the example below, the delineator is a percent character (%); the banner message is testing, testing.

Control and Monitoring

banner login

Defaults Command Modes Command History

No banner is displayed. CONFIGURATION

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

E-Series original Command Usage Information Example

Force10(conf)#banner exec ? LINE c banner-text c, where 'c' is a delimiting character Force10(conf)#banner exec % Enter TEXT message. End with the character '%'. This is the banner% Force10(conf)#end Force10#exit 4d21h5m: %RPM0-P:CP %SEC-5-LOGOUT: Exec session is terminated for user on line console This is the banner Force10 con0 now available Press RETURN to get started. 4d21h6m: %RPM0-P:CP %SEC-5-LOGIN_SUCCESS: Login successful for user console This is the banner Force10> on line

Optionally, use the banner exec command to create a text string that is displayed when the user accesses the EXEC mode. The exec-banner command toggles that display.

Related Commands

banner login banner motd exec-banner line

Sets a banner for login connections to the system. Sets a Message of the Day banner. Enable the display of a text string when the user enters the EXEC mode. Enable and configure console and virtual terminal lines to the system.

banner login
ces
Syntax Parameters

Set a banner to be displayed when logging on to the system. banner login {keyboard-interactive | no keyboard-interactive} [c line c]
keyboard-interactive Enter this keyword to require a carriage return (CR) to get the message banner prompt.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

banner login

c line

Enter a delineator character to specify the limits of the text banner. In Figure 14, the % character is the delineator character. Enter a text string for your text banner message ending the message with your delineator. In the example in Figure 14, the delineator is a percent character (%). Ranges: maximum of 50 lines up to 255 characters per line

Defaults Command Modes Command History

No banner is configured and the CR is required when creating a banner. CONFIGURATION

Version 8.2.1.0 Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced keyboard-interactive keyword Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

E-Series original Command Usage Information

A login banner message is displayed only in EXEC Privilege mode after entering the enable command followed by the password. These banners are not displayed to users in EXEC mode.
banner exec banner motd Sets a banner to be displayed when you enter EXEC Privilege mode. Sets a Message of the Day banner.

Related Commands

Control and Monitoring

banner motd Figure 14 Command Example: banner login

Force10(conf)#banner login ? keyboard-interactive Press enter key to get prompt LINE c banner-text c, where 'c' is a delimiting character Force10(conf)#no banner login ? keyboard-interactive Prompt will be displayed by default <cr> Force10(conf)#banner login keyboard-interactive Enter TEXT message. This is the banner% Force10(conf)#end Force10#exit End with the character '%'.

Example

13d21h9m: %RPM0-P:CP %SEC-5-LOGOUT: Exec session is terminated for user on line console This is the banner Force10 con0 now available Press RETURN to get started. 13d21h10m: %RPM0-P:CP %SEC-5-LOGIN_SUCCESS: Login successful for user console This is the banner Force10> on line

banner motd
ces
Syntax Parameters

Set a Message of the Day (MOTD) banner. banner motd c line c c line
Enter a delineator character to specify the limits of the text banner. In the above figures, the % character is the delineator character. Enter a text string for your message of the day banner message ending the message with your delineator. In the example figures above, the delineator is a percent character (%).

Defaults Command Modes Command History

No banner is configured. CONFIGURATION

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

E-Series original Command Usage Information

A MOTD banner message is displayed only in EXEC Privilege mode after entering the enable command followed by the password. These banners are not displayed to users in EXEC (non-privilege) mode.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

cam-audit linecard

Related Commands

banner exec banner login

Sets a banner to be displayed when you enter the EXEC Privilege mode. Sets a banner to be displayed after successful login to the system.

cam-audit linecard
e
Syntax Parameters

Enable audit of the IPv4 forwarding table on all line cards. cam-audit linecard all ipv4-fib interval time-in-minutes all ipv4-fib interval time-in-minutes
Enter the keyword all to enable CAM audit on all line cards. Enter the keyword ipv4-fib to designate the CAM audit on the IPv4 forwarding entries. Enter the keyword interval followed by the frequency in minutes of the CAM audit. Range: 5 to 1440 minutes (24 hours) Default: 60 minutes

Defaults Command Modes Command History Usage Information

Disabled CONFIGURATION
Version 7.4.1.0 Introduced on E-Series

Enables periodic audits of software and hardware copies of the IPv4 forwarding table.

clear alarms
ces
Syntax Command Modes Command History

Clear alarms on the system. clear alarms EXEC Privilege

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

E-Series original Command Usage Information

This command clear alarms that are no longer active. If an alarm situation is still active, it is seen in the system output.

Control and Monitoring

clear command history

ces
Syntax Command Modes Command History

Clear the command history log. clear command history EXEC Privilege
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

E-Series original Command Related Commands show command-history

Display a buffered log of all commands entered by all users along with a time stamp.

clear line
ces
Syntax Parameters

Reset a terminal line. clear line {line-number | aux 0 | console 0 | vty number} line-number aux 0 console 0 vty number
Enter a number for one of the 12 terminal lines on the system. Range: 0 to 11. Enter the keywords aux 0 to reset the Auxiliary port.

Note: This option is supported on E-Series only.

Enter the keyword console 0 to reset the Console port. Enter the keyword vty followed by a number to clear a Terminal line. Range: 0 to 9

Command Modes Command History

EXEC Privilege
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

E-Series original Command

configure
ces
Syntax

Enter the CONFIGURATION mode from the EXEC Privilege mode. configure [terminal]

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

debug cpu-traffic-stats

Parameters

terminal

(OPTIONAL) Enter the keyword terminal to specify that you are configuring from the terminal.

Command Modes Command History

EXEC Privilege
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

E-Series original Command Example

Figure 15 Command Example: configure

Force10#configure Force10(conf)#

debug cpu-traffic-stats
ces
Syntax Defaults Command Modes Command History

Enable the collection of CPU traffic statistics. debug cpu-traffic-stats Disabled EXEC Privilege
Version 7.6.1.0 Version 7.5.1.0 Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

This command enables (and disables) the collection of CPU traffic statistics from the time this command is executed (not from system boot). However, excessive traffic received by a CPU will automatically trigger (turn on) the collection of CPU traffic statics. The following message is an indication that collection of CPU traffic is automatically turned on. Use the show cpu-traffic-stats to view the traffic statistics. Excessive traffic is received by CPU and traffic will be rate controlled

Note: This command must be enabled before the show cpu-traffic-stats command will display traffic statistics. Force10 recommends that you disable debugging (no debug cpu-traffic-stats) once troubleshooting is complete.
Related Commands show cpu-traffic-stats Display cpu traffic statistics

Control and Monitoring

debug ftpserver

debug ftpserver
ces
Syntax Command Modes Command History

View transactions during an FTP session when a user is logged into the FTP server. debug ftpserver EXEC Privilege
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

E-Series original Command

disable
ce
Syntax Parameters

Return to the EXEC mode. disable [level] level

(OPTIONAL) Enter a number for a privilege level of the FTOS. Range: 0 to 15. Default: 1

Defaults Command Modes Command History

1 EXEC Privilege
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

E-Series original Command

do
ces
Syntax Parameters

Allows the execution of most EXEC-level commands from all CONFIGURATION levels without returning to the EXEC level. do command command No default behavior
Enter an EXEC-level command.

Defaults

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

enable

Command Modes

CONFIGURATION INTERFACE

Command History

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 6.1.1.0

Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

The following commands are not supported by the do command:

enable disable exit config

Example

Figure 16 Command Example: do

Force10(conf-if-te-5/0)#do clear counters Clear counters on all interfaces [confirm] Force10(conf-if-te-5/0)# Force10(conf-if-te-5/0)#do clear logging Clear logging buffer [confirm] Force10(conf-if-te-5/0)# Force10(conf-if-te-5/0)#do reload System configuration has been modified. Save? [yes/no]: n Proceed with reload [confirm yes/no]: n Force10(conf-if-te-5/0)#

enable
ces
Syntax Parameters

Enter the EXEC Privilege mode or any other privilege level configured. After entering this command, you may need to enter a password. enable [level] level
(OPTIONAL) Enter a number for a privilege level of FTOS. Range: 0 to 15. Default: 15

Defaults Command Modes Command History

15 EXEC
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

E-Series original Command

Control and Monitoring

enable xfp-power-updates

Usage Information

Users entering the EXEC Privilege mode or any other configured privilege level can access configuration commands. To protect against unauthorized access, use the enable password command to configure a password for the enable command at a specific privilege level. If no privilege level is specified, the default is privilege level 15.
enable password Configure a password for the enable command and to access a privilege level.

Related Commands

enable xfp-power-updates
ces
Syntax

Enable XFP power updates for SNMP. enable xfp-power-updates interval seconds To disable XFP power updates, use the no enable xfp-power-updates command.

Parameters

interval seconds

Enter the keyword interval followed by the polling interval in seconds. Range: 120 to 6000 seconds Default: 300 seconds (5 minutes)

Defaults Command Modes Command History

Disabled CONFIGURATION
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series and E-Series

Usage Information

The chassis MIB contain the entry chSysXfpRecvPower in the chSysPortTable table. Periodically, IFA polls the XFP power for each of the ports, and sends the values to IFM where it is cached. The default interval for the polling is 300 seconds (5 minutes). Use this command to enable the polling and to configure the polling frequency.

end
ces
Syntax Command Modes

Return to the EXEC Privilege mode from other command modes (for example, the CONFIGURATION or ROUTER OSPF modes). end CONFIGURATION, SPANNING TREE, MULTIPLE SPANNING TREE, LINE, INTERFACE, TRACE-LIST, VRRP, ACCESS-LIST, PREFIX-LIST, AS-PATH ACL, COMMUNITY-LIST, ROUTER OSPF, ROUTER RIP, ROUTER ISIS, ROUTER BGP
Version 8.1.1.0 Version 7.6.1.0 Introduced on E-Series ExaScale Introduced on S-Series

Command History

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

epoch

Version 7.5.1.0

Introduced on C-Series

E-Series original Command Related Commands exit Return to the lower command mode.

epoch
e
Syntax Parameters

Set the epoch scheduling time for the chassis. epoch {2.4 |3.2 | 10.4} 2.4 3.2
Enter the keyword 2.4 to set the epoch to 2.4 micro-seconds and lower the latency. This option is available on the E600i and E1200i E-Series ExaScale systems only. Enter the keyword 3.2 to set the epoch to 3.2 micro-seconds and lower the latency. This option is available on the E600/E600i and E1200/E1200i only. ExaScale does not supports this setting with FTOS 8.3.1.0 and later. Enter the keyword 10.4 to set the epoch to 10.4 micro-seconds. This is the default setting and is available on the E300, E600/E600i, and E1200.

10.4

Defaults Command Modes Command History

10.4 CONFIGURATION
Version 8.3.1.0 Version 8.1.1.2 Version 8.1.1.0 Version 6.2.1.1 Version 6.1.1.0 Added 2.4 micro-seconds option. ExaScale supports only 10.4 microseconds and 2.4 microseconds with FTOS 8.3.1.0 and later. Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i Support for E300 introduced (10.4 only) Values changed as described above

Usage Information

You save the configuration and reload the chassis for the changes to the epoch command setting to take affect. When using 10 SFMs in an ExaScale chassis, the 10.4 and 2.4 settings are both line rate. Additionally, the 2.4 setting has a lower latency. When using 9 SFMs in an ExaScale chassis, the 10.4 setting is line rate; the 2.4 setting reduces throughput. Force10 Networks recommends using the 10.4 setting when the system has 9 SFMs. Using 8 SFMs in an ExaScale chassis reduces throughput at any epoch setting.

Note: The E300 supports only the 10.4 epoch setting. The E-Series TeraScale E600/
E600i and the E1200/E1200i systems support the 10.4 and the 3.2 epoch settings.

Control and Monitoring

exec-banner

Note: For E-Series ExaScale, the 2.4 setting is supported on FTOS version 8.3.1.0
and later. The 10.4 setting is supported on all ExaScale FTOS versions. The 3.2 setting is only supported on FTOS versions 8.2.1.0 and earlier.

exec-banner
ces
Syntax Defaults Command Modes Command History

Enable the display of a text string when the user enters the EXEC mode. exec-banner Enabled on all lines (if configured, the banner appears). LINE
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

E-Series original Command Usage

Optionally, use the banner exec command to create a text string that is displayed when the user accesses the EXEC mode. This command toggles that display.
banner exec line Configure a banner to display when entering the EXEC mode. Enable and configure console and virtual terminal lines to the system.

Related Commands

exec-timeout
ce s
Syntax

Set a time interval the system will wait for input on a line before disconnecting the session. exec-timeout minutes [seconds] To return to default settings, enter no exec-timeout.

Parameters

minutes

Enter the number of minutes of inactivity on the system before disconnecting the current session. Range: 0 to 35791 Default: 10 minutes for console line; 30 minutes for VTY line. (OPTIONAL) Enter the number of seconds Range: 0 to 2147483 Default: 0 seconds

seconds

Defaults Command Modes

10 minutes for console line; 30 minutes for VTY lines; 0 seconds LINE Publication Date: July 20, 2011 79

Command Line Reference for FTOS version 8.4.2.4

exit

Command History

Version 7.6.1.0 Version 7.5.1.0

Introduced on S-Series Introduced on C-Series

E-Series original Command Usage Information Example

To remove the time interval, enter exec-timeout 0 0. Figure 17 FTOS time-out display
Force10 con0 is now available Press RETURN to get started. Force10>

exit
ce s
Syntax Command Modes

Return to the lower command mode. exit EXEC Privilege, CONFIGURATION, LINE, INTERFACE, TRACE-LIST, PROTOCOL GVRP, SPANNING TREE, MULTIPLE SPANNING TREE, MAC ACCESS LIST, ACCESS-LIST, AS-PATH ACL, COMMUNITY-LIST, PREFIX-LIST, ROUTER OSPF, ROUTER RIP, ROUTER ISIS, ROUTER BGP
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

Command History

E-Series original Command Related Commands end Return to the EXEC Privilege command mode.

ftp-server enable
ces
Syntax Defaults Command Modes Command History

Enable FTP server functions on the system. ftp-server enable Disabled. CONFIGURATION
Version 8.1.1.0 Version 7.6.1.0 Introduced on E-Series ExaScale Introduced on S-Series

Control and Monitoring

ftp-server topdir

Version 7.5.1.0

Introduced on C-Series

E-Series original Command Example

Figure 18 Example of Logging on to an FTP Server

morpheus% ftp 10.31.1.111 Connected to 10.31.1.111. 220 Force10 (1.0) FTP server ready Name (10.31.1.111:dch): dch 331 Password required Password: 230 User logged in ftp> pwd 257 Current directory is "flash:" ftp> dir 200 Port set okay 150 Opening ASCII mode data connection size date time name ------------------------512 Jul-20-2004 18:15:00 tgtimg 512 Jul-20-2004 18:15:00 diagnostic 512 Jul-20-2004 18:15:00 other 512 Jul-20-2004 18:15:00 tgt 226 Transfer complete 329 bytes received in 0.018 seconds (17.95 Kbytes/s) ftp>

Related Commands

ftp-server topdir ftp-server username

Set the directory to be used for incoming FTP connections to the E-Series. Set a username and password for incoming FTP connections to the E-Series.

ftp-server topdir
ces
Syntax Parameters

Specify the top-level directory to be accessed when an incoming FTP connection request is made. ftp-server topdir directory directory
Enter the directory path.

Defaults Command Modes Command History

The internal flash is the default directory. CONFIGURATION

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

E-Series original Command Usage Information

After you enable FTP server functions with the ftp-server enable command, Force10 Networks recommends that you specify a top-level directory path. Without a top-level directory path specified, the FTOS directs users to the flash directory when they log in to the FTP server.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

ftp-server username

Related Commands

ftp-server enable ftp-server username

Enables FTP server functions on the E-Series. Set a username and password for incoming FTP connections to the E-Series.

ftp-server username
ces
Syntax Parameters

Create a user name and associated password for incoming FTP server sessions. ftp-server username username password [encryption-type] password username password password encryption-type
Enter a text string up to 40 characters long as the user name. Enter the keyword password followed by a string up to 40 characters long as the password. Without specifying an encryption type, the password is unencrypted. (OPTIONAL) After the keyword password enter one of the following numbers: 0 (zero) for an unecrypted (clear text) password 7 (seven) for hidden text password.

Defaults Command Modes Command History

Not enabled. CONFIGURATION

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

E-Series original Command

hostname
ces
Syntax Parameters

Set the host name of the system. hostname name name Force10 CONFIGURATION
Version 8.1.1.0 Version 7.6.1.0 Introduced on E-Series ExaScale Introduced on S-Series Enter a text string, up to 32 characters long.

Defaults Command Modes Command History

Control and Monitoring

ip ftp password

Version 7.5.1.0

Introduced on C-Series

E-Series original Command Usage Information

The hostname is used in the prompt.

ip ftp password
ces
Syntax Parameters

Specify a password for outgoing FTP connections. ip ftp password [encryption-type] password encryption-type
(OPTIONAL) Enter one of the following numbers: 0 (zero) for an unecrypted (clear text) password 7 (seven) for hidden text password

password
Defaults Command Modes Command History

Enter a string up to 40 characters as the password.

Not configured. CONFIGURATION

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

E-Series original Command Usage Information

The password is listed in the configuration file; you can view the password by entering the show running-config ftp command. The password configured by the ip ftp password command is used when you use the ftp: parameter in the copy command.

Related Commands

copy ip ftp username

Copy files. Set the user name for FTP sessions.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

ip ftp source-interface

ip ftp source-interface
ces
Syntax Parameters

Specify an interfaces IP address as the source IP address for FTP connections. ip ftp source-interface interface interface
Enter the following keywords and slot/port or number information: For an 100/1000 Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For Loopback interfaces, enter the keyword loopback followed by a number from zero (0) to 16383. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series: 1-128 E-Series: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale For SONET interface types, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN interface, enter the keyword vlan followed by a number from 1 to 4094.

Defaults

The IP address on the system that is closest to the Telnet address is used in the outgoing packets. CONFIGURATION
Version 8.2.1.0 Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Increased number of VLANs on ExaScale to 4094 (was 2094) Introduced on E-Series ExaScale Support added for S-Series Introduced on C-Series

Command Modes Command History

E-Series original Command Related Commands copy Copy files from and to the switch.

ip ftp username
ces
Syntax Parameters

Assign a user name for outgoing FTP connection requests. ip ftp username username username
Enter a text string as the user name up to 40 characters long.

Defaults

No user name is configured.

Control and Monitoring

ip telnet server enable

Command Modes Command History

CONFIGURATION
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

E-Series original Command Usage Information Related Commands

You must also configure a password with the ip ftp password command.

ip ftp password

Set the password for FTP connections.

ip telnet server enable

ces
Syntax

Enable the Telnet server on the switch. ip telnet server enable To disable the Telnet server, execute the no ip telnet server enable command.

Defaults Command Modes Command History

Enabled CONFIGURATION
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 6.1.1.0 Introduced on E-Series ExaScale Support added for S-Series Introduced on C-Series Introduced on E-Series Enable SSH server on the system.

Related Commands

ip ssh server

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

ip telnet source-interface

ip telnet source-interface
ces
Syntax Parameters

Set an interfaces IP address as the source address in outgoing packets for Telnet sessions. ip telnet source-interface interface interface
Enter the following keywords and slot/port or number information: For an 100/1000 Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For Loopback interfaces, enter the keyword loopback followed by a number from zero (0) to 16383. For the SONET interfaces, enter the keyword sonet followed by slot/port information. For a Port Channel, enter the keyword port-channel followed by a number: C-Series and S-Series: 1-128 E-Series: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For VLAN interface, enter the keyword vlan followed by a number from 1 to 4094.

Defaults

Command Modes Command History

E-Series original Command Related Commands telnet Telnet to another device.

Control and Monitoring

ip tftp source-interface

ip tftp source-interface
ces
Syntax Parameters

Assign an interfaces IP address in outgoing packets for TFTP traffic. ip tftp source-interface interface interface
Enter the following keywords and slot/port or number information: For an 100/1000 Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For Loopback interfaces, enter the keyword loopback followed by a number from zero (0) to 16383. For a Port Channel, enter the keyword port-channel followed by a number: C-Series and S-Series: 1-128 E-Series: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale For the SONET interfaces, enter the keyword sonet followed by slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN interface, enter the keyword vlan followed by a number from 1 to 4094.

Defaults

Command Modes Command History

E-Series original Command

line
ces
Syntax Parameters

Enable and configure console and virtual terminal lines to the system. This command accesses LINE mode, where you can set the access conditions for the designated line. line {aux 0 | console 0 | vty number [end-number]} aux 0 console 0
Enter the keyword aux 0 to configure the auxiliary terminal connection.

Note: This option is supported on E-Series only.

Enter the keyword console 0 to configure the console port. The console option for the S-Series is <0-0>.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

linecard

vty number

Enter the keyword vty followed by a number from 0 to 9 to configure a virtual terminal line for Telnet sessions. The system supports 10 Telnet sessions. (OPTIONAL) Enter a number from 1 to 9 as the last virtual terminal line to configure. You can configure multiple lines at one time.

end-number

Defaults Command Modes Command History

Not configured CONFIGURATION

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

E-Series original Command Usage Information Related Commands

You cannot delete a terminal connection.

access-class password show linecard

Restrict incoming connections to a particular IP address in an IP access control list (ACL). Specify a password for users on terminal lines. Display the line card(s) status.

linecard
ce
Syntax Parameters

Pre-configure a line card in a currently empty slot of the system or a different line card type for the slot. linecard number card-type number
Enter the number of the slot.

C-Series Range: 0-7 E-Series Range: 0 to 13 on a E1200/E1200i, 0 to 6 on a E600/E6001, and 0 to 5

on a E300.

card-type
Defaults Command Modes Command History

Enter the line card ID (see the Supported Hardware section in the Release Notes).

Not configured CONFIGURATION

Version 8.1.1.2 Version 8.1.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i Introduced on C-Series

E-Series original Command

Control and Monitoring

module power-off

Usage Information

Use this command only for empty slots or a slot where you have hot-swapped a different line card type. Before inserting a card of a different type into the pre-configured slot, execute the no linecard number command. The following screenshot shows the current supported C-Series line cards, along with their card types (card-type IDs). Figure 19 Command Example: show linecard on Empty C300 Slot
Force10#show linecard 3 -- Line card 11 -Status : not present Force10#linecard 3 ? E46TB 36-port GE 10/100/1000Base-T with RJ45 - 8-port FE/GE with SFP - 2-port 10GE with SFP+ E46VB 36-port GE 10/100/1000Base-T with RJ45 and PoE - 8-port FE/GE with SFP 2-port 10GE with SFP+ E48PB 48-port FE/GE line card with SFP optics (CB) E48TB 48-port GE 10/100/1000Base-T line card with RJ45 interfaces (CB) E48VB 48-port GE 10/100/1000Base-T line card with RJ45 interfaces and PoE (CB) EX4PB 4-port 10GE LAN PHY line card with XFP optics (CB) EX8PB 8-port 10GE LAN PHY line card with XFP optics (CB) Force10#linecard 3 EX4PB Force10#show linecard 3 -- Line card 11 -Status : not present Required Type : EX4PB - 4-port 10GE LAN PHY line card with XFP optics (CB) Force10#

Note: It is advisable to shut down interfaces on a line card that you are hot-swapping.

Related Commands

show linecard

Display the line card(s) status.

module power-off
ce
Syntax Parameters

Turn off power to a line card at next reboot. module power-off linecard number linecard number
Enter the keyword line card followed by the line card slot number C-Series Range: 0-7 E-Series Range: 0 to 13 on a E1200/1200i, 0 to 6 on a E600/E600i, and 0 to 5 on a E300.

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 8.1.1.2 Version 8.1.1.0 Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

motd-banner

Version 7.5.1.0

Introduced on C-Series

E-Series original Command

motd-banner
ces
Syntax Defaults Command Modes Command History

Enable a Message of the Day (MOTD) banner to appear when you log in to the system. motd-banner Enabled on all lines. LINE
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

E-Series original Command

ping
ces
Syntax

Test connectivity between the system and another device by sending echo requests and waiting for replies. ping [vrf <id>] [host | ip-address | ipv6-address] [count {number | continuous}] [datagram-size ] [timeout] [source (ip src-ipv4-address) | interface ] [tos] [df-bit (y|n)] [validate-reply(y|n)] [pattern pattern] [sweep-min-size] [sweep-max-size] [sweep-interval ] [ointerface (ip src-ipv4-address) | interface] vrf host ip-address ipv6-address
(OPTIONAL) E-Series Only: Enter the VRF Instance name of the device to which you are testing connectivity. (OPTIONAL) Enter the host name of the devices to which you are testing connectivity. (OPTIONAL) Enter the IPv4 address of the device to which you are testing connectivity. The address must be in the dotted decimal format. (OPTIONAL) E-Series only Enter the IPv6 address, in the x:x:x:x::x format, to which you are testing connectivity. Note: The :: notation specifies successive hexadecimal fields of zeros Enter the number of echo packets to be sent.

Parameter

count

number: 1- 2147483647 Continuous: transmit echo request continuously

Default: 5

Control and Monitoring

ping

datagram size

Enter the ICMP datagram size. Range: 36 - 15360 bytes Default: 100 Enter the interval to wait for an echo reply before timing out. Range: 0 -3600 seconds Default: 2 seconds Enter the IPv4 or IPv6 source ip address or the source interface. For IPv6

timeout

source

addresses, you may enter global addresses only.

Enter the IP address in A.B.C.D format For an 100/1000 Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. E-Series only For the SONET interfaces, enter the keyword sonet followed by slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN interface, enter the keyword vlan followed by a number from 1 to 4094.

tos

(IPv4 only) Enter the type of service required. Range: 0-255 Default: 0 (IPv4 only) Enter Y or N for the don't fragment bit in IPv4 header N: Do not set the don't fragment bit Y: Do set don't fragment bit Default is No. (IPv4 only) Enter Y or N for reply validation. N: Do not validate reply data Y: Do validate reply data Default is No. (IPv4 only) Enter the IPv4 data pattern. Range: 0-FFFF Default: 0xABCD Enter the minimum size of datagram in sweep range. Range: 52-15359 bytes Enter the maximum size of datagram in sweep range. Range: 53-15359 bytes

df-bit

validate-reply

pattern pattern

sweep-min-size sweep-max-size

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

ping

sweep-interval ointerface

Enter the incremental value for sweep size. 1-15308 seconds (IPv4 only) Enter the outgoing interface for multicast packets. Enter the IP address in A.B.C.D format For an 100/1000 Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel, enter the keyword port-channel followed by a number: C-Series and S-Series: 1-128 E-Series: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale E-Series only For the SONET interfaces, enter the keyword sonet followed by slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN interface, enter the keyword vlan followed by a number from 1 to 4094.

Defaults Command Modes

See parameters above. EXEC EXEC Privilege

Command History

Version 8.4.1.0 Version 8.3.1.0 Version 8.2.1.0 Version 8.1.1.0 Version 7.9.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0

IPv6 pinging available on management interface. Introduced extended ping options. Introduced on E-Series ExaScale (IPv6) Introduced on E-Series ExaScale (IPv4) Introduced VRF Introduced on S-Series Introduced support for C-Series Added support for IPv6 address on E-Series

Control and Monitoring

power-off When you enter the ping command without specifying an IP/IPv6 address (Extended Ping), you are prompted for a target IP/IPv6 address, a repeat count, a datagram size (up to 1500 bytes), a timeout in seconds, and for Extended Commands. See Appendix A, ICMP Message Types for information on the ICMP message codes that return from a ping command. Figure 20 Command Example: ping (IPv4)
Force10#ping 172.31.1.255 Type Ctrl-C to abort. Sending 5, 100-byte ICMP Echos to 172.31.1.255, timeout is 2 seconds: Reply to request 1 from 172.31.1.208 0 ms Reply to request 1 from 172.31.1.216 0 ms Reply to request 1 from 172.31.1.205 16 ms : : Reply to request 5 from 172.31.1.209 0 ms Reply to request 5 from 172.31.1.66 0 ms Reply to request 5 from 172.31.1.87 0 ms Force10#

Usage Information

Figure 21 Command Example: ping (IPv6)

Force10#ping 100::1 Type Ctrl-C to abort. Sending 5, 100-byte ICMP Echos to 100::1, timeout is 2 seconds: !!!!! Success rate is 100.0 percent (5/5), round-trip min/avg/max = 0/0/0 (ms) Force10#

power-off
ce
Syntax Parameters

Turn off power to a selected line card or the standby (extra) Switch Fabric Module (SFM). power-off {linecard number | sfm sfm-slot-id} linecard number
Enter the keyword linecard and a number for the line card slot number. C-Series Range: 0-7 E-Series Range: 0 to 13 on a E1200/E1200i, 0 to 6 on a E600/E600i, and 0 to 5 on a E300. Enter the keyword sfm by the slot number of the SFM to which you want to turn off power.

sfm sfm-slot-id

Note: This option is supported on E-Series only.

Defaults Command Modes

Disabled EXEC Privilege

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

power-on

Command History

Version 8.1.1.2 Version 8.1.1.0 Version 7.5.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i Introduced on C-Series

E-Series original Command Related Commands power-on Power on a line card or standby SFM.

power-on
ce
Syntax Parameters

Turn on power to a line card or the standby (extra) Switch Fabric Module (SFM). power-on {linecard number | sfm sfm-slot-id} linecard number
Enter the keyword linecard and a number for the line card slot number. C-Series Range: 0-7 E-Series Range: 0 to 13 on a E1200/E1200i, 0 to 6 on a E600/E600i, and 0 to 5 on a E300. Enter the keyword sfm followed by the slot number of the SFM to power on.

sfm standby

Note: This option is supported on E-Series only.

Defaults Command Modes Command History

Disabled EXEC Privilege

Version 8.1.1.2 Version 8.1.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i Introduced on C-Series

E-Series original Command Related Commands power-off Power off a line card or standby SFM.

reload
ces
Syntax Command Modes Command History

Reboot FTOS. reload EXEC Privilege

Version 7.6.1.0 Introduced on S-Series

Control and Monitoring

reset

Version 7.5.1.0

Introduced on C-Series

E-Series original Command Usage Information Related Commands

If there is a change in the configuration, FTOS will prompt you to save the new configuration. Or you can save your running configuration with the copy running-config command.
reset reset stack-unit Reset a line card, RPM, a standby SFM (EtherScale only), or a failed SFM (TeraScale and ExaScale). Reset any designated stack member except the management unit

reset
ce
Syntax

Reset a line card, RPM, a standby SFM (EtherScale only), or a failed SFM (TeraScale only). reset {linecard number [hard | power-cycle] | rpm number [hard | power-cycle ] | sfm slot number | standby} linecard number
Enter the keyword linecard and a number for the line card slot number. (Optional) Add the keyword hard or power-cycle (power-cycle is C-Series only) to power cycle the line card. C-Series Range: 0-7 E-Series Range: 0 to 13 on E1200/E1200i, 0 to 6 on E600/E600i, and 0 to 5 on E300

Parameters

hard power-cycle

Enter the keyword hard to power cycle the line card. Enter the keyword power-cycle after upgrading a C-Series FPGA to cause the FPGA to be reprogrammed based on the contents of the FPGA PROM. Note: This option is supported on C-Series only. Enter the keyword rpm followed by a number for the RPM slot number. (Optional) Add the keyword hard or power-cycle (C-Series only) to power cycle the RPM. Range: 0 to 1

rpm number

sfm standby sfm slot number

Enter the keyword sfm standby to reset the standby SFM. Note: This option is supported on E-Series EtherScale only. Enter the keyword sfm followed by the failed or powered-off SFM slot number. Note: Supported on E-Series only

Defaults Command Modes Command History

Disabled. EXEC Privilege

Version 7.5.1.0 Introduced on C-Series

E-Series original Command

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

rpm <slot> location-led The command reset without any options is a soft reset, which means FTOS boots the line card from its runtime image. The hard option reloads the FTOS image on the line card. Use the power-cycle after upgrading an FPGA. When a soft reset is issued on a line card (reset linecard number), FTOS boots the line card from its runtime image. Only when you enter reset linecard number hard is the software image reloaded on the line card.
Related Commands reload restore fpga-image Reboots the system. Copy the backup C-Series FPGA image to the primary FPGA image.

Usage Information

rpm <slot> location-led

ex
Syntax Parameters

Toggle the location LED on/off on the E-Series ExaScale RPM (LC-EH-RPM). rpm slot number location-led [on | off] rpm slot number
Enter the slot number E1200i: 0-13 E600i: 0-6 Toggles the LED on the RPM on or off.

on |off
Defaults Command Modes Command History Usage Information

OFF EXEC
Version 8.2.1.0 Introduced on the E-Series ExaScale

The LED setting is not saved through power cycles.

send
ces
Syntax Parameters

Send messages to one or all terminal line users. send [*] | [line ] | [aux] | [console] | [vty] * line aux
Enter the asterisk character * to send a message to all tty lines. Send a message to a specific line. Range: 0 to 11 Enter the keyword aux to send a message to an Auxiliary line.

Note: This option is supported on E-Series only.

Control and Monitoring

service timestamps

console vty
Defaults Command Modes Command History

Enter the keyword console to send a message to the Primary terminal line. Enter the keyword vty to send a message to the Virtual terminal

No default behavior or values EXEC

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 6.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

Messages can contain an unlimited number of lines, however each line is limited to 255 characters. To move to the next line, use the <CR>. To send the message use CTR-Z, to abort a message use CTR-C.

service timestamps
ces
Syntax

Add time stamps to debug and log messages. This command adds either the uptime or the current time and date. service timestamps [debug | log] [datetime [localtime] [msec] [show-timezone] | uptime] debug log datetime localtime msec show-timezone uptime
(OPTIONAL) Enter the keyword debug to add timestamps to debug messages. (OPTIONAL) Enter the keyword log to add timestamps to log messages with severity 0 to 6. (OPTIONAL) Enter the keyword datetime to have the current time and date added to the message. (OPTIONAL) Enter the keyword localtime to include the localtime in the timestamp. (OPTIONAL) Enter the keyword msec to include milliseconds in the timestamp. (OPTIONAL) Enter the keyword show-timezone to include the time zone information in the timestamp. (OPTIONAL) Enter the keyword uptime to have the timestamp based on time elapsed since system reboot.

Parameters

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 8.1.1.0 Version 7.6.1.0 Introduced on E-Series ExaScale Introduced on S-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

show alarms

Version 7.5.1.0

Introduced on C-Series

E-Series original Command Usage Information

If you do not specify parameters and enter service timestamps, it appears as service timestamps debug uptime in the running-configuration. Use the show running-config command to view the current options set for the service timestamps command.

show alarms
ces
Syntax Parameters

View alarms for the RPM, SFMs, line cards and fan trays. show alarms [threshold] threshold
(OPTIONAL) Enter the keyword threshold to display the temperature thresholds set for the line cards, RPM, and SFMs.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0

Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

E-Series original Command

Control and Monitoring

show chassis Figure 22 Command Example: show alarms on E-Series

Force10# show alarms -- Minor Alarms -Alarm Type Duration ---------------------------------------------------RPM 0 PEM A failed or rmvd 7 hr, 37 min SFM 0 PEM A failed or rmvd 7 hr, 37 min SFM 1 PEM A failed or rmvd 7 hr, 37 min SFM 2 PEM A failed or rmvd 7 hr, 37 min SFM 3 PEM A failed or rmvd 7 hr, 37 min SFM 4 PEM A failed or rmvd 7 hr, 37 min SFM 5 PEM A failed or rmvd 7 hr, 37 min SFM 6 PEM A failed or rmvd 7 hr, 37 min SFM 7 PEM A failed or rmvd 7 hr, 36 min line card 1 PEM A failed or rmvd 7 hr, 36 min line card 4 PEM A failed or rmvd 7 hr, 36 min only 8 SFMs in chassis 7 hr, 35 min -- Major Alarms -Alarm Type Duration ---------------------------------------------------No major alarms Force10#

E-Series Example

show chassis
ce
Syntax Parameters

View the configuration and status of modules in the system. Use this command to determine the chassis mode. show chassis [brief] brief EXEC EXEC Privilege
(OPTIONAL) Enter the keyword brief to view a summary of the show chassis output.

Command Modes

Command History

Version 8.1.1.0 Version 7.5.1.0

Introduced on E-Series ExaScale Introduced on C-Series

E-Series original Command

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

show command-history Figure 23 Command Example: show chassis brief on E-Series

Force10#Force10#show chassis brief Chassis Type : E1200 Chassis Mode : TeraScale Chassis Epoch : 3.2 micro-seconds -- Line cards -Slot Status NxtBoot ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 not present 1 not present 2 not present 3 not present 4 not present 5 not present 6 not present 7 not present 8 not present 9 not present 10 not present 11 online online E48PF E48PF 6.1.1.0 48 12 not present E48PF 13 not present E48PF -- Route Processor Modules -Slot Status NxtBoot Version --------------------------------------------------------------------------0 active online 6.1.1.0 1 not present Switch Fabric State: up

Example

-- Switch Fabric Modules -Slot Status --------------------------------------------------------------------------0 active 1 active 2 active 3 active 4 active 5 active 6 active 7 active 8 active -- Power Entry Modules -Bay Status --------------------------------------------------------------------------0 up 1 up -- Fan Status -Tray Status Temp Volt Speed PEM0 PEM1 Fan1 Fan2 Fan3 -------------------------------------------------------------------------------0 up < 50C 12-16V low/2100-2700 RPM up up up up up 1 up < 50C 12-16V low/2100-2700 RPM up up up up up 2 up < 50C 12-16V low/2100-2700 RPM up up up up up 3 up < 50C 12-16V low/2100-2700 RPM up up up up up

Related Commands

show linecard show rpm show sfm

View line card status View Route Processor Module status. View Switch Fabric Module status.

show command-history
ces
Syntax

Display a buffered log of all commands entered by all users along with a time stamp. show command-history Control and Monitoring

100

show command-history

Defaults Command Mode

None. EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0

Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series and E-Series

Usage Information

One trace log message is generated for each command. No password information is saved to this file. A command-history trace log is saved to a file upon an RPM failover. This file can be analyzed by the Force10 Networks TAC to help identify the root cause of an RPM failover. Figure 24 Command Example: show command-history
Force10#show command-history [11/20 15:47:22]: CMD-(CLI):[service password-encryption]by default from console [11/20 15:47:22]: CMD-(CLI):[service password-encryption hostname Force10]by default from console - Repeated 3 times. [11/20 15:47:23]: CMD-(CLI):[service timestamps log datetime]by default from console [11/20 15:47:23]: CMD-(CLI):[hostname Force10]by default from console [11/20 15:47:23]: CMD-(CLI):[enable password 7 ******]by default from console [11/20 15:47:23]: CMD-(CLI):[username admin password 7 ******]by default from console [11/20 15:47:23]: CMD-(CLI):[enable restricted 7 ******]by default from console [11/20 15:47:23]: CMD-(CLI):[protocol spanning-tree rstp]by default from console [11/20 15:47:23]: CMD-(CLI):[protocol spanning-tree pvst]by default from console [11/20 15:47:23]: CMD-(CLI):[no disable]by default from console [11/20 15:47:23]: CMD-(CLI):[interface gigabitethernet 0/1]by default from console [11/20 15:47:23]: CMD-(CLI):[ip address 1.1.1.1 /24]by default from console [11/20 15:47:23]: CMD-(CLI):[ip access-group abc in]by default from console [11/20 15:47:23]: CMD-(CLI):[no shutdown]by default from console [11/20 15:47:23]: CMD-(CLI):[interface gigabitethernet 0/2]by default from console [11/20 15:47:23]: CMD-(CLI):[no ip address]by default from console [11/20 15:47:23]: CMD-(CLI):[shutdown]by default from console [11/20 15:47:23]: CMD-(CLI):[interface gigabitethernet 0/3]by default from console [11/20 15:47:23]: CMD-(CLI):[ip address 5.5.5.1 /24]by default from console [11/20 15:47:23]: CMD-(CLI):[no shutdown]by default from console [11/20 15:47:23]: CMD-(CLI):[interface gigabitethernet 0/4]by default from console [11/20 15:47:23]: CMD-(CLI):[no ip address]by default from console [11/20 15:47:23]: CMD-(CLI):[shutdown]by default from console [11/20 15:47:23]: CMD-(CLI):[interface gigabitethernet 0/5]by default from console [11/20 15:47:23]: CMD-(CLI):[no ip address]by default from console [11/20 15:47:23]: CMD-(CLI):[shutdown]by default from console [11/20 21:17:35]: CMD-(CLI):[line console 0]by default from console [11/20 21:17:36]: CMD-(CLI):[exec-timeout 0]by default from console [11/20 21:17:36]: CMD-(CLI):[exit]by default from console [11/20 21:19:25]: CMD-(CLI):[show command-history]by default from console Force10#

Example

Related Commands

clear command history

Clear the command history log.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

101

show command-tree

show command-tree
ces
Syntax Parameters

Display the entire CLI command tree, and optionally, display the utilization count for each commands and its options. show command-tree [count | no] count no
Display the command tree with a usage counter for each command. Display all of the commands that may be preceded by the keyword no, which is the keyword used to remove a command from the running-configuration.

Defaults Command Mode

None EXEC EXEC Privilege

Command History Usage Information Example

Version 8.2.1.0

Introduced

Reload the system to reset the command-tree counters. Force10#show command-tree count ! Enable privilege mode: enable <0-15> exit show command-tree count show version ! Global configuration mode: aaa authentication enable WORD default enable line none radius tacacs+ command usage:3 option usage: command usage:1 command usage:9 option usage: command usage:1 3 0

command usage:1 option usage: option usage: option usage: option usage: option usage: option usage: option usage:

1 0 0 0 0 1 0

show console lp
ce
Syntax

View the buffered boot-up log of a line card. show console lp number

102

Control and Monitoring

show cpu-traffic-stats

Parameters

number

Enter the line card slot number. Range: 07 for the C300 Range: 013 for the E1200 Range: 06 for the E600 Range: 05 for the E300

Defaults Command Mode

None EXEC EXEC Privilege

Command History

Version 7.5.1.0

Introduced on C-Series

E-Series original Command Usage Information

Caution: Use this command only when you are working directly with a technical
support representative to troubleshoot a problem. Do not use this command unless a technical support representative instructs you to do so.

show cpu-traffic-stats
ces
Syntax Parameters

View the CPU traffic statistics. show cpu-traffic-stats [port number | all | cp | linecard {all | slot# } | rp1 | rp2 ] port number
(OPTIONAL) Enter the port number to display traffic statistics on that port only. Range: 1 to 1568 (OPTIONAL) Enter the keyword all to display traffic statistics on all the interfaces receiving traffic, sorted based on traffic. (OPTIONAL) Enter the keyword cp to display traffic statistics on the specified CPU.

all cp

Note: This option is supported on E-Series only.

linecard
(OPTIONAL) Enter the keyword linecard followed by either all or the slot number to display traffic statistics on the designated line card.

Note: This option is supported on C-Series only.

rp1 rp2
(OPTIONAL) Enter the keyword rp1 to display traffic statistics on the RP1.

Note: This option is supported on E-Series only.

(OPTIONAL) Enter the keyword rp2 to display traffic statistics on the RP2.

Note: This option is supported on E-Series only.

Defaults Command Modes

all EXEC

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

103

show debugging

Command History

Version 7.6.1.0 Version 7.5.1.0 Version 6.2.1.1

Introduced on S-Series Introduced on C-Series Introduced on E-Series

E-Series Example

Figure 25 Command Example: show cpu-traffic-stats on the E-Series

Force10#show cpu-traffic-stats Processor : CP -------------Received 100% traffic on GigabitEthernet 8/2 LLC:0, SNAP:0, IP:100, ARP:0, other:0 Unicast:100, Multicast:0, Broadcast:0 Processor : RP1 --------------Received 62% traffic on GigabitEthernet 8/2 LLC:0, SNAP:0, IP:500, ARP:0, other:0 Unicast:500, Multicast:0, Broadcast:0 Received 37% traffic on GigabitEthernet 8/1 LLC:0, SNAP:0, IP:300, ARP:0, other:0 Unicast:300, Multicast:0, Broadcast:0 Processor : RP2 --------------No CPU traffic statistics. Force10#

Total packets:100

Total packets:500

Total packets:300

Usage Information

Traffic statistics are sorted on a per-interface basis; the interface receiving the most traffic is displayed first. All CPU and port information is displayed unless a specific port or CPU is specified. Traffic information is displayed for router ports only; not for management interfaces. The traffic statistics are collected only after the debug cpu-traffic-stats command is executed; not from the system bootup.

Note: After debugging is complete, use the no debug cpu-traffic-stats command to

shut off traffic statistics collection.
Related Commands

debug cpu-traffic-stats

Enable CPU traffic statistics for debugging

show debugging
ces
Syntax Command Mode Command History

View a list of all enabled debugging processes. show debugging EXEC Privilege
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

E-Series original Command

104

Control and Monitoring

show environment (C-Series and E-Series) Figure 26 Command Example: show debugging
Force10#show debug Generic IP: IP packet debugging is on for ManagementEthernet 0/0 Port-channel 1-2 Port-channel 5 GigabitEthernet 4/0-3,5-6,10-11,20 GigabitEthernet 5/0-1,5-6,10-11,15,17,19,21 ICMP packet debugging is on for GigabitEthernet 5/0,2,4,6,8,10,12,14,16 Force10#

Example

show environment (C-Series and E-Series)

ce
Syntax Parameters

View the system component status (for example, temperature, voltage). show environment [all | fan | linecard | linecard-voltage | PEM | RPM | SFM] all fan
Enter the keyword all to view all components. Enter the keyword fan to view information on the fans. The output of this command is chassis dependent. See Figure 23, Figure 24, and Figure 25 for a comparison of output. Enter the keyword linecard to view only information on line cards Enter the keyword linecard-voltage to view line card voltage information. Enter the keyword pem to view only information on power entry modules. Enter the keyword rpm to view only information on RPMs. Enter the keyword sfm to view only information on SFMs.

linecard linecard-voltage PEM RPM SFM

Note: This option is supported on E-Series only.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.8.1.0 Version 7.5.1.0

Introduced on E-Series ExaScale Added temperature information for C-Series fans (Figure 29) Introduced on C-Series

E-Series original Command Usage Information

Fan speed is controlled by temperatures measured at the sensor located on the fan itself. The fan temperatures shown with this command may not accurately reflect the temperature and fan speed. Refer to your hardware installation guide for fan speed and temperature information.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

105

show environment (C-Series and E-Series) Figure 27 Command Example: show environment for the E1200
Force10#show environment -- Fan Status -Tray Status Temp Volt Speed PEM0 PEM1 Fan1 Fan2 Fan3 -------------------------------------------------------------------------------0 up < 50C 12-16V low/2100-2700 RPM up up up up up 1 up < 50C 12-16V low/2100-2700 RPM up up up up up 2 up < 50C 12-16V low/2100-2700 RPM up up up up up 3 up < 50C 12-16V low/2100-2700 RPM up up up up up 4 up < 50C 16-20V med/2700-3200 RPM up up up up up 5 up < 50C 12-16V low/2100-2700 RPM up up up up up -- Power Entry Modules -Bay Status --------------------------------------------------------------------------0 absent or down 1 up -- Line Card Environment Status -Slot Status Temp PEM0 PEM1 Voltage --------------------------------------------------------------------------0 not present 1 not present 2 not present 3 not present 4 not present 5 not present 6 not present 7 not present 8 not present 9 not present 10 not present 11 booting 53C down up ok 12 not present 13 not present -- RPM Environment Status -Slot Status Temp PEM0 PEM1 Voltage --------------------------------------------------------------------------0 active 48C down up ok 1 not present -- SFM Environment Status -Slot Status Temp PEM0 PEM1 --------------------------------------------------------------------------0 active 49C up up 1 active 47C up up 2 active 46C up up 3 active 48C up up 4 active 52C up up 5 active 50C up up 6 active 47C up up 7 active 48C up up 8 active 47C up up Force10#

Examples

Figure 28 Command Example: show environment fan on the E600

Force10#show environment fan -- Fan Status -Status Temp Fan1 Fan2 Fan3 Serial Num Version -----------------------------------------------------------------up 29C 6000 RPM 7500 RPM 7500 RPM 0.0 Force10#

106

Control and Monitoring

show environment (S-Series) Figure 29 Command Example: show environment fan on the C300
Force10#show env fan -- Fan Status -------------------------------------------------------------------Tray 0 ------------------------------------------------------------------FanNumber Speed Status 0 4170 up 1 4140 up 2 3870 up 3 4140 up 4 3870 up 5 3810 up Force10#

show environment (S-Series)

s
Syntax Parameters

View S-Series system component status (for example, temperature, voltage). show environment [all | fan | stack-unit unit-id | pem] all fan stack-unit unit-id pem
Enter the keyword all to view all components. Enter the keyword fan to view information on the fans. The output of this command is chassis dependent. Enter the keyword stack-unit followed by the unit-id to display information on a specific stack member. Range: 0 to 1. Enter the keyword pem to view only information on power entry modules.

Command Modes

EXEC EXEC Privilege

Command History

Version 7.8.1.0 Version 7.6.1.0

The output of the show environment fan command for S-Series is changed to display fan speeds instead of just showing the fan status as up or down. Introduced for S-Series. S-Series options and output differ from the C-Series/E-Series version.

Usage Information

Figure 30 shows the output of the show environment fan command as it appears prior to
FTOS 7.8.1.0.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

107

show environment (S-Series) Figure 30 Command Example: show environment all on the S-Series
Force10#show environment all -- Fan Status --------------------------------------------------------------------------------Unit TrayStatus Fan0 Fan1 Fan2 Fan3 Fan4 Fan5 0 up up up up up up up

Example

-- Power Supplies -Unit Bay Status Type --------------------------------------------------------------------------0 0 up AC 0 1 absent -- Unit Environment Status -Unit Status Temp Voltage --------------------------------------------------------------------------0* online 50C ok * Management Unit -- Fan Status -Unit Status Speed Fan1

Fan2

Fan3 Fan4 Fan5 Fan6

Serial Num

Version

-------------------------------------------------------------------------------1 up high up up up up up up 1234 1

Example

Figure 31 Command Example: show environment fan on the S-Series

Force10#show environment fan -- Fan Status --------------------------------------------------------------------------------Unit TrayStatus Fan0 Fan1 Fan2 Fan3 Fan4 Fan5 0 up up up up up up up

Example

Figure 32 Command Example: show environment pem on the S-Series

Force10#show environment pem -- Power Supplies -Unit Bay Status Type --------------------------------------------------------------------------0 0 up AC 0 1 absent

Example

Figure 33 Command Example: show environment stack-unit on the S-Series

Force10#show environment stack-unit 0 -- Unit Environment Status -Unit Status Temp Voltage --------------------------------------------------------------------------0* online 49C ok * Management Unit

108

Control and Monitoring

show inventory (C-Series and E-Series)

ce
Syntax Parameters

Display the chassis type, components (including media), FTOS version including hardware identification numbers and configured protocols. show inventory [media slot] media slot
(OPTIONAL) Enter the keyword media followed by the slot number. C-Series Range: 0-7 E-Series Range: 0 to 13 on a E1200, 0 to 6 on a E600/E600i, and 0 to 5 on a E300

Defaults Command Modes Command History

No default behavior or values CONFIGURATION

Version 8.1.1.0 Version 7.8.1.0 Version 7.7.1.0 Version 7.5.1.0 Version 6.2.1.0 Version 5.3.1.0 Introduced on E-Series ExaScale Output expanded to include SFP+ media in C-Series. Vendor field removed from output of show inventory media. Introduced on C-Series and expanded to include transceiver media Expanded to include Software Protocol Configured field on E-Series Introduced on E-Series

Usage Information

The show inventory media command provides some details about installed pluggable media (SFP, XFP), as shown in Figure 36. Use the show interfaces command to get more details about installed pluggable media. The display output might include a double asterisk (**) next to the SFMs, for example:

... 0 1 ...

CC-E-SFM ** CC-E-SFM **

0004875 0004889

7490007411 7490007411

A A

The double asterisk generally indicates the SFMs frequency capabilities, indicating either that they are operating at 125 MHz or that the frequency capability, which is stored in an EPROM, cannot be determined. If there are no fiber ports in the line card, then just the header under show inventory media will be displayed. If there are fiber ports but no optics inserted, then the output will display "Media not present or accessible".

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

109

show inventory (C-Series and E-Series)

C300 Example

Figure 34 Example output of show inventory for C300 (C-Series)

Force10# show inventory Chassis Type : C300 Chassis Mode : 1.0 Software Version : FTOS-EF-7.6.1.0 Slot Item Serial Number Part Number Revision -------------------------------------------------------------C300 TY000001400 7520029999 04 3 LC-CB-GE-48T FX000020075 7520036700 01 0 LC-CB-RPM 0060361 7520029300 02 0 CC-C-1200W-AC N/A N/A N/A 1 CC-C-1200W-AC N/A N/A N/A 0 CC-C300-FAN * - standby Software Protocol Configured -------------------------------------------------------------OSPF Force10#

E-Series Example

Figure 35 Example output of show inventory for E-Series

Force10# show inventory Chassis Type : E300 Chassis Mode : TeraScale Software Version : FTOS-EF-7.5.1.0 Slot Item Serial Number Part Number Revision -------------------------------------------------------------E300 0015259 7520009601 02 1 LC-EF3-10GE-2P 0017259 7520012501 01 2 LC-EF3-GE-48T 0017269 7520009702 01 3 LC-EF3-1GE-24P 0031151 7520014206 04 4 LC-EF3-1GE-24P 0017291 7520014202 02 0 LC-EF3-RPM 0031177 7520013808 05 0 CC-E-SFM 0019071 7520003706 A 1 CC-E-SFM 0019120 7520003706 A 1 CC-E300-PWR-DC TDX0524-00031 7520015400 A 0 CC-E300-FAN N/A N/A N/A * - standby Software Protocol Configured -------------------------------------------------------------BFD BGP ISIS OSPF RIP OSPFV3 Force10#

Example

Figure 36 Example output of show inventory media slot (partial)

Force10#show inventory media 3 Slot Port Type Media Serial Number F10Qualified ---------------------------------------------------------------------------... 3 11 SFP 1000BASE-SX U9600L0 Yes ...

110

Control and Monitoring

show inventory (S-Series)

Example

Figure 37 Example Output of show inventory media

Force10#show inventory media Slot Port Type Media Serial Number F10Qualified ---------------------------------------------------------------------------1 0 SFP 1000BASE-SX P11BWXZ Yes 1 1 SFP 1000BASE-LX H833612 Yes 1 2 SFP 1000BASE-SX B342232075 Yes 1 3 SFP 1000BASE-SX P6F02U2 Yes 1 4 SFP 1000BASE-SX AMGX367 Yes 1 5 SFP 1000BASE-SX B320210155 Yes 1 6 SFP 1000BASE-SX B342232168 Yes 1 7 SFP 1000BASE-SX H11VJ8F Yes 1 8 SFP 1000BASE-SX AJUR367 Yes 1 9 SFP 1000BASE-SX AJLH367 Yes 1 10 Media not present or accessible 1 11 Media not present or accessible 1 12 SFP 1000BASE-SX P11DCP3 Yes !----------------- output truncated -----------------!

Related Commands

show interfaces show interfaces transceiver

Display a specific interface configuration.

Display the physical status and operational status of an installed transceiver. The output also displays the transceivers serial number.

show inventory (S-Series)

s
Syntax Parameters

Display the S-Series switch type, components (including media), FTOS version including hardware identification numbers and configured protocols. show inventory [media slot] media slot
(OPTIONAL) Enter the keyword media followed by the stack ID of the stack member for which you want to display pluggable media inventory.

Defaults Command Modes Command History

No default behavior or values CONFIGURATION

Version 7.6.1.0 Introduced this version of the command for S-Series. S-Series output differs from E-Series.

Usage

If there are no fiber ports in the unit, then just the header under show inventory media will be displayed. If there are fiber ports but no optics inserted, then the output will display "Media not present or accessible".

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

111

show linecard

Example 1

Figure 38 Example output of show inventory for S-Series

Force10#show inventory System Name system Mode Software Version : S50v : 1.0 : 7.6.1.0a

Unit Type Serial Number Part Number Revision -------------------------------------------------------------0 *S50-01-GE-48T-V DL267050013 7590003600 B 0 S50-01-10GE-2C N/A N/A N/A 0 S50-PWR-AC N/A N/A N/A 0 S50-FAN N/A N/A N/A * - Management Unit Software Protocol Configured -------------------------------------------------------------IGMP PVST RSTP SNMP Force10#

Example 2

Figure 39 Example Output of show inventory media (S-Series)

S50V_7.7#show inventory media ? <0-7> Slot number | Pipe through a command <cr> S50V_7.7#show inventory media Slot Port Type Media Serial Number F10Qualified -----------------------------------------------------------------------------0 49 Media not present or accessible 0 50 XFP 10GBASE-SR C707XS0MD Yes 0 45 Media not present or accessible 0 46 Media not present or accessible 0 47 Media not present or accessible 0 48 Media not present or accessible 0 51 Media not present or accessible 0 52 Media not present or accessible S50V_7.7#

Related Commands

show interfaces show interfaces transceiver

interface configuration. Display the physical status and operational status of an installed transceiver. The output also displays the transceivers serial number.

show linecard
ce
Syntax Parameters

Display the line card(s) status. show linecard [number [brief] | all] number
(OPTIONAL) Enter a slot number to view information on the line card in that slot. C-Series Range: 0-7 E-Series Range: 0 to 13 on a E1200, 0 to 6 on a E600, and 0 to 5 on a E300.

112

Control and Monitoring

show linecard

all brief

(OPTIONAL) Enter the keyword all to view a table with information on all present line cards. (OPTIONAL) Enter the keyword brief to view an abbreviated list of line card information.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.5.1.0

Introduced on E-Series ExaScale Introduced on C-Series

E-Series original Command E-Series Example

Figure 40 Command Example: show linecard on E-Series

Force10#show linecard 11 -- Line card Status Next Boot Required Type Current Type Hardware Rev Num Ports Up Time FTOS Version Jumbo Capable Boot Flash Memory Size Temperature Power Status Voltage Serial Number Part Number Vendor Id Date Code Country Code Force10# 11 -: online : online : E48PF - 48-port GE line card with SFP optics (EF) : E48PF - 48-port GE line card with SFP optics (EF) : Base - 1.0 PP0 - n/a PP1 - n/a : 48 : 12 hr, 37 min : 6.2.1.x : yes : A: 2.0.3.4 B: 2.0.3.4 [booted] : 268435456 bytes : 49C : PEM0: absent or down PEM1: up : ok : : Rev : : :

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

113

show linecard Figure 41 Command Example: show linecard on C-Series

C-Series Example

Table 5 list the definitions of the fields shown in Figure 40. Table 5 Descriptions for show linecard output Field
Line card Status Next Boot Required Type

Description
Displays the line card slot number (only listed in show linecard

all command output).

Displays the line cards status. Displays whether the line card is to be brought online at the next system reload. Displays the line card type configured for the slot. The Required Type and Current Type must match. Use the linecard command to reconfigure the line card type if they do not match. Displays the line card type installed in the slot. The Required Type and Current Type must match. Use the linecard command to reconfigure the line card type if they do not match. Displays the chip set revision. Displays the number of ports in the line card. Displays the number of hours and minutes the card is online. Displays the operating software version. Displays Yes or No indicating if the line card can support Jumbo frames. This field does not state whether the chassis is operating in EtherScale or TeraScale mode. Displays the two possible Bootflash versions. The [Booted] keyword next to the version states which version was used at system boot. List the memory of the line card processor. Displays the temperature of the line card. Minor alarm status if temperature is over 65 C.

Current Type

Hardware Rev Num Ports Up Time FTOS Version Jumbo Capable

Boot Flash Ver

Memory Size Temperature

114

Control and Monitoring

show linecard boot-information Table 5 Descriptions for show linecard output Field
Power Status

Description
Lists the type of power modules used in the chassis: AC = AC power supply DC = DC Power Entry Module (PEM)

Voltage Serial Number Part Num Vendor ID Date Code

Displays OK if the line voltage is within range. Displays the line card serial number. Displays the line card part number. Displays an internal code, which specifies the manufacturing vendor. Displays the line cards manufacturing date.

Figure 42 Command Example: show linecard brief

Force10#show linecard 11 brief -- Line card Status Next Boot Required Type Current Type Hardware Rev Num Ports Up Time FTOS Version Jumbo Capable Force10# 11 -: online : online : E48PF - 48-port GE line card with SFP optics (EF) : E48PF - 48-port GE line card with SFP optics (EF) : Base - 1.0 PP0 - n/a PP1 - n/a : 48 : 11 hr, 24 min : 6.1.1.0 : yes

Related Commands

linecard show interfaces linecard show chassis show rpm show sfm

Pre-configure a line card in a currently empty slot of the system or a different line card type for the slot. Display information on all interfaces on a specific line card. View information on all elements of the system. View information on the RPM. View information on the SFM.

show linecard boot-information

e
Syntax Command Modes

View the line card status and boot information. show linecard boot-information EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 6.5.1.4

Introduced on E-Series ExaScale Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

115

show linecard boot-information Figure 43 Command Example: show linecard boot-information

Example

Force10#show linecard boot-information -- Line cards -Serial Booted Next Cache Boot # Status CurType number from boot boot flash -----------------------------------------------------------------------------------------------------0 online EXW4PF 012345 B: 6.5.1.4 6.5.1.4 A: invalid B: 6.5.1.4 A: 2.3.0.8 [b] B: invalid 1 E48TF 0031318 6.5.1.4 6.5.1.4 A: invalid B: 6.5.1.4 A: 2.3.0.6 B: 2.3.0.8 [b]

2 online 3 4 5 -

6 Force10#

Table 6 defines the fields in Figure 43. Table 6 Descriptions for show linecard boot-information output Field # Description Displays the line card slot numbers, beginning with slot 0. The number of slots listed is dependent on your chassis: E-Series: 0 to 13 on a E1200, 0 to 6 on a E600/E600i, and 0 to 5 on a E300. Indicates if a line card is online, offline, or booting. If a line card is not detected in the slot, a hyphen ( - ) is displayed. Displays the line card identification number, for example EXW4PF. Displays the line card serial number. Indicates whether the line card cache booted or system booted. In addition, the image with which the line card booted is also displayed. If the line card cache booted, then the output is A: or B: followed by the image in the flash partition (A: 6.5.1.4 or B: 6.5.1.4). If the line card system booted, then display is the current FTOS version number (6.5.1.4). Indicates if the next line card boot is a cache boot or system boot and which image will be used in the boot. Displays the system image in cache boot flash partition A: and B: for the line card. If the cache boot does not contain a valid image, invalid is displayed. Displays the two possible Boot flash versions. The [b] next to the version number is the current boot flash, that is the image used in the last boot.

Status
CurType

Serial number Booted from

Next boot Cache boot

Boot flash

116

Control and Monitoring

show memory (C-Series and E-Series)

Usage Information Related Commands

The display area of this command uses the maximum 80 character length. If your display area is not set to 80 characters, the display will wrap. show linecard
upgrade (E-Series version) download alt-boot-image download alt-full-image download alt-system-image View the line card status

Upgrade the boot flash, boot selector, or system image Download an alternate boot image to the chassis Download an alternate FTOS image to the chassis Download an alternate system image to the chassis

show memory (C-Series and E-Series)

ce
Syntax Parameters

View current memory usage on the system. show memory [cp | lp slot-number | rp1 | rp2] cp lp slot-number
(OPTIONAL) Enter the keyword cp to view information on the Control Processor on the RPM. (OPTIONAL) Enter the keyword lp and the slot number to view information on the line-card processor in that slot. C-Series Range: 0-7 E-Series Range: 0 to 13 on a E1200/E1200i, 0 to 6 on a E600/E600i, and 0 to 5 on a E300. (OPTIONAL) Enter the keyword rp1 to view information on Route Processor 1 on the RPM.

rp1

Note: This option is supported on the E-Series only.

rp2
(OPTIONAL) Enter the keyword rp2 to view information on Route Processor 2 on the RPM.

Note: This option is supported on the E-Series only.

Command Modes

EXEC EXEC Privilege

Command History

Version 7.5.1.0

Introduced on C-Series

E-Series original Command Usage Information

The output for show memory displays the memory usage of LP part (sysdlp) of the system. The Sysdlp is an aggregate task that handles all the tasks running on C-Series and E-Series' LP. In FTOS Release 7.4.1.0 and higher, the total counter size (for all 3 CPUs) in show memory (C-Series and E-Series) and show processes memory (C-Series and E-Series) will differ based on which FTOS processes are counted. In the show memory (C-Series and E-Series) display output, the memory size is equal to the size of the application processes.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

117

show memory (S-Series)

In the show processes memory (C-Series and E-Series) display output, the memory size is equal to the size of the application processes plus the size of the system processes.

E-Series Example

Figure 44 Command Example: show memory on E-Series

Force10#show memory Statistics On CP Processor =========================== Total(b) Used(b) Free(b) 452689184 64837834 387851350 Statistics On RP1 Processor =========================== Total(b) Used(b) Free(b) 629145600 4079544 625066056 Statistics On RP2 Processor =========================== Total(b) Used(b) Free(b) 510209568 47294716 462914852 Force10#

Lowest(b) 387805590 Lowest(b) 625066056 Lowest(b) 462617968

Largest(b) 371426976 Largest(b) 0 Largest(b) 446275376

Table 7 defines the fields displayed in Figure 44. Table 7 Descriptions for show memory output Field
Lowest

Description
Displays the memory usage the system went to in the lifetime of the system. Indirectly, it indicates the maximum usage in the lifetime of the system: Total minus Lowest. The current largest available. This relates to block size and is not related to the amount of memory on the system.

Largest

show memory (S-Series)

s
Syntax Parameters

View current memory usage on the S-Series switch. show memory [stack-unit 0-7] stack-unit 0-7
(OPTIONAL) Enter the keyword stack-unit followed by the stack unit ID of the S-Series stack member to display memory information on the designated stack member.

Command Modes

EXEC EXEC Privilege

Command History

Version 7.6.1.0

Introduced this version of the command for the S-Series

118

Control and Monitoring

show processes cpu (C-Series and E-Series)

Usage Information Example

The output for show memory displays the memory usage of LP part (sysdlp) of the system. The Sysdlp is an aggregate task that handles all the tasks running on the S-Series CPU. Figure 45 Command Example: show memory on S-Series
Force10#show memory stack-unit 0 Statistics On Unit 0 Processor =========================== Total(b) Used(b) Free(b) 268435456 4010354 264425102

Lowest(b) 264375410

Largest(b) 264425102

show processes cpu (C-Series and E-Series)

ce
Syntax Parameters

View CPU usage information based on processes running in the system. show processes cpu [cp | rp1 | rp2] [lp [linecard-number [1-99] | all | summary] cp rp1
(OPTIONAL) Enter the keyword cp to view CPU usage of the Control Processor. (OPTIONAL) Enter the keyword rp1 to view CPU usage of the Route Processor 1.

Note: This option is supported on the E-Series only.

rp2
(OPTIONAL) Enter the keyword rp2 to view CPU usage of the Route Processor 2.

Note: This option is supported on the E-Series only.

lp linecard [1-99]
(OPTIONAL) Enter the keyword lp followed by the line card number to display the CPU usage of that line card. The optional 1-99 variable sets the number of tasks to display in order of the highest CPU usage in the past five (5) seconds.

lp all lp summary

(OPTIONAL) Enter the keyword lp all to view CPU utilization on all active line cards. (OPTIONAL) Enter the keyword lp summary to view a summary of the line card CPU utilization.

Command Modes

EXEC EXEC Privilege

Command History

Version 7.5.1.0 Version 7.4.1.0 Version 6.5.1.0

Introduced on C-Series Modified: Added the lp all option Modified: The granularity of the output for rp1 and rp2 is changed. The the output is now at the process level, so process-specific statistics are displayed.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

119

show processes cpu (C-Series and E-Series) Figure 46 Command Example: show processes cpu (Partial)

Example 1

Force10#show processes cpu CPU Statistics On CP Processor =============================== CPU utilization for five seconds: 4%/2%; one minute: 2%; five minutes: 2% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 0xd02e4e8 1498633 89918 16666 3.00% 2.67% 2.67% 0 KP 0xd9d4c70 0 0 0 0.00% 0.00% 0.00% 0 tLogTask 0xd9cd200 0 0 0 0.00% 0.00% 0.00% 0 soc_dpc 0xd9bf588 0 0 0 0.00% 0.00% 0.00% 0 tARL 0xd9bd2f8 0 0 0 0.00% 0.00% 0.00% 0 tBCMlink 0xd9bb0e0 700 42 16666 0.00% 0.00% 0.00% 0 tBcmTask 0xd9798d0 106683 6401 16666 0.00% 0.00% 0.00% 0 tNetTask 0xd3368a0 0 0 0 0.00% 0.00% 0.00% 0 tWdbTask 0xd3329b0 166 10 16600 0.00% 0.00% 0.00% 0 tWdtTask 0xd32a8c8 102500 6150 16666 0.00% 0.00% 0.00% 0 tme 0xd16b1d8 12050 723 16666 0.00% 0.00% 0.00% 0 ipc 0xd1680c8 33 2 16500 0.00% 0.00% 0.00% 0 irc 0xd156008 116 7 16571 0.00% 0.00% 0.00% 0 RpmAvailMgr 0xd153ab0 216 13 16615 0.00% 0.00% 0.00% 0 ev -more-

Example 2

Figure 47 Command Example: show processes cpu rp1

Force10#Force10>show processes cpu rp1 CPU utilization for five seconds: 0%/0%; one minute: 0%; five minutes: 0% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY 0x0000007c 0x00000077 0x00000074 0x0000006e 0x0000006b 0x00000068 0x00000064 0x00000062 0x00000024 0x00000022 0x00000020 0x00000013 0x00000006 0x00000005 0x00000004 0x00000003 0x00000002 0x00000001 0x00000000 0x00000088 60 460 100 180 100 120 690 20 880 0 2580 0 80 30 840 250 0 160 700 260 6 46 10 18 10 12 69 2 88 0 258 0 8 3 84 25 0 16 70 26 10000 10000 10000 10000 10000 10000 10000 10000 10000 0 10000 0 10000 10000 10000 10000 0 10000 10000 10000 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Process ospf dsm ipm1 rtm rip acl sysd1 sysmon sshd inetd mount_mfs mount_mfs sh aiodoned ioflush reaper pagedaemon init swapper bgp

120

Control and Monitoring

show processes cpu (S-Series) Figure 48 Command Example: show processes cpu rp2

Example 3

Force10#show processes cpu rp2 CPU utilization for five seconds: 0%/0%; one minute: 0%; five minutes: 0% PID 0x00000090 0x0000008d 0x00000088 0x00000084 0x00000083 0x00000080 0x0000007b 0x00000078 0x00000074 0x00000070 0x0000006c 0x00000068 0x00000064 0x00000062 0x00000024 0x00000022 0x00000020 0x00000013 0x00000006 0x00000005 0x00000004 0x00000003 0x00000002 0x00000001 0x00000000 0x00000098 Runtime(ms) 140 120 360 60 180 80 130 700 100 80 80 60 750 0 880 0 2250 0 100 0 960 140 0 160 700 140 Invoked 14 12 36 6 18 8 13 70 10 8 8 6 75 0 88 0 225 0 10 0 96 14 0 16 70 14 uSecs 10000 10000 10000 10000 10000 10000 10000 10000 10000 10000 10000 10000 10000 0 10000 0 10000 0 10000 0 10000 10000 0 10000 10000 10000 5Sec 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 1Min 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 5Min TTY 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Process vrrp fvrp xstp span pim igmp ipm2 mrtm l2mgr l2pm arpm acl2 sysd2 sysmon sshd inetd mount_mfs mount_mfs sh aiodoned ioflush reaper pagedaemon init swapper msdp

Usage Information

The CPU utilization for the last five seconds as shown in Figure 46 is 4%/2%. The first number (4%) is the CPU utilization for the last five seconds. The second number (2%) indicates the percent of CPU time spent at the interrupt level.

show processes cpu (S-Series)

s
Syntax

Display CPU usage information based on processes running in an S-Series. show processes cpu [management-unit 1-99 [details] | stack-unit 0-7 | summary | ipc | memory [stack-unit 0-7]] management-unit1-99 [details]
(OPTIONAL) Display processes running in the control processor. The 1-99 variable sets the number of tasks to display in order of the highest CPU usage in the past five (5) seconds. Add the details keyword to display all running processes (except sysdlp). See Example 3. (OPTIONAL) Enter the keyword stack-unit followed by the stack member ID (Range 0 to 7). As an option of show processes cpu, this option displays CPU usage for the designated stack member. See Example 2. Or, as an option of memory, this option limits the output of memory statistics to the designated stack member. See Example 5.

Parameters

stack-unit 0-7

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

121

show processes cpu (S-Series)

summary ipc memory

(OPTIONAL) Enter the keyword summary to view a summary view of CPU usage for all members of the stack. See Example 1. (OPTIONAL) Enter the keyword ipc to display inter-process communication statistics. (OPTIONAL) Enter the keyword memory to display memory statistics. See Example 4.

Command Modes

EXEC EXEC Privilege

Command History

Version 7.7.1.0 Version 7.6.1.0

Modified: Added management-unit [details] keywords. Introduced for S-Series

Example 1

Figure 49 Command Example: show processes cpu summary on S-Series

Force10#show processes cpu summary CPU utilization 5Sec 1Min 5Min ------------------------------------------Unit0 0% 0% 0% CPU utilization 5Sec 1Min 5Min ------------------------------------------Unit1* 1% 0% 0% Unit2 0% 0% 0% Unit3 0% 0% 0% * Mgmt Unit

122

Control and Monitoring

show processes cpu (S-Series) Figure 50 Command Example: show processes cpu management-unit on S-Series
Force10#show processes cpu management-unit 0 CPU utilization for five seconds: 1%/0%; one minute: 10%; five minutes: 2% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 272 20 2 10000 0.00% 0.00% 0.00% 0 topoDPC 271 0 0 0 0.00% 0.00% 0.00% 0 bcmNHOP 270 0 0 0 0.00% 0.00% 0.00% 0 bcmDISC 269 0 0 0 0.00% 0.00% 0.00% 0 bcmATP-RX 268 0 0 0 0.00% 0.00% 0.00% 0 bcmATP-TX 267 30 3 10000 0.00% 0.00% 0.00% 0 bcmSTACK 266 380 38 10000 0.00% 0.00% 0.08% 0 bcmRX 265 30 3 10000 0.00% 0.00% 0.00% 0 bcmLINK.0 264 0 0 0 0.00% 0.00% 0.00% 0 bcmXGS3AsyncTX 263 0 0 0 0.00% 0.00% 0.00% 0 bcmTX 262 160 16 10000 0.00% 0.00% 0.00% 0 bcmCNTR.0 260 0 0 0 0.00% 0.00% 0.00% 0 bcmDPC 253 10690 1069 10000 0.00% 10.00% 2.97% 0 sysd 251 2380 238 10000 0.00% 0.00% 0.50% 0 kfldintr 58 30 3 10000 0.00% 0.00% 0.00% 0 sh 36 50 5 10000 0.00% 0.00% 0.00% 0 13 5 3 1 !-------- output truncated -------------!

Example 2

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

123

show processes cpu (S-Series) Figure 51 Command Example: show processes cpu stack-unit on S-Series
Force10#show processes cpu stack-unit 0 CPU Statistics On Unit0 Processor =============================== CPU utilization for five seconds: 0%/0%; one minute: 0%; five minutes: 0%
PID 52 124 116 109 108 103 100 96 92 86 83 80 74 70 68 64 63 62 61 60 59 58 57 55 117 28 21 18 11 6 5 4 3 2 1 0 Runtime(ms) 8260 1160 70 50 60 70 70 70 100 30 40 100 60 30 120 70 30 290 50 40 0 0 340 0 60 0 450 130 0 30 10 0 20 0 0 10 Invoked 826 116 7 5 6 7 7 7 10 3 4 10 6 3 12 7 3 29 5 4 0 0 34 0 6 0 45 13 0 3 1 0 2 0 0 1 uSecs 5Sec 1Min 5Min 10000 0.00% 0.00% 0.22% 10000 0.00% 0.00% 0.12% 10000 0.00% 0.00% 0.00% 10000 0.00% 0.00% 0.00% 10000 0.00% 0.00% 0.00% 10000 0.00% 0.00% 0.00% 10000 0.00% 0.00% 0.00% 10000 0.00% 0.00% 0.00% 10000 0.00% 0.00% 0.00% 10000 0.00% 0.00% 0.00% 10000 0.00% 0.00% 0.00% 10000 0.00% 0.00% 0.00% 10000 0.00% 0.00% 0.00% 10000 0.00% 0.00% 0.00% 10000 0.00% 0.00% 0.00% 10000 0.00% 0.00% 0.00% 10000 0.00% 0.00% 0.00% 10000 0.00% 0.00% 0.00% 10000 0.00% 0.00% 0.00% 10000 0.00% 0.00% 0.00% 0 0.00% 0.00% 0.00% 0 0.00% 0.00% 0.00% 10000 0.00% 0.00% 0.00% 0 0.00% 0.00% 0.00% 10000 0.00% 0.00% 0.00% 0 0.00% 0.00% 0.00% 10000 0.00% 0.00% 0.00% 10000 0.00% 0.00% 0.00% 0 0.00% 0.00% 0.00% 10000 0.00% 0.00% 0.00% 10000 0.00% 0.00% 0.00% 0 0.00% 0.00% 0.00% 10000 0.00% 0.00% 0.00% 0 0.00% 0.00% 0.00% 0 0.00% 0.00% 0.00% 10000 0.00% 0.00% 0.00% TTY 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Process sysd KernLrnAgMv xstp span pim igmp mrtm l2mgr l2pm arpm ospf dsm rtm rip ipm1 acl bcmLINK.1 bcmCNTR.1 bcmRX bcmLINK.0 bcmXGS3AsyncTX bcmTX bcmCNTR.0 bcmDPC frrp inetd mount_mfs mount_mfs syslogd sh aiodoned ioflush reaper pagedaemon init swapper

Example 3

124

Control and Monitoring

show processes cpu (S-Series) Figure 52 Command Example: show processes memory on S-Series
Force10#show processes memory Memory Statistics On Unit 0 Processor (bytes) ========================================== start Total : 160231424, MaxUsed : 130596864 [09/19/2007 03:11:17] CurrentUsed: 130596864, CurrentFree: 29634560 SharedUsed : 14261872, SharedFree : 6709672
PID Process ResSize Size 124 KernLrnAgMv 140410880 0 117 frrp 5677056 217088 116 xstp 7585792 1536000 109 span 5709824 221184 108 pim 5869568 720896 103 igmp 5513216 327680 100 mrtm 6905856 516096 96 l2mgr 6107136 491520 92 l2pm 5607424 221184 86 arpm 5353472 208896 83 ospf 4210688 475136 80 dsm 6057984 552960 74 rtm 6311936 577536 70 rip 5001216 249856 68 ipm1 5292032 339968 64 acl 5607424 544768 63 bcmLINK.1 40410880 0 62 bcmCNTR.1 140410880 0 61 bcmRX 140410880 0 60 bcmLINK.0 140410880 0 59 bcmXGS3AsyncTX 140410880 58 bcmTX 140410880 0 57 bcmCNTR.0 140410880 0 55 bcmDPC 140410880 0 52 sysd 44650496 22876160 28 inetd 876544 69632 21 mount_mfs 22642688 1953792 !----output truncated ------------------! Allocs 0 87650 551812 55386 12300 18236 72846 254858 667578 54528 0 22838 574792 528 67224 140086 0 0 0 0 0 0 0 0 3930856 0 0 Frees 0 0 49692 0 0 16564 0 115948 579740 16564 0 0 298152 0 0 66256 0 0 0 0 0 0 0 0 1358248 0 0 0 0 2589172 0 0 0 0 0 0 2572608 0 0 Max 0 87650 518684 55386 12300 18236 72846 172038 120966 54528 0 22838 376024 528 67224 123522 0 0 0 0 0 0 Current 0 87650 502120 55386 12300 1672 72846 138910 87838 37964 0 22838 276640 528 67224 73830 0 0 0 0

Example 4

Example 5

Figure 53 Command Example: show processes memory stack-unit on S-Series

Force10#show processes memory stack-unit 0 Memory Statistics On Unit 0 Processor (bytes) ========================================== start Total : 160231424, MaxUsed : 130596864 [09/19/2007 03:11:17] CurrentUsed: 130560000, CurrentFree: 29671424 SharedUsed : 14261872, SharedFree : 6709672
PID Process ResSize Size 124 KernLrnAgMv 140410880 0 117 frrp 5677056 217088 116 xstp 7585792 1536000 109 span 5709824 221184 108 pim 5869568 720896 103 igmp 5513216 327680 100 mrtm 6905856 516096 96 l2mgr 6107136 491520 92 l2pm 5607424 221184 86 arpm 5353472 208896 83 ospf 4210688 475136 80 dsm 6057984 552960 74 rtm 6311936 577536 70 rip 5001216 249856 68 ipm1 5292032 339968 !----output truncated ------------------! Allocs 0 87650 551812 55386 12300 18236 72846 254858 667578 54528 0 22838 574792 528 67224 Frees 0 0 49692 0 0 16564 0 115948 579740 16564 0 0 298152 0 0 Max 0 87650 518684 55386 12300 18236 72846 172038 120966 54528 0 22838 376024 528 67224 Current 0 87650 502120 55386 12300 1672 72846 138910 87838 37964 0 22838 276640 528 67224

Related Commands

show hardware layer2 acl show hardware layer3 show hardware stack-unit

Display Layer 2 ACL data for the selected stack member and stack member port-pipe. Display Layer 3 ACL or QoS data for the selected stack member and stack member port-pipe. Display the data plane or management plane input and output statistics of the designated component of the designated stack member.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

125

show processes ipc flow-control

show hardware system-flow show interfaces stack-unit show processes memory (S-Series)

Display Layer 3 ACL or QoS data for the selected stack member and stack member port-pipe. Display information on all interfaces on a specific S-Series stack member. Display CPU usage information based on processes running in an S-Series

show processes ipc flow-control

ces
Syntax Parameters

Display the Single Window Protocol Queue (SWPQ) statistics. show processes ipc flow-control [cp | rp1 | rp2 | lp linecard-number] cp rp1 rp2
(OPTIONAL) Enter the keyword cp to view the Control Processors SWPQ statistics. (OPTIONAL) Enter the keyword rp1 to view the Control Processors SWPQ statistics on Route Processor 1.* (OPTIONAL) Enter the keyword rp2 to view the Control Processors SWPQ statistics on Route Processor 2.* the Control Processors SWPQ statistics on the specified line card.*

lp linecard-number (OPTIONAL) Enter the keyword lp followed by the line card number to view * In the S-Series, this command supports only the cp keyword, not the rp1, rp2, and lp options. See Figure 58.
Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0

Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series and E-Series

126

Control and Monitoring

show processes ipc flow-control Figure 54 Command Example: show processes ipc flow-control from C-Series

Example 1

Force10# show processes ipc flow-control cp High Time Retr Msg Ack Aval Max Mark Out ies Sent Rcvd Retra Retra ACL0 RTM0 0 0 0 0 0 10 10 ACL0 DIFFSERV0 0 0 0 0 0 10 10 ACL0 IGMP0 0 0 0 0 0 10 10 ACL0 PIM0 0 0 0 0 0 10 10 ACL0 ACL20 1 0 0 2 2 50 50 CFG0 CFGDATASYNC0 2 0 0 7 7 255 255 DHCP0 ACL0 1 0 0 9 9 25 25 DHCP0 IFMGR0 0 0 0 0 0 25 25 RTM0 ARPMGR0 1 0 0 1 1 136 136 ACL20 IGMP0 0 0 0 0 0 50 50 LACP0 IFMGR0 2 0 0 4 4 25 25 ARPMGR0 MRTM0 0 0 0 0 0 100 100 ACL20 PIM0 0 0 0 0 0 50 50 MACMGR0 ACL0 1 0 0 1 1 25 25 TCLASSMGR0 ARPMGR0 0 0 0 0 0 0 100 100 IFMGR0 IPMGR2 0 6 0 0 44 44 8 8 !--------------------------output truncated ---------------------------------! Q Statistics on CP Processor TxProcess RxProcess Cur Len 0 0 0 0 0 0 0 0 0 0 0 0 0 0

Example 2

Figure 55 Command Example: show processes ipc flow-control rp from E-Series

Force10# show processes ipc flow-control cp Cur High Time Retr Msg Ack Aval Max Len Mark Out ies Sent Rcvd Retra Retra DHCP0 ACL0 0 1 0 0 6 6 25 25 DHCP0 IFMGR0 0 0 0 0 0 0 25 25 IFMGR0 FEFD0 0 3 0 0 27 27 8 8 IFMGR0 IPMGR0 0 6 0 0 44 44 8 8 IFMGR0 SNMP0 0 1 0 0 16 16 8 8 IFMGR0 SFL_CP0 0 4 0 0 31 31 8 8 IFMGR0 EVENTTERMLOG0 0 1 0 0 6 6 8 8 IFMGR0 PORTMIRR0 0 0 0 0 0 0 8 8 IFMGR0 DHCP0 0 1 0 0 6 6 8 8 IFMGR0 TCLASSMGR0 0 2 0 0 13 13 8 8 IFMGR0 VRRP0 0 3 0 0 25 25 8 8 IFMGR0 MRTM0 0 2 0 0 21 21 8 8 TCLASSMGR0 ARPMGR0 0 0 0 0 0 0 100 100 IFMGR0 IPMGR2 0 6 0 0 44 44 8 8 !--------------------------output truncated ---------------------------------! Q Statistics on CP Processor TxProcess RxProcess

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

127

show processes ipc flow-control

Table 8 list the definitions of the fields shown in Figure 54 and Figure 55. Table 8 Description of show processes ipc flow-control cp output Field
Source QID /Tx Process Destination QID/Rx Process Cur Len High Mark #of to / Timeout #of Retr /Retries #msg Sent/Msg Sent/ #msg Ackd/Ack Rcvd Retr /Available Retra Total/ Max Retra

Description
Source Service Identifier Destination Service Identifier Current number of messages enqueued Highest number of packets in the queue at any point of time Timeout count Number of retransmissions Number of messages sent Number of messages acknowledged Number of retries left Number of retries allowed

Example 2

Figure 56 Command Example: show processes ipc flow-control rp

Force10# show processes ipc flow-control rp2 [qid] Source->Dest Cur High #of #of #msg #msg Retr total Len Mark to Retr Sent Ackd -------------------------------------------------------------------[1] unknown2->unknown2 0 0 0 0 0 0 3 3 [2] l2pm0->spanMgr0 0 2 0 0 2298 2298 25 25 [3] fvrp0->macMgr0 0 0 0 0 0 0 25 25 [4] l2pm0->fvrp0 0 2 0 0 1905 1905 25 25 [5] fvrp0->l2pm0 0 0 0 0 0 0 25 25 [6] stp0->l2pm0 0 0 0 0 0 0 25 25 [7] spanMgr0->macMgr0 0 0 0 0 0 0 25 25 [8] spanMgr0->ipMgr0 0 0 0 0 0 0 25 25 Force10#

Example 3

Figure 57 Command Example: show processes ipc flow-control lp

Force10#show processes ipc flow-control lp 10 Q Statistics on LP 10 TxProcess RxProcess Cur High Time Retries Msg Ack Aval Max Len Mark Out Sent Rcvd Retra Retra ------------------------------------------------------------------------------------------ACL_AGENT10 PIM0 0 0 0 0 0 0 20 20 ACL_AGENT10 PIM0 0 0 0 0 0 0 20 20 FRRPAGT10 FRRP0 0 0 0 0 0 0 30 30 IFAGT10 IFMGR0 0 1 0 0 1 1 8 8 LPDMACAGENT10 MACMGR0 0 0 0 0 0 0 25 25 Force10#

128

Control and Monitoring

show processes memory (C-Series and E-Series) Figure 58 Command Example: show processes ipc flow-control on S-Series

Example 4

Force10#show processes ipc flow-control Q Statistics on CP Processor TxProcess RxProcess Cur High Time Retr Len Mark Out ies ACL0 RTM0 0 0 0 0 ACL0 DIFFSERV0 0 0 0 0 ACL0 IGMP0 0 0 0 0 ACL0 PIM0 0 0 0 0 LACP0 IFMGR0 0 0 0 0 RTM0 ARPMGR0 0 0 0 0 MACMGR0 ACL0 0 0 0 0 ARPMGR0 MRTM0 0 0 0 0 DHCP0 ACL0 0 1 0 0 DHCP0 IFMGR0 0 0 0 0 L2PM0 SPANMGR0 0 2 0 0 ARPMGR0 FIBAGT0 0 1 0 0 SPANMGR0 MACMGR0 0 0 0 0 SPANMGR0 IPMGR0 0 0 0 0 SPANMGR0 L2PM0 0 0 0 0 STP0 L2PM0 0 0 0 0 RTM0 FIBAGT0 0 2 0 0 L2PM0 STP0 0 5 0 0 ACL_AGENT0 PIM0 0 0 0 0 ACL_AGENT0 PIM0 0 0 0 0 FRRP0 L2PM0 0 0 0 0 L2PM0 FRRP0 0 1 0 0 ACL0 ACL_AGENT0 0 4 0 0 ACL0 MACAGENT0 0 0 0 0 IFMGR0 EVENTTERMLOG0 0 1 0 0 IFMGR0 SNMP0 0 1 0 0 IFMGR0 IPMGR0 0 7 0 0 IFMGR0 DIFFSERV0 0 2 0 0 DIFFSERV0 ACL_AGENT0 0 0 0 0 !---------------output truncated --------------------------!

Msg Sent 0 0 0 0 0 0 0 0 1 0 14 1 0 0 0 0 4 5 0 0 0 13 7 0 1 1 9 3 0

Ack Aval Max Rcvd Retra Retra 0 10 10 0 10 10 0 10 10 0 10 10 0 25 25 0 136 136 0 25 25 0 100 100 1 25 25 0 25 25 14 25 25 1 100 100 0 25 25 0 25 25 0 25 25 0 25 25 4 255 255 5 25 25 0 20 20 0 20 20 0 25 25 13 25 25 7 90 90 0 90 90 1 8 8 1 8 8 9 8 8 3 8 8 0 100 100

Usage Information

The Single Window Protocol (SWP) provides flow control-based reliable communication between the sending and receiving software tasks.

Important Points to Remember

A sending task enqueues messages into the SWP queue3 for a receiving task and waits for an acknowledgement. If no response is received within a defined period of time, the SWP timeout mechanism resubmits the message at the head of the FIFO queue. After retrying a defined number of times, the following timeout message is generated:

SWP-2-NOMORETIMEOUT
In the display output in Figure 58, a retry (Retries) value of zero indicates that the SWP mechanism reached the maximum number of retransmissions without an acknowledgement.

show processes memory (C-Series and E-Series)

ce
Syntax

View memory usage information based on processes running in the system. show processes memory [cp | lp slot-number {lp all | lp summary} | rp1 | rp2]

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

129

show processes memory (C-Series and E-Series)

Parameters

cp lp slot-number

(OPTIONAL) Enter the keyword cp to view memory usage of the Control Processor. (OPTIONAL) Enter the keyword lp and the slot number to view information on the line-card processor in that slot. C-Series Range: 0-7 E-Series Range: 0 to 13 on a E1200/E1200i, 0 to 6 on a E600/E600i, and 0 to 5 on a E300. (OPTIONAL) Enter the keyword lp all to view CP memory usage on all active line cards. (OPTIONAL) Enter the keyword lp summary to view a summary of the line card CP memory usage. (OPTIONAL) Enter the keyword rp1 to view memory usage of the Route Processor 1.

lp all lp summary rp1

Note: This option is supported on the E-Series only.

rp2
(OPTIONAL) Enter the keyword rp2 to view memory usage of the Route Processor 2.

Note: This option is supported on the E-Series only.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0 Version 7.5.1.0 Version 7.4.1.0 Version 6.5.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i Introduced on C-Series Added lp all and lp summary options For rp1 and rp2 only, the output displays memory consumption of all the processes including a summary (see Figure 60 and Figure 61.

Usage Information

The output for show process memory displays the memory usage statistics running on CP part (sysd) of the system. The Sysd is an aggregate task that handles all the tasks running on C-Series and E-Series' CP. In FTOS Release 7.4.1.0 and higher, the total counter size (for all 3 CPUs) in show memory and show processes memory will differ based on which FTOS processes are counted. In the show memory (C-Series and E-Series) display output, the memory size is equal to the size of the application processes. In the show processes memory (C-Series and E-Series) display output, the memory size is equal to the size of the application processes plus the size of the system processes.

130

Control and Monitoring

show processes memory (C-Series and E-Series) Figure 59 Command Example: show processes memory (partial)

Example

Force10#show processes memory Memory Statistics On CP Processor (bytes) ========================================== Total: 452689184, MaxUsed: 64886986, CurrentUsed: 64873866, Current TaskName TotalAllocated TotalFreed MaxHeld CurrentHolding tRootTask 39083408 1395840 38143920 37687568 tARL 64 0 64 64 tBcmTask 256 0 256 256 tPortmapd 18560 0 18560 18560 tShell 3440 0 3440 3440 tPingTmo0 0 1088 0 0 tExcTask 0 592864 0 0 tme 4002494 192 4002302 4002302 ipc 34060 192 34060 33868 irc 943436 0 943436 943436 RpmAvailMgr 9376 32 9344 9344 ev 133188 0 133188 133188 evterm 26752 0 26752 26752 evhdlr 2528 8064 2528 0 dlm 7556256 7366960 1239104 189296 dla 416 0 416 416 tsm 15136 0 15136 15136 fmg 766560 0 766560 766560 fileProc 416 0 416 416 sysAdmTsk 42028 0 42028 42028

Example

Figure 60 Command Example: show processes memory rp1

Force10#show processes memory rp1 Total : CurrentUsed: SharedUsed : PID 124 119 114 112 107 104 100 98 36 34 32 19 6 5 4 3 2 1 0 Process ospf dsm ipm1 rtm rip acl sysd1 sysmon sshd inetd mount_mfs mount_mfs sh aiodoned ioflush reaper pagedaemon init swapper 954650624, MaxUsed : 114135040, CurrentFree: 7849096, SharedFree : ResSize 3215360 7749632 3821568 4722688 3731456 4734976 11636736 528384 1286144 663552 42397696 364544 446464 76529664 76529664 76529664 76529664 139264 76529664 Size 425984 1859584 229376 421888 253952 430080 2019328 94208 430080 98304 2514944 2449408 737280 0 0 0 0 2375680 0 114135040 [3/8/2006 15:1:42] 840515584 13122448 Allocs 0 797026 297324 925008 198216 1127524 965798 0 0 0 0 0 0 0 0 0 0 0 0 Frees 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Max 0 797026 297324 925008 198216 1127524 965798 0 0 0 0 0 0 0 0 0 0 0 0 Current 0 797026 297324 925008 198216 1127524 965798 0 0 0 0 0 0 0 0 0 0 0 0

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

131

show processes memory (C-Series and E-Series) Figure 61 Command Example: show processes memory rp2

Example

Force10#show processes memory rp2 Total : CurrentUsed: SharedUsed : PID Process 953700352, MaxUsed : 149417984, CurrentFree: 7847200, SharedFree : ResSize 3870720 4472832 10764288 4136960 6664192 4112384 3923968 25567232 4579328 3874816 3702784 3485696 11657216 528384 1286144 663552 41791488 364544 446464 76967936 76967936 76967936 76967936 139264 76967936 Size 266240 204800 7155712 167936 516096 344064 237568 593920 520192 225280 208896 94208 1679360 94208 430080 98304 2514944 2449408 737280 0 0 0 0 2375680 0 149417984 [3/8/2006 12:33:6] 804282368 13124344 Allocs 297324 797010 367534 565810 2812528 627684 363396 697790 830098 367446 268420 132144 998834 0 0 0 0 0 0 0 0 0 0 0 0 Frees 0 0 0 0 0 0 0 0 0 32948 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Max 297324 797010 367534 565810 2812528 627684 363396 697790 830098 367446 268420 132144 998834 0 0 0 0 0 0 0 0 0 0 0 0 Current 297324 797010 367534 565810 2812528 627684 363396 697790 830098 334498 268420 132144 998834 0 0 0 0 0 0 0 0 0 0 0 0

145 vrrp 141 fvrp 138 xstp 133 span 132 pim 128 igmp 124 ipm2 120 mrtm 116 l2mgr 112 l2pm 108 arpm 104 acl2 100 sysd2 98 sysmon 36 sshd 34 inetd 32 mount_mfs 19 mount_mfs 6 sh 5 aiodoned 4 ioflush 3 reaper 2 pagedaemon 1 init 0 swapper Force10#

Table 9 defines the fields that appear in the show processes memory output. Table 9 Descriptions of show processes memory rp1/rp2 output Field
Total: MaxUsed: CurrentUsed: CurrentFree: SharedUsed: SharedFree: PID Process ResSize Size Allocs Frees Max Current

Description
Total system memory available Total maximum memory used ever (history indicated with time stamp) Total memory currently in use Total system memory available Total used shared memory Total free shared memory Process ID Process Name Actual resident size of the process in memory Process test, stack, and data size Total dynamic memory allocated Total dynamic memory freed Maximum dynamic memory allocated Current dynamic memory in use

132

Control and Monitoring

show processes memory (S-Series)

s
Syntax Parameters

Display memory usage information based on processes running in the S-Series system. show processes memory {management-unit | stack unit {07 | all | summary}} management-unit stack unit 07 all summary
Enter the keyword management-unit for CPU memory usage of the stack management unit. Enter the keyword stack unit followed by a stack unit ID of the member unit for which to display memory usage on the forwarding processor. Enter the keyword all for detailed memory usage on all stack members. Enter the keyword summary for a brief summary of memory availability and usage on all stack members.

Command Modes

EXEC EXEC Privilege

Command History

Version 7.7.1.0 Version 7.6.1.0

Modified: Added management-unit option Introduced on S-Series

Usage Information

The output for show process memory displays the memory usage statistics running on CP part (sysd) of the system. The Sysd is an aggregate task that handles all the tasks running on S-Series CP. For S-Series, the output of show memory and this command will differ based on which FTOS processes are counted. In the show memory display output, the memory size is equal to the size of the application processes. In the output of this command, the memory size is equal to the size of the application processes plus the size of the system processes.

Example

Figure 62 Command Example: show processes memory on S-Series

Force10#show processes memory stack-unit 0 Total: 268435456, MaxUsed: 2420244, CurrentUsed: 2420244, CurrentFree: 266015212 TaskName TotalAllocated TotalFreed MaxHeld CurrentHolding tme 435406 397536 54434 37870 ipc 16652 0 16652 16652 timerMgr 33304 0 33304 33304 sysAdmTsk 33216 0 33216 33216 tFib4 1943960 0 1943960 1943960 aclAgent 90770 16564 74206 74206 ifagt_1 21318 16564 21318 4754 dsagt 6504 0 6504 6504 MacAgent 269778 0 269778 269778

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

133

show processes memory (S-Series) Figure 63 Command Example: show processes memory management-unit

Example

Force10#show processes management-unit Total : CurrentUsed: SharedUsed : 151937024, MaxUsed : 98848768, CurrentFree: 13007848, SharedFree : 111800320 [2/25/2008 4:18:53] 53088256 7963696 Frees 0 0 0 0 0 16564 0 380972 1176044 33128 662560 16564 198768 0 0 0 149076 0 0 0 0 0 0 0 0 Max 0 50572 369238 38328 62168 18588 72758 619266 286606 71092 78208 39490 376024 528 221060 83788 123616 0 0 0 0 0 0 0 0 Current 0 50572 369238 38328 62168 2024 72758 354242 253478 37964 61644 22926 243512 528 221060 83788 90488 0 0 0 0 0 0 0 0

PID Process 337 KernLrnAgMv 331 vrrp 323 frrp 322 xstp 321 pim 314 igmp 313 mrtm 308 l2mgr 301 l2pm 298 arpm 294 ospf 288 dsm 287 rtm 284 rip 281 lacp 277 ipm1 273 acl 272 topoDPC 271 bcmNHOP 270 bcmDISC 269 bcmATP-RX 268 bcmATP-TX 267 bcmSTACK 266 bcmRX 265 bcmLINK.0 !----------- output

ResSize Size Allocs 117927936 0 0 5189632 249856 50572 5206016 241664 369238 7430144 2928640 38328 5267456 823296 62168 4960256 380928 18588 6742016 1130496 72758 5607424 552960 735214 5001216 167936 1429522 4628480 217088 71092 5468160 503808 724204 6778880 1159168 39490 5713920 602112 442280 4562944 258048 528 4673536 266240 221060 4837376 380928 83788 5005312 512000 239564 117927936 0 0 117927936 0 0 117927936 0 0 117927936 0 0 117927936 0 0 117927936 0 0 117927936 0 0 117927936 0 0 truncated --------------!

Table 10 defines the fields that appear in the show processes memory output. Table 10 Descriptions of show processes memory output Field
Total: MaxUsed: CurrentUsed: CurrentFree: SharedUsed: SharedFree: PID Process ResSize Size Allocs Frees Max Current

134

Control and Monitoring

show processes switch-utilization

e
Syntax Command Mode

Show switch fabric utilization. show processes switch-utilization EXEC EXEC Privilege

Command History

Version 8.1.1.0

Introduced on E-Series ExaScale

E-Series original Command Example

Figure 64 Command Example: show processes switch-utilization

Force10#show processes switch-utilization Switch fabric utilization 5Sec 1Min 5Min -----------------------------------------------------3% 3% 3%

Usage Information

An asterisk ( * ) in the output indicates a legacy card that is not support by the show processes switch-utilization command.

show rpm
ce
Syntax Parameters

Show the current RPM status. show rpm [number [brief] | all] number all brief
(OPTIONAL) Enter either zero (0) or 1 for the RPM. (OPTIONAL) Enter the keyword all to view a table with information on all present RPMs. (OPTIONAL) Enter the keyword brief to view an abbreviated list of RPM information.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.5.1.0

Introduced on E-Series ExaScale Introduced on C-Series

E-Series original Command

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

135

show rpm Figure 65 Command Example: show rpm on E-Series

Force10#show RPM 0 -- RPM card 0 -Status : active Next Boot : online Card Type : RPM - Route Processor Module (LC-EF-RPM) Hardware Rev : 2.0 Num Ports : 1 Up Time : 36 min, 51 sec Last Restart : reset FTOS Version : 6.2.1.0 Jumbo Capable : yes CP Boot Flash : A: 2.4.0.6 B: 2.4.0.7 [booted] RP1 Boot Flash: A: 2.4.0.7 [booted] B: 2.4.0.5 RP2 Boot Flash: A: 2.4.0.7 [booted] B: 2.4.0.5 CP Mem Size : 536870912 bytes RP1 Mem Size : 0 bytes RP2 Mem Size : 0 bytes Temperature : 49C Power Status : PEM0: absent or down PEM1: up Voltage : ok Serial Number : 0016788 Part Number : 7520013800 Rev 01 Vendor Id : 01 Date Code : 06182004 Country Code : 01 Force10#

E-Series Example

Table 11 defines the fields displayed in Figure 65. Table 11 Descriptions of show rpm output Field
Status Next Boot Card Type Hardware Rev Num Ports Up Time Last Restart

Description
Displays the RPMs status. Displays whether the RPM is to be brought online at the next system reload. Displays the RPM catalog number. Displays theE-Series chipset hardware revision level: 1.0 (non-Jumbo); 1.5 (Jumbo-enabled); 2.0 (or above is TeraScale). Displays the number of active ports. Displays the number of hours and minutes since the RPMs last reboot. States the reason for the last RPM reboot. C-Series possible values: normal power-cycle (reset power-cycle command) reset by master (peer RPM reset by master RPM) over temperature shutdown power supply failed E-Series possible values: normal power-cycle (insufficient power, normal power cycle) reset by user (automatic failover, software reload of both RPMs, or master RPM resetting peer) force-failover (redundancy force-failover command)

FTOS Version Jumbo Capable

Displays the operating software version. Displays a Yes or No indicating if the RPM is capable of sending and receiving Jumbo frames. This field does not indicate if the chassis is in Jumbo mode; for that determination, use the show chassis brief command.

136

Control and Monitoring

show software ifm Table 11 Descriptions of show rpm output Field

CP Boot Flash

Description
Displays the two possible Boot Flash versions for the Control Processor. The [Booted] keyword next to the version states which version was used at system boot. Displays the two possible Boot Flash versions for the Routing Processor 1. The [Booted] keyword next to the version states which version was used at system boot. Displays the two possible Boot Flash versions for the Routing Processor 2. The [Booted] keyword next to the version states which version was used at system boot. Displays the memory of the Control Processor. Displays the memory of the Routing Processor 1. Displays the memory of the Routing Processor 2. Displays the temperature of the RPM. Minor alarm status if temperature is over 65 C. Lists the status of the power modules in the chassis. Displays the power rails for the line card. Displays the line card serial number. Displays the line card part number. Displays an internal code, which specifies the manufacturing vendor. Displays the line cards manufacturing date. Displays the country of origin. 01 = USA

RP1 Boot Flash

RP2 Boot Flash

CP Mem Size RP1 Mem Size PR2 Mem Size Temperature Power Status Voltage Serial Num Part Num Vendor ID Date Code Country Code

Related Commands

show chassis show linecard

show sfm

View information on all elements of the system. View information on a line card. View information on the SFM.

show software ifm

cs
Syntax

Display interface management (IFM) data. show software ifm {clients [summary] | ifagt number | ifcb interface | stack-unit unit-ID | trace-flags} clients summary ifagt number
Enter the keyword clients to display IFM client information. (OPTIONAL) Enter the keyword summary to display brief information about IFM clients. Enter the keyword ifagt followed by the number of an interface agent to display software pipe and IPC statistics.

Parameters

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

137

show software ifm

ifcb interface

Enter the keyword ifcb followed by one of the following interface IDs followed by the slot/port information to display interface control block information for that interface: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128

E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a 10G Ethernet interface, enter the keyword TenGigabitEthernet. C-Series options also include:

fastethernet for a Fast Ethernet interface loopback for a Loopback interface managementethernet for a Management Ethernet interface null for a Null interface vlan for a VLAN interface (Range: 14094, 1-2094 for ExaScale)

stack-unit unit-ID

Enter the keyword stack-unit followed by the stack member number to display IFM information for that unit. Range: 0-1

Note: This option is only available on S-Series.

trace-flags Enter the keyword trace-flags to display IFM information for internal trace flags.

Defaults Command Mode

None EXEC EXEC Privilege

Command History S-Series Example

Version 7.6.1.0

Introduced for C-Series and S-Series

Figure 66 Command Example: show software ifm clients summary on S-Series

Force10#show software ifm clients summary ClntType Inst svcMask subSvcMask tlvSvcMask tlvSubSvc swp IPM 0 0x00000000 0x00000000 0x90ff71f3 0x021e0e81 31 RTM 0 0x00000000 0x00000000 0x800010ff 0x01930000 43 VRRP 0 0x00000000 0x00000000 0x803330f3 0x00400000 39 L2PM 0 0x00000000 0x00000000 0x87ff79ff 0x0e032200 45 ACL 0 0x00000000 0x00000000 0x867f50c3 0x000f0218 44 OSPF 0 0x00000dfa 0x00400098 0x00000000 0x00000000 0 PIM 0 0x000000f3 0x00030000 0x00000000 0x00000000 0 IGMP 0 0x000e027f 0x00000000 0x00000000 0x00000000 0 SNMP 0 0x00000000 0x00000000 0x800302c0 0x00000002 30 EVTTERM 0 0x00000000 0x00000000 0x800002c0 0x00000000 29 MRTM 0 0x00000000 0x00000200 0x81f7103f 0x00000000 38 DSM 0 0x00000000 0x00000000 0x80771003 0x00000000 32 LACP 0 0x00000000 0x00000000 0x8000383f 0x00000000 35 DHCP 0 0x00000000 0x00000000 0x800000c2 0x0000c000 37 V6RAD 0 0x00000433 0x00030000 0x00000000 0x00000000 0 Unidentified Client0 0x006e0002 0x00000000 0x00000000 0x00000000 0 Force10#

138

Control and Monitoring

show switch links

c
Syntax Parameters

View the switch fabric backplane or internal status. show switch links {backplane | internal} backplane internal
Enter the keyword backplane to view a table with information on the link status of the switch fabric backplane for both SFMs. Enter the keyword internal to view a table with information on the internal status of the switch fabric modules.

Defaults Command Modes Command History Example

None EXEC
Version 7.5.1.0 Introduced on C-Series

Figure 67 Command Example: show switch links backplane

down

up - Both ends of the link are up down - Both ends of the link are down up / down - SFM side up and LC side down down / up - SFM side down and LC side up Force10#

show system (S-Series)

s
Syntax Parameters

Display the current status of all stack members or a specific member. show system [brief | stack-unit unit-id] brief stack-unit unit-id
(OPTIONAL) Enter the keyword brief to view an abbreviated list of system information. (OPTIONAL) Enter the keyword stack-unit followed by the stack member ID for information on that stack member. Range: 0 to 7.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

139

show system (S-Series)

Command Modes

EXEC EXEC Privilege

Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

Modified output: Boot Flash field will display code level for boot code 2.8.1.1 and newer, while older boot codes are displayed as "Present". Modified output: Added Master Priority field. Introduced for S-Series switches

Usage

Figure 68 shows the output from the show system brief command. Figure 69 shows the output from the show system stack-unit command.

Example

Figure 68 Command Example: show system brief

Force10#show system brief Stack MAC : 0:1:e8:d6:4:70 -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Member not present 1 Standby online S50V S50V 7.7.1.0 52 2 Mgmt online S50V S50V 7.7.1.0 52 3 Member not present 4 Member not present 5 Member not present 6 Member not present 7 Member not present -- Module Info -Unit Module No Status Module Type Ports --------------------------------------------------------------------------1 0 online S50-01-10GE-2P 2 1 1 online S50-01-24G-2S 1 2 0 online S50-01-10GE-2P 2 2 1 online S50-01-24G-2S 1 -- Power Supplies -Unit Bay Status Type --------------------------------------------------------------------------1 0 up AC 1 1 absent 2 0 up AC 2 1 absent -- Fan Status -Unit TrayStatus Fan0 Fan1 Fan2 Fan3 Fan4 Fan5 -------------------------------------------------------------------------------1 up up up up up up up 2 up up up up up up up Force10#

140

Control and Monitoring

show system (S-Series) Figure 69 Command Example: show system stack-unit

Force10#show system stack-unit 0 -- Unit 0 -Unit Type Status Next Boot Required Type Current Type Master Priority Hardware Rev Num Ports Up Time FTOS Version Jumbo Capable POE Capable Boot Flash Memory Size Temperature Voltage Serial Number Part Number Vendor Id Date Code Country Code Burned In MAC No Of MACs --Module 0-Status Module Type Num Ports Hot Pluggable : : : : : : : : : : : : : : : : : : : : : : : : : : : Management Unit online online S50V - 48-port E/FE/GE with POE (SB) S50V - 48-port E/FE/GE with POE (SB) 4 2.0 52 3 hr, 17 min 7.6.1.0a yes no Present 254701568 bytes 43C ok DZ267160000 7590003600 Rev B 07 12172007 01 00:01:e8:cc:cc:cc 3

Example

online S50-01-10GE-2P 2 no online S50-01-10GE-2C 2 no

- 2-port 10GE XFP (SB)

-- Module 1 Status : Module Type : Num Ports : Hot Pluggable :

- 2-port 10GE CX4 (SB)

- Power Supplies -Unit Bay Status Type --------------------------------------------------------------------------0 0 up AC 0 1 absent -- Fan Status --------------------------------------------------------------------------------Unit TrayStatus Fan0 Fan1 Fan2 Fan3 Fan4 Fan5 0 up Force10# up up up up up up

Related Commands

show version show processes memory (S-Series) show system stack-ports show hardware stack-unit stack-unit priority

Display the FTOS version. Display memory usage based on running processes. Display information about the stack ports on all switches in the S-Series stack. Display the data plane and management plane input and output statistics of a particular stack member. Configure the ability of an S-Series switch to become the management unit of a stack.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

141

show tech-support (C-Series and E-Series)

ce
Syntax

Display, or save to a file, a collection of data from other show commands, the information necessary for Force10 Networks technical support to perform troubleshooting. show tech-support [linecard 0-6 | page] | {display | except | find | grep | no-more | save}
linecard 0-6 (OPTIONAL) Enter the keyword linecard followed by the linecard number to view information relating to a specific linecard. (OPTIONAL) Enter the keyword page to view 24 lines of text at a time. Press the SPACE BAR to view the next 24 lines. Press the ENTER key to view the next line of text. If you use the pipe command ( | ), then enter one of these keywords to filter command output. Refer to Chapter 1, CLI Basics for details on filtering commands. Enter the save keyword (following the pipe) to save the command output.

Parameters

page

display, except, find, grep, no-more save

flash: slot0:
Command Modes Command History

Save to local flash drive (flash://filename (max 20 chars) ) Save to local file system (slot0://filename (max 20 chars) )

EXEC Privilege
Version 7.8.1.0 Version 7.5.1.0 Version 6.5.4.0 Introduced save to file options Introduced on C-Series Show clock included in display on E-Series

142

Control and Monitoring

show tech-support (C-Series and E-Series) Figure 70 Command Example: show tech-support (partial) on C-Series
Force10#show tech-support page ----------------------------------- show version ------------------------------Force10 Networks Real Time Operating System Software Force10 Operating System Version: 1.0 Force10 Application Software Version: FTOS 7.5.1.0 Copyright (c) 1999-2007 by Force10 Networks, Inc. Build Time: Tue Sep 12 15:39:17 IST 2006 Build Path: /sites/maa/work/sw//C-SERIES/SW/SRC Force10 uptime is 18 minutes System image file is "/work/sw/IMAGES/Chassis/C300-ODC-2/FTOS-CS.bin" Chassis Type: C300 Control Processor: IBM PowerPC 750FX (Rev D2.2) with 1073741824 bytes of memory. 128K bytes of non-volatile configuration memory. 1 2 1 96 Route Processor/Switch Fabric Module 48-port GE 10/100/1000Base-T line card with RJ45 interface (CB) FastEthernet/IEEE 802.3 interface(s) GigabitEthernet/IEEE 802.3 interface(s)

C-Series Example

----------------------------------- show HA information -------------------- RPM Status ------------------------------------------------RPM Slot ID: 0 RPM Redundancy Role: Primary RPM State: Active RPM SW Version: CS-1-1-317 Link to Peer: Down Peer RPM: not present -- RPM Redundancy Configuration ------------------------------------------------Primary RPM: rpm0 Auto Data Sync: Full Failover Type: Hot Failover Auto reboot RPM: Disabled Auto failover limit: 3 times in 60 minutes ...more----

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

143

show tech-support (C-Series and E-Series) Figure 71 Command Example: show tech-support save (partial) on E-Series
Force10#show tech-support ? linecard Line card page Page through output | Pipe through a command <cr> Force10#show tech-support linecard 3 | ? display Display additional information except Show only text that does not match a pattern find Search for the first occurrence of a pattern grep Show only text that matches a pattern no-more Don't paginate output save Save output to a file Force10#show tech-support linecard 3 | save ? flash: Save to local file system (flash://filename (max 20 chars) ) slot0: Save to local file system (slot0://filename (max 20 chars) ) Force10#show tech-support linecard 3 | save flash://LauraSave Start saving show command report ....... Force10#dir Directory of flash: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 drwx drwx drwx drwx drwx drwx d---rwx drwx -rwx -rwx -rwx -rwx -rwx -rwx -rwx -rwx 32768 512 8192 8192 8192 8192 8192 33059550 8192 29555751 27959813 4693 29922288 6497 5832 29947358 10375 Jan Aug Mar Mar Mar Mar Mar Jul Jan May Apr May Jan Aug Jul Jul Aug 01 22 30 30 30 30 30 11 01 12 04 12 11 22 25 25 25 1980 2008 1919 1919 1919 1919 1919 2007 1980 2008 2008 2008 2008 2008 2008 2008 2008 00:00:00 14:21:13 10:31:04 10:31:04 10:31:04 10:31:04 10:31:04 17:49:46 00:18:28 17:29:42 15:05:12 17:24:36 14:58:36 14:18:56 11:13:36 11:04:26 10:55:18 +00:00 +00:00 +00:00 +00:00 +00:00 +00:00 +00:00 +00:00 +00:00 +00:00 +00:00 +00:00 +00:00 +00:00 +00:00 +00:00 +00:00 . .. TRACE_LOG_DIR CRASH_LOG_DIR NVTRACE_LOG_DIR CORE_DUMP_DIR ADMIN_DIR FTOS-EF-7.4.2.0.bin diag FTOS-EF-4.7.6.0.bin FTOS-EF-7.5.1.0.bin config051508 FTOS-EF-7.6.1.0.bin startup-config startup-config.bak FTOS-EF-7.6.1.2.bin LauraSave

E-Series Example

flash: 520962048 bytes total (40189952 bytes free) Force10#

Usage Information

Without the linecard or page option, the command output is continuous, use CNTL-z to interrupt the command output. The save option works with other filtering commands. This allows you to save specific information of a show command. The save entry should always be the last option. For example: Force10#show tech-support |grep regular-expression |except regular-expression | find
regular-expression | save flash://result

This display output is an accumulation of the same information that is displayed when you execute one of the following show commands: 144 show show show show show show show cam-profile cam-ipv4flow chassis clock environment file-system interface Control and Monitoring

show tech-support (S-Series)

Related Commands

show show show show show show show show show show show

inventory ip management-route ip protocols ip route summary processes cpu processes memory redundancy rpm running-conf sfm version
Display the FTOS version. Display the line card(s) status. Display system component status. Display memory usage based on running processes.

show version show linecard show environment (C-Series and E-Series) show processes memory (C-Series and E-Series)

show tech-support (S-Series)

s
Syntax Parameters

Display a collection of data from other show commands, necessary for Force10 Networks technical support to perform troubleshooting on S-Series switches. show tech-support [stack-unit unit-id | page] stack-unit page
(OPTIONAL) Enter the keyword stack-unit to view CPU memory usage for the stack member designated by unit-id. Range: 0 to 7 (OPTIONAL) Enter the keyword page to view 24 lines of text at a time. Press the SPACE BAR to view the next 24 lines. Press the ENTER key to view the next line of text. When using the pipe command ( | ), enter one of these keywords to filter command output. Refer to Chapter 1, CLI Basics for details on filtering commands.

save

Enter the save keyword to save the command output.

flash:
Command Modes Command History

Save to local flash drive (flash://filename (max 20 chars) )

EXEC Privilege
Version 7.8.1.0 Version 7.6.1.0 Introduced save to file options Expanded to support S-Series switches

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

145

show tech-support (S-Series) Figure 72 Command Example: show tech-support save (partial) on S-Series
Force10#show tech-support ? page Page through output stack-unit Unit Number | Pipe through a command <cr> Force10#show tech-support stack-unit 1 ? | Pipe through a command <cr> Force10#show tech-support stack-unit 1 | ? except Show only text that does not match a pattern find Search for the first occurrence of a pattern grep Show only text that matches a pattern no-more Don't paginate output save Save output to a file Force10#show tech-support stack-unit 1 | save ? flash: Save to local file system (flash://filename (max 20 chars) ) Force10#show tech-support stack-unit 1 | save flash://LauraSave Start saving show command report ....... Force10# Force10#dir Directory of flash: 1 2 3 4 5 6 7 8 drwdrwx d---rw-rw-rw-rw-rw16384 1536 512 7124 3303 6561 6539 276 Jan Jul Nov Jul Feb May May Jul 01 13 20 13 14 17 29 15 1980 1996 2007 1996 2008 1996 1996 1996 00:00:00 02:38:06 15:46:44 02:33:04 22:01:16 04:10:54 10:35:42 23:11:14 +00:00 +00:00 +00:00 +00:00 +00:00 +00:00 +00:00 +00:00 . .. ADMIN_DIR startup-config startup-config.oldChassis startup-config.bak test.cfg LauraSave

S-Series Examples

flash: 3104256 bytes total (3072512 bytes free) Force10#

146

Control and Monitoring

show tech-support (S-Series) Figure 73 Command Example: show tech-support (partial) on S-Series
Force10#show tech-support stack-unit 0 ----------------------------------- show version ------------------------------Force10 Networks Real Time Operating System Software Force10 Operating System Version: 1.0 Force10 Application Software Version: FTOS 7.6.1.0 Copyright (c) 1999-2007 by Force10 Networks, Inc. Build Time: Tue Sep 12 15:39:17 IST 2006 Build Path: /sites/maa/work/sw/purushothaman/cser-latest/depot/main/Dev/Cyclone/ Force10 uptime is 18 minutes System Type: S50N Control Processor: MPC8451E with 255545344 bytes of memory. 32M bytes of Boot-Flash memory. 1 48-port E/FE/GE (SB) 48 GigabitEthernet/IEEE 802.3 interface(s) 4 Ten GigabitEthernet/IEEE 802.3 interface(s) ------------------------------------ show clock ------------------------------12:03:01.695 UTC Wed Nov 21 2007 ----------------------------------- show running-config -----------------------Current Configuration ... ! Version E_MAIN4.7.5.414 ! Last configuration change at Wed Nov 21 11:42:19 2007 by default ! service timestamps log datetime ! hostname Force10 ! enable password 7 xxxxxxxx ! username admin password 7 xxxxxxxx ! enable restricted 7 xxxxxxxx ! interface GigabitEthernet 0/1 no ip address shutdown ! interface GigabitEthernet 0/2 no ip address shutdown ! !------------- output truncated -----------------!

Usage Information

Without the page or stack-unit option, the command output is continuous, use Ctrl-z to interrupt the command output. The save option works with other filtering commands. This allows you to save specific information of a show command. The save entry should always be the last option. For example: Force10#show tech-support |grep regular-expression |except regular-expression | find
regular-expression | save flash://result

This display output is an accumulation of the same information that is displayed when you execute one of the following show commands: show show show show show show cam clock environment file interfaces inventory Publication Date: July 20, 2011 147

Command Line Reference for FTOS version 8.4.2.4

ssh-peer-rpm
Related Commands

show show show show show show show

ip protocols ip route summary processes cpu processes memory redundancy running-conf version

show version show system (S-Series) show environment (S-Series) show processes memory (S-Series)

Display the FTOS version. Display the current switch status. Display system component status. Display memory usage based on running processes.

ssh-peer-rpm
ce
Syntax Parameters

Open an SSH connection to the peer RPM. ssh-peer-rpm [-l username] -l username
(OPTIONAL) Enter the keyword -l followed by your user name. Default: The user name associated with the terminal

Defaults Command Modes

Not configured. EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.5.1.0 Version 6.3.1.0

Introduced on E-Series ExaScale Introduced on C-Series Introduced on E-Series

Usage Information

This command is not available when the peer RPMs are running different FTOS releases.

148

Control and Monitoring

telnet

telnet
ces
Connect through Telnet to a server. The Telnet client and server in FTOS support IPv4 and IPv6 connections. You can establish a Telnet session directly to the router, or a connection can be initiated from the router. telnet {host | ip-address | ipv6-address prefix-length | vrf vrf instance name } [/ source-interface] host ip-address ipv6-address prefix-length
Enter the name of a server. Enter the IPv4 address in dotted decimal format of the server. Enter the IPv6 address in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 Note: The :: notation specifies successive hexadecimal fields of zeros (Optional) E-Series Only: Enter the keyword vrf followed by the VRF Instance name. (OPTIONAL) Enter the keywords /source-interface followed by the interface information to include the interfaces IP address. Enter the following keywords and slot/port or number information: For a 100/1000 Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Loopback interface, enter the keyword loopback followed by a number from zero (0) to 16383. For the Null interface, enter the keyword null followed by 0. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For SONET interface types, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN interface, enter the keyword vlan followed by a number from 1 to 4094.

Syntax

Parameters

vrf instance source-interface

Defaults Command Modes

Not configured. EXEC EXEC Privilege

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

149

telnet-peer-rpm

Command History

Version 8.2.1.0 Version 8.1.1.0 Version 7.9.1.0 Version 7.6.1.0 Version 7.5.1.0

Introduced on E-Series ExaScale (IPv6) Increased number of VLANs on ExaScale to 4094 (was 2094) Introduced on E-Series ExaScale (IPv4) Introduced VRF. Introduced on S-Series Introduced on C-Series and added support for IPv6 address on E-Series only

Usage Information

Telnet to link-local addresses is not supported.

telnet-peer-rpm
ce
Syntax Defaults Command Modes

Open a Telnet connection to the peer RPM. telnet-peer-rpm Not configured. EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.5.1.0 Version 6.2.1.1

Introduced on E-Series ExaScale Introduced on C-Series Introduced on E-Series

Usage Information

Opening a telnet connection from the Standby RPM to an Active RPM follows the authentication procedure configured in the chassis. However, opening a telnet connection from the Active RPM into the Standby RPM requires local authentication. Configuring an ACL on a VTY line will block a Telnet session using the telnet-peer-rpm command in the standby to active RPM direction only. Such an ACL will not block an internal Telnet session in the active RPM to standby RPM direction.

150

Control and Monitoring

terminal length

terminal length
ces
Syntax

Configure the number of lines displayed on the terminal screen. terminal length screen-length To return to the default values, enter terminal no length.

Parameters

screen-length

Enter a number of lines. Entering zero will cause the terminal to display without pausing. Range: 0 to 512. Default: 24 lines.

Defaults Command Modes

24 lines EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0

Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

E-Series original Command

terminal xml
ce
Syntax

Enable XML mode in Telnet and SSH client sessions. terminal xml To exit the XML mode, enter terminal no xml.

Defaults Command Modes

Disabled EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.7.1.0 Version 6.5.1.0

Introduced on E-Series ExaScale Introduced on C-Series Introduced for E-Series

Usage Information

This command enables the XML input mode where you can either cut and paste XML requests or enter the XML requests line-by-line. For more information on using the XML feature, refer to the XML chapter in the FTOS Configuration Guide.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

151

traceroute

traceroute
ces
Syntax Parameters

View a packets path to a specific device. traceroute {host | vrf instance | ip-address | ipv6-address} host vrf instance ip-address ipv6-address
Enter the name of device. (Optional) E-Series Only: Enter the keyword vrf followed by the VRF Instance name. Enter the IP address of the device in dotted decimal format. Enter the IPv6 address, in the x:x:x:x::x format, to which you are testing connectivity. Note: The :: notation specifies successive hexadecimal fields of zeros

Defaults Command Modes

Timeout = 5 seconds; Probe count = 3; 30 hops max; 40 byte packet size; UDP port = 33434 EXEC EXEC Privilege

Command History

Version 8.4.1.0 Version 8.2.1.0 Version 8.1.1.0 Version 7.9.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0

IPv6 tracerouting available on management interface. Introduced on E-Series ExaScale with IPv6 Introduced on E-Series ExaScale (IPv4 only) Introduced VRF. Added support for S-Series Introduced on C-Series Added support for IPv6 address on E-Series

E-Series original Command Usage Information

When you enter the traceroute command without specifying an IP address (Extended Traceroute), you are prompted for a target and source IP address, timeout in seconds (default is 5), a probe count (default is 3), minimum TTL (default is 1), maximum TTL (default is 30), and port number (default is 33434). To keep the default setting for those parameters, press the ENTER key. For the source IP address option, you may enter IPv6 global addresses only (link-local addresses are not supported). For IPv6, you are prompted for a minimum hop count (default is 1) and a maximum hop count (default is 64).

152

Control and Monitoring

traceroute Figure 74 Command Example: traceroute (IPv4)

Example

Force10#traceroute www.force10networks.com Translating "www.force10networks.com"...domain server (10.11.0.1) [OK] Type Ctrl-C to abort. -----------------------------------------------------------------------------------------Tracing the route to www.force10networks.com (10.11.84.18), 30 hops max, 40 byte packets -----------------------------------------------------------------------------------------TTL Hostname Probe1 Probe2 Probe3 1 10.11.199.190 001.000 ms 001.000 ms 002.000 ms 2 gwegress-sjc-02.force10networks.com (10.11.30.126) 005.000 ms 001.000 ms 001.000 ms 3 fw-sjc-01.force10networks.com (10.11.127.254) 000.000 ms 000.000 ms 000.000 ms 4 www.force10networks.com (10.11.84.18) 000.000 ms 000.000 ms 000.000 ms Force10#

Figure 75 contains examples of the IPv6 traceroute command with both a compressed IPv6 address and uncompressed address. Example

Figure 75 Command Example: traceroute (IPv6)

Force10#traceroute 100::1 Type Ctrl-C to abort. ----------------------------------------------------------Tracing the route to 100::1, 64 hops max, 60 byte packets ----------------------------------------------------------Hops Hostname Probe1 Probe2 Probe3 1 100::1 000.000 ms 000.000 ms 000.000 ms Force10#traceroute 3ffe:501:ffff:100:201:e8ff:fe00:4c8b Type Ctrl-C to abort. ----------------------------------------------------------------------------------------Tracing the route to 3ffe:501:ffff:100:201:e8ff:fe00:4c8b, 64 hops max, 60 byte packets ----------------------------------------------------------------------------------------Hops Hostname Probe1 Probe2 Probe3 1 3ffe:501:ffff:100:201:e8ff:fe00:4c8b 000.000 ms 000.000 ms 000.000 ms Force10#

Related Commands

ping

Test connectivity to a device.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

153

undebug all

undebug all
ces
Syntax Defaults Command Modes Command History

Disable all debug operations on the system. undebug all No default behavior or values EXEC Privilege
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

E-Series original Command

upload trace-log
ce
Syntax

Upload trace log files from the three CPUs (cp, rp1, and rp2) upload trace-log {cp {cmd-history | hw-trace | sw-trace}| rp1 {cmd-history | hw-trace | sw-trace}| rp2 {cmd-history | hw-trace | sw-trace}} cp | rp1 | rp2 cmd-history hw-trace sw-trace
Enter the keyword cp | rp1 | rp2 to upload the trace log from that CPU. (OPTIONAL) Enter the keyword cmd-history to upload the CPUs command history. (OPTIONAL) Enter the keyword hw-trace to upload the CPUs hardware trace. (OPTIONAL) Enter the keyword sw-trace to upload the CPUs software trace.

Parameters

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.5.1.0 Version 6.1.1.0

Introduced on E-Series ExaScale Introduced on C-Series and expanded to support command history, hardware trace, and software trace logs Introduced on E-Series

Usage Information

The log information is uploaded to flash:/TRACE_LOG_DIR

154

Control and Monitoring

virtual-ip

virtual-ip
ce
Syntax Parameters

Configure a virtual IP address for the active management interface. Virtual addresses can be configured both for IPv4 and IPv6 independently. virtual-ip {ipv4-address | ipv6-address} {ipv4-address | ipv6-address}
Enter the IPv4 address (A.B.C.D) or IPv6 address (X:X:X:X::) of the active management interface.

Defaults Command Modes Command History

No default behavior or values CONFIGURATION

Version 8.4.1.0 Version 8.1.1.0 Version 7.5.1.0 Added support for IPv6 addressing. Introduced on E-Series ExaScale Introduced on C-Series

E-Series original Command Usage Information

Both IPv4 and IPv6 virtual address can be configured simultaneously, but only one of each. Each time this command is issued it will replace the previously configured address of the same family, IPv4 or IPv6. The no virtual-ip command now takes an address/prefix-length argument, so that the desired address only is removed. If no virtual-ip is entered without any specified address, then both IPv4 and IPv6 virtual addresses are removed. Figure 76 Command Example: virtual ip (IPv4 and IPv6)

Example

Force10#virtual-ip 10.11.197.99/16 Force10#virtual-ip fdaa:bbbb:cccc:1004::60/64

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

155

write

write
ces
Syntax Parameters

Copy the current configuration to either the startup-configuration file or the terminal. write {memory | terminal} memory
Enter the keyword memory to copy the current running configuration to the startup configuration file. This command is similar to the copy running-config startup-config command. Enter the keyword terminal to copy the current running configuration to the terminal. This command is similar to the show running-config command.

terminal

Command Modes Command History

EXEC Privilege
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

E-Series original Command Related Commands Usage Information

save

Save configurations created in BOOT_USER mode (BLI).

The write memory command saves the running-configuration to the file labeled startup-configuration. When using a LOCAL CONFIG FILE other than the startup-config not named startup-configuration (for example, you used a specific file during the boot config command) the running-config is not saved to that file; use the copy command to save any running-configuration changes to that local file.

156

Control and Monitoring

Chapter 5
Overview
802.1ag is available only on platform: s

802.1ag

Commands
This chapter contains the following commands: ccm disable ccm transmit-interval clear ethernet cfm traceroute-cache database hold-time disable domain ethernet cfm ethernet cfm mep ethernet cfm mip mep cross-check mep cross-check enable mep cross-check start-delay ping ethernet show ethernet cfm domain show ethernet cfm maintenance-points local show ethernet cfm maintenance-points remote show ethernet cfm mipbd show ethernet cfm statistics show ethernet cfm port-statistics show ethernet cfm traceroute-cache service traceroute cache hold-time traceroute cache size traceroute ethernet

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

157

ccm disable

ccm disable
s
Syntax

Disable CCM. ccm disable Enter no ccm disable to enable CCM.

Defaults Command Modes Command History

Disabled ECFM DOMAIN

Version 8.3.7.0 Version 8.3.1.0 Introduced on the S4810. Introduced on S-Series

ccm transmit-interval
s
Syntax Parameters

Configure the transmit interval (mandatory). The interval specified applies to all MEPs in the domain. ccm transmit-interval seconds seconds
Enter a transmit interval. Range: 1,10,60,600

Defaults Command Modes Command History

10 seconds ECFM DOMAIN

Version 8.3.7.0 Version 8.3.1.0 Introduced on the S4810. Introduced on S-Series

clear ethernet cfm traceroute-cache

s
Syntax Defaults Command Modes Command History

Delete all Link Trace Cache entries.

clear ethernet cfm traceroute-cache

None EXEC Privilege

Version 8.3.7.0 Version 8.3.1.0 Introduced on the S4810. Introduced on S-Series

158

802.1ag

database hold-time

database hold-time
s
Syntax Parameters

Set the amount of time that data from a missing MEP is kept in the Continuity Check Database. database hold-time minutes minutes
Enter a hold-time. Range: 100-65535 minutes

Defaults Command Modes Command History

100 minutes ECFM DOMAIN

Version 8.3.7.0 Version 8.3.1.0 Introduced on the S4810. Introduced on S-Series

disable
s
Syntax Defaults Command Modes Command History

Disable Ethernet CFM without stopping the CFM process. disable Disabled ETHERNET CFM
Version 8.3.7.0 Version 8.3.1.0 Introduced on the S4810. Introduced on S-Series

domain
s
Syntax Parameters

Create maintenance domain. domain name md-level number name md-level number
Name the maintenance domain. Enter a maintenance domain level. Range: 0-7

Defaults Command Modes

None ETHERNET CFM

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

159

ethernet cfm

Command History

Version 8.3.7.0 Version 8.3.1.0

Introduced on the S4810. Introduced on S-Series

ethernet cfm
s
Syntax Defaults Command Modes Command History

Spawn the CFM process. No CFM configuration is allowed until the CFM process is spawned. ethernet cfm Disabled CONFIGURATION
Version 8.3.7.0 Version 8.3.1.0 Introduced on the S4810. Introduced on S-Series

ethernet cfm mep

s
Syntax

Create an MEP. ethernet cfm mep {up-mep | down-mep} domain {name | level} ma-name name mepid mep-id
[up-mep | down-mep] Specify whether the MEP is up or down facing. Up-MEP: monitors the forwarding path internal to an bridge on the customer or provider edge; on Force10 systems the internal forwarding path is effectively the switch fabric and forwarding engine. Down-MEP: monitors the forwarding path external another bridge. Enter this keyword followed by the domain name or domain level. Enter this keyword followed by the name of the maintenance association. Enter an MEP ID. Range: 1-8191

Parameters

domain [name | level] ma-name name mepid mep-id

Defaults Command Modes Command History

None INTERFACE
Version 8.3.7.0 Version 8.3.1.0 Introduced on the S4810. Introduced on S-Series

160

802.1ag

ethernet cfm mip

s
Syntax Parameters

Create an MIP. ethernet cfm mip domain {name | level} ma-name name domain [name | level] ma-name name
Enter this keyword followed by the domain name or domain level. Enter this keyword followed by the name of the maintenance association.

Defaults Command Modes Command History

None INTERFACE
Version 8.3.7.0 Version 8.3.1.0 Introduced on the S4810. Introduced on S-Series

mep cross-check
s
Syntax Parameters

Enable cross-checking for an MEP. mep cross-check mep-id mep-id

Enter the MEP ID Range: 1-8191

Defaults Command Modes Command History

None ECFM DOMAIN

Version 8.3.7.0 Version 8.3.1.0 Introduced on the S4810. Introduced on S-Series

mep cross-check enable

s
Syntax Parameters

Enable cross-checking. mep cross-check enable {port | vlan-id} port vlan-id

Down service with no VLAN association. Enter the VLAN to apply the cross-check.

Defaults

None Publication Date: July 20, 2011 161

Command Line Reference for FTOS version 8.4.2.4

mep cross-check start-delay

Command Modes Command History

ECFM DOMAIN
Version 8.3.7.0 Version 8.3.1.0 Introduced on the S4810. Introduced on S-Series

mep cross-check start-delay

s
Syntax Parameters

Configure the amount of time the system waits for a remote MEP to come up before the cross-check operation is started. mep cross-check start-delay number start-delay number
Enter a start-delay in seconds. Range: 3-100 seconds

Defaults Command Modes Command History

3 ccms ETHERNET CFM

Version 8.3.7.0 Version 8.3.1.0 Introduced on the S4810. Introduced on S-Series

ping ethernet
s
Syntax

Send a Loopback message. ping ethernet domain [name l level] ma-name m a-name remote {dest-mep-id | mac-addr mac-address} source {src-mep-id | port interface} name | level ma-name ma-name dest-mep-id mac-addr mac-address src-mep-id port interface
Enter the domain name or level. Enter the keyword followed by the maintenance association name. Enter the MEP ID that will be the target of the ping. Enter the keyword followed by the MAC address that will be the target of the ping. Enter the MEP ID that will originate the ping. Enter the keyword followed by the interface that will originate the ping.

Parameters

Defaults Command Modes

None EXEC Privilege

162

802.1ag

show ethernet cfm domain

Command History

Version 8.3.7.0 Version 8.3.1.0

Introduced on the S4810. Introduced on S-Series

show ethernet cfm domain

s
Syntax Parameters

Display maintenance domain information. show ethernet cfm domain [name | level | brief] name | level brief
Enter the maintenance domain name or level. Enter this keyword to display a summary output.

Defaults Command Modes Command History

None EXEC Privilege

Version 8.3.7.0 Version 8.3.1.0 Introduced on the S4810. Introduced on S-Series

Example

Force10# show ethernet cfm domain Domain Name: customer Level: 7 Total Service: 1 Services MA-Name My_MA Domain Name: My_Domain Level: 6 Total Service: 1 Services MA-Name Your_MA

VLAN 200

CC-Int 10s

X-CHK Status enabled

VLAN 100

CC-Int 10s

X-CHK Status enabled

show ethernet cfm maintenance-points local

s
Syntax Parameters

Display configured MEPs and MIPs. show ethernet cfm maintenance-points local [mep | mip] mep mip
Enter this keyword to display configured MEPs. Enter this keyword to display configured MIPs.

Defaults

None Publication Date: July 20, 2011 163

Command Line Reference for FTOS version 8.4.2.4

show ethernet cfm maintenance-points remote

Command Modes Command History

EXEC Privilege
Version 8.3.7.0 Version 8.3.1.0 Introduced on the S4810. Introduced on S-Series

Example

Force10#show ethernet cfm maintenance-points local mip ------------------------------------------------------------------------------MPID Domain Name Level Type Port CCM-Status MA Name VLAN Dir MAC ------------------------------------------------------------------------------0 0 service1 My_MA service1 Your_MA 4 3333 4 3333 MIP DOWN MIP UP Gi 0/5 00:01:e8:0b:c6:36 Gi 0/5 00:01:e8:0b:c6:36 Disabled Disabled

show ethernet cfm maintenance-points remote

s
Syntax

Display the MEP Database. show ethernet cfm maintenance-points remote detail [active | domain {level | name} | expired | waiting] active domain [name | level] expired waiting
Enter this keyword to display only the MEPs in active state. Enter this keyword followed by the domain name or domain level. Enter this keyword to view MEP entries that have expired due to connectivity failure. Enter this keyword to display MEP entries waiting for response.

Parameters

Defaults Command Modes Command History

None EXEC Privilege

Version 8.3.7.0 Version 8.3.1.0 Introduced on the S4810. Introduced on S-Series

Example

Force10#show ethernet cfm maintenance-points remote detail MAC Address: 00:01:e8:58:68:78 Domain Name: cfm0 MA Name: test0 Level: 7 VLAN: 10 MP ID: 900 Sender Chassis ID: Force10 MEP Interface status: Up MEP Port status: Forwarding Receive RDI: FALSE MP Status: Active

164

802.1ag

show ethernet cfm mipbd

s
Syntax Defaults Command Modes Command History

Display the MIP Database. show ethernet cfm mipdb None EXEC Privilege
Version 8.3.7.0 Version 8.3.1.0 Introduced on the S4810. Introduced on S-Series

show ethernet cfm statistics

s
Syntax Parameters

Display MEP statistics. show ethernet cfm statistics [domain {name | level} vlan-id vlan-id mpid mpid] domain name | level vlan-id vlan-id mpid mpid
Enter this keyword to display statistics for a particular domain. Enter the domain name or level. Enter this keyword followed by a VLAN ID. Enter this keyword followed by a maintenance point ID.

Defaults Command Modes Command History

None EXEC Privilege

Version 8.3.7.0 Version 8.3.1.0 Introduced on the S4810. Introduced on S-Series

Example

Force10#

show ethernet cfm statistics

Domain Name: Customer Domain Level: 7 MA Name: My_MA MPID: 300 CCMs: Transmitted: LTRs: Unexpected Rcvd: LBRs: Received: Received Bad MSDU: Transmitted: 1503 0 0 0 0 Rcvd Out Of Order: 0 RcvdSeqErrors: 0

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

165

show ethernet cfm port-statistics

s
Syntax Parameters

Display CFM statistics by port. show ethernet cfm port-statistics [interface type slot/port] interface type slot/port
Enter this keyword followed by the interface type. Enter the slot and port numbers for the port.

Defaults Command Modes Command History

None EXEC Privilege

Version 8.3.7.0 Version 8.3.1.0 Introduced on the S4810. Introduced on S-Series

Example

Force10#show ethernet cfm port-statistics interface gigabitethernet 0/5 Port statistics for port: Gi 0/5 ================================== RX Statistics ============= Total CFM Pkts 75394 CCM Pkts 75394 LBM Pkts 0 LTM Pkts 0 LBR Pkts 0 LTR Pkts 0 Bad CFM Pkts 0 CFM Pkts Discarded 0 CFM Pkts forwarded 102417 TX Statistics ============= Total CFM Pkts 10303 CCM Pkts 0 LBM Pkts 0 LTM Pkts 3 LBR Pkts 0 LTR Pkts 0

show ethernet cfm traceroute-cache

s
Syntax Defaults Command Modes Command History

Display the Link Trace Cache. show ethernet cfm traceroute-cache None EXEC Privilege
Version 8.3.7.0 Version 8.3.1.0 Introduced on the S4810. Introduced on S-Series

166

802.1ag

service

Example

Force10#show ethernet cfm traceroute-cache Traceroute to 00:01:e8:52:4a:f8 on Domain Customer2, Level 7, MA name Test2 with VLAN 2 -----------------------------------------------------------------------------Hops Host IngressMAC Ingr Action Relay Action Next Host Egress MAC Egress Action FWD Status -----------------------------------------------------------------------------4 00:00:00:01:e8:53:4a:f8 00:00:00:01:e8:52:4a:f8 00:01:e8:52:4a:f8 IngOK RlyHit Terminal MEP

service
s
Syntax Parameters

Create maintenance association. service name vlan vlan-id name vlan vlan-id
Enter a maintenance association name. Enter this keyword followed by the VLAN ID. Range: 1-4094

Defaults Command Modes Command History

None ECFM DOMAIN

Version 8.3.7.0 Version 8.3.1.0 Introduced on the S4810. Introduced on S-Series

traceroute cache hold-time

s
Syntax Parameters

Set the amount of time a trace result is cached.

traceroute cache hold-time minutes

minutes

Enter a hold-time. Range: 10-65535 minutes

Defaults Command Modes Command History

100 minutes ETHERNET CFM

Version 8.3.7.0 Version 8.3.1.0 Introduced on the S4810. Introduced on S-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

167

traceroute cache size

s
Syntax Parameters

Set the size of the Link Trace Cache. traceroute cache size entries entries
Enter the number of entries the Link Trace Cache can hold. Range: 1 - 4095 entries

Defaults Command Modes Command History

100 entries ETHERNET CFM

Version 8.3.7.0 Version 8.3.1.0 Introduced on the S4810. Introduced on S-Series

traceroute ethernet
s
Syntax

Send a Linktrace message to an MEP.

traceroute ethernet domain [name | level] ma-name ma-name remote {mep-id mep-id | mac-addr mac-address}

Parameters

domain name | level ma-name ma-name mepid mep-id mac-addr mac-address

Enter the keyword followed by the domain name or level. Enter the keyword followed by the maintenance association name. Enter the MEP ID that will be the trace target. Enter the MAC address of the trace target.

Defaults Command Modes Command History

None EXEC Privilege

Version 8.3.7.0 Version 8.3.1.0 Introduced on the S4810. Introduced on S-Series

168

802.1ag

Chapter 6
Overview
802.3ah is available only on platform: s

802.3ah

Commands
This chapter contains the following commands: clear ethernet oam statistics ethernet oam (enable/disable) ethernet oam (parameters) ethernet oam event-log size ethernet oam link-monitor frame ethernet oam link-monitor frame-seconds ethernet oam link-monitor high-threshold action ethernet oam link-monitor on ethernet oam link-monitor supported ethernet oam link-monitor symbol-period ethernet oam mode ethernet oam remote-failure ethernet oam remote-loopback ethernet oam remote-loopback (interface) ethernet oam timeout show ethernet oam discovery show ethernet oam status show ethernet oam statistics show ethernet oam summary

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

169

clear ethernet oam statistics

s
Syntax Parameters

Clear Link Layer OAM statistics.

clear ethernet oam statistics interface interface

interface None None EXEC Privilege

Version 8.4.1.0

Enter the interface for which you want to clear statistics, for example gig 0/1.

Parameters Defaults Command Mode Command History

Introduced on S-Series

ethernet oam (enable/disable)

s
Syntax Parameters Defaults Command Mode Command History

Enable Ethernet OAM. ethernet oam None Disabled INTERFACE

Version 8.4.1.0 Introduced on S-Series

ethernet oam (parameters)

s
Syntax Parameters

Specify a the maximum or minimum number of OAMPDUs to be sent per second.

ethernet oam {max-rate value | min-rate value}

max-rate value | min-rate value 10 INTERFACE

Enter a maximum or minimum rate in OAMPDU/second. Range: 1-10

Defaults Command Mode

170

802.3ah

ethernet oam event-log size

Command History

Version 8.4.1.0

Introduced on S-Series

ethernet oam event-log size

s
Syntax Parameters

Specify the size of the event log.

ethernet oam event-log size entries

entries

Enter the number of entries for the log size. Range: 0 to 200. Default: 50.

Defaults Command Mode Command History

50 CONFIGURATION
Version 8.4.1.0 Introduced on S-Series

ethernet oam link-monitor frame

s
Syntax

Set the frame error thresholds and window.

ethernet oam link-monitor frame threshold {high {frames | none} | low frames

| window frames}
Parameters high {frames | none}

Specify the high threshold value for frame errors, or disable the high threshold. Range: 1-65535 Default: None Specify the low threshold for frame errors. Range: 0-65535 Default: 1 Specify the time period for frame errors per millisecond condition. Range: 10-600 milliseconds Default: 100 milliseconds

low frames

window frames

Defaults Command Mode Command History

As above INTERFACE
Version 8.4.1.0 Introduced on S-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

171

ethernet oam link-monitor frame-seconds

s
Syntax

Set the frame-error seconds per time period thresholds and window.
ethernet oam link-monitor frame-seconds threshold {high {milliseconds | none} | low milliseconds | window milliseconds} high {milliseconds | none}

Parameters

Specify the high threshold value for frame error seconds per time period, or disable the high threshold. Range: 1-900 Default: None Specify the low threshold for frame error seconds per time period. Range: 1-900 Default: 1 Specify the time period for error second per time period condition. Range: 100-900, in multiples of 100 Default: 1000 milliseconds

low milliseconds

window milliseconds

Defaults Command Mode Command History

As above INTERFACE
Version 8.4.1.0 Introduced on S-Series

ethernet oam link-monitor high-threshold action

s
Syntax Defaults Command Mode Command History

Disable an interface when the high threshold is exceeded for any of the monitored error conditions.
ethernet oam link-monitor high-threshold action error-disable-interface

Enabled INTERFACE
Version 8.4.1.0 Introduced on S-Series

172

802.3ah

ethernet oam link-monitor on

s
Start link performance monitoring on an interface. To stop link monitoring, enter the no
ethernet oam link-monitor on command.

Link monitoring is started on an interface by default when you enable Ethernet OAM with the ethernet oam command.
Syntax Defaults Command Mode Command History ethernet oam link-monitor on

Enabled INTERFACE
Version 8.4.1.0 Introduced on S-Series

ethernet oam link-monitor supported

s
Enable support for link performance monitoring on an interface. To disable support for link monitoring, enter the no ethernet oam link-monitor supported command. Support for link monitoring is enabled on an interface by default when you enable Ethernet OAM with the ethernet oam command.
Syntax Defaults Command Mode Command History ethernet oam link-monitor supported

Enabled INTERFACE
Version 8.4.1.0 Introduced on S-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

173

ethernet oam link-monitor symbol-period

s
Syntax

Set the symbol error thresholds and window.

ethernet oam link-monitor symbol-period threshold {high {symbols | none} | low symbols

| window symbols}
Parameters high {symbols | none}

Specify the high threshold value for symbol errors, or disable the high threshold. Range: 1-65535 Default: None Specify the low threshold for symbol errors. Range: 0-65535 Default: 10 Specify the time period for symbol errors per second condition. Range: 1-65535 (times 1,000,000 symbols) Default: 10 (10,000,000 symbols)

low symbols

window symbols

Defaults Command Mode Command History

As above INTERFACE
Version 8.4.1.0 Introduced on S-Series

ethernet oam mode

s
Syntax Parameters

Set the transmission mode to active or passive.

ethernet oam mode {active | passive}

active | passive Active INTERFACE

Version 8.4.1.0

Choose either active or passive mode for the interface.

Defaults Command Mode Command History

Introduced on S-Series

174

802.3ah

ethernet oam remote-failure

s
Syntax

Block or disable an interface when a particular critical link event occurs.

ethernet oam remote-failure {critical-event | dying-gasp | link-fault} action {error-block-interface | error-disable-interface} critical-event dying-gasp link-fault error-block-interface error-disable-interface

Parameters

An unspecified critical event occurred.

An unrecoverable local failure condition occurred. A fault occurred in the receive direction of the local peer. Block the interface if the specified fault occurs. Disable the interface if the specified fault occurs.

Defaults Command Mode Command History

Disabled INTERFACE
Version 8.4.1.0 Introduced on S-Series

ethernet oam remote-loopback

s
Syntax Parameters

Start or stop loopback operation on a local interface with a remote peer. ethernet oam remote-loopback {start | stop} interface interface
start | stop interface interface Start or stop a loopback operation with a remote peer. Specify the interface on which remote-loopback starts/stops, for example

gigabitethernet 0/1.

Defaults Command Mode Command History

Enabled EXEC Privilege

Version 8.4.1.0 Introduced on S-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

175

ethernet oam remote-loopback (interface)

s
Syntax Parameters

Enable support for OAM loopback on an interface and configure a timeout value. ethernet oam remote-loopback {supported | timeout seconds}
supported timeout seconds Start or stop a loopback operation on a peer. Specify the number of seconds that the local peer waits to receive a returned frame before considering a remote peer to be non-operational. Valid values are from 1 to 10.

Defaults Command Mode Command History

None INTERFACE
Version 8.4.1.0 Introduced on S-Series

ethernet oam timeout

s
Syntax Parameters

Specify the amount of time that the system waits to receive an OAMPDU from a peer before considering it non-operational.
ethernet oam timeout value

value

Enter a timeout value in seconds.

Range: 2-30 seconds

Defaults Command Mode Command History

5 seconds INTERFACE
Version 8.4.1.0 Introduced on S-Series

176

802.3ah

show ethernet oam discovery

s
Syntax Parameters

Display the OAM discovery status. show ethernet oam discovery interface interface interface None EXEC Privilege
Version 8.4.1.0 Introduced on S-Series Enter the interface for which you want to display status, for example gig 0/1.

Defaults Command Mode Command History Example

Force10# show ethernet oam discovery interface <interface-name> Local client __________ Administrative configurations: Mode:active Unidirection:not supported Link monitor:supported (on) Remote loopback:not supported MIB retrieval:not supported Mtu size:1500 Operational status: Port status:operational Loopback status:no loopback PDU permission:any PDU revision:1 Remote client ___________ MAC address:0030.88fe.87de Vendor(OUI):0x00 0x00 0x0C Administrative configurations: Mode:active Unidirection:not supported Link monitor:supported Remote loopback:not supported MIB retrieval:not supported Mtu size:1500

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

177

show ethernet oam statistics

s
Syntax Parameters

Display Link Layer OAM statistics per interface.

show ethernet oam statistics interface interface

interface None EXEC Privilege

Version 8.4.1.0

Enter the interface for which you want to display statistics, for example gig 0/1.

Defaults Command Mode Command History Example

Introduced on S-Series

Force10# show ethernet oam statistics interface <interface-name> <interface-name> Counters: _________ Information OAMPDU Tx: 3439489 Information OAMPDU Rx: 9489 Unique Event Notification OAMPDU Tx: 0 Unique Event Notification OAMPDU x: 0 Duplicate Event Notification OAMPDU Tx: 0 Duplicate Event Notification OAMPDU Rx: 0 Loopback Control OAMPDU Tx: 0 Loopback Control OAMPDU Rx: 2 Variable Request OAMPDU Tx: 0 Variable Request OAMPDU Rx: 0 Variable Response OAMPDU Tx: 0 Variable Response OAMPDU Rx: 0 Force10 OAMPDU Tx:: 10 Force10 OAMPDU Rx:: 21 Unsupported OAMPDU Tx:: 0 Unsupported OAMPDU Rx:0 Frame Lost due to OAM:0 Local Faults: 0 Link Fault Records 0 Dying Gasp Records Total dying Gasps:: 2 Time Stamp: 00:40:23 Total dying Gasps:: 1 Time Stamp: 00:41:23 0 Critical Event Records Remote Faults: _________ 0 Link Fault Records 0 Dying Gasp Records 0 Critical Event Records Local Event Logs: _____________ 0 Errored Symbol Period Records 0 Errored Frame Records 0 Errored Frame Period Records 0 Errored Frame Second Records Remote Event Logs: _____________ 0 Errored Symbol Period Records 0 Errored Frame Records 0 Errored Frame Period Records 0 Errored Frame Second Records

178

802.3ah

show ethernet oam status

s
Syntax Parameters

Display Link Layer OAM status per interface.

show ethernet oam status interface interface

interface None EXEC Privilege

Version 8.4.1.0

Enter the interface for which you want to display status, for example gig 0/1.

Defaults Command Mode Command History Example

Introduced on S-Series

Force10# show ethernet oam status interface <interface-name> Output Format : <interface-name> General ______ Mode:active PDU max rate:10 packets per second PDU min rate:1 packet per second Link timeout:5 seconds High threshold action:no action Link Monitoring ____________ Status supported (on) Symbol Period Error Window:1 million symbols Low threshold:1 error symbol(s) High threshold:none Frame Error Window:1 million symbols Low threshold:1 error symbol(s) High threshold:none Frame Period Error Window:1 x 100,000 frames Low threshold:1 error symbol(s) High threshold:none Frame Seconds Error Window:600 x 100 milliseconds Low threshold:1 error second(s) High threshold:none

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

179

show ethernet oam summary

s
Syntax Defaults Command Mode Command History Example

Display Link Layer OAM sessions. show ethernet oam summary None EXEC Privilege
Version 8.4.1.0 Introduced on S-Series

Force10# show ethernet oam summary Output format : Symbols:* - Master Loopback State, # - Slave Loopback State Capability codes:L - Link Monitor, R - Remote Loopback U - Unidirection,V - Variable Retrieval LocalRemote InterfaceMAC AddressOUIModeCapability Gi6/1/10023.84ac.b8000000DactiveL R

180

802.3ah

Chapter 7
debug dot1x dot1x auth-type mab-only dot1x authentication (Interface) dot1x auth-fail-vlan dot1x auth-server dot1x guest-vlan dot1x host-mode dot1x mac-auth-bypass dot1x max-eap-req dot1x max-supplicants dot1x port-control dot1x quiet-period dot1x reauthentication dot1x reauth-max dot1x server-timeout dot1x supplicant-timeout dot1x tx-period show dot1x cos-mapping interface show dot1x interface

802.1X

The 802.1X Port Authentication commands are:

An authentication server must authenticate a client connected to an 802.1X switch port. Until the authentication, only EAPOL (Extensible Authentication Protocol over LAN) traffic is allowed through the port to which a client is connected. Once authentication is successful, normal traffic passes through the port. FTOS supports RADIUS and Active Directory environments using 802.1X Port Authentication.

Important Points to Remember

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

181

debug dot1x

If 802.1X authorization is enabled but the VLAN information from the RADIUS server is not valid, the port returns to the unauthorized state and remains in the configured access VLAN. This prevents ports from appearing unexpectedly in an inappropriate VLAN due to a configuration error. Configuration errors create an entry in Syslog. If 802.1X authorization is enabled and all information from the RADIUS server is valid, the port is placed in the specified VLAN after authentication. If port security is enabled on an 802.1X port with VLAN assignment, the port is placed in the RADIUS server assigned VLAN. If 802.1X is disabled on the port, it is returned to the configured access VLAN. When the port is in the force authorized, force unauthorized, or shutdown state, it is placed in the configured access VLAN. If an 802.1X port is authenticated and put in the RADIUS server assigned VLAN, any change to the port access VLAN configuration will not take effect. The 802.1X with VLAN assignment feature is not supported on trunk ports, dynamic ports, or with dynamic-access port assignment through a VLAN membership.

debug dot1x
cs
Syntax Parameters

Display 802.1X debugging information. debug dot1x [all | errors | packets | state-machine] [interface interface] all errors packets state-machine interface interface
Enable all 802.1X debug messages. Display information about all 802.1X errors. Display information about all 802.1X packets. Display information about all 802.1X packets. Restricts the debugging information to an interface.

Defaults Command Modes Command History

Disabled EXEC Privilege

Version 8.4.1.0 Introduced on C-Series and S-Series

182

802.1X

dot1x auth-type mab-only

cs
Syntax Defaults Command Modes Command History Usage Information

Use only the host MAC address to authenticate a device with MAC authentication bypass (MAB). dot1x auth-type mab-only Disabled INTERFACE
Version 8.4.2.1 Introduced on the C-Series and S-Series

The prerequisites for enabling MAB-only authentication on a port are: 802.1X authentication must be enabled globally on the switch and on the port (dot1x authentication command). MAC authentication bypass must be enabled on the port (dot1x mac-auth-bypass command).

In MAB-only authentication mode, a port authenticates using the host MAC address even though 802.1xauthentication is enabled. If the MAB-only authentication fails, the host is placed in the guest VLAN (if configured). To disable MAB-only authentication on a port, enter the no dot1x auth-type mab-only command.
Related Commands dot1x mac-auth-bypass

dot1x authentication (Configuration)

ces
Syntax

Enable dot1x globally; dot1x must be enabled both globally and at the interface level. dot1x authentication To disable dot1x on an globally, use the no dot1x authentication command.

Defaults Command Modes Command History

Disabled CONFIGURATION
Version 7.6.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series Introduced on E-Series

Related Commands

dot1x authentication (Interface)

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

183

dot1x authentication (Interface)

ces
Syntax

Enable dot1x on an interface; dot1x must be enabled both globally and at the interface level. dot1x authentication To disable dot1x on an interface, use the no dot1x authentication command.

Defaults Command Modes Command History

Disabled INTERFACE
Version 7.6.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series Introduced on E-Series

Related Commands

dot1x authentication (Configuration)

dot1x auth-fail-vlan
ces
Syntax

Configure a authentication failure VLAN for users and devices that fail 802.1X authentication. dot1x auth-fail-vlan vlan-id [max-attempts number] To delete the authentication failure VLAN, use the no dot1x auth-fail-vlan vlan-id [max-attempts number] command.

Parameters

vlan-id max-attempts number

Enter the VLAN Identifier. Range: 1 to 4094 (OPTIONAL) Enter the keyword max-attempts followed number of attempts desired before authentication fails. Range: 1 to 5 Default: 3

Defaults Command Modes Command History Usage Information

3 attempts CONFIGURATION (conf-if-interface-slot/port)

Version 7.6.1.0 Introduced on C-Series, E-Series and S-Series

If the host responds to 802.1X with an incorrect login/password, the login fails. The switch will attempt to authenticate again until the maximum attempts configured is reached. If the authentication fails after all allowed attempts, the interface is moved to the authentication failed VLAN. Once the authentication VLAN is assigned, the port-state must be toggled to restart authentication. Authentication will occur at the next re-authentication interval (dot1x reauthentication).

184

802.1X

dot1x auth-server

Related Commands

dot1x port-control dot1x guest-vlan show dot1x interface

dot1x auth-server
ces
Syntax Defaults Command Modes Command History

Configure the authentication server to RADIUS. dot1x auth-server radius No default behavior or values CONFIGURATION
Version 7.6.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series Introduced on E-Series

dot1x guest-vlan
ces
Syntax

Configure a guest VLAN for limited access users or for devices that are not 802.1X capable. dot1x guest-vlan vlan-id To disable the guest VLAN, use the no dot1x guest-vlan vlan-id command.

Parameters

vlan-id

Enter the VLAN Identifier. Range: 1 to 4094

Defaults Command Modes Command History Usage Information

Not configured CONFIGURATION (conf-if-interface-slot/port)

Version 7.6.1.0 Introduced on C-Series, E-Series, and S-Series

802.1X authentication is enabled when an interface is connected to the switch. If the host fails to respond within a designated amount of time, the authenticator places the port in the guest VLAN. If a device does not respond within 30 seconds, it is assumed that the device is not 802.1X capable. Therefore, a guest VLAN is allocated to the interface and authentication, for the device, will occur at the next re-authentication interval (dot1x reauthentication).

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

185

dot1x host-mode

If the host fails authentication for the designated amount of times, the authenticator places the port in authentication failed VLAN (dot1x auth-fail-vlan).

Note: Layer 3 portion of guest VLAN and authentication fail VLANs can be created
regardless if the VLAN is assigned to an interface or not. Once an interface is assigned a guest VLAN (which has an IP address), then routing through the guest VLAN is the same as any other traffic. However, interface may join/leave a VLAN dynamically.
Related Commands

dot1x auth-fail-vlan dot1x reauthentication show dot1x interface

dot1x host-mode
c e ts
Syntax Parameters

Enable single-host or multi-host authentication. dot1x host-mode {single-host | multi-host | multi-auth} single-host multi-host multi-auth
Enable single-host authentication. Enable multi-host authentication. Enable multi-supplicant authentication.

Defaults Command Modes Command History

single-host INTERFACE
Version 8.4.1.0 Version 8.3.2.0 The multi-auth option was introduced on the C-Series and S-Series. The single-host and multi-host options were introduced on the C-Series, E-Series TeraScale, and S-Series

Usage Information

Single-host mode authenticates only one host per authenticator port, and drops all other traffic on the port. Multi-host mode authenticates the first host to respond to an Identity Request, and then permits all other traffic on the port. Multi-supplicant mode authenticates every device attempting to connect to the network on through the authenticator port.
show dot1x interface

Related Commands

186

802.1X

dot1x mac-auth-bypass

dot1x mac-auth-bypass
cs
Enable MAC authentication bypass. If 802.1X times out because the host did not respond to the Identity Request frame, FTOS attempts to authenticate the host based on its MAC address. dot1x mac-auth-bypass Disabled INTERFACE
Version 8.4.1.0 Introduced on C-Series and S-Series

Syntax Defaults Command Modes Command History Usage Information Related Commands

To disable MAC authentication bypass on a port, enter the no dot1x mac-auth-bypass command.
dot1x auth-type mab-only

dot1x max-eap-req
ces
Syntax

Configure the maximum number of times an EAP (Extensive Authentication Protocol) request is transmitted before the session times out. dot1x max-eap-req number To return to the default, use the no dot1x max-eap-req command.

Parameters

number

Enter the number of times an EAP request is transmitted before a session time-out. Range: 1 to 10 Default: 2

Defaults Command Modes Command History

2 INTERFACE
Version 7.6.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

187

dot1x max-supplicants

dot1x max-supplicants
c e ts
Syntax Parameters

Restrict the number of supplicants that can be authenticated and permitted to access the network through the port. This configuration is only takes effect in multi-auth mode. dot1x max-supplicants number number
Enter the number of supplicants that can be authenticated on a single port in multi-auth mode. Range: 1-128 Default: 128

Defaults Command Modes Command History Related Commands

128 hosts can be authenticated on a single authenticator port. INTERFACE

Version 8.4.1.0 Introduced on C-Series and S-Series

dot1x host-mode

dot1x port-control
ces
Syntax Parameters

Enable port control on an interface. dot1x port-control {force-authorized | auto | force-unauthorized} force-authorized auto force-unauthorized
Enter the keyword force-authorized to forcibly authorize a port. Enter the keyword auto to authorize a port based on the 802.1X operation result. Enter the keyword force-unauthorized to forcibly de-authorize a port.

Defaults Command Modes Command History

No default behavior or values INTERFACE

Version 7.6.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series Introduced on E-Series

Usage Information

The authenticator performs authentication only when port-control is set to auto.

188

802.1X

dot1x quiet-period

dot1x quiet-period
ces
Syntax

Set the number of seconds that the authenticator remains quiet after a failed authentication with a client. dot1x quiet-period seconds To disable quiet time, use the no dot1x quiet-time command.

Parameters

seconds

Enter the number of seconds. Range: 1 to 65535 Default: 30

Defaults Command Modes Command History

30 seconds INTERFACE
Version 7.6.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series Introduced on E-Series

dot1x reauthentication
ces
Syntax

Enable periodic re-authentication of the client. dot1x reauthentication [interval seconds] To disable periodic re-authentication, use the no dot1x reauthentication command.

Parameters

interval seconds

(Optional) Enter the keyword interval followed by the interval time, in seconds, after which re-authentication will be initiated. Range: 1 to 31536000 (1 year) Default: 3600 (1 hour)

Defaults Command Modes Command History

3600 seconds (1 hour) INTERFACE

Version 7.6.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

189

dot1x reauth-max

dot1x reauth-max
ces
Syntax

Configure the maximum number of times a port can re-authenticate before the port becomes unauthorized. dot1x reauth-max number To return to the default, use the no dot1x reauth-max command.

Parameters

number

Enter the permitted number of re-authentications. Range: 1 - 10 Default: 2

Defaults Command Modes Command History

2 INTERFACE
Version 7.6.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series Introduced on E-Series

190

802.1X

dot1x server-timeout

dot1x server-timeout
ces
Syntax

Configure the amount of time after which exchanges with the server time out. dot1x server-timeout seconds To return to the default, use the no dot1x server-timeout command.

Parameters

seconds

Enter a time-out value in seconds. Range: 1 to 300, where 300 is implementation dependant. Default: 30

Defaults Command Modes Command History

30 seconds INTERFACE
Version 7.6.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series Introduced on E-Series

Usage Information

When you configure the dot1x server-timeout value, you must take into account the communication medium used to communicate with an authentication server and the number of RADIUS servers configured. Ideally, the dot1x server-timeout value (in seconds) is based on the configured RADIUS-server timeout and retransmit values and calculated according to the following formula: dot1x server-timeout seconds > (radius-server retransmit seconds + 1) * radius-server
timeout seconds

Where the default values are as follows: dot1x server-timeout (30 seconds), radius-server retransmit (3 seconds), and radius-server timeout (5 seconds). For example:
Force10(conf)#radius-server host 10.11.197.105 timeout 6 Force10(conf)#radius-server host 10.11.197.105 retransmit 4 Force10(conf)#interface gigabitethernet 2/23 Force10(conf-if-gi-2/23)#dot1x server-timeout 40

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

191

dot1x supplicant-timeout

dot1x supplicant-timeout
ces
Syntax

Configure the amount of time after which exchanges with the supplicant time out. dot1x supplicant-timeout seconds To return to the default, use the no dot1x supplicant-timeout command.

Parameters

seconds

Enter a time-out value in seconds. Range: 1 to 300, where 300 is implementation dependant. Default: 30

Defaults Command Modes Command History

30 seconds INTERFACE
Version 7.6.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series Introduced on E-Series

dot1x tx-period
ces
Syntax

Configure the intervals at which EAPOL PDUs are transmitted by the Authenticator PAE. dot1x tx-period seconds To return to the default, use the no dot1x tx-period command.

Parameters

seconds

Enter the interval time, in seconds, that EAPOL PDUs are transmitted. Range: 1 to 31536000 (1 year) Default: 30

Defaults Command Modes Command History

30 seconds INTERFACE
Version 7.6.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series Introduced on E-Series

192

802.1X

show dot1x cos-mapping interface

cs
Syntax Parameters

Display the CoS priority-mapping table provided by the RADIUS server and applied to authenticated supplicants on an 802.1X-enabled port. show dot1x cos-mapping interface interface [mac-address mac-address] interface
Enter one of the following keywords and slot/port or number information:

For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Fast Ethernet interface, enter the keyword FastEthernet followed by
the slot/port information.

mac-address
Defaults Command Modes

For a Ten Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

(Optional) MAC address of an 802.1X-authenticated supplicant.

No default values or behavior EXEC EXEC privilege

Command History Usage Information

Version 8.4.2.1

Introduced on the C-Series and S-Series

Enter a supplicants MAC address using the mac-address option to display CoS mapping information only for the specified supplicant. You can display the CoS mapping information applied to traffic from authenticated supplicants on 802.1X-enabled ports that are in single-host, multi-host, and multi-supplicant authentication modes.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

193

show dot1x cos-mapping interface

Example

Figure 77 show dot1x cos-mapping interface Command Example

Force10#show dot1x cos-mapping interface gigabitehternet 2/21 802.1p CoS re-map table on Gi 2/21: ---------------------------------Dot1p Remapped Dot1p 0 7 1 6 2 5 3 4 4 3 5 2 6 1 7 0 Force10#show dot1x cos-mapping int g 2/21 mac-address 00:00:01:00:07:00 802.1p CoS re-map table on Gi 2/21: ---------------------------------802.1p CoS re-map table for Supplicant: 00:00:01:00:07:00 Dot1p 0 1 2 3 4 5 6 7 Remapped Dot1p 7 6 5 4 3 2 1 0

194

802.1X

show dot1x interface

ces
Syntax Parameters

Display the 802.1X configuration of an interface. show dot1x interface interface [mac-address mac-address] interface
Enter one of the following keywords and slot/port or number information:

mac-address
Defaults Command Modes

For a Ten Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

(Optional) MAC address of a supplicant.

No default values or behavior EXEC EXEC privilege

Command History

Version 8.4.2.1 Version 7.6.1.0

Introduced mac-address option on the C-Series and S-Series Introduced on C-Series, E-Series, and S-Series

Usage Information

C-Series and S-Series only: Enter a supplicants MAC address using the mac-address option to display information only on the 802.1X-enabled port to which the supplicant is connected. If 802.1X multi-supplicant authentication is enabled on a port, additional 802.1X configuration details (port authentication status, untagged VLAN ID, authentication PAE state, and backend state) are displayed for each supplicant as shown in Figure 80.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

195

show dot1x interface

Example

Figure 78 show dot1x interface Command Example

Force10#show dot1x int Gi 2/32 802.1x information on Gi 2/32: ----------------------------Dot1x Status: Enable Port Control: AUTO Port Auth Status: UNAUTHORIZED Re-Authentication: Disable Untagged VLAN id: None Guest VLAN: Enable Guest VLAN id: 10 Auth-Fail VLAN: Enable Auth-Fail VLAN id: 11 Auth-Fail Max-Attempts: 3 Tx Period: 30 seconds Quiet Period: 60 seconds ReAuth Max: 2 Supplicant Timeout: 30 seconds Server Timeout: 30 seconds Re-Auth Interval: 3600 seconds Max-EAP-Req: 2 Auth Type: SINGLE_HOST Auth PAE State: Backend State: Force10# Initialize Initialize

Figure 79 show dot1x interface mac-address Command Example

Force10#show dot1x interface gig 2/21 mac-address 00:00:01:00:07:00 802.1x information on Gi 2/21: ----------------------------Dot1x Status: Enable Port Control: AUTO Re-Authentication: Disable Guest VLAN: Disable Guest VLAN id: NONE Auth-Fail VLAN: Disable Auth-Fail VLAN id: NONE Auth-Fail Max-Attempts: NONE Mac-Auth-Bypass: Enable Mac-Auth-Bypass Only: Disable Tx Period: 5 seconds Quiet Period: 60 seconds ReAuth Max: 1 Supplicant Timeout: 30 seconds Server Timeout: 30 seconds Re-Auth Interval: 60 seconds Max-EAP-Req: 2 Host Mode: MULTI_AUTH Max-Supplicants: 128 Port status and State info for Supplicant: 00:00:01:00:07:00 Port Auth Status: Untagged VLAN id: Auth PAE State: Backend State: Force10# AUTHORIZED(MAC-AUTH-BYPASS) 4094 Authenticated Idle

196

802.1X

show dot1x interface

Figure 80 show dot1x interface (with Multi-Supplicant Authentication enabled) Example

Force10#show dot1x interface g 0/21 802.1x information on Gi 0/21: ----------------------------Dot1x Status: Enable Port Control: AUTO Re-Authentication: Disable Guest VLAN: Enable Guest VLAN id: 100 Auth-Fail VLAN: Disable Auth-Fail VLAN id: NONE Auth-Fail Max-Attempts: NONE Mac-Auth-Bypass: Disable Mac-Auth-Bypass Only: Disable Tx Period: 30 seconds Quiet Period: 60 seconds ReAuth Max: 3 Supplicant Timeout: 30 seconds Server Timeout: 30 seconds Re-Auth Interval: 60 seconds Max-EAP-Req: 2 Host Mode: MULTI_AUTH Max-Supplicants: 128 Port status and State info for Supplicant: 00:00:00:00:00:10 Port Auth Status: Untagged VLAN id: Auth PAE State: Backend State: AUTHORIZED 400 Authenticated Idle

Port status and State info for Supplicant: 00:00:00:00:00:11 Port Auth Status: Untagged VLAN id: Auth PAE State: Backend State: AUTHORIZED 300 Authenticated Idle

Port status and State info for Supplicant: 00:00:00:00:00:15 Port Auth Status: Untagged VLAN id: Auth PAE State: Backend State: AUTHORIZED(GUEST-VLAN) 100 Authenticated Idle

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

197

show dot1x interface

198

802.1X

Chapter 8
Overview

Access Control Lists (ACL)

Access Control Lists (ACLs) are supported on platforms

ces

FTOS supports the following types of Access Control List (ACL), IP prefix list, and route map: Commands Common to all ACL Types Common IP ACL Commands Standard IP ACL Commands Extended IP ACL Commands Common MAC Access List Commands Standard MAC ACL Commands Extended MAC ACL Commands IP Prefix List Commands Route Map Commands AS-Path Commands IP Community List Commands

Note: For ACL commands used in the Trace function, see the section Trace List Commands in the chapter Security.

Note: For IPv6 ACL commands, see Chapter 25, IPv6 Access Control Lists (IPv6 ACLs).

Commands Common to all ACL Types

The following commands are available within each ACL mode and do not have mode-specific options. Some commands may use similar names, but require different options to support the different ACL types (for example, deny). description remark show config Publication Date: July 20, 2011 199

Command Line Reference for FTOS version 8.4.2.4

description

description
ces
Syntax Parameters

Configure a short text string describing the ACL. description text text Not enabled. CONFIGURATION-STANDARD-ACCESS-LIST CONFIGURATION-EXTENDED-ACCESS-LIST CONFIGURATION-MAC ACCESS LIST-STANDARD CONFIGURATION-MAC ACCESS LIST-EXTENDED
Enter a text string up to 80 characters long.

Defaults Command Modes

Command History

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1

Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

remark
ces
Syntax Parameters

Enter a description for an ACL entry. remark [remark-number ] [description] remark-number

Enter the remark number. Note that the same sequence number can be used for the remark and an ACL rule. Range: 0 to 4294967290 Enter a description of up to 80 characters.

description
Defaults Command Modes

Not configured CONFIGURATION-STANDARD-ACCESS-LIST CONFIGURATION-EXTENDED-ACCESS-LIST CONFIGURATION-MAC ACCESS LIST-STANDARD CONFIGURATION-MAC ACCESS LIST-EXTENDED

Command History

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.4.1.0

Introduced on E-Series ExaScale Added support for S-Series Added support for C-Series Introduced for E-Series

200

Access Control Lists (ACL)

show config The remark command is available in each ACL mode. You can configure up to 4294967290 remarks in a given ACL. The following example shows the use of the remark command twice within the CONFIGURATION-STANDARD-ACCESS-LIST mode. Here, the same sequence number was used for the remark and for an associated ACL rule. The remark will precede the rule in the running-config because it is assumed that the remark is for the rule with the same sequence number, or the group of rules that follow the remark.
Example

Usage Information

Figure 81 Command Example: remark

Force10(config-std-nacl)#remark 10 Deny rest of the traffic Force10(config-std-nacl)#remark 5 Permit traffic from XYZ Inc. Force10(config-std-nacl)#show config ! ip access-list standard test remark 5 Permit traffic from XYZ Inc. seq 5 permit 1.1.1.0/24 remark 10 Deny rest of the traffic seq 10 Deny any Force10(config-std-nacl)#

Related Commands

show config

Display the current ACL configuration.

show config
ces
Syntax Command Modes Display the current ACL configuration.

show config CONFIGURATION-STANDARD-ACCESS-LIST CONFIGURATION-EXTENDED-ACCESS-LIST CONFIGURATION-MAC ACCESS LIST-STANDARD CONFIGURATION-MAC ACCESS LIST-EXTENDED

Command History

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 6.2.1.1

Introduced on E-Series ExaScale Support added for S-Series Support added for C-Series Introduced

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

201

access-class Figure 82 Command Example: show config

Force10(config-ext-nacl)#show conf ! ip access-list extended patches Force10(config-ext-nacl)#

Example

Common IP ACL Commands

The following commands are available within both IP ACL modes (Standard and Extended) and do not have mode-specific options. When an access-list (ACL) is created without any rule and then applied to an interface, ACL behavior reflects an implicit permit.

c and s platforms support Ingress IP ACLs only.

The following commands allow you to clear, display, and assign IP ACL configurations. access-class clear counters ip access-group ip access-group show ip access-lists show ip accounting access-list

Note: See also Commands Common to all ACL Types.

access-class
ces
Syntax Parameters

Apply a standard ACL to a terminal line. access-class access-list-name access-list-name Not configured. LINE
Version 8.1.1.0 Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Introduced on E-Series ExaScale Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Support added for S-Series Support added for C-Series Introduced Enter the name of a configured Standard ACL, up to 140 characters.

Defaults Command Modes Command History

202

Access Control Lists (ACL)

clear counters ip access-group

ces
Syntax Parameters

Erase all counters maintained for access lists. clear counters ip access-group [access-list-name] access-list-name
(OPTIONAL) Enter the name of a configured access-list, up to 140 characters.

Command Modes Command History

EXEC Privilege
Version 8.1.1.0 Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Introduced on E-Series ExaScale Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Support added for S-Series Support added for C-Series Introduced

ip access-group
ces
Syntax Parameters

Assign an IP access list (IP ACL) to an interface. ip access-group access-list-name {in | out} [implicit-permit] [vlan vlan-id] access-list-name in out
Enter the name of a configured access list, up to 140 characters. Enter the keyword in to apply the ACL to incoming traffic. Enter the keyword out to apply the ACL to outgoing traffic. Note: Available only on 12-port 1-Gigabit Ethernet FLEX line card. Refer to your line card documentation for specifications. Not available on S-Series. (OPTIONAL) Enter the keyword implicit-permit to change the default action of the ACL from implicit-deny to implicit-permit (that is, if the traffic does not match the filters in the ACL, the traffic is permitted instead of dropped). (OPTIONAL) Enter the keyword vlan followed by the ID numbers of the VLANs. Range: 1 to 4094, 1-2094 for ExaScale (can used IDs 1-4094)

implicit-permit

vlan vlan-id

Defaults Command Modes Command History

Not enabled. INTERFACE

Version 8.1.1.0 Version 7.8.1.0 Introduced on E-Series ExaScale Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

203

show ip access-lists

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Usage Information

Support added for S-Series Support added for C-Series Introduced

You can assign one ACL (standard or extended ACL) to an interface.

Note: This command is supported on the loopback interfaces of EE3, and EF series
RPMs. It is not supported on loopback interfaces ED series RPM, or on C-Series or S-Series loopback interfaces. When you apply an ACL that filters IGMP traffic, all IGMP traffic is redirected to the CPUs and soft-forwarded, if required, in the following scenarios:
Related Commands

on a Layer 2 interface - if a Layer 3 ACL is applied to the interface. on a Layer 3 port or on a Layer 2/Layer 3 port
ip access-list standard ip access-list extended Configure a standard ACL. Configure an extended ACL.

show ip access-lists
ces
Syntax Parameters

Display all of the IP ACLs configured in the system, whether or not they are applied to an interface, and the count of matches/mismatches against each ACL entry displayed. show ip access-lists [access-list-name] [interface interface] [in|out] access-list-name interface interface
Enter the name of a configured MAC ACL, up to 140 characters. Enter the keyword interface followed by the one of the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 255 for TeraScale and 1 - 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

in | out
Command Modes Command History

Identify whether ACL is applied on ingress or egress side.

EXEC Privilege
\

Version 8.4.1.0

Introduced

204

Access Control Lists (ACL)

show ip accounting access-list

ces
Syntax Parameters Display the IP access-lists created on the switch and the sequence of filters.

show ip accounting {access-list access-list-name | cam_count} interface interface access-list-name cam_count interface interface
Enter the name of the ACL to be displayed. List the count of the CAM rules for this ACL. Enter the keyword interface followed by the interface type and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Command Modes

EXEC EXEC Privilege

Command History

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1

Support added for S-Series Support added for C-Series Introduced

Example

Figure 83 Command Example: show ip accounting access-lists

Force10#show ip accounting access FILTER1 interface gig 1/6 Extended IP access list FILTER1 seq 5 deny ip any 191.1.0.0 /16 count (0x00 packets) seq 10 deny ip any 191.2.0.0 /16 order 4 seq 15 deny ip any 191.3.0.0 /16 seq 20 deny ip any 191.4.0.0 /16 seq 25 deny ip any 191.5.0.0 /16

Table 12 defines the information in Figure 83. Table 12 show ip accounting access-lists Command Example Field Field
Extended IP ... seq 5 ...

Description
Displays the name of the IP ACL. Displays the filter. If the keywords count or byte were configured in the filter, the number of packets or bytes processed by the filter is displayed at the end of the line. Displays the QoS order of priority for the ACL entry.

order 4

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

205

deny

Standard IP ACL Commands

When an ACL is created without any rule and then applied to an interface, ACL behavior reflects an implicit permit.

c and s platforms support Ingress IP ACLs only.

The commands needed to configure a Standard IP ACL are: deny ip access-list standard permit resequence access-list resequence prefix-list ipv4 seq

Note: See also Commands Common to all ACL Types and Common IP ACL Commands.

deny
ces
Syntax

Configure a filter to drop packets with a certain IP address. deny {source [mask] | any | host ip-address} [count [byte] | log ] [dscp value] [order] [monitor] [fragments] To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no deny {source [mask] | any | host ip-address} command. source mask
Enter the IP address in dotted decimal format of the network from which the packet was sent. (OPTIONAL) Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in A.B.C.D format, may be either contiguous or non-contiguous (discontiguous). Enter the keyword any to specify that all routes are subject to the filter. Enter the keyword host followed by the IP address to specify a host IP address only. (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. (OPTIONAL, E-Series only) Enter the keyword log to enter ACL matches in the log. (OPTIONAL) Enter the keyword dcsp to match to the IP DCSCP values.

Parameters

any host ip-address count byte log dscp

206

Access Control Lists (ACL)

deny

order

(OPTIONAL) Enter the keyword order to specify the QoS order of priority for the ACL entry. Range: 0-254 (where 0 is the highest priority and 254 is the lowest; lower order numbers have a higher priority) Default: If the order keyword is not used, the ACLs have the lowest order by default(255). (OPTIONAL) Enter the keyword monitor when the rule is describing the traffic that you want to monitor and the ACL in which you are creating the rule will be applied to the monitored interface. For details, see the section Flow-based Monitoring in the Port Monitoring chapter of the FTOS Configuration Guide. Enter the keyword fragments to use ACLs to control packet fragments.

monitor

fragments
Defaults Command Modes Command History

Not configured. CONFIGURATION-STANDARD-ACCESS-LIST

Version 8.3.1.0 Version 8.2.1.0 Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 Version 6.5.1.0 Add DSCP value for ACL matching. Allows ACL control of fragmented packets for IP (Layer 3) ACLs. Introduced on E-Series ExaScale Added support for S-Series Added support for C-Series Added support for non-contiguous mask and added the monitor option. Expanded to include the optional QoS order priority for the ACL entry.

Usage Information

The order option is relevant in the context of the Policy QoS feature only. See the Quality of Service chapter of the FTOS Configuration Guide for more information. When you use the log option, CP processor logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to log these packets details. The monitor option is relevant in the context of flow-based monitoring only. See the Chapter 44, Port Monitoring. The C-Series and S-Series cannot count both packets and bytes, so when you enter the count byte options, only bytes are incremented.

Note: When ACL logging and byte counters are configured simultaneously, byte
counters may display an incorrect value. Configure packet counters with logging instead.
Related Commands

ip access-list standard permit

Configure a standard ACL. Configure a permit filter.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

207

ip access-list standard

ip access-list standard
ces
Syntax Parameters

Create a standard IP access list (IP ACL) to filter based on IP address. ip access-list standard access-list-name access-list-name
Enter a string up to 140 characters long as the ACL name.

Defaults

All IP access lists contain an implicit deny any, that is, if no match occurs, the packet is dropped. CONFIGURATION
Version 8.1.1.0 Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 Version 6.5.1.0 Introduced on E-Series ExaScale Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Added support for S-Series Added support for C-Series Added support for non-contiguous mask and added the monitor option. Expanded to include the optional QoS order priority for the ACL entry.

Command Modes Command History

Usage Information

FTOS supports one ingress and one egress IP ACL per interface. Prior to 7.8.1.0, names are up to 16 characters long. The number of entries allowed per ACL is hardware-dependent. Refer to your line card documentation for detailed specification on entries allowed per ACL.

Example

Figure 84 Command Example: ip access-list standard

Force10(conf)#ip access-list standard TestList Force10(config-std-nacl)#

Related Commands

ip access-list extended show config

Create an extended access list. Display the current configuration.

permit
ces
Syntax

Configure a filter to permit packets from a specific source IP address to leave the switch. permit {source [mask] | any | host ip-address} [count [byte] | log ] [dscp value] [order] [monitor] To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or

208

Access Control Lists (ACL)

permit Use the no permit {source [mask] | any | host ip-address} command. source mask
Enter the IP address in dotted decimal format of the network from which the packet was sent. (OPTIONAL) Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in A.B.C.D format, may be either contiguous or non-contiguous. Enter the keyword any to specify that all routes are subject to the filter. Enter the keyword host followed by the IP address to specify a host IP address or hostname. (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword dcsp to match to the IP DCSCP values. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. (OPTIONAL, E-Series only) Enter the keyword log to enter ACL matches in the log. (OPTIONAL) Enter the keyword order to specify the QoS priority for the ACL entry. Range: 0-254 (where 0 is the highest priority and 254 is the lowest; lower order numbers have a higher priority) Default: If the order keyword is not used, the ACLs have the lowest order by default (255). (OPTIONAL) Enter the keyword monitor when the rule is describing the traffic that you want to monitor and the ACL in which you are creating the rule will be applied to the monitored interface. For details, see the section Flow-based Monitoring in the Port Monitoring chapter of the FTOS Configuration Guide.

Parameters

any host ip-address count dscp byte log order

monitor

Defaults Command Modes Command History

Not configured. CONFIGURATION-STANDARD-ACCESS-LIST

Version 8.3.1.0 Version 8.2.1.0 Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 Version 6.5.10 Add DSCP value for ACL matching. Allows ACL control of fragmented packets for IP (Layer 3) ACLs. Introduced on E-Series ExaScale Added support for S-Series Added support for C-Series Added support for non-contiguous mask and added the monitor option. Expanded to include the optional QoS order priority for the ACL entry.

Usage Information

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

209

resequence access-list The monitor option is relevant in the context of flow-based monitoring only. See Chapter 44, Port Monitoring. The C-Series and S-Series cannot count both packets and bytes, so when you enter the count byte options, only bytes are incremented.

Note: When ACL logging and byte counters are configured simultaneously, byte
counters may display an incorrect value. Configure packet counters with logging instead.
Related Commands

deny ip access-list standard

Assign a IP ACL filter to deny IP packets. Create a standard ACL.

resequence access-list
ces
Syntax

Re-assign sequence numbers to entries of an existing access-list. resequence access-list {ipv4 | ipv6 | mac} {access-list-name StartingSeqNum Step-to-Increment} ipv4 | ipv6 | mac access-list-name StartingSeqNum Step-to-Increment
Enter the keyword ipv4, or mac to identify the access list type to resequence. Enter the name of a configured IP access list. Enter the starting sequence number to resequence. Range: 0 - 4294967290 Enter the step to increment the sequence number. Range: 1 - 4294967290

Parameters

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History

Version 8.2.1.0 Version 8.1.1.0 Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0

Introduced on E-Series ExaScale (IPv6) Introduced on E-Series ExaScale (IPv4) Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Support added for S-Series Support added for C-Series Introduced

Usage Information

When all sequence numbers have been exhausted, this feature permits re-assigning new sequence number to entries of an existing access-list.

210

Access Control Lists (ACL)

resequence prefix-list ipv4

Related Commands

resequence prefix-list ipv4

Resequence a prefix list

resequence prefix-list ipv4

ces
Syntax Parameters

Re-assign sequence numbers to entries of an existing prefix list. resequence prefix-list ipv4 {prefix-list-name StartingSeqNum Step-to-increment} prefix-list-name StartingSeqNum Step-to-Increment
Enter the name of configured prefix list, up to 140 characters long. Enter the starting sequence number to resequence. Range: 0 65535 Enter the step to increment the sequence number. Range: 1 65535

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0

Introduced on E-Series ExaScale Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Added support for S-Series Added support for C-Series Introduced

Usage Information

When all sequence numbers have been exhausted, this feature permits re-assigning new sequence number to entries of an existing prefix list. Prior to 7.8.1.0, names are up to 16 characters long.

Related Commands

resequence access-list

Resequence an access-list

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

211

seq

seq
ces
Syntax

Assign a sequence number to a deny or permit filter in an IP access list while creating the filter. seq sequence-number {deny | permit} {source [mask] | any | host ip-address}} [count [byte] | log ] [dscp value] [order] [monitor] [fragments] sequence-number deny permit source mask
Enter a number from 0 to 4294967290. Enter the keyword deny to configure a filter to drop packets meeting this condition. Enter the keyword permit to configure a filter to forward packets meeting this criteria. Enter a IP address in dotted decimal format of the network from which the packet was received. (OPTIONAL) Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in A.B.C.D format, may be either contiguous or non-contiguous. Enter the keyword any to specify that all routes are subject to the filter. Enter the keyword host followed by the IP address to specify a host IP address or hostname. (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. (OPTIONAL, E-Series only) Enter the keyword log to enter ACL matches in the log. (OPTIONAL) Enter the keyword dcsp to match to the IP DCSCP values. (OPTIONAL) Enter the keyword order to specify the QoS order for the ACL entry. Range: 0-254 (where 0 is the highest priority and 254 is the lowest; lower order numbers have a higher priority) Default: If the order keyword is not used, the ACLs have the lowest order by default (255). (OPTIONAL) Enter the keyword monitor when the rule is describing the traffic that you want to monitor and the ACL in which you are creating the rule will be applied to the monitored interface. For details, see the section Flow-based Monitoring in the Port Monitoring chapter of the FTOS Configuration Guide. Enter the keyword fragments to use ACLs to control packet fragments.

Parameters

any host ip-address count byte log dscp order

monitor

fragments

Defaults Command Modes Command History

Not configured CONFIGURATION-STANDARD-ACCESS-LIST

Version 8.3.1.0 Version 8.2.1.0 Add DSCP value for ACL matching. Allows ACL control of fragmented packets for IP (Layer 3) ACLs.

212

Access Control Lists (ACL)

seq

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 Version 6.5.10 Usage Information

Introduced on E-Series ExaScale Added support for S-Series Added support for C-Series Added support for non-contiguous mask and added the monitor option. Expanded to include the optional QoS order priority for the ACL entry.

The monitor option is relevant in the context of flow-based monitoring only. See Chapter 44, Port Monitoring. The order option is relevant in the context of the Policy QoS feature only. The following applies: The seq sequence-number is applicable only in an ACL group. The order option works across ACL groups that have been applied on an interface via QoS policy framework. The order option takes precedence over the seq sequence-number. If sequence-number is not configured, then rules with the same order value are ordered according to their configuration order. If the sequence-number is configured, then the sequence-number is used as a tie breaker for rules with the same order.

Note: When ACL logging and byte counters are configured simultaneously, byte
counters may display an incorrect value. Configure packet counters with logging instead.
Related Commands

deny permit seq

Configure a filter to drop packets. Configure a filter to forward packets. Assign a sequence number to a deny or permit filter in an IP access list while creating the filter.

Extended IP ACL Commands

When an ACL is created without any rule and then applied to an interface, ACL behavior reflects an implicit permit. The following commands configure extended IP ACLs, which in addition to the IP address also examine the packets protocol type.

c and s platforms support Ingress IP ACLs only.

deny deny arp deny ether-type

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

213

deny

deny icmp deny tcp deny udp ip access-list extended permit permit arp permit ether-type permit icmp permit tcp permit udp resequence access-list resequence prefix-list ipv4 seq arp seq ether-type seq

Note: See also Commands Common to all ACL Types and Common IP ACL Commands.

deny
ces
Syntax

Configure a filter that drops IP packets meeting the filter criteria. deny {ip | ip-protocol-number} {source mask | any | host ip-address} {destination mask | any | host ip-address} [count [byte] | log ] [dscp value] [order] [monitor] [fragments] To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no deny {ip | ip-protocol-number} {source mask | any | host ip-address} {destination mask | any | host ip-address} command. ip ip-protocol-number source mask
Enter the keyword ip to configure a generic IP access list. The keyword ip specifies that the access list will deny all IP protocols. Enter a number from 0 to 255 to deny based on the protocol identified in the IP protocol header. Enter the IP address of the network or host from which the packets were sent. Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in A.B.C.D format, may be either contiguous or non-contiguous. Enter the keyword any to specify that all routes are subject to the filter. Enter the keyword host followed by the IP address to specify a host IP address.

Parameters

any host ip-address

214

Access Control Lists (ACL)

deny

destination count byte log dscp order

Enter the IP address of the network or host to which the packets are sent. (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. (OPTIONAL, E-Series only) Enter the keyword log to enter ACL matches in the log. (OPTIONAL) Enter the keyword dcsp to match to the IP DCSCP values. (OPTIONAL) Enter the keyword order to specify the QoS priority for the ACL entry. Range: 0-254 (where 0 is the highest priority and 254 is the lowest; lower order numbers have a higher priority) Default: If the order keyword is not used, the ACLs have the lowest order by default (255). (OPTIONAL) Enter the keyword monitor when the rule is describing the traffic that you want to monitor and the ACL in which you are creating the rule will be applied to the monitored interface. For details, see the section Flow-based Monitoring in the Port Monitoring chapter of the FTOS Configuration Guide. Enter the keyword fragments to use ACLs to control packet fragments.

monitor

fragments

Defaults Command Modes Command History

Not configured. CONFIGURATION-EXTENDED-ACCESS-LIST

Usage Information

The order option is relevant in the context of the Policy QoS feature only. See the Quality of Service chapter of the FTOS Configuration Guide for more information. When you use the log option, CP processor logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to log these packets details. The C-Series and S-Series cannot count both packets and bytes, so when you enter the count byte options, only bytes are incremented.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

215

deny arp The monitor option is relevant in the context of flow-based monitoring only. See the Chapter 44, Port Monitoring.

Note: When ACL logging and byte counters are configured simultaneously, byte
counters may display an incorrect value. Configure packet counters with logging instead.
Related Commands

deny tcp deny udp ip access-list extended

Assign a filter to deny TCP packets. Assign a filter to deny UDP packets. Create an extended ACL.

deny arp
e
Syntax

Configure an egress filter that drops ARP packets on egress ACL supported line cards (see your line card documentation). deny arp {destination-mac-address mac-address-mask | any} vlan vlan-id {ip-address | any | opcode code-number} [count [byte] | log ] [order] [monitor] To remove this filter, use one of the following: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no deny arp {destination-mac-address mac-address-mask | any} vlan vlan-id {ip-address | any | opcode code-number} command. destination-mac-address mac-address-mask
Enter a MAC address and mask in the nn:nn:nn:nn:nn format. For the MAC address mask, specify which bits in the MAC address must match. The MAC ACL supports an inverse mask, therefore, a mask of ff:ff:ff:ff:ff:ff allows entries that do not match and a mask of 00:00:00:00:00:00 only allows entries that match exactly. Enter the keyword any to match and drop any ARP traffic on the interface. Enter the keyword vlan followed by the VLAN ID to filter traffic associated with a specific VLAN. Range: 1 to 4094, 1-2094 for ExaScale (can used IDs 1-4094) To filter all VLAN traffic specify VLAN 1. Enter an IP address in dotted decimal format (A.B.C.D) as the target IP address of the ARP. Enter the keyword opcode followed by the number of the ARP opcode. Range: 1 to 23. (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter.

Parameters

any vlan vlan-id

ip-address opcode code-number

count byte

216

Access Control Lists (ACL)

deny arp

log order

(OPTIONAL, E-Series only) Enter the keyword log to have the information kept in an ACL log file. (OPTIONAL) Enter the keyword order to specify the QoS priority for the ACL entry. Range: 0-254 (where 0 is the highest priority and 254 is the lowest; lower order numbers have a higher priority) Default: If the order keyword is not used, the ACLs have the lowest order by default (255). (OPTIONAL) Enter the keyword monitor when the rule is describing the traffic that you want to monitor and the ACL in which you are creating the rule will be applied to the monitored interface. For details, see the section Flow-based Monitoring in the Port Monitoring chapter of the FTOS Configuration Guide.

monitor

Defaults Command Modes Command History

Not configured. CONFIGURATION-EXTENDED-ACCESS-LIST

Version 8.2.1.0 Version 8.1.1.0 Version 7.4.1.0 Version 6.5.10 Allows ACL control of fragmented packets for IP (Layer 3) ACLs. Introduced on E-Series ExaScale Added monitor option Expanded to include the optional QoS order priority for the ACL entry.

Usage Information

The order option is relevant in the context of the Policy QoS feature only. See the Quality of Service chapter of the FTOS Configuration Guide for more information. The monitor option is relevant in the context of flow-based monitoring only. See Chapter 44, Port Monitoring. When you use the log option, CP processor logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to log these packets details. You cannot include IP, TCP or UDP (Layer 3) filters in an ACL configured with ARP or Ether-type (Layer 2) filters. Apply Layer 2 ACLs (ARP and Ether-type) to Layer 2 interfaces only.

Note: When ACL logging and byte counters are configured simultaneously, byte
counters may display an incorrect value. Configure packet counters with logging instead.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

217

deny ether-type

deny ether-type
e
Syntax

Configure an egress filter that drops specified types of Ethernet packets on egress ACL supported line cards (see your line card documentation). deny ether-type protocol-type-number {destination-mac-address mac-address-mask | any} vlan vlan-id {source-mac-address mac-address-mask | any} [count [byte] | log] [order] [monitor] To remove this filter, use one of the following: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no deny ether-type protocol-type-number {destination-mac-address mac-address-mask | any} vlan vlan-id {source-mac-address mac-address-mask | any} command. protocol-type-number destination-mac-address mac-address-mask
Enter a number from 600 to FFFF as the specific Ethernet type traffic to drop. Enter a MAC address and mask in the nn:nn:nn:nn:nn format. For the MAC address mask, specify which bits in the MAC address must match. The MAC ACL supports an inverse mask, therefore, a mask of ff:ff:ff:ff:ff:ff allows entries that do not match and a mask of 00:00:00:00:00:00 only allows entries that match exactly. Enter the keyword any to match and drop specific Ethernet traffic on the interface. Enter the keyword vlan followed by the VLAN ID to filter traffic associated with a specific VLAN. Range: 1 to 4094, 1-2094 for ExaScale (can used IDs 1-4094) To filter all VLAN traffic specify VLAN 1. Enter a MAC address and mask in the nn:nn:nn:nn:nn format. For the MAC address mask, specify which bits in the MAC address must match. The MAC ACL supports an inverse mask, therefore, a mask of ff:ff:ff:ff:ff:ff allows entries that do not match and a mask of 00:00:00:00:00:00 only allows entries that match exactly. (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. (OPTIONAL, E-Series only) Enter the keyword log to have the information kept in an ACL log file.

Parameters

any vlan vlan-id

source-mac-address mac-address-mask

count byte log

218

Access Control Lists (ACL)

deny icmp

order

(OPTIONAL) Enter the keyword order to specify the QoS priority for the ACL entry. Range: 0-254 (where 0 is the highest priority and 254 is the lowest; lower order numbers have a higher priority) Default: If the order keyword is not used, the ACLs have the lowest order by default (255). (OPTIONAL) Enter the keyword monitor when the rule is describing the traffic that you want to monitor and the ACL in which you are creating the rule will be applied to the monitored interface. For details, see the section Flow-based Monitoring in the Port Monitoring chapter of the FTOS Configuration Guide.

monitor

Defaults Command Modes Command History

Not configured. CONFIGURATION-EXTENDED-ACCESS-LIST

Usage Information

The order option is relevant in the context of the Policy QoS feature only. See the Quality of Service chapter of the FTOS Configuration Guide for more information. When you use the log option, CP processor logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to log these packets details. The monitor option is relevant in the context of flow-based monitoring only. See Chapter 44, Port Monitoring. You cannot include IP, TCP or UDP (Layer 3) filters in an ACL configured with ARP or Ether-type (Layer 2) filters. Apply Layer 2 ACLs (ARP and Ether-type) to Layer 2 interfaces only.

Note: When ACL logging and byte counters are configured simultaneously, byte
counters may display an incorrect value. Configure packet counters with logging instead.

deny icmp
e
Syntax

Configure a filter to drop all or specific ICMP messages. deny icmp {source mask | any | host ip-address} {destination mask | any | host ip-address} [dscp] [message-type] [count [byte] | log ] [order] [monitor] [fragments]

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

219

deny icmp

To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no deny icmp {source mask | any | host ip-address} {destination mask | any | host ip-address} command. source mask any host ip-address destination dscp message-type
Enter the IP address of the network or host from which the packets were sent. Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in A.B.C.D format, may be either contiguous or non-contiguous. Enter the keyword any to specify that all routes are subject to the filter. Enter the keyword host followed by the IP address to specify a host IP address. Enter the IP address of the network or host to which the packets are sent. Enter this keyword to deny a packet based on DSCP value. Range: 0-63 (OPTIONAL) Enter an ICMP message type, either with the type (and code, if necessary) numbers or with the name of the message type (ICMP message types are listed in Table 13). Range: 0 to 255 for ICMP type; 0 to 255 for ICMP code (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. (OPTIONAL, E-Series only) Enter the keyword log to have the information kept in an ACL log file. (OPTIONAL) Enter the keyword order to specify the QoS priority for the ACL entry. Range: 0-254 (where 0 is the highest priority and 254 is the lowest; lower order numbers have a higher priority) Default: If the order keyword is not used, the ACLs have the lowest order by default (255). (OPTIONAL) Enter the keyword monitor when the rule is describing the traffic that you want to monitor and the ACL in which you are creating the rule will be applied to the monitored interface. For details, see the section Flow-based Monitoring in the Port Monitoring chapter of the FTOS Configuration Guide. Enter the keyword fragments to use ACLs to control packet fragments.

Parameters

count byte log order

monitor

fragments
Defaults Command Modes Command History

Not configured CONFIGURATION-EXTENDED-ACCESS-LIST

Version 8.3.1.0 Version 8.2.1.0 Version 8.1.1.0 Version 7.4.1.0 Version 6.5.10 Added dscp keyword. Allows ACL control of fragmented packets for IP (Layer 3) ACLs. Introduced on E-Series ExaScale Added support for non-contiguous mask and added the monitor option. Expanded to include the optional QoS order priority for the ACL entry.

220

Access Control Lists (ACL)

deny icmp The order option is relevant in the context of the Policy QoS feature only. See the Quality of Service chapter of the FTOS Configuration Guide for more information. When you use the log option, CP processor logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to log these packets details. The monitor option is relevant in the context of flow-based monitoring only. See Chapter 44, Port Monitoring.

Usage Information

Note: When ACL logging and byte counters are configured simultaneously, byte
counters may display an incorrect value. Configure packet counters with logging instead. Table 13 lists the keywords displayed in the CLI help and their corresponding ICMP Message Type Name. Table 13 ICMP Message Type Keywords Keyword
administratively-prohibited alternate-address conversion-error dod-host-prohibited dod-net-prohibited echo echo-reply general-parameter-problem host-isolated host-precedence-unreachable host-redirect host-tos-redirect host-tos-unreachable host-unknown host-unreachable information-reply information-request mask-reply mask-request mobile-redirect net-redirect net-tos-redirect net-tos-unreachable net-unreachable

ICMP Message Type Name

Administratively prohibited Alternate host address Datagram conversion error Host prohibited Net prohibited Echo Echo reply Parameter problem Host isolated Host unreachable for precedence Host redirect Host redirect for TOS Host unreachable for TOS Host unknown Host unreachable Information replies Information requests Mask replies Mask requests Mobile host redirect Network redirect Network redirect for TOS Network unreachable for TOS Network unreachable

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

221

deny tcp

Table 13 ICMP Message Type Keywords Keyword

network-unknown no-room-for-option option-missing packet-too-big parameter-problem port-unreachable precedence-unreachable protocol-unreachable reassembly-timeout redirect router-advertisement router-solicitation source-quench source-route-failed time-exceeded timestamp-reply timestamp-request traceroute ttl-exceeded unreachable

ICMP Message Type Name

Network unknown Parameter required but no room Parameter required but not present Fragmentation needed and DF set All parameter problems Port unreachable Precedence cutoff Protocol unreachable Reassembly timeout All redirects Router discovery advertisements Router discovery solicitations Source quenches Source route failed All time exceeded Timestamp replies Timestamp requests Traceroute TTL exceeded All unreachables

deny tcp
ces
Syntax

Configure a filter that drops TCP packets meeting the filter criteria. deny tcp {source mask | any | host ip-address} [bit] [operator port [port]] {destination mask | any | host ip-address} [dscp] [bit] [operator port [port]] [count [byte] | log ] [order] [monitor] [fragments] To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no deny tcp {source mask | any | host ip-address} {destination mask | any | host ip-address} command.

222

Access Control Lists (ACL)

deny tcp

Parameters

source mask

Enter the IP address of the network or host from which the packets were sent. Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in A.B.C.D format, may be either contiguous or non-contiguous. Enter the keyword any to specify that all routes are subject to the filter. Enter the keyword host followed by the IP address to specify a host IP address. Enter this keyword to deny a packet based on DSCP value. Range: 0-63 Enter a flag or combination of bits:

any host ip-address dscp bit

ack: acknowledgement field fin: finish (no more data from the user) psh: push function rst: reset the connection syn: synchronize sequence numbers urg: urgent field operator
(OPTIONAL) Enter one of the following logical operand:

eq = equal to neq = not equal to gt = greater than lt = less than range = inclusive range of ports (you must specify two ports for the port command parameter.

port port

destination mask

Enter the IP address of the network or host to which the packets are sent. Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in A.B.C.D format, may be either contiguous or non-contiguous. (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. (OPTIONAL, E-Series only) Enter the keyword log to enter ACL matches in the log. Supported on Jumbo-enabled line cards only.

count byte log

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

223

deny tcp

order

monitor

fragments

Defaults Command Modes Command History

Not configured. CONFIGURATION-EXTENDED-ACCESS-LIST

Version 8.3.1.0 Version 8.2.1.0 Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 Version 6.5.10 Added dscp keyword. Allows ACL control of fragmented packets for IP (Layer 3) ACLs. Introduced on E-Series ExaScale Added support for S-Series Added support for C-Series Added support for non-contiguous mask and added the monitor option. Deprecated established keyword. Expanded to include the optional QoS order priority for the ACL entry.

Usage Information

The order option is relevant in the context of the Policy QoS feature only. See the Quality of Service chapter of the FTOS Configuration Guide for more information. When you use the log option, CP processor logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to log these packets details. The C-Series and S-Series cannot count both packets and bytes, so when you enter the count byte options, only bytes are incremented. The monitor option is relevant in the context of flow-based monitoring only. See Chapter 44, Port Monitoring.

224

Access Control Lists (ACL)

deny udp For example, an ACL rule with TCP port range 4000 - 8000 uses 8 entries in the CAM:
Rule# 1 2 3 4 5 6 7 8 Data 0000111110100000 0000111111000000 0001000000000000 0001100000000000 0001110000000000 0001111000000000 0001111100000000 0001111101000000 Mask 1111111111100000 1111111111000000 1111100000000000 1111110000000000 1111111000000000 1111111100000000 1111111111000000 1111111111111111 From 4000 4032 4096 6144 7168 7680 7936 8000 To 4031 4095 6143 7167 7679 7935 7999 8000 #Covered 32 64 2048 1024 512 256 64 1

Total Ports: 4001

But an ACL rule with TCP port lt 1023 takes only one entry in the CAM:
Rule# 1 Data Mask From To 1023 #Covered 1024

0000000000000000 1111110000000000 0

Total Ports: 1024 Related Commands

deny deny udp

Assign a filter to deny IP traffic. Assign a filter to deny UDP traffic.

deny udp
ces
Syntax

Configure a filter to drop UDP packets meeting the filter criteria. deny udp {source mask | any | host ip-address} [operator port [port]] {destination mask | any | host ip-address} [dscp] [operator port [port]] [count [byte] | log ] [order] [monitor] [fragments] To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no deny udp {source mask | any | host ip-address} {destination mask | any | host ip-address} command. source mask any host ip-address dscp
Enter the IP address of the network or host from which the packets were sent. Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in A.B.C.D format, may be either contiguous or non-contiguous. Enter the keyword any to specify that all routes are subject to the filter. Enter the keyword host followed by the IP address to specify a host IP address. Enter this keyword to deny a packet based on DSCP value. Range: 0-63

Parameters

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

225

deny udp

operator

(OPTIONAL) Enter one of the following logical operand:

eq = equal to neq = not equal to gt = greater than lt = less than range = inclusive range of ports

port port

(OPTIONAL) Enter the application layer port number. Enter two port numbers if using the range logical operand. Range: 0 to 65535 Enter the IP address of the network or host to which the packets are sent. Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in A.B.C.D format, may be either contiguous or non-contiguous. (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. (OPTIONAL, E-Series only) Enter the keyword log to enter ACL matches in the log. Supported on Jumbo-enabled line cards only. (OPTIONAL) Enter the keyword order to specify the QoS priority for the ACL entry. Range: 0-254 (where 0 is the highest priority and 254 is the lowest; lower order numbers have a higher priority) Default: If the order keyword is not used, the ACLs have the lowest order by default (255). (OPTIONAL) Enter the keyword monitor when the rule is describing the traffic that you want to monitor and the ACL in which you are creating the rule will be applied to the monitored interface. For details, see the section Flow-based Monitoring in the Port Monitoring chapter of the FTOS Configuration Guide. Enter the keyword fragments to use ACLs to control packet fragments.

destination mask count byte log order

monitor

fragments
Defaults Command Modes Command History

Not configured CONFIGURATION-EXTENDED-ACCESS-LIST

Version 8.3.1.0 Version 8.2.1.0 Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 Version 6.5.10 Added dscp keyword. Allows ACL control of fragmented packets for IP (Layer 3) ACLs. Introduced on E-Series ExaScale Added support for S-Series Added support for C-Series Added support for non-contiguous mask and added the monitor option. Expanded to include the optional QoS order priority for the ACL entry.

Usage Information

226

Access Control Lists (ACL)

ip access-list extended

The C-Series and S-Series cannot count both packets and bytes, so when you enter the count byte options, only bytes are incremented. The monitor option is relevant in the context of flow-based monitoring only. See the Chapter 44, Port Monitoring.

Note: When ACL logging and byte counters are configured simultaneously, byte
counters may display an incorrect value. Configure packet counters with logging instead. Most ACL rules require one entry in the CAM. However, rules with TCP and UDP port operators (gt, lt, range) may require more than one entry. The range of ports is configured in the CAM based on bit mask boundaries; the space required depends on exactly what ports are included in the range. For example, an ACL rule with TCP port range 4000 - 8000 will use 8 entries in the CAM:
Rule# 1 2 3 4 5 6 7 8 Data 0000111110100000 0000111111000000 0001000000000000 0001100000000000 0001110000000000 0001111000000000 0001111100000000 0001111101000000 Mask 1111111111100000 1111111111000000 1111100000000000 1111110000000000 1111111000000000 1111111100000000 1111111111000000 1111111111111111 From 4000 4032 4096 6144 7168 7680 7936 8000 To 4031 4095 6143 7167 7679 7935 7999 8000 #Covered 32 64 2048 1024 512 256 64 1

Total Ports: 4001

But an ACL rule with TCP port lt 1023 takes only one entry in the CAM:
Rule# 1 Data Mask From To 1023 #Covered 1024

0000000000000000 1111110000000000 0

Total Ports: 1024 Related Commands

deny deny tcp

Assign a deny filter for IP traffic. Assign a deny filter for TCP traffic.

ip access-list extended
ces
Syntax

Name (or select) an extended IP access list (IP ACL) based on IP addresses or protocols. ip access-list extended access-list-name To delete an access list, use the no ip access-list extended access-list-name command.

Parameters

access-list-name

Enter a string up to 140 characters long as the access list name.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

227

permit

Defaults

All access lists contain an implicit deny any; that is, if no match occurs, the packet is dropped. CONFIGURATION
Version 8.1.1.0 Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Introduced on E-Series ExaScale Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Support added for S-Series Support added for C-Series Introduced on E-Series

Command Modes Command History

Usage Information

The number of entries allowed per ACL is hardware-dependent. Refer to your line card documentation for detailed specification on entries allowed per ACL. Prior to 7.8.1.0, names are up to 16 characters long.

Example

Figure 85 Command Example: ip access-list extended

Force10(conf)#ip access-list extended TESTListEXTEND Force10(config-ext-nacl)#

Related Commands

ip access-list standard show config

Configure a standard IP access list. Display the current configuration.

permit
ces
Syntax

Configure a filter to pass IP packets meeting the filter criteria. permit {ip | ip-protocol-number} {source mask | any | host ip-address} {destination mask | any | host ip-address} [count [byte] | log ] [dscp value] [order] [monitor] [fragments] To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no deny {ip | ip-protocol-number} {source mask | any | host ip-address} {destination mask | any | host ip-address} command. ip ip-protocol-number source
Enter the keyword ip to configure a generic IP access list. The keyword ip specifies that the access list will permit all IP protocols. Enter a number from 0 to 255 to permit based on the protocol identified in the IP protocol header. Enter the IP address of the network or host from which the packets were sent.

Parameters

228

Access Control Lists (ACL)

permit

mask

Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in A.B.C.D format, may be either contiguous or non-contiguous. Enter the keyword any to specify that all routes are subject to the filter. Enter the keyword host followed by the IP address to specify a host IP address. Enter the IP address of the network or host to which the packets are sent. (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. (OPTIONAL, E-Series only) Enter the keyword log to enter ACL matches in the log. (OPTIONAL) Enter the keyword dcsp to match to the IP DCSCP values. (OPTIONAL) Enter the keyword order to specify the QoS order of priority for the ACL entry. Range: 0-254 (where 0 is the highest priority and 254 is the lowest; lower order numbers have a higher priority) Default: If the order keyword is not used, the ACLs have the lowest order by default (255). (OPTIONAL) Enter the keyword monitor when the rule is describing the traffic that you want to monitor and the ACL in which you are creating the rule will be applied to the monitored interface. For details, see the section Flow-based Monitoring in the Port Monitoring chapter of the FTOS Configuration Guide. Enter the keyword fragments to use ACLs to control packet fragments.

any host ip-address destination count byte log dscp order

monitor

fragments

Defaults Command Modes Command History

Not configured. CONFIGURATION-EXTENDED-ACCESS-LIST

Version 8.3.1.0 Version 8.2.1.0 Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 Version 6.5.10 Add DSCP value for ACL matching. Allows ACL control of fragmented packets for IP (Layer 3) ACLs. Introduced on E-Series ExaScale Support added for S-Series Support added for C-Series Added support for non-contiguous mask and added the monitor option. Expanded to include the optional QoS order priority for the ACL entry.

Usage Information

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

229

permit arp

Note: When ACL logging and byte counters are configured simultaneously, byte
counters may display an incorrect value. Configure packet counters with logging instead.
Related Commands

ip access-list extended permit tcp permit udp

Create an extended ACL. Assign a permit filter for TCP packets. Assign a permit filter for UDP packets.

permit arp
e
Configure a filter that forwards ARP packets meeting this criteria.This command is supported only on 12-port GE line cards with SFP optics; refer to your line card documentation for specifications. permit arp {destination-mac-address mac-address-mask | any} vlan vlan-id {ip-address | any | opcode code-number} [count [byte] | log ] [order] [monitor] [fragments] To remove this filter, use one of the following: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no permit arp {destination-mac-address mac-address-mask | any} vlan vlan-id {ip-address | any | opcode code-number} command.

Syntax

Parameters

destination-mac-address Enter a MAC address and mask in the nn:nn:nn:nn:nn format. mac-address-mask For the MAC address mask, specify which bits in the MAC address
must match. The MAC ACL supports an inverse mask, therefore, a mask of ff:ff:ff:ff:ff:ff allows entries that do not match and a mask of 00:00:00:00:00:00 only allows entries that match exactly.

any vlan vlan-id

ip-address

230

Access Control Lists (ACL)

permit arp

opcode code-number

Enter the keyword opcode followed by the number of the ARP opcode. Range: 1 to 16. (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. (OPTIONAL, E-Series only) Enter the keyword log to have the information kept in an ACL log file. (OPTIONAL) Enter the keyword order to specify the QoS priority for the ACL entry. Range: 0-254 (where 0 is the highest priority and 254 is the lowest; lower order numbers have a higher priority) Default: If the order keyword is not used, the ACLs have the lowest order by default (255). (OPTIONAL) Enter the keyword monitor when the rule is describing the traffic that you want to monitor and the ACL in which you are creating the rule will be applied to the monitored interface. For details, see the section Flow-based Monitoring in the Port Monitoring chapter of the FTOS Configuration Guide. Enter the keyword fragments to use ACLs to control packet fragments.

count byte log order

monitor

fragments

Defaults Command Modes Command History

Not configured. CONFIGURATION-EXTENDED-ACCESS-LIST

Version 8.2.1.0 Version 8.1.1.0 Version 7.4.1.0 Version 6.5.10 Allows ACL control of fragmented packets for IP (Layer 3) ACLs. Introduced on E-Series ExaScale Added support for non-contiguous mask and added the monitor option. Expanded to include the optional QoS order priority for the ACL entry.

Usage Information

The order option is relevant in the context of the Policy QoS feature only. See the Quality of Service chapter of the FTOS Configuration Guide for more information. When you use the log option, CP processor logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to log these packets details. The monitor option is relevant in the context of flow-based monitoring only. See the Chapter 44, Port Monitoring. You cannot include IP, TCP or UDP filters in an ACL configured with ARP filters.

Note: When ACL logging and byte counters are configured simultaneously, byte
counters may display an incorrect value. Configure packet counters with logging instead.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

231

permit ether-type

permit ether-type
e
Configure a filter that allows traffic with specified types of Ethernet packets. This command is supported only on 12-port GE line cards with SFP optics; refer to your line card documentation for specifications. permit ether-type protocol-type-number {destination-mac-address mac-address-mask | any} vlan vlan-id {source-mac-address mac-address-mask | any} [count [byte] | log ] [order] [monitor] To remove this filter, use one of the following: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no permit ether-type protocol-type-number {destination-mac-address mac-address-mask | any} vlan vlan-id {source-mac-address mac-address-mask | any} command.
Enter a number from 600 to FFF as the specific Ethernet type traffic to drop.

Syntax

Parameters

protocol-type-number

any vlan vlan-id

source-mac-address mac-address-mask

count byte log

232

Access Control Lists (ACL)

permit icmp

order

monitor

Defaults Command Modes Command History

Not configured. CONFIGURATION-EXTENDED-ACCESS-LIST

Usage Information

The order option is relevant in the context of the Policy QoS feature only. See the Quality of Service chapter of the FTOS Configuration Guide for more information. When you use the log option, CP processor logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to log these packets details. The monitor option is relevant in the context of the flow-based monitoring feature only. See Chapter 44, Port Monitoring. You cannot include IP, TCP or UDP filters in an ACL configured with ARP filters.

Note: When ACL logging and byte counters are configured simultaneously, byte
counters may display an incorrect value. Configure packet counters with logging instead.

permit icmp
e
Syntax

Configure a filter to allow all or specific ICMP messages. permit icmp {source mask | any | host ip-address} {destination mask | any | host ip-address} [dscp] [message-type] [count [byte] | log ] [order] [monitor] [fragments] To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

233

permit icmp Use the no permit icmp {source mask | any | host ip-address} {destination mask | any | host ip-address} command. source mask any host ip-address destination dscp message-type
Enter the IP address of the network or host from which the packets were sent. Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in A.B.C.D format, may be either contiguous or non-contiguous. Enter the keyword any to specify that all routes are subject to the filter. Enter the keyword host followed by the IP address to specify a host IP address. Enter the IP address of the network or host to which the packets are sent. Enter this keyword to deny a packet based on DSCP value. Range: 0-63 (OPTIONAL) Enter an ICMP message type, either with the type (and code, if necessary) numbers or with the name of the message type (ICMP message types are listed in Table 13). Range: 0 to 255 for ICMP type; 0 to 255 for ICMP code (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. (OPTIONAL, E-Series only) Enter the keyword log to have the information kept in an ACL log file. (OPTIONAL) Enter the keyword order to specify the QoS priority for the ACL entry. Range: 0-254 (where 0 is the highest priority and 254 is the lowest; lower order numbers have a higher priority) Default: If the order keyword is not used, the ACLs have the lowest order by default (255). (OPTIONAL) Enter the keyword monitor to monitor traffic on the monitoring interface specified in the flow-based monitoring session along with the filter operation. Enter the keyword fragments to use ACLs to control packet fragments.

Parameters

count byte log order

monitor

fragments
Defaults Command Modes Command History

Not configured CONFIGURATION-STANDARD-ACCESS-LIST

Usage Information

234

Access Control Lists (ACL)

permit tcp The monitor option is relevant in the context of the flow-based monitoring feature only. See Chapter 44, Port Monitoring.

Note: When ACL logging and byte counters are configured simultaneously, byte
counters may display an incorrect value. Configure packet counters with logging instead.

permit tcp
ces
Syntax

Configure a filter to pass TCP packets meeting the filter criteria. permit tcp {source mask | any | host ip-address} [bit] [operator port [port]] {destination mask | any | host ip-address} [bit] [dscp] [operator port [port]] [count [byte] | log ] [order] [monitor] [fragments] To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no permit tcp {source mask | any | host ip-address} {destination mask | any | host ip-address} command. source mask any host ip-address bit
Enter the IP address of the network or host from which the packets were sent. Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in A.B.C.D format, may be either contiguous or non-contiguous. Enter the keyword any to specify that all routes are subject to the filter. Enter the keyword host followed by the IP address to specify a host IP address. Enter a flag or combination of bits:

Parameters

ack: acknowledgement field fin: finish (no more data from the user) psh: push function rst: reset the connection syn: synchronize sequence numbers urg: urgent field dscp operator
Enter this keyword to deny a packet based on DSCP value. Range: 0-63 (OPTIONAL) Enter one of the following logical operand:

eq = equal to neq = not equal to gt = greater than lt = less than range = inclusive range of ports (you must specify two port for the port
parameter.)

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

235

permit tcp

port port

Enter the application layer port number. Enter two port numbers if using the range logical operand. Range: 0 to 65535. The following list includes some common TCP port numbers: 23 = Telnet 20 and 21 = FTP 25 = SMTP 169 = SNMP Enter the IP address of the network or host to which the packets are sent. Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in A.B.C.D format, may be either contiguous or non-contiguous. (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. (OPTIONAL, E-Series only) Enter the keyword log to enter ACL matches in the log. (OPTIONAL) Enter the keyword order to specify the QoS priority for the ACL entry. Range: 0-254 (where 0 is the highest priority and 254 is the lowest; lower order numbers have a higher priority) Default: If the order keyword is not used, the ACLs have the lowest order by default (255). (OPTIONAL) Enter the keyword monitor when the rule is describing the traffic that you want to monitor and the ACL in which you are creating the rule will be applied to the monitored interface. For details, see the section Flow-based Monitoring in the Port Monitoring chapter of the FTOS Configuration Guide. Enter the keyword fragments to use ACLs to control packet fragments.

destination mask count byte log order

monitor

fragments
Defaults Command Modes Command History

Not configured. CONFIGURATION-EXTENDED-ACCESS-LIST

Usage Information

The order option is relevant in the context of the Policy QoS feature only. See the Quality of Service chapter of the FTOS Configuration Guide for more information.

Note: When ACL logging and byte counters are configured simultaneously, byte
counters may display an incorrect value. Configure packet counters with logging instead.

236

Access Control Lists (ACL)

permit tcp The monitor option is relevant in the context of the flow-based monitoring feature only. See Chapter 44, Port Monitoring. When you use the log option, CP processor logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to log these packets details. The C-Series and S-Series cannot count both packets and bytes, so when you enter the count byte options, only bytes are incremented. Most ACL rules require one entry in the CAM. However, rules with TCP and UDP port operators (gt, lt, range) may require more than one entry. The range of ports is configured in the CAM based on bit mask boundaries; the space required depends on exactly what ports are included in the range. For example, an ACL rule with TCP port range 4000 - 8000 uses 8 entries in the CAM:
Rule# 1 2 3 4 5 6 7 8 Data 0000111110100000 0000111111000000 0001000000000000 0001100000000000 0001110000000000 0001111000000000 0001111100000000 0001111101000000 Mask 1111111111100000 1111111111000000 1111100000000000 1111110000000000 1111111000000000 1111111100000000 1111111111000000 1111111111111111 From 4000 4032 4096 6144 7168 7680 7936 8000 To 4031 4095 6143 7167 7679 7935 7999 8000 #Covered 32 64 2048 1024 512 256 64 1

Total Ports: 4001

But an ACL rule with TCP port lt 1023 takes only one entry in the CAM:
Rule# 1 Data Mask From To 1023 #Covered 1024

0000000000000000 1111110000000000 0

Total Ports: 1024 Related Commands

ip access-list extended permit permit udp

Create an extended ACL. Assign a permit filter for IP packets. Assign a permit filter for UDP packets.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

237

permit udp

permit udp
ces
Syntax

Configure a filter to pass UDP packets meeting the filter criteria. permit udp {source mask | any | host ip-address} [operator port [port]] {destination mask | any | host ip-address} [dscp] [operator port [port]] [count [byte] | log ] [order] [monitor] [fragments] To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no permit udp {source mask | any | host ip-address} {destination mask | any | host ip-address} command. source mask any host ip-address dscp operator
Enter the IP address of the network or host from which the packets were sent. Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in A.B.C.D format, may be either contiguous or non-contiguous. Enter the keyword any to specify that all routes are subject to the filter. Enter the keyword host followed by the IP address to specify a host IP address. Enter this keyword to deny a packet based on DSCP value. Range: 0-63 (OPTIONAL) Enter one of the following logical operand:

Parameters

eq = equal to neq = not equal to gt = greater than lt = less than range = inclusive range of ports (you must specify two ports for the port
parameter.)

port port

(OPTIONAL) Enter the application layer port number. Enter two port numbers if using the range logical operand. Range: 0 to 65535 Enter the IP address of the network or host to which the packets are sent. (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. (OPTIONAL, E-Series only) Enter the keyword log to enter ACL matches in the log. (OPTIONAL) Enter the keyword order to specify the QoS priority for the ACL entry. Range: 0-254 (where 0 is the highest priority and 254 is the lowest; lower order numbers have a higher priority) Default: If the order keyword is not used, the ACLs have the lowest order by default (255).

destination count byte log order

238

Access Control Lists (ACL)

permit udp

monitor

(OPTIONAL) Enter the keyword monitor when the rule is describing the traffic that you want to monitor and the ACL in which you are creating the rule will be applied to the monitored interface. For details, see the section Flow-based Monitoring in the Port Monitoring chapter of the FTOS Configuration Guide. Enter the keyword fragments to use ACLs to control packet fragments.

fragments
Defaults Command Modes Command History

Not configured. CONFIGURATION-EXTENDED-ACCESS-LIST

Version 8.3.1.0 Version 8.2.1.0 Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 Version 6.5.10 Added dscp keyword. Allows ACL control of fragmented packets for IP (Layer 3) ACLs. Introduced on E-Series ExaScale Added support for S-Series Added support for C-Series Added support for non-contiguous mask and added the monitor option. Expanded to include the optional QoS order priority for the ACL entry.

Usage Information

Note: When ACL logging and byte counters are configured simultaneously, byte
counters may display an incorrect value. Configure packet counters with logging instead. When you use the log option, CP processor logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to log these packets details. The C-Series and S-Series cannot count both packets and bytes, so when you enter the count byte options, only bytes are incremented. Most ACL rules require one entry in the CAM. However, rules with TCP and UDP port operators (gt, lt, range) may require more than one entry. The range of ports is configured in the CAM based on bit mask boundaries; the space required depends on exactly what ports are included in the range.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

239

resequence access-list For example, an ACL rule with TCP port range 4000 - 8000 uses 8 entries in the CAM:
Rule# 1 2 3 4 5 6 7 8 Data 0000111110100000 0000111111000000 0001000000000000 0001100000000000 0001110000000000 0001111000000000 0001111100000000 0001111101000000 Mask 1111111111100000 1111111111000000 1111100000000000 1111110000000000 1111111000000000 1111111100000000 1111111111000000 1111111111111111 From 4000 4032 4096 6144 7168 7680 7936 8000 To 4031 4095 6143 7167 7679 7935 7999 8000 #Covered 32 64 2048 1024 512 256 64 1

Total Ports: 4001

But an ACL rule with TCP port lt 1023 takes only one entry in the CAM:
Rule# 1 Data Mask From To 1023 #Covered 1024

0000000000000000 1111110000000000 0

Total Ports: 1024 Related Commands

ip access-list extended permit permit tcp

Configure an extended ACL. Assign a permit filter for IP packets. Assign a permit filter for TCP packets.

resequence access-list
ces
Syntax

Re-assign sequence numbers to entries of an existing access-list. resequence access-list {ipv4 | mac} {access-list-name StartingSeqNum Step-to-Increment } ipv4 | mac access-list-name StartingSeqNum Step-to-Increment
Enter the keyword ipv4, or mac to identify the access list type to resequence. Enter the name of a configured IP access list, up to 140 characters. Enter the starting sequence number to resequence. Range: 0 - 4294967290 Enter the step to increment the sequence number. Range: 1 - 4294967290

Parameters

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

240

Access Control Lists (ACL)

resequence prefix-list ipv4

Command History

Version 8.1.1.0 Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0

Usage Information

When all sequence numbers have been exhausted, this feature permits re-assigning new sequence number to entries of an existing access-list. Prior to 7.8.1.0, names are up to 16 characters long.

Related Commands

resequence prefix-list ipv4

Resequence a prefix list

resequence prefix-list ipv4

ces
Syntax Parameters

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0

Usage Information

When all sequence numbers have been exhausted, this feature permits re-assigning new sequence number to entries of an existing prefix list. Prior to 7.8.1.0, names are up to 16 characters long.

Related Commands

resequence access-list

Resequence an access-list

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

241

seq arp

seq arp
e
Configure an egress filter with a sequence number that filters ARP packets meeting this criteria. This command is supported only on 12-port GE line cards with SFP optics; refer to your line card documentation for specifications. seq sequence-number {deny | permit} arp {destination-mac-address mac-address-mask | any} vlan vlan-id {ip-address | any | opcode code-number} [count [byte] | log ] [order] [monitor] To remove this filter, use the no seq sequence-number command.
Parameters

Syntax

sequence-number deny permit

Enter a number from 0 to 4294967290. Enter the keyword deny to drop all traffic meeting the filter criteria. Enter the keyword permit to forward all traffic meeting the filter criteria.

any vlan vlan-id

Enter the keyword any to match and drop any ARP traffic on the interface. Enter the keyword vlan followed by the VLAN ID to filter traffic associated with a specific VLAN. Range: 1 to 4094, 1-2094 for ExaScale (can used IDs 1-4094) To filter all VLAN traffic specify VLAN 1. Enter an IP address in dotted decimal format (A.B.C.D) as the target IP address of the ARP. Enter the keyword opcode followed by the number of the ARP opcode. Range: 1 to 16. (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. (OPTIONAL, E-Series only) Enter the keyword log to have the information kept in an ACL log file. (OPTIONAL) Enter the keyword order to specify the QoS priority for the ACL entry. Range: 0-254 (where 0 is the highest priority and 254 is the lowest; lower order numbers have a higher priority) Default: If the order keyword is not used, the ACLs have the lowest order by default (255). (OPTIONAL) Enter the keyword monitor when the rule is describing the traffic that you want to monitor and the ACL in which you are creating the rule will be applied to the monitored interface. For details, see the section Flow-based Monitoring in the Port Monitoring chapter of the FTOS Configuration Guide.

ip-address opcode code-number

count byte log order

monitor

242

Access Control Lists (ACL)

seq ether-type

Defaults Command Modes Command History

Not configured. CONFIGURATION-EXTENDED-ACCESS-LIST

Usage Information

The monitor option is relevant in the context of the flow-based monitoring feature only. See Chapter 44, Port Monitoring. When you use the log option, CP processor logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to log these packets details. The order option is relevant in the context of the Policy QoS feature only. The following applies: The seq sequence-number is applicable only in an ACL group. The order option works across ACL groups that have been applied on an interface via QoS policy framework. The order option takes precedence over the seq sequence-number. If sequence-number is not configured, then rules with the same order value are ordered according to their configuration order. If the sequence-number is configured, then the sequence-number is used as a tie breaker for rules with the same order.

Note: When ACL logging and byte counters are configured simultaneously, byte
counters may display an incorrect value. Configure packet counters with logging instead. You cannot include IP, TCP or UDP (Layer 3) filters in an ACL configured with ARP or Ether-type (Layer 2) filters. Apply Layer 2 ACLs to interfaces in Layer 2 mode.

seq ether-type
e
Configure an egress filter with a specific sequence number that filters traffic with specified types of Ethernet packets. This command is supported only on 12-port GE line cards with SFP optics; refer to your line card documentation for specifications. seq sequence-number {deny | permit} ether-type protocol-type-number {destination-mac-address mac-address-mask | any} vlan vlan-id {source-mac-address mac-address-mask | any} [count [byte] | log ] [order] [monitor] sequence-number deny
Enter a number from 0 to 4294967290. Enter the keyword deny to drop all traffic meeting the filter criteria.

Syntax

Parameters

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

243

seq ether-type

permit protocol-type-number

Enter the keyword permit to forward all traffic meeting the filter criteria. Enter a number from 600 to FFFF as the specific Ethernet type traffic to drop.

any vlan vlan-id

Enter the keyword any to match and drop specific Ethernet traffic on the interface. Enter the keyword vlan followed by the VLAN ID to filter traffic associated with a specific VLAN. Range: 1 to 4094, 1-2094 for ExaScale (can used IDs 1-4094) To filter all VLAN traffic specify VLAN 1. Enter a MAC address and mask in the nn:nn:nn:nn:nn format. For the MAC address mask, specify which bits in the MAC address must match. The MAC ACL supports an inverse mask, therefore, a mask of ff:ff:ff:ff:ff:ff allows entries that do not match and a mask of 00:00:00:00:00:00 only allows entries that match exactly. (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. (OPTIONAL, E-Series only) Enter the keyword log to have the information kept in an ACL log file. (OPTIONAL) Enter the keyword order to specify the QoS priority for the ACL entry. Range: 0-254 (where 0 is the highest priority and 254 is the lowest; lower order numbers have a higher priority) Default: If the order keyword is not used, the ACLs have the lowest order by default (255). (OPTIONAL) Enter the keyword monitor when the rule is describing the traffic that you want to monitor and the ACL in which you are creating the rule will be applied to the monitored interface. For details, see the section Flow-based Monitoring in the Port Monitoring chapter of the FTOS Configuration Guide.

source-mac-address mac-address-mask

count byte log order

monitor

Defaults Command Modes Command History

Not configured. CONFIGURATION-EXTENDED-ACCESS-LIST

244

Access Control Lists (ACL)

seq The monitor option is relevant in the context of the flow-based monitoring feature only. See Chapter 44, Port Monitoring. When you use the log option, CP processor logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to log these packets details. The order option is relevant in the context of the Policy QoS feature only. The following applies: The seq sequence-number is applicable only in an ACL group. The order option works across ACL groups that have been applied on an interface via QoS policy framework. The order option takes precedence over the seq sequence-number. If sequence-number is not configured, then rules with the same order value are ordered according to their configuration order. If the sequence-number is configured, then the sequence-number is used as a tie breaker for rules with the same order.

Usage Information

seq
ces
Syntax

Assign a sequence number to a deny or permit filter in an extended IP access list while creating the filter. seq sequence-number {deny | permit} {ip-protocol-number | icmp | ip | tcp | udp} {source mask | any | host ip-address} {destination mask | any | host ip-address} [operator port [port]] [count [byte] | log ] [dscp value] [order] [monitor] [fragments] sequence-number deny permit ip-protocol-number icmp ip tcp udp
Enter a number from 0 to 4294967290. Enter the keyword deny to configure a filter to drop packets meeting this condition. Enter the keyword permit to configure a filter to forward packets meeting this criteria. Enter a number from 0 to 255 to filter based on the protocol identified in the IP protocol header. Enter the keyword icmp to configure an ICMP access list filter. Enter the keyword ip to configure a generic IP access list. The keyword ip specifies that the access list will permit all IP protocols. Enter the keyword tcp to configure a TCP access list filter. Enter the keyword udp to configure a UDP access list filter.

Parameters

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

245

seq

source mask any host ip-address operator

Enter the IP address of the network or host from which the packets were sent. Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in A.B.C.D format, may be either contiguous or non-contiguous. Enter the keyword any to specify that all routes are subject to the filter. Enter the keyword host followed by the IP address to specify a host IP address. (OPTIONAL) Enter one of the following logical operands:

eq = equal to neq = not equal to gt = greater than lt = less than range = inclusive range of ports (you must specify two ports for the port parameter.)

port port

(OPTIONAL) Enter the application layer port number. Enter two port numbers if using the range logical operand. Range: 0 to 65535 The following list includes some common TCP port numbers: 23 = Telnet 20 and 21 = FTP 25 = SMTP 169 = SNMP

destination message-type

Enter the IP address of the network or host to which the packets are sent. (OPTIONAL) Enter an ICMP message type, either with the type (and code, if necessary) numbers or with the name of the message type (ICMP message types are listed in Table 13). Range: 0 to 255 for ICMP type; 0 to 255 for ICMP code (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. (OPTIONAL, E-Series only) Enter the keyword log to enter ACL matches in the log. Supported on Jumbo-enabled line cards only. (OPTIONAL) Enter the keyword dcsp to match to the IP DCSCP values. (OPTIONAL) Enter the keyword order to specify the QoS priority for the ACL entry. Range: 0-254 (where 0 is the highest priority and 254 is the lowest; lower order numbers have a higher priority) Default: If the order keyword is not used, the ACLs have the lowest order by default (255). (OPTIONAL) Enter the keyword monitor when the rule is describing the traffic that you want to monitor and the ACL in which you are creating the rule will be applied to the monitored interface. For details, see the section Flow-based Monitoring in the Port Monitoring chapter of the FTOS Configuration Guide. Enter the keyword fragments to use ACLs to control packet fragments.

count byte log dscp order

monitor

fragments
Defaults Command Modes

Not configured CONFIGURATION-EXTENDED-ACCESS-LIST

246

Access Control Lists (ACL)

seq

Command History

Version 8.3.1.0 Version 8.2.1.0 Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 Version 6.5.10

Add DSCP value for ACL matching. Allows ACL control of fragmented packets for IP (Layer 3) ACLs. Introduced on E-Series ExaScale Added support for S-Series Added support for C-Series Added support for non-contiguous mask and added the monitor option. Deprecated established keyword Expanded to include the optional QoS order priority for the ACL entry.

Usage Information

If the sequence-number is configured, then the sequence-number is used as a tie breaker for rules with the same order.

Note: When ACL logging and byte counters are configured simultaneously, byte
counters may display an incorrect value. Configure packet counters with logging instead.
Related Commands

deny permit

Configure a filter to drop packets. Configure a filter to forward packets.

Common MAC Access List Commands

The following commands are available within both MAC ACL modes (Standard and Extended) and do not have mode-specific options.

c and s platforms support Ingress MAC ACLs only.

The following commands allow you to clear, display and assign MAC ACL configurations. clear counters mac access-group mac access-group Publication Date: July 20, 2011 247

Command Line Reference for FTOS version 8.4.2.4

clear counters mac access-group

show mac access-lists show mac accounting access-list

clear counters mac access-group

ces
Syntax Parameters

Clear counters for all or a specific MAC ACL. clear counters mac access-group [mac-list-name] mac-list-name EXEC Privilege
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Support added for S-Series Support added for C-Series Introduced for E-Series (OPTIONAL) Enter the name of a configured MAC access list.

Command Modes Command History

mac access-group
ces
Syntax Parameters

Apply a MAC ACL to traffic entering or exiting an interface. mac access-group access-list-name {in [vlan vlan-range] | out} access-list-name vlan vlan-range
Enter the name of a configured MAC access list, up to 140 characters. (OPTIONAL) Enter the keyword vlan followed a range of VLANs. Note that this option is available only with the in keyword option. Range: 1 to 4094, 1-2094 for ExaScale (can used IDs 1-4094) Enter the keyword in to configure the ACL to filter incoming traffic. Enter the keyword out to configure the ACL to filter outgoing traffic. Not available on S-Series.

in out

Defaults Command Modes Command History

No default behavior or configuration INTERFACE

248

Access Control Lists (ACL)

show mac access-lists

Usage Information

You can assign one ACL (standard or extended) to an interface. Prior to 7.8.1.0, names are up to 16 characters long.

Related Commands

mac access-list standard mac access-list extended

Configure a standard MAC ACL. Configure an extended MAC ACL.

show mac access-lists

ces
Syntax Parameters

Display all of the Layer 2 ACLs configured in the system, whether or not they are applied to an interface, and the count of matches/mismatches against each ACL entry displayed. show mac access-lists [access-list-name] [interface interface] [in|out] access-list-name interface interface
Enter the name of a configured MAC ACL, up to 140 characters. Enter the keyword interface followed by the one of the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 255 for TeraScale and 1 - 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

in | out
Command Modes Command History

Identify whether ACL is applied on ingress or egress side.

EXEC Privilege
\

Version 8.4.1.0

Introduced

show mac accounting access-list

ces
Syntax Display MAC access list configurations and counters (if configured).

show mac accounting access-list access-list-name interface interface in | out

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

249

show mac accounting access-list

Parameters

access-list-name interface interface

Enter the name of a configured MAC ACL, up to 140 characters. Enter the keyword interface followed by the one of the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 - 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

in | out
Command Modes

Identify whether ACL is applied ay Ingress (in) or egress (out) side.

EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0

Introduced on E-Series ExaScale Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Support added for S-Series Support added for C-Series Introduced for E-Series

Example

Figure 86 Command Example: show mac accounting access-list

Force10#show mac accounting access-list mac-ext interface po 1 Extended mac access-list mac-ext on GigabitEthernet 0/11 seq 5 permit host 00:00:00:00:00:11 host 00:00:00:00:00:19 seq 10 deny host 00:00:00:00:00:21 host 00:00:00:00:00:29 seq 15 deny host 00:00:00:00:00:31 host 00:00:00:00:00:39 seq 20 deny host 00:00:00:00:00:41 host 00:00:00:00:00:49 seq 25 permit any any count (0 packets) Extended mac access-list mac-ext on GigabitEthernet 0/12 seq 5 permit host 00:00:00:00:00:11 host 00:00:00:00:00:19 seq 10 deny host 00:00:00:00:00:21 host 00:00:00:00:00:29 seq 15 deny host 00:00:00:00:00:31 host 00:00:00:00:00:39 seq 20 deny host 00:00:00:00:00:41 host 00:00:00:00:00:49 seq 25 permit any any count (0 packets) Force10#

count (393794576 packets) count (89076777 packets) count (0 packets) count (0 packets) count (57589834 packets) count (393143077 packets) count (0 packets) count (0 packets)

Usage Information Related Commands

The ACL hit counters in this command increment the counters for each matching rule, not just the first matching rule.
show mac accounting destination Display destination counters for Layer 2 traffic (available on physical interfaces only).

250

Access Control Lists (ACL)

deny

Standard MAC ACL Commands

When an access-list is created without any rule and then applied to an interface, ACL behavior reflects implicit permit.

c and s platforms support Ingress MAC ACLs only.

The following commands configure standard MAC ACLs: deny mac access-list standard permit seq

Note: See also Commands Common to all ACL Types and Common MAC Access
List Commands.

deny
ces
Syntax

Configure a filter to drop packets with a the MAC address specified. deny {any | mac-source-address [mac-source-address-mask]} [count [byte]] [log] [monitor] To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no deny {any | mac-source-address mac-source-address-mask} command. any mac-source-address mac-source-address-mask
Enter the keyword any to specify that all traffic is subject to the filter. Enter a MAC address in nn:nn:nn:nn:nn:nn format. (OPTIONAL) Specify which bits in the MAC address must match. If no mask is specified, a mask of 00:00:00:00:00:00 is applied (in other words, the filter allows only MAC addresses that match). (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. (OPTIONAL, E-Series only) Enter the keyword log to log the packets. (OPTIONAL) Enter the keyword monitor when the rule is describing the traffic that you want to monitor and the ACL in which you are creating the rule will be applied to the monitored interface. For details, see the section Flow-based Monitoring in the Port Monitoring chapter of the FTOS Configuration Guide.

Parameters

count byte log monitor

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

251

mac access-list standard

Defaults Command Modes Command History

Not enabled. CONFIGURATION-MAC ACCESS LIST-STANDARD

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Support added for S-Series Support added for C-Series Added monitor option Introduced for E-Series

Note: When ACL logging and byte counters are configured simultaneously, byte
counters may display an incorrect value. Configure packet counters with logging instead.
Usage Information

When you use the log option, CP processor logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to log these packets details.
permit seq Configure a MAC address filter to pass packets. Configure a MAC address filter with a specified sequence number.

Related Commands

mac access-list standard

ces
Name a new or existing MAC access control list (MAC ACL) and enter the MAC ACCESS LIST mode to configure a standard MAC ACL. See Commands Common to all ACL Types and Common MAC Access List Commands. mac access-list standard mac-list-name mac-list-name
Enter a text string as the name of the standard MAC access list (140 character maximum).

Syntax Parameters

Defaults Command Modes Command History

Not configured CONFIGURATION

Usage Information

FTOS supports one ingress and one egress MAC ACL per interface.

252

Access Control Lists (ACL)

permit

Prior to 7.8.1.0, names are up to 16 characters long. The number of entries allowed per ACL is hardware-dependent. Refer to your line card documentation for detailed specification on entries allowed per ACL. C-Series and S-Series support ingress ACLs only.
Example

Figure 87 Command Example: mac-access-list standard

Force10(conf)#mac-access-list access-list standard TestMAC Force10(config-std-macl)#? deny Specify packets to reject description List description exit Exit from access-list configuration mode no Negate a command or set its defaults permit Specify packets to forward remark Specify access-list entry remark seq Sequence numbers show Show Standard ACL configuration

permit
ces
Syntax

Configure a filter to forward packets from a specific source MAC address. permit {any | mac-source-address [mac-source-address-mask]} [count [byte]] | [log] [monitor] To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no permit {any | mac-source-address mac-source-address-mask} command. any mac-source-address mac-source-address-mask
Enter the keyword any to forward all packets received with a MAC address. Enter a MAC address in nn:nn:nn:nn:nn:nn format. (OPTIONAL) Specify which bits in the MAC address must match. If no mask is specified, a mask of 00:00:00:00:00:00 is applied (in other words, the filter allows only MAC addresses that match). (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter.

Parameters

count byte

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

253

seq

log monitor

(OPTIONAL, E-Series only) Enter the keyword log to log the packets. (OPTIONAL) Enter the keyword monitor when the rule is describing the traffic that you want to monitor and the ACL in which you are creating the rule will be applied to the monitored interface. For details, see the section Flow-based Monitoring in the Port Monitoring chapter of the FTOS Configuration Guide.

Defaults Command Modes Command History

Not configured. CONFIGURATION-MAC ACCESS LIST-STANDARD

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Support added for S-Series Support added for C-Series Introduced for E-Series

Note: When ACL logging and byte counters are configured simultaneously, byte
counters may display an incorrect value. Configure packet counters with logging instead.
Usage Information

When you use the log option, CP processor logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to log these packets details.
deny seq Configure a MAC ACL filter to drop packets. Configure a MAC ACL filter with a specified sequence number.

Related Commands

seq
ces
Syntax

Assign a sequence number to a deny or permit filter in a MAC access list while creating the filter. seq sequence-number {deny | permit} {any | mac-source-address [mac-source-address-mask]} [count [byte]] [log] [monitor] sequence-number deny permit any mac-source-address
Enter a number between 0 and 65535. Enter the keyword deny to configure a filter to drop packets meeting this condition. Enter the keyword permit to configure a filter to forward packets meeting this criteria. Enter the keyword any to filter all packets. Enter a MAC address in nn:nn:nn:nn:nn:nn format.

Parameters

254

Access Control Lists (ACL)

seq

mac-source-address-mask

(OPTIONAL) Specify which bits in the MAC address must match. If no mask is specified, a mask of 00:00:00:00:00:00 is applied (in other words, the filter allows only MAC addresses that match). (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. (OPTIONAL, E-Series only) Enter the keyword log to log the packets. (OPTIONAL) Enter the keyword monitor when the rule is describing the traffic that you want to monitor and the ACL in which you are creating the rule will be applied to the monitored interface. For details, see the section Flow-based Monitoring in the Port Monitoring chapter of the FTOS Configuration Guide.

count byte log monitor

Defaults Command Modes Command History

Not configured. CONFIGURATION-MAC ACCESS LIST-STANDARD

Note: When ACL logging and byte counters are configured simultaneously, byte
counters may display an incorrect value. Configure packet counters with logging instead.
Usage Information

When you use the log option, CP processor logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to log these packets details.
deny permit Configure a filter to drop packets. Configure a filter to forward packets.

Related Commands

Extended MAC ACL Commands

When an access-list is created without any rule and then applied to an interface, ACL behavior reflects implicit permit.

c and s platforms support Ingress MAC ACLs only.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

255

deny

The following commands configure Extended MAC ACLs. deny mac access-list extended permit seq

Note: See also Commands Common to all ACL Types and Common MAC Access
List Commands.

deny
ces
Syntax

Configure a filter to drop packets that match the filter criteria. deny {any | host mac-address | mac-source-address mac-source-address-mask} {any | host mac-address | mac-destination-address mac-destination-address-mask} [ethertype-operator] [count [byte]] [log] [monitor] To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no deny {any | host mac-address | mac-source-address mac-source-address-mask} {any | host mac-address | mac-destination-address mac-destination-address-mask} command. any host mac-address mac-source-address mac-source-address-mask
Enter the keyword any to drop all packets. Enter the keyword host followed by a MAC address to drop packets with that host address. Enter the source MAC address in nn:nn:nn:nn:nn:nn format. Specify which bits in the MAC address must match. The MAC ACL supports an inverse mask, therefore, a mask of ff:ff:ff:ff:ff:ff allows entries that do not match and a mask of 00:00:00:00:00:00 only allows entries that match exactly. Enter the destination MAC address and mask in nn:nn:nn:nn:nn:nn format. Specify which bits in the MAC address must match. The MAC ACL supports an inverse mask, therefore, a mask of ff:ff:ff:ff:ff:ff allows entries that do not match and a mask of 00:00:00:00:00:00 only allows entries that match exactly. (OPTIONAL) To filter based on protocol type, enter one of the following Ethertypes:

Parameters

mac-destination-address mac-destination-address-mask

ethertype operator

ev2 - is the Ethernet II frame format. llc - is the IEEE 802.3 frame format. snap - is the IEEE 802.3 SNAP frame format.

256

Access Control Lists (ACL)

mac access-list extended

count byte log monitor

(OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. (OPTIONAL, E-Series only) Enter the keyword log to log the packets. (OPTIONAL) Enter the keyword monitor when the rule is describing the traffic that you want to monitor and the ACL in which you are creating the rule will be applied to the monitored interface. For details, see the section Flow-based Monitoring in the Port Monitoring chapter of the FTOS Configuration Guide.

Defaults Command Modes Command History

Not configured. CONFIGURATION-MAC ACCESS LIST-EXTENDED

Note: When ACL logging and byte counters are configured simultaneously, byte
counters may display an incorrect value. Configure packet counters with logging instead.
Usage Information

When you use the log option, CP processor logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to log these packets details.
permit seq Configure a filter to forward based on MAC addresses. Configure a filter with specific sequence numbers.

Related Commands

mac access-list extended

ces
Syntax Parameters

Name a new or existing extended MAC access control list (extended MAC ACL). . mac access-list extended access-list-name access-list-name No default configuration CONFIGURATION
Enter a text string as the MAC access list name, up to 140 characters.

Defaults Command Modes

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

257

permit

Command History

Version 8.1.1.0 Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0

Usage Information

Example

Figure 88 Command Example: mac-access-list extended

Force10(conf)#mac-access-list access-list extended TestMATExt Force10(config-ext-macl)#remark 5 IPv4 Force10(config-ext-macl)#seq 10 permit any any ev2 eq 800 count bytes Force10(config-ext-macl)#remark 15 ARP Force10(config-ext-macl)#seq 20 permit any any ev2 eq 806 count bytes Force10(config-ext-macl)#remark 25 IPv6 Force10(config-ext-macl)#seq 30 permit any any ev2 eq 86dd count bytes Force10(config-ext-macl)#seq 40 permit any any count bytes Force10(config-ext-macl)#exit Force10(conf)#do show mac accounting access-list snickers interface g0/47 in Extended mac access-list snickers on GigabitEthernet 0/47 seq 10 permit any any ev2 eq 800 count bytes (559851886 packets 191402152148 bytes) seq 20 permit any any ev2 eq 806 count bytes (74481486 packets 5031686754 bytes) seq 30 permit any any ev2 eq 86dd count bytes (7751519 packets 797843521 bytes)

Related Commands

mac access-list standard show mac accounting access-list

Configure a standard MAC access list. Display MAC access list configurations and counters (if

configured).

permit
ces
Syntax

Configure a filter to pass packets matching the criteria specified. permit {any | host mac-address | mac-source-address mac-source-address-mask} {any | host mac-address | mac-destination-address mac-destination-address-mask} [ethertype operator] [count [byte]] | [log] [monitor] To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no permit {any | host mac-address | mac-source-address mac-source-address-mask} {any | mac-destination-address mac-destination-address-mask} command.

258

Access Control Lists (ACL)

permit

Parameters

any host mac-source-address mac-source-address-mask

Enter the keyword any to forward all packets. Enter the keyword host followed by a MAC address to forward packets with that host address. Enter the source MAC address in nn:nn:nn:nn:nn:nn format. Specify which bits in the MAC address must be matched. The MAC ACL supports an inverse mask, therefore, a mask of ff:ff:ff:ff:ff:ff allows entries that do not match and a mask of 00:00:00:00:00:00 only allows entries that match exactly. Enter the destination MAC address and mask in nn:nn:nn:nn:nn:nn format. Specify which bits in the MAC address must be matched. The MAC ACL supports an inverse mask, therefore, a mask of ff:ff:ff:ff:ff:ff allows entries that do not match and a mask of 00:00:00:00:00:00 only allows entries that match exactly. (OPTIONAL) To filter based on protocol type, enter one of the following Ethertypes:

mac-destination-address mac-destination-address-mask

ethertype operator

ev2 - is the Ethernet II frame format. llc - is the IEEE 802.3 frame format. snap - is the IEEE 802.3 SNAP frame format.

count byte log monitor

Defaults Command Modes Command History

Not configured. CONFIGURATION-MAC ACCESS LIST-EXTENDED

Note: When ACL logging and byte counters are configured simultaneously, byte
counters may display an incorrect value. Configure packet counters with logging instead.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

259

seq When you use the log option, CP processor logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to log these packets details.
deny seq Configure a filter to drop traffic based on the MAC address. Configure a filter with specific sequence numbers.

Usage Information

Related Commands

seq
ces
Syntax

Configure a filter with a specific sequence number. seq sequence-number {deny | permit} {any | host mac-address | mac-source-address mac-source-address-mask} {any | host mac-address | mac-destination-address mac-destination-address-mask} [ethertype operator] [count [byte]] [log] [monitor] sequence-number deny permit any host mac-address mac-source-address
Enter a number as the filter sequence number. Range: zero (0) to 65535. Enter the keyword deny to drop any traffic matching this filter. Enter the keyword permit to forward any traffic matching this filter. Enter the keyword any to filter all packets. Enter the keyword host followed by a MAC address to filter packets with that host address. Enter the source MAC address in nn:nn:nn:nn:nn:nn format. The MAC ACL supports an inverse mask, therefore, a mask of ff:ff:ff:ff:ff:ff allows entries that do not match and a mask of 00:00:00:00:00:00 only allows entries that match exactly. Specify which bits in the MAC address must be matched. Enter the destination MAC address and mask in nn:nn:nn:nn:nn:nn format. The MAC ACL supports an inverse mask, therefore, a mask of ff:ff:ff:ff:ff:ff allows entries that do not match and a mask of 00:00:00:00:00:00 only allows entries that match exactly.

Parameters

mac-source-address-mask mac-destination-address

mac-destination-address-mask Specify which bits in the MAC address must be matched.

ethertype operator

(OPTIONAL) To filter based on protocol type, enter one of the following Ethertypes:

ev2 - is the Ethernet II frame format. llc - is the IEEE 802.3 frame format. snap - is the IEEE 802.3 SNAP frame format.

count byte

(OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter.

260

Access Control Lists (ACL)

seq

log monitor

Defaults Command Modes Command History

Not configured CONFIGURATION-MAC ACCESS LIST-STANDARD

Note: When ACL logging and byte counters are configured simultaneously, byte
counters may display an incorrect value. Configure packet counters with logging instead.
Usage Information

When you use the log option, CP processor logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to log these packets details.
deny permit Configure a filter to drop traffic. Configure a filter to forward traffic.

Related Commands

IP Prefix List Commands

When an access-list is created without any rule and then applied to an interface, ACL behavior reflects implicit permit. Use these commands to configure or enable IP prefix lists. clear ip prefix-list deny ip prefix-list permit seq show config show ip prefix-list detail show ip prefix-list summary

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

261

clear ip prefix-list

clear ip prefix-list
ces
Syntax Parameters

Reset the number of times traffic met the conditions (hit counters) of the configured prefix lists. clear ip prefix-list [prefix-name] prefix-name
(OPTIONAL) Enter the name of the configured prefix list to clear only counters for that prefix list, up to 140 characters long.

Command Modes Command History

EXEC Privilege
Version 8.1.1.0 Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Support added for S-Series Support added for C-Series Introduced for E-Series

Default Related Commands

Clears hit counters for all prefix lists unless a prefix list is specified.
ip prefix-list Configure a prefix list.

deny
ces
Syntax Parameters

Configure a filter to drop packets meeting the criteria specified. deny ip-prefix [ge min-prefix-length] [le max-prefix-length] ip-prefix ge min-prefix-length le max-prefix-length
Specify an IP prefix in the network/length format. For example, 35.0.0.0/8 means match the first 8 bits of address 35.0.0.0. (OPTIONAL) Enter the keyword ge followed by the minimum prefix length, which is a number from zero (0) to 32. (OPTIONAL) Enter the keyword le followed by the maximum prefix length, which is a number from zero (0) to 32.

Defaults Command Modes Command History

Not configured. PREFIX-LIST

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Support added for S-Series Support added for C-Series Introduced for E-Series

262

Access Control Lists (ACL)

ip prefix-list

Usage Information

Sequence numbers for this filter are automatically assigned starting at sequence number 5. If the options ge or le are not used, only packets with an exact match to the prefix are filtered.

Related Commands

permit seq

Configure a filter to pass packets. Configure a drop or permit filter with a specified sequence number.

ip prefix-list
ces
Syntax Parameters

Enter the PREFIX-LIST mode and configure a prefix list. ip prefix-list prefix-name prefix-name
Enter a string up to 16 characters long as the name of the prefix list, up to 140 characters long.

Command Modes Command History

CONFIGURATION
Version 8.1.1.0 Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Support added for S-Series Support added for C-Series Introduced for E-Series

Usage Information

Prefix lists redistribute OSPF and RIP routes meeting specific criteria. For related RIP commands supported on C-Series and E-Series, see Chapter 48, Router Information Protocol (RIP). For related OSPF commands supported on all three platforms, see Chapter 38, Open Shortest Path First (OSPFv2 and OSPFv3). Prior to 7.8.1.0, names are up to 16 characters long.

Related Commands

show ip route list show ip prefix-list summary

Display IP routes in an IP prefix list. Display a summary of the configured prefix lists.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

263

permit

permit
ces
Syntax Parameters

Configure a filter that passes packets meeting the criteria specified. permit ip-prefix [ge min-prefix-length] [le max-prefix-length] ip-prefix ge min-prefix-length le max-prefix-length
Specify an IP prefix in the network/length format. For example, 35.0.0.0/8 means match the first 8 bits of address 35.0.0.0. (OPTIONAL) Enter the keyword ge followed by the minimum prefix length, which is a number from zero (0) to 32. (OPTIONAL) Enter the keyword le followed by the maximum prefix length, which is a number from zero (0) to 32.

Command Modes Command History

PREFIX-LIST
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Support added for S-Series Support added for C-Series Introduced for E-Series

Usage Information

Sequence numbers for this filter are automatically assigned starting at sequence number 5. If the options ge or le are not used, only packets with an exact match to the prefix are filtered.

Related Commands

deny seq

Configure a filter to drop packets. Configure a drop or permit filter with a specified sequence number.

seq
ces
Syntax

Assign a sequence number to a deny or permit filter in a prefix list while configuring the filter. seq sequence-number {deny | permit} {any} | [ip-prefix /nn {ge min-prefix-length} {le max-prefix-length}] | [bitmask number ] sequence-number deny permit any ip-prefix /nn ge min-prefix-length
Enter a number. Range: 1 to 4294967294. Enter the keyword deny to configure a filter to drop packets meeting this condition. Enter the keyword permit to configure a filter to forward packets meeting this condition. (OPTIONAL) Enter the keyword any to match any packets. (OPTIONAL) Specify an IP prefix in the network/length format. For example, 35.0.0.0/8 means match the first 8 bits of address 35.0.0.0. (OPTIONAL) Enter the keyword ge followed by the minimum prefix length, which is a number from zero (0) to 32.

Parameters

264

Access Control Lists (ACL)

show config

le max-prefix-length bitmask number

(OPTIONAL) Enter the keyword le followed by the maximum prefix length, which is a number from zero (0) to 32. Enter the keyword bitmask followed by a bit mask number in dotted decimal format.

Defaults Command Modes Command History

Not configured. PREFIX-LIST

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 6.3.1.0 Introduced on E-Series ExaScale Added support for S-Series Added support for C-Series Added bit mask option

Usage Information Related Commands

If the options ge or le are not used, only packets with an exact match to the prefix are filtered.

deny permit

Configure a filter to drop packets. Configure a filter to pass packets.

show config
ces
Syntax Command Modes Command History Display the current PREFIX-LIST configurations.

show config PREFIX-LIST

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Support added for S-Series Support added for C-Series Introduced for E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

265

show ip prefix-list detail

Example

Figure 89 Command Example: show config

Force10(conf-nprefixl)#show config ! ip prefix-list snickers Force10(conf-nprefixl)#

show ip prefix-list detail

ces
Syntax Parameters Display details of the configured prefix lists.

show ip prefix-list detail [prefix-name] prefix-name

(OPTIONAL) Enter a text string as the name of the prefix list, up to 140 characters.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0

Example

Figure 90 Command Example: show ip prefix-list detail

Force10#show ip prefix-list detail Prefix-list with the last deletion/insertion: filter_ospf ip prefix-list filter_in: count: 3, range entries: 3, sequences: 5 - 10 seq 5 deny 1.102.0.0/16 le 32 (hit count: 0) seq 6 deny 2.1.0.0/16 ge 23 (hit count: 0) seq 10 permit 0.0.0.0/0 le 32 (hit count: 0) ip prefix-list filter_ospf: count: 4, range entries: 1, sequences: 5 - 10 seq 5 deny 100.100.1.0/24 (hit count: 5) seq 6 deny 200.200.1.0/24 (hit count: 1) seq 7 deny 200.200.2.0/24 (hit count: 1) seq 10 permit 0.0.0.0/0 le 32 (hit count: 132) Force10#

show ip prefix-list summary

ces
Syntax

Display a summary of the configured prefix lists. show ip prefix-list summary [prefix-name]

266

Access Control Lists (ACL)

show ip prefix-list summary

Parameters

prefix-name

(OPTIONAL) Enter a text string as the name of the prefix list, up to 140 characters long.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0

Example

Figure 91 Command Example: show ip prefix-list summary

Force10#show ip prefix summary Prefix-list with the last deletion/insertion: test ip prefix-list test: count: 3, range entries: 1, sequences: 5 - 15 ip prefix-list test1: count: 2, range entries: 2, sequences: 5 - 10 ip prefix-list test2: count: 1, range entries: 1, sequences: 5 - 5 ip prefix-list test3: count: 1, range entries: 1, sequences: 5 - 5 ip prefix-list test4: count: 1, range entries: 1, sequences: 5 - 5 ip prefix-list test5: count: 1, range entries: 1, sequences: 5 - 5 ip prefix-list test6: count: 1, range entries: 1, sequences: 5 - 5 Force10#

Route Map Commands

When an access-list is created without any rule and then applied to an interface, ACL behavior reflects implicit permit. The following commands allow you to configure route maps and their redistribution criteria. continue description match as-path match community match interface match ip address match ip next-hop match ip route-source match metric match origin match route-type

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

267

continue

match tag route-map set as-path set automatic-tag set comm-list delete set community set level set local-preference set metric set metric-type set next-hop set origin set tag set weight show config show route-map

continue
ces
Syntax Parameters

Configure a route-map to go to a route-map entry with a higher sequence number. continue [sequence-number] sequence-number
(OPTIONAL) Enter the route map sequence number. Range: 1 - 65535 Default: no sequence number

Defaults Command Modes Command History

Not Configured ROUTE-MAP

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 Introduced on E-Series ExaScale Support added for S-Series Support added for C-Series Introduced

Usage Information

The continue feature allows movement from one route-map entry to a specific route-map entry (the sequence number). If the sequence number is not specified, the continue feature simply moves to the next sequence number (also known as an implied continue). If a match clause exists, the continue feature executes only after a successful match occurs. If there are no successful matches, continue is ignored.

Match clause with Continue clause

The continue feature can exist without a match clause. A continue clause without a match clause executes and jumps to the specified route-map entry.

268

Access Control Lists (ACL)

description

With a match clause and a continue clause, the match clause executes first and the continue clause next in a specified route map entry. The continue clause launches only after a successful match. The behavior is: A successful match with a continue clausethe route map executes the set clauses and then goes to the specified route map entry upon execution of the continue clause. If the next route map entry contains a continue clause, the route map will execute the continue clause if a successful match occurs. If the next route map entry does not contain a continue clause, the route map evaluates normally. If a match does not does not occur, the route map does not continue and will fall through to the next sequence number, if one exists.

Set clause with Continue clause

If the route-map entry contains sets with the continue clause, then set actions is performed first followed by the continue clause jump to the specified route map entry. If a set actions occurs in the first route map entry and then the same set action occurs with a different value in a subsequent route map entry, the last set of actions overrides the previous set of actions with the same set command. If set community additive and set as-path prepend are configure, the communities and AS numbers are pre-pended.
set community set as-path Specify a COMMUNITY attribute Configure a filter to modify the AS path

Related Commands

description
ces
Syntax Parameters

Add a description to this route map. description {description} description

Enter a description to identify the route map (80 characters maximum).

Defaults Command Modes Command History

No default behavior or values ROUTE-MAP

Version 8.1.1.0 pre-Version 7.7.1.0 Introduced on E-Series ExaScale Introduced Enable a route map

Related Commands

route-map

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

269

match as-path

match as-path
ces
Syntax Parameters

Configure a filter to match routes that have a certain AS number in their BGP path. match as-path as-path-name as-path-name Not configured. ROUTE-MAP
Version 8.1.1.0 Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Support added for S-Series Support added for C-Series Introduced for E-Series Enter the name of an established AS-PATH ACL, up to 140 characters.

Defaults Command Modes Command History

Related Commands

set as-path

Add information to the BGP AS_PATH attribute.

match community
ces
Syntax Parameters

Configure a filter to match routes that have a certain COMMUNITY attribute in their BGP path. match community community-list-name [exact] community-list-name exact
Enter the name of a configured community list. (OPTIONAL) Enter the keywords exact to process only those routes with this community list name.

Defaults Command Modes Command History

Not configured. ROUTE-MAP

Related Commands

ip community-list set community neighbor send-community

270

Access Control Lists (ACL)

match interface

match interface
ces
Syntax

Configure a filter to match routes whose next hop is on the interface specified. match interface interface To remove a match, use the no match interface interface command.

Parameters

interface

Enter the following keywords and slot/port or number information: For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/ port information. For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For the loopback interface, enter the keyword loopback followed by a number from zero (0) to 16383. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a Ten Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094, 1-2094 for ExaScale (can used IDs 1-4094).

Defaults Command Modes Command History

Not configured ROUTE-MAP

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Support added for S-Series Support added for C-Series Introduced for E-Series Redistribute routes that match an IP address. Redistribute routes that match the next-hop IP address. Redistribute routes that match routes advertised by other routers. Redistribute routes that match a specific metric. Redistribute routes that match a route type. Redistribute routes that match a specific tag.

Related Commands

match ip address match ip next-hop match ip route-source match metric match route-type match tag

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

271

match ip address

match ip address
ces
Syntax Parameters

Configure a filter to match routes based on IP addresses specified in an access list. match ip address prefix-list-name prefix-list-name Not configured. ROUTE-MAP
Version 8.1.1.0 Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Support added for S-Series Support added for C-Series Introduced for E-Series Redistribute routes that match the next-hop interface. Redistribute routes that match the next-hop IP address. Redistribute routes that match routes advertised by other routers. Redistribute routes that match a specific metric. Redistribute routes that match a route type. Redistribute routes that match a specific tag. Enter the name of configured prefix list, up to 140 characters.

Defaults Command Modes Command History

Related Commands

match interface match ip next-hop match ip route-source match metric match route-type match tag

match ip next-hop
ces
Syntax Parameters

Configure a filter to match based on the next-hop IP addresses specified in an IP access list or IP prefix list. match ip next-hop {access-list | prefix-list prefix-list-name} access-list-name prefix-list prefix-list-name
Enter the name of a configured IP access list, up to 140 characters. Enter the keywords prefix-list followed by the name of configured prefix list.

Defaults Command Modes Command History

Not configured. ROUTE-MAP

Version 8.1.1.0 Version 7.8.1.0 Version 7.6.1.0 Introduced on E-Series ExaScale Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Support added for S-Series

272

Access Control Lists (ACL)

match ip route-source

Version 7.5.1.0 pre-Version 6.1.1.0 Related Commands match interface match ip address match ip route-source match metric match route-type match tag

Support added for C-Series Introduced for E-Series Redistribute routes that match the next-hop interface. Redistribute routes that match an IP address. Redistribute routes that match routes advertised by other routers. Redistribute routes that match a specific metric. Redistribute routes that match a route type. Redistribute routes that match a specific tag.

match ip route-source
ces
Syntax Parameters

Configure a filter to match based on the routes advertised by routes specified in IP access lists or IP prefix lists. match ip route-source {access-list | prefix-list prefix-list-name} access-list-name prefix-list prefix-list-name
Enter the name of a configured IP access list, up to 140 characters. Enter the keywords prefix-list followed by the name of configured prefix list, up 10 140 characters.

Defaults Command Modes Command History

Not configured. ROUTE-MAP

Version 8.1.1.0 Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Support added for S-Series Support added for C-Series Introduced for E-Series Redistribute routes that match the next-hop interface. Redistribute routes that match an IP address. Redistribute routes that match the next-hop IP address. Redistribute routes that match a specific metric. Redistribute routes that match a route type. Redistribute routes that match a specific tag.

Related Commands

match interface match ip address match ip next-hop match metric match route-type match tag

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

273

match metric

match metric
ces
Syntax Parameters

Configure a filter to match on a specified value. match metric metric-value metric-value

Enter a value to match. Range: zero (0) to 4294967295.

Defaults Command Modes Command History

Not configured. ROUTE-MAP

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Support added for S-Series Support added for C-Series Introduced for E-Series Redistribute routes that match the next-hop interface. Redistribute routes that match an IP address. Redistribute routes that match the next-hop IP address. Redistribute routes that match routes advertised by other routers. Redistribute routes that match a route type. Redistribute routes that match a specific tag.

Related Commands

match interface match ip address match ip next-hop match ip route-source match route-type match tag

match origin
ces
Syntax Parameters

Configure a filter to match routes based on the value found in the BGP path ORIGIN attribute. match origin {egp | igp | incomplete} egp igp incomplete
Enter the keyword egp to match routes originating outside the AS. Enter the keyword igp to match routes originating within the same AS. Enter the keyword incomplete to match routes with incomplete routing information.

Defaults Command Modes Command History

Not configured. ROUTE-MAP

Version 8.1.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Introduced for E-Series

274

Access Control Lists (ACL)

match route-type

match route-type
ces
Syntax Parameters

Configure a filter to match routes based on the how the route is defined. match route-type {external [type-1 | type-2] | internal | level-1 | level-2 | local} external [type-1| type-2]
Enter the keyword external followed by either type-1 or type-2 to match only on OSPF Type 1 routes or OSPF Type 2 routes. Enter the keyword internal to match only on routes generated within OSPF areas. Enter the keyword level-1 to match IS-IS Level 1 routes. Enter the keyword level-2 to match IS-IS Level 2 routes. Enter the keyword local to match only on routes generated within the switch.

internal level-1 level-2 local

Defaults Command Modes Command History

Not configured. ROUTE-MAP

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Support added for S-Series Support added for C-Series Introduced for E-Series Redistribute routes that match the next-hop interface. Redistribute routes that match an IP address. Redistribute routes that match the next-hop IP address. Redistribute routes that match routes advertised by other routers. Redistribute routes that match a specific metric. Redistribute routes that match a tag.

Related Commands

match interface match ip address match ip next-hop match ip route-source match metric match tag

match tag
ces
Syntax Parameters

Configure a filter to redistribute only routes that match a specified tag value. match tag tag-value tag-value
Enter a value as the tag on which to match. Range: zero (0) to 4294967295.

Defaults Command Modes

Not configured ROUTE-MAP

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

275

route-map

Command History

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0

Introduced on E-Series ExaScale Support added for S-Series Support added for C-Series Introduced for E-Series Redistribute routes that match the next-hop interface. Redistribute routes that match an IP address. Redistribute routes that match the next-hop IP address. Redistribute routes that match routes advertised by other routers. Redistribute routes that match a specific metric. Redistribute routes that match a route type.

Related Commands

match interface match ip address match ip next-hop match ip route-source match metric match route-type

route-map
ces
Syntax Parameters

Enable a route map statement and configure its action and sequence number. This command also places you in the ROUTE-MAP mode. route-map map-name [permit | deny] [sequence-number] map-name permit
Enter a text string of up to 140 characters to name the route map for easy identification. (OPTIONAL) Enter the keyword permit to set the route map default as permit. If no keyword is specified, the default is permit. (OPTIONAL) Enter the keyword deny to set the route map default as deny. (OPTIONAL) Enter a number to identify the route map for editing and sequencing with other route maps. You are prompted for a sequence number if there are multiple instances of the route map. Range: 1 to 65535.

deny sequence-number

Defaults

Not configured If no keyword (permit or deny) is defined for the route map, the permit action is the default.

Command Modes Command History

CONFIGURATION
Version 8.1.1.0 Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0
\

276

Access Control Lists (ACL)

set as-path

Example

Figure 92 Command Example: route-map

Force10(conf)#route-map dempsey Force10(config-route-map)#

Usage Information

Use caution when you delete route maps because if you do not specify a sequence number, all route maps with the same map-name are deleted when you use no route-map map-name command. Prior to 7.8.1.0, names are up to 16 characters long.

Related Commands

show config

Display the current configuration.

set as-path
ces
Syntax Parameters

Configure a filter to modify the AS path for BGP routes. set as-path prepend as-number [... as-number] prepend as-number
Enter the keyword prepend followed by up to eight AS numbers to be inserted into the BGP path information. Range: 1 to 65535

Defaults Command Modes Command History

Not configured ROUTE-MAP

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Support added for S-Series Support added for C-Series Introduced for E-Series

Usage Information

You can prepend up to eight AS numbers to a BGP route. This command influences best path selection in BGP by inserting a tag or AS number into the AS_PATH attribute.

Related Commands

match as-path ip as-path access-list neighbor filter-list show ip community-lists

Redistribute routes that match an AS-PATH attribute. Configure an AS-PATH access list. Configure a BGP filter based on the AS-PATH attribute. Display configured IP Community access lists.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

277

set automatic-tag

set automatic-tag
ces
Syntax

Configure a filter to automatically compute the tag value of the route. set automatic-tag To return to the default, enter no set automatic-tag.

Defaults Command Modes Command History

Not configured. ROUTE-MAP

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Support added for S-Series Support added for C-Series Introduced for E-Series Specify the OSPF area for route redistribution. Specify the metric value assigned to redistributed routes. Specify the metric type assigned to redistributed routes. Specify the tag assigned to redistributed routes.

Related Commands

set level set metric set metric-type set tag

set comm-list delete

ces
Syntax Parameters

Configure a filter to remove the specified community list from the BGP routes COMMUNITY attribute. set comm-list community-list-name delete community-list-name Not configured. ROUTE-MAP
Version 8.1.1.0 Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Support added for S-Series Support added for C-Series Introduced for E-Series Enter the name of an established Community list, up to 140 characters.

Defaults Command Modes Command History

Usage Information

The community list used in the set comm-list delete command must be configured so that each filter contains only one community. For example, the filter deny 100:12 is acceptable, but the filter deny 120:13 140:33 results in an error.

278

Access Control Lists (ACL)

set community If the set comm-list delete command and the set community command are configured in the same route map sequence, then the deletion command (set comm-list delete) is processed before the insertion command (set community). Prior to 7.8.1.0, names are up to 16 characters long.
Related Commands ip community-list match community set community Configure community access list. Redistribute routes that match the COMMUNITY attribute. Specify a COMMUNITY attribute.

set community
ces
Syntax

Allows you to assign a BGP COMMUNITY attribute. set community {community-number | local-as | no-advertise | no-export | none} [additive] To delete a BGP COMMUNITY attribute assignment, use the no set community {community-number | local-as | no-advertise | no-export | none} command.

Parameters

community-number Enter the community number in AA:NN format where AA is the AS number (2
bytes) and NN is a value specific to that autonomous system.

local-AS

Enter the keywords local-AS to drop all routes with the COMMUNITY attribute of NO_EXPORT_SUBCONFED. All routes with the NO_EXPORT_SUBCONFED (0xFFFFFF03) community attribute must not be advertised to external BGP peers. Enter the keywords no-advertise to drop all routes containing the well-known community attribute of NO_ADVERTISE. All routes with the NO_ADVERTISE (0xFFFFFF02) community attribute must not be advertised to other BGP peers. Enter the keywords no-export to drop all routes containing the well-known community attribute of NO_EXPORT. All routes with the NO_EXPORT (0xFFFFFF01) community attribute must not be advertised outside a BGP confederation boundary. Enter the keywords none to remove the community attribute from routes meeting the route map criteria. (OPTIONAL) Enter the keyword additive add the communities to already existing communities.

no-advertise

no-export

none additive

Defaults Command Modes Command History

Not configured ROUTE-MAP

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Support added for S-Series Support added for C-Series Introduced for E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

279

set level

Related Commands

ip community-list match community neighbor send-community show ip bgp community show ip community-lists

Configure a Community access list. Redistribute routes that match a BGP COMMUNITY attribute. Assign the COMMUNITY attribute. Display BGP community groups. Display configured Community access lists.

set level
ces
Syntax Parameters

Configure a filter to specify the IS-IS level or OSPF area to which matched routes are redistributed. set level {backbone | level-1 | level-1-2 | level-2 | stub-area} backbone level-1 level-1-2 level-2 stub-area
Enter the keyword backbone to redistribute matched routes to the OSPF backbone area (area 0.0.0.0). Enter the keyword level-1 to redistribute matched routes to IS-IS Level 1. Enter the keyword level-1-2 to redistribute matched routes to IS-IS Level 1 and Level 2. Enter the keyword level-2 to redistribute matched routes to IS-IS Level 2. Enter the keyword stub to redistributed matched routes to OSPF stub areas.

Defaults Command Modes Command History

Not configured. ROUTE-MAP

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Support added for S-Series Support added for C-Series Introduced for E-Series Compute the tag value of the route. Specify the metric value assigned to redistributed routes. Specify the metric type assigned to redistributed routes. Specify the tag assigned to redistributed routes.

Related Commands

set automatic-tag set metric set metric-type set tag

280

Access Control Lists (ACL)

set local-preference

set local-preference
ces
Syntax Parameters

Configure a filter to set the BGP LOCAL_PREF attribute for routers within the local autonomous system. set local-preference value value
Enter a number as the LOCAL_PREF attribute value. Range: 0 to 4294967295

Defaults Command Modes Command History

Not configured ROUTE-MAP

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Support added for S-Series Support added for C-Series Introduced for E-Series

Usage Information

The set local-preference command changes the LOCAL_PREF attribute for routes meeting the route map criteria. To change the LOCAL_PREF for all routes, use the bgp default local-preference command.
bgp default local-preference Change default LOCAL_PREF attribute for all routes.

Related Commands

set metric
ces
Syntax

Configure a filter to assign a new metric to redistributed routes. set metric [+ | -] metric-value To delete a setting, enter no set metric.

Parameters

+ -

(OPTIONAL) Enter + to add a metric-value to the redistributed routes. (OPTIONAL) Enter - to subtract a metric-value from the redistributed routes. Enter a number as the new metric value. Range: zero (0) to 4294967295

metric-value

Defaults Command Modes Command History

Not configured ROUTE-MAP

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Support added for S-Series Support added for C-Series Introduced for E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

281

set metric-type

Related Commands

set automatic-tag set level set metric-type set tag

Compute the tag value of the route. Specify the OSPF area for route redistribution. Specify the route type assigned to redistributed routes. Specify the tag assigned to redistributed routes.

set metric-type
ces
Syntax Parameters

Configure a filter to assign a new route type for routes redistributed to OSPF. set metric-type {internal | external | type-1 | type-2} internal external type-1 type-2
Enter the keyword internal to assign the Interior Gateway Protocol metric of the next hop as the routes BGP MULTI_EXIT_DES (MED) value. Enter the keyword external to assign the IS-IS external metric. Enter the keyword type-1 to assign the OSPF Type 1 metric. Enter the keyword type-2 to assign the OSPF Type 2 metric.

Defaults Command Modes Command History

Not configured. ROUTE-MAP

Version 8.3.1.0 Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Implemented internal keyword Introduced on E-Series ExaScale Support added for S-Series Support added for C-Series Introduced for E-Series Compute the tag value of the route. Specify the OSPF area for route redistribution. Specify the metric value assigned to redistributed routes. Specify the tag assigned to redistributed routes.

Related Commands

set automatic-tag set level set metric set tag

set next-hop
ces
Syntax Parameters

Configure a filter to specify an IP address as the next hop. set next-hop ip-address ip-address Not configured.
Specify an IP address in dotted decimal format.

Defaults

282

Access Control Lists (ACL)

set origin

Command Modes Command History

ROUTE-MAP
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Support added for S-Series Support added for C-Series Introduced for E-Series

Usage Information

If the set next-hop command is configured, its configuration takes precedence over the neighbor next-hop-self command in the ROUTER BGP mode. If you configure the set next-hop command with the interfaces (either Loopback or physical) IP address, the software declares the route unreachable.

Related Commands

match ip next-hop neighbor next-hop-self

Redistribute routes that match the next-hop IP address. Configure the routers as the next hop for a BGP neighbor.

set origin
ces
Syntax Parameters

Configure a filter to manipulate the BGP ORIGIN attribute. set origin {igp | egp | incomplete} egp igp incomplete
Enter the keyword egp to set routes originating from outside the local AS. Enter the keyword igp to set routes originating within the same AS. Enter the keyword incomplete to set routes with incomplete routing information.

Defaults Command Modes Command History

Not configured. ROUTE-MAP

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Support added for S-Series Support added for C-Series Introduced for E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

283

set tag

set tag
ces
Syntax Parameters

Configure a filter to specify a tag for redistributed routes. set tag tag-value tag-value
Enter a number as the tag. Range: zero (0) to 4294967295.

Defaults Command Modes Command History

Not configured ROUTE-MAP

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Support added for S-Series Support added for C-Series Introduced for E-Series Compute the tag value of the route. Specify the OSPF area for route redistribution. Specify the metric value assigned to redistributed routes. Specify the route type assigned to redistributed routes.

Related Commands

set automatic-tag set level set metric set metric-type

set weight
ces
Syntax Parameters

Configure a filter to add a non-RFC compliant attribute to the BGP route to assist with route selection. set weight weight weight
Enter a number as the weight to be used by the route meeting the route map specification. Routes with a higher weight are preferred when there are multiple routes to the same destination. Range: 0 to 65535 Default: router-originated = 32768; all other routes = 0

Defaults Command Modes Command History

router-originated = 32768; all other routes = 0 ROUTE-MAP

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Support added for S-Series Support added for C-Series Introduced for E-Series

284

Access Control Lists (ACL)

show config If you do not use the set weight command, router-originated paths have a weight attribute of 32768 and all other paths have a weight attribute of zero.

Usage Information

show config
ces
Syntax Command Modes Command History Display the current route map configuration.

show config ROUTE-MAP

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Support added for S-Series Support added for C-Series Introduced for E-Series

Example

Figure 93 Command Example: show config

Force10(config-route-map)#show config ! route-map hopper permit 10 Force10(config-route-map)#

show route-map
ces
Syntax Parameters Display the current route map configurations.

show route-map [map-name] map-name EXEC EXEC Privilege

(OPTIONAL) Enter the name of a configured route map, up to 140 characters.

Command Modes

Command History

Version 8.1.1.0 Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

285

show route-map Figure 94 Command Example: show route-map

Force10#show route-map route-map firpo, permit, sequence 10 Match clauses: Set clauses: tag 34 Force10#

Example

Related Commands

route-map

Configure a route map.

AS-Path Commands
This feature is supported on E-Series only, as indicated by this character under each command heading: e The following commands configure AS-Path ACLs. deny ip as-path access-list permit show config show ip as-path-access-lists

286

Access Control Lists (ACL)

deny

deny
e
Syntax Parameters

Create a filter to drop routes that match the routes AS-PATH attribute. Use regular expressions to identify which routes are affected by the filter. deny as-regular-expression as-regular-expression
Enter a regular expression to match BGP AS-PATH attributes. Use one or a combination of the following: . = (period) matches on any single character, including white space * = (asterisk) matches on sequences in a pattern (zero or more sequences) + = (plus sign) matches on sequences in a pattern (one or more sequences) ? = (question mark) matches sequences in a pattern (0 or 1 sequences). You must enter an escape sequence (CNTL+v) prior to entering the ? regular expression. [ ] = (brackets) matches a range of single-character patterns. ^ = (caret) matches the beginning of the input string. (If the caret is used at the beginning of a sequence or range, it matches on everything BUT the characters specified.) $ = (dollar sign) matches the end of the output string. _ = (underscore) matches a comma (,), left brace ({), right brace (}), left parenthesis, right parenthesis, the beginning of the input string, the end of the input string, or a space. | = (pipe) matches either character.

Defaults Command Modes Usage Information Command History

Not configured AS-PATH ACL The regular expression must match part of the ASCII-text in the AS-PATH attribute of the BGP route.
Version 8.1.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Introduced for E-Series

ip as-path access-list
e
Syntax Parameters

Enter the AS-PATH ACL mode and configure an access control list based on the BGP AS_PATH attribute. ip as-path access-list as-path-name as-path-name Not configured CONFIGURATION Publication Date: July 20, 2011 287
Enter the access-list name, up to 140 characters.

Defaults Command Modes

Command Line Reference for FTOS version 8.4.2.4

permit Figure 95 Command Example: ip as-path access-list

Force10(conf)#ip as-path access-list TestPath Force10(config-as-path)#

Example

Usage Information Command History

Use the match as-path or neighbor filter-list commands to apply the AS-PATH ACL to BGP routes.
Version 8.1.1.0 Version 7.8.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Introduced for E-Series Match on routes contain a specific AS-PATH. Configure filter based on AS-PATH information.

Related Commands

match as-path neighbor filter-list

permit
e
Syntax Parameters

Create a filter to forward BGP routes that match the routes AS-PATH attributes. Use regular expressions to identify which routes are affected by this filter. permit as-regular-expression as-regular-expression Enter a regular expression to match BGP AS-PATH attributes.
Use one or a combination of the following: . = (period) matches on any single character, including white space * = (asterisk) matches on sequences in a pattern (zero or more sequences) + = (plus sign) matches on sequences in a pattern (one or more sequences) ? = (question mark) matches sequences in a pattern (0 or 1 sequences). You must enter an escape sequence (CNTL+v) prior to entering the ? regular expression. [] = (brackets) matches a range of single-character patterns. ^ = (caret) matches the beginning of the input string. (If the caret is used at the beginning of a sequence or range, it matches on everything BUT the characters specified.) $ = (dollar sign) matches the end of the output string. _ = (underscore) matches a comma (,), left brace ({), right brace (}), left parenthesis, right parenthesis, the beginning of the input string, the end of the input string, or a space. | = (pipe) matches either character.

Defaults Command Modes

Not configured AS-PATH ACL

288

Access Control Lists (ACL)

show config

Command History

Version 8.1.1.0 pre-Version 6.1.1.0

Introduced on E-Series ExaScale Introduced for E-Series

show config
e
Syntax Command Mode Command History Display the current configuration.

show config AS-PATH ACL

Version 8.1.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Introduced for E-Series

Example

Figure 96 Command Example: show config (AS-PATH ACL)

Force10(config-as-path)#show config ! ip as-path access-list snickers deny .3 Force10(config-as-path)#

show ip as-path-access-lists
e
Syntax Command Modes Display the all AS-PATH access lists configured on the E-Series.

show ip as-path-access-lists EXEC EXEC Privilege

Command History

Version 8.1.1.0 pre-Version 6.1.1.0

Introduced on E-Series ExaScale Introduced for E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

289

deny Figure 97 Command Example: show ip as-path-access-lists

Force10#show ip as-path-access-lists ip as-path access-list 1 permit ^$ permit ^$.*$$ deny .* ip as-path access-list 91 permit ^$ deny .* permit ^$.*$$ Force10#

Example

IP Community List Commands

IP Community List commands are supported on E-Series only, as indicated by this character under each command heading: e The commands in this section are. deny ip community-list permit show config show ip community-lists

deny
e
Syntax

Create a filter to drop routes matching a BGP COMMUNITY number. deny {community-number | local-AS | no-advertise | no-export | quote-regexp regular-expressions-list | regexp regular-expression} community-number Enter the community number in AA:NN format where AA is the AS number (2
bytes) and NN is a value specific to that autonomous system.

Parameters

local-AS

no-advertise

290

Access Control Lists (ACL)

ip community-list

no-export

Enter the keywords no-export to drop all routes containing the well-known community attribute of NO_EXPORT. All routes with the NO_EXPORT (0xFFFFFF01) community attribute must not be advertised outside a BGP confederation boundary.

regexp Enter the keyword regexp followed by a regular expression. Use one or a regular-expression combination of the following:
. = (period) matches on any single character, including white space * = (asterisk) matches on sequences in a pattern (zero or more sequences) + = (plus sign) matches on sequences in a pattern (one or more sequences) ? = (question mark) matches sequences in a pattern (0 or 1 sequences). You must enter an escape sequence (CNTL+v) prior to entering the ? regular expression. [] = (brackets) matches a range of single-character patterns. ^ = (caret) matches the beginning of the input string. (If the caret is used at the beginning of a sequence or range, it matches on everything BUT the characters specified.) $ = (dollar sign) matches the end of the output string. _ = (underscore) matches a comma (,), left brace ({), right brace (}), left parenthesis, right parenthesis, the beginning of the input string, the end of the input string, or a space. | = (pipe) matches either character.

Defaults Command Modes Command History

Not configured. COMMUNITY-LIST

Version 8.1.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Introduced for E-Series

ip community-list
e
Syntax

Enter COMMUNITY-LIST mode and create an IP community-list for BGP. ip community-list comm-list-name To delete a community-list, use the no ip community-list comm-list-name command.

Parameters

comm-list-name CONFIGURATION

Enter a text string as the name of the community-list, up to 140 characters.

Command Modes

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

291

permit Figure 98 Command Example: ip community-list

Force10(conf)#ip community-list TestComList Force10(config-community-list)#

Example

Command History

Version 8.1.1.0 Version 7.8.1.0 pre-Version 6.1.1.0

Introduced on E-Series ExaScale Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Introduced for E-Series

permit
e
Syntax

Configure a filter to forward routes that match the routes COMMUNITY attribute. permit {community-number | local-AS | no-advertise | no-export | quote-regexp regular-expressions-list | regexp regular-expression} community-number Enter the community number in AA:NN format where AA is the AS number (2
bytes) and NN is a value specific to that autonomous system.

Parameters

local-AS

no-advertise

292

Access Control Lists (ACL)

show config

no-export

Defaults Command Modes Command History

Not configured COMMUNITY-LIST

Version 8.1.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Introduced for E-Series

show config
e
Syntax Command Mode Command History Display the non-default information in the current configuration.

show config COMMUNITY-LIST

Version 8.1.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Introduced for E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

293

show ip community-lists Figure 99 Command Example: show config (COMMUNITY-LIST

Force10(config-std-community-list)#show config ! ip community-list standard patches deny 45:1 permit no-export Force10(config-std-community-list)#

Example

show ip community-lists
e
Syntax Parameters Display configured IP community lists in alphabetic order.

show ip community-lists [name] name

(OPTIONAL) Enter the name of the standard or extended IP community list, up to 140 characters.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.8.1.0 pre-Version 6.1.1.0

Introduced on E-Series ExaScale Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Introduced for E-Series

Example

Figure 100 Command Example: show ip community-lists

Force10#show ip community-lists ip community-list standard 1 deny 701:20 deny 702:20 deny 703:20 deny 704:20 deny 705:20 deny 14551:20 deny 701:112 deny 702:112 deny 703:112 deny 704:112 deny 705:112 deny 14551:112 deny 701:666 deny 702:666 deny 703:666 deny 704:666 deny 705:666 deny 14551:666 Force10#

294

Access Control Lists (ACL)

Chapter 9
Overview

ACL VLAN Group

The ACL VLAN Group feature is available only on the E-Series, as indicated by this symbol under each command heading: e Since VLAN ACLs exist as multiple ACLs in the CAM, the size of the ACLs can be limited in the CAM. The ACL VLAN Group feature permits you to group VLANs and apply ACLs to the group so that ACLs exist as a single ACL in the CAM.

Note: This feature is supported on IPv4 only and can only be used with the
ipv4-egacl-16k CAM Profile with the acl-group microcode. See Chapter 13, Content Addressable Memory (CAM).

Commands
The ACL VLAN Group commands are: acl-vlan-group description ip access-group member vlan show acl-vlan-group show config show running config acl-vlan-group

See other VLAN commands in Chapter 8, Access Control Lists (ACL).

acl-vlan-group
e
Syntax Parameters

Create an ACL VLAN group acl-vlan-group {group name} group name

Specify the name of the ACL VLAN group (maximum 140 characters).

Defaults

No default behavior or values

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

295

description

Command Modes Command History

CONFIGURATION
Version 7.8.1.0 Version 6.3.1.0 Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Introduced on E-Series

Usage Information Related Commands

You can have up to 8 different ACL VLAN groups at any given time.

show acl-vlan-group

Display the ACL VLAN groups

description
e
Syntax Parameters

Add a description to the ACL VLAN group. description description description

Enter a description to identify the ACL VLAN group (80 characters maximum).

Defaults Command Modes Command History Related Commands

No default behavior or values CONFIGURATION (conf-acl-vl-grp)

Version 6.3.1.0 Introduced on E-Series

show acl-vlan-group

Display the ACL VLAN groups

ip access-group
e
Syntax Parameters

Apply an egress IP ACL to the ACL VLAN group. ip access-group {group name} out implicit-permit group name
Enter the name of the ACL VLAN group where you want the egress IP ACLs applied, up to 140 characters.

Defaults Command Modes Command History

No default behavior or values CONFIGURATION (conf-acl-vl-grp)

Version 7.8.1.0 Version 6.3.1.0 Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Introduced on E-Series

296

ACL VLAN Group

member vlan

Usage Information Related Commands

Note: Only an egress IP ACL can be applied on an ACL VLAN group.

acl-vlan-group

Create an ACL VLAN Group and name

member vlan
e
Syntax Parameters

Add VLAN member(s) to an ACL VLAN group. member vlan {VLAN-range} VLAN-range
Enter the comma separated VLAN ID set. For example, 1-10,400-410,500

Defaults Command Modes Command History Usage Information Related Commands

No default behavior or values CONFIGURATION (conf-acl-vl-grp)

Version 6.3.1.0 Introduced on E-Series

At a maximum, there can be only 32 VLAN members in all ACL VLAN groups. A VLAN can belong to only one group at any given time.
show acl-vlan-group Display the ACL VLAN Groups

show acl-vlan-group
e
Syntax Parameters

Display all the ACL VLAN Groups or display a specific ACL VLAN Group, identified by name. show acl-vlan-group {group name | detail} group name detail
(Optional) Display only the ACL VLAN Group that is specified, up to 140 characters.

Display information in a line-by-line format to display the names in their entirety. Note: Without the detail option, the output is displayed in a table style and information may be truncated.

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

297

show acl-vlan-group

Command History

Version 7.8.1.0 Version 6.3.1.0

Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Introduced on E-Series

Usage Notes

When an ACL-VLAN-Group name or the Access List Group Name contains more than 30 characters, the name will be truncated in the show acl-vlan-group command output. Figure 101 shows the table style display used with the show acl-vlan-group command. Note that some group names and some access list names are truncated. Figure 101 Command Example: show acl-vlan-group
Force10#show acl-vlan-group Group Name TestGroupSeventeenTwenty CustomerNumberIdentifica HostGroup Force10# Truncated Group and Access List Names Egress IP Acl SpecialAccessOnlyExperts AnyEmployeeCustomerEleve Group5 Vlan Members 100,200,300 2-10,99 1,1000

Examples

Figure 102 shows the table style display when using the show acl-vlan-group group-name option. Note that the access list name is truncated. Figure 102 Command Example: show acl-vlan-group group-name
Force10#show acl-vlan-group TestGroupSeventeenTwenty Group Name Egress IP Acl TestGroupSeventeenTwenty SpecialAccessOnlyExperts Force10# Truncated Access List Name Vlan Members 100,200,300

Figure 102 shows the line-by-line style display when using the show acl-vlan-group detail option. Note that no group or access list names are truncated

298

ACL VLAN Group

show acl-vlan-group detail Figure 103 Command Example: show acl-vlan-group detail
Force10#show acl-vlan-group detail Group Name : TestGroupSeventeenTwenty Egress IP Acl : SpecialAccessOnlyExpertsAllowed Vlan Members : 100,200,300 Group Name : CustomerNumberIdentificationEleven Egress IP Acl : AnyEmployeeCustomerElevenGrantedAccess Vlan Members : 2-10,99 Group Name : HostGroup Egress IP Acl : Group5 Vlan Members : 1,1000 Force10#

show acl-vlan-group detail

e
Syntax Defaults Command Modes

Display all the ACL VLAN Groups or display a specific ACL VLAN Group by name. The output is show in a line-by-line format to display the names in their entirety. show acl-vlan-group detail No default behavior or values EXEC EXEC Privilege

Command History Usage Notes

Version 7.8.1.0

Introduced on E-Series

The output for this command is shown in a line-by-line format. This allows the ACL-VLAN-Group names (or the Access List Group Names) to display in their entirety.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

299

show config Figure 104 Command Example: show acl-clan-group

Force10(conf-acl-vl-grp)#show config ! acl-vlan-group group1 description Acl Vlan Group1 member vlan 1-10,400-410,500 ip access-group acl1 out implicit-permit Force10#

Example

show config
e
Syntax Defaults Command Modes Command History Example

Display the current configuration of the ACL VLAN group. show config No default behavior or values EXEC
Version 6.3.1.0 Introduced on E-Series

Figure 105 show config Command Example

Force10(conf-acl-vl-grp)#show config ! acl-vlan-group group1 description Acl Vlan Group1 member vlan 1-10,400-410,500 ip access-group acl1 out implicit-permit Force10#

show running config acl-vlan-group

e
Syntax Parameters

Display the running configuration of all or a given ACL VLAN Group. show running config acl-vlan-group group name group name
Display only the ACL VLAN Group that is specified. The group name can be up to 140 characters

Defaults Command Modes

No default behavior or values EXEC

300

ACL VLAN Group

show running config acl-vlan-group

Command History

Version 7.8.1.0 Version 6.3.1.0

Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Introduced on E-Series

Example

Figure 106 show running-config acl-vlan-group Command Example Output

Force10#show running-config acl-vlan-group ! acl-vlan-group group1 description Acl Vlan Group1 member vlan 1-10,400-410,500 ip access-group acl1 out implicit-permit ! acl-vlan-group group2 member vlan 20 ip access-group acl2 out Force10# Force10#show running-config acl-vlan-group group1 ! acl-vlan-group group1 description Acl Vlan Group1 member vlan 1-10,400-410,500 ip access-group acl1 out implicit-permit Force10#

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

301

show running config acl-vlan-group

302

ACL VLAN Group

Chapter 10

Bidirectional Forwarding Detection (BFD)

Overview
Bidirectional Forwarding Detection (BFD) is a detection protocol that provides fast forwarding path failure detection. The FTOS implementation is based on the standards specified in the IETF Draft draft-ietf-bfd-base-03 and supports BFD on all Layer 3 physical interfaces including VLAN interfaces and port-channels. BFD is supported on the C-Series and E-Series, where indicated by the characters under command headings. BFD is supported on E-Series ExaScale

c and e

ex with FTOS 8.2.1.0 and later.

Commands
bfd disable bfd enable (Configuration) bfd enable (Interface) bfd interval bfd all-neighbors bfd neighbor bfd protocol-liveness clear bfd counters debug bfd ip route bfd isis bfd all-neighbors show bfd counters show bfd neighbors vrrp bfd

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

303

bfd disable

bfd disable
ce
Syntax

Disable all VRRP sessions in a VRRP group. bfd disable Re-enable BFD using the command no bfd disable.

Defaults Command Modes Command History

BFD is disabled by default. INTERFACE VRRP

Version 8.2.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on C-Series Introduced on E-Series

bfd enable (Configuration)

ce
Syntax

Enable BFD on all interfaces. bfd enable Disable BFD using the no bfd enable command.

Defaults Command Modes Command History

BFD is disabled by default. CONFIGURATION

Version 8.2.1.0 Version 7.6.1.0 Version 7.4.1.0 Introduced on E-Series ExaScale Introduced on C-Series Introduced on E-Series

bfd enable (Interface)

ce
Syntax Defaults Command Modes Command History

Enable BFD on an interface. bfd enable BFD is enabled on all interfaces when you enable BFD from CONFIGURATION mode. INTERFACE
Version 8.2.1.0 Version 7.6.1.0 Version 7.4.1.0 Introduced on E-Series ExaScale Introduced on C-Series Introduced on E-Series

304

Bidirectional Forwarding Detection (BFD)

bfd interval

bfd interval
ce
Syntax Parameters

Specify non-default BFD session parameters beginning with the transmission interval. bfd interval interval min_rx min_rx multiplier value role {active | passive} interval milliseconds
Enter this keyword to specify non-default BFD session parameters beginning with the transmission interval. Range:50-1000 Default:100 Enter this keyword to specify the minimum rate at which the local system would like to receive control packets from the remote system. Range:50-100 Default:100 Enter this keyword to specify the number of packets that must be missed in order to declare a session down. Range:3-50 Default:3 Enter the role that the local system assumes: ActiveThe active system initiates the BFD session. Both systems can be active for the same session. PassiveThe passive system does not initiate a session. It only responds to a request for session initialization from the active system. Default: Active

min_rx milliseconds

multiplier value

role [active | passive]

Defaults Command Modes Command History

See Parameters INTERFACE

Version 8.2.1.0 Version 7.6.1.0 Version 7.4.1.0 Introduced on E-Series ExaScale Introduced on C-Series Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

305

bfd all-neighbors

Example

Figure 107 bfd interval Command Example

Force10(conf-if-gi-0/3)#bfd interval 250 min_rx 300 multiplier 4 role passive Force10(conf-if-gi-0/3)#

bfd all-neighbors
ce
Syntax

Establish BFD sessions with all neighbors discovered by the IS-IS protocol or OSPF protocol out of all interfaces. bfd all-neighbors [interval interval min_rx min_rx multiplier value role {active | passive}] interval milliseconds
(OPTIONAL) Enter this keyword to specify non-default BFD session parameters beginning with the transmission interval. Range:50-1000 Default:100 Enter this keyword to specify the minimum rate at which the local system would like to receive control packets from the remote system. Range:50-100 Default:100 Enter this keyword to specify the number of packets that must be missed in order to declare a session down. Range:3-50 Default:3 Enter the role that the local system assumes: ActiveThe active system initiates the BFD session. Both systems can be active for the same session. PassiveThe passive system does not initiate a session. It only responds to a request for session initialization from the active system. Default: Active

Parameters

min_rx milliseconds

multiplier value

role [active | passive]

Defaults Command Modes

See Parameters ROUTER OSPF ROUTER ISIS (Not available on C-Series)

Command History

Version 8.2.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0

OSPF and ISIS BFD introduced on E-Series ExaScale OSPF BFD introduced on C-Series ISIS BFD introduced on E-Series OSPF BFD introduced on E-Series

Usage Information

Any timer values specified in INTERFACE mode using the command isis bfd all-neighbors override timer values specified in this command. Likewise, using the no form of this command will not disable BFD on an interface if BFD is explicitly enabled in INTERFACE mode using the command isis bfd all-neighbors.

306

Bidirectional Forwarding Detection (BFD)

bfd neighbor

Related Commands

show bfd neighbors

Display BFD neighbor information on all interfaces or a specified interface.

bfd neighbor
ce
Syntax Parameters

Establish a BFD session with a neighbor. bfd neighbor ip-address ip-address None INTERFACE
Version 8.2.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 Introduced on E-Series ExaScale Introduced on C-Series Added support for VLAN and port-channel interfaces on E-Series. Introduced on E-Series Enter the IP address of the neighbor in dotted decimal format (A.B.C.D).

Defaults Command Modes Command History

Related Commands

show bfd neighbors

Display BFD neighbor information on all interfaces or a specified interface.

bfd protocol-liveness
e
Syntax Defaults Command Modes Command History Usage Information

Enable the BFD protocol liveness feature. bfd protocol-liveness Disabled CONFIGURATION
Version 7.4.1.0 Introduced on E-Series

Protocol Liveness is a feature that notifies the BFD Manager when a client protocol (e.g OSPF, ISIS) is disabled. When a client is disabled, all BFD sessions for that protocol are torn down. Neighbors on the remote system receive an Admin Down control packet and are placed in the Down state. Peer routers might take corrective action by choosing alternative paths for the routes that originally pointed to this router.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

307

clear bfd counters

ce
Syntax Parameters

Clear all BFD counters, or counters for a particular interface. clear bfd counters [interface] interface
(OPTIONAL) Enter one of the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword gigabitethernet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword tengigabitethernet followed by the slot/port information. For a SONET interface, enter the keyword sonet followed by the slot/ port information. For a port-channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale, and 1 to 512 for ExaScale For VLAN interfaces, enter the keyword vlan followed by a number from 1 to 4094. For ExaScale VLAN interfaces, the range is 1-2730 (VLAN IDs can be 0-4093).

Defaults Command Modes Command History

None EXEC Privilege

Version 8.2.1.0 Version 7.7.1.0 Version 7.5.1.0 Version 7.4.1.0 Introduced on E-Series ExaScale Introduced on C-Series Added support for VLAN and port-channel interfaces on E-Series Introduced on E-Series

Related Commands

show bfd counters

Display BFD counter information.

debug bfd
ce
Syntax Parameters

Enable BFD debugging. debug bfd {detail | event | packet} {all | interface} [mode] [count number] detail event packet
(OPTIONAL) Enter this keyword to display detailed information about BFD packets. (OPTIONAL) Enter this keyword to display information about BFD state. The mode option is not available with this option. (OPTIONAL) Enter the keyword packet to display brief information about control packets.

308

Bidirectional Forwarding Detection (BFD)

debug bfd

all interface

Enter this keyword to enable debugging on all interfaces. The count option is not available with this option. Enter one of the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword gigabitethernet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword tengigabitethernet followed by the slot/port information. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a port-channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale, and 1 to 512 for ExaScale For VLAN interfaces, enter the keyword vlan followed by a number from 1 to 4094. For ExaScale VLAN interfaces, the range is 1-2730 (VLAN IDs can be 0-4093). Enter the keyword both to display information for both received and sent packets. Enter the keyword rx to display information for received packets. Enter the keyword tx to display information for sent packets.

mode

(OPTIONAL) Enter one of the following debug transmission modes:

Default: both

count number

(OPTIONAL) Enter this keyword followed by the number of debug messages to display. Range: 1-65534 Default: Infinitethat is, if a count number is not specified an infinite number of debug messages will display.

Defaults Command Modes Command History

Disabled EXEC Privilege

Version 8.2.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 Introduced on E-Series ExaScale Introduced on C-Series Added support for VLAN and port-channel interfaces on E-Series Introduced on E-Series

Usage Information

Since BFD can potentially transmit 20 packets per interface, debugging information should be restricted.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

309

ip route bfd

ip route bfd
ce
Syntax Parameters

Enable BFD for all neighbors configured through static routes. ip route bfd [interval interval min_rx min_rx multiplier value role {active | passive}] interval milliseconds
(OPTIONAL) Enter this keyword to specify non-default BFD session parameters beginning with the transmission interval. Range:50-1000 Default:100 Enter this keyword to specify the minimum rate at which the local system would like to receive control packets from the remote system. Range:50-100 Default:100 Enter this keyword to specify the number of packets that must be missed in order to declare a session down. Range:3-50 Default:3 Enter the role that the local system assumes: ActiveThe active system initiates the BFD session. Both systems can be active for the same session. PassiveThe passive system does not initiate a session. It only responds to a request for session initialization from the active system. Default: Active

min_rx milliseconds

multiplier value

role [active | passive]

Defaults Command Modes Command History

See Parameters CONFIGURATION

Version 8.2.1.0 Version 7.6.1.0 Version 7.4.1.0 Introduced on E-Series ExaScale Introduced on C-Series Introduced on E-Series Display BFD neighbor information on all interfaces or a specified interface.

Related Commands

show bfd neighbors

310

Bidirectional Forwarding Detection (BFD)

isis bfd all-neighbors

e
Syntax

Enable BFD on all IS-IS neighbors discovered on an interface. isis bfd all-neighbors [disable | [interval interval min_rx min_rx multiplier value role {active | passive}]] disable interval milliseconds
(OPTIONAL) Enter the keyword disable to disable BFD on this interface. (OPTIONAL) Enter this keyword to specify non-default BFD session parameters beginning with the transmission interval. Range:50-1000 Default:100 Enter this keyword to specify the minimum rate at which the local system would like to receive control packets from the remote system. Range:50-100 Default:100 Enter this keyword to specify the number of packets that must be missed in order to declare a session down. Range:3-50 Default:3 Enter the role that the local system assumes: ActiveThe active system initiates the BFD session. Both systems can be active for the same session. PassiveThe passive system does not initiate a session. It only responds to a request for session initialization from the active system. Default: Active

Parameters

min_rx milliseconds

multiplier value

role [active | passive]

Defaults Command Modes Command History

See Parameters INTERFACE

Version 8.2.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on E-Series

Usage Information

This command provides the flexibility to fine tune the timer values based on individual interface needs when ISIS BFD is configured in CONFIGURATION mode. Any timer values specified with this command override timers set using the command bfd all-neighbors. Using the no form of this command will not disable BFD if BFD is configured in CONFIGURATION mode. Use the keyword disable to disable BFD on a specific interface while BFD is configured in from CONFIGURATION mode.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

311

show bfd counters

ce
Syntax Parameters

Display BFD counter information. show bfd counters [isis | ospf | vrrp | static-route] [interface] interface
Enter one of the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword gigabitethernet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword tengigabitethernet followed by the slot/port information. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a port-channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale, and 1 to 512 for ExaScale For VLAN interfaces, enter the keyword vlan followed by a number from 1 to 4094. For ExaScale VLAN interfaces, the range is 1-2730 (VLAN IDs can be 0-4093).

isis

(OPTIONAL) Enter this keyword to display counter information for BFD sessions established with ISIS neighbors. This option is not available on C-Series. (OPTIONAL) Enter this keyword to display counter information for BFD sessions established with OSPF neighbors. (OPTIONAL) Enter this keyword to display counter information for BFD sessions established with ISIS neighbors. (OPTIONAL) Enter this keyword to display counter information for BFD sessions established with VRRP neighbors.

ospf static-route vrrp

Defaults Command Modes

None EXEC EXEC Privilege

Command History

Version 8.2.1.0 Version 7.7.1.0 Version 7.5.1.0 Version 7.4.1.0

Introduced on E-Series ExaScale Introduced on C-Series Added support for BFD for VLAN and port-channel interfaces, ISIS, and VRRP on E-Series Introduced BFD on physical ports, static routes, and OSPF on E-Series

312

Bidirectional Forwarding Detection (BFD)

show bfd neighbors

Example

Figure 108 show bfd counters Command Example

Force10#show bfd counters Interface GigabitEthernet 1/3 Force10# Tx 522 Rx 625

show bfd neighbors

ce
Syntax Parameters

Display BFD neighbor information on all interfaces or a specified interface. show bfd neighbors interface [detail] interface
Enter one of the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword gigabitethernet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword tengigabitethernet followed by the slot/port information. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale, and 1 to 512 for ExaScale For VLAN interfaces, enter the keyword vlan followed by a number from 1 to 4094. For ExaScale VLAN interfaces, the range is 1-2730 (VLAN IDs can be 0-4093).

detail

(OPTIONAL) Enter the keyword detail to view detailed information about BFD neighbors.

Defaults Command Modes

None EXEC EXEC Privilege

Command History

Version 8.2.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0

Introduced on E-Series ExaScale Introduced on C-Series Added BFD on VLAN and port-channel interfaces on E-Series Introduced BFD on physical ports on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

313

vrrp bfd

Example

Figure 109 show bfd neighbors Command

Force10#show bfd neighbors * Ad Dn C I O R Active session role Admin Down CLI ISIS OSPF Static Route (RTM) RemoteAddr 10.1.3.1 Interface State Rx-int Tx-int Mult Clients Gi 1/3 Up 300 250 3 C

LocalAddr * 10.1.3.2 Force10#

Example

Figure 110 show bfd neighbors detail Command Example

Force10#show bfd neighbors detail Session Discriminator: 1 Neighbor Discriminator: 1 Local Addr: 10.1.3.2 Local MAC Addr: 00:01:e8:02:15:0e Remote Addr: 10.1.3.1 Remote MAC Addr: 00:01:e8:27:2b:f1 Int: GigabitEthernet 1/3 State: Up Configured parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Neighbor parameters: TX: 250ms, RX: 300ms, Multiplier: 4 Actual parameters: TX: 300ms, RX: 250ms, Multiplier: 3 Role: Active Delete session on Down: False Client Registered: CLI Uptime: 00:02:04 Statistics: Number of packets received from neighbor: 376 Number of packets sent to neighbor: 314 Number of state changes: 2 Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 6 Force10#

Related Commands

bfd neighbor bfd all-neighbors

Establish a BFD session with a neighbor. Establish BFD sessions with all neighbors discovered by the IS-IS protocol or OSPF protocol out of all interfaces.

vrrp bfd
ce
Syntax

Establish a VRRP BFD session. vrrp bfd {all-neighbors | neighbor ip-address } [interval interval min_rx min_rx multiplier value role {active | passive}] all-neighbors neighbor ip-address
Establish BFD sessions with all BFD neighbors on an interface. Enter the IP address of the BFD neighbor.

Parameters

314

Bidirectional Forwarding Detection (BFD)

vrrp bfd

interval milliseconds

(OPTIONAL) Enter this keyword to specify non-default BFD session parameters beginning with the transmission interval. Range:50-1000 Default:100 Enter this keyword to specify the minimum rate at which the local system would like to receive control packets from the remote system. Range:50-100 Default:100 Enter this keyword to specify the number of packets that must be missed in order to declare a session down. Range:3-50 Default:3 Enter the role that the local system assumes: ActiveThe active system initiates the BFD session. Both systems can be active for the same session. PassiveThe passive system does not initiate a session. It only responds to a request for session initialization from the active system. Default: Active

min_rx milliseconds

multiplier

role [active | passive]

Defaults Command Modes Command History

See Parameters. INTERFACE

Version 8.2.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on C-Series Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

315

vrrp bfd

316

Bidirectional Forwarding Detection (BFD)

Protocol IPv4 Chapter 11 Border Gateway (BGPv4)

Overview
BGPv4 is supported as shown in the following table. FTOS version
8.1.1.0 7.8.1.0 7.7.1.0. pre-7.7.1.0

Platform support
E-Series ExaScale S-Series C-Series E-Series TeraScale

ex s c et

For detailed information on configuring BGP, refer to the BGP chapter in the FTOS Configuration Guide. This chapter contains the following sections: BGPv4 Commands MBGP Commands BGP Extended Communities (RFC 4360)

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

317

BGPv4 Commands
Border Gateway Protocol (BGP) is an external gateway protocol that transmits interdomain routing information within and between Autonomous Systems (AS). BGP version 4 (BGPv4) supports Classless InterDomain Routing (CIDR) and the aggregation of routes and AS paths. Basically, two routers (called neighbors or peers) exchange information including full routing tables and periodically send messages to update those routing tables.

Note: FTOS Version 7.7.1 supports 2-Byte (16-bit) and 4-Byte (32-bit) format for Autonomous System
Numbers (ASNs), where the 2-Byte format is 1-65535, the 4-Byte format is 1-4294967295.

Note: FTOS Version 8.3.1.0 supports Dotted format as well as the Traditional Plain format for AS
Numbers. The dot format is displayed when using the show ip bgp commands. To determine the comparable dot format for an ASN from a traditional format, use ASN/65536. ASN%65536. For more information about using the 2 or 4-Byte format, refer to the FTOS Configuration Guide. The following commands enable you to configure and enable BGP. 318 address-family aggregate-address bgp always-compare-med bgp asnotation bgp bestpath as-path ignore bgp bestpath med confed bgp bestpath med missing-as-best bgp bestpath router-id ignore bgp client-to-client reflection bgp cluster-id bgp confederation identifier bgp confederation peers bgp dampening bgp default local-preference bgp enforce-first-as bgp fast-external-fallover bgp four-octet-as-support bgp graceful-restart bgp log-neighbor-changes bgp non-deterministic-med bgp recursive-bgp-next-hop bgp regex-eval-optz-disable bgp retain-ibgp-nexthop bgp router-id bgp soft-reconfig-backup capture bgp-pdu neighbor capture bgp-pdu max-buffer-size clear ip bgp ipv4 unicast soft clear ip bgp dampening clear ip bgp flap-statistics Border Gateway Protocol IPv4 (BGPv4)

debug ip bgp debug ip bgp dampening debug ip bgp events debug ip bgp keepalives debug ip bgp notifications debug ip bgp ipv4 unicast soft-reconfiguration debug ip bgp updates default-metric description distance bgp maximum-paths neighbor activate neighbor advertisement-interval neighbor advertisement-start neighbor allowas-in neighbor default-originate neighbor description neighbor distribute-list neighbor ebgp-multihop neighbor fall-over neighbor filter-list neighbor graceful-restart neighbor local-as neighbor maximum-prefix neighbor next-hop-self neighbor password neighbor peer-group (assigning peers) neighbor peer-group (creating group) neighbor peer-group passive neighbor remote-as neighbor remove-private-as neighbor route-map neighbor route-reflector-client neighbor send-community neighbor shutdown neighbor soft-reconfiguration inbound neighbor timers neighbor update-source neighbor weight network network backdoor redistribute redistribute isis redistribute ospf router bgp show capture bgp-pdu neighbor

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

319

address-family

show config show ip bgp show ip bgp cluster-list show ip bgp community show ip bgp community-list show ip bgp dampened-paths show ip bgp detail show ip bgp extcommunity-list show ip bgp filter-list show ip bgp flap-statistics show ip bgp inconsistent-as show ip bgp neighbors show ip bgp next-hop show ip bgp paths show ip bgp paths as-path show ip bgp paths community show ip bgp peer-group show ip bgp regexp show ip bgp summary show running-config bgp timers bgp

address-family
ces
Syntax Parameters

Enable the IPv4 multicast or the IPv6 address family. address-family [ipv4 multicast| ipv6unicast] ipv4 multicast ipv6 unicast
Enter BGPv4 multicast mode. Enter BGPv6 mode.

Defaults Command Modes Command History

Not configured. ROUTER BGP

Version 6.5.1.0

Introduced

320

Border Gateway Protocol IPv4 (BGPv4)

aggregate-address

aggregate-address
ces
Syntax

Summarize a range of prefixes to minimize the number of entries in the routing table. aggregate-address ip-address mask [advertise-map map-name] [as-set] [attribute-map map-name] [summary-only] [suppress-map map-name] ip-address mask
Enter the IP address and mask of the route to be the aggregate address. Enter the IP address in dotted decimal format (A.B.C.D) and mask in /prefix format (/x). (OPTIONAL) Enter the keywords advertise-map followed by the name of a configured route map to set filters for advertising an aggregate route. (OPTIONAL) Enter the keyword as-set to generate path attribute information and include it in the aggregate. AS_SET includes AS_PATH and community information from the routes included in the aggregated route. (OPTIONAL) Enter the keywords attribute-map followed by the name of a configured route map to modify attributes of the aggregate, excluding AS_PATH and NEXT_HOP attributes. (OPTIONAL) Enter the keyword summary-only to advertise only the aggregate address. Specific routes will not be advertised. (OPTIONAL) Enter the keywords suppress-map followed by the name of a configured route map to identify which more-specific routes in the aggregate are suppressed.

Parameters

advertise-map map-name as-set

attribute-map map-name summary-only suppress-map map-name

Defaults Command Modes

Not configured. ROUTER BGP ADDRESS FAMILY ROUTER BGP ADDRESS FAMILY IPv6

Usage Information

At least one of the routes included in the aggregate address must be in the BGP routing table for the configured aggregate to become active. Do not add the as-set parameter to the aggregate, if routes within the aggregate are constantly changing as the aggregate will flap to keep track of the changes in the AS_PATH. In route maps used in the suppress-map parameter, routes meeting the deny clause are not suppress; in other words, they are allowed. The opposite is true: routes meeting the permit clause are suppressed. If the route is injected via the network command, that route will still appear in the routing table if the summary-only parameter is configured in the aggregate-address command. The summary-only parameter suppresses all advertisements. If you want to suppress advertisements to only specific neighbors, use the neighbor distribute-list command. In the show ip bgp command, aggregates contain an a in the first column and routes suppressed by the aggregate contain an s in the first column.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

321

bgp always-compare-med

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

bgp always-compare-med
ces
Syntax

Enables you to enable comparison of the MULTI_EXIT_DISC (MED) attributes in the paths from different external ASs. bgp always-compare-med To disable comparison of MED, enter no bgp always-compare-med.

Defaults Command Modes Usage Information

Disabled (that is, the software only compares MEDs from neighbors within the same AS). ROUTER BGP Any update without a MED attribute is the least preferred route If you enable this command, use the clear ip bgp ipv4 unicast soft * command to recompute the best path.
.

Command History

Version 8.2.1.0 Version 7.7.1.0

Introduced command Introduced support on C-Series

bgp asnotation
ces
Syntax

Enables you to implement a method for AS Number representation in the CLI. bgp asnotation [asplain | asdot+ | asdot] To disable a dot or dot+ representation and return to ASPLAIN, enter no bgp asnotation.

Defaults Command Modes Usage Information

asplain ROUTER BGP You must enable bgp four-octet-as-support before enabling this feature. If you disable four-octet-support after using dot or dot+ format, the AS Numbers revert to asplain text. When you apply an asnotation, it is reflected in the running-configuration. If you change the notation type, the running-config is updated dynamically and the new notation is shown.

Related Commands Command History

bgp four-octet-as-support

Enable 4-byte support for the BGP process

Version 8.3.1.0 Version 8.2.1.0

Introduced Dynamic Application of AS Notation changes Introduced

322

Border Gateway Protocol IPv4 (BGPv4)

bgp bestpath as-path ignore Figure 111 Dynamic changes of the bgp asnotation command in the running config
Force10(conf)#router bgp 1 Force10(conf-router_bgp)#bgp asnotation asdot Force10(conf-router_bgp)#ex Force10(conf)#do show run | grep bgp router bgp 1 bgp four-octet-as-support bgp asnotation asdot

Example

Force10(conf)#router bgp 1 Force10(conf-router_bgp)#bgp asnotation asdot+ Force10(conf-router_bgp)#ex Force10(conf)#do show run | grep bgp router bgp 1 bgp four-octet-as-support bgp asnotation asdot+

Force10(conf)#router bgp 1 Force10(conf-router_bgp)#bgp asnotation asplain Force10(conf-router_bgp)#ex Force10(conf)#do show run |grep bgp router bgp 1 bgp four-octet-as-support Force10(conf)#

bgp bestpath as-path ignore

ces
Syntax

Ignore the AS PATH in BGP best path calculations. bgp bestpath as-path ignore To return to the default, enter no bgp bestpath as-path ignore.

Defaults Command Modes Usage Information Command History

Disabled (that is, the software considers the AS_PATH when choosing a route as best). ROUTER BGP If you enable this command, use the clear ip bgp ipv4 unicast soft * command to recompute the best path.
Version 7.8.1.0 Version 7.7.1.0 Introduced support on S-Series Introduced support on C-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

323

bgp bestpath med confed

ces
Syntax

Enable MULTI_EXIT_DISC (MED) attribute comparison on paths learned from BGP confederations. bgp bestpath med confed To disable MED comparison on BGP confederation paths, enter no bgp bestpath med confed.

Defaults Command Modes Usage Information

Disabled ROUTER BGP The software compares the MEDs only if the path contains no external autonomous system numbers. If you enable this command, use the clear ip bgp ipv4 unicast soft * command to recompute the best path.
Version 7.8.1.0 Version 7.7.1.0 Introduced support on S-Series Introduced support on C-Series

Command History

bgp bestpath med missing-as-best

ces
Syntax

During path selection, indicate preference to paths with missing MED (MULTI_EXIT_DISC) over those paths with an advertised MED attribute. bgp bestpath med missing-as-best To return to the default selection, use the no bgp bestpath med missing-as-best command.

Defaults Command Modes Usage Information

Disabled ROUTER BGP The MED is a 4-byte unsigned integer value and the default behavior is to assume a missing MED as 4294967295. This command causes a missing MED to be treated as 0. During the path selection, paths with a lower MED are preferred over those with a higher MED.
Version 7.8.1.0 Version 7.7.1.0 Version 6.3.1.0 Introduced support on S-Series Introduced support on C-Series Introduced

Command History

324

Border Gateway Protocol IPv4 (BGPv4)

bgp bestpath router-id ignore

ces
Syntax

Do not compare router-id information for external paths during best path selection. bgp bestpath router-id ignore To return to the default selection, use the no bgp bestpath router-id ignore command.

Defaults Command Modes Usage Information Command History

Disabled ROUTER BGP Configuring this option will retain the current best-path. When the session is subsequently reset, the oldest received path will be chosen as the best-path.
Version 8.3.1.0 Introduced

bgp client-to-client reflection

ces
Syntax

Enables you to enable route reflection between clients in a cluster. bgp client-to-client reflection To disable client-to-client reflection, enter no bgp client-to-client reflection.

Defaults Command Modes Usage Information Related Commands

Enabled when a route reflector is configured. ROUTER BGP Route reflection to clients is not necessary if all client routers are fully meshed.

bgp cluster-id neighbor route-reflector-client

Assign ID to a BGP cluster with two or more route reflectors. Configure a route reflector and clients.

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

bgp cluster-id
ces
Syntax

Assign a cluster ID to a BGP cluster with more than one route reflector. bgp cluster-id {ip-address | number} To delete a cluster ID, use the no bgp cluster-id {ip-address | number} command.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

325

bgp confederation identifier

Parameters

ip-address

Enter an IP address as the route reflector cluster ID. Enter a route reflector cluster ID as a number from 1 to 4294967295.

number
Defaults Command Modes Usage Information

Not configured. ROUTER BGP When a BGP cluster contains only one route reflector, the cluster ID is the route reflectors router ID. For redundancy, a BGP cluster may contain two or more route reflectors and you assign a cluster ID with the bgp cluster-id command. Without a cluster ID, the route reflector cannot recognize route updates from the other route reflectors within the cluster. The default format for displaying the cluster-id is dotted decimal, but if you enter the cluster-id as an integer, it will be displayed as an integer.

Related Commands

bgp client-to-client reflection neighbor route-reflector-client show ip bgp cluster-list

Enable route reflection between route reflector and clients. Configure a route reflector and clients. View paths with a cluster ID.

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

bgp confederation identifier

ces
Syntax

Configure an identifier for a BGP confederation. bgp confederation identifier as-number To delete a BGP confederation identifier, use the no bgp confederation identifier as-number command.

Parameters

as-number

Enter the AS number. Range: 0-65535 (2-Byte) or 1-4294967295 (4-Byte) or 0.1-65535.65535 (Dotted format)

Defaults Command Modes Usage Information

Not configured. ROUTER BGP You must configure your system to accept 4-Byte formats before entering a 4-Byte AS Number. All the routers in the Confederation must be 4 or 2-Byte identified routers. You cannot mix them.

326

Border Gateway Protocol IPv4 (BGPv4)

bgp confederation peers

The autonomous systems configured in this command are visible to the EBGP neighbors. Each autonomous system is fully meshed and contains a few connections to other autonomous systems. The next hop, MED, and local preference information is preserved throughout the confederation. FTOS accepts confederation EBGP peers without a LOCAL_PREF attribute. The software sends AS_CONFED_SET and accepts AS_CONFED_SET and AS_CONF_SEQ.
Related Commands Command History bgp four-octet-as-support Enable 4-Byte support for the BGP process.

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series Added support for 4-Byte format

bgp confederation peers

ces
Syntax

Specify the Autonomous Systems (ASs) that belong to the BGP confederation. bgp confederation peers as-number [...as-number] To return to the default, enter no bgp confederation peers.

Parameters

as-number

Enter the AS number. Range: 0-65535 (2-Byte) or 1-4294967295 (4-Byte) or 0.1-65535.65535 (Dotted format)

...as-number

(OPTIONAL) Enter up to 16 confederation numbers. Range: 0-65535 (2-Byte) or 1-4294967295 (4-Byte) or 0.1-65535.65535 (Dotted format)

Defaults Command Modes Usage Information

Not configured. ROUTER BGP All the routers in the Confederation must be 4 or 2 byte identified routers. You cannot mix them. The Autonomous Systems configured in this command are visible to the EBGP neighbors. Each Autonomous System is fully meshed and contains a few connections to other Autonomous Systems. After specifying autonomous systems numbers for the BGP confederation, recycle the peers to update their configuration.

Related Commands

bgp confederation identifier bgp four-octet-as-support

Configure a confederation ID. Enable 4-byte support for the BGP process.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

327

bgp dampening

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series Added support for 4-byte format

bgp dampening
ces
Syntax

Enable BGP route dampening and configure the dampening parameters. bgp dampening [half-life reuse suppress max-suppress-time] [route-map map-name] To disable route dampening, use the no bgp dampening [half-life reuse suppress max-suppress-time] [route-map map-name] command.

Parameters

half-life

(OPTIONAL) Enter the number of minutes after which the Penalty is decreased. After the router assigns a Penalty of 1024 to a route, the Penalty is decreased by half after the half-life period expires. Range: 1 to 45. Default: 15 minutes

reuse

(OPTIONAL) Enter a number as the reuse value, which is compared to the flapping routes Penalty value. If the Penalty value is less than the reuse value, the flapping route is once again advertised (or no longer suppressed). Range: 1 to 20000. Default: 750 (OPTIONAL) Enter a number as the suppress value, which is compared to the flapping routes Penalty value. If the Penalty value is greater than the suppress value, the flapping route is no longer advertised (that is, it is suppressed). Range: 1 to 20000. Default: 2000 (OPTIONAL) Enter the maximum number of minutes a route can be suppressed. The default is four times the half-life value. Range: 1 to 255. Default: 60 minutes. (OPTIONAL) Enter the keyword route-map followed by the name of a configured route map. Only match commands in the configured route map are supported.

suppress

max-suppress-time

route-map map-name

Defaults Command Modes Usage Information

Disabled. ROUTER-BGP-ADDRESS FAMILY If you enter bgp dampening, the default values for half-life, reuse, suppress, and max-suppress-time are applied. The parameters are position-dependent, therefore, if you configure one parameter, you must configure the parameters in the order they appear in the CLI.
show ip bgp dampened-paths View the BGP paths

Related Commands

328

Border Gateway Protocol IPv4 (BGPv4)

bgp default local-preference

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

bgp default local-preference

ces
Syntax

Change the default local preference value for routes exchanged between internal BGP peers. bgp default local-preference value To return to the default value, enter no bgp default local-preference.

Parameters

value

Enter a number to assign to routes as the degree of preference for those routes. When routes are compared, the higher the degree of preference or local preference value, the more the route is preferred. Range: 0 to 4294967295 Default: 100

Defaults Command Modes Usage Information

100 ROUTER BGP The bgp default local-preference command setting is applied by all routers within the AS. To set the local preference for a specific route, use the set local-preference command in the ROUTE-MAP mode.
set local-preference Assign a local preference value for a specific route.

Related Commands Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced on C-Series

bgp enforce-first-as
ces
Syntax

Disable (or enable) enforce-first-as check for updates received from EBGP peers. bgp enforce-first-as To turn off the default, use the no bgp enforce-first-as command.

Defaults Command Modes

Enabled ROUTER BGP

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

329

bgp fast-external-fallover

Usage Information

This is enabled by default, that is for all updates received from EBGP peers, BGP ensures that the first AS of the first AS segment is always the AS of the peer. If not, the update is dropped and a counter is incremented. Use the show ip bgp neighbors command to view the failed enforce-first-as check counter. If enforce-first-as is disabled, it can be viewed via the show ip protocols command.

Related Commands

show ip bgp neighbors show ip protocols

View the information exchanged by BGP neighbors View Information on routing protocols.

Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.4.1.0

Introduced support on S-Series Introduced support for C-Series Introduced

bgp fast-external-fallover
ces
Syntax

Enable the fast external fallover feature, which immediately resets the BGP session if a link to a directly connected external peer fails. bgp fast-external-fallover To disable fast external fallover, enter no bgp fast-external-fallover.

Defaults Command Modes Usage Information Command History

Enabled. ROUTER BGP The bgp fast-external-fallover command appears in the show config command output.

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support for C-Series

bgp four-octet-as-support
ces
Syntax

Enable 4-byte support for the BGP process. bgp four-octet-as-support To disable fast external fallover, enter no bgp four-octet-as-support.

Defaults Command Modes

Disabled (supports 2-Byte format) ROUTER BGP

330

Border Gateway Protocol IPv4 (BGPv4)

bgp graceful-restart

Usage Information

Routers supporting 4-Byte ASNs advertise that function in the OPEN message. The behavior of a 4-Byte router will be slightly different depending on whether it is speaking to a 2-Byte router or a 4-Byte router. When creating Confederations, all the routers in the Confederation must be 4 or 2 byte identified routers. You cannot mix them. Where the 2-Byte format is 1-65535, the 4-Byte format is 1-4294967295. Both formats are accepted, and the advertisements will reflect the entered format. For more information about using the 2 or 4-Byte format, refer to the FTOS Configuration Guide.

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced command Introduced support on C-Series

bgp graceful-restart
ces
Syntax

Enable graceful restart on a BGP neighbor, a BGP node, or designate a local router to support graceful restart as a receiver only. bgp graceful-restart [restart-time seconds] [stale-path-time seconds] [role receiver-only] To return to the default, enter the no bgp graceful-restart command.

Parameters

restart-time seconds

Enter the keyword restart-time followed by the maximum number of seconds needed to restart and bring-up all the peers. Range: 1 to 3600 seconds Default: 120 seconds Enter the keyword stale-path-time followed by the maximum number of seconds to wait before restarting a peers stale paths. Default: 360 seconds. Enter the keyword role receiver-only to designate the local router to support graceful restart as a receiver only.

stale-path-time seconds

role receiver-only

Defaults Command Modes Usage Information

as above ROUTER-BGP This feature is advertised to BGP neighbors through a capability advertisement. In receiver only mode, BGP saves the advertised routes of peers that support this capability when they restart. BGP graceful restart is active only when the neighbor becomes established. Otherwise it is disabled. Graceful-restart applies to all neighbors with established adjacency.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

331

bgp log-neighbor-changes

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

bgp log-neighbor-changes
ces
Syntax

Enable logging of BGP neighbor resets. bgp log-neighbor-changes To disable logging, enter no bgp log-neighbor-changes.

Defaults Command Modes Usage Information

Enabled. ROUTER BGP Use the show logging command in the EXEC mode to view BGP neighbor resets. The bgp log-neighbor-changes command appears in the show config command output.

Related Commands Command History

show logging

View logging settings and system messages logged to the system.

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

bgp non-deterministic-med
ces
Syntax

Compare MEDs of paths from different Autonomous Systems. bgp non-deterministic-med To return to the default, enter no bgp non-deterministic-med.

Defaults

Disabled (that is, paths/routes for the same destination but from different ASs will not have their MEDs compared). ROUTER BGP In non-deterministic mode, paths are compared in the order in which they arrive. This method can lead to FTOS choosing different best paths from a set of paths, depending on the order in which they are received from the neighbors since MED may or may not get compared between adjacent paths. In deterministic mode (no bgp non-deterministic-med), FTOS compares MED between adjacent paths within an AS group since all paths in the AS group are from the same AS.

Command Modes Usage Information

332

Border Gateway Protocol IPv4 (BGPv4)

bgp recursive-bgp-next-hop

When you change the path selection from deterministic to non-deterministic, the path selection for existing paths remains deterministic until you enter clear ip bgp ipv4 unicast soft command to clear existing paths.
Command History Version 7.8.1.0 Version 7.7.1.0 Introduced support on S-Series Introduced support on C-Series

bgp recursive-bgp-next-hop
ces
Syntax

Enable next-hop resolution through other routes learned by BGP. bgp recursive-bgp-next-hop To disable next-hop resolution, use the no bgp recursive-bgp-next-hop command.

Defaults Command Modes Usage Information

Enabled ROUTER BGP This command is a knob to disable BGP next-hop resolution via BGP learned routes. During the next-hop resolution, only the first route that the next-hop resolves through is verified for the routes protocol source and is checked if the route is learned from BGP or not. The clear ip bgp command is required for this command to take effect and to keep the BGP database consistent. Execute the clear ip bgp command right after executing this command.

Related Commands Command History

clear ip bgp ipv4 unicast soft Version 7.8.1.0 Version 7.7.1.0 Version 7.2.1.0

Description.

Introduced support on S-Series Introduced support on C-Series Introduced

bgp regex-eval-optz-disable
ces
Syntax

Disables the Regex Performance engine that optimizes complex regular expression with BGP. bgp regex-eval-optz-disable To re-enable optimization engine, use the no bgp regex-eval-optz-disable command.

Defaults

Enabled by default

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

333

bgp retain-ibgp-nexthop

Command Modes Usage Information

ROUTER BGP (conf-router_bgp) BGP uses regular expressions (regex) to filter route information. In particular, the use of regular expressions to filter routes based on AS-PATHs and communities is quite common. In a large scale configuration, filtering millions of routes based on regular expressions can be quite CPU intensive, as a regular expression evaluation involves generation and evaluation of complex finite state machines. BGP policies, containing regular expressions to match as-path and communities, tend to use a lot of CPU processing time, which in turn affects the BGP routing convergence. Additionally, the show bgp commands, which are filtered through regular expressions, use up CPU cycles particularly with large databases. The Regex Engine Performance Enhancement feature optimizes the CPU usage by caching and reusing regular expression evaluation results. This caching and reuse may be at the expensive of RP1 processor memory.

Related Commands Command History

show ip protocols

View information on all routing protocols enabled and active on the E-Series.

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

Introduced support on S-Series Introduced support on C-Series Introduced

Example

Figure 112 Command Example: no bgp regex-eval-optz-disable

Force10(conf-router_bgp)#no bgp regex-eval-optz-disable Force10(conf-router_bgp)#do show ip protocols Routing Protocol is "ospf 22222" Router ID is 2.2.2.2 Area Routing for Networks 51 10.10.10.0/00 Routing Protocol is "bgp 1" Cluster Id is set to 10.10.10.0 Router Id is set to 10.10.10.0 Fast-external-fallover enabled Regular expression evaluation optimization enabled Capable of ROUTE_REFRESH For Address Family IPv4 Unicast BGP table version is 0, main routing table version 0 Distance: external 20 internal 200 local 200 Force10(conf-router_bgp)#

bgp retain-ibgp-nexthop
ces
Syntax Defaults Command Modes

BGP does not update the NEXT_HOP attribute if it is a Route-Reflector. Use this command to retain the NEXT_HOP attribute when advertising to internal BGP peer. bgp retain-ibgp-nexthop Disabled ROUTER BGP

334

Border Gateway Protocol IPv4 (BGPv4)

bgp router-id

Command History

Version 8.4.1.0 Version 8.3.1.2

Introduced on E-Series TeraScale, C-Series, and S-Series. Introduced on E-Series ExaScale.

bgp router-id
ces
Syntax

Assign a user-given ID to a BGP router. bgp router-id ip-address To delete a user-assigned IP address, enter no bgp router-id.

Parameters

ip-address

Enter an IP address in dotted decimal format to reset only that BGP neighbor.

Defaults

The router ID is the highest IP address of the Loopback interface or, if no Loopback interfaces are configured, the highest IP address of a physical interface on the router. ROUTER BGP Peering sessions are reset when you change the router ID of a BGP router.

Command Modes Usage Information Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

bgp soft-reconfig-backup
ces
Syntax

Use this command only when route-refresh is not negotiated between peers to avoid having a peer resend BGP updates. bgp soft-reconfig-backup To return to the default setting, use the no bgp soft-reconfig-backup command.

Defaults Command Modes Usage Information

Off ROUTER BGP When soft-reconfiguration is enabled for a neighbor and the clear ip bgp soft in is executed, the update database stored in the router is replayed and updates are reevaluated. With this command, the replay and update process is triggered only if route-refresh request is not negotiated with the peer. If the request is indeed negotiated (upon execution of clear ip bgp soft in), then BGP sends a route-refresh request to the neighbor and receives all of the peers updates.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

335

capture bgp-pdu neighbor

Related Commands Command History

clear ip bgp ipv4 unicast soft in Version 8.4.1.0 Version 7.8.1.0 Version 7.7.1.0 Version 7.2.1.0

Activate inbound policies for IPv4 routes without resetting the BGP TCP session.

Added support for IPv4 multicast and IPv6 unicast address families Introduced support on S-Series Introduced support on C-Series Introduced

capture bgp-pdu neighbor

ces
Syntax

Enable capture of an IPv4 BGP neighbor packet. capture bgp-pdu neighbor ipv4-address direction {both | rx | tx} To disable capture of the IPv4 BGP neighbor packet, use the no capture bgp-pdu neighbor ipv4-address command.

Parameters ipv4-address Enter the IPv4 address of the target BGP neighbor. Enter the keyword direction and a direction either rx for inbound, tx for outbound, or both.

direction {both | rx | tx}

Defaults Command Modes Related Commands

Not configured. EXEC Privilege

capture bgp-pdu max-buffer-size show capture bgp-pdu neighbor Specify a size for the capture buffer. Display BGP packet capture information Introduced support on S-Series Introduced support on C-Series Introduced

Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.5.1.0

capture bgp-pdu max-buffer-size

ces
Syntax Parameters

Set the size of the BGP packet capture buffer. This buffer size pertains to both IPv4 and IPv6 addresses. capture bgp-pdu max-buffer-size 100-102400000 100-102400000 40960000 bytes.
Enter a size for the capture buffer.

Defaults

336

Border Gateway Protocol IPv4 (BGPv4)

clear ip bgp ipv4 unicast soft

Command Modes Related Commands

EXEC Privilege
capture bgp-pdu neighbor capture bgp-pdu neighbor (ipv6) show capture bgp-pdu neighbor Enable capture of an IPv4 BGP neighbor packet. Enable capture of an IPv6 BGP neighbor packet. Display BGP packet capture information for an IPv6 address on the E-Series.

Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.5.1.0

Introduced support on S-Series Introduced support on C-Series Introduced

clear ip bgp ipv4 unicast soft

ces
Syntax

Clear and reapply policies for IPv4 routes without resetting the TCP connection; that is, perform BGP soft reconfiguration. clear ip bgp {* | as-number | ipv4-neighbor-addr | ipv6-neighbor-addr | peer-group name } [ipv4 unicast] soft [in | out] *
as-number Clear and reapply policies for all BGP sessions. Clear and reapply policies for all neighbors belonging to the AS. Range: 0-65535 (2-Byte) or 1-4294967295 (4-Byte) or 0.1-65535.65535 (Dotted format)

Parameters

ipv4-neighbor-addr | ipv6-neighbor-addr peer-group name ipv4 unicast in out

Clear and reapply policies for a neighbor. Clear and reapply policies for all BGP routers in the specified peer group. Clear and reapply policies for all IPv4 unicast routes. Reapply only inbound policies. Note: If you enter soft, without an in or out option, both inbound and outbound policies are reset. Reapply only outbound policies. Note: If you enter soft, without an in or out option, both inbound and outbound policies are reset.

Command Modes Command History

EXEC Privilege
Version 8.4.1.0 Version 7.8.1.0 Version 7.7.1.0 Version 7.2.1.0 Added BGP Soft Reconfiguration support for IPv4 unicast and IPv6 routes Introduced support on S-Series Introduced support on C-Series Introduced

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

337

clear ip bgp peer-group

ces
Syntax Parameters

Reset a peer-groups BGP sessions. clear ip bgp peer-group peer-group-name peer-group-name

Enter the peer group name to reset the BGP sessions within that peer group.

Command Modes Command History

EXEC Privilege
Version 7.8.1.0 Version 7.7.1.0 Introduced support on S-Series Introduced support on C-Series

clear ip bgp dampening

ces
Syntax Parameters

Clear information on route dampening and return suppressed route to active state. clear ip bgp dampening [ip-address mask] ip-address mask
(OPTIONAL) Enter an IP address in dotted decimal format and the prefix mask in slash format (/x) to clear dampening information only that BGP neighbor.

Command Modes Usage Information Command History

EXEC Privilege After you enter this command, the software deletes history routes and returns suppressed routes to active state.
Version 7.8.1.0 Version 7.7.1.0 Introduced support on S-Series Introduced support on C-Series

clear ip bgp flap-statistics

ces
Syntax

Clear BGP flap statistics, which includes number of flaps and the time of the last flap. clear ip bgp flap-statistics [ip-address mask | filter-list as-path-name | regexp regular-expression] ip-address mask
(OPTIONAL) Enter an IP address in dotted decimal format and the prefix mask in slash format (/x) to reset only that prefix.

Parameters

338

Border Gateway Protocol IPv4 (BGPv4)

debug ip bgp

filter-list as-path-name regexp regular-expression

(OPTIONAL) Enter the keyword filter-list followed by the name of a configured AS-PATH list. (OPTIONAL) Enter the keyword regexp followed by regular expressions. Use one or a combination of the following: . = (period) any single character (including a white space) * = (asterisk) the sequences in a pattern (0 or more sequences) + = (plus) the sequences in a pattern (1 or more sequences) ? = (question mark) sequences in a pattern (either 0 or 1 sequences). You must enter an escape sequence (CTRL+v) prior to entering the ? regular expression. [ ] = (brackets) a range of single-character patterns. ( ) = (parenthesis) groups a series of pattern elements to a single element { } = (braces) minimum and the maximum match count ^ = (caret) the beginning of the input string. If the caret is used at the beginning of a sequence or range, it matches on everything BUT the characters specified. $ = (dollar sign) the end of the output string.

Command Modes Usage Information Related Commands

EXEC Privilege If you enter clear ip bgp flap-statistics without any parameters, all statistics are cleared.

show debugging show ip bgp flap-statistics undebug all

View enabled debugging operations. View BGP flap statistics. Disable all debugging operations. Introduced support on S-Series Introduced support on C-Series

Command History

Version 7.8.1.0 Version 7.7.1.0

debug ip bgp
ces
Syntax

Display all information on BGP, including BGP events, keepalives, notifications, and updates. debug ip bgp [ip-address | peer-group peer-group-name] [in | out] To disable all BGP debugging, enter no debug ip bgp.

Parameters

ip-address peer-group peer-group-name in out

Enter the IP address of the neighbor in dotted decimal format. Enter the keyword peer-group followed by the name of the peer group. (OPTIONAL) Enter the keyword in to view only information on inbound BGP routes. (OPTIONAL) Enter the keyword out to view only information on outbound BGP routes.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

339

debug ip bgp dampening

Command Modes Usage Information

EXEC Privilege To view information on both incoming and outgoing routes, do not include the in and out parameters in the debugging command. The in and out parameters cancel each other; for example, if you enter debug ip bgp in and then enter debug ip bgp out, you will not see information on the incoming routes. Entering a no debug ip bgp command removes all configured debug commands for BGP.

Related Commands

debug ip bgp events debug ip bgp keepalives debug ip bgp notifications debug ip bgp updates show debugging

View information about BGP events. View information about BGP keepalives. View information about BGP notifications. View information about BGP updates. View enabled debugging operations.

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

debug ip bgp dampening

ces
Syntax

Display information on routes being dampened. debug ip bgp dampening [in | out] To disable debugging, enter no debug ip bgp dampening.

Parameters

in out

(OPTIONAL) Enter the keyword in to view only inbound dampened routes. (OPTIONAL) Enter the keyword out to view only outbound dampened routes.

Command Modes Usage Information Related Commands

EXEC Privilege Enter no debug ip bgp command to remove all configured debug commands for BGP.

show debugging show ip bgp dampened-paths

View enabled debugging operations. View BGP dampened routes.

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

340

Border Gateway Protocol IPv4 (BGPv4)

debug ip bgp events

ces
Syntax

Display information on local BGP state changes and other BGP events. debug ip bgp [ip-address | peer-group peer-group-name] events [in | out] To disable debugging, use the no debug ip bgp [ip-address | peer-group peer-group-name] events command.

Parameters

ip-address peer-group peer-group-name in out

(OPTIONAL) Enter the IP address of the neighbor in dotted decimal format. (OPTIONAL) Enter the keyword peer-group followed by the name of the peer group. (OPTIONAL) Enter the keyword in to view only events on inbound BGP messages. (OPTIONAL) Enter the keyword out to view only events on outbound BGP messages.

Command Modes Usage Information Command History

EXEC Privilege Enter no debug ip bgp command to remove all configured debug commands for BGP.

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

debug ip bgp keepalives

ces
Syntax

Display information about BGP keepalive messages. debug ip bgp [ip-address | peer-group peer-group-name] keepalives [in | out] To disable debugging, use the no debug ip bgp [ip-address | peer-group peer-group-name] keepalives [in | out] command.

Parameters

ip-address peer-group peer-group-name in out

(OPTIONAL) Enter the IP address of the neighbor in dotted decimal format. (OPTIONAL) Enter the keyword peer-group followed by the name of the peer group. (OPTIONAL) Enter the keyword in to view only inbound keepalive messages. (OPTIONAL) Enter the keyword out to view only outbound keepalive messages.

Command Modes

EXEC Privilege

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

341

debug ip bgp notifications

Usage Information Command History

Enter no debug ip bgp command to remove all configured debug commands for BGP.

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

debug ip bgp notifications

ces
Syntax

Enables you to view information about BGP notifications received from neighbors. debug ip bgp [ip-address | peer-group peer-group-name] notifications [in | out] To disable debugging, use the no debug ip bgp [ip-address | peer-group peer-group-name] notifications [in | out] command.

Parameters

ip-address peer-group peer-group-name in out

(OPTIONAL) Enter the IP address of the neighbor in dotted decimal format. (OPTIONAL) Enter the keyword peer-group followed by the name of the peer group. (OPTIONAL) Enter the keyword in to view BGP notifications received from neighbors. (OPTIONAL) Enter the keyword out to view BGP notifications sent to neighbors.

Command Modes Usage Information Command History

EXEC Privilege Enter no debug ip bgp command to remove all configured debug commands for BGP.

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

debug ip bgp ipv4 unicast soft-reconfiguration

ces
Syntax

Enable soft-reconfiguration debugging for IPv4 unicast routes. debug ip bgp [ipv4-address | ipv6-address | peer-group-name] ipv4 unicast soft-reconfiguration To disable debugging, use the no debug ip bgp [ipv4-address | ipv6-address | peer-group-name ] ipv4 unicast soft-reconfiguration command.

342

Border Gateway Protocol IPv4 (BGPv4)

debug ip bgp updates

Parameters

ipv4-address | ipv6-address peer-group-name ipv4 unicast

Enter the IP address of the neighbor on which you want to enable soft-reconfiguration debugging. Enter the name of the peer group on which you want to enable soft-reconfiguration debugging. Debug soft reconfiguration for IPv4 unicast routes.

Defaults Command Modes Usage Information Command History

Disabled EXEC Privilege This command turns on BGP soft-reconfiguration inbound debugging for IPv4 unicast routes. If no neighbor is specified, debug is turned on for all neighbors.
Version 8.4.1.0 Version 7.8.1.0 Version 7.7.1.0 Version 7.2.1.0 Introduced support for IPv4 multicast and IPv6 unicast routes Introduced support on S-Series Introduced support on C-Series Introduced

debug ip bgp updates

ces
Syntax

Enables you to view information about BGP updates. debug ip bgp updates [in | out | prefix-list prefix-list-name] To disable debugging, use the no debug ip bgp [ip-address | peer-group peer-group-name] updates [in | out] command.

Parameters

in out prefix-list prefix-list-name ip-address peer-group-name

(OPTIONAL) Enter the keyword in to view only BGP updates received from neighbors. (OPTIONAL) Enter the keyword out to view only BGP updates sent to neighbors. (OPTIONAL) Enter the keyword prefix-list followed by the name of an established prefix list. If the prefix list is not configured, the default is permit (to allow all routes). (OPTIONAL) Enter the IP address of the neighbor in dotted decimal format. (OPTIONAL) Enter the name of the peer group to disable or enable all routers within the peer group.

Command Modes Usage Information Command History

EXEC Privilege Enter no debug ip bgp command to remove all configured debug commands for BGP.

Version 7.7.1

Introduced support on C-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

343

default-metric

default-metric
ces
Syntax

Enables you to change the metrics of redistributed routes to locally originated routes. Use this command with the redistribute command. default-metric number To return to the default setting, enter no default-metric.

Parameters

number

Enter a number as the metric to be assigned to routes from other protocols. Range: 1 to 4294967295.

Defaults Command Modes Usage Information Related Commands

0 ROUTER BGP The default-metric command in BGP sets the value of the BGP MULTI_EXIT_DISC (MED) attribute for redistributed routes only.
bgp always-compare-med redistribute Enable comparison of all BGP MED attributes. Redistribute routes from other routing protocols into BGP. Introduced support on S-Series Introduced support on C-Series

Command History

Version 7.8.1.0 Version 7.7.1.0

description
ces
Enter a description of the BGP routing protocol
Syntax

description {description} To remove the description, use the no description {description} command.
Parameters

description

Enter a description to identify the BGP protocol (80 characters maximum).

Defaults Command Modes Command History

No default behavior or values ROUTER BGP

Version 7.8.1.0 Version 7.7.1.0 pre-7.7.1.0 Introduced support on S-Series Introduced support on C-Series Introduced Enter ROUTER mode on the switch.

Related Commands

router bgp

344

Border Gateway Protocol IPv4 (BGPv4)

distance bgp

distance bgp
ces
Syntax

Configure three administrative distances for routes. distance bgp external-distance internal-distance local-distance To return to default values, enter no distance bgp.

Parameters

external-distance

Enter a number to assign to routes learned from a neighbor external to the AS. Range: 1 to 255. Default: 20 Enter a number to assign to routes learned from a router within the AS. Range: 1 to 255. Default: 200 Enter a number to assign to routes learned from networks listed in the network command. Range: 1 to 255. Default: 200

internal-distance

local-distance

Defaults Command Modes

external-distance = 20; internal-distance = 200; local-distance = 200. ROUTER BGP

Caution: Force10 Networks recommends that you do not change the administrative
distance of internal routes. Changing the administrative distances may cause routing table inconsistencies.
Usage Information

The higher the administrative distance assigned to a route means that your confidence in that route is low. Routes assigned an administrative distance of 255 are not installed in the routing table. Routes from confederations are treated as internal BGP routes.
Version 7.8.1.0 Version 7.7.1.0 Introduced support on S-Series Introduced support on C-Series

Command History

maximum-paths
ces
Syntax

Configure the maximum number of parallel routes (multipath support) BGP supports. maximum-paths {ebgp | ibgp} number To return to the default values, enter no maximum-paths.

Parameters

ebgp

Enter the keyword ebgp to enable multipath support for External BGP routes.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

345

neighbor activate

ibgp number

Enter the keyword ibgp to enable multipath support for Internal BGP routes. Enter a number as the maximum number of parallel paths. Range: 1 to 16 Default: 1

Defaults Command Modes Usage Information Command History

1 ROUTER BGP If you enable this command, use the clear ip bgp ipv4 unicast soft * command to recompute the best path.
Version 7.8.1.0 Version 7.7.1.0 Introduced support on S-Series Introduced support on C-Series

neighbor activate
ces
Syntax

This command allows the specified neighbor/peer group to be enabled for the current AFI/ SAFI (Address Family Identifier/Subsequent Address Family Identifier). neighbor [ip-address | peer-group-name] activate To disable, use the no neighbor [ip-address | peer-group-name] activate command.

Parameters

ip-address peer-group-name activate

(OPTIONAL) Enter the IP address of the neighbor in dotted decimal format. (OPTIONAL) Enter the name of the peer group Enter the keyword activate to enable the neighbor/peer group in the new AFI/SAFI.

Defaults Command Modes Usage Information

Disabled CONFIGURATION-ROUTER-BGP-ADDRESS FAMILY By default, when a neighbor/peer group configuration is created in the Router BGP context, it is enabled for the IPv4/Unicast AFI/SAFI. By using activate in the new context, the neighbor/ peer group is enabled for AFI/SAFI.
Version 7.8.1.0 Version 7.7.1.0 Introduced support on S-Series Introduced support on C-Series

Command History

346

Border Gateway Protocol IPv4 (BGPv4)

neighbor advertisement-interval

neighbor advertisement-interval
ces
Syntax

Set the advertisement interval between BGP neighbors or within a BGP peer group. neighbor {ip-address | peer-group-name} advertisement-interval seconds To return to the default value, use the no neighbor {ip-address | peer-group-name} advertisement-interval command.

Parameters

ip-address peer-group-name seconds

Enter the IP address of the neighbor in dotted decimal format. Enter the name of the peer group to set the advertisement interval for all routers in the peer group. Enter a number as the time interval, in seconds, between BGP advertisements. Range: 0 to 600 seconds. Default: 5 seconds for internal BGP peers; 30 seconds for external BGP peers.

Defaults Command Modes Command History

seconds = 5 seconds (internal peers); seconds = 30 seconds (external peers) ROUTER BGP
Version 7.8.1.0 Version 7.7.1.0 Introduced support on S-Series Introduced support on C-Series

neighbor advertisement-start
ces
Syntax

Set the minimum interval before starting to send BGP routing updates. neighbor {ip-address} advertisement-start seconds To return to the default value, use the no neighbor {ip-address } advertisement-start command.

Parameters

ip-address seconds

Enter the IP address of the neighbor in dotted decimal format. Enter a number as the time interval, in seconds, before BGP route updates are sent. Range: 0 to 3600 seconds.

Defaults Command Modes Command History

none ROUTER BGP

Version 7.8.1.0 Version 7.7.1.0 Introduced support on S-Series Introduced support on C-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

347

neighbor allowas-in

neighbor allowas-in
ces
Syntax

Set the number of times an AS number can occur in the AS path neighbor {ip-address | peer-group-name} allowas-in number To return to the default value, use the no neighbor {ip-address | peer-group-name} allowas-in command.

Parameters

ip-address peer-group-name number

Enter the IP address of the neighbor in dotted decimal format. Enter the name of the peer group to set the advertisement interval for all routers in the peer group. Enter a number of times to allow this neighbor ID to use the AS path. Range: 1 to 10.

Defaults Command Modes Related Commands Command History

Not configured. ROUTER BGP

bgp four-octet-as-support Enable 4-Byte support for the BGP process.

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced on C-Series and E-Series

neighbor default-originate
ces
Syntax

Inject the default route to a BGP peer or neighbor. neighbor {ip-address | peer-group-name} default-originate [route-map map-name] To remove a default route, use the no neighbor {ip-address | peer-group-name} default-originate command.

Parameters

ip-address peer-group-name route-map map-name

Enter the IP address of the neighbor in dotted decimal format. Enter the name of the peer group to set the default route of all routers in that peer group. (OPTIONAL) Enter the keyword route-map followed by the name of a configured route map.

Defaults Command Modes Usage Information

Not configured. ROUTER BGP If you apply a route map to a BGP peer or neighbor with the neighbor default-originate command configured, the software does not apply the set filters in the route map to that BGP peer or neighbor.

348

Border Gateway Protocol IPv4 (BGPv4)

neighbor description

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

neighbor description
ces
Syntax

Assign a character string describing the neighbor or group of neighbors (peer group). neighbor {ip-address | peer-group-name} description text To delete a description, use the no neighbor {ip-address | peer-group-name} description command.

Parameters

ip-address peer-group-name text

Enter the IP address of the neighbor in dotted decimal format. Enter the name of the peer group. Enter a continuous text string up to 80 characters.

Defaults Command Modes Command History

Not configured. ROUTER BGP

Version 7.8.1.0 Version 7.7.1.0 Introduced support on S-Series Introduced support on C-Series

neighbor distribute-list
ces
Syntax

Distribute BGP information via an established prefix list. neighbor {ip-address | peer-group-name} distribute-list prefix-list-name {in | out} To delete a neighbor distribution list, use the no neighbor {ip-address | peer-group-name} distribute-list prefix-list-name {in | out} command.

Parameters

ip-address peer-group-name prefix-list-name

Enter the IP address of the neighbor in dotted decimal format. Enter the name of the peer group to apply the distribute list filter to all routers in the peer group. Enter the name of an established prefix list. If the prefix list is not configured, the default is permit (to allow all routes). Enter the keyword in to distribute only inbound traffic. Enter the keyword out to distribute only outbound traffic.

in out
Defaults

Not configured.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

349

neighbor ebgp-multihop

Command Modes Usage Information Related Commands

ROUTER BGP Other BGP filtering commands include: neighbor filter-list, ip as-path access-list, and neighbor route-map.
ip as-path access-list neighbor filter-list neighbor route-map Configure IP AS-Path ACL. Assign a AS-PATH list to a neighbor or peer group. Assign a route map to a neighbor or peer group. Introduced support on S-Series Introduced support on C-Series

Command History

Version 7.8.1.0 Version 7.7.1.0

neighbor ebgp-multihop
ces
Syntax

Attempt and accept BGP connections to external peers on networks that are not directly connected. neighbor {ip-address | peer-group-name} ebgp-multihop [ttl] To disallow and disconnect connections, use the no neighbor {ip-address | peer-group-name} ebgp-multihop command.

Parameters

ip-address peer-group-name
ttl

Enter the IP address of the neighbor in dotted decimal format. Enter the name of the peer group. (OPTIONAL) Enter the number of hops as the Time to Live (ttl) value. Range: 1 to 255. Default: 255

Defaults Command Modes Usage Information

Disabled. ROUTER BGP To prevent loops, the neighbor ebgp-multihop command will not install default routes of the multihop peer. Networks not directly connected are not considered valid for best path selection.
Version 7.8.1.0 Version 7.7.1.0 Introduced support on S-Series Introduced support on C-Series

Command History

350

Border Gateway Protocol IPv4 (BGPv4)

neighbor fall-over

neighbor fall-over
ecs
Syntax

Enable or disable fast fall-over for BGP neighbors. neighbor {ipv4-address | peer-group-name} fall-over To disable, use the no neighbor {ipv4-address | peer-group-name} fall-over command.

Parameters

ipv4-address peer-group-name

Enter the IP address of the neighbor in dotted decimal format. Enter the name of the peer group.

Defaults Command Modes Usage Information

Disabled ROUTER BGP When fall-over is enabled, BGP keeps track of IP or IPv6 reachability to the peer remote address and the peer local address. Whenever either address becomes unreachable (i.e, no active route exists in the routing table for peer IP or IPv6 destination/local address), BGP brings down the session with the peer.
show ip bgp neighbors Display information on the BGP neighbors

Related Commands Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.4.1.0

Introduced support on S-Series Introduced support on C-Series Introduced

neighbor filter-list
ces
Syntax

Configure a BGP filter based on the AS-PATH attribute. neighbor {ip-address | peer-group-name} filter-list as-path-name {in | out} To delete a BGP filter, use the no neighbor {ip-address | peer-group-name} filter-list as-path-name {in | out} command.

Parameters

ip-address peer-group-name as-path-name

Enter the IP address of the neighbor in dotted decimal format. Enter the name of the peer group to apply the filter to all routers in the peer group. Enter the name of an established AS-PATH access list (up to 140 characters). If the AS-PATH access list is not configured, the default is permit (allow routes). Enter the keyword in to filter inbound BGP routes. Enter the keyword out to filter outbound BGP routes.

in out
Defaults

Not configured.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

351

neighbor graceful-restart

Command Modes Usage Information

ROUTER BGP Use the ip as-path access-list command syntax in the CONFIGURATION mode to enter the AS-PATH ACL mode and configure AS-PATH filters to deny or permit BGP routes based on information in their AS-PATH attribute.
ip as-path access-list Enter AS-PATH ACL mode and configure AS-PATH filters.

Related Commands Command History

Version 7.8.1.0

Introduced support on S-Series Increased name string to accept up to 140 characters. Prior to 7.8.1.0, ACL names are up to 16 characters long. Introduced support on C-Series

Version 7.7.1.0

neighbor graceful-restart
ces
Syntax

Enable graceful restart on a BGP neighbor. neighbor {ip-address | peer-group-name} graceful-restart [restart-time seconds] [stale-path-time seconds] [role receiver-only] To return to the default, enter the no bgp graceful-restart command.

Parameters

ip-address peer-group-name restart-time seconds

Enter the IP address of the neighbor in dotted decimal format. Enter the name of the peer group to apply the filter to all routers in the peer group. Enter the keyword restart-time followed by the maximum number of seconds needed to restart and bring-up all the peers. Range: 1 to 3600 seconds Default: 120 seconds Enter the keyword stale-path-time followed by the maximum number of seconds to wait before restarting a peers stale paths. Default: 360 seconds. Enter the keyword role receiver-only to designate the local router to support graceful restart as a receiver only.

stale-path-time seconds

role receiver-only

Defaults Command Modes Usage Information

as above ROUTER BGP This feature is advertised to BGP neighbors through a capability advertisement. In receiver only mode, BGP saves the advertised routes of peers that support this capability when they restart.
Version 7.8.1.0 Version 7.7.1.0 Introduced support on S-Series Introduced support on C-Series

Command History

352

Border Gateway Protocol IPv4 (BGPv4)

neighbor local-as

neighbor local-as
ces
Syntax

Configure Internal BGP (IBGP) routers to accept external routes from neighbors with a local AS number in the AS number path neighbor {ip-address | peer-group-name} local-as as-number [no-prepend] To return to the default value, use the no neighbor {ip-address | peer-group-name} local-as command.

Parameters

ip-address peer-group-name as-number

Enter the IP address of the neighbor in dotted decimal format. Enter the name of the peer group to set the advertisement interval for all routers in the peer group. Enter the AS number to reset all neighbors belonging to that AS. Range: 0-65535 (2-Byte) or 1-4294967295 (4-Byte) or 0.1-65535.65535 (Dotted format)

no prepend

Specifies that local AS values are not prepended to announcements from the neighbor.

Defaults Command Modes Related Commands Command History

Not configured. ROUTER BGP

bgp four-octet-as-support Enable 4-Byte support for the BGP process.

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced command Introduced support on C-Series

neighbor maximum-prefix
ces
Syntax

Control the number of network prefixes received. neighbor {ip-address | peer-group-name} maximum-prefix maximum [threshold] [warning-only] To return to the default values, use the no neighbor {ip-address | peer-group-name} maximum-prefix maximum command.

Parameters

ip-address peer-group-name maximum

Enter the IP address of the neighbor in dotted decimal format. Enter the name of the peer group. Enter a number as the maximum number of prefixes allowed for this BGP router. Range: 1 to 4294967295.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

353

neighbor next-hop-self

threshold

(OPTIONAL) Enter a number to be used as a percentage of the maximum value. When the number of prefixes reaches this percentage of the maximum value, the E-Series software sends a message. Range: 1 to 100 percent. Default: 75 (OPTIONAL) Enter the keyword warning-only to set the router to send a log message when the maximum value is reached. If this parameter is not set, the router stops peering when the maximum number of prefixes is reached.

warning-only

Defaults Command Modes Usage Information

threshold = 75 ROUTER BGP If the neighbor maximum-prefix is configured and the neighbor receives more prefixes than allowed by the neighbor maximum-prefix command configuration, the neighbor goes down and the show ip bgp summary command displays (prfxd) in the State/PfxRcd column for that neighbor. The neighbor remains down until you enter the clear ip bgp ipv4 unicast soft command for the neighbor or the peer group to which the neighbor belongs or you enter neighbor shutdown and neighbor no shutdown commands.
show ip bgp summary Displays the current BGP configuration.

Related Commands Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

neighbor next-hop-self
ces
Syntax

Enables you to configure the router as the next hop for a BGP neighbor. (This command is used for IBGP). neighbor {ip-address | peer-group-name} next-hop-self To return to the default setting, use the no neighbor {ip-address | peer-group-name} next-hop-self command.

Parameters

ip-address peer-group-name

Enter the IP address of the neighbor in dotted decimal format. Enter the name of the peer group.

Defaults Command Modes Usage Information

Disabled. ROUTER BGP If the set next-hop command in the ROUTE-MAP mode is configured, its configuration takes precedence over the neighbor next-hop-self command.

354

Border Gateway Protocol IPv4 (BGPv4)

neighbor password

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

neighbor password
ces
Syntax

Enable Message Digest 5 (MD5) authentication on the TCP connection between two neighbors. neighbor {ip-address | peer-group-name} password [encryption-type] password To delete a password, use the no neighbor {ip-address | peer-group-name} password command.

Parameters

ip-address

Enter the IP address of the router to be included in the peer group. Enter the name of a configured peer group. (OPTIONAL) Enter 7 as the encryption type for the password entered. 7 means that the password is encrypted and hidden. Enter a text string up to 80 characters long. The first character of the password must be a letter. You cannot use spaces in the password.

peer-group-name encryption-type password

Defaults Command Modes Usage Information

Not configured. ROUTER BGP Configure the same password on both BGP peers or a connection does not occur. When you configure MD5 authentication between two BGP peers, each segment of the TCP connection between them is verified and the MD5 digest is checked on every segment sent on the TCP connection. Configuring a password for a neighbor will cause an existing session to be torn down and a new one established. If you specify a BGP peer group by using the peer-group-name parameter, all the members of the peer group will inherit the characteristic configured with this command. If you configure a password on one neighbor, but you have not configured a password for the neighboring router, the following message appears on the console while the routers attempt to establish a BGP session between them:

%RPM0-P:RP1 %KERN-6-INT: No BGP MD5 from [peer's IP address] :179 to [local router's IP address]:65524
Also, if you configure different passwords on the two routers, the following message appears on the console:

%RPM0-P:RP1 %KERN-6-INT: BGP MD5 password mismatch from [peer's IP address] : 11502 to [local router's IP address] :179
Command Line Reference for FTOS version 8.4.2.4 Publication Date: July 20, 2011 355

neighbor peer-group (assigning peers)

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

neighbor peer-group (assigning peers)

ces
Syntax

Enables you to assign one peer to a existing peer group. neighbor ip-address peer-group peer-group-name To delete a peer from a peer group, use the no neighbor ip-address peer-group peer-group-name command.

Parameters

ip-address

Enter the IP address of the router to be included in the peer group. Enter the name of a configured peer group.

peer-group-name
Defaults Command Modes Usage Information

Not configured. ROUTER BGP You can assign up to 256 peers to one peer group. When you add a peer to a peer group, it inherits all the peer groups configured parameters. A peer cannot become part of a peer group if any of the following commands are configured on the peer: neighbor advertisement-interval neighbor distribute-list out neighbor filter-list out neighbor next-hop-self neighbor route-map out neighbor route-reflector-client neighbor send-community

A neighbor may keep its configuration after it was added to a peer group if the neighbors configuration is more specific than the peer groups, and the neighbors configuration does not affect outgoing updates. A peer group must exist before you add a peer to it. If the peer group is disabled (shutdown) the peers within the group are also disabled (shutdown).
Related Commands clear ip bgp ipv4 unicast soft neighbor peer-group (creating group) show ip bgp peer-group show ip bgp neighbors Resets BGP sessions. Create a peer group. View BGP peers. View BGP neighbors configurations.

356

Border Gateway Protocol IPv4 (BGPv4)

neighbor peer-group (creating group)

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

neighbor peer-group (creating group)

ces
Syntax

Enables you to create a peer group and assign it a name. neighbor peer-group-name peer-group To delete a peer group, use the no neighbor peer-group-name peer-group command.

Parameters

peer-group-name Not configured. ROUTER BGP

Enter a text string up to 16 characters long as the name of the peer group.

Defaults Command Modes Usage Information Related Commands

When a peer group is created, it is disabled (shut mode).

neighbor peer-group (assigning peers) neighbor remote-as neighbor shutdown

Assign routers to a peer group. Assign a indirectly connected AS to a neighbor or peer group. Disable a peer or peer group.

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

neighbor peer-group passive

ces
Syntax

Enable passive peering on a BGP peer group, that is, the peer group does not send an OPEN message, but will respond to one. neighbor peer-group-name peer-group passive [match-af] To delete a passive peer-group, use the no neighbor peer-group-name peer-group passive command.

Parameters

peer-group-name match-af

Enter a text string up to 16 characters long as the name of the peer group. (Optional) Enter the keyword match-af to require that the address family of a peer matches the address family of the subnet assigned to the specified peer group before the peers adjacency is brought up.

Defaults

Not configured. Publication Date: July 20, 2011 357

Command Line Reference for FTOS version 8.4.2.4

neighbor remote-as

Command Modes Usage Information

ROUTER BGP After you configure a peer group as passive, you must assign it a subnet using the neighbor soft-reconfiguration inbound command. Use the keyword match-af to restrict the peer adjacency established with a passive peer group. Entering match-af requires that a peers address family matches the address family of the subnet assigned to the peer group before the peers adjacency is brought up. For example, if the address family of the peer groups subnet is IPv6, only IPv6 neighbors in the subnet can be brought up in a peering session. You can only specify the match-af option when you first enter the neighbor peer-group passive command to configure passive peering for a BGP group. An error message is displayed if you later try to add this option to an existing passive peer group by re-entering the command.

Related Commands Command History

neighbor soft-reconfiguration inbound

Assign a subnet to a dynamically-configured BGP neighbor.

Version 8.4.2.0 Version 7.8.1.0 Version 7.7.1.0

Added support for the match-af keyword Introduced support on S-Series Introduced support on C-Series

neighbor remote-as
ces
Syntax

Create and specify the remote peer to the BGP neighbor. neighbor {ip-address | peer-group-name} remote-as number To delete a remote AS entry, use the no neighbor {ip-address | peer-group-name} remote-as number command.

Parameters

ip-address

Enter the IP address of the neighbor to enter the remote AS in its routing table. Enter the name of the peer group to enter the remote AS into routing tables of all routers within the peer group. Enter a number of the AS. Range: 0-65535 (2-Byte) or 1-4294967295 (4-Byte)

peer-group-name number

Defaults Command Modes Usage Information

Not configured. ROUTER BGP You must configure your system to accept 4-Byte formats before entering a 4-Byte AS Number. If the number parameter is the same as the AS number used in the router bgp command, the remote AS entry in the neighbor is considered an internal BGP peer entry. This command creates a peer and the newly created peer is disabled (shutdown).

358

Border Gateway Protocol IPv4 (BGPv4)

neighbor remove-private-as

Related Commands

router bgp bgp four-octet-as-support

Enter the ROUTER BGP mode and configure routes in an AS. Enable 4-Byte support for the BGP process.

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series Added 4-Byte support.

neighbor remove-private-as
ces
Syntax

Remove private AS numbers from the AS-PATH of outgoing updates. neighbor {ip-address | peer-group-name} remove-private-as To return to the default, use the no neighbor {ip-address | peer-group-name} remove-private-as command.

Parameters

ip-address peer-group-name

Enter the IP address of the neighbor to remove the private AS numbers. Enter the name of the peer group to remove the private AS numbers

Defaults Command Modes Usage Information

Disabled (that is, private AS number are not removed). ROUTER BGP Applies to EBGP neighbors only. You must configure your system to accept 4-Byte formats before entering a 4-Byte AS Number. If the AS-PATH contains both public and private AS number or contains AS numbers of an EBGP neighbor, the private AS numbers are not removed. If a confederation contains private AS numbers in its AS-PATH, the software removes the private AS numbers only if they follow the confederation numbers in the AS path. Private AS numbers are 64512 to 65535 (2-Byte).

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series Added 4-Byte support.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

359

neighbor route-map

neighbor route-map
ces
Syntax

Apply an established route map to either incoming or outbound routes of a BGP neighbor or peer group. neighbor {ip-address | peer-group-name} route-map map-name {in | out} To remove the route map, use the no neighbor {ip-address | peer-group-name} route-map map-name {in | out} command.

Parameters

ip-address peer-group-name map-name in out

Enter the IP address of the neighbor in dotted decimal format. Enter the name of the peer group. Enter the name of an established route map. If the Route map is not configured, the default is deny (to drop all routes). Enter the keyword in to filter inbound routes. Enter the keyword out to filter outbound routes.

Defaults Command Modes Usage Information

Not configured. ROUTER BGP When you apply a route map to outbound routes, only routes that match at least one section of the route map are permitted. If you identify a peer group by name, the peers in that peer group inherit the characteristics in the Route map used in this command. If you identify a peer by IP address, the Route map overwrites either the inbound or outbound policies on that peer.

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

neighbor route-reflector-client
ces
Syntax

Configure a neighbor as a member of a route reflector cluster. neighbor {ip-address | peer-group-name} route-reflector-client To indicate that the neighbor is not a route reflector client or to delete a route reflector configuration, use the no neighbor {ip-address | peer-group-name} route-reflector-client command.

Parameters

ip-address
peer-group-name

Enter the IP address of the neighbor in dotted decimal format. Enter the name of the peer group. All routers in the peer group receive routes from a route reflector.

Defaults

Not configured.

360

Border Gateway Protocol IPv4 (BGPv4)

neighbor send-community

Command Modes Usage Information

ROUTER BGP The first time you enter this command it configures the neighbor as a route reflector and members of the route-reflector cluster. Internal BGP (IBGP) speakers do not need to be fully meshed if you configure a route reflector. When all clients of a route reflector are disabled, the neighbor is no longer a route reflector.

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

neighbor send-community
ces
Syntax

Send a COMMUNITY attribute to a BGP neighbor or peer group. A COMMUNITY attribute indicates that all routes with that attribute belong to the same community grouping. neighbor {ip-address | peer-group-name} send-community To disable sending a COMMUNITY attribute, use the no neighbor {ip-address | peer-group-name} send-community command.

Parameters

ip-address peer-group-name

Enter the IP address of the peer router in dotted decimal format. Enter the name of the peer group to send a COMMUNITY attribute to all routers within the peer group.

Defaults Command Modes Usage Information Command History

Not configured and COMMUNITY attributes are not sent to neighbors. ROUTER BGP To configure a COMMUNITY attribute, use the set community command in the ROUTE-MAP mode.
Version 7.8.1.0 Version 7.7.1.0 Introduced support on S-Series Introduced support on C-Series

neighbor shutdown
ces
Syntax

Disable a BGP neighbor or peer group. neighbor {ip-address | peer-group-name} shutdown To enable a disabled neighbor or peer group, use the neighbor {ip-address | peer-group-name} no shutdown command.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

361

neighbor soft-reconfiguration inbound

Parameters

ip-address peer-group-name

Enter the IP address of the neighbor in dotted decimal format. Enter the name of the peer group to disable or enable all routers within the peer group.

Defaults Command Modes Usage Information

Enabled (that is, BGP neighbors and peer groups are disabled.) ROUTER BGP Peers that are enabled within a peer group are disabled when their peer group is disabled. The neighbor shutdown command terminates all BGP sessions on the BGP neighbor or BGP peer group. Use this command with caution as it terminates the specified BGP sessions. When a neighbor or peer group is shutdown, use the show ip bgp summary command to confirm its status.
show ip bgp summary show ip bgp neighbors Displays the current BGP configuration. Displays the current BGP neighbors.

Related Commands

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

neighbor soft-reconfiguration inbound

ces
Syntax

Enable a BGP soft-reconfiguration and start storing inbound route updates. neighbor {ipv4-address | ipv6-address | peer-group-name} soft-reconfiguration inbound ipv4-address | ipv6-address peer-group-name
Enter the IP address of the neighbor for which you want to start storing inbound routing updates. Enter the name of the peer group for which you want to start storing inbound routing updates.

Parameters

Defaults Command Modes Usage Information

Disabled ROUTER BGP This command enables soft-reconfiguration for the specified BGP neighbor. BGP will store all updates for inbound IPv4 routes received by the neighbor but will not reset the peer-session.

Caution: Inbound update storage is a memory-intensive operation. The entire BGP

update database from the neighbor is stored in memory regardless of the inbound policy results applied on the neighbor.
Related Commands

show ip bgp neighbors

Display routes received on a neighbor

362

Border Gateway Protocol IPv4 (BGPv4)

neighbor subnet

Command History

Version 8.4.1.0 Version 7.8.1.0 Version 7.7.1.0 Version 7.4.1.0

Added support for IPv4 multicast and IPv4 unicast address families Introduced support on S-Series Introduced support on C-Series Introduced

neighbor subnet
ces
Syntax

Enable passive peering so that the members of the peer group are dynamic neighbor peer-group-name subnet subnet-number mask To remove passive peering, use the no neighbor peer-group-name subnet subnet-number mask command.

Parameters

subnet-number

Enter a subnet number in dotted decimal format (A.B.C.D.) as the allowable range of addresses included in the Peer group. To allow all addresses, enter 0.0.0.0/0. Enter a prefix mask in / prefix-length format (/x).

mask
Defaults Command Modes Command History

Not configured. ROUTER BGP

Version 7.8.1.0 Version 7.7.1.0 Introduced support on S-Series Introduced support on C-Series

neighbor timers
ces
Syntax

Set keepalive and hold time timers for a BGP neighbor or a peer group. neighbor {ip-address | peer-group-name} timers keepalive holdtime To return to the default values, use the no neighbor {ip-address | peer-group-name} timers command.

Parameters

ip-address peer-group-name

Enter the IP address of the peer router in dotted decimal format. Enter the name of the peer group to set the timers for all routers within the peer group.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

363

neighbor update-source

keepalive

Enter a number for the time interval, in seconds, between keepalive messages sent to the neighbor routers. Range: 1 to 65535 Default: 60 seconds Enter a number for the time interval, in seconds, between the last keepalive message and declaring the router dead. Range: 3 to 65535 Default: 180 seconds

holdtime

Defaults Command Modes Usage Information

keepalive = 60 seconds; holdtime = 180 seconds. ROUTER BGP Timer values configured with the neighbor timers command override the timer values configured with the any other command. When two neighbors, configured with different keepalive and holdtime values, negotiate for new values, the resulting values will be as follows: the lower of the holdtime values is the new holdtime value, and whichever is the lower value; one-third of the new holdtime value, or the configured keepalive value is the new keepalive value.
Version 7.8.1.0 Version 7.7.1.0 Introduced support on S-Series Introduced support on C-Series

Command History

neighbor update-source
ces
Syntax

Enable the E-Series software to use Loopback interfaces for TCP connections for BGP sessions. neighbor {ip-address | peer-group-name} update-source interface To use the closest interface, use the no neighbor {ip-address | peer-group-name} update-source interface command.

Parameters

ip-address peer-group-name interface

Enter the IP address of the peer router in dotted decimal format. Enter the name of the peer group to disable all routers within the peer group. Enter the keyword loopback followed by a number of the loopback interface. Range: 0 to 16383.

Defaults Command Modes

Not configured. ROUTER BGP

364

Border Gateway Protocol IPv4 (BGPv4)

neighbor weight

Usage Information

Loopback interfaces are up constantly and the BGP session may need one interface constantly up to stabilize the session. The neighbor update-source command is not necessary for directly connected internal BGP sessions.
Version 7.8.1.0 Version 7.7.1.0 Introduced support on S-Series Introduced support on C-Series

Command History

neighbor weight
ces
Syntax

Assign a weight to the neighbor connection, which is used to determine the best path. neighbor {ip-address | peer-group-name} weight weight To remove a weight value, use the no neighbor {ip-address | peer-group-name} weight command.

Parameters

ip-address peer-group-name weight

Enter the IP address of the peer router in dotted decimal format. Enter the name of the peer group to disable all routers within the peer group. Enter a number as the weight. Range: 0 to 65535 Default: 0

Defaults Command Modes Usage Information

0 ROUTER BGP In the FTOS best path selection process, the path with the highest weight value is preferred.

Note: Reset the neighbor connection (clear ip bgp ipv4 unicast soft * command) to apply the weight to the connection and recompute the best path.
If the set weight command is configured in a route map applied to this neighbor, the weight set in that command overrides the weight set in the neighbor weight command.
Related Commands Command History set weight Assign a weight to all paths meeting the route map criteria.

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

365

network

network
ces
Syntax

Specify the networks for the BGP process and enter them in the BGP routing table. network ip-address mask [route-map map-name] To remove a network, use the no network ip-address mask [route-map map-name] command.

Parameters

ip-address mask route-map map-name

Enter an IP address in dotted decimal format of the network. Enter the mask of the IP address in the slash prefix length format (for example, /24). The mask appears in command outputs in dotted decimal format (A.B.C.D). (OPTIONAL) Enter the keyword route-map followed by the name of an established route map. Only the following ROUTE-MAP mode commands are supported: match ip address set community set local-preference set metric set next-hop set origin set weight If the route map is not configured, the default is deny (to drop all routes).

Defaults Command Modes Usage Information

Not configured. ROUTER BGP FTOS software resolves the network address configured by the network command with the routes in the main routing table to ensure that the networks are reachable via non-BGP routes and non-default routes.
redistribute Redistribute routes into BGP.

Related Commands Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

network backdoor
ces
Syntax

Specify this IGP route as the preferred route. network ip-address mask backdoor To remove a network, use the no network ip-address mask backdoor command.

366

Border Gateway Protocol IPv4 (BGPv4)

redistribute

Parameters

ip-address mask

Defaults Command Modes Usage Information Command History

Not configured. ROUTER BGP Though FTOS does not generate a route due to backdoor config, there is an option for injecting/sourcing a local route in presence of network backdoor config on a learned route.
Version 7.8.1.0 Version 7.7.1.0 Introduced support on S-Series Introduced support on C-Series

redistribute
ces
Syntax

Redistribute routes into BGP. redistribute {connected | static} [route-map map-name] To disable redistribution, use the no redistribution {connected | static} command.

Parameters

connected static route-map map-name

Enter the keyword connected to redistribute routes from physically connected interfaces. Enter the keyword static to redistribute manually configured routes. These routes are treated as incomplete routes. (OPTIONAL) Enter the keyword route-map followed by the name of an established route map. Only the following ROUTE-MAP mode commands are supported: match ip address set community set local-preference set metric set next-hop set origin set weight If the route map is not configured, the default is deny (to drop all routes).

Defaults Command Modes Usage Information

Not configured. ROUTER BGP With FTOS version 8.3.1.0 and later, the redistribute command can be used to advertise the IGP cost as the MED on redistributed routes. When the route-map is set with metric-type internal and applied outbound to an EBGP peer/peer-group, the advertised routes corresponding to those peer/peer-group will have IGP cost set as MED.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

367

redistribute isis

If you do not configure default-metric command, in addition to the redistribute command, or there is no route map to set the metric, the metric for redistributed static and connected is 0. To redistribute the default route (0.0.0.0/0) configure the neighbor default-originate command.
Related Commands Command History neighbor default-originate Inject the default route.

Version 8.3.1.0 Version 7.8.1.0 Version 7.7.1.0

Introduced ability to substitute IGP cost for MED when a peer/peer-group outbound route-map is set as internal. Introduced support on S-Series Introduced support on C-Series

redistribute isis
e
Syntax

Redistribute IS-IS routes into BGP. redistribute isis [WORD] [level-1| level-1-2 | level-2] [metric metric-value] [route-map map-name] To return to the default values, enter the no redistribute isis [WORD] [level-1| level-1-2 | level-2] [metric metric-value] [route-map map-name] command.

Parameters

WORD level-1 level-1-2 level-2 metric metric-value

ISO routing area tag (OPTIONAL) Enter the keyword level-1 to independently redistributed into Level 1 routes only. (OPTIONAL) Enter the keyword level-1-2 to independently redistributed into Level 1 and Level 2 routes. This is the default. (OPTIONAL) Enter the keyword level-2 to independently redistributed into Level 2 routes only (OPTIONAL) Enter the keyword metric followed by the metric value used for the redistributed route. Use a metric value that is consistent with the destination protocol. Range: 0 to 16777215 Default: 0 Enter the keyword route-map followed by the map name that is an identifier for a configured route map. The route map should filter imported routes from the source routing protocol to the current routing protocol. If you do not specify a map-name, all routes are redistributed. If you specify a keyword, but fail to list route map tags, no routes will be imported.

route-map map-name

Defaults Command Modes

level-1-2 ROUTER BGP

368

Border Gateway Protocol IPv4 (BGPv4)

redistribute ospf Figure 113 Command Example: redistribute isis

Force10(conf)#router bgp 1 Force10(conf-router_bgp)#redistribute isis level-1 metric 44 route-map rmap-is2bgp Force10(conf-router_bgp)#show running-config bgp ! router bgp 1 redistribute isis level-1 metric 44 route-map rmap-is2bgp

Example

Usage Information

With FTOS version 8.3.1.0 and later, the redistribute command can be used to advertise the IGP cost as the MED on redistributed routes. When the route-map is set with metric-type internal and applied outbound to an EBGP peer/peer-group, the advertised routes corresponding to those peer/peer-group will have IGP cost set as MED. IS-IS to BGP redistribution supports matching of level-1 or level-2 routes or all routes (default). More advanced match options can be performed using route maps. The metric value of redistributed routes can be set by the redistribution command.

Command History

Version 8.3.1.0 Version 6.3.1.0

Introduced ability to substitute IGP cost for MED when a peer/peer-group outbound route-map is set as internal. Introduced

redistribute ospf
ces
Syntax

Redistribute OSPF routes into BGP. redistribute ospf process-id [[match external {1 | 2}] [match internal]] [route-map map-name] To stop redistribution of OSPF routes, use the no redistribute ospf process-id command.

Parameters

process-id match external {1 | 2}

Enter the number of the OSPF process. Range: 1 to 65535 (OPTIONAL) Enter the keywords match external to redistribute OSPF external routes. You can specify 1 or 2 to redistribute those routes only. (OPTIONAL) Enter the keywords match internal to redistribute OSPF internal routes only. (OPTIONAL) Enter the keywords route-map followed by the name of a configured Route map.

match internal route-map map-name

Defaults Command Modes Usage Information

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

369

router bgp When you enter redistribute isis process-id command without any other parameters, FTOS redistributes all OSPF internal routes, external type 1 routes, and external type 2 routes. This feature is not supported by an RFC.
Command History Version 8.3.1.0 Version 7.8.1.0 Version 7.7.1.0 Introduced ability to substitute IGP cost for MED when a peer/ peer-group outbound route-map is set as internal. Introduced support on S-Series Introduced support on C-Series

router bgp
ces
Syntax

Enter ROUTER BGP mode to configure and enable BGP. router bgp as-number To disable BGP, use the no router bgp as-number command.

Parameters

as-number

Enter the AS number. Range: 1 to 65535 (2-Byte) or 1-4294967295 (4-Byte) or 0.1-65535.65535 (Dotted format)

Defaults Command Modes Example

Not enabled. CONFIGURATION Figure 114 Command Example: router bgp

Force10(conf)#router bgp 3 Force10(conf-router_bgp)#

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

Usage Information

At least one interface must be in Layer 3 mode for the router bgp command to be accepted. If no interfaces are enabled for Layer 3, an error message appears: % Error: No router id configured.

show capture bgp-pdu neighbor

ces
Syntax

Display BGP packet capture information for an IPv4 address on the system. show capture bgp-pdu neighbor ipv4-address

370

Border Gateway Protocol IPv4 (BGPv4)

show config

Parameters

ipv4-address

Enter the IPv4 address (in dotted decimal format) of the BGP address to display packet information for that address.

Command Modes Example

EXEC Privilege Figure 115 Command Example: show capture bgp-pdu neighbor
Force10(conf-router_bgp)#show capture bgp-pdu neighbor 20.20.20.2 Incoming packet capture enabled for BGP neighbor 20.20.20.2 Available buffer size 40958758, 26 packet(s) captured using 680 bytes PDU[1] : len 101, captured 00:34:51 ago ffffffff ffffffff ffffffff ffffffff 00650100 00000013 00000000 00000000 419ef06c 00000000 00000000 00000000 00000000 00000000 0181a1e4 0181a25c 41af92c0 00000000 00000000 00000000 00000000 00000001 0181a1e4 0181a25c 41af9400 00000000 PDU[2] : len 19, captured 00:34:51 ago ffffffff ffffffff ffffffff ffffffff 00130400 PDU[3] : len 19, captured 00:34:51 ago ffffffff ffffffff ffffffff ffffffff 00130400 [. . .] Outgoing packet capture enabled for BGP neighbor 20.20.20.2 Available buffer size 40958758, 27 packet(s) captured using 562 bytes PDU[1] : len 41, captured 00:34:52 ago ffffffff ffffffff ffffffff ffffffff 00290104 000100b4 14141401 0c020a01 04000100 01020080 00000000 PDU[2] : len 19, captured 00:34:51 ago ffffffff ffffffff ffffffff ffffffff 00130400 PDU[3] : len 19, captured 00:34:50 ago ffffffff ffffffff ffffffff ffffffff 00130400 [. . .] Force10#

Related Commands Command History

capture bgp-pdu max-buffer-size

Specify a size for the capture buffer.

Version 7.8.1.0 Version 7.7.1.0 Version 7.5.1.0

Introduced support on S-Series Introduced support on C-Series Introduced

show config
ces
Syntax Command Modes

View the current ROUTER BGP configuration. show config ROUTER BGP

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

371

show ip bgp

Example

Figure 116 show config Command Example

Force10(conf-router_bgp)#show confi ! router bgp 45 neighbor suzanne peer-group neighbor suzanne no shutdown neighbor sara peer-group neighbor sara shutdown neighbor 13.14.15.20 peer-group suzanne neighbor 13.14.15.20 shutdown neighbor 123.34.55.123 peer-group suzanne neighbor 123.34.55.123 shutdown Force10(conf-router_bgp)#

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

show ip bgp
ces
Syntax Parameters

View the current BGP IPv4 routing table for the system. show ip bgp [ipv4 unicast] [network [network-mask] [longer-prefixes]]
ipv4 unicast (OPTIONAL) Enter the ipv4 unicast keywords to view information only related to ipv4 unicast routes. (OPTIONAL) Enter the network address (in dotted decimal format) of the BGP network to view information only on that network. (OPTIONAL) Enter the network mask (in slash prefix format) of the BGP network address. (OPTIONAL) Enter the keyword longer-prefixes to view all routes with a common prefix.

network network-mask longer-prefixes

Command Modes

EXEC EXEC Privilege

Usage Information

When you enable bgp non-deterministic-med command, the show ip bgp command output for a BGP route does not list the INACTIVE reason.

372

Border Gateway Protocol IPv4 (BGPv4)

show ip bgp

Example

Figure 117 show ip bgp Command Example (Partial)

Force10>show ip bgp BGP table version is 847562, local router ID is 63.114.8.131 Status codes: s suppressed, d damped, h history, * valid, > best Path source: I - internal, a - aggregate, c - confed-external, r - redistributed, n - network Origin codes: i - IGP, e - EGP, ? - incomplete *> * *> *> Network 0.0.0.0/0 3.0.0.0/8 3.3.0.0/16 Next Hop 63.114.8.33 63.114.8.33 63.114.8.33 0.0.0.0 63.114.8.35 63.114.8.33 63.114.8.33 63.114.8.33 63.114.8.33 63.114.8.33 63.114.8.33 63.114.8.33 63.114.8.33 63.114.8.33 63.114.8.33 63.114.8.33 63.114.8.33 63.114.8.33 63.114.8.33 Metric LocPrf Weight 0 0 0 32768 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Path 18508 18508 18508 ? 18508 18508 18508 18508 18508 18508 18508 18508 18508 18508 18508 18508 18508 18508 18508 i 209 701 80 i 701 80 i ? 701 209 209 701 209 701 209 209 209 209 209 ? ? ? 1 i i 1239 1239 6461 6461 i i i i 3561

*> 4.0.0.0/8 *> 4.2.49.12/30 * 4.17.250.0/24 *> * 4.21.132.0/23 *> *> 4.24.118.16/30 *> 4.24.145.0/30 *> 4.24.187.12/30 *> 4.24.202.0/30 *> 4.25.88.0/30 *> 5.0.0.0/9 *> 5.0.0.0/10 *> 5.0.0.0/11 --More--

13716 13716 16422 16422

i i i i

3908 i

0 0 0

Table 14 defines the information displayed in Figure 117 Table 14 show ip bgp Command Example Fields Field
Network Next Hop

Description
Displays the destination network prefix of each BGP route. Displays the next hop address of the BGP router. If 0.0.0.0 is listed in this column, then local routes exist in the routing table. Displays the BGP routes metric, if assigned. Displays the BGP LOCAL_PREF attribute for the route. Displays the routes weight Lists all the ASs the route passed through to reach the destination network.

Metric LocPrf Weight Path

Related Commands

show ip bgp community neighbor maximum-prefix

View BGP communities. Control number of network prefixes received.

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

373

show ip bgp cluster-list

ces
Syntax Parameters

View BGP neighbors in a specific cluster. show ip bgp [ipv4 unicast] cluster-list [cluster-id]
ipv4 unicast (OPTIONAL) Enter the ipv4 unicast keywords to view information only related to ipv4 unicast routes. (OPTIONAL) Enter the cluster id in dotted decimal format.

cluster-id
Command Modes

EXEC EXEC Privilege

Example

Figure 118 Command Example: show ip bgp cluster-list (Partial)

Force10#show ip bgp cluster-list BGP table version is 64444683, local router ID is 120.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best Path source: I - internal, a - aggregate, c - confed-external, r - redistributed, n - network Origin codes: i - IGP, e - EGP, ? - incomplete Network * I 10.10.10.1/32 * I *>I * I * I * I * I 10.19.75.5/32 * I *>I * I * I * I * I 10.30.1.0/24 * I *>I * I * I * I Next Hop 192.68.16.1 192.68.16.1 192.68.16.1 192.68.16.1 192.68.16.1 192.68.16.1 192.68.16.1 192.68.16.1 192.68.16.1 192.68.16.1 192.68.16.1 192.68.16.1 192.68.16.1 192.68.16.1 192.68.16.1 192.68.16.1 192.68.16.1 192.68.16.1 Metric 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 LocPrf Weight Path 100 0 i 100 0 i 100 0 i 100 0 i 100 0 i 100 0 i 100 0 ? 100 0 ? 100 0 ? 100 0 ? 100 0 ? 100 0 ? 100 0 ? 100 0 ? 100 0 ? 100 0 ? 100 0 ? 100 0 ?

Table 15 defines the information displayed in Figure 118. Table 15 show ip bgp cluster-list Command Fields Field
Network Next Hop

Metric LocPrf Weight Path

374

Border Gateway Protocol IPv4 (BGPv4)

show ip bgp community

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

show ip bgp community

ces
Syntax

View information on all routes with Community attributes or view specific BGP community groups. show ip bgp [ipv4 unicast] community [community-number] [local-as] [no-export] [no-advertise]
ipv4 unicast (OPTIONAL) Enter the ipv4 unicast keywords to view information only related to ipv4 unicast routes. Enter the community number in AA:NN format where AA is the AS number (2 bytes) and NN is a value specific to that autonomous system. You can specify up to eight community numbers to view information on those community groups. Enter the keywords local-AS to view all routes with the COMMUNITY attribute of NO_EXPORT_SUBCONFED. All routes with the NO_EXPORT_SUBCONFED (0xFFFFFF03) community attribute must not be advertised to external BGP peers. Enter the keywords no-advertise to view all routes containing the well-known community attribute of NO_ADVERTISE. All routes with the NO_ADVERTISE (0xFFFFFF02) community attribute must not be advertised to other BGP peers. Enter the keywords no-export to view all routes containing the well-known community attribute of NO_EXPORT. All routes with the NO_EXPORT (0xFFFFFF01) community attribute must not be advertised outside a BGP confederation boundary.

Parameters

community-number

local-AS

no-advertise

no-export

Command Modes

EXEC EXEC Privilege

Usage Information

To view the total number of COMMUNITY attributes found, use the show ip bgp summary command. The text line above the route table states the number of COMMUNITY attributes found.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

375

show ip bgp community-list

Example

Figure 119 show ip bgp community Command Example (Partial)

Force10>show ip bgp community BGP table version is 3762622, local router ID is 63.114.8.48 Status codes: s suppressed, d damped, h history, * valid, > best Path source: I - internal, a - aggregate, c - confed-external, r - redistributed, n - network Origin codes: i - IGP, e - EGP, ? - incomplete Network * i 3.0.0.0/8 *>i 4.2.49.12/30 * i 4.21.132.0/23 *>i 4.24.118.16/30 *>i 4.24.145.0/30 *>i 4.24.187.12/30 *>i 4.24.202.0/30 *>i 4.25.88.0/30 *>i 6.1.0.0/16 *>i 6.2.0.0/22 *>i 6.3.0.0/18 *>i 6.4.0.0/16 *>i 6.5.0.0/19 *>i 6.8.0.0/20 *>i 6.9.0.0/20 *>i 6.10.0.0/15 *>i 6.14.0.0/15 *>i 6.133.0.0/21 *>i 6.151.0.0/16 --More-Next Hop 205.171.0.16 205.171.0.16 205.171.0.16 205.171.0.16 205.171.0.16 205.171.0.16 205.171.0.16 205.171.0.16 205.171.0.16 205.171.0.16 205.171.0.16 205.171.0.16 205.171.0.16 205.171.0.16 205.171.0.16 205.171.0.16 205.171.0.16 205.171.0.16 205.171.0.16 Metric LocPrf 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 Weight 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Path 209 701 80 i 209 i 209 6461 16422 i 209 i 209 i 209 i 209 i 209 3561 3908 i 209 7170 1455 i 209 7170 1455 i 209 7170 1455 i 209 7170 1455 i 209 7170 1455 i 209 7170 1455 i 209 7170 1455 i 209 7170 1455 i 209 7170 1455 i 209 7170 1455 i 209 7170 1455 i

The show ip bgp community command without any parameters lists BGP routes with at least one BGP community attribute and the output is the same as for the show ip bgp command output. Table 16 Command Example Fields: show ip bgp community Field
Network Next Hop

Metric LocPrf Weight Path

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

show ip bgp community-list

ces
Syntax

View routes that are affected by a specific community list. show ip bgp [ipv4 unicast] community-list community-list-name [exact-match]

376

Border Gateway Protocol IPv4 (BGPv4)

show ip bgp dampened-paths

Parameters

ipv4 unicast

(OPTIONAL) Enter the ipv4 unicast keywords to view information only related to ipv4 unicast routes. Enter the name of a configured IP community list. (max 16 chars) Enter the keyword for an exact match of the communities.

community-list-name exact-match
Command Modes

EXEC EXEC Privilege

Example

Figure 120 Command Example: show ip bgp community-list

Force10#show ip bgp community-list pass BGP table version is 0, local router ID is 10.101.15.13 Status codes: s suppressed, d damped, h history, * valid, > best Path source: I - internal, a - aggregate, c - confed-external, r - redistributed, n - network Origin codes: i - IGP, e - EGP, ? - incomplete Network Force10# Next Hop Metric LocPrf Weight Path

The show ip bgp community-list command without any parameters lists BGP routes matching the Community List and the output is the same as for the show ip bgp command output. Table 17 show ip bgp community-list Command Example Fields Field
Network Next Hop

Metric LocPrf Weight Path

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

show ip bgp dampened-paths

ces
Syntax Command Modes

View BGP routes that are dampened (non-active). show ip bgp [ipv4 unicast] dampened-paths EXEC EXEC Privilege

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

377

show ip bgp detail Figure 121 Command Example: show ip bgp dampened-paths

Example

Force10>show ip bgp damp BGP table version is 210708, local router ID is 63.114.8.2 Status codes: s suppressed, d damped, h history, * valid, > best Path source: I - internal, a - aggregate, c - confed-external, r - redistributed, n - network Origin codes: i - IGP, e - EGP, ? - incomplete Network From Reuse Path Force10>

Table 18 defines the information displayed in Figure 121. Table 18 show ip bgp dampened-paths Command Example Field
Network From Reuse Path

Description
Displays the network ID to which the route is dampened. Displays the IP address of the neighbor advertising the dampened route. Displays the hour:minutes:seconds until the dampened route is available. Lists all the ASs the dampened route passed through to reach the destination network.

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

show ip bgp detail

ces
Syntax Defaults Command Modes

Display BGP internal information for IPv4 Unicast address family. show ip bgp [ipv4 unicast] detail none EXEC EXEC Privilege

378

Border Gateway Protocol IPv4 (BGPv4)

show ip bgp detail Figure 122 Command Example: show ip bgp detail
R2#show ip bgp detail Detail information for BGP Node bgpNdP 0x41a17000 : NdTmrP 0x41a17000 : NdKATmrP 0x41a17014 : NdTics 74857 : NhLocAS 1 : NdState 2 : NdRPMPrim 1 : NdListSoc 13 NdAuto 1 : NdEqCost 1 : NdSync 0 : NdDefOrg 0 NdV6ListSoc 14 NdDefDid 0 : NdConfedId 0 : NdMedConfed 0 : NdMedMissVal -1 : NdIgnrIllId 0 : NdRRC2C 1 : NdClstId 33686273 : NdPaTblP 0x41a19088 NdASPTblP 0x41a19090 : NdCommTblP 0x41a19098 : NhOptTransTblP 0x41a190a0 : NdRRClsTblP 0x41a190a8 NdPktPA 0 : NdLocCBP 0x41a6f000 : NdTmpPAP 0x419efc80 : NdTmpASPAP 0x41a25000 : NdTmpCommP 0x41a25800 NdTmpRRClP 0x41a4b000 : NdTmpOptP 0x41a4b800 : NdTmpNHP : NdOrigPAP 0 NdOrgNHP 0 : NdModPathP 0x419efcc0 : NdModASPAP 0x41a4c000 : NdModCommP 0x41a4c800 NdModOptP 0x41a4d000 : NdModNHP : NdComSortBufP 0x41a19110 : NdComSortHdP 0x41a19d04 : NdUpdAFMsk 0 : AFRstSet 0x41a1a298 : NHopDfrdHdP 0x41a1a3e0 : NumNhDfrd 0 : CfgHdrAFMsk 1 AFChkNetTmrP 0x41ee705c : AFRtDamp 0 : AlwysCmpMed 0 : LocrHld 10 : LocrRem 10 : softReconfig 0x41a1a58c DefMet 0 : AutoSumm 1 : NhopsP 0x41a0d100 : Starts 0 : Stops 0 : Opens 0 Closes 0 : Fails 0 : Fatals 0 : ConnExps 0 : HldExps 0 : KeepExps 0 RxOpens 0 : RxKeeps 0 : RxUpds 0 : RxNotifs 0 : TxUpds 0 : TxNotifs 0 BadEvts 0 : SynFails 0 : RxeCodeP 0x41a1b6b8 : RxHdrCodeP 0x41a1b6d4 : RxOpCodeP 0x41a1b6e4 RxUpdCodeP 0x41a1b704 : TxEcodeP 0x41a1b734 : TxHdrcodeP 0x41a1b750 : TxOpCodeP 0x41a1b760 TxUpdCodeP 0x41a1b780 : TrEvt 0 : LocPref 100 : tmpPathP 0x41a1b7b8 : LogNbrChgs 1 RecursiveNH 1 : PgCfgId 0 : KeepAlive 0 : HldTime 0 : DioHdl 0 : AggrValTmrP 0x41ee7024 UpdNetTmrP 0 : RedistTmrP 0x41ee7094 : PeerChgTmrP 0 : CleanRibTmrP 0x41ee7104 PeerUpdTmrP 0x41ee70cc : DfrdNHTmrP 0x41ee7174 : DfrdRtselTmrP 0x41ee713c : FastExtFallover 1 : FastIntFallover 0 : Enforce1stAS 1 PeerIdBitsP 0x41967120 : softOutSz 16 : RibUpdCtxCBP 0 UpdPeerCtxCBP 0 : UpdPeerCtxAFI 0 : TcpioCtxCB 0 : RedistBlk 1 NextCBPurg 1101119536 : NumPeerToPurge 0 : PeerIBGPCnt 0 : NonDet 0 : DfrdPathSel 0 BGPRst 0 : NumGrCfg 1 : DfrdTmestmp 0 : SnmpTrps 0 : IgnrBestPthASP 0 RstOn 1 : RstMod 1 : RstRole 2 : AFFalgs 7 : RstInt 120 : MaxeorExtInt 361 FixedPartCrt 1 : VarParCrt 1 Packet Capture max allowed length 40960000 : current length 0 Peer Grp List Nbr List Confed Peer List Address Family specific Information AFIndex 0 NdSpFlag 0x41a190b0 : AFRttP 0x41a0d200 : NdRTMMkrP 0x41a19d28 : NdRTMAFTblVer 0 : NdRibCtxAddr 1101110688 NdRibCtxAddrLen 255 : NdAFPrefix 0 : NdAfNLRIP 0 : NdAFNLRILen 0 : NdAFWPtrP 0 NdAFWLen 0 : NdAfNH : NdAFRedRttP 0x41a0d400 : NdRecCtxAdd 1101110868 NdRedCtxAddrLen 255 : NdAfRedMkrP 0x41a19e88 : AFAggRttP 0x41a0d600 : AfAggCtxAddr 1101111028 : AfAggrCtxAddrLen 255 AfNumAggrPfx 0 : AfNumAggrASSet 0 : AfNumSuppmap 0 : AfNumAggrValidPfx 0 : AfMPathRttP 0x41a0d700 MpathCtxAddr 1101111140 : MpathCtxAddrlen 255 : AfEorSet 0x41a19f98 : NumDfrdPfx 0 AfActPeerHd 0x41a1a3a4 : AfExtDist 1101112312 : AfIntDist 200 : AfLocDist 200 AfNumRRc 0 : AfRR 0 : AfNetRttP 0x41a0d300 : AfNetCtxAddr 1101112392 : AfNetCtxAddrlen 255 AfNwCtxAddr 1101112443 : AfNwCtxAddrlen 255 : AfNetBKDrRttP 0x41a0d500 : AfNetBKDRCnt 0 : AfDampHLife 0 AfDampReuse 0 : AfDampSupp 0 : AfDampMaxHld 0 : AfDampCeiling 0 : AfDampRmapP

Example

Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.5.1.0

Introduced support on S-Series Introduced support on C-Series Introduced

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

379

show ip bgp extcommunity-list

ces
Syntax Parameters

View information on all routes with Extended Community attributes. show ip bgp [ipv4 unicast] extcommunity-list [ list name]
ipv4 unicast (OPTIONAL) Enter the ipv4 unicast keywords to view information only related to ipv4 unicast routes. Enter the extended community list name you wish to view.

list name
Command Modes

EXEC EXEC Privilege

Usage Information

To view the total number of COMMUNITY attributes found, use the show ip bgp summary command. The text line above the route table states the number of COMMUNITY attributes found. The show ip bgp community command without any parameters lists BGP routes with at least one BGP community attribute and the output is the same as for the show ip bgp command output.

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

show ip bgp filter-list

ces
Syntax Parameters

View the routes that match the filter lists. show ip bgp [ipv4 unicast] filter-list as-path-name
ipv4 unicast (OPTIONAL) Enter the ipv4 unicast keywords to view information only related to ipv4 unicast routes. Enter the name of an AS-PATH.

as-path-name
Command Modes

EXEC EXEC Privilege

380

Border Gateway Protocol IPv4 (BGPv4)

show ip bgp filter-list Figure 123 Command Example: show ip bgp filter-list
Force10#show ip bgp filter-list hello BGP table version is 80227, local router ID is 120.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best Path source: I - internal, a - aggregate, c - confed-external, r - redistributed, n network Origin codes: i - IGP, e - EGP, ? - incomplete Network * I 6.1.5.0/24 * I * I * I *>I * I * I * I 6.1.6.0/24 * I * I * I *>I * I * I * I 6.1.20.0/24 * I * I * I Force10# Next Hop 192.100.11.2 192.100.8.2 192.100.9.2 192.100.10.2 6.1.5.1 6.1.6.1 6.1.20.1 192.100.11.2 192.100.8.2 192.100.9.2 192.100.10.2 6.1.5.1 6.1.6.1 6.1.20.1 192.100.11.2 192.100.8.2 192.100.9.2 192.100.10.2 Metric 20000 20000 20000 20000 20000 20000 20000 20000 20000 20000 20000 20000 20000 20000 20000 20000 20000 20000 LocPrf Weight Path 9999 0 ? 9999 0 ? 9999 0 ? 9999 0 ? 9999 0 ? 9999 0 ? 9999 0 ? 9999 0 ? 9999 0 ? 9999 0 ? 9999 0 ? 9999 0 ? 9999 0 ? 9999 0 ? 9999 0 ? 9999 0 ? 9999 0 ? 9999 0 ?

Example

Table 19 defines the information displayed in Figure 123. Table 19 Command Example fields: show ip bgp filter-list Field
Path source codes

Description
Lists the path sources shown to the right of the last AS number in the Path column: i = internal route entry a = aggregate route entry c = external confederation route entry n = network route entry r = redistributed route entry

Next Hop

Displays the next hop address of the BGP router. If 0.0.0.0 is listed in this column, then local routes exist in the routing table. Displays the BGP routes metric, if assigned. Displays the BGP LOCAL_PREF attribute for the route. Displays the routes weight Lists all the ASs the route passed through to reach the destination network.

Metric LocPrf Weight Path

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

381

show ip bgp flap-statistics

ces
Syntax

View flap statistics on BGP routes. show ip bgp [ipv4 unicast] flap-statistics [ip-address [mask]] [filter-list as-path-name] [regexp regular-expression]
ipv4 unicast (OPTIONAL) Enter the ipv4 unicast keywords to view information only related to ipv4 unicast routes. (OPTIONAL) Enter the IP address (in dotted decimal format) of the BGP network to view information only on that network. (OPTIONAL) Enter the network mask (in slash prefix (/x) format) of the BGP network address. (OPTIONAL) Enter the keyword filter-list followed by the name of a configured AS-PATH ACL. Enter a regular expression then use one or a combination of the following characters to match: . = (period) any single character (including a white space) * = (asterisk) the sequences in a pattern (0 or more sequences) + = (plus) the sequences in a pattern (1 or more sequences) ? = (question mark) sequences in a pattern (either 0 or 1 sequences). You must enter an escape sequence (CTRL+v) prior to entering the ? regular expression. [ ] = (brackets) a range of single-character patterns. ( ) = (parenthesis) groups a series of pattern elements to a single element { } = (braces) minimum and the maximum match count ^ = (caret) the beginning of the input string. If the caret is used at the beginning of a sequence or range, it matches on everything BUT the characters specified. $ = (dollar sign) the end of the output string.

Parameters

ip-address mask filter-list as-path-name regexp regular-expression

Command Modes

EXEC EXEC Privilege

Example

Figure 124 Command Example: show ip bgp flap-statistics

Force10>show ip bgp flap BGP table version is 210851, local router ID is 63.114.8.2 Status codes: s suppressed, d damped, h history, * valid, > best Path source: I - internal, a - aggregate, c - confed-external, r - redistributed, n - network Origin codes: i - IGP, e - EGP, ? - incomplete Network Force10> From Flaps Duration Reuse Path

382

Border Gateway Protocol IPv4 (BGPv4)

show ip bgp inconsistent-as

Table 20 defines the information displayed in Figure 124. Table 20 show ip bgp flap-statistics Command Example Fields Field
Network From Flaps Duration Reuse Path

Description
Displays the network ID to which the route is flapping. Displays the IP address of the neighbor advertising the flapping route. Displays the number of times the route flapped. Displays the hours:minutes:seconds since the route first flapped. Displays the hours:minutes:seconds until the flapped route is available. Lists all the ASs the flapping route passed through to reach the destination network.

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

show ip bgp inconsistent-as

ces
Syntax Command Modes

View routes with inconsistent originating Autonomous System (AS) numbers, that is, prefixes that are announced from the same neighbor AS but with a different AS-Path. show ip bgp [ipv4 unicast] inconsistent-as EXEC EXEC Privilege

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

383

show ip bgp inconsistent-as Figure 125 Command Example: show ip bgp inconsistent-as (Partial)
Force10>show ip bgp inconsistent-as BGP table version is 280852, local router ID is 10.1.2.100 Status codes: s suppressed, d damped, h history, * valid, > best Path source: I - internal, c - confed-external, r - redistributed, n - network Origin codes: i - IGP, e - EGP, ? - incomplete Network * 3.0.0.0/8 * * *> *> 3.18.135.0/24 * * * *> 4.0.0.0/8 * * * * 6.0.0.0/20 * *> * * 9.2.0.0/16 * --More-Next Hop 63.114.8.33 63.114.8.34 63.114.8.60 63.114.8.33 63.114.8.60 63.114.8.34 63.114.8.33 63.114.8.33 63.114.8.60 63.114.8.34 63.114.8.33 63.114.8.33 63.114.8.60 63.114.8.34 63.114.8.33 63.114.8.33 63.114.8.60 63.114.8.34 Metric LocPrf Weight Path 0 18508 209 7018 80 i 0 18508 209 7018 80 i 0 18508 209 7018 80 i 0 18508 701 80 i 0 18508 209 7018 ? 0 18508 209 7018 ? 0 18508 701 7018 ? 0 18508 209 7018 ? 0 18508 209 1 i 0 18508 209 1 i 0 18508 701 1 i 0 18508 209 1 i 0 18508 209 3549 i 0 18508 209 3549 i 0 18508 ? 0 18508 209 3549 i 0 18508 209 701 i 0 18508 209 701 i

Example

Table 21 show ip bgp inconsistent-as Command Example Fields Fields

Network Next Hop

Metric LocPrf Weight Path

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

384

Border Gateway Protocol IPv4 (BGPv4)

show ip bgp neighbors

ces
Syntax

Displays routing information exchanged by BGP neighbors. show ip bgp [ipv4 unicast] neighbors [ipv4-neighbor-addr | ipv6-neighbor-addr] [advertised-routes | dampened-routes | detail | flap-statistics | routes | {received-routes [network [network-mask]] | {denied-routes [network [network-mask]]} ]
ipv4 unicast (OPTIONAL) Enter the ipv4 unicast keywords to view information only related to IPv4 unicast routes. (OPTIONAL) Enter the IP address of the neighbor to view only BGP route information exchanged with that neighbor. (OPTIONAL) Enter the keywords advertised-routes to view only the routes the neighbor sent. (OPTIONAL) Enter the keyword dampened-routes to view information on dampened routes from the BGP neighbor. (OPTIONAL) Enter the keyword detail to view neighbor-specific internal information for the IPv4 Unicast address family. (OPTIONAL) Enter the keyword flap-statistics to view flap statistics on the neighbors routes. (OPTIONAL) Enter the keywords routes to view only the neighbors feasible routes. (OPTIONAL) Enter the keywords received-routes followed by either the network address (in dotted decimal format) or the network mask (in slash prefix format) to view all information received from neighbors. Note: neighbor soft-reconfiguration inbound must be configured prior to viewing all the information received from the neighbors. (OPTIONAL) Enter the keywords denied-routes followed by either the network address (in dotted decimal format) or the network mask (in slash prefix format) to view all information on routes denied via neighbor inbound filters.

Parameters

ipv4-neighbor-addr | ipv6-neighbor-addr advertised-routes dampened-routes detail flap-statistics routes received-routes [network [network-mask] denied-routes [network [network-mask]
Command Modes

EXEC EXEC Privilege

Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.5.1.0 Version 7.2.1.0 Version 6.3.10

Introduced support on S-Series Introduced support on C-Series Added detail option and output now displays default MED value Added received and denied route options The output is changed to display the total number of advertised prefixes

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

385

show ip bgp neighbors Figure 126 Command Example: show ip bgp neighbors (Partial)
Force10#show ip bgp neighbors BGP neighbor is 100.10.10.2, remote AS 200, external link BGP version 4, remote router ID 192.168.2.101 BGP state ESTABLISHED, in this state for 00:16:12 Last read 00:00:12, last write 00:00:03 Hold time is 180, keepalive interval is 60 seconds Received 1404 messages, 0 in queue 3 opens, 1 notifications, 1394 updates 6 keepalives, 0 route refresh requests Sent 48 messages, 0 in queue 3 opens, 2 notifications, 0 updates 43 keepalives, 0 route refresh requests Minimum time between advertisement runs is 30 seconds Minimum time before advertisements start is 0 seconds Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) ROUTE_REFRESH(2) GRACEFUL_RESTART(64) CISCO_ROUTE_REFRESH(128) Route map for incoming advertisements is test Maximum prefix set to 4 with threshold 75 For address family: IPv4 Unicast BGP table version 34, neighbor version 34 5 accepted prefixes consume 20 bytes Prefix advertised 0, denied 4, withdrawn 0 Prefixes accepted 1 (consume 4 bytes), withdrawn 0 by peer Prefixes advertised 0, rejected 0, withdrawn 0 from peer Connections established 2; dropped 1 Last reset 00:18:21, due to Maximum prefix limit reached

Example 1

386

Border Gateway Protocol IPv4 (BGPv4)

show ip bgp neighbors Figure 127 Command Example: show ip bgp neighbors advertised-routes
Force10>show ip bgp neighbors 192.14.1.5 advertised-routes BGP table version is 74103, local router ID is 33.33.33.33 Status codes: s suppressed, S stale, d damped, h history, * valid, > best Path source: I - internal, a - aggregate, c - confed-external, r - redistributed, n - network Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop *>r 1.10.1.0/24 0.0.0.0 *>r 1.11.0.0/16 0.0.0.0 ..... ..... *>I 223.94.249.0/24 223.100.4.249 *>I 223.94.250.0/24 223.100.4.250 *>I 223.100.0.0/16 223.100.255.254 Total number of prefixes: 74102 Metric 5000 5000 0 0 0 LocPrf Weight Path 32768 ? 32768 ? 100 100 100 0 ? 0 ? 0 ?

Example 2

Example 3

Figure 128 Command Example: show ip bgp neighbors received-routes

Force10#show ip bgp neighbors 100.10.10.2 received-routes BGP table version is 13, local router ID is 120.10.10.1 Status codes: s suppressed, S stale, d damped, h history, * valid, > best Path source: I - internal, a - aggregate, c - confed-external, r - redistributed n - network, D - denied, S - stale Origin codes: i - IGP, e - EGP, ? - incomplete Network D 70.70.21.0/24 D 70.70.22.0/24 D 70.70.23.0/24 D 70.70.24.0/24 *> 70.70.25.0/24 *> 70.70.26.0/24 *> 70.70.27.0/24 *> 70.70.28.0/24 *> 70.70.29.0/24 Force10# Next Hop 100.10.10.2 100.10.10.2 100.10.10.2 100.10.10.2 100.10.10.2 100.10.10.2 100.10.10.2 100.10.10.2 100.10.10.2 Metric LocPrf Weight Path 0 0 100 200 ? 0 0 100 200 ? 0 0 100 200 ? 0 0 100 200 ? 0 0 100 200 ? 0 0 100 200 ? 0 0 100 200 ? 0 0 100 200 ? 0 0 100 200 ?

0 0 0 0

Example 4

Figure 129 Command Example: show ip bgp neighbors denied-routes

Force10#show ip bgp neighbors 100.10.10.2 denied-routes 4 denied paths using 205 bytes of memory BGP table version is 34, local router ID is 100.10.10.2 Status codes: s suppressed, S stale, d damped, h history, * valid, > best Path source: I - internal, a - aggregate, c - confed-external, r - redistributed n - network, D - denied, S - stale Origin codes: i - IGP, e - EGP, ? - incomplete Network D 70.70.21.0/24 D 70.70.22.0/24 D 70.70.23.0/24 D 70.70.24.0/24 Force10# Next Hop 100.10.10.2 100.10.10.2 100.10.10.2 100.10.10.2 Metric LocPrf Weight Path 0 0 100 200 ? 0 0 100 200 ? 0 0 100 200 ? 0 0 100 200 ?

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

387

show ip bgp neighbors

Table 22 Command Example fields: show ip bgp neighbors Lines beginning with
BGP neighbor

Description
Displays the BGP neighbor address and its AS number. The last phrase in the line indicates whether the link between the BGP router and its neighbor is an external or internal one. If they are located in the same AS, then the link is internal; otherwise the link is external. Displays the BGP version (always version 4) and the remote router ID. Displays the neighbors BGP state and the amount of time in hours:minutes:seconds it has been in that state. This line displays the following information: last read is the time (hours:minutes:seconds) the router read a message from its neighbor hold time is the number of seconds configured between messages from its neighbor keepalive interval is the number of seconds between keepalive messages to help ensure that the TCP session is still alive.

BGP version BGP state Last read

Received messages

This line displays the number of BGP messages received, the number of notifications (error messages) and the number of messages waiting in a queue for processing. The line displays the number of BGP messages sent, the number of notifications (error messages) and the number of messages waiting in a queue for processing. This line displays the number of BGP updates received and sent. This line indicates that soft reconfiguration inbound is configured. Displays the minimum time, in seconds, between advertisements. Displays the policy commands configured and the names of the Route map, AS-PATH ACL or Prefix list configured for the policy. Displays IPv4 Unicast as the address family. Displays the which version of the primary BGP routing table the router and the neighbor are using. Displays the number of network prefixes accepted by the router and the amount of memory used to process those prefixes. Displays the number of network prefixes advertised, the number rejected and the number withdrawn from the BGP routing table. Displays the number of TCP connections established and dropped between the two peers to exchange BGP information. Displays the amount of time since the peering session was last reset. Also states if the peer resets the peering session. If the peering session was never reset, the word never is displayed.

Sent messages

Received updates Soft reconfiguration Minimum time (list of inbound and outbound policies) For address family: BGP table version accepted prefixes Prefix advertised

Connections established Last reset

388

Border Gateway Protocol IPv4 (BGPv4)

show ip bgp next-hop Table 22 Command Example fields: show ip bgp neighbors Lines beginning with
Local host: Foreign host:

Description
Displays the peering address of the local router and the TCP port number. Displays the peering address of the neighbor and the TCP port number.

Related Commands

show ip bgp

View the current BGP routing table.

show ip bgp next-hop

ces
Syntax Command Modes

View all next hops (via learned routes only) with current reachability and flap status. This command only displays one path, even if the next hop is reachable by multiple paths. show ip bgp next-hop EXEC EXEC Privilege

Example

Figure 130 Command Example: show ip bgp next-hop

Force10>show ip bgp next-hop Next-hop Via 63.114.8.33 63.114.8.33, 63.114.8.34 63.114.8.34, 63.114.8.35 63.114.8.35, 63.114.8.60 63.114.8.60, Force10> RefCount 240984 135152 1 135155 Cost 0 0 0 0 Flaps 0 0 0 0 Time Elapsed 00:18:25 00:18:13 00:18:07 00:18:11

Gi Gi Gi Gi

12/22 12/22 12/22 12/22

Table 23 Command Example fields: show ip bgp next-hop Field

Next-hop Via RefCount Cost Flaps Time Elapsed

Description
Displays the next-hop IP address. Displays the IP address and interface used to reach the next hop. Displays the number of BGP routes using this next hop. Displays the cost associated with using this next hop. Displays the number of times the next hop has flapped. Displays the time elapsed since the next hop was learned. If the route is down, then this field displays time elapsed since the route went down.

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

389

show ip bgp paths

ces
Syntax Parameters

View all the BGP path attributes in the BGP database. show ip bgp paths [regexp regular-expression] regexp regular-expression
Enter a regular expression then use one or a combination of the following characters to match: . = (period) any single character (including a white space) * = (asterisk) the sequences in a pattern (0 or more sequences) + = (plus) the sequences in a pattern (1 or more sequences) ? = (question mark) sequences in a pattern (either 0 or 1 sequences). You must enter an escape sequence (CTRL+v) prior to entering the ? regular expression. [ ] = (brackets) a range of single-character patterns. ( ) = (parenthesis) groups a series of pattern elements to a single element { } = (braces) minimum and the maximum match count ^ = (caret) the beginning of the input string. If the caret is used at the beginning of a sequence or range, it matches on everything BUT the characters specified. $ = (dollar sign) the end of the output string.

Command Modes

EXEC EXEC Privilege

Example

Figure 131 Command Example: show ip bgp paths (Partial)

Force10#show ip bgp path Total 16 Paths Address Hash Refcount Metric Path 0x1efe7e5c 15 10000 32 ? 0x1efe7e1c 71 10000 23 ? 0x1efe7ddc 127 10000 22 ? 0x1efe7d9c 183 10000 43 ? 0x1efe7d5c 239 10000 42 ? 0x1efe7c9c 283 6 {102 103} ? 0x1efe7b1c 287 336 20000 ? 0x1efe7d1c 295 10000 13 ? 0x1efe7c5c 339 6 {92 93} ? 0x1efe7cdc 351 10000 12 ? 0x1efe7c1c 395 6 {82 83} ? 0x1efe7bdc 451 6 {72 73} ? 0x1efe7b5c 491 78 0 ? 0x1efe7adc 883 2 120 i 0x1efe7e9c 983 10000 33 ? 0x1efe7b9c 1003 6 0 i Force10#

Table 24 Command Example fields: show ip bgp paths Field

Total Address

Description
Displays the total number of BGP path attributes. Displays the internal address where the path attribute is stored.

390

Border Gateway Protocol IPv4 (BGPv4)

show ip bgp paths as-path Table 24 Command Example fields: show ip bgp paths Field
Hash Refcount Metric Path

Description
Displays the hash bucket where the path attribute is stored. Displays the number of BGP routes using this path attribute. Displays the MED attribute for this path attribute. Displays the AS path for the route, with the origin code for the route listed last. Numbers listed between braces {} are AS_SET information.

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

show ip bgp paths as-path

ces
Syntax Command Modes

View all unique AS-PATHs in the BGP database show ip bgp paths as-path EXEC EXEC Privilege

Example

Figure 132 Command Example: show ip bgp paths as-path (Partial)

Force10#show ip bgp paths as-path Total 13 AS-Paths Address Hash Refcount AS-Path 0x1ea3c1ec 251 1 42 0x1ea3c25c 251 1 22 0x1ea3c1b4 507 1 13 0x1ea3c304 507 1 33 0x1ea3c10c 763 1 {92 93} 0x1ea3c144 763 1 {102 103} 0x1ea3c17c 763 1 12 0x1ea3c2cc 763 1 32 0x1ea3c09c 764 1 {72 73} 0x1ea3c0d4 764 1 {82 83} 0x1ea3c224 1019 1 43 0x1ea3c294 1019 1 23 0x1ea3c02c 1021 4 Force10#

Table 25 Command Example fields: show ip bgp paths community Field

Address Hash

Description
Displays the internal address where the path attribute is stored. Displays the hash bucket where the path attribute is stored.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

391

show ip bgp paths community Table 25 Command Example fields: show ip bgp paths community Field
Refcount AS-Path

Description
Displays the number of BGP routes using these AS-Paths. Displays the AS paths for this route, with the origin code for the route listed last. Numbers listed between braces {} are AS_SET information.

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

show ip bgp paths community

ces
Syntax Command Modes

View all unique COMMUNITY numbers in the BGP database. show ip bgp paths community EXEC EXEC Privilege

Example

Figure 133 Command Example: show ip bgp paths community (Partial)

E1200-BGP>show ip bgp paths community Total 293 Communities Address Hash Refcount Community 0x1ec88a5c 3 4 209:209 209:6059 209:31272 3908:900 19092:300 0x1e0f10ec 15 4 209:209 209:3039 209:31272 3908:900 19092:300 0x1c902234 37 2 209:209 209:7193 209:21362 3908:900 19092:300 0x1f588cd4 41 24 209:209 209:6253 209:21362 3908:900 19092:300 0x1e805884 46 2 209:209 209:21226 286:777 286:3033 1899:3033 64675:21092 0x1e433f4c 46 8 209:209 209:5097 209:21362 3908:900 19092:300 0x1f173294 48 16 209:209 209:21226 286:40 286:777 286:3040 5606:40 12955:5606 0x1c9f8e24 50 6 209:209 209:4069 209:21362 3908:900 19092:300 0x1c9f88e4 53 4 209:209 209:3193 209:21362 3908:900 19092:300 0x1f58a944 57 6 209:209 209:2073 209:21362 3908:900 19092:300 0x1ce6be44 80 2 209:209 209:999 209:40832 0x1c6e2374 80 2 209:777 209:41528 0x1f58ad6c 82 46 209:209 209:41528 0x1c6e2064 83 2 209:777 209:40832 0x1f588ecc 85 570 209:209 209:40832 0x1f57cc0c 98 2 209:209 209:21226 286:3031 13646:1044 13646:1124 13646:1154 13646:1164 13646:1184 13646:1194 13646:1204 13646:1214 13646:1224 13646:1234 13646:1244 13646:1254 13646:1264 13646:3000 0x1d65b2ac 117 6 209:209 209:999 209:31272 0x1f5854ac 119 18 209:209 209:21226 286:108 286:111 286:777 286:3033 517:5104

Table 26 Command Example fields: show ip bgp paths community Field

Address Hash

Description
Displays the internal address where the path attribute is stored. Displays the hash bucket where the path attribute is stored.

392

Border Gateway Protocol IPv4 (BGPv4)

show ip bgp peer-group Table 26 Command Example fields: show ip bgp paths community Field
Refcount Community

Description
Displays the number of BGP routes using these communities. Displays the community attributes in this BGP path.

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

show ip bgp peer-group

ces
Syntax Parameters

Enables you to view information on the BGP peers in a peer group. show ip bgp [ipv4 unicast] peer-group [peer-group-name [detail | summary]]
ipv4 unicast (OPTIONAL) Enter the ipv4 unicast keywords to view information only related to ipv4 unicast routes. (OPTIONAL) Enter the name of a peer group to view information about that peer group only. (OPTIONAL) Enter the keyword detail to view detailed status information of the peers in that peer group. (OPTIONAL) Enter the keyword summary to view status information of the peers in that peer group. The output is the same as that found in show ip bgp summary command

peer-group-name detail summary

Command Modes

EXEC EXEC Privilege

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

393

show ip bgp peer-group Figure 134 Command Example: show ip bgp peer-group (Partial)
Force10#show ip bgp peer-group Peer-group RT-PEERS Description: ***peering-with-RT*** BGP version 4 Minimum time between advertisement runs is 30 seconds For address family: IPv4 Unicast BGP neighbor is RT-PEERS Number of peers in this group 20 Peer-group members (* - outbound optimized): 12.1.1.2* 12.1.1.3* 12.1.1.4* 12.1.1.5* 12.1.1.6* 12.2.1.2* 12.2.1.3* 12.2.1.4* 12.2.1.5* 12.2.1.6* 12.3.1.2* 12.3.1.3* 12.3.1.4* 12.3.1.5* 12.3.1.6* 12.4.1.2* 12.4.1.3* 12.4.1.4* 12.4.1.5* 12.4.1.6*

Example

Table 27 Command Example fields: show ip bgp peer-group Line beginning with
Peer-group Administratively shut BGP version Minimum time For address family BGP neighbor Number of peers Peer-group members:

Description
Displays the peer groups name. Displays the peer groups status if the peer group is not enabled. If the peer group is enabled, this line is not displayed. Displays the BGP version supported. Displays the time interval between BGP advertisements. Displays IPv4 Unicast as the address family. Displays the name of the BGP neighbor. Displays the number of peers currently configured for this peer group. Lists the IP addresses of the peers in the peer group. If the address is outbound optimized, a * is displayed next to the IP address.

Related Commands

neighbor peer-group (assigning peers) neighbor peer-group (creating group) show ip bgp peer-group (multicast)

Assign peer to a peer-group. Create a peer group. View information on the BGP peers in a peer group.

Command History

Version 7.8.1.0

Introduced support on S-Series

394

Border Gateway Protocol IPv4 (BGPv4)

show ip bgp regexp

Version 7.7.1.0 Version 7.8.1.0

Introduced support on C-Series Introduced support on S-Series

show ip bgp regexp

ces
Syntax Parameters

Display the subset of BGP routing table matching the regular expressions specified. show ip bgp regexp regular-expression [character] regular-expression [character]
Enter a regular expression then use one or a combination of the following characters to match: . = (period) any single character (including a white space) * = (asterisk) the sequences in a pattern (0 or more sequences) + = (plus) the sequences in a pattern (1 or more sequences) ? = (question mark) sequences in a pattern (either 0 or 1 sequences). You must enter an escape sequence (CTRL+v) prior to entering the ? regular expression. [ ] = (brackets) a range of single-character patterns. ( ) = (parenthesis) groups a series of pattern elements to a single element { } = (braces) minimum and the maximum match count ^ = (caret) the beginning of the input string. If the caret is used at the beginning of a sequence or range, it matches on everything BUT the characters specified. $ = (dollar sign) the end of the output string.

Command Modes

EXEC EXEC Privilege

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

395

show ip bgp summary Figure 135 Command Example: show ip bgp regexp (Partial)

Example

Force10#show ip bgp regexp ^2914+ BGP table version is 3700481, local router ID is 63.114.8.35 Status codes: s suppressed, S stale, d damped, h history, * valid, > best Path source: I - internal, a - aggregate, c - confed-external, r - redistributed, n - network Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *>I 3.0.0.0/8 1.1.1.2 0 100 0 2914 1239 80 i *>I 4.0.0.0/8 1.1.1.2 0 100 0 2914 3356 i *>I 4.17.225.0/24 1.1.1.2 0 100 0 2914 11853 11853 11853 11853 11853 *>I 4.17.226.0/23 1.1.1.2 0 100 0 2914 11853 11853 11853 11853 11853 *>I 4.17.251.0/24 1.1.1.2 0 100 0 2914 11853 11853 11853 11853 11853 *>I 4.17.252.0/23 1.1.1.2 0 100 0 2914 11853 11853 11853 11853 11853 *>I 4.19.2.0/23 1.1.1.2 0 100 0 2914 701 6167 6167 6167 i *>I 4.19.16.0/23 1.1.1.2 0 100 0 2914 701 6167 6167 6167 i *>I 4.21.80.0/22 1.1.1.2 0 100 0 2914 174 4200 16559 i *>I 4.21.82.0/24 1.1.1.2 0 100 0 2914 174 4200 16559 i *>I 4.21.252.0/23 1.1.1.2 0 100 0 2914 701 6389 8063 19198 i *>I 4.23.180.0/24 1.1.1.2 0 100 0 2914 3561 6128 30576 i *>I 4.36.200.0/21 1.1.1.2 0 100 0 2914 14742 11854 14135 i *>I 4.67.64.0/22 1.1.1.2 0 100 0 2914 11608 19281 i *>I 4.78.32.0/21 1.1.1.2 0 100 0 2914 3491 29748 i *>I 6.1.0.0/16 1.1.1.2 0 100 0 2914 701 668 i *>I 6.2.0.0/22 1.1.1.2 0 100 0 2914 701 668 i *>I 6.3.0.0/18 1.1.1.2 0 100 0 2914 701 668 i

6496 6496 6496 6496

Table 28 Command Example fields: show ip bgp regexp Field

Network Next Hop Metric LocPrf Weight Path

Description
Displays the destination network prefix of each BGP route. Displays the next hop address of the BGP router. If 0.0.0.0 is listed in this column, then non-BGP routes exist in the routers routing table. Displays the BGP routers metric, if assigned. Displays the BGP LOCAL_PREF attribute for the route. Displays the routes weight Lists all the AS paths the route passed through to reach the destination network.

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

show ip bgp summary

ces
Syntax Command Modes

Enables you to view the status of all BGP connections. show ip bgp [ipv4 unicast] summary EXEC EXEC Privilege

396

Border Gateway Protocol IPv4 (BGPv4)

show ip bgp summary Figure 136 Command Example: show ip bgp summary
Force10#show ip bgp summary BGP router identifier 120.10.10.1, local AS number 100 BGP table version is 34, main routing table version 34 9 network entrie(s) using 1372 bytes of memory 5 paths using 380 bytes of memory 4 denied paths using 164 bytes of memory BGP-RIB over all using 385 bytes of memory 2 BGP path attribute entrie(s) using 168 bytes of memory 1 BGP AS-PATH entrie(s) using 39 bytes of memory 1 BGP community entrie(s) using 43 bytes of memory 2 neighbor(s) using 7232 bytes of memory Neighbor 100.10.10.2 120.10.10.2 Force10# AS 200 300 MsgRcvd 46 40 MsgSent 41 47 TblVer 34 34 InQ 0 0 OutQ Up/Down 0 00:14:33 0 00:37:10 State/Pfx 5 0

Example

Table 29 Command Example fields: show ip bgp summary Field

BGP router identifier BGP table version network entries paths denied paths BGP path attribute entries BGP AS-PATH entries BGP community entries

Description
Displays the local router ID and the AS number. Displays the BGP table version and the main routing table version. Displays the number of network entries and route paths and the amount of memory used to process those entries. Displays the number of paths and the amount of memory used. Displays the number of denied paths and the amount of memory used. Displays the number of BGP path attributes and the amount of memory used to process them. Displays the number of BGP AS_PATH attributes processed and the amount of memory used to process them. Displays the number of BGP COMMUNITY attributes processed and the amount of memory used to process them. The show ip bgp community command provides more details on the COMMUNITY attributes. Displayed only when dampening is enabled. Displays the number of paths designated as history, dampened, or penalized. Displays the BGP neighbor address. Displays the AS number of the neighbor. Displays the number of BGP messages that neighbor received. Displays the number of BGP messages that neighbor sent. Displays the version of the BGP table that was sent to that neighbor. Displays the number of messages from that neighbor waiting to be processed. Displays the number of messages waiting to be sent to that neighbor. If a number appears in parentheses, the number represents the number of messages waiting to be sent to the peer group.

Dampening enabled Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

397

show running-config bgp Table 29 Command Example fields: show ip bgp summary Field
Up/Down

Description
Displays the amount of time that the neighbor is in the Established stage. If the neighbor has never moved into the Established stage, the word never is displayed. The output format is: Time Established----------Display Example < 1 day ----------------------- 00:12:23 (hours:minutes:seconds) < 1 week --------------------- 1d21h (DaysHours) > 1 week --------------------- 11w2d (WeeksDays) If the neighbor is in Established stage, the number of network prefixes received. If a maximum limit was configured with the neighbor maximum-prefix command, (prfxd) appears in this column. If the neighbor is not in Established stage, the current stage is displayed (Idle, Connect, Active, OpenSent, OpenConfirm) When the peer is transitioning between states and clearing the routes received, the phrase (Purging) may appear in this column. If the neighbor is disabled, the phrase (Admin shut) appears in this column.

State/Pfxrcd

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

show running-config bgp

ces
Syntax Defaults Command Modes Command History

Use this feature to display the current BGP configuration. show running-config bgp No default values or behavior EXEC Privilege
Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0 Introduced on S-Series Introduced on C-Series Introduced on E-Series

398

Border Gateway Protocol IPv4 (BGPv4)

timers bgp

timers bgp
ces
Syntax

Adjust BGP Keep Alive and Hold Time timers. timers bgp keepalive holdtime To return to the default, enter no timers bgp.

Parameters

keepalive

holdtime

Defaults Command Modes Command History

No default values or behavior ROUTER BGP

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0 Introduced on S-Series Introduced on C-Series Introduced on E-Series

MBGP Commands
Multiprotocol BGP (MBGP) is an enhanced BGP that enables multicast routing policy throughout the Internet and connecting multicast topologies between BGP and autonomous systems (AS). FTOS MBGP is implemented as per IETF RFC 1858. FTOS version 7.8.1.0 and later support MBGP for IPv6 on et and c platforms. FTOS version 7.8.1.0 and later supports MBGP for IPv4 Multicast only on the s platform. FTOS version 8.2.1.0 and later support MBGP on the E-Series ExaScale ex platform. The MBGP commands are: address family ipv4 multicast (MBGP) aggregate-address bgp dampening bgp soft-reconfig-backup clear ip bgp dampening clear ip bgp flap-statistics clear ip bgp ipv4 multicast soft debug ip bgp dampening debug ip bgp dampening Publication Date: July 20, 2011 399

Command Line Reference for FTOS version 8.4.2.4

address family ipv4 multicast (MBGP)

debug ip bgp dampening debug ip bgp peer-group updates debug ip bgp ipv4 unicast soft-reconfiguration debug ip bgp updates distance bgp neighbor activate neighbor advertisement-interval neighbor default-originate neighbor distribute-list neighbor filter-list neighbor maximum-prefix neighbor next-hop-self neighbor remove-private-as neighbor route-map neighbor route-reflector-client neighbor soft-reconfiguration inbound network redistribute redistribute ospf show ip bgp ipv4 multicast show ip bgp cluster-list show ip bgp community show ip bgp community-list show ip bgp dampened-paths show ip bgp filter-list show ip bgp flap-statistics show ip bgp inconsistent-as show ip bgp ipv4 multicast show ip bgp ipv4 multicast neighbors show ip bgp peer-group show ip bgp summary

address family ipv4 multicast (MBGP)

c et s
Syntax

This command changes the context to SAFI (Subsequent Address Family Identifier). address family ipv4 multicast To remove SAFI context, use the no address family ipv4 multicast command.

Parameters

ipv4 multicast

Enter the keyword ipv4 to specify the address family as IPV4. Enter the keyword multicast to specify multicast as SAFI.

Defaults

IPv4 Unicast

400

Border Gateway Protocol IPv4 (BGPv4)

aggregate-address

Command Modes Usage Information

ROUTER BGP (conf-router_bgp) All subsequent commands will apply to this address family once this command is executed. You can exit from this AFI/SAFI to the IPv4 Unicast (the default) family by entering exit and returning to the Router BGP context.
Version 7.8.1.0 Version 7.7.1.0 Introduced support on S-Series for MBGP IPv4 Multicast Introduced support on C-Series

Command History

aggregate-address
c et s
Syntax

Parameters

advertise-map map-name as-set

attribute-map map-name summary-only suppress-map map-name

Defaults Command Modes Usage Information

Not configured. ROUTER BGP Address Family (conf-router_bgp_af) At least one of the routes included in the aggregate address must be in the BGP routing table for the configured aggregate to become active. Do not add the as-set parameter to the aggregate. If routes within the aggregate are constantly changing, the aggregate will flap to keep track of the changes in the AS_PATH. In route maps used in the suppress-map parameter, routes meeting the deny clause are not suppress; in other words, they are allowed. The opposite is true: routes meeting the permit clause are suppressed.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

401

bgp dampening

If the route is injected via the network command, that route will still appear in the routing table if the summary-only parameter is configured in the aggregate-address command. The summary-only parameter suppresses all advertisements. If you want to suppress advertisements to only specific neighbors, use the neighbor distribute-list command.
Command History Version 7.8.1.0 Version 7.7.1.0 Introduced support on S-Series Introduced support on C-Series

bgp dampening
c et s
Syntax

Enable MBGP route dampening. bgp dampening [half-life time] [route-map map-name] To disable route dampening, use the no bgp dampening [half-life time] [route-map map-name] command.

Parameters

half-life time

(OPTIONAL) Enter the number of minutes after which the Penalty is decreased. After the router assigns a Penalty of 1024 to a route, the Penalty is decreased by half, after the half-life period expires. Range: 1 to 45. Default: 15 minutes

route-map map-name

(OPTIONAL) Enter the keyword route-map followed by the name of a configured route map. Only match commands in the configured route map are supported.

Defaults Command Modes Command History

Disabled. ROUTER BGP Address Family (conf-router_bgp_af)

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0 Introduced support on S-Series Introduced support on C-Series Introduced IPv6 MGBP support for E-Series

bgp soft-reconfig-backup
ces
Syntax

402

Border Gateway Protocol IPv4 (BGPv4)

clear ip bgp dampening

Defaults Command Modes Usage Information

Off ROUTER BGP ADDRESS FAMILY (conf-router_bgp_af) When soft-reconfiguration is enabled for a neighbor and the clear ip bgp soft in is executed, the update database stored in the router is replayed and updates are reevaluated. With this command, the replay and update process is triggered only if route-refresh request is not negotiated with the peer. If the request is indeed negotiated (upon execution of clear ip bgp soft in), then BGP sends a route-refresh request to the neighbor and receives all of the peers updates.
clear ip bgp ipv4 multicast soft in Version 8.4.1.0 Version 7.8.1.0 Version 7.7.1.0 Version 7.2.1.0 Activate inbound policies without resetting the BGP TCP session.

Related Commands Command History

Added support for IPv4 multicast and IPv6 unicast address families Introduced support on S-Series Introduced support on C-Series Introduced

clear ip bgp dampening

c et s
Syntax Parameters

Clear information on route dampening. clear ip bgp dampening ipv4 multicast network network-mask dampening network network-mask
Enter the keyword dampening to clear route flap dampening information. (OPTIONAL) Enter the network address in dotted decimal format (A.B.C.D). (OPTIONAL) Enter the network mask in slash prefix format (/x).

Command Modes Command History

EXEC Privilege
Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0 Introduced support on S-Series Introduced support on C-Series Introduced IPv6 MGBP support for E-Series

clear ip bgp flap-statistics

c et s
Syntax

Clear BGP flap statistics, which includes number of flaps and the time of the last flap. clear ip bgp ipv4 multicast flap-statistics network | filter-list list |regexp regexp

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

403

clear ip bgp ipv4 multicast soft

Parameters

Network filter-list list regexp regexp

(OPTIONAL) Enter the network address to clear flap statistics in dotted decimal format (A.B.C.D). (OPTIONAL) Enter the keyword filter-list followed by the name of a configured AS-PATH list (max 16 characters). (OPTIONAL) Enter the keyword regexp followed by regular expressions. Use one or a combination of the following: . = (period) any single character (including a white space) * = (asterisk) the sequences in a pattern (0 or more sequences) + = (plus) the sequences in a pattern (1 or more sequences) ? = (question mark) sequences in a pattern (either 0 or 1 sequences). You must enter an escape sequence (CTRL+v) prior to entering the ? regular expression. [ ] = (brackets) a range of single-character patterns. ( ) = (parenthesis) groups a series of pattern elements to a single element { } = (braces) minimum and the maximum match count ^ = (caret) the beginning of the input string. If the caret is used at the beginning of a sequence or range, it matches on everything BUT the characters specified. $ = (dollar sign) the end of the output string.

Command Modes Command History

EXEC Privilege
Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0 Introduced support on S-Series Introduced support on C-Series Introduced IPv6 MGBP support for E-Series

clear ip bgp ipv4 multicast soft

c et s
Syntax

Clear and reapply policies for IPv4 multicast routes without resetting the TCP connection; that is, perform BGP soft reconfiguration. clear ip bgp {* | as-number | ipv4-neighbor-addr | ipv6-neighbor-addr | peer-group name } ipv4 multicast soft [in | out] *
as-number Clear and reapply policies for all BGP sessions. Clear and reapply policies for all neighbors belonging to the AS. Range: 0-65535 (2-Byte) or 1-4294967295 (4-Byte) or 0.1-65535.65535 (Dotted format)

Parameters

ipv4-neighbor-addr | ipv6-neighbor-addr peer-group name ipv4 multicast

Clear and reapply policies for a neighbor. Clear and reapply policies for all BGP routers in the specified peer group. Clear and reapply policies for all IPv4 multicast routes.

404

Border Gateway Protocol IPv4 (BGPv4)

debug ip bgp dampening

in out

Reapply only inbound policies. Note: If you enter soft, without an in or out option, both inbound and outbound policies are reset. Reapply only outbound policies. Note: If you enter soft, without an in or out option, both inbound and outbound policies are reset.

Command Modes Command History

debug ip bgp dampening

c et s
Syntax

View information on routes being dampened. debug ip bgp ipv4 multicast dampening To disable debugging, enter no debug ip bgp ipv4 multicast dampening

Parameters

dampening

Enter the keyword dampening to clear route flap dampening information.

Command Modes Command History

EXEC Privilege
Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0 Introduced support on S-Series Introduced support on C-Series Introduced IPv6 MGBP support for E-Series

debug ip bgp ipv4 multicast soft-reconfiguration

ces
Syntax

Enable soft-reconfiguration debugging for IPv4 multicast routes. debug ip bgp [ipv4-address | ipv6-address | peer-group-name] ipv4 multicast soft-reconfiguration To disable debugging, use the no debug ip bgp [ipv4-address | ipv6-address | peer-group-name ] ipv4 multicast soft-reconfiguration command.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

405

debug ip bgp peer-group updates

Parameters

ipv4-address | ipv6-address peer-group-name ipv4 multicast

Defaults Command Modes Usage Information Command History

Disabled EXEC Privilege This command turns on BGP soft-reconfiguration inbound debugging for IPv4 multicast routes. If no neighbor is specified, debug is turned on for all neighbors.
Version 8.4.1.0 Version 7.8.1.0 Version 7.7.1.0 Version 7.2.1.0 Introduced support for IPv4 multicast and IPv6 unicast routes Introduced support on S-Series Introduced support on C-Series Introduced

debug ip bgp peer-group updates

c et s
View information about BGP peer-group updates. debug ip bgp peer-group peer-group-name updates [in | out] To disable debugging, enter no debug ip bgp peer-group peer-group-name updates [in | out] command.
Parameters

peer-group peer-group-name updates in out

Enter the keyword peer-group followed by the name of the peer-group. Enter the keyword updates to view BGP update information. (OPTIONAL) Enter the keyword in to view only BGP updates received from neighbors. (OPTIONAL) Enter the keyword out to view only BGP updates sent to neighbors.

Command Modes Command History

EXEC Privilege
Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0 Introduced support on S-Series Introduced support on C-Series Introduced IPv6 MGBP support for E-Series

406

Border Gateway Protocol IPv4 (BGPv4)

debug ip bgp updates

c et s
View information about BGP updates. debug ip bgp updates [in | out] To disable debugging, enter no debug ip bgp updates [in | out] command.
Parameters

updates in out

Enter the keyword updates to view BGP update information. (OPTIONAL) Enter the keyword in to view only BGP updates received from neighbors. (OPTIONAL) Enter the keyword out to view only BGP updates sent to neighbors.

Command Modes Defaults Command History

EXEC Privilege Disabled.

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0 Introduced support on S-Series Introduced support on C-Series Introduced IPv6 MGBP support for E-Series

distance bgp
c et s
Syntax

Define an administrative distance for routes. distance bgp external-distance internal-distance local-distance To return to default values, enter no distance bgp.

Parameters

external-distance

internal-distance

local-distance

Defaults Command Modes

external-distance = 20; internal-distance = 200; local-distance = 200. ROUTER BGP (conf-router_bgp_af)

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

407

neighbor activate

The higher the administrative distance assigned to a route means that your confidence in that route is low. Routes assigned an administrative distance of 255 are not installed in the routing table. Routes from confederations are treated as internal BGP routes.
Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0 Introduced support on S-Series Introduced support on C-Series Introduced IPv6 MGBP support for E-Series

Command History

neighbor activate
c et s
Syntax

This command allows the specified neighbor/peer group to be enabled for the current AFI/ SAFI. neighbor [ip-address | peer-group-name] activate To disable, use the no neighbor [ip-address | peer-group-name] activate command.

Parameters

ip-address peer-group-name activate

(OPTIONAL) Enter the IP address of the neighbor in dotted decimal format. (OPTIONAL) Enter the name of the peer group Enter the keyword activate to enable the neighbor/peer group in the new AFI/SAFI.

Defaults Command Modes Usage Information

Disabled ROUTER BGP Address Family (conf-router_bgp_af) By default, when a neighbor/peer group configuration is created in the Router BGP context, it is enabled for the IPv4/Unicast AFI/SAFI. By using activate in the new context, the neighbor/ peer group is enabled for AFI/SAFI.
address family ipv4 multicast (MBGP) Changes the context to SAFI

Related Commands Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

Introduced support on S-Series Introduced support on C-Series Introduced IPv6 MGBP support for E-Series

408

Border Gateway Protocol IPv4 (BGPv4)

neighbor advertisement-interval

neighbor advertisement-interval
c et s
Syntax

Parameters

ip-address peer-group-name seconds

Defaults Command Modes Command History

seconds = 5 seconds (internal peers); seconds = 30 seconds (external peers) ROUTER BGP Address Family (conf-router_bgp_af)
Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0 Introduced support on S-Series Introduced support on C-Series Introduced IPv6 MGBP support for E-Series

neighbor default-originate
c et s
Syntax

Parameters

ip-address peer-group-name route-map map-name

Defaults Command Modes Command History

Not configured. ROUTER BGP Address Family (conf-router_bgp_af)

Version 7.8.1.0 Introduced support on S-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

409

neighbor distribute-list

Version 7.7.1.0 Version 7.6.1.0

Introduced support on C-Series Introduced IPv6 MGBP support for E-Series

neighbor distribute-list
c et s
Syntax

Distribute BGP information via an established prefix list. neighbor [ip-address | peer-group-name] distribute-list prefix-list-name [in | out] To delete a neighbor distribution list, use the no neighbor [ip-address | peer-group-name] distribute-list prefix-list-name [in | out] command.

Parameters

ip-address peer-group-name prefix-list-name

in out
Defaults Command Modes Usage Information Related Commands

Not configured. ROUTER BGP Address Family (conf-router_bgp_af) Other BGP filtering commands include: neighbor filter-list, ip as-path access-list, and neighbor route-map.
ip as-path access-list neighbor filter-list neighbor route-map Configure IP AS-Path ACL. Assign a AS-PATH list to a neighbor or peer group. Assign a route map to a neighbor or peer group. Introduced support on S-Series Introduced support on C-Series Introduced IPv6 MGBP support for E-Series

Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

410

Border Gateway Protocol IPv4 (BGPv4)

neighbor filter-list

neighbor filter-list
c et s
Syntax

Configure a BGP filter based on the AS-PATH attribute. neighbor [ip-address | peer-group-name] filter-list aspath access-list-name [in | out] To delete a BGP filter, use the no neighbor [ip-address | peer-group-name] filter-list aspath access-list-name [in | out] command.

Parameters

ip-address peer-group-name access-list-name

Enter the IP address of the neighbor in dotted decimal format. Enter the name of the peer group to apply the filter to all routers in the peer group. Enter the name of an established AS-PATH access list (up to 140 characters). If the AS-PATH access list is not configured, the default is permit (to allow routes). Enter the keyword in to filter inbound BGP routes. Enter the keyword out to filter outbound BGP routes.

in out
Defaults Command Modes Usage Information

Not configured. ROUTER BGP Address Family (conf-router_bgp_af) Use the ip as-path access-list command syntax in the CONFIGURATION mode to enter the AS-PATH ACL mode and configure AS-PATH filters to deny or permit BGP routes based on information in their AS-PATH attribute.
ip as-path access-list Enter AS-PATH ACL mode and configure AS-PATH filters.

Related Commands Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

Introduced support on S-Series Introduced support on C-Series Introduced IPv6 MGBP support for E-Series

neighbor maximum-prefix
c et s
Syntax

Control the number of network prefixes received. neighbor ip-address | peer-group-name maximum-prefix maximum [threshold] [warning-only] To return to the default values, use the no neighbor ip-address | peer-group-name maximum-prefix maximum command.

Parameters

ip-address peer-group-name

(OPTIONAL) Enter the IP address of the neighbor in dotted decimal format. (OPTIONAL) Enter the name of the peer group.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

411

neighbor next-hop-self

maximum

Enter a number as the maximum number of prefixes allowed for this BGP router. Range: 1 to 4294967295. (OPTIONAL) Enter a number to be used as a percentage of the maximum value. When the number of prefixes reaches this percentage of the maximum value, FTOS sends a message. Range: 1 to 100 percent. Default: 75 (OPTIONAL) Enter the keyword warning-only to set the router to send a log message when the maximum value is reached. If this parameter is not set, the router stops peering when the maximum number of prefixes is reached.

threshold

warning-only

Defaults Command Modes Command History

threshold = 75 ROUTER BGP Address Family (conf-router_bgp_af)

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0 Introduced support on S-Series Introduced support on C-Series Introduced IPv6 MGBP support for E-Series

neighbor next-hop-self
c et s
Syntax

Enables you to configure the router as the next hop for a BGP neighbor. neighbor ip-address | peer-group-name next-hop-self To return to the default setting, use the no neighbor ip-address | peer-group-name next-hop-self command.

Parameters

ip-address peer-group-name

(OPTIONAL) Enter the IP address of the neighbor in dotted decimal format. (OPTIONAL) Enter the name of the peer group.

Defaults Command Modes Usage Information Command History

Disabled. ROUTER BGP Address Family (conf-router_bgp_af) If the set next-hop command in the ROUTE-MAP mode is configured, its configuration takes precedence over the neighbor next-hop-self command.
Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0 Introduced support on S-Series Introduced support on C-Series Introduced IPv6 MGBP support for E-Series

412

Border Gateway Protocol IPv4 (BGPv4)

neighbor remove-private-as

neighbor remove-private-as
c et s
Syntax

Remove private AS numbers from the AS-PATH of outgoing updates. neighbor ip-address | peer-group-name remove-private-as To return to the default, use the no neighbor ip-address | peer-group-name remove-private-as command.

Parameters

ip-address peer-group-name

(OPTIONAL) Enter the IP address of the neighbor to remove the private AS numbers. (OPTIONAL) Enter the name of the peer group to remove the private AS numbers

Defaults Command Modes Command History

Disabled (that is, private AS number are not removed). ROUTER BGP Address Family (conf-router_bgp_af)
Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0 Introduced support on S-Series Introduced support on C-Series Introduced IPv6 MGBP support for E-Series

neighbor route-map
c et s
Syntax

Apply an established route map to either incoming or outbound routes of a BGP neighbor or c peer group. neighbor [ip-address | peer-group-name] route-map map-name [in | out] To remove the route map, use the no neighbor [ip-address | peer-group-name] route-map map-name [in | out] command.

Parameters

ip-address peer-group-name map-name in out

(OPTIONAL) Enter the IP address of the neighbor in dotted decimal format. (OPTIONAL) Enter the name of the peer group. Enter the name of an established route map. If the Route map is not configured, the default is deny (to drop all routes). Enter the keyword in to filter inbound routes. Enter the keyword out to filter outbound routes.

Defaults Command Modes Usage Information

Not configured. ROUTER BGP Address Family (conf-router_bgp_af) When you apply a route map to outbound routes, only routes that match at least one section of the route map are permitted.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

413

neighbor route-reflector-client

If you identify a peer group by name, the peers in that peer group inherit the characteristics in the Route map used in this command. If you identify a peer by IP address, the Route map overwrites either the inbound or outbound policies on that peer.
Command History Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0 Introduced support on S-Series Introduced support on C-Series Introduced IPv6 MGBP support for E-Series

neighbor route-reflector-client
c et s
Syntax

Configure a neighbor as a member of a route reflector cluster. neighbor ip-address | peer-group-name route-reflector-client To indicate that the neighbor is not a route reflector client or to delete a route reflector configuration, use the no neighbor ip-address | peer-group-name route-reflector-client command.

Parameters

ip-address
peer-group-name

(OPTIONAL) Enter the IP address of the neighbor in dotted decimal format. (OPTIONAL) Enter the name of the peer group. All routers in the peer group receive routes from a route reflector.

Defaults Command Modes Usage Information

Not configured. ROUTER BGP Address Family (conf-router_bgp_af) The first time you enter this command it configures the neighbor as a route reflector and members of the route-reflector cluster. Internal BGP (IBGP) speakers do not need to be fully meshed if you configure a route reflector. When all clients of a route reflector are disabled, the neighbor is no longer a route reflector.

Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

Introduced support on S-Series Introduced support on C-Series Introduced IPv6 MGBP support for E-Series

neighbor soft-reconfiguration inbound

ces
Syntax

Enable a BGP soft-reconfiguration and start storing updates for inbound IPv4 multicast routes. neighbor {ipv4-address | ipv6-address | peer-group-name} soft-reconfiguration inbound

414

Border Gateway Protocol IPv4 (BGPv4)

network

Parameters

ipv4-address | ipv6-address peer-group-name

Enter the IP address of the neighbor for which you want to start storing inbound routing updates. Enter the name of the peer group for which you want to start storing inbound routing updates.

Defaults Command Modes Usage Information

Disabled ROUTER BGP ADDRESS FAMILY (conf-router_bgp_af) This command enables soft-reconfiguration for the specified BGP neighbor. BGP will store all updates for inbound IPv4 multicast routes received by the neighbor but will not reset the peer-session.

Caution: Inbound update storage is a memory-intensive operation. The entire BGP

update database from the neighbor is stored in memory regardless of the inbound policy results applied on the neighbor.
Related Commands Command History

show ip bgp neighbors

Display routes received on a neighbor

Version 8.4.1.0 Version 7.8.1.0 Version 7.7.1.0 Version 7.4.1.0

Added support for IPv4 multicast and IPv4 unicast address families Introduced support on S-Series Introduced support on C-Series Introduced

network
c et s
Syntax

Parameters

ip-address

Enter an IP address in dotted decimal format of the network.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

415

redistribute

mask route-map map-name

Enter the mask of the IP address in the slash prefix length format (for example, /24). The mask appears in command outputs in dotted decimal format (A.B.C.D). (OPTIONAL) Enter the keyword route-map followed by the name of an established route map. Only the following ROUTE-MAP mode commands are supported: match ip address set community set local-preference set metric set next-hop set origin set weight If the route map is not configured, the default is deny (to drop all routes).

Defaults Command Modes Usage Information

Not configured. ROUTER BGP Address Family (conf-router_bgp_af)

FTOS resolves the network address configured by the network command with the routes in

the main routing table to ensure that the networks are reachable via non-BGP routes and non-default routes.
redistribute Redistribute routes into BGP.

Related Commands Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

Introduced support on S-Series Introduced support on C-Series Introduced IPv6 MGBP support for E-Series

redistribute
c et s
Syntax

Redistribute routes into BGP. redistribute [connected | static] [route-map map-name] To disable redistribution, use the no redistribution [connected | static] [route-map map-name] command.

Parameters

connected

Enter the keyword connected to redistribute routes from physically connected interfaces.

416

Border Gateway Protocol IPv4 (BGPv4)

redistribute ospf

static route-map map-name

Enter the keyword static to redistribute manually configured routes. These routes are treated as incomplete routes. (OPTIONAL) Enter the keyword route-map followed by the name of an established route map. Only the following ROUTE-MAP mode commands are supported: match ip address set community set local-preference set metric set next-hop set origin set weight If the route map is not configured, the default is deny (to drop all routes).

Defaults Command Modes Usage Information

Not configured. ROUTER BGP Address Family (conf-router_bgp_af) If you do not configure default-metric command, in addition to the redistribute command, or there is no route map to set the metric, the metric for redistributed static and connected is 0. To redistribute the default route (0.0.0.0/0) configure the neighbor default-originate command.

Related Commands Command History

neighbor default-originate

Inject the default route.

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

Introduced support on S-Series Introduced support on C-Series Introduced IPv6 MGBP support for E-Series

redistribute ospf
c et s
Syntax

Parameters

process-id match external {1 | 2} match internal route-map map-name

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

417

show ip bgp cluster-list

Defaults Command Modes Usage Information

Not configured. ROUTER BGP Address Family (conf-router_bgp_af) When you enter redistribute ospf process-id command without any other parameters, FTOS redistributes all OSPF internal routes, external type 1 routes, and external type 2 routes. This feature is not supported by an RFC.

Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

Introduced support on S-Series Introduced support on C-Series Introduced IPv6 MGBP support for E-Series

show ip bgp cluster-list

c et s
Syntax Parameters

View BGP neighbors in a specific cluster. show ip bgp ipv4 multicast cluster-list [cluster-id] cluster-id EXEC EXEC Privilege
(OPTIONAL) Enter the cluster id in dotted decimal format.

Command Modes

Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

Introduced support on S-Series Introduced support on C-Series Introduced IPv6 MGBP support for E-Series

show ip bgp community

ces
Syntax

View information on all routes with Community attributes or view specific BGP community groups. show ip bgp ipv4 multicast community [community-number] [local-as] [no-export] [no-advertise] community-number
Enter the community number in AA:NN format where AA is the AS number (2 bytes) and NN is a value specific to that autonomous system. You can specify up to eight community numbers to view information on those community groups. Enter the keywords local-AS to view all routes with the COMMUNITY attribute of NO_EXPORT_SUBCONFED. All routes with the NO_EXPORT_SUBCONFED (0xFFFFFF03) community attribute must not be advertised to external BGP peers.

Parameters

local-AS

418

Border Gateway Protocol IPv4 (BGPv4)

show ip bgp community-list

no-advertise

Enter the keywords no-advertise to view all routes containing the well-known community attribute of NO_ADVERTISE. All routes with the NO_ADVERTISE (0xFFFFFF02) community attribute must not be advertised to other BGP peers. Enter the keywords no-export to view all routes containing the well-known community attribute of NO_EXPORT. All routes with the NO_EXPORT (0xFFFFFF01) community attribute must not be advertised outside a BGP confederation boundary.

no-export

Command Modes

EXEC EXEC Privilege

Usage Information

Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

Introduced support on S-Series Introduced support on C-Series Introduced IPv6 MGBP support for E-Series

show ip bgp community-list

c et s
Syntax Parameters

View routes that are affected by a specific community list. show ip bgp ipv4 multicast community-list community-list-name community-list-name EXEC EXEC Privilege
Enter the name of a configured IP community list.

Command Modes

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

419

show ip bgp dampened-paths

c et s
Syntax Command Modes

View BGP routes that are dampened (non-active). show ip bgp ipv4 multicast dampened-paths EXEC EXEC Privilege

Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

Introduced support on S-Series Introduced support on C-Series Introduced IPv6 MGBP support for E-Series

show ip bgp filter-list

c et s
Syntax Parameters

View the routes that match the filter lists. show ip bgp ipv4 multicast filter-list as-path-name as-path-name EXEC EXEC Privilege
Enter the name of an AS-PATH.

Command Modes

Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

Introduced support on S-Series Introduced support on C-Series Introduced IPv6 MGBP support for E-Series

show ip bgp flap-statistics

c et s
Syntax

View flap statistics on BGP routes. show ip bgp ipv4 multicast flap-statistics [ip-address [mask]] [filter-list as-path-name] [regexp regular-expression] ip-address mask
(OPTIONAL) Enter the IP address (in dotted decimal format) of the BGP network to view information only on that network. (OPTIONAL) Enter the network mask (in slash prefix (/x) format) of the BGP network address.

Parameters

420

Border Gateway Protocol IPv4 (BGPv4)

show ip bgp inconsistent-as

filter-list as-path-name regexp regular-expression

(OPTIONAL) Enter the keyword filter-list followed by the name of a configured AS-PATH ACL. Enter a regular expression then use one or a combination of the following characters to match: . = (period) any single character (including a white space) * = (asterisk) the sequences in a pattern (0 or more sequences) + = (plus) the sequences in a pattern (1 or more sequences) ? = (question mark) sequences in a pattern (either 0 or 1 sequences). You must enter an escape sequence (CTRL+v) prior to entering the ? regular expression. [ ] = (brackets) a range of single-character patterns. ( ) = (parenthesis) groups a series of pattern elements to a single element { } = (braces) minimum and the maximum match count ^ = (caret) the beginning of the input string. If the caret is used at the beginning of a sequence or range, it matches on everything BUT the characters specified. $ = (dollar sign) the end of the output string.

Command Modes

EXEC EXEC Privilege

Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

Introduced support on S-Series Introduced support on C-Series Introduced IPv6 MGBP support for E-Series

show ip bgp inconsistent-as

c et s
Syntax Command Modes

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced support on S-Series Introduced support on C-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

421

show ip bgp ipv4 multicast

c et s
Syntax Parameters

View the current MBGP routing table for the system. show ip bgp ipv4 multicast [detail | network [network-mask] [length]] detail network network-mask longer-prefixes
(OPTIONAL) Enter the keyword detail to display BGP internal information for the IPv4 Multicast address family. (OPTIONAL) Enter the network address (in dotted decimal format) of the BGP network to view information only on that network. (OPTIONAL) Enter the network mask (in slash prefix format) of the BGP network address. (OPTIONAL) Enter the keyword longer-prefixes to view all routes with a common prefix.

Command Modes

EXEC EXEC Privilege

Example

Figure 137 show ip bgp Command Example

Force10#show ip bgp ipv4 multicast BGP table version is 14, local router ID is 100.10.10.1 Status codes: s suppressed, S stale, d damped, h history, * valid, > best Path source: I - internal, a - aggregate, c - confed-external, r - redistributed, n - network Origin codes: i - IGP, e - EGP, ? - incomplete Network *>I 25.1.0.0/16 *>I 25.2.0.0/16 *>I 25.3.0.0/16 *>r 144.1.0.0/16 *>r 144.2.0.0/16 *>r 144.3.0.0/16 *>n 145.1.0.0/16 Force10# Next Hop 25.25.25.25 25.25.25.26 211.1.1.165 0.0.0.0 100.10.10.10 211.1.1.135 0.0.0.0 Metric 0 0 0 0 0 0 0 LocPrf Weight Path 100 0 i 100 0 ? 100 0 ? 32768 ? 32768 ? 32768 ? 32768 i

Table 30 show ip bgp Command Example Fields Field

Network Next Hop

Metric LocPrf Weight Path

Related Commands

show ip bgp community

View BGP communities.

422

Border Gateway Protocol IPv4 (BGPv4)

show ip bgp ipv4 multicast neighbors

Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0 Version 7.8.1.0

Introduced support on S-Series Introduced support on C-Series Introduced IPv6 MGBP support for E-Series Introduced support on S-Series

show ip bgp ipv4 multicast neighbors

c et s
Syntax

Displays information on IPv4 multicast routes exchanged by BGP neighbors. show ip bgp ipv4 multicast neighbors [ipv4-neighbor-addr | ipv6-neighbor-addr] [advertised-routes | dampened-routes | detail | flap-statistics | routes | received-routes [network [network-mask]] | denied-routes [network [network-mask]]]
ipv4 multicast Enter the ipv4 multicast keywords to view information only related to IPv4 multicast routes. (OPTIONAL) Enter the IP address of the neighbor to view only BGP route information exchanged with that neighbor. (OPTIONAL) Enter the keywords advertised-routes to view only the routes the neighbor sent. (OPTIONAL) Enter the keyword dampened-routes to view information on dampened routes from the BGP neighbor. (OPTIONAL) Enter the keyword detail to view neighbor-specific internal information for the IPv4 Unicast address family. (OPTIONAL) Enter the keyword flap-statistics to view flap statistics on the neighbors routes. (OPTIONAL) Enter the keywords routes to view only the neighbors feasible routes. (OPTIONAL) Enter the keywords received-routes followed by either the network address (in dotted decimal format) or the network mask (in slash prefix format) to view all information received from neighbors. Note: neighbor soft-reconfiguration inbound must be configured prior to viewing all the information received from the neighbors. (OPTIONAL) Enter the keywords denied-routes followed by either the network address (in dotted decimal format) or the network mask (in slash prefix format) to view all information on routes denied via neighbor inbound filters.

Parameters

ipv4-neighbor-addr | ipv6-neighbor-addr advertised-routes dampened-routes detail flap-statistics routes received-routes [network [network-mask] denied-routes [network [network-mask]
Command Modes

EXEC EXEC Privilege

Command History

Version 8.4.1.0 Version 7.8.1.0 Version 7.7.1.0 Version 7.5.1.0

Added support for the display of configured IPv4 multicast address families Introduced support on S-Series Introduced support on C-Series Added detail option and output now displays default MED value

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

423

show ip bgp ipv4 multicast neighbors

Version 7.2.1.0 Version 6.3.10 Example 1

Added received and denied route options The output is changed to display the total number of advertised prefixes

Figure 138 Command Example: show ip bgp ipv4 multicast neighbors

Force10#show ip bgp ipv4 multicast neighbors BGP neighbor is 25.25.25.25, remote AS 6400, internal link BGP version 4, remote router ID 25.25.25.25 BGP state ESTABLISHED, in this state for 00:02:18 Last read 00:00:16, hold time is 180, keepalive interval is 60 seconds Received 1404 messages, 0 in queue 3 opens, 1 notifications, 1394 updates 6 keepalives, 0 route refresh requests Sent 48 messages, 0 in queue 3 opens, 2 notifications, 0 updates 43 keepalives, 0 route refresh requests Minimum time between advertisement runs is 5 seconds Minimum time before advertisements start is 0 seconds Capabilities received from neighbor for IPv4 unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Multicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Update source set to Loopback 0 For address family: IPv4 Multicast BGP table version 14, neighbor version 14 3 accepted prefixes consume 12 bytes Prefixes accepted 1 (consume 4 bytes), withdrawn 0 by peer Prefixes advertised 0, rejected 0, withdrawn 0 from peer Connections established 2; dropped 1 Last reset 00:03:17, due to user reset Notification History 'Connection Reset' Sent : 1 Recv: 0 Local host: 100.10.10.1, Local port: 179 Foreign host: 25.25.25.25, Foreign port: 2290 BGP neighbor is 211.1.1.129, remote AS 640, external link BGP version 4, remote router ID 0.0.0.0 BGP state ACTIVE, in this state for 00:00:36 Last read 00:00:41, hold time is 180, keepalive interval is 60 seconds Received 28 messages, 0 notifications, 0 in queue Sent 6 messages, 3 notifications, 0 in queue Received 18 updates, Sent 6 updates Route refresh request: received 0, sent 0 Minimum time between advertisement runs is 30 seconds For address family: IPv4 Multicast BGP table version 14, neighbor version 0 0 accepted prefixes consume 0 bytes Prefix advertised 0, rejected 0, withdrawn 0 Connections established 3; dropped 3 Last reset 00:00:37, due to user reset Notification History 'Connection Reset' Sent : 3 Recv: 0

424

Border Gateway Protocol IPv4 (BGPv4)

show ip bgp ipv4 multicast neighbors

Table 31 Command Example fields: show ip bgp ipv4 multicast neighbors Lines beginning with
BGP neighbor

BGP version BGP state Last read

Received messages

This line displays the number of BGP messages received, the number of notifications (error messages) and the number of messages waiting in a queue for processing. The line displays the number of BGP messages sent, the number of notifications (error messages) and the number of messages waiting in a queue for processing. This line displays the number of BGP updates received and sent. This line indicates that soft reconfiguration inbound is configured. Displays the minimum time, in seconds, between advertisements. Displays the policy commands configured and the names of the Route map, AS-PATH ACL or Prefix list configured for the policy. Displays IPv4 Multicast as the address family. Displays the which version of the primary BGP routing table the router and the neighbor are using. Displays the number of network prefixes accepted by the router and the amount of memory used to process those prefixes. Displays the number of network prefixes advertised, the number rejected and the number withdrawn from the BGP routing table. Displays the number of TCP connections established and dropped between the two peers to exchange BGP information. Displays the amount of time since the peering session was last reset. Also states if the peer resets the peering session. If the peering session was never reset, the word never is displayed.

Sent messages

Received updates Soft reconfiguration Minimum time (List of inbound and outbound policies) For address family: BGP table version Prefixes accepted Prefixes advertised

Connections established Last reset

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

425

show ip bgp peer-group Table 31 Command Example fields: show ip bgp ipv4 multicast neighbors Lines beginning with
Local host: Foreign host:

Description
Displays the peering address of the local router and the TCP port number. Displays the peering address of the neighbor and the TCP port number.

Related Commands

show ip bgp

View the current BGP routing table.

show ip bgp peer-group

c et s
Syntax Parameters

Enables you to view information on the BGP peers in a peer group. show ip bgp ipv4 multicast peer-group [peer-group-name [detail | summary]] peer-group-name detail summary
(OPTIONAL) Enter the name of a peer group to view information about that peer group only. (OPTIONAL) Enter the keyword detail to view detailed status information of the peers in that peer group. (OPTIONAL) Enter the keyword summary to view status information of the peers in that peer group. The output is the same as that found in show ip bgp summary command

Command Modes

EXEC EXEC Privilege

Related Commands

neighbor peer-group (assigning peers) neighbor peer-group (creating group) show ip bgp peer-group

Assign peer to a peer-group. Create a peer group. View information on the BGP peers in a peer group.

Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0 Version 7.5.1.0

Introduced support on S-Series Introduced support on C-Series Introduced IPv6 MGBP support for E-Series Modified: added detail option

show ip bgp summary

c et s
Syntax

Enables you to view the status of all BGP connections. show ip bgp ipv4 multicast summary Border Gateway Protocol IPv4 (BGPv4)

426

show ip bgp summary

Command Modes

EXEC EXEC Privilege

Example

Figure 139 Command Example: show ip bgp ipv4 multicast summary

Force10#sho ip bgp ipv4 multicast summary BGP router identifier 100.10.10.1, local AS number 6400 BGP table version is 14, main routing table version 14 7 network entrie(s) and 7 paths using 972 bytes of memory 2 BGP path attribute entrie(s) using 112 bytes of memory 1 BGP AS-PATH entrie(s) using 35 bytes of memory Neighbor 25.25.25.25 211.1.1.129 Force10# AS 6400 640 MsgRcvd 21 28 MsgSent 9 6 TblVer 14 0 InQ 0 0 OutQ Up/Down State/Pfx 3

0 00:02:04 0 00:00:21 Active

Table 32 Command Example fields: show ip bgp ipv4 multicast summary Field
BGP router identifier BGP table version network entries BGP path attribute entries BGP AS-PATH entries BGP community entries

Description
Displays the local router ID and the AS number. Displays the BGP table version and the main routing table version. Displays the number of network entries and route paths and the amount of memory used to process those entries. Displays the number of BGP path attributes and the amount of memory used to process them. Displays the number of BGP AS_PATH attributes processed and the amount of memory used to process them. Displays the number of BGP COMMUNITY attributes processed and the amount of memory used to process them. The show ip bgp community command provides more details on the COMMUNITY attributes. Displayed only when dampening is enabled. Displays the number of paths designated as history, dampened, or penalized. Displays the BGP neighbor address. Displays the AS number of the neighbor. Displays the number of BGP messages that neighbor received. Displays the number of BGP messages that neighbor sent. Displays the version of the BGP table that was sent to that neighbor. Displays the number of messages from that neighbor waiting to be processed. Displays the number of messages waiting to be sent to that neighbor. If a number appears in parentheses, the number represents the number of messages waiting to be sent to the peer group.

Dampening enabled Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

427

show ip bgp summary Table 32 Command Example fields: show ip bgp ipv4 multicast summary Field
Up/Down

Description
Displays the amount of time (in hours:minutes:seconds) that the neighbor is in the Established stage. If the neighbor has never moved into the Established stage, the word never is displayed. If the neighbor is in Established stage, the number of network prefixes received. If a maximum limit was configured with the neighbor maximum-prefix command, (prfxd) appears in this column. If the neighbor is not in Established stage, the current stage is displayed (Idle, Connect, Active, OpenSent, OpenConfirm) When the peer is transitioning between states and clearing the routes received, the phrase (Purging) may appear in this column. If the neighbor is disabled, the phrase (Admin shut) appears in this column.

State/Pfx

Command History

Version 8.4.1.0 Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

Added support for the display of configured IPv4 multicast address families Introduced support on S-Series Introduced support on C-Series Introduced IPv6 MGBP support for E-Series

BGP Extended Communities (RFC 4360)

BGP Extended Communities, as defined in RFC 4360, is an optional transitive BGP attribute. It provides two major advantages over Standard Communities: The range is extended from 4-octet (AA:NN) to 8-octet (Type:Value) to provide enough number communities. Communities are structured using a new Type field (1 or 2-octets), allowing you to provide granular control/filter routing information based on the type of extended communities.

The BGP Extended Community commands are: deny deny regex description ip extcommunity-list match extcommunity permit permit regex set extcommunity rt set extcommunity soo show ip bgp ipv4 extcommunity-list show ip bgp paths extcommunity show ip extcommunity-list

428

Border Gateway Protocol IPv4 (BGPv4)

deny

show running-config extcommunity-list

deny
ces
Syntax

Use this feature to reject (deny) from the two types of extended communities, Route Origin (rt) or Site-of-Origin (soo). deny {rt | soo} {as4 ASN4:NN | ASN:NNNN | IPADDR:NN } To remove (delete) the rule, use the no deny {rt | soo} {as4 ASN4:NN | ASN:NNNN | IPADDR:NN} command.

Parameters

rt soo as4 ASN4:NN

Enter the keyword rt to designate a Route Origin community Enter the keyword soo to designate a Site-of-Origin community (also known as Route Origin). Enter the keyword as4 followed by the 4-octet AS specific extended community number in the format ASN4:NN (4-byte AS number:2-byte community value). Enter the 2-octet AS specific extended community number in the format ASN:NNNN (2-byte AS number:4-byte community value). Enter the IP address specific extended community in the format IPADDR:NN (4-byte IPv4 Unicast Address:2-byte community value)

ASN:NNNN IPADDR:NN

Defaults Command Modes Related Commands

Not configured CONFIGURATION (conf-ext-community-list)

permit show ip extcommunity-list Configure to add (permit) rules Display the Extended Community list Introduced on S-Series Introduced on C-Series Introduced on E-Series

Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

deny regex
ces
Syntax

This features enables you to specify an extended communities to reject (deny) using a regular expressions (regex). deny regex {regex} To remove, use the no deny regex {regex} command.

Parameters

regex

Enter a regular expression.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

429

description

Defaults Command Modes Usage Information Example

Not configured CONFIGURATION (conf-ext-community-list) Duplicate commands are silently accepted. Figure 140 Commands Example: deny regexp
Force10(conf-ext-community-list)#deny regexp 123 Force10(conf-ext-community-list)#

Related Commands Command History

permit regex

Permit a community using a regular expression

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

Introduced on S-Series Introduced on C-Series Introduced on E-Series

description
ces
Syntax

Use this feature to designate a meaningful description to the extended community. description {line} To remove the description, use the no description {line} command.

Parameters

line Not configured

Enter a description (maximum 80 characters).

Defaults Command Modes Command History

CONFIGURATION (conf-ext-community-list)
Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0 Introduced on S-Series Introduced on C-Series Introduced on E-Series

ip extcommunity-list
ces
Syntax

Use this feature to enter the Extended Community-list mode. ip extcommunity-list word To exit from this mode, use the exit command.

430

Border Gateway Protocol IPv4 (BGPv4)

match extcommunity

Parameters

word

Enter a community list name (maximum 16 characters).

Defaults Command Modes Usage Information Example

No defaults values or behavior CONFIGURATION (conf-ext-community-list) This new mode will change the prompt. See the example below. Figure 141 Command Example: ip extcommunity-list
Force10(conf)#ip extcommunity-list test Force10(conf-ext-community-list)#

Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

Introduced on S-Series Introduced on C-Series Introduced on E-Series

match extcommunity
ces
Syntax

Use this feature to match an extended community in the Route Map mode. match extcommunity {extended community list name} To change the match, use the no match extcommunity {extended community list name} command.

Parameters

extended community list name No defaults values or behavior ROUTE MAP (config-route-map)

Enter the name of the extended community list.

Defaults Command Modes Usage Information Example

Like standard communities, extended communities can be used in route-map to match the attribute. Figure 142 Command Example: match extcommunity
Force10(config-route-map)#match extcommunity Freedombird Force10(config-route-map)#

Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

Introduced on S-Series Introduced on C-Series Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

431

permit

permit
ces
Syntax

Use this feature to add rules (permit) from the two types of extended communities, Route Origin (rt) or Site-of-Origin (soo). permit {rt | soo} {as4 ASN4:NN | ASN:NNNN | IPADDR:NN} To change the rules, use the no permit {rt | soo} {as4 ASN4:NN | ASN:NNNN | IPADDR:NN} command.

Parameters

rt soo as4 ASN4:NN

ASN:NNNN IPADDR:NN

Defaults Command Modes Related Commands

Not Configured CONFIGURATION (conf-ext-community-list)

deny show ip extcommunity-list Configure to delete (deny) rules Display the Extended Community list Introduced on S-Series Introduced on C-Series Introduced on E-Series

Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

permit regex
ces
Syntax

This features enables you specify an extended communities to forward (permit) using a regular expressions (regex). permit regex {regex} To remove, use the no permit regex {regex} command.

Parameters

regex Not configured

Enter a regular expression.

Defaults Command Modes

CONFIGURATION (conf-ext-community-list)

432

Border Gateway Protocol IPv4 (BGPv4)

set extcommunity rt

Usage Information Example

Duplicate commands are silently accepted. Figure 143 Command Example: permit regexp
Force10(conf-ext-community-list)#permit regexp 123 Force10(conf-ext-community-list)#

Related Commands Command History

deny regex

Deny a community using a regular expression

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

Introduced on S-Series Introduced on C-Series Introduced on E-Series

set extcommunity rt
ces
Syntax

Use this feature to set Route Origin community attributes in Route Map. set extcommunity rt {as4 ASN4:NN [non-trans] | ASN:NNNN [non-trans] | IPADDR:NN [non-trans]} [additive] To delete the Route Origin community, use the no set extcommunity command.

Parameters

as4 ASN4:NN

Enter the keyword as4 followed by the 4-octet AS specific extended community number in the format ASN4:NN (4-byte AS number:2-byte community value). Enter the 2-octet AS specific extended community number in the format ASN:NNNN (2-byte AS number:4-byte community value). Enter the IP address specific extended community in the format IPADDR:NN (4-byte IPv4 Unicast Address:2-byte community value) (OPTIONAL) Enter the keyword additive to add to the existing extended community. (OPTIONAL) Enter the keyword non-trans to indicate a non-transitive BGP extended community.

ASN:NNNN IPADDR:NN additive non-trans

Defaults Command Modes Usage Information

No default values or behavior ROUTE MAP (config-route-map) If the set community rt and soo are in the same route-map entry, we can define the behavior as: If rt option comes before soo, with or without additive option, then soo overrides the communities set by rt If rt options comes after soo, without the additive option, then rt overrides the communities set by soo If rt with additive option comes after soo, then rt adds the communities set by soo

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

433

set extcommunity soo

Related Commands Command History

set extcommunity soo

Set extended community site-of-origin in route-map.

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

Introduced on S-Series Introduced on C-Series Introduced on E-Series

set extcommunity soo

ces
Syntax

Use this feature to set extended community site-of-origin in Route Map. set extcommunity soo {as4 ASN4:NN | ASN:NNNN | IPADDR:NN [non-trans]} To delete the site-of-origin community, use the no set extcommunity command.

Parameters

as4 ASN4:NN

Enter the keyword as4 followed by the 4-octet AS specific extended community number in the format ASN4:NN (4-byte AS number:2-byte community value). Enter the 2-octet AS specific extended community number in the format ASN:NNNN (2-byte AS number:4-byte community value). Enter the IP address specific extended community in the format IPADDR:NN (4-byte IPv4 Unicast Address:2-byte community value) (OPTIONAL) Enter the keyword non-trans to indicate a non-transitive BGP extended community.

ASN:NNNN IPADDR:NN non-trans

Defaults Command Modes Usage Information

No default behavior or values ROUTE MAP (config-route-map) If the set community rt and soo are in the same route-map entry, we can define the behavior as: If rt option comes before soo, with or without additive option, then soo overrides the communities set by rt If rt options comes after soo, without the additive option, then rt overrides the communities set by soo If rt with additive option comes after soo, then rt adds the communities set by soo
set extcommunity rt Set extended community route origins via the route-map

Related Commands Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

Introduced on S-Series Introduced on C-Series Introduced on E-Series

434

Border Gateway Protocol IPv4 (BGPv4)

show ip bgp ipv4 extcommunity-list

ces
Syntax Parameters

Use this feature to display IPv4 routes matching the extended community list name. show ip bgp [ipv4 [multicast | unicast] | ipv6 unicast] extcommunity-list name multicast unicast ipv6 unicast name
Enter the keyword multicast to display the multicast route information. Enter the keyword unicast to display the unicast route information. Enter the keywords ipv6 unicast to display the IPv6 unicast route information. (OPTIONALLY) Enter the name of the extcommunity-list.

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Usage Information

If there is a type or sub-type that is not well-known, it will be displayed as:

TTSS:XX:YYYY
Where TT is type, SS is sub-type displayed in hexadecimal format, XX:YYYY is the value divided into 2-byte and 4-byte values in decimal format. This format is consistent with other vendors. For example, if the extended community has type 0x04, sub-type 0x05, value 0x20 00 00 00 10 00, it will be displayed as:

0x0405:8192:4096
Non-transitive extended communities are marked with an asterisk, as shown in the figure below.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

435

show ip bgp paths extcommunity Figure 144 Command Example: show ip bgp ipv4 multicast extcommunity-list
Force10#show ip bgp ipv4 multicast extcommunity-list BGP routing table entry for 192.168.1.0/24, version 2 Paths: (1 available, table Default-IP-Routing-Table.) Not advertised to any peer Received from : 100.100.1.2 (2.4.0.1) Best AS_PATH : 200 Next-Hop : 100.100.1.2, Cost : 0 Origin IGP, Metric 4294967295 (Default), LocalPref external Communities : 300:400 500:600 Extended Communities : RT:1111:4278080 SoO:35:4 SoO:38:50529045 SoO:0.0.0.2:33 Force10# SoO:36:50529043 SoO:506.62106:34

Example

100, Weight

SoO:37:50529044 0x0303:254:11223*

Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

Introduced on S-Series Introduced on C-Series Introduced on E-Series

show ip bgp paths extcommunity

ces
Syntax Command Modes

Use this feature to display all BGP paths having extended community attributes. show ip bgp paths extcommunity EXEC EXEC Privilege

Example

Figure 145 Command Example: show ip bgp paths community (Partial)

Force10#show ip bgp paths extcommunity Total 1 Extended Communities Address 0x41d57024 Force10# Hash 12272 Refcount 1 Extended Community RT:7:200 SoO:5:300 SoO:0.0.0.3:1285

Table 33 Command Example fields: show ip bgp paths community Field

Address Hash Refcount Community

Description
Displays the internal address where the path attribute is stored. Displays the hash bucket where the path attribute is stored. Displays the number of BGP routes using these extended communities. Displays the extended community attributes in this BGP path.

436

Border Gateway Protocol IPv4 (BGPv4)

show ip extcommunity-list

Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

Introduced on S-Series Introduced on C-Series Introduced on E-Series

show ip extcommunity-list
ces
Syntax Parameters

Display the IP extended community list. show ip extcommunity-list [word] word Defaults. EXEC EXEC Privilege
Enter the name of the extended community list you want to view.

Defaults Command Modes

Example

Figure 146 Command Example: show ip extcommunity-list

Force10#show ip extcommunity-list test ip extcommunity-list test deny RT:1234:12 permit regexp 123 deny regexp 234 deny regexp 123 Force10#

Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

Introduced on S-Series Introduced on C-Series Introduced on E-Series

show running-config extcommunity-list

ces
Syntax Parameters

Use this feature to display the current configuration of the extended community lists. show running-config extcommunity-list [word] word
Enter the name of the extended community list you want to view.

Defaults Command Modes

No default values or behavior EXEC Privilege

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

437

show running-config extcommunity-list Figure 147 Command Example: show running-config extcommunity-list
Force10#show running-config extcommunity-list test ip extcommunity-list test permit rt 65033:200 deny soo 101.11.11.2:23 permit rt as4 110212:340 deny regex ^(65001_)$ Force10#

Example

Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

Introduced on S-Series Introduced on C-Series Introduced on E-Series

438

Border Gateway Protocol IPv4 (BGPv4)

Chapter 12

Content Addressable Memory (CAM) for ExaScale

Overview
This chapter discusses CAM commands for the E-Series ExaScale e xplatform. Refer to Chapter 13, Content Addressable Memory (CAM) for information on the commands for the E-Series TeraScale platform

Commands
This chapter includes the following commands: cam-profile template [10M-CAM] enable flow layer-2 layer-3 microcode show cam-profile test cam-profile

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

439

Important Points to Remember

The Default CAM-profile is supported on E-Series ExaScale with FTOS version 8.1.1.0 and later. The recommended, pre-defined CAM-profile templates are supported on E-Series ExaScale with FTOS version 8.2.1.0 and later. The CAM-profile template is applied to entire system. You must save the running-configuration to enable the change. Saving the running-configuration also ensures that the CAM-profile selected remains in the case of a reboot. All components in the chassis must have the same CAM-profile and microcode. The profile and microcode loaded on the primary RPM determines the profile that is required on all other chassis components. If a newly installed line card has a profile different from the primary RPM, the card reboots so that it can load the proper profile. If the standby RPM has a profile different from the primary RPM, the RPM reboots so that it can load the proper profile. Enabling a CAM-profile immediately replaces the existing CAM-profile. You will be prompted to save the running-configuration and reload the system to implement the new CAM-profile.

The CAM-profile commands are:

440

Content Addressable Memory (CAM) for ExaScale

cam-profile template [10M-CAM]

ex
Syntax Parameters

Select a pre-defined CAM-profile template or create a new CAM-profile template. cam-profile template {10M-CAM} template
Choose one of the following CAM profiles:

10M L2 to support IPv4 Layer 2 switching on line cards with 10M

CAM.

10M L2 IPv6 Switching to support IPv6 Layer 2 switching on line

cards with 10M CAM.

40M L2 IPv6-IPv4 to support IPv4 and IPv6 Layer 2 routing on line cards with 40M CAM. 40M L2 IPv4Only to support IPv4 Layer 2 routing on line cards with 40M CAM. VRF to support Virtual Routing and Forwarding (VRF). MAX-IPv4-FIB to allocate the maximum space supported for IPv4 FIB support. Enter a 16 character string used as a template name to create a new template.

Defaults Command Modes Command History Usage Information

Default CONFIGURATION
Version 8.2.1.0 Introduced on E-Series ExaScale

CAM profile changes take effect after the next chassis reboot. CAM-profile template region allocations are not automatically configured when you select a template. Us e the allocations shown in the Content Addressable Memory for ExaScale chapter in the FTOS Configuration Guide for detailed values supported in each CAM/SRAM region.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

441

enable

enable
ex
Syntax Defaults Command Modes Command History Usage Information

Enable CAM-profile template. enable cam-profile default microcode default CONFIGURATION-CAM-profile-template

Version 8.2.1.0 Introduced on E-Series ExaScale

You must save the running configuration using the command copy running-config startup-config after changing the CAM-profile. CAM-profile template changes take effect after the next chassis reboot.

flow
ex
Syntax Defaults Command Modes Command History Usage Information

Configure the Flow region for a CAM-profile template flow [ipv4 | ipv6] multicast-fib {value} pbr {value} qos {value} system-flow {value} None CONFIGURATION-CAM-profile-template
Version 8.2.1.0 Introduced on E-Series ExaScale

You do not need to enter every parameter for a region. You can enter only the ones you need. User configured CAM-profiles are automatically validated. Refer to Chapter 11, Content Addressable Memory for ExaScale in the FTOS Configuration Guide for detailed values supported in each CAM/SRAM region.

442

Content Addressable Memory (CAM) for ExaScale

layer-2

layer-2
ex
Syntax

Configure the Layer 2 region for a CAM-profile template layer-2 eg-acl {value} fib {value} frrp {value} ing-acl {value} learn {value} l2pt {value} qos {value} system-flow {value} None CONFIGURATION-CAM-profile-template
Version 8.2.1.0 Introduced on E-Series ExaScale

Defaults Command Modes Command History Usage Information

layer-3
ex
Syntax Defaults Command Modes Command History Usage Information

Configure the Layer 3 region for a CAM-profile template layer-3 [ipv4 | ipv6] eg-acl {value} fib {value} ing-acl {value} None CONFIGURATION-CAM-profile-template
Version 8.2.1.0 Introduced on E-Series ExaScale

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

443

microcode

microcode
ex
Syntax Parameters

Assign the microcode to the created CAM-profile template microcode {default | ipv6-switched | lag-hash-align | vrf}
default

Distributes CAM space for a typical deployment.

Applies to the Default CAM-profile and the recommended CAM-profile templates. Recommended for any user-defined CAM-profiles. Applies to the VRF CAm-profile tEmplate only.

vrf lag-hash-align ipv6-switched Defaults Command Modes Command History Usage Information

Distributes space to best manage IPv4 and IPv6 VRF packet forwarding

None CONFIGURATION-CAM-profile-template
Version 8.2.1.0 Introduced on E-Series ExaScale

You must assign a microcode to a CAM-profile template. IPv6 is not supported with VRF microcode on ExaScale.

444

Content Addressable Memory (CAM) for ExaScale

show cam-profile

show cam-profile
ex
Syntax Parameters

Display the details of the CAM-profiles on the chassis and all line cards. show cam-profile [profile microcode microcode | summary] profile summary
(OPTIONAL) Choose a single CAM profile to display: (OPTIONAL) Enter this keyword to view a summary listing of the CAM-profile and on the chassis and all line cards.

Defaults Command Modes Command History Example

None EXEC Privilege

Version 8.2.1.0 Introduced on E-Series ExaScale

Figure 148 Command Output: show cam-profile summary

Force10#show cam-profile summary -- Chassis CAM Profile -CamSize : 40-Meg : Current Settings Profile Name : default Microcode Name : Default -- Line card 2 - per Port Pipe -CamSize : 40-Meg : Current Settings Profile Name : default Microcode Name : Default Force10

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

445

show cam-profile Figure 149 Command Output: show cam-profile

Force10#show cam-profile -- Chassis CAM Profile -CamSize : 40-Meg : Current Settings Profile Name : default Microcode Name : Default L2FIB : 15K entries Learn : 1K entries L2ACL : 5K entries System Flow : 102 entries Qos : 500 entries Frrp : 102 entries L2pt : 266 entries IPv4FIB : 512K entries IPv4ACL : 16K entries IPv4Flow : 24K entries Mcast Fib/Acl : 9K entries Pbr : 1K entries Qos : 10K entries System Flow : 4K entries EgL2ACL : 2K entries EgIpv4ACL : 4K entries Mpls : 60K entries IPv6FIB : 12K entries IPv6ACL : 6K entries IPv6Flow : 6K entries Mcast Fib/Acl : 3K entries Pbr : 0K entries Qos : 1K entries System Flow : 2K entries EgIpv6ACL : 1K entries GenEgACL : 0.5K entries IPv4FHOP : 4K entries IPv6FHOP : 4K entries IPv4/IPv6NHOP : 12K entries MPLS LSP Count : 0K entries EoMPLS Encap : 0K entries EoMPLS Decap : 0K entries -- Line card 2 - per Port Pipe -CamSize : 40-Meg : Current Settings Profile Name : default Microcode Name : Default L2FIB : 15K entries Learn : 1K entries L2ACL : 5K entries System Flow : 102 entries Qos : 500 entries Frrp : 102 entries L2pt : 266 entries IPv4FIB : 512K entries IPv4ACL : 16K entries IPv4Flow : 24K entries Mcast Fib/Acl : 9K entries Pbr : 1K entries Qos : 10K entries System Flow : 4K entries ------------output truncated-----------------Force10#

Example 2

446

Content Addressable Memory (CAM) for ExaScale

test cam-profile

test cam-profile
ex
Syntax Parameters

Validate a user-defined CAM-profile template. test cam-profile template template None CONFIGURATION-CAM-profile-template
Version 8.2.1.0 Introduced on E-Series ExaScale Enter the name of the CAM-profile template to validate.

Defaults Command Modes Command History Example

Force10#test cam-profile test cam-profile 'test' can be applied to the system. Force10#test cam-profile Customer002 % Error: 'test cam-profile Customer002 failed. Please check all profile parameters. Force10

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

447

test cam-profile

448

Content Addressable Memory (CAM) for ExaScale

Chapter 13

Content Addressable Memory (CAM)

Overview
Content Addressable Memory (CAM) commands are supported C-Series, E-Series TeraScale and S-Series, as indicated by the symbols under each command heading: c et s This chapter includes information relating to the E-Series TeraScale platform. Refer to Chapter 12, Content Addressable Memory (CAM) for ExaScale for information on the commands for the E-Series ExaScale platform.

Note: Not all CAM commands are supported on all platforms. Be sure to note the
platform symbol when looking for a command.

Warning: If you are using these features for the first time, contact Force10 Technical Assistance Center (TAC) for guidance. For information on contacting Force10 TAC, visit the Force10 website at www.force10networks.com/support
This chapter includes the following sections: CAM Profile Commands CAM IPv4flow Commands CAM Layer 2 ACL Commands

CAM Profile Commands

The CAM profiling feature enables you to partition the CAM to best suit your application. For example: Configure more Layer 2 FIB entries when the system is deployed as a switch. Configure more Layer 3 FIB entries when the system is deployed as a router. Configure more ACLs (when IPv6 is not employed). Hash MPLS packets based on source and destination IP addresses for LAGs. Publication Date: July 20, 2011 449

Command Line Reference for FTOS version 8.4.2.4

cam-acl (Configuration)

Hash based on bidirectional flow for LAGs. Optimize the VLAN ACL Group feature, which permits group VLANs for IP egress ACLs.

Important Points to Remember

CAM Profiles are available on FTOS versions 6.3.1.1 and later for the E-Series TeraScale. Refer to Chapter 12, Content Addressable Memory (CAM) for ExaScale for information on the commands for the E-Series ExaScale platform. FTOS versions 7.8.1.0 and later support CAM allocations on the C-Series and S-Series. All line cards within a single system must have the same CAM profile (including CAM sub-region configurations); this profile must match the system CAM profile (the profile on the primary RPM). FTOS automatically reconfigures the CAM profile on line cards and the secondary RPM to match the system CAM profile by saving the correct profile on the card and then rebooting it. The CAM configuration is applied to entire system when you use CONFIGURATION mode commands. You must save the running-configuration to affect the change. When budgeting your CAM allocations for ACLs and QoS configurations, remember that ACL and QoS rules might consume more than one CAM entry depending on complexity. For example, TCP and UDP rules with port range options might require more than one CAM entry. After you install a secondary RPM, copy the running-configuration to the startup-configuration so that the new RPM has the correct CAM profile. You MUST save your changes and reboot the system for CAM profiling or allocations to take effect.

The CAM Profiling commands are: cam-acl (Configuration) cam-acl (EXEC Privilege) cam-optimization cam-profile (Config) show cam-acl show cam-profile show cam-usage test cam-usage

cam-acl (Configuration)
cs
Syntax

Allocate CAM for IPv4 and IPv6 ACLs cam-acl {default | l2acl number ipv4acl number ipv6acl number, ipv4qos number l2qos number, l2pt number ipmacacl number ecfmacl number [vman-qos | vman-dual-qos number}

450

Content Addressable Memory (CAM)

cam-acl (EXEC Privilege)

Parameters

default

Use the default CAM profile settings, and set the CAM as follows. L3 ACL (ipv4acl): 6 L2 ACL(l2acl) : 5 IPv6 L3 ACL (ipv6acl): 0 L3 QoS (ipv4qos): 1 L2 QoS (l2qos): 1 Allocate space to each CAM region. Enter the CAM profile name followed by the amount to be allotted. The total space allocated must equal 13. The ipv6acl range must be a factor of 2.

l2acl number ipv4acl number ipv6acl number, ipv4qos number l2qos number, l2pt number ipmacacl number ecfmacl number [vman-qos | vman-dual-qos number Command Modes Command History

CONFIGURATION
Version 8.3.1.0 Version 8.2.1.0 Version 7.8.1.0 Added ecfmacl, vman-qos, and vman-dual-qos keywords. Introduced on the S-Series Introduced on the C-Series

Usage Information

You must save the new CAM settings to the startup-config (write-mem or copy run start) then reload the system for the new settings to take effect. The total amount of space allowed is 16 FP Blocks. System flow requires 3 blocks and these cannot be reallocated. When configuring space for IPv6 ACLs, the total number of Blocks must equal 13. Ranges for the CAM profiles are 1-10, except for the ipv6acl profile which is 0-10. The ipv6acl allocation must be a factor of 2 (2, 4, 6, 8, 10).

cam-acl (EXEC Privilege)

cs
Adjust linecard CAM setting to match chassis settings.

This command is deprecated as of FTOS 8.3.1.0

Syntax Command Modes Command History

cam-acl {chassis |linecard} EXEC Privilege

Version 8.3.1.0 Version 7.8.1.0 COMMAND DEPRECATED Introduced on the C-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

451

cam-optimization

cam-optimization
cs
Syntax Parameters

Optimize CAM utilization for QoS Entries by minimizing require policy-map CAM space. cam-optimization [qos] qos CONFIGURATION Disabled
Version 8.2.1.0 Version 7.8.1.0 Introduced on the s-Series Introduced on the C-Series and S-Series Optimize CAM usage for Quality of Service (QoS)

Command Modes Defaults Command History

Usage Information

When this command is enabled, if a Policy Map containing classification rules (ACL and/or dscp/ip-precedence rules) is applied to more than one physical interface on the same port pipe, only a single copy of the policy will be written (only 1 FP entry will be used). Note that an ACL itself may still require more that a single FP entry, regardless of the number of interfaces. Refer to IP Access Control Lists, Prefix Lists, and Route-map in the FTOS Configuration Guide for complete discussion.

cam-profile (Config)
e
Syntax

Set the default CAM profile and the required microcode. cam-profile profile microcode microcode

452

Content Addressable Memory (CAM)

cam-profile (Config)

Parameters

profile

Choose one of the following CAM profiles: Enter the keyword default to specify the default CAM profile. Enter the keyword eg-default to specify the default CAM profile for EG (dual-CAM) line cards. Enter the keyword ipv4-320k to specify the CAM profile that

provides 320K entries for the IPv4 Forwarding Information Base (FIB). Enter the keyword ipv4-egacl-16k to specify the CAM profile that provides 16K entries for egress ACLs. Enter the keyword ipv6-extacl to specify the CAM profile that provides IPv6 functionality. Enter the keyword l2-ipv4-inacl to specify the CAM profile that provides 32K entries for ingress ACLs.
Enter the keyword unified-default to specify the CAM profile that maintains the CAM allocations for the IPv6 and IPv4 FIB while allocating more CAM space for the Ingress and Egress Layer 2 ACL, and IPv4 ACL regions. Enter the keyword ipv4-vrf to specify the CAM profile that maintains the CAM allocations for the IPv4 FIB while allocating CAM space for VRF. Enter the keyword ipv4-v6-vrf to specify the CAM profile that maintains the CAM allocations for the IPv4 and IPv6FIB while allocating CAM space for VRF. Enter the keyword ipv4-64k-ipv6 to specify the CAM profile that provides an alternate to ipv6-extacl that redistributes CAM space from the IPv4FIB to IPv4Flow and IPv6FIB.

microcode microcode

Choose a microcode based on the CAM profile you chose. Not all microcodes are available to be paired with a CAM profile. Enter the keyword default to select the microcode that distributes CAM space for a typical deployment. Enter the keyword lag-hash-align to select the microcode for

applications that require the same hashing for bi-directional traffic.

Enter the keyword lag-hash-mpls to select the microcode for hashing based on MPLS labels (up to five labels deep). Enter the keyword ipv6-extacl to select the microcode for IPv6. Enter the keyword acl-group to select the microcode for applications that need 16k egress IPv4 ACLs. Enter the keyword ipv4-vrf to select the microcode for IPv4 VRF applications. Enter the keyword ipv4-v6-vrf to select the microcode for IPv4 and IPv6 VRF applications. E-Series TeraScale only: Select l2-switched-pbr microcode if you apply a PBR redirect list to a VLAN interface and want to prevent Layer 2 traffic from being redirected and dropped. l2-switched-pbr (IPv4-LDA) microcode allows only Layer 3 traffic to be redirected while Layer 2 traffic is switched within the VLAN.

Defaults Command Modes Command History

cam-profile default microcode default CONFIGURATION

Version 8.4.1.0 Version 8.2.1.0 Added support for l2-switched-pbr microcode. Added support for the ipv4-64k-ipv6 profile.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

453

show cam-acl

Version 7.9.1.0 Version 7.5.1.0 Version 7.4.2.0 Version 7.4.1.0 Version 6.5.1.0 Version 6.3.1.0 Usage Information

Added support for VRF protocols. Added the l2-ipv4-inacl CAM profile Added the unified-default CAM profile and lag-hash-align microcode Added the lag-hash-mpls microcode Added the eg-default and ipv4-320k CAM profiles Introduced on E-Series

You must save the running configuration using the command copy running-config startup-config after changing the CAM profile from CONFIGURATION mode. CAM profile changes take effect after the next chassis reboot.

Note: Do not use the ipv4-egacl-16 CAM profile for Layer 2 egress ACLs.

Note: Do not make any changes to the CAM profile after you change the profile to
ipv4-320K and save the configuration until after you reload the chassis; any changes lead to unexpected behavior. lAfter you reload the chassis, you may make changes to the IPv4 Flow partition.

show cam-acl
c
Syntax Defaults Command Modes Command History Usage Information

Display the details of the CAM profiles on the chassis and all line cards. show cam-acl None EXEC Privilege
Version 7.8.1.0 Introduced on C-Series

The display reflects the settings implemented with the cam-acl command.

454

Content Addressable Memory (CAM)

show cam-profile

Example

Figure 150 Command Output: show cam-acl (default)

Force10#show cam-acl -- Chassis Cam ACL -Current Settings(in block sizes) L2Acl : 5 Ipv4Acl : 6 Ipv6Acl : 0 Ipv4Qos : 1 L2Qos : 1 -- Line card 4 -Current Settings(in block sizes) L2Acl : 5 Ipv4Acl : 6 Ipv6Acl : 0 Ipv4Qos : 1 L2Qos : 1 Force10#

Figure 151 Command Output: show cam-acl (non-default)

Force10#show cam-acl -- Chassis Cam ACL -Current Settings(in block sizes) L2Acl : 2 Ipv4Acl : 2 Ipv6Acl : 4 Ipv4Qos : 2 L2Qos : 3 -- Line card 4 -Current Settings(in block sizes) L2Acl : 2 Ipv4Acl : 2 Ipv6Acl : 4 Ipv4Qos : 2 L2Qos : 3 Force10#

show cam-profile
e
Syntax

Display the details of the CAM profiles on the chassis and all line cards. show cam-profile [profile microcode microcode | summary]

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

455

show cam-profile

Parameters

profile

(OPTIONAL) Choose a single CAM profile to display: Enter the keyword default to specify the default CAM profile. Enter the keyword eg-default to specify the default CAM profile for EG (dual-CAM) line cards. Enter the keyword ipv4-320k to specify the CAM profile that provides 320K entries for the IPv4 Forwarding Information Base (FIB).

Enter the keyword ipv4-egacl-16k to specify the CAM profile that provides 16K entries for egress ACLs. Enter the keyword ipv6-extacl to specify the CAM profile that provides IPv6 functionality. Enter the keyword l2-ipv4-inacl to specify the CAM profile that provides 32K entries for ingress ACLs. Enter the keyword unified-default to specify the CAM profile that
maintains the CAM allocations for the IPv6 and IPv4 FIB while allocating more CAM space for the Ingress and Egress Layer 2 ACL, and IPv4 ACL regions. Enter the keyword ipv4-vrf to specify the CAM profile that maintains the CAM allocations for the IPv4 FIB while allocating CAM space for VRF. Enter the keyword ipv4-v6-vrf to specify the CAM profile that maintains the CAM allocations for the IPv4 and IPv6FIB while allocating CAM space for VRF.

microcode microcode

Choose the microcode to display. Not all microcodes are available to be paired with a CAM profile. Enter the keyword default to select the microcode that distributes CAM space for a typical deployment. Enter the keyword lag-hash-align to select the microcode for

applications that require the same hashing for bi-directional traffic.

Enter the keyword lag-hash-mpls to select the microcode for hashing based on MPLS labels (up to five labels deep). Enter the keyword ipv6-extacl to select the microcode for IPv6. Enter the keyword acl-group to select the microcode for applications that need 16k egress IPv4 ACLs. Enter the keyword ipv4-vrf to select the microcode for IPv4 VRF applications. Enter the keyword ipv4-v6-vrf to select the microcode forIPv4 and IPv6 VRF applications. Enter the keyword ipv4-64k-ipv6 to specify the CAM profile that provides an alternate to ipv6-extacl that redistributes CAM space from the IPv4FIB to IPv4Flow and IPv6FIB.

summary

(OPTIONAL) Enter this keyword to view a summary listing of the CAM profile and microcode on the chassis and all line cards.

Defaults Command Modes Command History

None EXEC Privilege

Version 8.2.1.0 Version 7.9.1.0 Version 6.3.1.0 Added support for ipv4-64k-ipv6 profile Added support for VRF protocols. Introduced on E-Series

Usage Information

If the CAM profile has been changed, this command displays the current CAM profile setting in one column and in the other column displays the CAM profile and the microcode that will be configured for the chassis and all online line cards after the next reboot.

456

Content Addressable Memory (CAM)

show cam-usage

Example 1

Figure 152 Command Output: show cam-profile summary

Force10#show cam-profile summary -- Chassis CAM Profile -: Current Settings : Next Boot Profile Name : Default : Default MicroCode Name : Default : Default : Current Settings : Next Boot -- Line card 1 -Profile Name : Default : Default MicroCode Name : Default : Default : Current Settings : Next Boot -- Line card 6 -Profile Name : Default : Default MicroCode Name : Default : Default Force10#

Example 2

Figure 153 Command Output: show cam-profile

Force10#show cam-profile -- Chassis Cam Profile -CamSize Profile Name L2FIB L2ACL IPv4FIB IPv4ACL IPv4Flow EgL2ACL EgIPv4ACL Reserved IPv6FIB IPv6ACL IPv6Flow EgIPv6ACL MicroCode Name : : : : : : : : : : : : : : : : 18-Meg Current Settings DEFAULT 32K entries 1K entries 256K entries 12K entries 24K entries 1K entries 1K entries 8K entries 0 entries 0 entries 0 entries 0 entries Default 18-Meg Current Settings DEFAULT 32K entries 1K entries 256K entries 12K entries 24K entries 1K entries 1K entries 8K entries 0 entries 0 entries 0 entries 0 entries Default : : : : : : : : : : : : : : : Next Boot DEFAULT 32K entries 1K entries 256K entries 12K entries 24K entries 1K entries 1K entries 8K entries 0 entries 0 entries 0 entries 0 entries Default

-- Line card 0 -CamSize : : Profile Name : L2FIB : L2ACL : IPv4FIB : IPv4ACL : IPv4Flow : EgL2ACL : EgIPv4ACL : Reserved : IPv6FIB : IPv6ACL : IPv6Flow : EgIPv6ACL : MicroCode Name : Force10#

: : : : : : : : : : : : : : :

Next Boot DEFAULT 32K entries 1K entries 256K entries 12K entries 24K entries 1K entries 1K entries 8K entries 0 entries 0 entries 0 entries 0 entries Default

show cam-usage
e
Syntax

Display Layer 2, Layer 3, ACL, or all CAM usage statistics. show cam-usage [acl | router | switch]

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

457

show cam-usage

Parameters

acl router switch

(OPTIONAL) Enter this keyword to display Layer 2 and Layer 3 ACL CAM usage. (OPTIONAL) Enter this keyword to display Layer 3 CAM usage. (OPTIONAL)Enter this keyword to display Layer 2 CAM usage.

Defaults Command Modes Command History

None EXEC Privilege

Version 6.5.1.0 Introduced on E-Series

458

Content Addressable Memory (CAM)

show cam-usage

Example

Figure 154 Command Example: show cam-usage

Force10#show cam-usage Linecard|Portpipe| CAM Partition | Total CAM | Used CAM |Available CAM ========|========|=================|=============|=============|============== 1 | 0 | IN-L2 ACL | 1008 | 320 | 688 | | IN-L2 FIB | 32768 | 1132 | 31636 | | IN-L3 ACL | 12288 | 2 | 12286 | | IN-L3 FIB | 262141 | 14 | 262127 | | IN-L3-SysFlow | 2878 | 45 | 2833 | | IN-L3-TrcList | 1024 | 0 | 1024 | | IN-L3-McastFib | 9215 | 0 | 9215 | | IN-L3-Qos | 8192 | 0 | 8192 | | IN-L3-PBR | 1024 | 0 | 1024 | | IN-V6 ACL | 0 | 0 | 0 | | IN-V6 FIB | 0 | 0 | 0 | | IN-V6-SysFlow | 0 | 0 | 0 | | IN-V6-McastFib | 0 | 0 | 0 | | OUT-L2 ACL | 1024 | 0 | 1024 | | OUT-L3 ACL | 1024 | 0 | 1024 | | OUT-V6 ACL | 0 | 0 | 0 1 | 1 | IN-L2 ACL | 320 | 0 | 320 | | IN-L2 FIB | 32768 | 1136 | 31632 | | IN-L3 ACL | 12288 | 2 | 12286 | | IN-L3 FIB | 262141 | 14 | 262127 | | IN-L3-SysFlow | 2878 | 44 | 2834 --More--

Example

Figure 155 Command Example: show cam-usage acl

Force10#show cam-usage acl Linecard|Portpipe| CAM Partition | Total CAM | Used CAM |Available CAM ========|========|=================|=============|=============|============== 11 | 0 | IN-L2 ACL | 1008 | 0 | 1008 | | IN-L3 ACL | 12288 | 2 | 12286 | | OUT-L2 ACL | 1024 | 2 | 1022 | | OUT-L3 ACL | 1024 | 0 | 1024 Force10#

Example

Figure 156 Command Example: show cam-usage router

Force10#show cam-usage router Linecard|Portpipe| CAM Partition | Total CAM | Used CAM |Available CAM ========|========|=================|=============|=============|============== 11 | 0 | IN-L3 ACL | 8192 | 3 | 8189 | | IN-L3 FIB | 196607 | 1 | 196606 | | IN-L3-SysFlow | 2878 | 0 | 2878 | | IN-L3-TrcList | 1024 | 0 | 1024 | | IN-L3-McastFib | 9215 | 0 | 9215 | | IN-L3-Qos | 8192 | 0 | 8192 | | IN-L3-PBR | 1024 | 0 | 1024 | | OUT-L3 ACL | 16384 | 0 | 16384 11 | 1 | IN-L3 ACL | 8192 | 3 | 8189 | | IN-L3 FIB | 196607 | 1 | 196606 | | IN-L3-SysFlow | 2878 | 0 | 2878 | | IN-L3-TrcList | 1024 | 0 | 1024 | | IN-L3-McastFib | 9215 | 0 | 9215 | | IN-L3-Qos | 8192 | 0 | 8192 | | IN-L3-PBR | 1024 | 0 | 1024 | | OUT-L3 ACL | 16384 | 0 | 16384 Force10#

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

459

test cam-usage

Example

Figure 157 Command Example: show cam-usage switch

Force10#show cam-usage switch Linecard|Portpipe| CAM Partition | Total CAM | Used CAM |Available CAM ========|========|=================|=============|=============|============== 11 | 0 | IN-L2 ACL | 7152 | 0 | 7152 | | IN-L2 FIB | 32768 | 1081 | 31687 | | OUT-L2 ACL | 0 | 0 | 0 11 | 1 | IN-L2 ACL | 7152 | 0 | 7152 | | IN-L2 FIB | 32768 | 1081 | 31687 | | OUT-L2 ACL | 0 | 0 | 0 Force10#

test cam-usage
ces
Syntax Parameters

Verify that enough CAM space is available for the IPv6 ACLs you have created. test cam-usage service-policy input input policy name linecard {number | all} policy-map name number
Enter the name of the policy-map to verify. Enter all to get information for all the linecards/stack-units, or enter the linecard/stack-unit number to get information for a specific card.

Range: 0-6 for E-Series, 0-7 for C-Series, 0-7 for S-Series
Defaults Command Modes Command History Usage Information

None EXEC Privilege

Version 7.8.1.0 Introduced

This command applies to both IPv4 and IPv6 CAM Profiles, but is best used when verifying QoS optimization for IPv6 ACLs. QoS Optimization for IPv6 ACLs does not impact the CAM usage for applying a policy on a single (or the first of several) interfaces. It is most useful when a policy is applied across multiple interfaces; it can reduce the impact to CAM usage across subsequent interfaces.

460

Content Addressable Memory (CAM)

test cam-usage The following examples show some sample output when using the test cam-usage command.

Example

Figure 158 Command Example: test cam-usage (C-Series)

Force10#test cam-usage service-policy input LauraMapTest linecard all Linecard | Portpipe | CAM Partition | Available CAM | Estimated CAM per Port | Status -----------------------------------------------------------------------------------------2 | 1 | IPv4Flow | 232 | 0 | Allowed 2 | 1 | IPv6Flow | 0 | 0 | Allowed 4 | 0 | IPv4Flow | 232 | 0 | Allowed 4 | 0 | IPv6Flow | 0 | 0 | Allowed Force10#

Table 34 Output Explanations: test cam-usage (C-Series) Term

Linecard Portpipe

Explanation
Lists the line card or linecards that are checked. Entering all shows the status for linecards in the chassis Lists the portpipe (port-set) or port pipes (port-sets) that are checked. Entering all shows the status for linecards and port-pipes in the chassis. Shows the CAM profile of the CAM Identifies the amout of CAM space remaining for that profile Estimates the amount of CAM space the listed policy will require. Indicates whether or not the policy will be allowed in the CAM

CAM Partition Available CAM Estimated CAM per Port Status

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

461

test cam-usage Figure 159 Command Example: test cam-usage (S-Series)

Table 35 Output Explanations: test cam-usage (S-Series) Term

Stack-Unit Portpipe

Explanation
Lists the stack unit or units that are checked. Entering all shows the status for all stacks. Lists the portpipe (port-set) or port pipes (port-sets) that are checked. Entering all shows the status for linecards and port-pipes in the chassis. Shows the CAM profile of the CAM Identifies the amout of CAM space remaining for that profile Estimates the amount of CAM space the listed policy will require. Indicates whether or not the policy will be allowed in the CAM

CAM Partition Available CAM Estimated CAM per Port Status

462

Content Addressable Memory (CAM)

cam ipv4flow (EXEC Privilege)

CAM IPv4flow Commands

IPv4Flow sub-partitions are supported on E-Series TeraScale platform

The 18-megabit user configurable CAM is divided into multiple regions such as Layer 2 FIB, Layer 3 FIB, IPv4Flow, IPv4 Ingress ACL, etc. The IPv4Flow region is further sub-divided into 5 regions: System Flow, QoS, PBR, Trace-lists, Multicast FIB & ACL. You can change the amount of CAM space allocated to each sub-region. You can configure the IPv4Flow region in both EtherScale and TeraScale. In EtherScale, these commands allocate CAM space for IPv4Flow sub-regions and the IPv4 ACL region. Like CAM profiles, you can configure the IPv4Flow region from EXEC Privilege and CONFIGURATION mode. The CAM IPv4flow commands are: cam ipv4flow (EXEC Privilege) cam-ipv4flow (CONFIGURATION) show cam-ipv4flow

cam ipv4flow (EXEC Privilege)

et
Configure the amount of CAM space in IPv4flow sub-regions.

This command is deprecated as of FTOS 8.3.1.0

Syntax

cam ipv4flow {chassis all | linecard number} {default | acl value multicast-fib value pbr value qos value system-flow value trace-list value} EXEC Privilege
Version 8.3.1.0 Version 6.3.1.0 COMMAND DEPRECATED Introduced on E-Series

Command Modes Command History

cam-ipv4flow (CONFIGURATION)
et
Syntax

Configure the amount of CAM space in IPv4flow sub-regions. cam-ipv4flow {default | multicast-fib value pbr value qos value system-flow value trace-list value}

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

463

show cam-ipv4flow

Parameters

default multicast-fib value

Enter the keyword default to reset the IPV4Flow CAM region to its default setting. Enter the keyword multicast-fib followed by the number of entries for the multicast FIB sub-region in 1K increments. Range: 1 to 32 KB Default: 9 KB Enter the keyword pbr followed by the number of entries for the PBR sub-region in 1K increments. Range: 1 to 32 KB Default: 1 KB Enter the keyword qos followed by the number of entries for the QoS sub-region in 1K increments.. Range: 1 to 32 KB Default: 8 KB Enter the keyword system-flow followed by the number of entries for the system-flow sub-region in 1K increments.. Range: 4 to 32 KB Default: 5 KB Enter the keyword trace-list followed by the number of entries for the trace-list sub-region in 1K increments. Range: 1 to 32 KB Default: 1 KB

pbr value

qos value

system-flow value

trace-list value

Defaults Command Modes Command History Usage Information Related Commands

See Parameters CONFIGURATION

Version 6.3.1.0 Introduced on E-Series

CAM profile changes take effect after the next chassis reboot.

copy show cam-ipv4flow

Save the running configuration. Display the CAM IPv4flow entries.

show cam-ipv4flow
et
Syntax Command Modes Command History

Display details about the IPv4Flow sub-regions. show cam-ipv4flow EXEC Privilege
Version 6.3.1.0 Introduced on E-Series

464

Content Addressable Memory (CAM)

show cam-ipv4flow

Example

Figure 160 Command Example: show cam-ipv4flow

Force10#show cam-ipv4flow -- Chassis Cam Ipv4Flow -Current Settings Acl : 8K Multicast Fib/Acl : 9K Pbr : 1K Qos : 8K System Flow : 5K Trace Lists : 1K -- Line card 2 -Acl Multicast Fib/Acl Pbr Qos System Flow Trace Lists -- Line card 8 -Acl Multicast Fib/Acl Pbr Qos System Flow Trace Lists -- Line card 13 -Acl Multicast Fib/Acl Pbr Qos System Flow Trace Lists Force10# : : : : : : Current Settings 5K 9K 1K 8K 5K 1K Next Boot 0K 12K 1K 8K 5K 1K : : : : : : Current Settings 5K 9K 1K 8K 5K 1K Next Boot 0K 12K 1K 8K 5K 1K : : : : : : Current Settings 5K 9K 1K 8K 5K 1K Next Boot 0K 12K 1K 8K 5K 1K Next Boot 5K 12K 1K 8K 5K 1K

Usage Information

If the IPv4Flow sub-region has been changed, this command displays the current IPv4Flow configuration in one column and in the other column displays the IPv4Flow configuration that will be loaded after the next reboot.
cam-ipv4flow (CONFIGURATION)

Related Commands

Configure the amount of CAM space in IPv4flow sub-regions.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

465

cam l2acl (EXEC Privilege)

CAM Layer 2 ACL Commands

IPv4Flow sub-partitions are supported on the E-Series TeraScale platform The CAM Layer 2 ACL commands are: cam l2acl (EXEC Privilege) cam-l2acl (CONFIGURATION) show cam-l2acl

The 18-megabit user configurable CAM is divided into multiple regions such as Layer 2 FIB, Layer 3 FIB, IPv4Flow, IPv4 Ingress ACL, etc. The Layer 2 ACL region is further sub-divided into 6 regions: Sysflow, L2ACL, PVST, QoS, L2PT, FRRP. You can change the amount of CAM space, in percentage, allocated to each sub-region. The amount of space that you can distribute to the sub-partitions is equal to the amount of CAM space that the selected CAM profile allocates to the Layer 2 ACL partition. FTOS requires that you specify the amount of CAM space for all sub-partitions and that the sum of all sub-partitions is 100%. Like CAM profiles, you can configure the Layer 2 ACL partition from EXEC Privilege mode or CONFIGURATION mode.

cam l2acl (EXEC Privilege)

et
Re-allocate the amount of space, in percentage, for each Layer 2 ACL CAM sub-partition.

This command is deprecated as of FTOS 8.3.1.0

Syntax

cam l2acl {chassis all | linecard number} {default | system-flow percentage l2acl percentage pvst percentage qos percentage l2pt percentage frrp percentage} EXEC Privilege
Version 8.3.1.0 Version 7.7.1.0 COMMAND DEPRECATED Introduced on E-Series

Command Modes Command History

cam-l2acl (CONFIGURATION)
et
Syntax

Re-allocate the amount of space, in percentage, for each Layer 2 ACL CAM sub-partition. cam-l2acl {default | system-flow percentage l2acl percentage pvst percentage qos percentage l2pt percentage frrp percentage}

466

Content Addressable Memory (CAM)

show cam-l2acl

Parameters

default

Enter this keyword to reset the Layer 2 ACL CAM sub-partition space allocations to the default values (Sysflow: 6, L2ACL: 14, PVST: 50, QoS: 12, L2PT: 13, FRRP: 5). Allocate a percentage of the Layer 2 ACL CAM space for system flow entries. Enter the keyword system-flow, and specify the percentage. Range: 5 to 100 Allocate a percentage of the Layer 2 ACL CAM space for Layer 2 ACL entries. Enter the keyword l2acl, and specify the percentage. Range: 5 to 95 Allocate a percentage of the Layer 2 ACL CAM space for PVST+ entries. Enter the keyword pvst ,and specify the percentage. Range: 5 to 95 Allocate a percentage of the Layer 2 ACL CAM space for QoS entries. Enter the keyword qos, and specify the percentage. Range: 5 to 95 Allocate a percentage of the Layer 2 ACL CAM space for L2PT entries. Enter the keyword l2pt, and specify the percentage. Range: 5 to 95 Allocate a percentage of the Layer 2 ACL CAM space for FRRP entries. Enter the keyword frrp, and specify a percentage. Range: 5 to 95

system-flow percentage

l2acl percentage

pvst percentage

qos percentage

l2pt percentage

frrp percentage

Command Modes Command History Usage Information Related Commands

CONFIGURATION
Version 7.7.1.0 Introduced on E-Series

The PVST sub-partition requires a minimum number of entries when employing PVST+. See the CAM chapter of the FTOS Configuration Guide for the E-Series.
Display the percentage of the Layer 2 ACL CAM partition that is allocated to each Layer 2 ACL CAM sub-partition.

show cam-l2acl

show cam-l2acl
et
Display the percentage of the Layer 2 ACL CAM partition that is allocated to each Layer 2 ACL CAM sub-partition. If configuration has changed, the command displays the current configuration and the configuration that FTOS will write to the CAM after the next chassis reboot. show cam-l2acl EXEC Privilege
Version 7.7.1.0 Introduced on E-Series

Syntax Command Modes Command History

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

467

show cam-l2acl Figure 161 Command Example: show cam-l2acl

Force10#show cam-l2acl -- Chassis Cam L2-ACL -Current Settings(in percent) Sysflow : 6 L2Acl : 14 Pvst : 50 Qos : 12 L2pt : 13 Frrp : 5 -- Line card 1 -Current Settings(in percent) Sysflow : 6 L2Acl : 14 Pvst : 50 Qos : 12 L2pt : 13 Frrp : 5 -- Line card 5 -Current Settings(in percent) Sysflow : 6 L2Acl : 14 --More--

Example

Related Commands

cam-l2acl (CONFIGURATION)

Re-allocate the amount of space, in percentage, for each Layer 2 ACL CAM sub-partition.

468

Content Addressable Memory (CAM)

Chapter 14
Overview

Configuration Rollback

The Configuration Rollback feature is enabled on the C-Series c and E-Series e. Configuration Rollback enables you to archive your running configurations for future use. This feature also enables you to replace your running configuration with an archived running configuration without rebooting the chassis. Once you load an archived configuration, you have the option to confirm the replacement or revert (roll back) to your previous configuration. This rollback feature enables you to view and test a configuration before completing the configuration change.

Note: Archive files are stored on the internal flash in a hidden directory named
CFGARCH. You may have to reboot the chassis when rolling back to a feature that explicitly requires it, like CAM profiles.

Commands
The Configuration Rollback commands are: archive archive backup archive config archive delete configure confirm configure replace configure terminal configuration mode exclusive debug rollback maximum number show archive show config show configuration lock show run diff time-period

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

469

Defaults Command Modes Command History Example

No default values or behavior CONFIGURATION ARCHIVE (conf-archive)

Version 7.6.1.0 Introduced on C-Series and E-Series.

Force10#conf Force10(conf)#archive Force10(conf-archive)# Force10#

archive backup
ce
Syntax

Copy an archive file to another location. archive backup {flash://CFGARCH_DIR/filename} {flash://filepath | ftp:// userid:password@hostip/filepath} flash://CFGARCH_DIR/filename flash://filepath ftp://userid:password@hostip/ filepath
Enter the path directory flash://CFGARCH_DIR/ followed by the name of the file. Enter the path flash:.// followed by the file path of the local file system to copy your file to the local location. Enter the path ftp:// followed by the FTP remote file system to copy your file to the remote location.

Parameters

Defaults Command Modes Command History Related Commands

No default values or behavior EXEC Privilege

Version 7.6.1.0 Introduced on C-Series and E-Series

show archive

Display the archive

470

Configuration Rollback

archive config

archive config
ce
Syntax Parameters

Archive a running configuration. archive config [comment comment] comment comment

Describe the configuration that you are archiving using up to 30 characters.

Defaults Command Modes Command History

No default values or behavior EXEC Privilege

Version 7.7.1.0 Version 7.6.1.0 Comment option added Introduced on C-Series and E-Series

Usage Information

Archive files are stored on flash in a hidden directory named CFGARCH. This directory name is a acronym for Configure Archive. A maximum of 15 archive files can be stored in this directory. Figure 162 archive config Command Example
R4_C300#archive config comment 30 characters 3d2h5m: %RPM0-P:CP %CFGARCHIVE-5-RUNNING_CFG_ARCHIVED: Archived running-config as archive_0 configuration archived as archive_0 R4_C300#

Example

archive delete
ce
Syntax Parameters

Delete an archived configuration. archive delete {number | all} number all

Specify the which archived configuration you want to delete. Enter this keyword to delete all archived configurations.

Defaults Command Modes Command History

None CONFIG ARCHIVE

Version 7.7.1.0 Introduced on C-Series and E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

471

configure confirm

Example

Figure 163 archive delete Command Example

Force10#archive delete all Please confirm if you want to proceed [yes/no]:yes all archives have been removed. Force10#

configure confirm
ce
Syntax Defaults Command Modes Command History Related Commands

Confirm the replacement of the running configuration when time option is used with the configure replace command. configure confirm No default values or behavior EXEC Privilege
Version 7.6.1.0 Introduced on C-Series and E-Series

show archive

Display the archive

configure replace
ce
Syntax Parameters

Replace the running configuration with a specified file. configure replace {flash://filepath | startup-config [force | time seconds]} flash://filepath startup-config force force time seconds
Enter the path flash:.// followed by the file path of the local file system to copy your file to the local location. Enter the keyword startup-config to replace with the startup configuration and force the replacement without confirmation. Enter the keyword force to replace the startup configuration without confirmation. Enter the keyword time to replace with the startup configuration and designate the time with which you have to confirm the replacement of the running configuration. Range: 60 to 1800 seconds

Defaults Command Modes Command History

No default values or behavior EXEC Privilege

Version 7.6.1.0 Introduced on C-Series and E-Series

472

Configuration Rollback

configure terminal

configure terminal
ce
Syntax

Enter the exclusive configuration mode when the confutation mode is set to manual. configure terminal [lock] To undo the lock, use the exit command.

Parameters

lock Unlocked

(OPTIONAL) Enter the keyword lock to lock the confirmation in an exclusive mode.

Defaults Command Modes Usage Information

EXEC Privilege Archiving/replacing a configuration automatically locks CONFIGURATION mode. Use this command when you want exclusive control of CONFIGURATION mode when making configuration changes.
Version 7.6.1.0 Introduced on C-Series and E-Series

Command History Related Commands

configuration mode exclusive

Enable exclusive configuration.

configuration mode exclusive

ce
Syntax

Enable exclusive configuration mode. configuration mode exclusive {auto | manual} To negate the configuration, use the no configuration mode exclusive {auto | manual} command.

Parameters

auto manual

Enter auto to set the exclusive mode to auto. Enter manual to set the exclusive mode to manual (the default).

Defaults Command Modes Command History Usage Information

CONFIGURATION mode does not lock by default. EXEC Privilege

Version 7.6.1.0 Introduced on C-Series and E-Series

If you choose the manual option, you must enter set the lock each time before entering CONFIGURATION mode. If you choose the auto option, you can exit to EXEC Privilege mode and re-enter CONFIGURATION mode without setting the lock again.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

473

debug rollback

If another user attempts to enter the CONFIGURATION mode while a lock is in place, the following message is generated:
% Error: User "" on line console0 is in exclusive configuration mode

If a user is already in CONFIGURATION mode when a lock is executed, the following message is generated:
% Error: Can't lock configuration mode exclusively since the following users are currently configuring the system: User "admin" on line vty1 ( 10.1.1.1 )

Note: The CONFIGURATION mode lock corresponds to a VTY session, not to a

user. If you set a lock and then exit the CONFIGURATION mode and another user enters CONFIGURATION mode, you will be denied access when you attempt to re-enter CONFIGURATION mode.
Example
Force10(conf)#configuration mode exclusive auto Force10(conf)#exit 3d23h35m: %RPM0-P:CP %SYS-5-CONFIG_I: Configured from console by console Force10#config! Locks configuration mode exclusively. Force10(conf)#

Note: When your session times out and you return to EXEC mode, the lock is no
longer set.
Related Commands

configure terminal

When configuration is set to manual, use this command to set the exclusive mode.

debug rollback
ce
Syntax

Enable debugging for the configuration replace and rollback feature. debug rollback Disable debugging using the command undebug all.

Defaults Command Modes Command History Related Commands

Debugging is disabled for all features by default. EXEC Privilege

Version 7.6.1.0 Introduced on C-Series and E-Series

undebug all

Disable all debug operations on the system.

474

Configuration Rollback

maximum number

maximum number
ce
Syntax

Set the maximum number of archives. maximum {number} To return to the default, use the no maximum {number} command.

Parameters

number

Enter the maximum number of files to archive. Range: 2 to 15 Default: 10

Defaults Command Modes Command History Related Commands

No default values or behavior CONFIGURATION (conf-archive)

Version 7.6.1.0 Introduced on C-Series and E-Series

show archive

Display the archive

show archive
ce
Syntax Defaults Command Modes Command History

Display the content of the archive. show archive No default values or behavior EXEC Privilege
Version 7.6.1.0 Introduced on C-Series and E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

475

show config

Example

Figure 164 show archive Command Output

Force10#show archive Archive directory: flash:/CFGARCH_DIR # Archive 0 1 2 3 4 5 6 7 *archive_7 8 archive_8 9 archive_9 10 11 12 13 14 Force10# Date Time Size Comment

12/13/2007 12/13/2007 12/16/2007

20:51:24 20:51:44 21:43:44

5640 5645 5677

Deleted Archived Archived Most recently archived Deleted Deleted Deleted

Usage Information

The most recent archived configuration is marked with an asterisk in the output of this command.

show config
ce
Syntax Defaults Command Modes Command History Example
Force10#(conf-archive)#show config ! archive maximum 3 Force10#(conf-archive)#

Display the contents of the archive configuration. show config No default values or behavior CONFIGURATION (conf-archive)
Version 7.6.1.0 Introduced on C-Series and E-Series

show configuration lock

ce
Syntax Defaults Command Modes

Show the configuration lock status. show configuration lock None EXEC Privilege Configuration Rollback

476

show run diff

Command History Example

Version 7.7.1.0

Introduced on C-Series and E-Series

Figure 165 show configuration lock Command Output

Force10# show configuration lock Configure exclusively locked by the following line: Line Line number User Type State Ip address : : : : : : vty 0 2 admin AUTO LOCKED 10.11.9.97

Usage Information

The type may be auto, manual, or rollback. When set to auto, FTOS automatically denies access to CONFIGURATION mode to all other users everytime the user on the listed VTY line enters CONFIGURATION mode. When set to manual, the user on the listed VTY line must explictly set the lock each time before entering CONFIGURATION mode. Rollback indicates that FTOS is in a rollback process. The line number shown in the output can be used to send the messages to that session or release a lock on a VTY line.
clear line configuration mode exclusive send Reset a terminal line. Enable exclusive configuration mode. Send messages to one or all terminal line users.

Related Commands

show run diff

ce
Syntax Parameters

Display the difference between an archived file and a file. show run diff {flash: | startup-config} flash: startup-config
Enter the archive configuration file using the path [flash://]filename Enter the keywords startup-config to compare the contents of the startup configuration.

Defaults Command Modes Command History

No default values or behavior EXEC Privilege

Version 7.6.1.0 Introduced on C-Series and E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

477

time-period

Example

Figure 166 show run diff archive Command Example

Force10#show run diff archive_7 running-config ------< policy-map-input test running-config ------< archive < maximum 3

flash:/CFGARCH_DIR/archive_7 ------> archive Force10#

time-period
ce
Syntax

Set a time period to automatically save an archive file. time-period {minutes} To stop the auto-save, use the no time-period {minutes} command.

Parameters

minutes

Enter the time, in minutes to automatically save an archive file. Range: 5 to 1440 minutes

Defaults Command Modes Command History

Disabled, that is no automatically saving is configured CONFIGURATION (conf-archive)

Version 7.6.1.0 Introduced on C-Series and E-Series

478

Configuration Rollback

Chapter 15

Dynamic Host Configuration Protocol (DHCP)

Overview
Dynamic Host Configuration Protocol (DHCP) is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators. Commands to Configure the System to be a DHCP Server Commands to Configure Secure DHCP

Commands to Configure the System to be a DHCP Server

clear ip dhcp client-identifier debug ip dhcp server default-router disable dns-server domain-name excluded-address hardware-address host ip dhcp bootp ip dhcp relay information disable lease netbios-name-server netbios-node-type network pool show ip dhcp binding show ip dhcp configuration show ip dhcp conflict show ip dhcp database Publication Date: July 20, 2011 479

Command Line Reference for FTOS version 8.4.2.4

clear ip dhcp

show ip dhcp server

clear ip dhcp
cs
Syntax Parameters

Reset DHCP counters. clear ip dhcp [binding {address} | conflict | server statistics] binding address conflicts server statistics
Enter this keyword to delete all entries in the binding table. Enter the IP address to clear the binding entry for a single IP address. Enter this keyword to delete all of the log entries created for IP address conflicts. Enter this keyword to clear all the server counter information.

Command Mode Default Command History Usage Information

EXEC Privilege None

Version 8.2.1.0 Introduced on C-Series and S-Series.

Entering <CR> after clear ip dhcp binding, clears all the IPs from the binding table.

client-identifier
cs
Syntax Parameters

Identify the Microsoft clients using a special identifier rather than the hardware address. client-identifier unique-identifier unique-identifier DHCP None
Version 8.2.1.0 Introduced on C-Series and S-Series. Enter the client identifier for a Microsoft.

Command Mode Default Command History Usage Information

Microsoft clients require a client identifier instead of a hardware addresses. The client identifier is formed by concatenating the media type and the MAC address of the client. Refer to the "Address Resolution Protocol Parameters" section of RFC 1700Assigned Numbers, for a list of media type codes.

480

Dynamic Host Configuration Protocol (DHCP)

debug ip dhcp server

cs
Syntax Parameters

Display FTOS debugging messages for DHCP. debug ip dhcp server [events | packets] events packet
Enter this keyword to display DHCP state changes. Enter this keyword to display packet transmission/reception.

Command Mode Default Command History

EXEC Privliege None

Version 8.2.1.0 Introduced on C-Series and S-Series.

default-router
cs
Syntax Parameters

Assign a default gateway to clients based on address pool. default-router address [address2...address8] address
Enter the a list of routers that may be the default gateway for clients on the subnet. You may specify up to 8. List them in order of preference.

Command Mode Default Command History

DHCP <POOL> None

Version 8.2.1.0 Introduced on C-Series and S-Series.

disable
cs
Disable DHCP Server. DHCP Server is disabled by default. Enable the system to be a DHCP server using the no form of the disable command.
Syntax Command Mode Default

disable CONFIGURATION Disabled

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

481

dns-server

Command History

Version 8.2.1.0

Introduced on C-Series and S-Series.

dns-server
cs
Syntax Parameters

Assign a DNS server to clients based on address pool. dns-server address [address2...address8] address
Enter the a list of DNS servers that may service clients on the subnet. You may list up to 8 servers, in order of preference.

Command Mode Default Command History

DHCP <POOL> None

Version 8.2.1.0 Introduced on C-Series and S-Series.

domain-name
cs
Syntax Parameters

Assign a domain to clients based on address pool. domain-name name name

Give a name to the group of addresses in a pool.

Command Mode Default Command History

DHCP <POOL> None

Version 8.2.1.0 Introduced on C-Series and S-Series.

excluded-address
cs
Syntax

Prevent the server from leasing an address or range of addresses in the pool. excluded-address [address | low-address high-address]

482

Dynamic Host Configuration Protocol (DHCP)

hardware-address

Parameters

address low-address high-address

Enter a single address to be excluded from the pool. Enter the lowest address in a range of addresses to be excluded from the pool. Enter the highest address in a range of addressses to be excluded from the pool.

Command Mode Default Command History

DHCP None
Version 8.2.1.0 Introduced on C-Series and S-Series.

hardware-address
cs
Syntax Parameters

For manual configurations, specify the client hardware address. hardware-address address address DHCP <POOL> None
Version 8.2.1.0 Introduced on C-Series and S-Series. Enter the hardware address of the client.

Command Mode Default Command History

host
cs
Syntax Parameters

For manual (rather than automatic) configurations, assign a host to a single-address pool. host address address/mask DHCP <POOL> None
Version 8.2.1.0 Introduced on C-Series and S-Series. Enter the host IP address and subnet mask.

Command Mode Default Command History

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

483

ip dhcp bootp

ip dhcp bootp
cs
Syntax Parameters

Allow the DHCP server to respond to BOOTP messages, or direct the server to ignore them. ip dhcp bootp [automatic | ignore] automatic ignore
Enter this keyword to instruct the server to respond to BOOTP messages. Enter this keyword to instruct the server to ignore all BOOTP messages.

Command Mode Default Command History

DHCP automatic
Version 8.2.1.0 Introduced on C-Series and S-Series.

ip dhcp relay information

cs
Syntax Parameters

ip dhcp relay information [check | option | policy] check option policy

Command Mode Default Command History Version 8.2.1.0 Introduced on C-Series and S-Series.

lease
cs
Syntax

Specify a lease time for the addresses in a pool. lease {days [hours] [minutes] | infinite}

484

Dynamic Host Configuration Protocol (DHCP)

netbios-name-server

Parameters

days hours minutes infinite

Enter the number of days of the lease. Range: 0-31 Enter the number of hours of the lease. Range: 0-23 Enter the number of minutes of the lease. Range: 0-59 Specify that the lease never expires.

Command Mode Default Command History

DHCP <POOL> 24 hours

Version 8.2.1.0 Introduced on C-Series and S-Series.

netbios-name-server
cs
Specify the NetBIOS Windows Internet Naming Service (WINS) name servers, in order of preference, that are available to Microsoft Dynamic Host Configuration Protocol (DHCP) clients. netbios-name-server address [address2...address8] address
Enter the address of the NETBIOS name server. You may enter up to 8, in order of preference.

Syntax Parameters

Command Mode Default Command History

DHCP <POOL> None

Version 8.2.1.0 Introduced on C-Series and S-Series.

netbios-node-type
cs
Syntax Parameters

Specify the NetBIOS node type for a Microsoft DHCP client. Force10 recommends specifying clients as hybrid. netbios-node-type type type
Enter the NETBIOS node type. Broadcast: Enter the keyword b-node. Hybrid: Enter the keyword h-node. Mixed: Enter the keyword m-node. Peer-to-peer: Enter the keyword p-node.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

485

network

Command Mode Default Command History

DHCP <POOL> Hybrid

Version 8.2.1.0 Introduced on C-Series and S-Series.

network
cs
Syntax Parameters

Specify the range of addresses in an address pool. network network /prefix-length network/ prefix-length DHCP <POOL> None
Version 8.2.1.0 Introduced on C-Series and S-Series. Specify a range of addresses. Prefix-length Range: 17-31

Command Mode Default Command History

pool
cs
Syntax Parameters

Create an address pool pool name name DHCP None

Version 8.2.1.0 Introduced on C-Series and S-Series. Enter the address pools identifying name

Command Mode Default Command History

show ip dhcp binding

cs
Syntax

Display the DHCP binding table. show ip dhcp binding

486

Dynamic Host Configuration Protocol (DHCP)

show ip dhcp configuration

Command Mode Default Command History

EXEC Privilege None

Version 8.2.1.0 Introduced on C-Series and S-Series.

show ip dhcp configuration

cs
Syntax Parameters

Display the DHCP configuration. show ip dhcp configuration [global | pool name] pool name global
Display the configuration for a DHCP pool. Display the DHCP configuration for the entire system.

Command Mode Default Command History

EXEC Privilege None

Version 8.2.1.0 Introduced on C-Series and S-Series.

show ip dhcp conflict

cs
Syntax Parameters

Display the address conflict log. show ip dhcp conflict address address EXEC Privilege None
Version 8.2.1.0 Introduced on C-Series and S-Series. Display a particular conflict log entry.

Command Mode Default Command History

show ip dhcp database

cs
Syntax

Display the DHCP database. show ip dhcp database Publication Date: July 20, 2011 487

Command Line Reference for FTOS version 8.4.2.4

show ip dhcp server

Command Mode Default Command History

EXEC Privilege None

Version 8.2.1.0 Introduced on C-Series and S-Series.

show ip dhcp server

cs
Syntax Command Mode Default Command History

Display the DHCP server statistics. show ip dhcp server statistics EXEC Privilege None
Version 8.2.1.0 Introduced on C-Series and S-Series.

Commands to Configure Secure DHCP

DHCP as defined by RFC 2131 provides no authentication or security mechanisms. Secure DHCP is a suite of features that protects networks that use dynamic address allocation from spoofing and attacks. arp inspection arp inspection-trust clear ip dhcp snooping ip dhcp snooping ip dhcp snooping database ip dhcp snooping binding ip dhcp snooping database renew ip dhcp snooping trust ip dhcp source-address-validation ip dhcp snooping vlan ip dhcp relay ip dhcp snooping verify mac-address show ip dhcp snooping

arp inspection
ces
488 Enable Dynamic Arp Inspection (DAI) on a VLAN. Dynamic Host Configuration Protocol (DHCP)

arp inspection-trust arp inspection INTERFACE VLAN Disabled

Version 8.3.1.0 Version 8.2.1.0 Related Commands arp inspection-trust Introduced on E-Series. Introduced on C-Series and S-Series

Syntax Command Modes Default Command History

Specify a port as trusted so that ARP frames are not validated against the binding table.

arp inspection-trust
ces
Syntax Command Modes

Specify a port as trusted so that ARP frames are not validated against the binding table. arp inspection-trust INTERFACE INTERFACE PORT-CHANNEL

Default Command History

Disabled
Version 8.3.1.0 Version 8.2.1.0 Introduced on E-Series. Introduced on C-Series and S-Series Enable Dynamic ARP Inspection on a VLAN.

Related Commands

arp inspection

clear ip dhcp snooping

ces
Syntax Command Modes Default Command History

Clear the DHCP binding table. clear ip dhcp snooping binding EXEC Privilege None
Version 8.3.1.0 Version 7.8.1.0 Introduced on E-Series. Introduced on C-Series and S-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

489

ip dhcp snooping

Related Commands

show ip dhcp snooping

Display the contents of the DHCP binding table.

ip dhcp snooping
ces
Syntax Command Modes Default Command History

Enable DHCP Snooping globally. [no] ip dhcp snooping CONFIGURATION Disabled

Version 8.3.1.0 Version 8.2.1.0 Version 7.8.1.0 Introduced on E-Series. Introduced on C-Series and S-Series for Layer 2 interfaces. Introduced on C-Series and S-Series on Layer 3 interfaces.

Usage Information

When enabled, no learning takes place until snooping is enabled on a VLAN. Upon disabling DHCP Snooping the binding table is deleted, and Option 82, IP Source Guard, and Dynamic ARP Inspection are disabled. Introduced in FTOS version 7.8.1.0, DHCP Snooping was available for Layer 3 only and dependent on DHCP Relay Agent (ip helper-address). FTOS version 8.2.1.0 extends DHCP Snooping to Layer 2, and you do not have to enable relay agent to snoop on Layer 2 interfaces.

Related Commands

ip dhcp snooping vlan

Enable DHCP Snooping on one or more VLANs.

ip dhcp snooping database

ces
Syntax Parameters

Delay writing the binding table for a specified time. ip dhcp snooping database write-delay minutes minutes CONFIGURATION None
Version 8.3.1.0 Version 7.8.1.0 Introduced on E-Series. Introduced on C-Series and S-Series Range: 5-21600

Command Modes Default Command History

490

Dynamic Host Configuration Protocol (DHCP)

ip dhcp snooping binding

ces
Syntax

Create a static entry in the DHCP binding table. [no] ip dhcp snooping binding mac address vlan-id vlan-id ip ip-address interface type slot/port lease number mac address vlan-id vlan-id ip ip-address interface type
Enter the keyword mac followed by the MAC address of the host to which the server is leasing the IP address. Enter the keyword vlan-id followed by the VLAN to which the host belongs. Range: 2-4094 Enter the keyword ip followed by the IP address that the server is leasing. Enter the keyword interface followed by the type of interface to which the host is connected.

Parameters

slot/port
lease time

For an 10/100 Ethernet interface, enter the keyword fastethernet. For a Gigabit Ethernet interface, enter the keyword gigabitethernet. For a SONET interface, enter the keyword sonet. For a Ten Gigabit Ethernet interface, enter the keyword tengigabitethernet.

Enter the slot and port number of the interface. Enter the keyword lease followed by the amount of time the IP address will be leased. Range: 1-4294967295

Command Modes

EXEC EXEC Privilege

Default Command History

None
Version 8.3.1.0 Version 7.8.1.0 Introduced on E-Series. Introduced on C-Series and S-Series Display the contents of the DHCP binding table.

Related Commands

show ip dhcp snooping

ip dhcp snooping database renew

ces
Syntax Command Modes

Renew the binding table. ip dhcp snooping database renew EXEC EXEC Privilege

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

491

ip dhcp snooping trust

Default Command History

None
Version 8.3.1.0 Version 7.8.1.0 Introduced on E-Series. Introduced on C-Series and S-Series

ip dhcp snooping trust

ces
Syntax Command Modes Default Command History

Configure an interface as trusted. [no] ip dhcp snooping trust INTERFACE Untrusted

Version 8.3.1.0 Version 7.8.1.0 Introduced on E-Series. Introduced on C-Series and S-Series

ip dhcp source-address-validation
ces
Syntax Parameters

Enable IP Source Guard. [no] ip dhcp source-address-validation [ipmac] ipmac INTERFACE Disabled
Version 8.3.1.0 Version 8.2.1.0 Version 7.8.1.0 Introduced on E-Series. Added keyword ipmac. Introduced on C-Series and S-Series Enable IP+MAC Source Address Validation (Not available on E-Series).

Command Modes Default Command History

Usage Information

You must allocate at least one FP block to ipmacacl before you can enable IP+MAC Source Address Validation. 1 2 3 Use the command cam-acl l2acl from CONFIGURATION mode Save the running-config to the startup-config Reload the system.

492

Dynamic Host Configuration Protocol (DHCP)

ip dhcp snooping vlan

ces
Syntax Parameters

Enable DHCP Snooping on one or more VLANs. [no] ip dhcp snooping vlan name name CONFIGURATION Disabled
Version 8.3.1.0 Version 7.8.1.0 Introduced on E-Series. Introduced on C-Series and S-Series Enter the name of a VLAN on which to enable DHCP Snooping.

Command Modes Default Command History

Usage Information Related Commands

When enabled the system begins creating entries in the binding table for the specified VLAN(s). Note that learning only happens if there is a trusted port in the VLAN.
ip dhcp snooping trust

Configure an interface as trusted.

ip dhcp relay
ces
Syntax Parameters

Enable Option 82. ip dhcp relay information-option [trust-downstream] trust-downstream

Configure the system to trust Option 82 when it is received from the previous-hop router.

Command Modes Default Command History

CONFIGURATION Disabled
Version 8.3.1.0 Version 7.8.1.0 Introduced on E-Series. Introduced on C-Series and S-Series

show ip dhcp snooping

ces
Syntax

Display the contents of the DHCP binding table or display the interfaces configured with IP Source Guard. show ip dhcp snooping [binding | source-address-validation]

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

493

ip dhcp snooping verify mac-address

Parameters

binding source-address-validation

Display the binding table. Display the interfaces configured with IP Source Guard.

Command Modes

EXEC EXEC Privilege

Default Command History

None
Version 8.3.1.0 Version 7.8.1.0 Introduced on E-Series. Introduced on C-Series and S-Series Clear the contents of the DHCP binding table.

Related Commands

clear ip dhcp snooping

ip dhcp snooping verify mac-address

ces
Syntax Command Modes Default Command History

Validate a DHCP packets source hardware address against the client hardware address field (CHADDR) in the payload. [no] ip dhcp snooping verify mac-address CONFIGURATION Disabled
Version 8.3.1.0 Version 8.2.1.0 Introduced on E-Series. Introduced on C-Series and S-Series

494

Dynamic Host Configuration Protocol (DHCP)

Chapter 16
Overview

Equal Cost Multi-Path

The characters that appear below command headings indicate support for the associated Force10 platform, as follows: C-Series: c E-Series: e S-Series: s

Commands
The ECMP commands are: hash-algorithm hash-algorithm ecmp hash-algorithm seed ip ecmp-deterministic ipv6 ecmp-deterministic

hash-algorithm
e
Change the hash algorithm used to distribute traffic flows across a Port Channel. The ECMP, LAG, and line card options are supported only on the E-Series TeraScale and ExaScale chassis. hash-algorithm {algorithm-number | {ecmp {checksum| crc | xor} [number] lag {checksum| crc | xor} [number] nh-ecmp {checksum| crc | xor}[number] linecard number ip-sa-mask value ip-da-mask value} To return to the default hash algorithm, use the no hash-algorithm command. To return to the default the Equal-cost Multipath Routing (ECMP) hash algorithm, use the no hash-algorithm ecmp algorithm-value command.

Syntax

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

495

hash-algorithm To remove the hash algorithm on a particular line card, use the no hash-algorithm linecard number command.
Parameters

algorithm-number

Enter the algorithm number. Range: 0 to 47 Note: For EtherScale, range 0 to 15 is valid; 16 to 47 will be considered as 15. TeraScale and ExaScale Only: Enter the keyword ecmp followed by the ECMP hash algorithm value. Range: 0 to 47 TeraScale and ExaScale Only: Enter the keyword lag followed by the LAG hash algorithm value. Range: 0 to 47 (OPTIONAL) Enter the kyeword nh-ecmp followed by the ECMP hash algorithm value. (OPTIONAL) TeraScale and ExaScale Only: Enter the keyword linecard followed by the linecard slot number. Range: 0 to 13 on an E1200/E1200i, 0 to 6 on an E600/E600i, and 0 to 5 on an E300 (OPTIONAL) Enter the keyword ip-sa-mask followed by the ECMP/ LAG hash mask value. Range: 0 to FF Default: FF (OPTIONAL) Enter the keyword ip-da-mask followed by the ECMP/ LAG hash mask value. Range: 0 to FF Default: FF

ecmp hash algorithm value lag hash algorithm value nh-ecmp hash algorithm value linecard number

ip-sa-mask value

ip-da-mask value

Defaults

0 for hash-algorithm value on TeraScale and ExaScale IPSA and IPDA mask value is FF for line card

Command Modes Command History

CONFIGURATION
Version 8.1.1.0 Version 7.8.1.0 Version 7.7.1.1 Version 6.5.1.0 Version 6.3.1.0 Introduced on E-Series ExaScale Added nh-ecmp option Added nh-ecmp option Added support for the line card option on TeraScale only Added the support for ECMP and LAG on TeraScale only

Usage Information

Set the he default hash-algorithm method on ExaScale systems to ensure CRC is not used for LAG. For example, hash-algorithm ecmp xor lag checksum nh-ecmp checksum To achieve the functionality of hash-align on the ExaScale platform, do not use CRC as a hash-algorithm method The hash value calculated with the hash-algorithm command is unique to the entire chassis. The hash algorithm command with the line card option changes the hash for a particular line card by applying the mask specified in the IPSA and IPDA fields.

496

Equal Cost Multi-Path

hash-algorithm

The line card option is applicable with the lag-hash-align microcode only (refer to cam-profile (Config)). Any other microcode returns an error message as follows:

Force10(conf)#hash-algorithm linecard 5 ip-sa-mask ff ip-da-mask ff % Error: This command is not supported in the current microcode configuration.
In addition, the linecard number ip-sa-mask value ip-da-mask value option has the following behavior to maintain bi-directionality: When hashing is done on both IPSA and IPDA, the ip-sa-mask and ip-da-mask values must be equal. (Single Linecard) When hashing is done only on IPSA or IPDA, FTOS maintains bi-directionality with masks set to XX 00 for line card 1 and 00 XX for line card 2 (ip-sa-mask and ip-da-mask). The mask value must be the same for both line cards when using multiple line cards as ingress (where XX is any value from 00 to FF for both line cards). For example, assume traffic is flowing between linecard 1 and linecard 2:

hash-algorithm linecard 1 ip-sa-mask aa ip-da-mask 00 hash-algorithm linecard 2 ip-sa-mask 00 ip-da-mask aa

The different hash algorithms are based on the number of Port Channel members and packet values. The default hash algorithm (number 0) yields the most balanced results in various test scenarios, but if the default algorithm does not provide a satisfactory distribution of traffic, then use the hash-algorithm command to designate another algorithm. When a Port Channel member leaves or is added to the Port Channel, the hash algorithm is recalculated to balance traffic across the members. On TeraScale if the keyword ECMP or LAG is not entered, FTOS assumes it to be common for both. If the keyword ECMP or LAG is entered separately, both should fall in the range of 0 to 23 or 24 to 47 since compression enable/disable is common for both. TeraScale and ExaScale support the range 0-47. The default for ExaScale is 24. For EtherScale, only the range 0 to 15 is valid; 16 to 47 is considerd as 15. Compression Enabled
rotate [0 - 11] 12 - 23 Compression Enabled shift [0 - 11] Compression Disabled rotate [0 - 11] Compression Disabled shift [0 - 11]

0-11

24 - 35

36 - 47

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

497

hash-algorithm ecmp

Related Commands

load-balance (E-Series)

Change the traffic balancing method.

hash-algorithm ecmp
cs
Syntax

Change the hash algorithm used to distribute traffic flows across an ECMP (equal-cost multipath routing) group. hash-algorithm ecmp {crc-upper} | {dest-ip} | {lsb} To return to the default hash algorithm, use the no hash-algorithm ecmp command.

Parameters

crc-upper dest-ip lsb

Uses the upper 32 bits of the key for the hash computation Default: crc-lower Uses the destination IP for ECMP hashing Default: enabled Returns the LSB of the key as the hash Default: crc-lower

Defaults Command Modes Command History

crc-lower, dest-ip enabled CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 Introduced on S-Series Introduced on C-Series

Usage Information

The hash value calculated with the hash-algorithm command is unique to the entire chassis. The default ECMP hash configuration is crc-lower. This takes the lower 32 bits of the hash key to compute the egress port and is the fall-back configuration if the user hasnt configured anything else. The different hash algorithms are based on the number of ECMP group members and packet values. The default hash algorithm yields the most balanced results in various test scenarios, but if the default algorithm does not provide satisfactory distribution of traffic, then use this command to designate another algorithm. When a member leaves or is added to the ECMP group, the hash algorithm is recalculated to balance traffic across the members.

Related Commands

load-balance (C-Series and S-Series)

hash-algorithm seed
e
498 Select the seed value for the ECMP, LAG, and NH hashing algorithm. Equal Cost Multi-Path

ip ecmp-deterministic hash-algorithm seed value [linecard slot] [port-set number] seed value linecard slot port-set number
Defaults Command Modes Command History Usage Information Enter the keyword followed by the seed value. Range: 0 - 4095 Enter the keyword followed by the linecard slot number. Enter the keyword followed by the linecard port-pipe number.

Syntax Parameters

None CONFIGURATION
Version 8.3.1.0 Introduced on E-Series.

Deterministic ECMP sorts ECMPs in order even though RTM provides them in a random order. However, the hash algorithm uses as a seed the lower 12 bits of the chassis MAC, which yields a different hash result for every chassis. This means that for a given flow, even though the prefixes are sorted, two unrelated chassis will select different hops. FTOS provides a CLI-based solution for modifying the hash seed to ensure that on each configured system, the ECMP selection is same. When configured, the same seed is set for ECMP, LAG, and NH, and is used for incoming traffic only. Note: While the seed is stored separately on each port-pipe, the same seed is used across all CAMs. Note: You cannot separate LAG and ECMP, but you can use different algorithms across chassis with the same seed. If LAG member ports span multiple port-pipes and line cards, set the seed to the same value on each port-pipe to achieve deterministic behavior. Note: If the hash algorithm configuration is removed. Hash seed will not go to original factory default setting.

ip ecmp-deterministic
e
Deterministic ECMP Next Hop arranges all ECMPs in order before writing them into the CAM. For example, suppose the RTM learns 8 ECMPs in the order that the protocols and interfaces came up. In this case, the FIB and CAM sort them so that the ECMPs are always arranged.This implementation ensures that every chassis having the same prefixes orders the ECMPs the same. With 8 or less ECMPs, the ordering is lexicographic and deterministic. With more than 8 ECMPs, ordering is deterministic, but it is not in lexicographic order.
Syntax Defaults Command Modes

ip ecmp-deterministic Disabled CONFIGURATION

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

499

ipv6 ecmp-deterministic

Command History Usage Information

Version 8.3.1.0

Introduced on E-Series.

After enabling IPv6 Deterministic ECMP, traffic loss ocurrs for a few milliseconds while FTOS sorts the CAM entries.

ipv6 ecmp-deterministic
e
Deterministic ECMP Next Hop arranges all ECMPs in order before writing them into the CAM. For example, suppose the RTM learns 8 ECMPs in the order that the protocols and interfaces came up. In this case, the FIB and CAM sort them so that the ECMPs are always arranged.This implementation ensures that every chassis having the same prefixes orders the ECMPs the same. With 8 or less ECMPs, the ordering is lexicographic and deterministic. With more than 8 ECMPs, ordering is deterministic, but it is not in lexicographic order.
Syntax Defaults Command Modes Command History Usage Information

ipv6 ecmp-deterministic Disabled CONFIGURATION

Version 8.3.1.0 Introduced on E-Series.

After enabling IPv6 Deterministic ECMP, traffic loss ocurrs for a few milliseconds while FTOS sorts the CAM entries.

500

Equal Cost Multi-Path

Chapter 17

Far-End Failure Detection (FEFD)

Overview
FTOS supports Far-End Failure Detection (FEFD) on the Ethernet interfaces of the E-Series, as indicated by the e character that appears below each command heading. This feature detects and reports far-end link failures. FEFD is not supported on the Management interface. During an RPM failover, FEFD is operationally disabled for approximately 8-10 seconds. By default, FEFD is disabled.

Commands
The FEFD commands are: debug fefd fefd fefd mode fefd-global fefd disable fefd interval fefd-global interval fefd reset show fefd

debug fefd
e
Syntax

Enable debugging of FEFD. debug fefd {events | packets} [interface] To disable debugging of FEFD, use the no debug fefd {events | packets} [interface] command.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

501

fefd

Parameters

events packets interface

Enter the keyword events to enable debugging of FEFD state changes. Enter the keyword packets to enable debugging of FEFD to view information on packets sent and received. (OPTIONAL) Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Command Modes

EXEC Privilege

fefd
e
Syntax

Enable Far-End Failure Detection on an interface. fefd To disable FEFD on an interface, enter no fefd .

Defaults Command Modes Usage Information

Disabled. INTERFACE When you enter no fefd for an interface and fefd-global, FEFD is enabled on the interface because the no fefd command is not retained in the configuration file. To keep the interface FEFD disabled when the global configuration changes, use the fefd disable command.

fefd mode
e
Syntax

Change the FEFD mode on an interface. fefd mode {normal | aggresive}] To return the FEFD mode to the default of normal, enter no fefd mode.

Parameters

normal

(OPTIONAL) Enter the keyword normal to change the link state to unknown when a far-end failure is detected by the software on that interface. When the interface is placed in unknown state, the software brings down the line protocol. (OPTIONAL) Enter the keyword aggressive to change the link state to error-disabled when a far-end failure is detected by the software on that interface. When an interface is placed in error-disabled state, you must enter the fefd reset command to reset the interface state.

aggressive

Defaults

normal

502

Far-End Failure Detection (FEFD)

fefd-global

Command Modes

INTERFACE

fefd-global
e
Syntax

Enable FEFD globally on the system. fefd-global [mode {normal | aggresive}] To disable FEFD globally, use the no fefd-global [mode {normal | aggresive}] command syntax.

Parameters

mode normal

(OPTIONAL) Enter the keywords mode normal to change the link state to unknown when a far-end failure is detected by the software on that interface. When the interface is placed in unknown state, the software brings down the line protocol. Normal mode is the default. (OPTIONAL) Enter the keyword mode aggressive to change the link state to error-disabled when a far-end failure is detected by the software on that interface. When an interface is placed in error-disabled state, you must enter the fefd reset command to reset the interface state.

mode aggressive

Defaults Command Modes Usage Information

Disabled. CONFIGURATION If you enter only the fefd-global syntax, the mode is normal and the default interval is 15 seconds. If you disable FEFD globally (no fefd-global), the system does not remove the FEFD interface configuration.

fefd disable
e
Syntax

Disable FEFD on an interface only. This command overrides the fefd-global command for the interface. fefd disable To re-enable FEFD on an interface, enter no fefd disable.

Default Command Modes

Not configured. INTERFACE

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

503

fefd interval

fefd interval
e
Syntax

Set an interval between control packets. fefd interval seconds To return to the default value, enter no fefd interval.

Parameters

seconds

Enter a number as the time between FEFD control packets. Range: 3 to 300 seconds Default: 15 seconds

Defaults Command Modes

15 seconds INTERFACE

fefd-global interval
e
Syntax

Configure an interval between FEFD control packets. fefd-global interval seconds To return to the default value, enter no fefd-global interval.

Parameters

seconds

Enter a number as the time between FEFD control packets. Range: 3 to 300 seconds Default: 15 seconds

Defaults Command Modes

15 seconds CONFIGURATION

fefd reset
e
Syntax Parameters

Reset all interfaces or a singe interface that was in error-disabled mode. fefd reset [interface] interface
(OPTIONAL) Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Defaults

Not configured. Far-End Failure Detection (FEFD)

504

show fefd

Command Modes

EXEC Privilege

show fefd
e
Syntax Parameters

View FEFD status globally or on a specific interface. show fefd [interface] interface
(OPTIONAL) Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Command Modes

EXEC EXEC Privilege

Example

Figure 167 Command Example: show fefd

Force10#sh fefd FEFD is globally 'ON', interval is 10 seconds, mode is 'Aggressive'. INTERFACE Gi 5/0 Gi 5/1 Gi 5/2 Gi 5/3 Gi 5/4 Gi 5/5 Gi 5/6 Gi 5/7 Gi 5/8 Gi 5/9 Gi 5/10 Gi 5/11 Force10# MODE Aggressive Aggressive Aggressive Aggressive Aggressive Aggressive Aggressive Aggressive Aggressive Aggressive NA Aggressive INTERVAL (second) 10 10 10 10 10 10 10 10 10 10 NA 10 STATE Admin Shutdown Admin Shutdown Admin Shutdown Admin Shutdown Admin Shutdown Admin Shutdown Admin Shutdown Admin Shutdown Admin Shutdown Admin Shutdown Locally disabled Err-disabled

Table 36 Description of show fefd display Field

Interface Mode

Description
Displays the interfaces type and number. Displays the mode (aggressive or normal) or NA if the interface contains fefd disable in its configuration.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

505

show fefd Table 36 Description of show fefd display Field

Interval State

Description
Displays the interval between FEFD packets. Displays the the state of the interface and can be one of the following: bi-directional (interface is up and connected and seeing neighbors echos) err-disabled (only found when the FEFD mode is aggressive and when the interface has not seen its neighbors echos for 3 times the message interval. To reset an interface in this state, use the fefd reset command.) unknown (only found when FEFD mode is normal locally disabled (interface contains the fefd disable command in its configuration) Admin Shutdown (interface is disabled with the shutdown command)

506

Far-End Failure Detection (FEFD)

Chapter 18

Force10 Resilient Ring Protocol (FRRP)

Overview
Force10 Resilient Ring Protocol (FRRP) is supported on platforms

ces

FRRP is a proprietary protocol for that offers fast convergence in a Layer 2 network without having to run the Spanning Tree Protocol. The Resilient Ring Protocol is an efficient protocol that transmits a high-speed token across a ring to verify the link status. All the intelligence is contained in the master node with practically no intelligence required of the transit mode.

Commands
The FRRP commands are: clear frrp debug frrp description disable interface member-vlan mode protocol frrp show frrp timer

Important Points to Remember

FRRP is media- and speed-independent. FRRP is a Force10 proprietary protocol that does not interoperate with any other vendor. Spanning Tree must be disabled on both primary and secondary interfaces before Resilient Ring protocol is enabled. A VLAN configured as control VLAN for a ring cannot be configured as control or member VLAN for any other ring. Publication Date: July 20, 2011 507

Command Line Reference for FTOS version 8.4.2.4

clear frrp

Member VLANs across multiple rings are not supported in Master nodes. If multiple rings share one or more member VLANs, they cannot share any links between them. Each ring can have only one Master node; all others are Transit nodes.

clear frrp
ce
Syntax Parameters

Clear the FRRP statistics counters. clear frrp [ring-id] ring-id

(Optional) Enter the ring identification number. Range: 1 to 255

Defaults Command Modes Command History

No default values or behavior EXEC

Version 8.2.1.0 Version 7.5.1.0 Introduced for the C-Series Introduced

Example

Figure 168 clear frrp Command Examples

Force10#clear frrp

clears the frrp counters for all the available rings

Clear frrp statistics counter on all ring [confirm] yes

confirmation required

Force10#clear frrp 4

clears the frrp counters on the specfied ring confirmation required

Clear frrp statistics counter for ring 4 [confirm] yes Force10#

Usage Information

Executing this command, without the optional ring-id, will clear statistics counters on all the available rings. FTOS requires a command line confirmation before the command is executed. This commands clears the following counters: hello Rx and Tx counters Topology change Rx and Tx counters The number of state change counters
show frrp Display the Resilient Ring Protocol configuration

Related Commands

508

Force10 Resilient Ring Protocol (FRRP)

debug frrp

debug frrp
ce
Syntax

Enable FRRP debugging. debug frrp {event | packet | detail} [ring-id] [count number] To disable debugging, use the no debug frrp {event | packet | detail} {ring-id} [count number] command.

Parameters

event packet detail ring-id count number

Enter the keyword event to display debug information related to ring protocol transitions. Enter the keyword packet to display brief debug information related to control packets. Enter the keyword detail to display detailed debug information related to the entire ring protocol packets. (Optional) Enter the ring identification number. Range: 1 to 255 Enter the keyword count followed by the number of debug outputs. Range: 1 to 65534

Defaults Command Modes Command History

Disabled CONFIGURATION (conf-frrp)

Version 8.2.1.0 Version 7.4.1.0 Introduced for the C-Series Introduced

Usage Information

Since the Resilient Ring Protocol can potentially transmit 20 packets per interface, debug information must be restricted.

description
ce
Syntax

Enter an identifying description of the ring. description Word To remove the ring description, use the no description [Word ]command.

Parameters

Word

Enter a description of the ring. Maximum: 255 characters

Defaults Command Modes Command History

No default values or behavior CONFIGURATION (conf-frrp)

Version 8.2.1.0 Version 7.4.1.0 Introduced for the C-Series Introduced

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

509

disable

disable
ce
Syntax

Disable the Resilient Ring Protocol. disable To enable the Resilient Ring Protocol, use the no disable command.

Defaults Command Modes Command History

Disabled CONFIGURATION (conf-frrp)

Version 8.2.1.0 Version 7.4.1.0 Introduced for the C-Series Introduced

interface
ce
Syntax

Configure the primary, secondary, and control-vlan interfaces. interface {primary interface secondary interface control-vlan vlan-id} To return to the default, use the no interface {primary interface secondary interface control-vlan vlan-id} command.

510

Force10 Resilient Ring Protocol (FRRP)

interface

Parameters

primary interface

Enter the keyword primary to configure the primary interface followed by one of the following interfaces and slot/port information: For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/ port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

secondary interface

Enter the keyword secondary to configure the secondary interface followed by one of the following interfaces and slot/port information: For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/ port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

control-vlan vlan-id
Defaults Command Modes Command History

Enter the keyword control-vlan followed by the VLAN ID. Range: 1 to 4094

No default values or behavior CONFIGURATION (conf-frrp)

Version 8.2.1.0 Version 7.4.1.0 Introduced for the C-Series Introduced

Usage Information

This command causes the Ring Manager to take ownership of these two ports after the configuration is validated by the IFM. Ownership is relinquished for a port only when the interface does not play a part in any control VLAN, that is, the interface does not belong to any ring.
show frrp Display the Resilient Ring Protocol configuration information

Related Commands

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

511

member-vlan

member-vlan
ce
Syntax

Specify the member VLAN identification numbers. member-vlan {vlan-range} To return to the default, use the no member-vlan [vlan-range] command.

Parameters

vlan-range

Enter the member VLANs using comma separated VLAN IDs, a range of VLAN IDs, a single VLAN ID, or a combination. For example: Comma separated: 3, 4, 6 Range: 5-10 Combination: 3, 4, 5-10, 8

Defaults Command Modes Command History

No default values or behavior CONFIGURATION (conf-frrp)

Version 8.2.1.0 Version 7.4.1.0 Introduced for the C-Series Introduced

mode
ce
Syntax

Set the Master or Transit mode of the ring. mode {master | transit} To reset the mode, use the no mode {master | transit} command.

Parameters

master transit

Enter the keyword master to set the Ring node to Master mode. Enter the keyword transit to set the Ring node to Transit mode.

Defaults Command Modes Command History

Mode None CONFIGURATION (conf-frrp)

Version 8.2.1.0 Version 7.4.1.0 Introduced for the C-Series Introduced

512

Force10 Resilient Ring Protocol (FRRP)

protocol frrp

protocol frrp
ce
Syntax

Enter the Resilient Ring Protocol and designate a ring identification. protocol frrp {ring-id} To exit the ring protocol, use the no protocol frrp {ring-id} command.

Parameters

ring-id

Enter the ring identification number. Range: 1 to 255

Defaults Command Modes Command History

No default values or behavior CONFIGURATION

Version 8.2.1.0 Version 7.4.1.0 Introduced for the C-Series Introduced

Usage Information

This command places you into the Resilient Ring Protocol. After executing this command, the command line prompt changes to conf-frrp.

show frrp
ce
Syntax Parameters

Display the Resilient Ring Protocol configuration. show frrp [ring-id [summary]] | [summary] ring-id summary
Enter the ring identification number. Range: 1 to 255 (OPTIONAL) Enter the keyword summary to view just a summarized version of the Ring configuration.

Defaults Command Modes Command History

No default values or behavior EXEC

Version 8.2.1.0 Version 7.4.1.0 Introduced for the C-Series Introduced

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

513

timer

Example 1

Figure 169 show frrp summary Command Example

Force10#show frrp summary Ring-ID State Mode Ctrl_Vlan Member_Vlans ----------------------------------------------------------------2 UP Master 2 11-20, 25,27-30 31 UP Transit 31 40-41 50 Down Transit 50 32 Force10#

Example 2

Figure 170 show frrp ring-id Command Example

Force10#show frrp 1 Ring protocol 1 is in Master mode Ring Protocol Interface: Primary : GigabitEthernet 0/16 State: Forwarding Secondary: Port-channel 100 State: Blocking Control Vlan: 1 Ring protocol Timers: Hello-Interval 50 msec Dead-Interval 150 msec Ring Master's MAC Address is 00:01:e8:13:a3:19 Topology Change Statistics: Tx:110 Rx:45 Hello Statistics: Tx:13028 Rx:12348 Number of state Changes: 34 Member Vlans: 1000-1009 Force10#

Example 3

Figure 171 show frrp ring-id summary Command Example

Force10#show frrp 2 summary Ring-ID State Mode Ctrl_Vlan Member_Vlans ----------------------------------------------------------------2 Up Master 2 11-20, 25, 27-30 Force10#

Related Commands

protocol frrp

Enter the Resilient Ring Protocol and designate a ring identification

timer
ce
Syntax

Set the hello or dead interval for the Ring control packets. timer {hello-interval milliseconds}| {dead-interval milliseconds} To remove the timer, use the no timer {hello-interval [milliseconds]}| {dead-interval milliseconds} command.

514

Force10 Resilient Ring Protocol (FRRP)

timer

Parameters

hello-interval milliseconds

Enter the keyword hello-interval followed by the time, in milliseconds, to set the hello interval of the control packets. The milliseconds must be enter in increments of 50 milliseconds, for example 50, 100, 150 and so on. If an invalid value is enter, an error message is generated. Range: 50 to 2000ms Default: 500 ms Enter the keyword dead-interval followed by the time, in milliseconds, to set the dead interval of the control packets. Range: 50 to 6000ms Default: 1500ms Note: The configured dead interval should be at least three times the hello interval

dead-interval milliseconds

Defaults Command Modes Command History

Default as shown CONFIGURATION (conf-frrp)

Version 8.2.1.0 Version 7.4.1.0 Introduced for the C-Series Introduced

Usage Information

The hello interval is the interval at which ring frames are generated from the primary interface of the master node. The dead interval is the time that elapses before a timeout occurs.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

515

timer

516

Force10 Resilient Ring Protocol (FRRP)

Chapter 19

Force10 Service Agent

Overview
The Force10 Service Agent (FTSA), commonly called a call-home service, collects information from the chassis manager, constructs email messages, and sends the messages to the recipients that you configure. For details on the use of FTSA commands and the structure of FTSA messages, see the Service Agent (FTSA) chapter in the FTOS Configuration Guide. All commands in this chapter are supported on C-Series and the E-Series using TeraScale cards. All commands except for three encrypt, keyadd, and show keys are supported on E-Series using EtherScale cards. Platform support is indicated by the characters that appear below each command heading c for C-Series, e for E-Series.

Commands
The FTSA commands are: action-list admin-email call-home case-number schedule seq cli-action seq cli-debug seq cli-show contact-address contact-email contact-name contact-notes contact-phone dampen debug call-home default-action default-test

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

517

description domain-name enable enable-all encrypt frequency keyadd log-messages log-only match message-format policy policy-action-list policy-test-list pr-number recipient run-cpu sample-rate server show configuration show debugging show keys smtp server-address test-condition (comparing samples) test-condition (comparison to a value) test-condition message-text (deprecated) test-limit test-list

518

Force10 Service Agent

action-list

action-list
ce
Syntax Parameters

Specify an action list for the associated policy and enter the conf-call-home-actionlist-name mode. [no] action-list word word
Enter the keyword action-list followed by the name of a configured policy

action list.
Defaults Command Modes Command History Usage Information

none config-callhome-policy-name
Version 7.7.1.0 Introduced on C-Series and E-Series

You access this command by first using the policy-action-list command to define a policy-action list name and executing the policy command. Associate this action list to a selected test list through the policy command. When any event occurs that is monitored by the associated test list, the policy invokes the action list that you select here.
default-action policy policy-action-list test-list Select the information collection action that matches the selected test group. Create a policy with a name and enter config-callhome-policy-name mode. Name a policy action list and enter the config-callhome-actionlist mode to execute the default-action command.. Enter the name of a configured policy test list.

Related Commands

admin-email
ce
Syntax

Enter the Administrator email address, the address from which FTSA emails are addressed. admin-email email_address To remove the Administrators email address, use the no admin-email command.

Parameters

email address

You have two choices: Enter the administrators full email address, for example, admin@domain_name.com. Enter just the username component, for example, admin.

Defaults Command Modes Command History

No default behavior or values CONFIGURATION (conf-callhome)

Version 7.6.1.0 Version 6.3.1.0 Introduced for C-Series Introduced for E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

519

call-home

Usage Information

The domain name part of the email address can be specified here or by using the command domain-name. In either case, if you specify a domain name by using the domain-name command, that name will be used for the email address instead of a domain name that you might enter here.
call-home domain-name server smtp server-address Start FTSA and Enter the FTSA mode. Specify the domain name to be used for the Administrators email address. Configure a recipient. Identify the local SMTP (Simple Mail Transfer Protocol) server from which FTSA email messages will be forwarded.

Related Commands

call-home
ce
This command has two functions:
Syntax

Start FTSA. Enter the CONFIGURATION (conf-callhome) mode.

call-home To stop FTSA, use the no call-home command. Stopping FTSA removes all FTSA configuration from the running configuration.

Defaults Command Modes Command History

No default behavior or values CONFIGURATION (conf-callhome)

Version 7.6.1.0 Version 6.3.1.0 Introduced on C-Series Introduced for E-Series

Example

Figure 172 call-home Command Example

Force10(conf)#call-home Apr 28 15:32:21: %RPM1-P:CP %CALL-HOME-3-CALLHOME: Call-home service started Force10(conf-callhome)#

Usage Information

If executing the call-home command starts FTSA (this only happens if FTSA is not already started), FTOS returns a verification message, and FTSA generates an email message to the default recipient, [email protected]. If FTSA is already started, executing the call-home command simply puts the user in CONFIGURATION (conf-callhome) mode. If FTSA is running and the no call-home command is executed, FTSA sends an alert email message to all designated recipients, then stops. The user is returned to CONFIGURATION mode, and FTOS removes the current FTSA configuration from the running configuration.

520

Force10 Service Agent

case-number

Related Commands

call-home smtp server-address admin-email

Start FTSA and Enter the FTSA mode. Identify the local SMTP server from which FTSA email messages will be forwarded. Enter the Administrators email address.

case-number
ce
Syntax Parameters

Specify a case number for the associated policy. [no] case-number word word
Enter the keyword case-number followed by a case number in the format C-xxxxx or c-xxxxx, where x = 0 to 9. Range: 1 to 20 characters.

Defaults Command Modes Command History Usage Information

none config-callhome-policy-name
Version 7.7.1.0 Introduced on C-Series and E-Series

This is an optional command that you access by entering the policy command. You would only use this command if there is a TAC case associated with this policy. The specified case number would be returned to the host, if the action list is triggered. Whatever you enter is saved in the call-home configuration.

Related Commands

action-list policy pr-number test-list

Specify a policy action list for the associated policy. Create a policy with a name and enter config-callhome-policy-name mode. Enter a PR (problem report) number associated with the selected policy. Enter the name of a configured policy test list.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

521

schedule

schedule
ce
Syntax Parameters

Executes an action list at the configured time. schedule hr:min:sec [once | daily] hr:min:sec once daily
Chassis time specified in hour:minute:second format.

Executes the action list only once at the configured time. Executes the action list multiple times at the configured time.

Defaults Command Modes Command History Related Commands

None CALL-HOME ACTION-LIST

Version 8.2.1.0 Introduced on C-Series and E-Series.

action-list

Specify an action list for the associated policy and enter the conf-call-home-actionlist-name mode.

522

Force10 Service Agent

seq cli-action

seq cli-action
ce
Syntax Parameters

Configure an action to execute an FTOS command for one-time operation, triggered as part of the selected action list. seq number cli-action command seq number command
Use the keyword seq followed by a number that FTOS uses to execute the list of actions in numerical order. Enter a mode command.

Defaults Command Modes Command History

None CALL-HOME ACTION-LIST

Version 8.2.1.0 Version 7.8.1.0 Keyword cli-command changed to cli-action. All options removed. Added keywork seq. Introduced on C-Series and E-Series Specify an action list for the associated policy and enter the conf-call-home-actionlist-name mode.

Related Commands

action-list

seq cli-debug
ce
Syntax Parameters

Configure an action to collect debug information using the designated debug command for the designated time interval. seq number cli-debug command time seconds seq number cli-debug debug-command time seconds
Use the keyword seq followed by a number that FTOS uses to execute the list of actions in numerical order. Enter a debug command, but without the initial debug keyword. If the debug command has spaces, wrap the command in quotes. Range: 1-100((max 100 chars including quotes) Enter the keyword time, followed by the duration, in seconds, that the debug operation should operate. Range: 1600 (number of seconds that the operation should operate)

Defaults Command Modes Command History

None CALL-HOME ACTION-LIST

Version 8.2.1.0 Version 7.8.1.0 Added keyword seq. Introduced on C-Series and E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

523

seq cli-show When you enter a debug command, do not repeat the initial debug keyword. For example, if the command is debug cpu-traffic-stats, enter cli-debug cpu-traffic-stats. If the debug command has spaces, such as debug ip bgp events, put the words following debug in double quotes.
Related Commands action-list Specify an action list for the associated policy and enter the conf-call-home-actionlist-name mode.

Usage

seq cli-show
ce
Syntax Parameters

Configure an action to collect the output of the designated show command a designated number of times at a designated time interval. seq number cli-show command repeat number delay seconds seq number cli-show show-command repeat number
Use the keyword seq followed by a number that FTOS uses to execute the list of actions in numerical order. Enter the keyword cli-show, followed by a show command. Range: 1-100(max 100 chars including quotes) Enter the keyword repeat, followed by the number of times that the output of the designated show command should be collected. Range: 110 (number of times to collect output) Enter the keyword delay, followed by the interval, in number of seconds, to wait in collecting instances of the output of the designated show command. Range: 1120 (number of seconds to wait between collections)

delay seconds

Defaults Command Modes Command History

None CALL-HOME ACTION-LIST

Version 8.2.1.0 Version 7.8.1.0 Added keyword seq. Introduced on C-Series and E-Series

Usage

If the command has spaces. such as show processes cpu time, put the words following show in double quotes, as shown in the following example.
action-list Specify an action list for the associated policy and enter the conf-call-home-actionlist-name mode.

Related Commands

524

Force10 Service Agent

contact-address

contact-address
ce
Syntax Defaults Command Modes Command History Related Commands

Enter your customer address (up to 100 characters) to be included in type 5 FTSA messages. contact-address string none CALL-HOME
Version 7.7.1.0 Introduced on C-Series and E-Series

call-home

Start FTSA and enter CONFIGURATION (conf-callhome) mode.

contact-email
ce
Syntax Defaults Command Modes Command History Related Commands

Enter a customer email address (up to 60 characters) to be included in type 5 FTSA messages. contact-email address none CALL-HOME
Version 7.7.1.0 Introduced on C-Series and E-Series

call-home

Start FTSA and enter CONFIGURATION (conf-callhome) mode.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

525

contact-name

contact-name
ce
Syntax Defaults Command Modes Command History Related Commands

Enter a customer contact name (up to 25 characters) to be included in type 5 FTSA messages. contact-name name none CALL-HOME
Version 7.7.1.0 Introduced on C-Series and E-Series

call-home

Start FTSA and enter CONFIGURATION (conf-callhome) mode.

contact-notes
ce
Syntax Defaults Command Modes Command History Related Commands

Enter comments (up to 100 characters) to be included in the configuration database and in type 5 FTSA messages. contact-notes string none CALL-HOME
Version 7.7.1.0 Introduced on C-Series and E-Series

call-home

Start FTSA and enter CONFIGURATION (conf-callhome) mode.

526

Force10 Service Agent

contact-phone

contact-phone
ce
Syntax Defaults Command Modes Command History Related Commands

Enter a customer phone number (up to 50 characters) to be included in type-5 FTSA messages. contact-phone number none CALL-HOME
Version 7.7.1.0 Introduced on C-Series and E-Series

call-home

Start FTSA and enter CONFIGURATION (conf-callhome) mode.

dampen
ce
Syntax Parameters

Set a delay before sampling for a test condition again after it has been matched. dampen number number
Enter the number of minutes for FTSA to wait before sampling a test condition again after it has been matched. Range: 11440

Defaults Command Modes Command History Related Commands

5 minutes CALL-HOME POLICY

Version 7.8.1.0 Introduced on C-Series and E-Series

policy

Create a policy with a name and enter config-callhome-policy-name mode.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

527

debug call-home

debug call-home
ce
Syntax

Monitor FTSA email messages through the CLI. debug call-home To turn message monitoring off, use the no debug call-home command.

Defaults Command Modes

no debug call-home EXEC EXEC Privilege

Command History

Version 7.6.1.0 Version 6.3.1.0

Introduced on C-Series Introduced for E-Series Display the status of FTSA (call-home) debugging.

Related Commands

show debugging

default-action
ce
Syntax Parameters

Select the information collection action that matches the equivalent test group. default-action {hardware | software | exception} hardware software exception
Enter the keyword hardware to collect hardware information. See the FTOS Configuration Guide for the list of actions executed by this keyword. Enter the keyword software to collect software information. See the FTOS Configuration Guide for the list of actions executed by this keyword. Enter the keyword exception to collect exception information. See the FTOS Configuration Guide for the list of actions executed by this keyword.

Defaults Command Mode Command History Usage Information

No default behavior or values CALL-HOME ACTION-LIST

Version 7.7.1.0 Introduced on C-Series and E-Series

Starting with FTOS 7.8.1.0, after you use the policy-test-list and default-list commands to put you in the config-callhome-actionlist mode, you can use the default-action command to select any test group. The FTSA message (or log entry) contains the information collected by the selected action.

Related Commands

policy-action-list

This command names the policy action list and enters the config-callhome-actionlist-name mode.

528

Force10 Service Agent

default-test

default-test
ce
Syntax Parameters

Invoke one of three preset system-monitoring test groups. default-test {hardware | software | exception} hardware software exception
Enter the keyword hardware to monitor hardware conditions. See the FTOS Configuration Guide for the list of conditons monitored by this keyword. Enter the keyword software to monitor software conditions. See the FTOS Configuration Guide for the list of conditons monitored by this keyword. Enter the keyword exception to monitor the exceptions events. See the FTOS Configuration Guide for the list of conditons monitored by this keyword.

Defaults Command Mode Command History Usage Information

None CALL-HOME TEST-LIST

Version 7.7.1.0 Introduced on C-Series and E-Series

Executing the policy-test-list command puts you in the config-callhome-testlist mode, where you use this command to invoke one of three possible test groups. FTOS monitors the system for any event in the selected test group. If such an event occurs, FTOS invokes the action you define using the default-action command.
default-action policy-test-list Select the information collection action that matches the selected test group. Name a new or existing test list and enter the config-callhome-testlist-name mode.

Related Commands

description
ce
Syntax

Enter a description for the Call Home mode. description {description} To remove the description, use the no description {description} command.

Parameters

description None

Enter a description to identify the Call Home mode(80 characters maximum).

Defaults Command Modes Command History Related Commands

CONFIGURATION-CALLHOME
pre-7.7.1.0 Introduced

call-home

Enter the Call Home mode on the switch.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

529

domain-name

domain-name
ce
Syntax

Specify the domain name for the Administrators email address. domain-name domain_name To remove the domain name, use the no domain-name command.

Parameters

domain name

Enter the keyword domain-name followed by the complete domain name of the Administrators email address, for example, domain_name.com.

Defaults Command Modes Command History

The domain name specified in the admin-email command CONFIGURATION (conf-callhome)

Version 7.6.1.0 Version 6.3.1.0 Introduced on C-Series Introduced for E-Series

Usage Information Related Commands

If you use this command to specify a domain name, that domain name is used instead of any domain name that you might have specified using the admin-email command.
admin-email call-home Enter the Administrators email address. Start FTSA and Enter the FTSA mode.

enable
ce
Syntax

Enable the sending of FTSA email messages to the selected recipient. enable To disable (end) the sending of FTSA email messages to the selected recipient, use the no enable command.

Defaults Command Modes Command History

no enable conf-callhome
Version 7.6.1.0 Version 6.3.1.0 Introduced on C-Series Introduced for E-Series

Usage Information

If you leave the selected recipient in the default condition of disabled (no FTSA email messages to the selected recipient), you can either come back to this command later, or you can use the enable-all command. If you use the enable-all command, you can then disable email messages to the recipient with the no enable command at the server-specific prompt.

530

Force10 Service Agent

enable-all

FTSA sends an email notification to the selected recipient whenever the enable status changes.

Note: Execute the enable command only after the SMTP and admin-email
commands are executed.
Related Commands

admin-email call-home smtp server-address

Specify the Administrators email address. Start FTSA and Enter the FTSA mode. Configure the SMTP server detail.

enable-all
ce
Syntax

Enable (start) the sending of FTSA email messages to all designated recipients. enable-all To disable (end) the sending of FTSA email messages to all designated recipients, use the no enable command.

Defaults Command Modes Command History

no enable-all CONFIGURATION (conf-callhome)

Version 7.6.1.0 Version 6.3.1.0 Introduced on C-Series Introduced for E-Series

Usage Information

FTSA sends an email notification to all designated recipients whenever the enable-all status changes.

Note: Execute the enable-all command only after the SMTP and admin-email
commands are executed.
Related Commands

admin-email call-home smtp server-address server

Specify the Administrators email address. Start FTSA and Enter the FTSA mode. Identify the SMTP server. Configure each recipient.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

531

encrypt

encrypt
ce
Syntax

Specify email encryption for this server. encrypt To remove email encryption for this server, use the no encrypt command.

Defaults Command Modes Command History

no encrypt CONFIGURATION Server (conf-callhome-server_name)

Version 7.6.1.0 Version 6.3.1.0 Introduced on C-Series Introduced for E-Series

Usage Information

Encryption is supported through PGP (Pretty Good Privacy). Encryption cannot be enabled without a public key for the server. On E-Series chassis, this command is only supported for TeraScale cards.

Note: Execute the encrypt command only after the keyadd command is executed.

Related Commands

call-home keyadd server

Start FTSA and Enter the FTSA mode. Add a public key to the server. Configure each recipient.

frequency
ce
Syntax

Select the interval (frequency) with which email FTSA messages are sent to all designated recipients. frequency minutes To return to the default frequency, use the no frequency command.

Parameters

minutes

Enter the time interval, in minutes, that you want between FTSA status emails. Range: 2 to 10080 minutes Default: 1440 minutes (24 hours)

Defaults Command Modes Command History

1440 minutes (24 hours) CONFIGURATION (conf-callhome)

Version 7.6.1.0 Version 6.3.1.0 Introduced on C-Series Introduced for E-Series

532

Force10 Service Agent

keyadd The frequency is immediately set once the frequency command is executed. For example, if you set the frequency to 120 minutes, the 120 minutes begins as soon as the command is executed. In this example, email messages will be sent to all designated recipients exactly two hours after executing the command.
call-home Start FTSA and Enter the FTSA mode.

Usage Information

Related Commands

keyadd
ce
Syntax

Add the public encryption key (PGP5-compatible) for a specific recipient if you want to encrypt messages sent to that recipient. keyadd public_key To remove the public key, use the no keyadd public_key command.

Parameters

public_key

Enter the local source and filename of the public key (must be PGP5 compatible) created for the selected recipient, such as keyadd flash://mykey

Defaults Command Modes Command History

No default behavior or values CONFIGURATION Server (conf-callhome-server_name)

Version 7.6.1.0 Version 6.3.1.0 Introduced on C-Series Introduced for E-Series

Usage Information

The Force10 server associated with the default Force10 Support recipient has a public key that is shipped as part of FTOS, so you do not need to enter the keys filename for that server. However, if the Force10 public key is changed, a notification will be made to download the new key from the Force10 website, and to replace the old key with that new key. Also, if you set up other recipients, use this command to enter their key filenames. On E-Series chassis, this command is only supported for TeraScale cards.

Note: Execute the encrypt command after the keyadd command to ensure email
encryption.
Related Commands

call-home encrypt server show keys

Start FTSA and Enter the FTSA mode. Enable email encryption. Configure recipients. Display the email encryption (PGP) keys.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

533

log-messages

log-messages
ce
Syntax Parameters

This command collects information from the chassis. [no] log-messages [delay 601440] [severity 07] [filter word] delay 601440
(OPTIONAL) Enter the keyword delay followed by the number of minutes to delay from the time of invoking the command after which FTSA will accumulate system log messages into a message. (OPTIONAL) Enter the keyword severity followed by the error severity level entered in the system log that should be collected into the FTSA message. (OPTIONAL) Enter the keyword filter followed by a character string that FTSA should use to search the system log. A search string containing spaces must be in quotes. If the search yields a positive result, FTSA will send a log message with the string included.

severity 07 filter word

Defaults Command Modes Command History Usage Information

delay = 1440 minutes; severity = 7; filter = no conf-callhome

Version 7.7.1.0 Introduced on C-Series and E-Series

Each of the three command parameters are optional and can be entered in any order, individually or in combination. The default severity level of 7 is the recommended severity level. Lower values will result in partial log data sent to the server because messages with higher values are filtered out.

Related Commands

call-home log-only logging buffered show logging

Start FTSA and Enter the FTSA mode. Select the information collection action that matches the selected test group. Enable logging and specify which messages are logged to an internal buffer. By default, all messages are logged to the internal buffer. Display the logging settings and system messages logged to the internal buffer of the switch.

534

Force10 Service Agent

log-only

log-only
ce
Syntax Defaults Command Modes Command History Usage Information

Execute this command if you want FTSA data to be collected in a local log rather than to be sent to configured FTSA recipients. [no] log-only no log-only conf-callhome-actionlist-name
Version 7.7.1.0 Introduced on C-Series and E-Series

If you execute this command, data gathered by the action list invoked by the default-action command will be saved in a local file. The file will have the same name as the action list and with a time stamp appended to the file name. When saved in flash, the file name format is:
flash:/<actionlistName>-<timestamp>.ftsa For example: flash:/hardwareAction- 02_16_34 423.ftsa

Because the time stamp makes each file unique, files will not be overwritten if the action list executes more than once. If this log-only command is not executed, or if no log-only option is executed, then the collected data will be sent in an FTSA email. When sent as an mail attachment, the file name format is:
<actionlistName>-<timestamp>.txt For example: hardwareAction-02_16_34 423.txt

If the collected data is split due to a size limit, a sequential version number will be added to it. For example: hardwareAction-02_16_34 423_0.txt
Related Commands call-home default-action Start FTSA and Enter the FTSA mode. Select the information collection action that matches the selected test group.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

535

match

match
ce
Syntax Parameters

This command enables you to execute the configured action list based on one of three test list criteria. match {any | all | simultaneous} all any simultaneous
Entering this keyword will require that all conditions in the test list be matched in order to execute the associated action list. Entering this keyword will cause a match for any item in the test list to execute the associated action list. This is the default option. Entering this keyword indicates that the test conditions must be matched in the same sampling period in order to execute the associated action list.

Default Command Mode Command History Related Commands

match any config-callhome-testlist-name

Version 7.8.1.0 Introduced on C-Series and E-Series

policy policy-test-list

Create a policy with a name and enter config-callhome-policy-name mode. Name a policy test list and enter the config-callhome-actionlist-name mode.

message-format
ce
Syntax Parameters

Set the format of an action-list (type-5) email message. message-format {xml | text} xml text
Enter the keyword xml to have the type-5 mail generated in XML format. Enter the keyword text to have the type-5 mail generated in text format.

Defaults Command Modes Command History Usage Information

xml config-callhome-actionlist-name
Version 7.8.1.0 Introduced on C-Series and E-Series

A type-5 message emails the output gathered by an action list. The attachment for the Type 5 message contains the output of a single execution of a single action list, as well as the content of the main message. The example, below, shows generally how a type-5 message would look formatted in XML.

536

Force10 Service Agent

message-format

Example
<action_list_message> <AgentInfo> <messagetype>Type - 5</messagetype> <time>Oct 18 15:05:34.699 UTC</time> <serialnum>E000000001664</serialnum> </AgentInfo>

<contact_info> <contact-name> name </contact-name> <contact-email> email </contact-email> <contact-phone> phone </contact-phone> <contact-address> address </contact-address> <contact-notes> notes </contact-notes> </contact_info> <F10_info> <policy_name>xxxxxxx</policy_name> <case_number>xxxxx</case_number> <pr_number>xxxxx</pr_number> </F10_info> <action_list_name> name </action_list_name> <test_list_match> <match> keyword : value </match> <match> cpu-5-min : 98% </match> <match> etc </match> </test_list_match> <content> <item> <item_name>show pcdfo</item_name> <item_time>Oct 18 15:05:34.699 UTC</item_time> <item_output>xxx</item_output> </item> <item> <item_name>debug-cpu-traffic-stats</item_name> <item_time>Oct 18 15:05:35.288 UTC</item_time> <item_output>xxx</item_output> </item> etc. </content> </action_list_message>

Related Commands

action-list

Specify a policy action list for the associated policy and enter the conf-call-home-actionlist-name mode.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

537

policy

policy
ce
Syntax Parameters

Create a policy with a name and enter config-callhome-policy-name mode. In that mode, you can create a case number identifier to be matched with a test list and action. [no] policy word word
Enter a name (up to 20 characters) for the new policy.

Defaults Command Modes Command History

No default behavior or values conf-callhome

Version 7.8.1.0 Version 7.7.1.0 Concurrent policies changed from three to five Introduced on C-Series and E-Series

Usage Information

You can create up to five concurrent policies with this command. A policy is the association of a test list with an action list, and optionally a case number. Choose the test list (the type of monitoring to perform) with the policy-test-list command. Choose the associated action to perform with the policy-action-list command.
call-home case-number default-test policy-action-list policy-test-list pr-number test-list Start FTSA and Enter the FTSA mode. Specify a case number for the associated policy Invoke one of three system-monitoring test groups. Name a policy action list and enter the config-callhome-actionlist-name mode. Name a policy test list and enter the config-callhome-testlist-name mode. Create an entry for a PR number in policy mode. The PR number is the issue identifier (bug ID) maintained by Force10, and is associated with the test list. Enter the name of a configured policy test list to be associated with the selected policy.

Related Commands

policy-action-list
ce
Syntax Parameters

Name a policy action list and enter the config-callhome-actionlist-name mode to enter commands that will execute actions based on test results. policy-action-list word word
Enter the name (up to 20 characters) of the new policy test list.

Defaults Command Modes Command History

No default behavior or values conf-callhome

Version 7.7.1.0 Introduced on C-Series and E-Series

538

Force10 Service Agent

policy-test-list

Usage Information

Capturing events with FTSA requires two parallel configurations. You choose the type of testing (monitoring) to perform with the policy-test-list command. You choose the action to perform when an event occurs by using this command and then action selection commands, such as default-action.

policy-test-list
ce
Syntax Parameters

Name a policy test list and enter the config-callhome-testlist-name mode. policy-test-list word word
Enter the name (up to 20 characters) of the new policy test list.

Defaults Command Mode Command History Usage Information

No default behavior or values conf-callhome

Version 7.7.1.0 Introduced on C-Series and E-Series

After you name the test list with this command, use the command such as default-test to choose the type of monitoring to perform.

pr-number
ce
Syntax Parameters

Enter a PR (problem report) number associated with the selected policy. The number is the issue identifier (bug ID) maintained by Force10. pr-number number number none config-callhome-policy-name
Version 7.8.1.0 Introduced on C-Series and E-Series Enter a 5-digit PR number, as supplied by Force10.

Defaults Command Mode Command History Related Commands

case-number policy policy-test-list

Specify a case number for the associated policy. Create a policy with a name and enter config-callhome-policy-name mode. Name a policy test list and enter the config-callhome-actionlist-name mode.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

539

recipient

recipient
ce
Syntax

Enter the email address of the recipient associated with the selected server name. recipient email address To remove the recipient, use the no recipient email address command.

Parameters

email address

Enter the recipients full email address. For example, name@domain_name.com.

Defaults Command Mode Command History

[email protected] (associated with the Force10 server only) CONFIGURATION Server (conf-callhome-server_name)
Version 7.6.1.0 Version 6.3.1.0 Introduced on C-Series Introduced for E-Series

Usage Information

After using the server command to create a server name, you are placed at that server-specific prompt, where you can use this command to enter the email address of the recipient that you want to associate with that server name.
call-home Start FTSA and Enter the FTSA mode.

Related Commands

run-cpu
ce
Syntax Parameters

Set whether the action list associated with the selected test list should be executed, as a function of CPU utilization. run-cpu {cpu | rpm-any} {less-than | greater-than} percentage percentage cpu rpm-any
Enter a CPU utilization percentage. Range: 0100 Select a CPU: CP, LP, RP1, or RP2 Monitor all RPM CPUs for the run-cpu condition (CP, RP1, and RP2)

Default Command Mode Command History

None CALL-HOME POLICY

Version 8.2.1.0 Version 7.8.1.0 Added variable cpu, and keyword rpm-any. Keyword more-than changed to greater-than. Keyword unconditional removed. Introduced on C-Series and E-Series

540

Force10 Service Agent

sample-rate

Usage

The purpose of this command is to determine whether the action list associated with this test list should be executed, depending on whether the CPU utilization at the time the test list is executed meets the configured parameter: If less-than is configured, the user might be worried about executing the action list in high CPU usage conditions. In such a case, for example, the user might configure run-cpu less-than 90. When a match is made to the test list, the CPU 1-minute average is checked and if it is 85%, for example, then the associated action list will be executed. If the current CPU usage is at 90% or greater, the action list will not be executed. In this case, FTSA logs this in the syslog to note that a match was made, what the match was, and that the action list was not executed because CPU was too high. If greater-than is configured, it is probably because the user does not care about results that may occur when CPU usage is low. For example, a user might configure run-cpu greater-than 60. If a match is found for the test list and the 1-minute CPU average is 40%, then the action list is not executed; if it is 61% or greater, then it is executed.
policy Create a policy with a name and enter config-callhome-policy-name mode.

Related Commands

sample-rate
ce
Syntax Parameters

Set the sampling interval for how often to execute the configured test condition. sample-rate number number
Set the sampling interval for how often to execute the configured test condition. Range: 11440 (minutes)

Default Command Mode Command History Related Commands

1 (one minute) conf-callhome-policy

Version 7.8.1.0 Introduced on C-Series and E-Series

policy policy-test-list test-condition (comparing samples) test-condition (comparison to a value) test-condition message-text (deprecated) test-limit

Create a policy with a name and enter config-callhome-policy-name mode. Name a policy test list and enter the config-callhome-actionlist-name mode. Collect multiple samples of a statistic and compare them using the specified comparator and hurdle value. Collect a sample of a designated statistic and then compare it to the designated number. Search for a stated value in the output of the designated show command or message type. Set the number of times that the test list should be executed.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

541

server

server
ce
Syntax

Use this command to create a server name to be associated with a particular recipient. server name To remove a server and the associated recipient, use the no server name command.

Parameters

name Force10

Enter the name of the server in alphanumeric format, up to 25 characters long.

Defaults Command Mode Command History

CONFIGURATION Server (conf-callhome)

Version 7.6.1.0 Version 6.3.1.0 Introduced on C-Series Introduced for E-Series

Example

Figure 173 server (FTSA) Command Example

Force10(conf-callhome)# Force10(conf-callhome)#server freedom_bird Force10(conf-callhome-freedom_bird)#?

Usage

The Force10 server name is configured for FTSA messages to be sent by default to Force10 Support at [email protected]. If you want to change that address, enter the command server Force10. You will be placed at that server-specific prompt (conf-callhome-Force10), where you would then use the recipient command to enter a new address. In addition to modifying the Force10 server recipient, you can identify up to four more server names and associated recipients. If you want to use encryption for a particular recipients email messages, the server name must match the user ID that is in the encryption file that the recipient will use to decrypt the messages. Use the keyadd command to designate the encryption file.

Related Commands

call-home enable recipient enable

Start FTSA and Enter the FTSA mode. Enable FTSA (call home) email for the selected recipient. Enter the recipients email address. Enable FTSA (call home) email for the selected recipient.

542

Force10 Service Agent

show configuration

show configuration
ce
Syntax Defaults Command Mode Command History

Display the FTSA (call-home) configuration. show configuration No default behavior or values CONFIGURATION (conf-callhome)
Version 7.6.1.0 Version 6.3.1.0 Introduced on C-Series Introduced for E-Series

Example
Force10(conf-callhome)#show configuration ! call-home admin-email traza domain-name force10networks.com smtp server-address 10.0.2.6 no enable-all server Force10 recipient [email protected] keyadd Force10DefaultPublicKey no encrypt enable Force10(conf-callhome)#

show debugging
ce
Syntax Defaults Command Mode Command History

Display the status of FTSA (call-home) debugging. show debugging No default behavior or values CONFIGURATION (conf-callhome)
Version 7.6.1.0 Version 6.3.1.0 Introduced on C-Series Introduced for E-Series

Example

Figure 174 show debugging (FTSA) Command Example

Force10(conf-callhome)#show debugging CALLHOME: Callhome service debugging is on Force10(conf-callhome)#

Related Commands

debug call-home

Monitor FTSA email messages through the CLI.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

543

show keys

show keys
ce
Syntax Defaults Command Mode Command History

Display the email encryption (PGP) keys. On E-Series chassis, this command is only supported for TeraScale cards. show keys No default behavior or values CONFIGURATION (conf-callhome)
Version 8.4.1.0 Version 7.6.1.0 Version 6.3.1.0 Added support to resolve domain names to IPv6 addresses. Introduced on C-Series Introduced for E-Series

Example

Figure 175 show keys Command Example

Force10(conf-callhome)#show keys Type Bits KeyID sec+ uid pub sub uid Created Expires Algorithm Use Sign & Encrypt Sign & Encrypt

768 0x64CE09D9 2005-06-27 ---------- RSA E000000003209 1024 0xA8E48C2F 2004-12-08 ---------- DSS 1024 0xD832BB91 2004-12-08 ---------- Diffie-Hellman Force10

2 matching keys found Force10(conf-callhome)#

Related Commands

call-home encrypt keyadd

Start FTSA and Enter the FTSA mode. Enable email encryption. Add the server public key for encryption.

544

Force10 Service Agent

smtp server-address

smtp server-address
ce
Syntax

Identify the local SMTP (Simple Mail Transfer Protocol) server from which FTSA email messages will be forwarded. smtp server-address server-address [smtp-port port number] To remove the SMTP address, use the no smtp server-address command. This action will disable email messaging until you enter a new SMTP server address.

Parameters

server-address server address

Enter the keyword server-address followed by the SMTP server address, such as smtp.yourco.com. The domain name you specify can be resolved into an IPv4 or IPv6 address. Optionally, enter the keyword smtp-port followed by the SMTP port number. Range: 0 to 65535 Default: 25

smtp-port port number

Defaults Command Mode Command History

SMTP port = 25 CONFIGURATION (conf-callhome)

Version 7.6.1.0 Version 6.3.1.0 Introduced on C-Series Introduced for E-Series

Usage Information

The switch only plays the part of an SMTP client to send email messages to the SMTP server designated here. This SMTP server is required in order to receive the email messages and forward them to local and remote designated recipients. The default port number on an SMTP server is 25. If a host name is given (instead of an IP address), DNS should be enabled to resolve the host name.
admin-email enable enable-all Specify the Administrators email address. Enable FTSA email messages for the selected recipient. Enable FTSA email messages for all designated recipients.

Related Commands

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

545

test-condition (comparing samples)

ce
Syntax Parameters

Configure an action to collect and compare multiple samples of a statistic. test-condition statistic operator sample {cpu | rpm-any} number test-condition statistic
Enter the keyword test-condition, followed by one of the following statistic request types:

cpu-1-min: Average CPU utilization for 1 minute cpu-5-min: Average CPU utilization for 5 minutes interface-bit-rate {input | output} slot#: Instantaneous
bit rate on a given line card

interface-crc interface: Number of CRC errors on a given

interface

interface-rate {input | output} interface: Packet rate on

a given interface

interface-throttles interface: Number of throttles on an

interface

memory-free: Free system memory memory-free-percent: Free system memory free in

percentage

memory-used: System memory used memory-used-percent: System memory used in percentage wred-drops interface: Number of WRED drops on an
interface (E-Series only)

operator

Enter one of the following Boolean comparison operators:

decrease, equal-to, greater-than, increase, less-than, not-equal-to, no-change.

Enter the keyword sample, followed by an integer representing the number of the sample collected. For example, 5 is the fifth sample collected, so the first and fifth samples would be compared, using the designated operator. Range: 2100 Default: 2 Enter the processor that will be tested: cp, lp, rp1, rp2, or test all RPM CPUs with the keyword rpm-any.

sample number

cpu | rpm-any

Defaults Command Mode Command History

None CALL-HOME TEST-LIST

Version 8.2.1.0 Version 7.8.1.0 Removed message-text keyword. Added operators. Introduced on C-Series and E-Series

Usage Information

FTSA avoids false triggers when a counter rolls over by ignoring the first sample taken after a rollover.

546

Force10 Service Agent

test-condition (comparing samples)

Also, FTSA does not allow you to configure a test that makes no sense because of a comparator that is out of range. For example, by entering cpu-5-min increase number 150, you would be looking for a difference between two CPU percentage utilization samples of at least 150. 150 is not possible, because percentage utilization can only go up to 100, so FTSA displays the acceptable range, as shown below, and will issue an error message if you try to enter a value that is out of range.
Examples
Force10(conf-call-home-testlist-test)#test-condition cpu-1-min increase number ? <0-100> Enter the boolean comparision value Force10(conf-call-home-testlist-test)#test-condition cpu-1-min increase number 80 sample 5 Force10(conf-callhome-testlist-test)#test-condition cpu-5-min decrease ? <0-100> Enter the boolean comparision value Force10(conf-callhome-testlist-test)#test-condition cpu-5-min decrease 10

In this next example, the configuration is to subtract the bit rate that was found in the second sample from the bit rate found in the first sample. If the difference is at least 10Mb, then any associated action list will be invoked.
Force10(conf-callhome-testlist-test)#test-condition interface-bit-rate ? input Input interface output Output interface Force10(conf-callhome-testlist-test)#test-condition interface-bit-rate input <0-3> Slot number Force10(conf-callhome-testlist-test)#test-condition interface-bit-rate input decrease ? <0-10000> Enter the boolean comparision value in mbits/sec Force10(conf-callhome-testlist-test)#test-condition interface-bit-rate input decrease 10 ? sample The time interval to check the condition <cr> Force10(conf-callhome-testlist-test)#test-condition interface-bit-rate input decrease 10 sample ? <2-100> Enter the sample value (default = 2) Force10(conf-callhome-testlist-test)#test-condition interface-bit-rate input decrease 10 sample 2

? 1 1

1 1

Here are other examples of test-condition configuration statements.

Force10(conf-call-home-testlist-test)#test-condition interface-crc 1 decrease number 90 sample 5 Force10(conf-call-home-testlist-test)#test-condition memory-free-percent no-change sample 4

Related Commands

dampen test-limit test-condition (comparing samples) test-condition (comparison to a value)

Set a delay before sampling for a test condition again after it has been matched. Set the number of times that the test list that should be executed. Collect multiple samples of a statistic and compare them using the specified comparator and hurdle value. Collect a sample of a designated statistic and then compare it to the designated number.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

547

test-condition (comparison to a value)

ce
Configure an action to collect a sample of a designated statistic and then use the designated Boolean comparator to compare it to the designated value. When this configuration is associated with an action list, a result outside of the acceptable limit will trigger the action list. test-condition statistic operator number {cpu | rpm-any} value test-condition statistic
Enter the keyword test-condition, followed by one of the following statistic request types:

Syntax Parameters

cpu-1-min: Average CPU utilization for 1 minute cpu-5-min: Average CPU utilization for 5 minutes interface-bit-rate {input | output} slot#: Instantaneous
bit rate on a given line card

interface-crc interface: Number of CRC errors on a given

interface

interface-rate interface: Packet rate on a given interface interface-throttles interface: Number of throttles on an
interface

memory-free: Free system memory memory-free-percent: Free system memory free in

percentage

memory-used: System memory used memory-used-percent: System memory used in percentage wred-drops interface: Number of WRED drops on an
interface (E-Series only)

operator

Enter one of the following Boolean comparison operators:

decrease, equal-to, greater-than, increase, less-than, not-equal-to, no-change.

Enter the keyword number, followed by an integer to be the comparison value to the designated statistic, in the range pertinent to the statistic. Enter the processor that will be tested: cp, lp, rp1, rp2, or test all RPM CPUs with the keyword rpm-any.

number value

cpu | rpm-any

Defaults Command Mode Command History

None CALL-HOME TEST-LIST

Version 8.2.1.0 Version 7.8.1.0 Removed message-text keyword. Added operators. Introduced on C-Series and E-Series

Usage Information

FTOS does not allow you to configure a test that makes no sense, such as cpu-5-min greater-than number 150. CPU percentage utilization can only go up to 100, so 150 is not possible. FTOS displays the acceptable range, as shown below

Examples
Force10(conf-callhome-testlist-test)#test-condition cpu-5-min greater-than ? number The boolean comparison value Force10(conf-callhome-testlist-test)#test-condition cpu-5-min greater-than number ? <0-100> Enter the boolean comparison value Force10(conf-callhome-testlist-test)#test-condition cpu-5-min greater-than number 10

548

Force10 Service Agent

test-condition message-text (deprecated) This example shows a couple other keyword configuration examples.
Force10(conf-call-home-testlist-test)# test-condition interface-rate input 1 less-than number 98 Force10(conf-call-home-testlist-test)# test-condition memory-used not-equal-to number 1000

Related Commands

dampen test-limit test-condition (comparing samples) test-condition message-text (deprecated)

Set a delay before sampling for a test condition again after it has been matched. Set the number of times that the test list that should be executed. Collect multiple samples of a statistic and compare them using the specified comparator and hurdle value. Search for a stated value in the output of the designated show command or message type.

test-condition message-text (deprecated)

ce
Configure a search for a stated value in the output of the designated show command or message type syslog or other error messages, sent to the console, trap, or message logged locally. This applies only to messages logged by FTOS. test-condition message-text command string equal-to string string test-condition message-text command string equal-to string string
Enter the keywords test-condition message-text command, and then for string, enter a show command in quotes. Range: 164 characters Enter the keywords equal-to string, and then for string, enter the text to search for in the show command designated above. Range: 164 characters

Syntax Parameters

Defaults Command Modes Command History

none conf-callhome-testlist-test
Version 8.2.1.0 Version 7.8.1.0 Deprecated. Introduced on C-Series and E-Series

Usage Information

In the following example: The search string can be used for both "display xml" and normal "show command" output. The search string is <ifAdminStatus>down</ifAdminStatus>.

Note that the search target, in this example, is enclosed within double quotes. If either string contains spaces, it must be enclosed in quotes or it will be truncated at the first whitespace.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

549

test-condition message-text (deprecated)

The search string is compared against an entire text message, so a short string, such as the number zero, is likely to produce many unintended matches. Therefore, the search string should be as long as possible to guarantee as close a match as possible to the data that you want to match. However, the maximum length of a string is 64 characters.
Example
Force10(conf-callhome-testlist-test)#test-condition message-text ? command Enter the show command Force10(conf-callhome-testlist-test)#test-condition message-text command WORD Enter the show command Force10(conf-callhome-testlist-test)#test-condition message-text command interfaces gi 1/0 | display xml" ? equal-to Keyword boolean value equal to Force10(conf-callhome-testlist-test)#test-condition message-text command interfaces gi 1/0 | display xml" equal-to ? string Enter the search string pattern Force10(conf-callhome-testlist-test)#test-condition message-text command interfaces gi 1/0 | display xml" equal-to string ? LINE Regular expression Force10(conf-callhome-testlist-test)#test-condition message-text command interfaces gi 1/0 | display xml" equal-to string <ifAdminStatus>down</ ifAdminStatus> ? "show "show "show "show

Related Commands

dampen test-condition (comparing samples) test-condition (comparison to a value) test-limit

Set a delay before sampling for a test condition again after it has been matched. Configure an action to collect and compare multiple samples of a statistic. Collect a statistic and compare it to a stated value. Set the number of times that the test list that should be executed.

550

Force10 Service Agent

test-limit

test-limit
ce
Syntax Parameters

Set the number of times that the test list should be executed. test -limit number number
Set the number of times the test list matches that should be attempted. Range: 0256

Default

none. If the test-limit number is removed or not configured, there is no limit for how many times to test for the condition. conf-callhome-policy
Version 7.8.1.0 Introduced on C-Series and E-Series

Command Mode Command History Related Commands

dampen test-condition (comparing samples) policy policy-test-list sample-rate

Set a delay before sampling for a test condition again after it has been matched. Configure an action to collect and compare multiple samples of a statistic.

Create a policy with a name and enter config-callhome-policy-name mode. Name a policy test list and enter the config-callhome-actionlist-name mode. Set the sampling interval for how often to execute the configured test condition.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

551

test-list

test-list
ce
Syntax Parameters

Enter the name of a configured test list to be associated with the selected policy. test-list word word
Enter the keyword test-list followed by the name of a configured test list.

Defaults Command Mode Command History Usage Information

No default behavior or values config-callhome-policy-name

Version 7.7.1.0 Introduced on C-Series and E-Series

Executing the policy-test-list command puts you in the config-callhome-testlist mode, where you use this command to invoke one of three possible test groups. FTOS monitors the system for any event in the selected test group. If such an event occurs, FTOS invokes the action you defined using the default-action command and then associate in this policy with the action-list command. Table 37 FTSA Test Sets Hardware test set
SFM status transition from active to other state

Software test set

SWP Timeout

Exception test set

CPU usage more than 85% System crash Task crash Dump, reload due to error, RPM failover due to error

Line card transition from active to other IPC Timeout state Port-pipe error or transition to down RPM status transition from active to other state PEM transition from up to other state AC power supply transition from up to other state Fan tray down or individual fan down Overtemp of any item listed in show IRC timeout CPU usage more than 85% Memory usage more than 85%

environment
Over/under-voltage of any item listed in

show environment

Related Commands

action-list case-number dampen policy policy-test-list

Specify a policy action list for the associated policy and enter the conf-call-home-actionlist-name mode. Specify a case number for the associated policy. Set a delay before sampling for a test condition again after it has been matched. Create a policy name and enter config-callhome-policy-name mode. Name a policy test list and enter the config-callhome-testlist-name mode.

552

Force10 Service Agent

test-list

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

553

test-list

554

Force10 Service Agent

Chapter 20

GARP VLAN Registration (GVRP)

Overview
GARP VLAN Registration (GVRP) is supported on platforms

c, e, and s

Commands
The GVRP commands are: clear gvrp statistics debug gvrp disable garp timers gvrp enable gvrp registration protocol gvrp show config show garp timers show gvrp show gvrp statistics on page 27

The GARP (Generic Attribute Registration Protocol) mechanism allows the configuration of a GARP participant to propagate through a network quickly. A GARP participant registers or de-registers its attributes with other participants by making or withdrawing declarations of attributes. At the same time, based on received declarations or withdrawals, GARP handles attributes of other participants. GVRP enables a device to propagate local VLAN registration information to other participant devices and dynamically update the VLAN registration information from other devices. The registration information updates local databases regarding active VLAN members and through which port the VLANs can be reached. GVRP ensures that all participants on a bridged LAN maintain the same VLAN registration information. The VLAN registration information propagated by GVRP include both manually configured local static entries and dynamic entries from other devices.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

555

GVRP participants have the following components: The GVRP application GARP Information Propagation (GIP) GARP Information Declaration (GID)

Important Points to Remember

GVRP is supported on Layer 2 ports only. All VLAN ports added by GVRP are tagged. GVRP is supported on untagged ports belonging to a default VLAN, and tagged ports. GVRP cannot be enabled on untagged ports belonging to a non-default VLAN unless native VLAN is turned on. GVRP requires end stations with dynamic access NICs. Based on updates from GVRP-enabled devices, GVRP allows the system to dynamically create a port-based VLAN (unspecified) with a specific VLAN ID and a specific port. On a port-by-port basis, GVRP allows the system to learn about GVRP updates to an existing port-based VLAN with that VLAN ID and IEEE 802.1Q tagging. GVRP allows the system to send dynamic GVRP updates about your existing port-based VLAN. GVRP updates are not sent to any blocked Spanning Tree Protocol (STP) ports. GVRP operates only on ports that are in the forwarding state. GVRP operates only on ports that are in the STP forwarding state. If GVRP is enabled, a port that changes to the STP forwarding state automatically begins to participate in GVRP. A port that changes to an STP state other than forwarding no longer participates in GVRP. VLANs created dynamically with GVRP exist only as long as a GVRP-enabled device is sending updates. If the devices no longer send updates, or GVRP is disabled, or the system is rebooted, all dynamic VLANs are removed. GVRP manages the active topology, not non-topological data such as VLAN protocols. If a local bridge needs to classify and analyze packets by VLAN protocols, you must manually configure protocol-based VLANs, and simply rely on GVRP for VLAN updates. But if the local bridge needs to know only how to reach a given VLAN, then GVRP provides all necessary information. The VLAN topologies that GVRP learns are treated differently from VLANs that are statically configured. The GVRP dynamic updates are not saved in NVRAM, while static updates are saved in NVRAM. When GVRP is disabled, the system deletes all VLAN interfaces that were learned through GVRP and leaves unchanged all VLANs that were manually configured.

556

GARP VLAN Registration (GVRP)

clear gvrp statistics

ces
Syntax Parameters

Clear GVRP statistics on an interface. clear gvrp statistics interface interface interface interface
Enter the following keywords and slot/port or number information: For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Defaults Command Modes Command History Related Commands

No default values or behavior EXEC

Version 7.6.1.0 Introduced on C, E, and S-Series

show gvrp statistics

Display the GVRP statistics

debug gvrp
ces
Syntax

Enable debugging on GVRP. debug gvrp {config | events | pdu} To disable debugging, use the no debug gvrp {config | events | pdu} command.

Parameters

config

Enter the keyword config to enable debugging on the GVRP configuration.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

557

disable

event pdu

Enter the keyword event to enable debugging on the JOIN/LEAVE events. Enter the keyword pdu followed one of the following Interface keywords and slot/port or number information: For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Defaults Command Modes Command History

Disabled EXEC Privilege

Version 7.6.1.0 Introduced on C, E, and S-Series

disable
ces
Syntax

Globally disable GVRP. disable To re-enable GVRP, use the no disable command.

Defaults Command Modes Command History Related Commands

Enabled CONFIGURATION-GVRP
Version 7.6.1.0 Introduced on C, E, and S-Series

gvrp enable protocol gvrp

Enable GVRP on physical interfaces and LAGs. Access GVRP protocol

558

GARP VLAN Registration (GVRP)

garp timers

garp timers
ces
Syntax

Set the intervals (in milliseconds) for sending GARP messages. garp timers {join | leave | leave-all} To return to the previous setting, use the no garp timers {join | leave | leave-all} command.

Parameters

join

Enter the keyword join followed by the number of milliseconds to configure the join time. Range: 100-2147483647 milliseconds Default: 200 milliseconds Note: Designate the milliseconds in multiples of 100 Enter the keyword leave followed by the number of milliseconds to configure the leave time. Range: 100-2147483647 milliseconds Default: 600 milliseconds Note: Designate the milliseconds in multiples of 100 Enter the keyword leave-all followed by the number of milliseconds to configure the leave-all time. Range: 100-2147483647 milliseconds Default: 1000 milliseconds Note: Designate the milliseconds in multiples of 100

leave

leave-all

Defaults Command Modes Command History Usage Information

Default as above CONFIGURATION-GVRP

Version 7.6.1.0 Introduced on C, E, and S-Series

Join TimerJoin messages announce the willingness to register some attributes with other participants. Each GARP application entity sends a Join message twice, for reliability, and uses a join timer to set the sending interval. Leave TimerLeave announces the willingness to de-register with other participants. Together with the Join, Leave messages help GARP participants complete attribute reregistration and de-registration. Leave Timer starts upon receipt of a leave message sent for de-registering some attribute information. If a join message is not received before the leave time expires, the GARP application entity removes the attribute information as requested. Leave All TimerThe Leave All Timer starts when a GARP application entity starts. When this timer expires, the entity sends a leave-all message so that other entities can re-register their attribute information. Then, the leave-all time begins again.

Related Commands

show garp timers

Display the current GARP times

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

559

gvrp enable

gvrp enable
ces
Syntax

Enable GVRP on physical interfaces and LAGs. gvrp enable To disable GVRP on the interface, use the no gvrp enable command.

Defaults Command Modes Command History Related Commands

Disabled CONFIGURATION-INTERFACE
Version 7.6.1.0 Introduced on C, E, and S-Series

disable

Globally disable GVRP.

gvrp registration
ces
Syntax

Configure the GVRP register type. gvrp registration {fixed | normal | forbidden} To return to the default, use the gvrp register normal command.

Parameters

fixed normal

Enter the keyword fixed followed by the VLAN range in a comma separated VLAN ID set. Enter the keyword normal followed by the VLAN range in a comma separated VLAN ID set. This is the default Enter the keyword forbidden followed by the VLAN range in a comma separated VLAN ID set.

forbidden

Defaults Command Modes Command History Usage Information

Default registration is normal CONFIGURATION-INTERFACE

Version 7.6.1.0 Introduced on C, E, and S-Series

The fixed registration prevents an interface, configured via the command line to belong to a VLAN (static configuration), from being un-configured when it receives a Leave message. Therefore, the registration mode on that interface is fixed. The normal registration is the default registration. The ports membership in the VLANs depends on GVRP. The interface becomes a member of VLANs after learning about the VLAN through GVRP. If the VLAN is removed from the port that sends GVRP advertisements to this device, then the port will stop being a member of the VLAN.

560

GARP VLAN Registration (GVRP)

protocol gvrp The forbidden is used when you do not want the interface to advertise or learn about VLANs through GVRP.
Related Commands show gvrp Display the GVRP configuration including the registration

protocol gvrp
ces
Syntax Defaults Command Modes Command History Related Commands

Access GVRP protocol (config-gvrp)#. protocol gvrp Disabled CONFIGURATION

Version 7.6.1.0 Introduced on C, E, and S-Series

disable

Globally disable GVRP.

show config
ces
Syntax Command Modes Command History Related Commands

Display the global GVRP configuration. show config CONFIGURATION-GVRP

Version 7.6.1.0 Introduced on C, E, and S-Series

gvrp enable protocol gvrp

Enable GVRP on physical interfaces and LAGs. Access GVRP protocol .

show garp timers

ces
Syntax Defaults

Display the GARP timer settings for sending GARP messages. show garp timers No default values or behavior

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

561

show gvrp

Command Modes

EXEC EXEC Privilege

Command History Example

Version 7.6.1.0

Introduced on C, E, and S-Series

Figure 176 show garp timers Command Example

Force10#show garp timers GARP Timers Value (milliseconds) ---------------------------------------Join Timer 200 Leave Timer 600 LeaveAll Timer 10000 Force10#

Related Commands

garp timers

Set the intervals (in milliseconds) for sending GARP messages.

show gvrp
ces
Syntax Parameters

Display the GVRP configuration. show gvrp [brief | interface] brief interface
(OPTIONAL) Enter the keyword brief to display a brief summary of the GVRP configuration. (OPTIONAL) Enter the following keywords and slot/port or number information: For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History

Version7.6.1.0

Introduced on C, E, and S-Series

562

GARP VLAN Registration (GVRP)

show gvrp statistics

Example

Figure 177 show gvrp brief Command Example

R3#show gvrp brief GVRP Feature is currently enabled. Port GVRP Status Edge-Port ------------------------------------------------------Gi 3/0 Disabled No Gi 3/1 Disabled No Gi 3/2 Enabled No Gi 3/3 Disabled No Gi 3/4 Disabled No Gi 3/5 Disabled No Gi 3/6 Disabled No Gi 3/7 Disabled No Gi 3/8 Disabled No R3#show gvrp brief

Usage Information

If no ports are GVRP participants, the message output changes from: GVRP Participants running on <port_list> to GVRP Participants running on no ports

Related Commands

show gvrp statistics

Display the GVRP statistics

show gvrp statistics

ces
Syntax Parameters

Display the GVRP configuration statistics. show gvrp statistics {interface interface | summary} interface interface
Enter the keyword interface followed by one of the interface keywords and slot/port or number information: For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

summary

Enter the keyword summary to display just a summary of the GVRP statistics.

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

563

show gvrp statistics

Command History Example

Version 7.6.1.0

Introduced on C, E, and S-Series

Figure 178 show gvrp statistics Command Example

Force10#show gvrp statistics int gi 1/0 Join Empty Received: 0 Join In Received: 0 Empty Received: 0 LeaveIn Received: 0 Leave Empty Received: 0 Leave All Received: 40 Join Empty Transmitted: 156 Join In Transmitted: 0 Empty Transmitted: 0 Leave In Transmitted: 0 Leave Empty Transmitted: 0 Leave All Transmitted: 41 Invalid Messages/Attributes skipped: 0 Failed Registrations: 0 Force10#

Usage Information

Invalid messages/attributes skipped can occur in the following cases: The incoming GVRP PDU has an incorrect length. "End of PDU" was reached before the complete attribute could be parsed. The Attribute Type of the attribute that was being parsed was not the GVRP VID Attribute Type (0x01). The attribute that was being parsed had an invalid attribute length. The attribute that was being parsed had an invalid GARP event. The attribute that was being parsed had an invalid VLAN ID. The valid range is 1 - 4095.

A failed registration can occur for the following reasons:

Related Commands

Join requests were received on a port that was blocked from learning dynamic VLANs (GVRP Blocking state). An entry for a new GVRP VLAN could not be created in the GVRP database.
show gvrp Display the GVRP configuration

564

GARP VLAN Registration (GVRP)

Chapter 21
Overview

High Availability (HA)

High Availability (HA) in FTOS is configuration synchronization to minimize recovery time in the event of a Route Processor Module (RPM) failure. The feature is available on the C-Series and E-Series where noted by these symbols under command headings: c e FTOS on the E-Series supports RPM 1 + 1 redundancy. The Primary RPM performs all routing and control operations, while the Secondary RPM is online and monitoring the Primary RPM. In general, a protocol is defined as hitless in the context of an RPM failure/failover, and not failures of a line card, SFM, or power module. A protocol is defined as hitless if an RPM failover has no impact on the protocol. Some protocols must be specifically enabled for HA, and some protocols are only hitless if related protocols are also enabled as hitless (see the redundancy protocol command). High Availability is supported on E-Series ExaScale ex with FTOS 8.1.1.0. and later.

Commands
The HA commands available in FTOS are: patch flash://RUNTIME_PATCH_DIR process restartable redundancy auto-failover-limit redundancy disable-auto-reboot redundancy force-failover redundancy primary redundancy protocol redundancy reset-counter redundancy sfm standby redundancy synchronize show patch show processes restartable show redundancy

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

565

patch flash://RUNTIME_PATCH_DIR

patch flash://RUNTIME_PATCH_DIR
e
Syntax

Insert an In-Service Modular Hot-Fix patch. patch flash://RUNTIME_PATCH_DIR/patch-filename To remove the patch, enter no patch flash://RUNTIME_PATCH_DIR/patch-filename

Defaults Command Modes Command History Usage Information

None CONFIGURATION
Version 8.2.1.0 Introduced

The patch filename includes the FTOS version, the platform, the cpu, and the process it affects (FTOS-platform-cpu-process-patchversion.rtp). For example, a patch labeled 7.8.1.0-EH-rp2-l2mgr-1.rtp identifies that this patch applies to FTOS version 7.8.1.0 E-Series platform, for RP2, addressing the layer 2 management process, and this is the first version of this patch. There is no need to reload or reboot the system when the patch is inserted. The In-Service Modular patch replaces the existing process code. Once installation is complete, the system executes the patch code as though it was always there.

Related Commands

show patch

Display the system patches loaded with the In-Service Modular Hot Fix Command.

process restartable
e
Enable a process to be restarted. Restartablility is subject to a maximum restart limitthe limit is defined as a configured amount of restarts within a configured amount of time. On the software exception that exceeds the limit, the system reloads (for systems with a single RPM) or fails over (for systems with dual RPMs). process restartable [process] [count number] [period minutes] process count number
Configure a process to be restartable. Enter the number of times a process can restart within the configured period. Range: 1-3 Default: 3 Enter the amount of time within which the process can restart count times. Range: 1-60 minutes Default: 60 minutes

Syntax Parameters

period minutes

Defaults

By default, a process can be restarted a maximum of 3 times within 1 hour. On the exception that exceeds this limit, the system reloads or fails over.

566

High Availability (HA)

redundancy auto-failover-limit

Command Modes Command History Related Commands

CONFIGURATION
Version 8.4.1.0 Introduced on E-Series.

show processes restartable

redundancy auto-failover-limit
ce
Specify an auto-failover limit for RPMs. When an non-recoverable fatal error is detected, an automatic RPM failover occurs. This command does not affect user-initiated (manual) failovers. redundancy auto-failover-limit [count number [period minutes] | period minutes]] To disable the auto-failover limit control, enter no redundancy auto-failover-limit.
Parameters

Syntax

count number

Enter the number of times the RPMs can automatically failover within the period defined in the period parameter. Range: 2 to 10 Default: 3 Enter a duration in which to allow a number of automatic failovers (limited to the number defined in the count parameter). Range: 5 to 9000 minutes Default: 60 minutes

period minutes

Defaults Command Modes Command History

Count: 3 Period: 60 minutes CONFIGURATION

Version 8.1.1.0 Version 7.5.1.0 Version 7.6.1.0 Introduced on E-Series ExaScale Introduced on C-Series Introduced on E-Series

Usage Information

If auto failover is disabled, enter the redundancy auto-failover-limit (without any parameters) to set auto failover to the default parameters (Count 3, Period 60 minutes).Use the show redundancy command to view the redundancy status. When you change one or both of the optional parameters, FTOS checks that the interval between auto failovers is more than five (5) minutes. If the interval is less, FTOS returns a configuration error message.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

567

redundancy disable-auto-reboot

redundancy disable-auto-reboot
ce
Syntax

Prevent the system from auto-rebooting the failed module. redundancy disable-auto-reboot [rpm| card number | all] To return to the default, enter no redundancy disable-auto-reboot rpm.

Parameters

rpm

Enter the keyword rpm to disable auto-reboot of the failed RPM.

Defaults Command Modes Command History

Disabled (that is, the failed module is automatically rebooted). CONFIGURATION

Version 8.3.1.0 Version 8.1.1.0 Version 7.6.1.0 Added the all option Introduced on E-Series ExaScale Introduced on E-Series

Usage Information

Enabling this command will keep the failed RPM in the failed state. If there are two RPMs in the system, enabling this command prevents the failed RPM from becoming a working Standby RPM. If there is only one RPM in the system, the failed RPM will not recoverthis will effect the system.

redundancy force-failover
ce
Force the secondary RPM to become primary RPM or force an SFM (on an E-Series chassis only) to become the standby SFM. This command can also be used to upgrade the software on one RPM from the other when the other has been loaded with the upgraded software. redundancy force-failover {rpm | sfm [slot-number] } rpm sfm slot-number
Enter the keyword rpm to force the secondary RPM to become the primary RPM. EtherScale OnlyEnter the keyword sfm followed by the SFM slot number. Range: 0 to 8.

Syntax Parameters

Defaults Command Modes Command History

Not configured. EXEC Privilege

Version 8.1.1.0 Version 7.5.1.0 Version 7.6.1.0 Introduced on E-Series ExaScale Introduced on C-Series Introduced on E-Series

568

High Availability (HA)

redundancy primary

Usage Information

This command can be used to provide a hitless or warm upgrade. A hitless upgrade means that a software upgrade does not require a reboot of the line cards. A warm upgrade means that a software upgrade requires a reset of the line cards and SFMs. A warm upgrade is possible for major releases and lower, while a hitless upgrade can only support patch releases. You load the software upgrade on one RPM and then issue this command with the rpm keyword to move the software to the other RPM. The system senses the condition and provides a series of prompts appropriate to that context, as shown in the following example:

Note: On C-Series, this command could affect traffic (even during hot-failover) since
the switch fabric present on the RPM is taken down during the failover.
Example

Figure 179 redundancy force-failover rpm Command Example

Force10#redundancy force-failover rpm Peer RPM's SW version is different but HA compatible. Failover can be done by warm or hitless upgrade. All linecards will be reset during warm upgrade. Specify hitless upgrade or warm upgrade [confirm hitless/warm]:hitless Proceed with warm upgrade [confirm yes/no]:

Example

Figure 180 redundancy force-failover sfm (EtherScale only) Command Example

Force10#redundancy force-failover sfm 0 %TSM-6-SFM_FAILOVER: Standby switch to SFM 8 Standby switch to SFM 0 Force10#

redundancy primary
ce
Syntax

Set an RPM as the primary RPM. redundancy primary [rpm0 | rpm1] To delete a configuration, enter no redundancy primary.

Parameters

rpm0 rpm1

Enter the keyword rpm0 to set the RPM in slot R0 as the primary RPM. Enter the keyword rpm1 to set the RPM in slot R1 as the primary RPM.

Defaults Command Modes Command History

The RPM in slot R0 is the Primary RPM.

CONFIGURATION Version 8.1.1.0 Version 7.5.1.0 Version 7.6.1.0 Introduced on E-Series ExaScale Introduced on C-Series Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

569

redundancy protocol

redundancy protocol
ce
Syntax

Enable hitless protocols. redundancy protocol {lacp | xstp} To disable a hitless protocol, enter no redundancy protocol {lacp | xstp}.

Parameters

lacp xstp

Enter the keyword lacp to make LACP hitless. Enter the keyword xstp to invoke hitless STP (all STP modesMSTP, PVST+, RSTP, STP).

Note: On the C-Series, hitless STP is available only for MSTP,

PVST+, and RSPT.
Defaults Command Modes Command History

Disabled CONFIGURATION
Version 8.2.1.0 Version 8.1.1.0 Version 7.6.1.0 Introduced on C-Series Introduced on E-Series ExaScale Introduced on E-Series Display the lacp configuration Display the current redundancy configuration.

Related Commands

show lacp show redundancy

redundancy reset-counter
e
Syntax Defaults Command Modes Command History

Reset failover counter and timestamp information displayed in the show redundancy command output. redundancy reset-counter Not configured EXEC Privilege
Version 8.1.1.0 Version 7.6.1.0 Introduced on E-Series ExaScale Introduced on E-Series

redundancy sfm standby

570

High Availability (HA)

redundancy sfm standby

c
Syntax

Place the SFM in an offline state. redundancy sfm standby Place the SFM in an online state using the command no redundancy sfm standby command.

Defaults Command Modes Command History Command History Usage Information

The SFM is online by default. CONFIGURATION

Version 7.5.1.0 Introduced on C-Series

Version 7.5.1.0

Introduced on C-Series Only

When a secondary RPM with logical SFM is inserted or removed, the system must add or remove the backplane links to the switch fabric trunk. To avoid traffic disruption, use this command when the secondary RPM is inserted. When this command is executed, the logical SFM on the standby RPM is immediately taken offline and the SFM state is set as standby.

Note: This command could affect traffic when taking the secondary SFM offline.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

571

redundancy synchronize

Example

Figure 181 redundancy sfm standby Command Example

Force10#show sfm all up

Switch Fabric State:

-- Switch Fabric Modules -Slot Status --------------------------------------------------------------------------0 active 1 active Force10#configure Force10(conf)#redundancy sfm standby Taking secondary SFM offline... ! Force10(conf)#do show sfm all Switch Fabric State: up

-- Switch Fabric Modules -Slot Status --------------------------------------------------------------------------0 active 1 standby Force10(conf)#no redundancy sfm Taking secondary SFM online... ! Force10(conf)#do show sfm all Switch Fabric State: up

-- Switch Fabric Modules -Slot Status --------------------------------------------------------------------------0 active 1 active

Related Commands

show sfm show switch links

Display the SFM status Display the switch fabric backplane or internal status.

redundancy synchronize
ce
Syntax Parameters

Manually synchronize data once between the Primary RPM and the Secondary RPM. redundancy synchronize [full | persistent-data | system-data] full persistent-data system-data
Enter the keyword full to synchronize all data. Enter the keywords persistent-data to synchronize the startup configuration between RPMs. Enter the keywords system-data to synchronize persistent-data and the running configuration file, event log, SFM and line card states.

Defaults Command Modes

Not configured. EXEC Privilege

572

High Availability (HA)

show patch

Command History

Version 8.1.1.0 Version 7.5.1.0 Version 7.6.1.0

Introduced on E-Series ExaScale Introduced on C-Series Introduced on E-Series

show patch
e
Syntax Command Modes Command History Related Commands

Display the system patches loaded with the In-Service Modular Hot Fix Command. show patch EXEC
Version 8.2.1.0 Introduced on E-Series

patch flash:// RUNTIME_PATCH_DIR

Insert an In-Service Modular Hot-Fix patch.

show processes restartable

e
Syntax Parameters

Display the processes and tasks configured for restartability. show processes restartable [history] history EXEC Privilege
Version 8.4.1.0 Introduced on E-Series Display the last time the restartable processes crashed.

Command Modes Command History Example

Force10#sho processes restartable ------------------------------------------------------------------------------------Process name State How many times restarted Timestamp last restarted ------------------------------------------------------------------------------------radius enabled 0 [-] tacplus enabled 0 [-] ------------------------------------------------------------------------------------Force10#show processes restartable history ------------------------------------------------------------------------------------Process name Timestamp last crashed ------------------------------------------------------------------------------------radius [5/23/2001 10:11:47] -------------------------------------------------------------------------------------

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

573

show redundancy

Related Commands

process restartable

show redundancy
ce
Syntax Command Modes

Display the current redundancy configuration. show redundancy EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.5.1.0 Version 7.6.1.0

Introduced on E-Series ExaScale Introduced on C-Series Introduced on E-Series

574

High Availability (HA)

show redundancy

Example

Figure 182 show redundancy Command Example

Force10#show redundancy -- RPM Status ------------------------------------------------RPM Slot ID: 1 RPM Redundancy Role: Primary RPM State: Active RPM SW Version: 7.5.1.0 Link to Peer: Up -- PEER RPM Status ------------------------------------------------RPM State: Standby RPM SW Version: 7.5.1.0 -- RPM Redundancy Configuration ------------------------------------------------Primary RPM: rpm0 Auto Data Sync: Full Failover Type: Hot Failover Auto reboot RPM: Enabled Auto failover limit: 3 times in 60 minutes -- RPM Failover Record ------------------------------------------------Failover Count: 1 Last failover timestamp: Jul 13 2007 21:25:32 Last failover Reason: User request -- Last Data Block Sync Record: ------------------------------------------------Line Card Config: succeeded Jul 13 2007 Start-up Config: succeeded Jul 13 2007 SFM Config State: succeeded Jul 13 2007 Runtime Event Log: succeeded Jul 13 2007 Running Config: succeeded Jul 13 2007 Force10#

21:28:53 21:28:53 21:28:53 21:28:53 21:28:53

Table 38 show redundancy Command Example Fields Field

RPM Status

Description
Displays the following information: Slot number of the RPM Whether the RPM is Primary or Standby The state of the RPM: Active, Standby, Booting, or Offline Whether the link to the second RPM is up or down.

PEER RPM Status RPM Redundancy Configuration

Displays the state of the second RPM, if present Displays the following information: which RPM is the preferred Primary on next boot (redundancy primary command) the data sync method configured (redundancy synchronize command). the failover type (you cannot change this; it is software dependent) Hot Failover means the running configuration and routing table are applied on secondary RPM. Fast Failover means the running configuration is not applied on the secondary RPM till failover occurs, and the routing table on line cards is cleared during failover. the status of auto booting the RPM (redundancy disable-auto-reboot command) the parameter for auto failover limit control (redundancy auto-failover-limit command)

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

575

show redundancy

Table 38 show redundancy Command Example Fields (continued) Field

RPM Failover Record

Description
Displays the following information: RPM failover counter (to reset the counter, use the redundancy reset-counter command) the time and date of the last RPM failover the reason for the last RPM failover.

Last Data Sync Record

Displays the data sync information and the timestamp for the data sync: Start-up Config is the contents of the startup-config file. Line Card Config is the line card types configured and interfaces on those line cards. Runtime Event Log is the contents of the Event log. Running Config is the current running-config. This field only appears when you enter the command from the Primary RPM.

576

High Availability (HA)

Chapter 22

Internet Group Management Protocol (IGMP)

IGMP Commands
FTOS supports IGMPv1/v2/v3 and is compliant with RFC-3376.

Important Points to Remember

FTOS supports PIM-SM and PIM-SSM include and exclude modes. IGMPv2 is the default version of IGMP on interfaces. IGMPv3 can be configured on interfaces, and is backward compatible with IGMPv2. The maximum number of interfaces supported is 512 on the E-Series. On the C-Series and S-Series 31 interfaces are supported. Maximum number of groups supported no hard limit IGMPv3 router interoperability with IGMPv2 and IGMPv1 routers on the same subnet is not supported. An administrative command (ip igmp version) is added to manually set the IGMP version. All commands, previously used for IGMPv2, are compatible with IGMPv3.

The commands include: clear ip igmp groups debug ip igmp ip igmp access-group ip igmp group-join-limit Publication Date: July 20, 2011 577

Command Line Reference for FTOS version 8.4.2.4

clear ip igmp groups

ip igmp immediate-leave ip igmp last-member-query-interval ip igmp querier-timeout ip igmp query-interval ip igmp query-max-resp-time ip igmp ssm-map ip igmp static-group ip igmp version show ip igmp groups show ip igmp interface show ip igmp ssm-map

clear ip igmp groups

ces
Syntax Parameters

Clear entries from the group cache table. clear ip igmp groups [group-address | interface] group-address interface
(OPTIONAL) Enter the IP multicast group address in dotted decimal format. (OPTIONAL) Enter the following keywords and slot/port or number information: For an 100/1000 Base-T Ethernet interface, enter the keyword gigabitethernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword gigabitethernet followed by the slot/port information. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword tengigabitethernet followed by the slot/port information.

Command Modes Command History

EXEC Privilege
Version 7.6.1.0 Version 7.5.1.0 Introduced on S-Series Introduced on C-Series

E-Series legacy command Usage Information

IGMP commands accept only non-VLAN interfacesspecifying VLAN will not yield a results.

578

Internet Group Management Protocol (IGMP)

debug ip igmp

debug ip igmp
ces
Syntax

Enable debugging of IGMP packets. debug ip igmp [group address | interface] To disable IGMP debugging, enter no debug ip igmp [group address | interface]. To disable all debugging, enter undebug all.

Parameters

group-address interface

(OPTIONAL) Enter the IP multicast group address in dotted decimal format. (OPTIONAL) Enter the following keywords and slot/port or number information:

Defaults Command Modes Command History

Disabled EXEC Privilege

Version 7.6.1.0 Version 7.5.1.0 Introduced on S-Series Introduced on C-Series

E-Series legacy command Usage Information

IGMP commands accept only non-VLAN interfacesspecifying a VLAN will not yield results. This command displays packets for IGMP and IGMP Snooping.

ip igmp access-group
ces
Syntax

Use this feature to specify access control for packets. ip igmp access-group access-list To remove the feature, use the no ip igmp access-group access-list command.

Parameters

access-list

Enter the name of the extended ACL (16 characters maximum).

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

579

ip igmp group-join-limit

Defaults Command Modes Command History

Not configured INTERFACE (conf-if-interface-slot/port)

Version 7.8.1.0 Version 7.6.1.0 Introduced on C-Series and S-Series Introduced on E-Series

Usage Information

The access list accepted is an extended ACL. This feature is used to block IGMP reports from hosts, on a per-interface basis; based on the group address and source address specified in the access list.

ip igmp group-join-limit
ces
Syntax Parameters

Use this feature to limit the number of IGMP groups that can be joined in a second. ip igmp group-join-limit number number
Enter the number of IGMP groups permitted to join in a second. Range: 1 to 10000

Defaults Command Modes Command History

No default values or behavior CONFIGURATION (conf-if-interface-slot/port)

Version 7.8.1.0 Version 7.6.1.0 Introduced on C-Series and S-Series Introduced on E-Series

ip igmp immediate-leave
ces
Syntax

Enable IGMP immediate leave. ip igmp immediate-leave [group-list prefix-list-name] To disable ip igmp immediate leave, use the no ip igmp immediate-leave command.

Parameters

group-list prefix-list-name

Enter the keyword group-list followed by a string up to 16 characters long of the prefix-list-name.

Defaults Command Modes

Not configured INTERFACE Internet Group Management Protocol (IGMP)

580

ip igmp last-member-query-interval

Command History

Version 7.8.1.0 Version 7.7.1.0

Introduced on S-Series Introduced on C-Series

E-Series legacy command Usage Information

Querier normally sends a certain number of group specific queries when a leave message is received, for a group, prior to deleting a group from the membership database. There may be situations in which immediate deletion of a group from the membership database is required. This command provides a way to achieve the immediate deletion. In addition, this command provides a way to enable immediate-leave processing for specified groups.

ip igmp last-member-query-interval
ces
Change the last member query interval, which is the Max Response Time inserted into Group-Specific Queries sent in response to Leave Group messages. This interval is also the interval between Group-Specific Query messages. ip igmp last-member-query-interval milliseconds To return to the default value, enter no ip igmp last-member-query-interval.
Parameters

Syntax

milliseconds

Enter the number of milliseconds as the interval. Default: 1000 milliseconds Range: 100 to 65535

Defaults Command Modes Command History

1000 milliseconds INTERFACE

Version 7.8.1.0 Version 7.7.1.0 Introduced on S-Series Introduced on C-Series

E-Series legacy command

ip igmp querier-timeout
ces
Syntax

Change the interval that must pass before a multicast router decides that there is no longer another multicast router that should be the querier. ip igmp querier-timeout seconds To return to the default value, enter no ip igmp querier-timeout.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

581

ip igmp query-interval

Parameters

seconds

Enter the number of seconds the router must wait to become the new querier. Default: 125 seconds Range: 60 to 300

Defaults Command Modes Command History

125 seconds INTERFACE

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on S-Series Introduced on C-Series Introduced on S-Series in Interface VLAN mode only to enable that system to act as an IGMP Proxy Querier. Introduced on C-Series in Interface VLAN mode only to enable that system to act as an IGMP Proxy Querier.

E-Series legacy command

ip igmp query-interval
ces
Syntax

Change the transmission frequency of IGMP general queries sent by the Querier. ip igmp query-interval seconds To return to the default values, enter no ip igmp query-interval.

Parameters

seconds

Enter the number of seconds between queries sent out. Default: 60 seconds Range: 1 to 18000

Defaults Command Modes Command History

60 seconds INTERFACE
Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on S-Series Introduced on C-Series Introduced on S-Series in Interface VLAN mode only to enable that system to act as an IGMP Proxy Querier. Introduced on C-Series in Interface VLAN mode only to enable that system to act as an IGMP Proxy Querier.

E-Series legacy command

582

Internet Group Management Protocol (IGMP)

ip igmp query-max-resp-time

ip igmp query-max-resp-time
ces
Syntax

Set the maximum query response time advertised in general queries. ip igmp query-max-resp-time seconds To return to the default values, enter no ip igmp query-max-resp-time.

Parameters

seconds

Enter the number of seconds for the maximum response time. Default: 10 seconds Range: 1 to 25

Defaults Command Modes Command History

10 seconds INTERFACE
Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on S-Series Introduced on C-Series Introduced on S-Series in Interface VLAN mode only to enable that system to act as an IGMP Proxy Querier. Introduced on C-Series in Interface VLAN mode only to enable that system to act as an IGMP Proxy Querier.

E-Series legacy command

ip igmp ssm-map
ces
Syntax

Use a statically configured list to translate (*,G) memberships to (S,G) memberships. ip igmp ssm-map std-access-list source-address Undo this configuration, that is, remove SSM map (S,G) states and replace them with (*,G) states using the command ip igmp ssm-map std-access-list source-address command.

Parameters

std-access-list source-address

Specify the standard IP access list that contains the mapping rules for multicast groups. Specify the multicast source address to which the groups are mapped.

Command Modes Command History

CONFIGURATION
Version 7.8.1.0 Version 7.7.1.0 Introduced on C-Series and S-Series Introduced on E-Series

Usage Information

Mapping applies to both v1 and v2 IGMP joins; any updates to the ACL are reflected in the IGMP groups. You may not use extended access lists with this command. When a static SSM map is configured and the router cannot find any matching access lists, the router continues to accept (*,G) groups.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

583

ip igmp static-group

Related Commands

ip access-list standard

Create a standard access list to filter based on IP address.

ip igmp static-group
ces
Syntax

Configure an IGMP static group. ip igmp static-group {group address [exclude [source address]] | [include {source address}]} To delete a static address, use the no ip igmp static-group {group address [exclude [source address]] | [include {source address}]} command.

Parameters

group address exclude source address include source address

Enter the group address in dotted decimal format (A.B.C.D) (OPTIONAL) Enter the keyword exclude followed by the source address, in dotted decimal format (A.B.C.D), for which a static entry needs to be added. (OPTIONAL) Enter the keyword include followed by the source address, in dotted decimal format (A.B.C.D), for which a static entry needs to be added. Note: A group in include mode must have at least one source address defined.

Defaults Command Modes Command History

No default values or behavior INTERFACE

Version 7.8.1.0 Version 7.7.1.0 Version 7.5.1.0 Introduced on S-Series Introduced on C-Series Expanded to support the exclude and include options

E-Series legacy command Usage Information

A group in the include mode should have at least one source address defined. In exclude mode if no source address is specified, FTOS implicitly assumes all sources are included. If neither include or exclude is specified, FTOS implicitly assumes a IGMPv2 static join.

Command Limitations
Only one mode (include or exclude) is permitted per multicast group per interface. To configure another mode, all sources belonging to the original mode must be unconfigured. If a static configuration is present and a packet for the same group arrives on an interface, the dynamic entry will completely overwrite all the static configuration for the group.
show ip igmp groups Display IGMP group information

Related Commands

584

Internet Group Management Protocol (IGMP)

ip igmp version

ip igmp version
ces
Syntax Parameters

Manually set the version of the router to IGMPv2 or IGMPv3. ip igmp version {2 | 3} 2 3
Enter the number 2 to set the IGMP version number to IGMPv2. Enter the number 3 to set the IGMP version number to IGMPv3.

Defaults Command Modes Command History

2 (that is IGMPv2) INTERFACE

Version 7.8.1.0 Version 7.7.1.0 Version 7.5.1.0 Introduced on S-Series Introduced on C-Series Introduced for E-Series

show ip igmp groups

ces
Syntax

View the IGMP groups. show ip igmp groups [group-address [detail] | detail | interface [group-address [detail]]]

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

585

show ip igmp groups

Parameters

group-address interface

(OPTIONAL) Enter the group address in dotted decimal format to view information on that group only. (OPTIONAL) Enter the interface type and slot/port information: For a 100/1000 Ethernet interface, enter the keyword gigabitethernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword gigabitethernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a Loopback interface, enter the keyword loopback followed by a number from 0 to 16383. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword tengigabitethernet followed by the slot/port information. For a VLAN interface enter the keyword vlan followed by a number from 1 to 4094.

detail

(OPTIONAL) Enter the keyword detail to display the IGMPv3 source information.

Command Modes

EXEC EXEC Privilege

Command History

Version 7.6.1.0 Version 7.5.1.0

Introduced on S-Series and on C-Series Expanded to support the detail option.

E-Series legacy command Usage Information Example

This command displays the IGMP database including configured entries for either all groups on all interfaces, or all groups on specific interfaces, or specific groups on specific interfaces. Figure 183 show ip igmp groups Command Example
Force10#show ip igmp groups IGMP Connected Group Membership Group Address Interface 224.0.1.40 GigabitEthernet 13/6 Force10# Uptime 09:45:23 Expires 00:02:08 Last Reporter 10.87.7.5

Table 39 show ip igmp groups Command Example Fields Field

Group Address Interface Uptime

Description
Lists the multicast address for the IGMP group. Lists the interface type, slot and port number. Displays the amount of time the group has been operational.

586

Internet Group Management Protocol (IGMP)

show ip igmp interface

Table 39 show ip igmp groups Command Example Fields (continued) Field

Expires Last Reporter

Description
Displays the amount of time until the entry expires. Displays the IP address of the last host to be a member of the IGMP group.

show ip igmp interface

ces
Syntax

View information on the interfaces participating in IGMP. show ip igmp interface [interface]

Parameters

interface

(OPTIONAL) Enter the interface type and slot/port information: For a 100/1000 Ethernet interface, enter the keyword gigabitethernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword gigabitethernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a Loopback interface, enter the keyword loopback followed by a number from 0 to 16383. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword tengigabitethernet followed by the slot/port information. For a VLAN interface enter the keyword vlan followed by a number from 1 to 4094.

Command Modes

EXEC EXEC Privilege

Command History

Version 7.6.1.0 Version 7.5.1.0

Introduced on S-Series Introduced on C-Series

E-Series legacy command Usage Information

IGMP commands accept only non-VLAN interfacesspecifying VLAN will not yield a results.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

587

show ip igmp ssm-map

Example

Figure 184 show ip igmp interface Command Example

Force10#show ip igmp interface GigabitEthernet 0/0 is down, line protocol is down Internet protocol processing disabled GigabitEthernet 0/5 is down, line protocol is down Internet protocol processing disabled GigabitEthernet 0/6 is down, line protocol is down Internet protocol processing disabled GigabitEthernet 0/7 is up, line protocol is down Internet protocol processing disabled GigabitEthernet 7/9 is up, line protocol is up Internet address is 10.87.5.250/24 IGMP is enabled on interface IGMP query interval is 60 seconds IGMP querier timeout is 120 seconds IGMP max query response time is 10 seconds IGMP last member query response interval is 1000 ms IGMP activity: 0 joins, 0 leaves IGMP querying router is 10.87.5.250 (this system) IGMP version is 2

show ip igmp ssm-map

ces
Syntax Parameters

Display is a list of groups that are currently in the IGMP group table and contain SSM mapped sources. show ip igmp ssm-map [group] group
(OPTIONAL) Enter the multicast group address in the form A.B.C.D to display the

list of sources to which this group is mapped.

Command Modes

EXEC EXEC Privilege

Command History Related Commands

Version 7.8.1.0 Version 7.7.1.0

Introduced on C-Series and S-Series Introduced on E-Series Use a statically configured list to translate (*,G) memberships to (S,G) memberships.

ip igmp ssm-map

588

Internet Group Management Protocol (IGMP)

show ip igmp ssm-map

IGMP Snooping Commands

FTOS supports IGMP Snooping version 2 and 3 on all Force10 systems: ip igmp snooping enable ip igmp snooping fast-leave ip igmp snooping flood ip igmp snooping last-member-query-interval ip igmp snooping mrouter ip igmp snooping querier show ip igmp snooping mrouter

Important Points to Remember for IGMP Snooping

FTOS supports version 1, version 2, and version 3 hosts. FTOS IGMP snooping implementation is based on IP multicast address (not based on Layer 2 multicast mac-address) and the IGMP snooping entries are in Layer 3 flow table not in Layer 2 FIB. FTOS IGMP snooping implementation is based on draft-ietf-magma-snoop-10. FTOS supports IGMP snooping on JUMBO enabled cards. IGMP snooping is not enabled by default on the switch. A maximum of 1800 groups and 600 VLAN are supported. IGMP snooping is not supported on default VLAN interface. IGMP snooping is not supported over VLAN-Stack-enabled VLAN interfaces (you must disable IGMP snooping on a VLAN interface before configuring VLAN-Stack-related commands). IGMP snooping does not react to Layer 2 topology changes triggered by STP. IGMP snooping reacts to Layer 2 topology changes triggered by MSTP by sending a general query on the interface that comes in FWD state.

Important Points to Remember for IGMP Querier

The IGMP snooping Querier supports version 2. You must configure an IP address to the VLAN interface for IGMP snooping Querier to begin. The IGMP snooping Querier disables itself when a VLAN IP address is cleared, and then it restarts itself when an IP address is re-assigned to the VLAN interface. When enabled, IGMP snooping Querier will not start if there is a statically configured multicast router interface in the VLAN. When enabled, IGMP snooping Querier starts after one query interval in case no IGMP general query (with IP SA lower than its VLAN IP address) is received on any of its VLAN members. When enabled, IGMP snooping Querier periodically sends general queries with an IP source address of the VLAN interface. If it receives a general query on any of its VLAN member, it will check the IP source address of the incoming frame. If the IP SA in the incoming IGMP general query frame is lower than the IP address of the VLAN interface, then the switch disables its IGMP snooping Querier functionality.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

589

ip igmp snooping enable

If the IP SA of the incoming IGMP general query is higher than the VLAN IP address, the switch will continue to work as an IGMP snooping Querier.

ip igmp snooping enable

ces
Syntax

Enable IGMP snooping on all or a single VLAN. This is the master on/off switch to enable IGMP snooping. ip igmp snooping enable To disable IGMP snooping, enter no ip igmp snooping enable command.

Defaults Command Modes

Disabled CONFIGURATION INTERFACE VLAN

Command History

Version 7.6.1.0 Version 7.5.1.0

Introduced on S-Series Introduced on C-Series

E-Series legacy command Usage Information

You must enter this command to enable IGMP snooping. When enabled from CONFIGURATION mode, IGMP snooping is enabled on all VLAN interfaces (except default VLAN).

Note: You must execute the no shutdown command on the VLAN interface for IGMP Snooping to function.
Related Commands

no shutdown

Activate an interface

ip igmp snooping fast-leave

ces
Syntax

Enable IGMP snooping fast leave for this VLAN. ip igmp snooping fast-leave To disable IGMP snooping fast leave, use the no igmp snooping fast-leave command.

Defaults Command Modes

Not configured INTERFACE VLAN(conf-if-vl-n)

590

Internet Group Management Protocol (IGMP)

ip igmp snooping flood

Command History

Version 7.6.1.0 Version 7.5.1.0

Introduced on S-Series Introduced on C-Series

E-Series legacy command Usage Information

Queriers normally send a certain number of queries when a leave message is received prior to deleting a group from the membership database. There may be situations in which fast deletion of a group is required. When IGMP fast leave processing is enabled, the switch will remove an interface from the multicast group as soon as it detects an IGMP version 2 leave message on the interface.

ip igmp snooping flood

ces
This command controls the flooding behavior of unregistered multicast data packets. On the E-Series, when flooding is enabled (the default), unregistered multicast data traffic is flooded to all ports in a VLAN. When flooding is disabled, unregistered multicast data traffic is forwarded to only multicast router ports, both static and dynamic, in a VLAN. If there is no multicast router port in a VLAN, then unregistered multicast data traffic is dropped. On the C-Series and S-Series, unregistered multicast data traffic is dropped when flooding is disabled; they do not forward the packets to multicast router ports. On the C-Series and S-Series, Layer 3 multicast must be disabled (no ip multicast-routing) in order to disable Layer 2 multicast flooding.
Syntax Defaults Command Modes Command History

ip igmp snooping flood Enabled CONFIGURATION

Version 8.2.1.0 Version 7.7.1.1 Introduced on the C-Series and S-Series. Introduced on E-Series.

ip igmp snooping last-member-query-interval

ces
The last member query interval is the maximum response time inserted into Group-Specific queries sent in response to Group-Leave messages. This interval is also the interval between successive Group-Specific Query messages. Use this command to change the last member query interval. ip igmp snooping last-member-query-interval milliseconds To return to the default value, enter no ip igmp snooping last-member-query-interval. Command Line Reference for FTOS version 8.4.2.4 Publication Date: July 20, 2011 591

Syntax

ip igmp snooping mrouter

Parameters

milliseconds

Enter the interval in milliseconds. Default: 1000 milliseconds Range: 100 to 65535

Defaults Command Modes Command History

1000 milliseconds INTERFACE VLAN

Version 7.6.1.0 Version 7.5.1.0 Introduced on S-Series Introduced on C-Series

E-Series legacy command

ip igmp snooping mrouter

ces
Syntax

Statically configure a VLAN member port as a multicast router interface. ip igmp snooping mrouter interface interface To delete a specific multicast router interface, use the no igmp snooping mrouter interface interface command.

Parameters

interface interface

Defaults Command Modes Command History

Not configured INTERFACE VLAN(conf-if-vl-n)

Version 7.6.1.0 Version 7.5.1.0 Introduced on S-Series Introduced on C-Series

E-Series legacy command Usage Information

FTOS provides the capability of statically configuring interface to which a multicast router is attached. To configure a static connection to the multicast router, enter the ip igmp snooping mrouter interface command in the VLAN context. The interface to the router must be a part of the VLAN where you are entering the command. Internet Group Management Protocol (IGMP)

592

ip igmp snooping querier

ces
Syntax

Enable IGMP querier processing for the VLAN interface. ip igmp snooping querier To disable IGMP querier processing for the VLAN interface, enter no ip igmp snooping querier command.

Defaults Command Modes Command History

Not configured INTERFACE VLAN(conf-if-vl-n)

Version 7.6.1.0 Version 7.5.1.0 Introduced on S-Series Introduced on C-Series

E-Series legacy command Usage Information

This command enables the IGMP switch to send General Queries periodically. This is useful when there is no multicast router present in the VLAN because the multicast traffic does not need to be routed. An IP address must be assigned to the VLAN interface for the switch to act as a querier for this VLAN.

show ip igmp snooping mrouter

ces
Syntax Parameters

Display multicast router interfaces. show ip igmp snooping mrouter [vlan number] vlan number
Enter the keyword vlan followed by the vlan number. Range: 1-4094

Command Modes

EXEC EXEC Privilege

Command History

Version 7.6.1.0 Version 7.5.1.0

Introduced on S-Series Introduced on C-Series

E-Series legacy command Example

Figure 185 show ip igmp snooping mrouter Command Example

Force10#show ip igmp snooping mrouter Interface Router Ports Vlan 2 Gi 13/3, Po 1 Force10#

Related Commands

show ip igmp groups

Use this IGMP command to view groups

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

593

show ip igmp snooping mrouter

594

Internet Group Management Protocol (IGMP)

Chapter 23
Overview

Interfaces

This chapter defines interface commands and is divided into the following sections: Basic Interface Commands Port Channel Commands Time Domain Reflectometer (TDR) UDP Broadcast

The symbols c e s under command headings indicate which Force10 platforms C-Series, E-Series, or S-Series, respectively support the command. Although all interfaces are supported on E-Series ExaScale, some interface functionality is supported on E-Series ExaScale ex with FTOS 8.2.1.0. and later. When this is the case that is noted in the command history.

Basic Interface Commands

The following commands are for physical, Loopback, and Null interfaces: clear counters clear dampening cx4-cable-length dampening description disable-on-sfm-failure duplex (Management) duplex (10/100 Interfaces) flowcontrol interface interface loopback interface ManagementEthernet interface null interface range interface range macro (define) interface range macro name

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

595

clear counters

interface vlan ipg (Gigabit Ethernet interfaces) ipg (10 Gigabit Ethernet interfaces) keepalive lfs enable (EtherScale) link debounce-timer monitor mtu negotiation auto portmode hybrid rate-interval show config show config (from INTERFACE RANGE mode) show interfaces show interfaces configured show interfaces dampening show interfaces description show interfaces linecard show interfaces phy show interfaces stack-unit show interfaces status show interfaces switchport show interfaces transceiver show range shutdown speed (for 10/100/1000 interfaces) speed (Management interface) switchport wanport

clear counters
ces
Syntax

Clear the counters used in the show interfaces commands for all VRRP groups, VLANs, and physical interfaces, or selected ones. clear counters [interface] [vrrp [{[ipv6] vrid | vrf instance}] | learning-limit]

596

Interfaces

clear counters

Parameters

interface

(OPTIONAL) Enter any of the following keywords and slot/port or number to clear counters from a specified interface: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Loopback interface, enter the keyword loopback followed by a number from 0 to 16383. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For the management interface on the RPM, enter the keyword ManagementEthernet followed by slot/port information. The slot range is 0-1, and the port range is 0. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

vrrp [[ipv6] vrid] vrrp [vrf instance]

(OPTIONAL) Enter the keyword vrrp to clear the counters of all VRRP groups. To clear the counters of VRRP groups on all IPv6 interfaces, enter ipv6. To clear the counters of a specified group, enter a vrid number from 1 to 255. (OPTIONAL) E-Series only: Enter the keyword vrrp to clear counters for all VRRP groups. To clear the counters of VRRP groups in a specified VRF instance, enter the name of the instance (32 characters maximum). IPv6 VRRP groups are not supported. (OPTIONAL) Enter the keyword learning-limit to clear unknown source address (SA) drop counters when MAC learning limit is configured on the interface.

learning-limit

Note: This option is not supported on the S-Series, as the MAC

learning limit is not supported
Defaults Command Modes Command History

Without an interface specified, the command clears all interface counters. EXEC Privilege
Version 8.4.1.0 Version 8.2.1.0 Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 6.5.1.0 On the E-Series, support was added for VRRP groups in a VRF instance. Support for 4093 VLANs on E-Series ExaScale. Prior to release supported 2094. Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Updated definition of the learning-limit option for clarity.

Example

Figure 186 clear counters Command Example

Force10#clear counters Clear counters on all interfaces [confirm]

Related Commands

mac learning-limit show interfaces

Allow aging of MACs even though a learning-limit is configured or disallow station move on learnt MACs. Displays information on the interfaces.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

597

clear dampening

clear dampening
ces
Syntax Parameters

Clear the dampening counters on all the interfaces or just the specified interface. clear dampening [interface] interface
(Optional) Enter one of the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Defaults Command Modes Command History

Without a specific interface specified, the command clears all interface dampening counters EXEC Privilege
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

Example
Force10#clear dampening gigabitethernet 1/2 Clear dampening counters on Gi 1/2 [confirm] y Force10#

Related Commands

show interfaces dampening dampening

Display interface dampening information.

Configure dampening on an interface.

cx4-cable-length
s
Syntax

Configure the length of the cable to be connected to the selected CX4 port. [no] cx4-cable-length {long | medium | short}

598

Interfaces

cx4-cable-length

Parameters

long | medium | short

Enter the keyword that matches the cable length to be used at the selected port:

short = For 1-meter and 3-meter cable lengths medium = For 5-meter cable length long = For 10-meter and 15-meter cable lengths
Defaults Mode Command History Usage Information

medium Interface
Version 7.7.1.0 Introduced on S-Series

This command only works on ports that the system recognizes as CX4 ports. The figure below shows an attempt to configure an XFP port in an S25P with the command after inserting a CX4 converter into the port:

Note: When using a long CX4 cable between the C-Series and the S-Series,
configure the cable using the cx4-cable-length short command only to avoid any errors. Note: 15M CX4 active cable is not supported on C-Series and S-series. It is only supported for S2410 with active end on the device.
Example

Figure 187 Example of Unsuccessful CX4 Cable Length Configuration

Force10#show interfaces tengigabitethernet 0/26 | grep "XFP type" Pluggable media present, XFP type is 10GBASE-CX4 Force10(conf-if-te-0/26)#cx4-cable-length short % Error: Unsupported command. Force10(conf-if-te-0/26)#cx4-cable-length medium % Error: Unsupported command. Force10(conf-if-te-0/26)#cx4-cable-length long % Error: Unsupported command. Force10(conf-if-te-0/26)#

The figure below shows a successful CX4 cable length configuration.

Example

Figure 188 Example of CX4 Cable Length Configuration

Force10#config Force10(config)#interface tengigabitethernet 0/52 Force10(conf-if-0/52)#cx4-cable-length long Force10(conf-if-0/52)#show config ! interface TenGigabitEthernet 0/51 no ip address cx4-cable-length long shutdown Force10(conf-if-0/52)#exit Force10(config)#

For details on using XFP ports with CX4 cables, see your S-Series hardware guide.
Related Commands show config Display the configuration of the selected interface.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

599

dampening

dampening
ces
Syntax

Configure dampening on an interface. dampening [[[[half-life] [reuse-threshold]] [suppress-threshold]] [max-suppress-time]] To disable dampening, use the no dampening [[[[half-life] [reuse-threshold]] [suppress-threshold]] [max-suppress-time]] command syntax.

Parameters

half-life

Enter the number of seconds after which the penalty is decreased. The penalty is decreased by half after the half-life period expires. Range: 1 to 30 seconds Default: 5 seconds

reuse-threshold

Enter a number as the reuse threshold, the penalty value below which the interface state is changed to up. Range: 1 to 20000 Default: 750 Enter a number as the suppress threshold, the penalty value above which the interface state is changed to error disabled. Range: 1 to 20000 Default: 2500 Enter the maximum number for which a route can be suppressed. The default is four times the half-life value. Range: 1 to 86400 Default: 20 seconds

suppress-threshold

max-suppress-time

Defaults Command Modes Command History

Disabled INTERFACE (conf-if-)

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

Example
Force10(conf-if-gi-3/2)#dampening 20 800 4500 120 Force10(conf-if-gi-3/2)#

Usage Information

With each flap, FTOS penalizes the interface by assigning a penalty (1024) that decays exponentially depending on the configured half-life. Once the accumulated penalty exceeds the suppress threshold value, the interface is moved to the error-disabled state. This interface state is deemed as down by all static/dynamic Layer 2 and Layer 3 protocols. The penalty is exponentially decayed based on the half-life timer. Once the penalty decays below the reuse threshold, the interface is enabled. The configured parameters should follow: suppress-threshold should be greater than reuse-threshold max-suppress-time should be at least 4 times half-life

600

Interfaces

description

Note: Dampening cannot be applied on an interface that is monitoring traffic for other interfaces.
Related Commands

clear dampening show interfaces dampening

Clear the dampening counters on all the interfaces or just the specified interface.

Display interface dampening information.

description
ces
Syntax

Assign a descriptive text string to the interface. description desc_text To delete a description, enter no description.

Parameters

desc_text

Enter a text string up to 240 characters long.

Defaults Command Modes Command History

No description is defined. INTERFACE

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Modified for E-Series: Revised from 78 to 240 characters.

Usage Information

Spaces between characters are not preserved after entering this command unless you enclose the entire description in quotation marks (desc_text). Entering a text string after the description command overwrites any previous text string configured as the description. The shutdown and description commands are the only commands that you can configure on an interface that is a member of a port-channel. Use the show interfaces description command to display descriptions configured for each interface.
show interfaces description

Related Commands

Display description field of interfaces.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

601

disable-on-sfm-failure

disable-on-sfm-failure
e
Syntax

Disable select ports on E300 systems when a single SFM is available. disable-on-sfm-failure To delete a description, enter no disable-on-sfm-failure.

Defaults Command Modes Command History Usage Information

Port is not disabled INTERFACE

Version 7.7.1.0 Introduced on E300 systems only

When an E300 system boots up and a single SFM is active this configuration, any ports configured with this feature will be shut down. If an SFM fails (or is removed) in an E300 system with two SFM, ports configured with this feature will be shut down. All other ports are treated normally. When a second SFM is installed or replaced, all ports are booted up and treated as normally. This feature does not take affect until a single SFM is active in the E300 system.

duplex (Management)
ce
Syntax

Set the mode of the Management interface. duplex {half | full} To return to the default setting, enter no duplex.

Parameters

half full

Enter the keyword half to set the Management interface to transmit only in one direction. Enter the keyword full to set the Management interface to transmit in both directions.

Defaults Command Modes Command History

Not configured INTERFACE

Version 8.1.1.0 Version 7.5.1.0 Version 6.4.1.0 Introduced on E-Series ExaScale Introduced on C-Series Documentation modifiedadded Management to distinguish from duplex (10/ 100 Interfaces)

Usage Information Related Commands

This command applies only to the Management interface on the RPMs.

interface ManagementEthernet duplex (Management)

Configure the Management port on the system (either the Primary or Standby RPM). Set the mode of the Management interface.

602

Interfaces

duplex (10/100 Interfaces)

management route

Configure a static route that points to the Management interface or a forwarding router. Set the speed on the Management interface.

speed (Management interface)

duplex (10/100 Interfaces)

ces
Configure duplex mode on any physical interfaces where the speed is set to 10/100.Syntax duplex {half | full} To return to the default setting, enter no duplex.
Parameters

half full

Enter the keyword half to set the physical interface to transmit only in one direction. Enter the keyword full to set the physical interface to transmit in both directions.

Defaults Command Modes Command History

Not configured INTERFACE

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 6.4.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced

Usage Information

This command applies to any physical interface with speed set to 10/100.

Note: Starting with FTOS 7.8.1.0, when a copper SFP2 module with catalog number GP-SFP2-1T is used in the S25P model of the S-Series, its speed can be manually set with the speed command. When the speed is set to 10 or 100 Mbps, the duplex command can also be executed.
Related Commands speed (for 10/100/1000 interfaces) negotiation auto Set the speed on the Base-T Ethernet interface. Enable or disable auto-negotiation on an interface.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

603

flowcontrol

flowcontrol
ces
Syntax

Control how the system responds to and generates 802.3x pause frames on 1Gig and 10Gig line cards. flowcontrol rx {off | on} tx {off | on} threshold {<1-2047> <1-2013> <1-2013>} The threshold keyword is supported on C-Series and S-Series only.

Parameters

rx on rx off tx on

Enter the keywords rx on to process the received flow control frames on this port. This is the default value for the receive side. Enter the keywords rx off to ignore the received flow control frames on this port. Enter the keywords tx on to send control frames from this port to the connected device when a higher rate of traffic is received. This is the default value on the send side. Enter the keywords tx off so that flow control frames are not sent from this port to the connected device when a higher rate of traffic is received.

tx off threshold
(C-Series and S-Series only)

When tx on is configured, you can set the threshold values for: Number of flow-control packet pointers: 1-2047 (default = 75) Flow-control buffer threshold in KB: 1-2013 (default = 49KB) Flow-control discard threshold in KB: 1-2013 (default= 75KB)

Defaults

C-Series: rx off tx off E-Series: rx on tx on S-Series: rx off tx off

Command Modes Command History

INTERFACE
Version 8.1.1.0 Version 6.5.1.9 and 7.4.1.0 Version 7.8.1.0 Introduced on E-Series ExaScale Introduced on E-Series Introduced on C-Series and S-Series with thresholds

Usage Information

The globally assigned 48-bit Multicast address 01-80-C2-00-00-01 is used to send and receive pause frames. To allow full duplex flow control, stations implementing the pause operation instruct the MAC to enable reception of frames with a destination address equal to this multicast address. The pause: Starts when either the packet pointer or the buffer threshold is met (whichever is met first). When the discard threshold is met, packets are dropped. Ends when both the packet pointer and the buffer threshold fall below 50% of the threshold settings.

The discard threshold defines when the interface starts dropping the packet on the interface. This may be necessary when a connected device does not honor the flow control frame sent by the S-Series. The discard threshold should be larger than the buffer threshold so that the buffer holds at least hold at least 3 packets.

604

Interfaces

flowcontrol

On 4-port 10G line cards: Changes in the flow-control values are not reflected automatically in the show interface output for 10G interfaces. This issue results from the fact that 10G interfaces do not support auto-negotiation per-se. On 1G interfaces, changing the flow control values causes an automatic interface flap, after which PAUSE values are exchanged as part of the auto-negotiation process. As a workaround, apply the new settings, execute shut followed by no shut on the interface, and then check the running-config of the port.

Important Points to Remember

Do not enable tx pause when buffer carving is enabled. Consult Force 10 TAC for information and assistance. Asymmetric flow control (rx on tx off or rx off tx on) setting for the interface port less than 100 Mb/s speed is not permitted. The following error is returned:

Cant configure Asymmetric flowcontrol when speed <1G, config ignored

The only configuration applicable to half duplex ports is rx off tx off. The following error is returned:

Cant configure flowcontrol when half duplex is configure, config ignored

Half duplex cannot be configured when the flow control configuration is on (default is rx on tx on). The following error is returned:

Cant configure half duplex when flowcontrol is on, config ignored Note: The flow control must be off (rx off tx off) before configuring the half duplex.

Speeds less than 1 Gig cannot be configured when the asymmetric flow control configuration is on. The following error is returned:

Cant configure speed <1G when Asymmetric flowcontrol is on, config ignored
FTOS only supports rx on tx on and rx off tx off for speeds less than 1 Gig (Symmetric). On the C-Series and S-Series systems, the flow-control sender and receiver must be on the same port-pipe. Flow control is not supported across different port-pipes on the C-Series or S-Series system.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

605

flowcontrol

Example

Figure 189 show running config (partial)

Force10(conf-if-gi-0/1)#show config ! interface GigabitEthernet 0/1 no ip address switchport no negotiation auto flowcontrol rx off tx on no shutdown ...

The table below displays how FTOS negotiates the flow control values between two Force10 chassis connected back-to-back using 1G copper ports. Table 40 Negotiated Flow Control Values Configured
LocRxConf LocTxConf

Negotiated
RemoteRxConf RemoteTxConf LocNegRx LocNegTx RemNegRx RemNegTx

off

off off on on off off on on off off on on off off on on

off on off on off on off on off on off on off on off on

off off off off off off off off off on on on off off on on

off off off off off off on off off off on on off off on on

off off off off off off off off off on on on off off on on

off

Related Commands

show running-config show interfaces

Display the flow configuration parameters (non-default values only). Display the negotiated flow control parameters.

606

Interfaces

interface

interface
ces
Syntax Parameters

Configure a physical interface on the switch. interface interface interface

Enter one of the following keywords and slot/port or number information: For 100/1000 Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For SONET interfaces, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 6.4.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced

Example

Figure 190 interface Command Example

Force10(conf)#interface gig 0/0 Force10(conf-if-gi-0/0)#exit#

Usage Information

You cannot delete a physical interface. By default, physical interfaces are disabled (shutdown) and are in Layer 3 mode. To place an interface in mode, ensure that the interfaces configuration does not contain an IP address and enter the switchport command.

Related Commands

interface loopback interface null interface port-channel interface sonet interface vlan show interfaces

Configure a Loopback interface. Configure a Null interface. Configure a port channel. Configure a SONET interface. Configure a VLAN. Display interface configuration.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

607

interface loopback

interface loopback
ces
Syntax

Configure a Loopback interface. interface loopback number To remove a loopback interface, use the no interface loopback number command.

Parameters

number

Enter a number as the interface number. Range: 0 to 16383.

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 6.4.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced

Example

Figure 191 interface loopback Command Example

Force10(conf)#interface loopback 1655 Force10(conf-if-lo-1655)#

Related Commands

interface interface null interface port-channel interface vlan

Configure a physical interface. Configure a Null interface. Configure a port channel. Configure a VLAN.

608

Interfaces

interface ManagementEthernet

interface ManagementEthernet
ce
Syntax Parameters

Configure the Management port on the system (either the Primary or Standby RPM). interface ManagementEthernet slot/port slot/port
Enter the keyword ManagementEthernet followed by slot number (0-1) and port number zero (0).

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 8.1.1.0 Version 7.5.1.0 Version 6.4.1.0 Introduced on E-Series ExaScale Introduced for C-Series Introduced for E-Series

Example

Figure 192 interface ManagementEthernet Command Example

Force10(conf)#interface managementethernet 0/0 Force10(conf-if-ma-0/0)#

Usage Information

You cannot delete a Management port. The Management port is enabled by default (no shutdown). Use the ip address command to assign an IP address to the Management port. If two RPMs are installed in your system, use the show redundancy command to display which RPM is the Primary RPM.

Related Commands

management route duplex (Management) speed (Management interface)

Configure a static route that points to the Management interface or a forwarding router. Clear FIB entries on a specified line card. Clear FIB entries on a specified line card.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

609

interface null

interface null
ces
Syntax Parameters

Configure a Null interface on the switch. interface null number number

Enter zero (0) as the Null interface number.

Defaults Command Modes Command History

Not configured; number = 0 CONFIGURATION

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 6.4.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced

Example

Figure 193 interface null Command Example

Force10(conf)#interface null 0 Force10(conf-if-nu-0)#

Usage Information Related Commands

You cannot delete the Null interface. The only configuration command possible in a Null interface is ip unreachables.
interface interface loopback interface port-channel interface vlan ip unreachables Configure a physical interface. Configure a Loopback interface. Configure a port channel. Configure a VLAN. Enable generation of ICMP unreachable messages.

610

Interfaces

interface range

interface range
ces
This command permits configuration of a range of interfaces to which subsequent commands are applied (bulk configuration). Using the interface range command, identical commands can be entered for a range of interface. interface range interface , interface , ... interface , interface , ...
Enter the keyword interface range and one of the interfaces slot/port, port-channel or VLAN number. Select the range of interfaces for bulk configuration. You can enter up to six comma separated rangesspaces are not required between the commas. Comma-separated ranges can include VLANs, port-channels and physical interfaces. Slot/Port information must contain a space before and after the dash. For example, interface range gigabitethernet 0/1 - 5 is valid; interface range gigabitethernet 0/1-5 is not valid. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

Syntax Parameters

Defaults Command Modes Command History

This command has no default behavior or values. CONFIGURATION

Version 8.2.1.0 Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Support for 4093 VLANs on E-Series ExaScale. Prior releases supported 2094. Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced for E-Series

Usage Information

When creating an interface range, interfaces appear in the order they are entered; they are not sorted. The command verifies that interfaces are present (physical) or configured (logical). Important things to remember: Bulk configuration is created if at least one interface is valid. Non-existing interfaces are excluded from the bulk configuration with a warning message. The interface range prompt includes interface types with slot/port information for valid interfaces. The prompt allows for a maximum of 32 characters. If the bulk configuration exceeds 32 characters, it is represented by an ellipsis ( ... ). When the interface range prompt has multiple port ranges, the smaller port range is excluded from the prompt.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

611

interface range

If overlapping port ranges are specified, the port range is extended to the smallest start port and the biggest end port.

Example

Figure 194 Bulk Configuration Warning Message

Force10(conf)#interface range so 2/0 - 1 , te 10/0 , gi 3/0 , fa 0/0 % Warning: Non-existing ports (not configured) are ignored by interface-range

Example

Figure 195 Interface Range prompt with Multiple Ports

Force10(conf)#interface range gi 2/0 - 23 , gi 2/1 - 10 Force10(conf-if-range-gi-2/0-23#

Example

Figure 196 Interface Range prompt Overlapping Port Ranges

Force10(conf)#interface range gi 2/1 - 11 , gi 2/1 - 23 Force10(conf-if-range-gi-2/1-23#

Only VLAN and port-channel interfaces created using the interface vlan and interface port-channel commands can be used in the interface range command. Use the show running-config command to display the VLAN and port-channel interfaces. VLAN or port-channel interfaces that are not displayed in the show running-config command can not be used with the bulk configuration feature of the interface range command. You cannot create virtual interfaces (VLAN, Port-channel) using the interface range command.
Note: If a range has VLAN, physical, port-channel, and SONET interfaces, only commands related to physical interfaces can be bulk configured. To configure commands specific to VLAN, port-channel or SONET, only those respective interfaces should be configured in a particular range.

The following figure is an example of a single range bulk configuration.

Example

Figure 197 Single Range Bulk Configuration

Force10(config)# interface range gigabitethernet 5/1 - 23 Force10(config-if-range)# no shutdown Force10(config-if-range)#

The following figure shows how to use commas to add different interface types to the range enabling all Gigabit Ethernet interfaces in the range 5/1 to 5/23 and both Ten Gigabit Ethernet interfaces 1/1 and 1/2.
Example

Figure 198 Multiple Range Bulk Configuration Gigabit Ethernet and Ten Gigabit Ethernet
Force10(config-if)# interface range gigabitethernet 5/1 - 23, tengigabitethernet 1/1 - 2 Force10(config-if-range)# no shutdown Force10(config-if-range)#

612

Interfaces

interface range macro (define)

The following figure shows how to use commas to add SONET, VLAN, and port-channel interfaces to the range.
Example

Figure 199 Multiple Range Bulk Configuration with SONET, VLAN, and port channel

Force10(config-if)# interface range gigabitethernet 5/1 - 23, tengigabitethernet 1/1 2, Vlan 2 100 , Port 1 25 Force10(config-if-range)# no shutdown Force10(config-if-range)#

Related Commands

interface port-channel interface vlan show config (from INTERFACE RANGE mode) show range interface range macro (define)

Configure a port channel group. Configure a VLAN interface. Show the bulk configuration interfaces. Show the bulk configuration ranges. Define a macro for an interface-range.

interface range macro (define)

ces
Syntax Parameters

Defines a macro for an interface range and then saves the macro in the running configuration. define interface range macro name interface , interface , ... name interface , interface ,...
Enter up to 16 characters for the macro name. Enter the interface keyword (see below) and one of the interfaces slot/port, port-channel or VLAN numbers. Select the range of interfaces for bulk configuration. You can enter up to six comma separated rangesspaces are not required between the commas. Comma-separated ranges can include VLANs, port-channels and physical interfaces. Slot/Port information must contain a space before and after the dash. For example, interface range gigabitethernet 0/1 - 5 is valid; interface range gigabitethernet 0/1-5 is not valid. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

Defaults

This command has no default behavior or value

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

613

interface range macro name

Command Modes Command History

CONFIGURATION
Version 8.2.1.0 Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 6.2.1.1 Support for 4093 VLANs on E-Series ExaScale. Prior releases supported 2094. Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced

Example

Figure 200 define interface-range macro Command Example

Force10(config)# define interface-range test tengigabitethernet 0/0 - 3 , gigabitethernet 5/0 - 47 , gigabitethernet 13/0 - 89 Force10# show running-config | grep define define interface-range test tengigabitethernet 0/0 - 3 , gigabitethernet 5/0 - 47 , gigabitethernet 13/0 - 89 Force10(config)#interface range macro test Force10(config-if-range-te-0/0-3,gi-5/0-47,gi-13/0-89)#

Usage Information Related Commands

The above figure is an example of how to define an interface range macro named test. Execute the show running-config command to display the macro definition.
interface range interface range macro name Configure a range of command (bulk configuration) Run an interface range macro.

interface range macro name

ces
Syntax Parameters

Run the interface-range macro to automatically configure the pre-defined range of interfaces. interface range macro name name
Enter the name of an existing macro.

Defaults Command Modes Command History

This command has no default behavior or value CONFIGURATION

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 6.2.1.1 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced

Usage Information

The following figure runs the macro named test that was defined earlier.

614

Interfaces

interface vlan

Example

Figure 201 interface-range macro Command Example

Force10(config)#interface range macro test Force10(config-if-range-te-0/0-3,gi-5/0-47,gi-13/0-89)# Force10

Related Commands

interface range interface range macro (define)

Configure a range of command (bulk configuration) Define a macro for an interface range (bulk configuration)

interface vlan
ces
Syntax

Configure a VLAN. You can configure up to 4094 VLANs. interface vlan vlan-id To delete a VLAN, use the no interface vlan vlan-id command.

Parameters

vlan-id

Enter a number as the VLAN Identifier. Range: 1 to 4094.

Defaults Command Modes Command History

Not configured, except for the Default VLAN, which is configured as VLAN 1. CONFIGURATION
Version 8.2.1.0 Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.0 Support for 4093 VLANs on E-Series ExaScale. Prior releases supported 2094. Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced for E-Series

Example

Figure 202 interface vlan Command Example

Force10(conf)#int vlan 3 Force10(conf-if-vl-3)#

Usage Information

For more information on VLANs and the commands to configure them, refer to Virtual LAN (VLAN) Commands. FTP, TFTP, and SNMP operations are not supported on a VLAN. MAC ACLs are not supported in VLANs. IP ACLs are supported. See Chapter 8, Access Control Lists (ACL).

Related Commands

interface interface loopback interface null interface port-channel show vlan

Configure a physical interface. Configure a loopback interface. Configure a null interface. Configure a port channel group. Display the current VLAN configuration on the switch.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

615

ipg (Gigabit Ethernet interfaces)

shutdown tagged untagged

Disable/Enable the VLAN. Add a Layer 2 interface to a VLAN as a tagged interface. Add a Layer 2 interface to a VLAN as an untagged interface.

ipg (Gigabit Ethernet interfaces)

e
Syntax

Set the Inter-packet gap (IPG) to 8 bytes for traffic on a Gigabit Ethernet interface. ipg 8 To return to the default setting, enter no ipg.

Parameters

8 12 bytes INTERFACE

Enter the keyword 8 to set the IPG to 8 bytes.

Defaults Command Modes Command History

Version 8.2.1.0 Version 8.1.1.0 pre-Version 6.1.1.0

Support for 4093 VLANs on E-Series ExaScale. Prior releases supported 2094. Introduced on E-Series ExaScale Introduced for E-Series

Usage Information

For 1-Gigabit Ethernet interfaces only.

Note: This command is an EtherScale only command.

616

Interfaces

ipg (10 Gigabit Ethernet interfaces)

e
Syntax

Set the Inter-packet Gap for traffic on 10 Gigabit Ethernet interface. ipg {ieee-802.3ae | shrink} To return to the default of averaging the IPG, enter no ipg {shrink | ieee-802.3ae}

Parameters

ieee-802.3ae shrink

Enter the keyword ieee-802.3ae to set the IPG to 12 (12-15) bytes (packet size dependent) Enter the keyword shrink to set the IPG to 8 (8-11) bytes (packet size dependent).

Defaults Command Modes Command History Usage Information

averaging the IPG INTERFACE

pre-Version 6.1.1.0 Introduced for E-Series (EtherScale-only)

For 10 Gigabit Ethernet interfaces only. IPG equals 96 bits times from end of the previous packet to start of the pre-amble of the next packet.

keepalive
ces
Syntax

On SONET interfaces, send keepalive packets periodically to keep an interface alive when it is not transmitting data. keepalive [seconds] To stop sending SONET keepalive packets, enter no keepalive.

Parameters

seconds

(OPTIONAL) For SONET interfaces with PPP encapsulation enabled, enter the number of seconds between keepalive packets. Range: 0 to 23767 Default: 10 seconds

Defaults Command Modes Command History

Enabled INTERFACE
Version 8.1.1.2 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced for E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

617

lfs enable (EtherScale) When you configure keepalive, the system sends a self-addressed packet out of the configured interface to verify that the far end of a WAN link is up. When you configure no keepalive, the system does not send keepalive packets and so the local end of a WAN link remains up even if the remote end is down.

Usage Information

lfs enable (EtherScale)

e
Syntax

Enable Link Fault Signaling (LFS) on EtherScale 10 Gigabit Ethernet interfaces only. lfs enable To disable LFS, enter no lfs enable.

Defaults Command Modes Command History Usage Information

Enabled. INTERFACE (10 Gigabit Ethernet interfaces only)

pre-Version 6.1.1.0 Introduced for E-Series

If there is a failure on the link, FTOS brings down the interface. The interface will stay down until the link failure signal stops.

Note: On TeraScale line cards, LFS is always enabled by default.

link debounce-timer
e
Syntax Parameters

Assign the debounce time for link change notification on this interface. link debounce [milliseconds] milliseconds
Enter the time to delay link status change notification on this interface. Range: 100-5000 ms Default for copper is 3100 ms Default for fiber is 100 ms

Command Modes Command History

INTERFACE
Version 8.2.1.0 Version 7.6.1.0 Introduced on E-Series ExaScale Introduced on E-Series

Usage Information

Changes do not affect any ongoing debounces. The timer changes take affect from the next debounce onward.

618

Interfaces

monitor

monitor
ces
Syntax

Monitor counters on a single interface or all interfaces on a line card. The screen is refreshed every 5 seconds and the CLI prompt disappears. monitor interface [interface] To disable monitoring and return to the CLI prompt, press the q key.

Parameters

interface

(OPTIONAL) Enter the following keywords and slot/port or number information: For an 100/1000 Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For the management port, enter the keyword managementethernet followed by the slot (0-1) and the port (0). For a SONET interface, enter the keyword sonet followed by the slot/port. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.0

Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced for E-Series

Usage Information Example

The delta column displays changes since the last screen refresh. Figure 203 monitor Command Example of a Single Interface
systest-3 Monitor time: 00:00:06 Refresh Intvl.: 2s Time: 03:26:26 Interface: Gi 0/3, Enabled, Link is Up, Linespeed is 1000 Mbit Traffic statistics: Input bytes: Output bytes: Input packets: Output packets: 64B packets: Over 64B packets: Over 127B packets: Over 255B packets: Over 511B packets: Over 1023B packets: Error statistics: Input underruns: Input giants: Input throttles: Input CRC: Input IP checksum: Input overrun: Output underruns: Output throttles: m l T q Current 9069828 606915800 54001 9401589 67 49166 350 1351 286 2781 0 0 0 0 0 0 0 0 43 43 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Rate Bps Bps pps pps pps pps pps pps pps pps pps pps pps pps pps pps pps pps Delta 86 86 1 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0

Change mode Page up Increase refresh interval Quit

c - Clear screen a - Page down t - Decrease refresh interval

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

619

monitor

Figure 204 monitor Command Example of All Interfaces on a Line Card

systest-3 Interface [delta] Gi 0/0 Gi 0/1 Gi 0/2 Gi 0/3 Gi 0/4 2661385 Gi 0/5 Gi 0/6 Gi 0/7 Gi 0/8 Gi 0/9 Gi 0/10 Gi 0/11 Gi 0/12 Gi 0/13 Gi 0/14 Gi 0/15 Gi 0/16 Gi 0/17 Gi 0/18 Gi 0/19 Gi 0/20 Gi 0/21 Gi 0/22 1114221 Gi 0/23 523329 Monitor time: 00:01:31 Link Down Down Up Up Up Up Up Up Up Up Up Up Up Up Up Up Up Up Up Down Up Up Up Up In Packets 0 0 61512 63086 14697471418 3759 4070 61934 61427 62039 17740044091 18182889225 18182682056 18182681434 61349 59808 59889 0 0 0 62734 60198 17304741100 17304769659 Refresh Intvl.: 2s [delta] 0 0 52 20 2661481 3 3 34 1 53 372 44 0 43 55 58 1 0 0 0 54 9 3157554 3139507 Time: 03:54:14 Out Packets 0 0 66160 9405888 13392989657 161959604 8680346 138734357 59960 104239232 7373849244 7184747584 3682 6592378911 86281941 62060 61616 14950126 0 0 62766 200899 10102508511 7133354895 0 0 42 24 832816 5 72 1 3 79 138 1 144 15 27 1 81293 0 0 18 9

m - Change mode b - Display bytes l - Page up

c - Clear screen r - Display pkts/bytes per sec a - Page down

Table 41 monitor Command Menu Options Key

systest-3 monitor time time m c b r l a T t q

Description
Displays the host name assigned to the system. Displays the amount of time since the monitor command was entered. Displays the amount of time the chassis is up (since last reboot). Change the view from a single interface to all interfaces on the line card or visa-versa. Refresh the view. Change the counters displayed from Packets on the interface to Bytes. Change the [delta] column from change in the number of packets/bytes in the last interval to rate per second. Change the view to next interface on the line card, or if in the line card mode, the next line card in the chassis. Change the view to the previous interface on the line card, or if the line card mode, the previous line card in the chassis. Increase the screen refresh rate. Decrease the screen refresh rate. Return to the CLI prompt.

620

Interfaces

mtu

mtu
ce
Syntax

Set the maximum Link MTU (frame size) for an Ethernet interface. mtu value To return to the default MTU value, enter no mtu.

Parameters

value

Enter a maximum frame size in bytes. Range: 594 to 9252 Default: 1554

Defaults Command Modes Command History

1554 INTERFACE
Version 8.1.1.0 Version 7.5.1.0 pre-Version 6.2.1.0 Introduced on E-Series ExaScale Introduced on C-Series Introduced for E-Series

Usage Information

If the packet includes a Layer 2 header, the difference between the link MTU and IP MTU (ip mtu command) must be enough bytes to include the Layer 2 header: On C-Series, the IP MTU will get adjusted automatically when the Layer 2 MTU is configured with the mtu command. On the E-Series, you must compensate for a Layer 2 header when configuring IP MTU and link MTU on an Ethernet interface. Use the ip mtu command.

When you enter the no mtu command, FTOS reduces the IP MTU value to 1536 bytes. On the E-Series, to return the IP MTU value to the default, enter no ip mtu. Link MTU and IP MTU considerations for port channels and VLANs are as follows. port channels: All members must have the same link MTU value and the same IP MTU value. The port channel link MTU and IP MTU must be less than or equal to the link MTU and IP MTU values configured on the channel members.

Example: if the members have a link MTU of 2100 and an IP MTU 2000, the port channels MTU values cannot be higher than 2100 for link MTU or 2000 bytes for IP MTU. VLANs: All members of a VLAN must have same IP MTU value. Members can have different Link MTU values. Tagged members must have a link MTU 4 bytes higher than untagged members to account for the packet tag. The VLAN link MTU and IP MTU must be less than or equal to the link MTU and IP MTU values configured on the VLAN members.

Example

The VLAN contains tagged members with Link MTU of 1522 and IP MTU of 1500 and untagged members with Link MTU of 1518 and IP MTU of 1500. The VLANs Link MTU cannot be higher than 1518 bytes and its IP MTU cannot be higher than 1500 bytes.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

621

negotiation auto

Table 42 Difference between Link MTU and IP MTU Layer 2 Overhead Ethernet (untagged) VLAN Tag Untagged Packet with VLAN-Stack Header Tagged Packet with VLAN-Stack Header Link MTU and IP MTU Delta 18 bytes 22 bytes 22 bytes 26 bytes

negotiation auto
ces
Syntax

Enable auto-negotiation on an interface. negotiation auto To disable auto-negotiation, enter no negotiation auto.

Defaults Command Modes Command History

Enabled. INTERFACE
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced for E-Series

Usage Information

This command is supported on C-Series, S-Series, and E-Series (TeraScale and ExaScale) 10/100/1000 Base-T Ethernet interfaces. The no negotiation auto command is only available if you first manually set the speed of a port to 10Mbits or 100Mbits. The negotiation auto command provides a mode option for configuring an individual port to forced-master/forced slave once auto-negotiation is enabled

Note: The mode option is not available on non-10/100/1000 Base-T Ethernet line
cards.

622

Interfaces

negotiation auto

Figure 205 negotiation auto Master/Slave Example

Force10(conf)# int gi 0/0 Force10(conf-if)#neg auto Force10(conf-if-autoneg)# ? end Exit from configuration mode exit Exit from autoneg configuration mode mode Specify autoneg mode no Negate a command or set its defaults show Show autoneg configuration information Force10(conf-if-autoneg)#mode ? forced-master Force port to master mode forced-slave Force port to slave mode Force10(conf-if-autoneg)#

If the mode option is not used, the default setting is slave. If you do not configure forced-master or forced slave on a port, the port negotiates to either a master or a slave state. Port status is one of the following: Forced-master Force-slave Master Slave Auto-neg Errortypically indicates that both ends of the node are configured with forced-master or forced-slave.

Caution: Ensure that one end of your node is configured as forced-master and one
is configured as forced-slave. If both are configured the same (that is forced-master or forced-slave), the show interfaces command will flap between an auto-neg-error and forced-master/slave states. You can display master/slave settings with the show interfaces command. Figure 206 Display Auto-negotiation Master/Slave Setting (partial)
Force10#show interfaces configured GigabitEthernet 13/18 is up, line protocol is up Hardware is Force10Eth, address is 00:01:e8:05:f7:fc Current address is 00:01:e8:05:f7:fc Interface index is 474791997 Internet address is 1.1.1.1/24 MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 1000 Mbit, Mode full duplex, Master ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interfaces" counters 00:12:42 Queueing strategy: fifo Input Statistics: ...

Both sides of the link must have auto-negotiation enabled or disabled for the link to come up. The following table details the possible speed and auto-negotiation combinations for a line between two 10/100/1000 Base-T Ethernet interfaces.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

623

portmode hybrid

Table 43 Auto-negotiation and Link Speed Combinations Port 0 auto-negotiation enabled* speed 1000 or auto auto-negotiation enabled speed 100 auto-negotiation disabled speed 100 auto-negotiation disabled speed 100 auto-negotiation enabled* speed 1000 or auto Port 1 auto-negotiation enabled* speed 1000 or auto auto-negotiation enabled speed 100 auto-negotiation disabled speed 100 auto-negotiation enabled speed 100 auto-negotiation disabled speed 100 Link Status between Port 1 and Port 2 Up at 1000 Mb/s Up at 100 Mb/s Up at 100 Mb/s Down Down

* You cannot disable auto-negotiation when the speed is set to 1000 or auto.

Related Commands

speed (for 10/100/1000 interfaces)

Set the link speed to 10, 100, 1000 or auto-negotiate the speed.

portmode hybrid
ces
Syntax

Set a physical port or port-channel to accept both tagged and untagged frames. A port configured this way is identified as a hybrid port in report displays. portmode hybrid To return a port to accept either tagged or untagged frames (non-hybrid), use the no portmode hybrid command.

Defaults Command Modes Command History

non-hybrid INTERFACE (conf-if-interface-slot/port)

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on E-Series and S-Series Introduced on C-Series only

624

Interfaces

portmode hybrid

Example

Figure 207 portmode hybrid configuration example

Force10(conf)#interface gi 7/0 Force10(conf-if-gi-7/0)#portmode hybrid Force10(conf-if-gi-7/0)#interface vlan 10 Force10(conf-if-vl-10)#untagged gi 7/0 Force10(conf-if-vl-10)#interface vlan 20 Force10(conf-if-vl-20)#tagged gi 7/0 Force10(conf-if-vl-20)#

Usage Information

The figure above sets a port as hybrid, makes the port a tagged member of VLAN 20, and an untagged member of VLAN 10, which becomes the native VLAN of the port. The port will now accept: untagged frames and classify them as VLAN 10 frames VLAN 20 tagged frames

The next figure is an example show output with Hybrid as the newly added value for 802.1QTagged. The options for this field are:
Example

Trueport is tagged Falseport is untagged Hybridport accepts both tagged and untagged frames

Figure 208 Display the Tagged Hybrid Interface

Force10(conf-if-vl-20)#do show interfaces switchport Name: GigabitEthernet 7/0 802.1QTagged: Hybrid Vlan membership: Vlan 10, Vlan 20 Native VlanId: 10 Force10(conf-if-vl-20)#

The figure below is an example unconfiguration of the hybrid port using the no portmode hybrid command.

Note: You must remove all other configurations on the port before you can remove
the hybrid configuration from the port.
Example

Figure 209 Unconfigure the hybrid port

Force10(conf-if-vl-20)#interface vlan 10 Force10(conf-if-vl-10)#no untagged gi 7/0 Force10(conf-if-vl-10)#interface vlan 20 Force10(conf-if-vl-20)#no tagged gi 7/0 Force10(conf-if-vl-20)#interface gi 7/0 Force10(conf-if-gi-7/0)#no portmode hybrid Force10(conf-if-vl-20)#

Related Commands

show interfaces switchport switchport vlan-stack trunk

Display the configuration of switchport (Layer 2) interfaces on the switch. Place the interface in a Layer 2 mode. Specify an interface as a trunk port to the Stackable VLAN network.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

625

rate-interval

rate-interval
ces
Syntax Parameters

Configure the traffic sampling interval on the selected interface. rate-interval seconds seconds
Enter the number of seconds for which to collect traffic data. Range: 30 to 299 seconds Note: Since polling occurs every 15 seconds, the number of seconds designated here will round to the multiple of 15 seconds lower than the entered value. For example, if 44 seconds is designated it will round to 30; 45 to 59 seconds will round to 45, and so forth.

Defaults Command Modes Command History

299 seconds

INTERFACE
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 6.1.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced

Usage Information Related Commands

The configured rate interval is displayed, along with the collected traffic data, in the output of show interfaces commands.
show interfaces Display information on physical and virtual interfaces.

626

Interfaces

show config

show config
ces
Syntax Command Modes Command History Display the interface configuration.

show config INTERFACE

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced for E-Series

Example

Figure 210 show config Command Example for the INTERFACE Mode
Force10(conf-if)#show conf ! interface GigabitEthernet 1/7 no ip address switchport no shutdown Force10(conf-if)#

show config (from INTERFACE RANGE mode)

ces
Syntax Command Modes Command History Display the bulk configured interfaces (interface range).

show config CONFIGURATION INTERFACE (conf-if-range)

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 6.1.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

Example

Figure 211 show config (Bulk Configuration) Command Example

Force10(conf)#interface range gigabitethernet 1/1 - 2 Force10(conf-if-range-gi-1/1-2)#show config ! interface GigabitEthernet 1/1 no ip address switchport no shutdown ! interface GigabitEthernet 1/2 no ip address switchport no shutdown Force10(conf-if-range-gi-1/1-2)#

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

627

show interfaces

show interfaces
ces
Syntax Parameters

Display information on a specific physical interface or virtual interface. show interfaces interface interface
Enter one of the following keywords and slot/port or number information: For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Loopback interface, enter the keyword loopback followed by a number from 0 to 16383. For the management interface on an RPM, enter the keyword ManagementEthernet followed by the slot/port information. The slot range is 0-1 and the port range is 0. For a Null interface, enter the keywords null 0. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN interface, enter the keyword vlan followed by a number from 1 to 4094.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.2.1.2 Version 8.2.1.0 Version 8.1.1.0 Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 6.4.1.0 Version 6.3.1.0

Include SFP and SFP+ optics power detail in E-Series and C-Series output. Support for 4093 VLANs on E-Series ExaScale. Prior releases supported 2094. Introduced on E-Series ExaScale Output expanded to include SFP+ media in C-Series Introduced on S-Series Introduced on C-Series Changed organization of display output Added Pluggable Media Type field in E-Series TeraScale output

Usage

Use this show interfaces command for details on a specific interface. Use the show interfaces linecard command for details on all interfaces on the designated line card. Note that, in an E-Series EtherScale chassis, the show interfaces command output does not include details about installed SFP or XFP transceivers.

628

Interfaces

show interfaces

Example

Figure 212 show interfaces Command Example for 10G Port (EtherScale in E-Series)
Force10#show interfaces tengigabitethernet 2/0 TenGigabitEthernet 2/0 is up, line protocol is up Hardware is Force10Eth, address is 00:01:e8:05:f7:3a Interface index is 100990998 Internet address is 213.121.22.45/28 MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 10000 Mbit ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interfaces" counters 02:31:45 Queueing strategy: fifo Input Statistics: 0 packets, 0 bytes Input 0 IP Packets, 0 Vlans 0 MPLS 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 symbol errors, 0 runts, 0 giants, 0 throttles 0 CRC, 0 IP Checksum, 0 overrun, 0 discarded Output Statistics: 1 packets, 64 bytes, 0 underruns 0 Multicasts, 2 Broadcasts, 0 Unicasts 0 IP Packets, 0 Vlans, 0 MPLS 0 throttles, 0 discarded Rate info (interval 299 seconds): Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Time since last interface status change: 00:00:27

Table 44 Lines in show interfaces Command Example (EtherScale) Line

TenGigabitEthernet 2/0... Hardware is... Interface index... Internet address... MTU 1554...

Description
Displays the interfaces type, slot/port, and administrative and line protocol status. Displays the interfaces hardware information and its assigned MAC address. Displays the interface index number used by SNMP to identify the interface. States whether an IP address is assigned to the interface. If one is, that address is displayed. Displays link and IP MTU information. If the chassis is in Jumbo mode, this number can range from 576 to 9252. Displays the interfaces line speed. Displays the ARP type and the ARP timeout value for the interface. Displays the time when the show interfaces counters where cleared. States the packet queuing strategy. FIFO means first in first out.

LineSpeed ARP type:... Last clearing... Queuing strategy...

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

629

show interfaces

Table 44 Lines in show interfaces Command Example (EtherScale) (continued) Line

Input Statistics:

Description
Displays all the input statistics including: Number of packets and bytes into the interface Number of packets with IP headers, VLAN tagged headers and MPLS headers Note: The sum of the number of packets may not be as expected since a VLAN tagged IP packet counts as both a VLAN packet and an IP packet. Packet size and the number of those packets inbound to the interface Number of symbol errors, runts, giants, and throttles packets: symbol errors = number packets containing bad data. That is, the port MAC detected a physical coding error in the packet. runts = number of packets that are less than 64B giants = packets that are greater than the MTU size throttles = packets containing PAUSE frames Note: Symbol errors is supported on E-Series EtherScale only. Number of CRC, IP Checksum, overrun, and discarded packets: CRC = packets with CRC/FCS errors IP Checksum = packets with IP Checksum errors overrun = number of packets discarded due to FIFO overrun conditions discarded = the sum of input symbol errors, runts, giants, CRC, IP Checksum, and overrun packets discarded without any processing Number of packets, bytes and underruns out of the interface packets = total number of packets

Output Statistics:

Displays output statistics sent out of the interface including:

bytes = total number of bytes

underruns = number of packets with FIFO underrun conditions Number of Multicast, Broadcast and Unicast packets: Multicasts = number of MAC multicast packets Broadcasts = number of MAC broadcast packets Unicasts = number of MAC unicast packets Number of IP, VLAN and MPLs packets: IP Packets = number of IP packets Vlans = number of VLAN tagged packets MPLS = number of MPLS packets (found on a LSR interface) Number of throttles and discards packets: throttles = packets containing PAUSE frames discarded = number of packets discarded without any processing

Rate information...

Estimate of the input and output traffic rate over a designated interval (30 to 299 seconds). Traffic rate is displayed in bits, packets per second, and percent of line rate. Elapsed time since the last interface status change (hh:mm:ss format).

Time since...

630

Interfaces

show interfaces

Example

Figure 213 show interfaces Command Example for 10G (TeraScale)

Force10#show interfaces tengigabitethernet 0/0 TenGigabitEthernet 3/0 is up, line protocol is up Hardware is Force10Eth, address is 00:01:e8:41:77:c5 Current address is 00:01:e8:41:77:c5 Pluggable media present, XFP type is 10GBASE-SR Medium is MultiRate, Wavelength is 850.00nm XFP receive power reading is -2.4834 Interface index is 134545468 Port will not be disabled on partial SFM failure MTU 9252 bytes, IP MTU 9234 bytes LineSpeed 10000 Mbit Flowcontrol rx on tx on ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 00:15:14 Queueing strategy: fifo Input Statistics: 4410013700 packets, 282240876800 bytes 0 Vlans 4410013700 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics: 857732 packets, 54894848 bytes, 0 underruns 857732 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 24 Multicasts, 0 Broadcasts, 857708 Unicasts 0 Vlans,0 throttles, 0 discarded, 0 collisions, 4409143619 wredDrops Rate info (interval 30 seconds): Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Time since last interface status change: 00:12:14 Force10#

Table 45 Fields in show interfaces Command Example (TeraScale) Line

TenGigabitEthernet 0/0... Hardware is... Pluggable media present...

Description
Interface type, slot/port and administrative and line protocol status. Interface hardware information, assigned MAC address, and current address. Present pluggable media wavelength, type, and rate. The error scenarios are: Wavelength, Non-qualified Force10 ID is not present, but wavelength information is available from XFP or SFP serial data Wavelength, F10 unknownForce10 ID is present, but not able to determine the optics type Unknown, Non-qualified if wavelength is reading error, and F10 ID is not present Force10 allows unsupported SFP and XFP transceivers to be used, but FTOS might not be able to retrieve some data about them. In that case, typically when the output of this field is Pluggable media present, Media type is unknown, the Medium and the XFP/SFP receive power reading data might not be present in the output.

Interface index... Internet address... MTU 1554...

Displays the interface index number used by SNMP to identify the interface. States whether an IP address is assigned to the interface. If one is, that address is displayed. Displays link and IP MTU information.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

631

show interfaces

Table 45 Fields in show interfaces Command Example (TeraScale) Line

LineSpeed ARP type:... Last clearing... Queuing strategy... Input Statistics:

Description
Displays the interfaces line speed, duplex mode, and Slave Displays the ARP type and the ARP timeout value for the interface. Displays the time when the show interfaces counters where cleared. States the packet queuing strategy. FIFO means first in first out. Displays all the input statistics including: Number of packets and bytes into the interface Number of packets with VLAN tagged headers Packet size and the number of those packets inbound to the interface Number of Multicast and Broadcast packets: Multicasts = number of MAC multicast packets Broadcasts = number of MAC broadcast packets Number of runts, giants, and throttles packets: runts = number of packets that are less than 64B

giants = packets that are greater than the MTU size throttles = packets containing PAUSE frames
Number of CRC, overrun, and discarded packets: CRC = packets with CRC/FCS errors overrun = number of packets discarded due to FIFO overrun conditions discarded = the sum of runts, giants, CRC, and overrun packets discarded without any processing Number of packets, bytes and underruns out of the interface Packet size and the number of those packets outbound to the interface Number of Multicast, Broadcast and Unicast packets: Multicasts = number of MAC multicast packets Broadcasts = number of MAC broadcast packets Unicasts = number of MAC unicast packets Number of VLANs, throttles, discards, and collisions: Vlans = number of VLAN tagged packets throttles = packets containing PAUSE frames discarded = number of packets discarded without any processing collisions = number of packet collisions wred=count both packets discarded in the MAC and in the hardware-based queues

Output Statistics:

Displays output statistics sent out the interface including:

Rate information...

Estimate of the input and output traffic rate over a designated interval (30 to 299 seconds) Traffic rate is displayed in bits, packets per second, and percent of line rate. Elapsed time since the last interface status change (hh:mm:ss format).

Time since...

632

Interfaces

show interfaces

Example

Figure 214 show interfaces Command Example for 1G SFP Interface

Force10#show interfaces gigabitethernet 2/0 GigabitEthernet 2/0 is up, line protocol is down Hardware is Force10Eth, address is 00:01:e8:41:77:95 Current address is 00:01:e8:41:77:95 Pluggable media present, SFP type is 1000BASE-SX Wavelength is 850nm Interface index is 100974648 Port will not be disabled on partial SFM failure Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 1000 Mbit Flowcontrol rx on tx on ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 1w0d5h Queueing strategy: fifo Input Statistics: 0 packets, 0 bytes 0 Vlans 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics: 0 packets, 0 bytes, 0 underruns 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts, 0 Unicasts 0 Vlans, 0 throttles, 0 discarded, 0 collisions, 0 wreddrops Rate info (interval 299 seconds): Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Time since last interface status change: 1w0d5h Force10#

Example

Figure 215 show interfaces Command Example for 10G SFP+ Interface in C-Series
Force10#show interfaces tengigabitethernet 0/44 TenGigabitEthernet 0/44 is down, line protocol is down Hardware is Force10Eth, address is 00:01:e8:32:44:26 Current address is 00:01:e8:32:44:26 Pluggable media present, SFP+ type is 10GBASE-CU5M Medium is MultiRate Interface index is 45417732 Force10#

Figure 216 show interfaces ManagementEthernet Command Example

Force10#show interfaces managementethernet 0/0 ManagementEthernet 0/0 is up, line protocol is up Hardware is Force10Eth, address is 00:01:e8:0b:a9:4c Current address is 00:01:e8:0b:a9:4c Pluggable media not present Interface index is 503595208 Internet address is 10.11.201.5/16 Link local IPv6 address: fe80::201:e8ff:fe0b:a94c/64 Global IPv6 address: 2222::5/64 Virtual-IP is not set Virtual-IP IPv6 address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 10 Mbit, Mode half duplex ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 04:01:08 Queueing strategy: fifo Input 943 packets, 78347 bytes, 190 multicast Received 0 errors, 0 discarded Output 459 packets, 102388 bytes, 15 multicast Output 0 errors, 0 invalid protocol Time since last interface status change: 00:03:09

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

633

show interfaces

Usage Information

On the C-Series and S-Series, the interface counter "over 1023-byte pkts" does not increment for packets in the range 9216 > x < 1023. The Management port is enabled by default (no shutdown). If necessary, use the ip address command to assign an IP address to the Management port. If two RPMs are installed in your system, use the show redundancy command to display which RPM is the Primary RPM.

Related Commands

show interfaces configured show interfaces linecard show interfaces phy show interfaces rate show interfaces switchport show inventory (C-Series and E-Series) show inventory (S-Series)

Display any interface with a non-default configuration. Display information on all interfaces on a specific line card. Display information of either rate limiting or rate policing on the interface. Display Layer 2 information about the interfaces. Display the chassis type, components (including media), FTOS version including hardware identification numbers and configured protocols. Display the S-Series switch type, components (including media), FTOS version including hardware identification numbers and configured protocols. Display Layer 3 information about the interfaces. Display the line card(s) status. Display all interfaces configured using the interface range command.

show ip interface show linecard show range

634

Interfaces

show interfaces configured

ces
Syntax Command Modes Display any interface with a non-default configuration.

show interfaces configured EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 6.4.1.0

Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Changed organization of display output

Example

Figure 217 show interfaces configured Command Output

Force10#show interfaces configured GigabitEthernet 13/18 is up, line protocol is up Hardware is Force10Eth, address is 00:01:e8:05:f7:fc Current address is 00:01:e8:05:f7:fc Interface index is 474791997 Internet address is 1.1.1.1/24 MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 1000 Mbit, Mode full duplex, Master ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interfaces" counters 00:12:42 Queueing strategy: fifo Input Statistics: 10 packets, 10000 bytes 0 Vlans 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 10 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics: 1 packets, 64 bytes, 0 underruns 1 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 1 Broadcasts, 0 Unicasts 0 Vlans, 0 throttles, 0 discarded, 0 collisions Rate info (interval 299 seconds): Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Time since last interface status change: 00:04:59 Force10#

Related Commands

show interfaces

Display information on a specific physical interface or virtual interface.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

635

show interfaces dampening

ces
Syntax Parameters Display interface dampening information.

show interfaces dampening [[interface] [summary] [detail]] interface

(Optional) Enter one of the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information..

summary

(OPTIONAL) Enter the keyword summary to display the current summary of dampening data, including the number of interfaces configured and the number of interfaces suppressed, if any. (OPTIONAL) Enter the keyword detail to display detailed interface dampening data.

detail

Defaults Command Modes Command History

No default values or behavior EXEC

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced

Example

Figure 218 show interfaces dampening Command Example

Half-Life 20 5 Reuse 800 750 Suppress 4500 2500 Max-Sup 120 20

Force10#show interfaces dampening Interface Supp Flaps Penalty State Gi 3/2 Up 0 0 Gi 3/10 Up 0 0 Force10#

Related Commands

dampening show interfaces show interfaces configured

Configure dampening on an interface Display information on a specific physical interface or virtual interface. Display any interface with a non-default configuration.

636

Interfaces

show interfaces debounce

e
Syntax Parameters

Display information on interfaces with debounce timer configured. show interfaces debounce interface interface
Enter one of the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.2.1.0 Version 7.7.1.0

Introduced on E-Series ExaScale Introduced on E-Series Display information on a specific physical interface or virtual interface.

Related Commands

show interfaces

show interfaces description

ces
Syntax Parameters

Display the descriptions configured on the interface. show interfaces [interface] description interface
Enter one of the following keywords and slot/port or number information: For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For Loopback interfaces, enter the keyword loopback followed by a number from 0 to 16383. For the management interface on the RPM, enter the keyword ManagementEthernet followed by the slot/port information. The slot range is 0-1 and the port range is 0. For the Null interface, enter the keywords null 0. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For SONET interfaces, enter the keyword sonet followed by the slot/port. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For VLAN interfaces, enter the keyword vlan followed by a number from 1 to 4094.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

637

show interfaces description

Command Modes

EXEC EXEC Privilege

Command History

Version 8.2.1.0 Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1

Support for 4093 VLANs on E-Series ExaScale. Prior releases supported 2094. Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

Example

Figure 219 show interfaces description Command Example

Force10> Interface OK? Status Protocol GigabitEthernet 4/17 NO admin down down GigabitEthernet 4/18 NO admin down down GigabitEthernet 4/19 NO admin down down GigabitEthernet 4/20 NO admin down down GigabitEthernet 4/21 NO up down GigabitEthernet 4/22 NO admin down down GigabitEthernet 4/23 NO admin down down TenGigabitEthernet 6/0 NO admin down down GigabitEthernet 8/0 YES up up GigabitEthernet 8/1 YES up up GigabitEthernet 8/2 YES up up GigabitEthernet 8/3 YES up up GigabitEthernet 8/4 YES up up GigabitEthernet 8/5 YES up up GigabitEthernet 8/6 YES up up GigabitEthernet 8/7 YES up up GigabitEthernet 8/8 YES up up GigabitEthernet 8/9 YES up up GigabitEthernet 8/10 YES up up GigabitEthernet 8/11 YES up up Force10> Description ***connected-to-host*** ***connected-to-Tom*** ***connected-to-marketing*** ***connected-to-Bill*** ***connected-to-Radius-Server*** ***connected-to-Web-Server*** ***connected-to-PC-client***

Table 46 show interfaces description Command Example Fields Field Interface OK? Status Protocol Description Displays type of interface and associated slot and port number. Indicates if the hardware is functioning properly. States whether the interface is enabled (up) or disabled (administratively down). States whether IP is enabled (up) or disabled (down) on the interface.

Description Displays the description (if any) manually configured for the interface.
Related Commands

show interfaces

Display information on a specific physical interface or virtual interface.

638

Interfaces

show interfaces linecard

ce
Syntax Parameters

Display information on all interfaces on a specific line card. show interfaces linecard slot-number slot-number
Enter a number for the line card slot. C-Series Range: 0-7 for C300; 03 for C150 E-Series Range: 0 to 13 on the E1200/1200i, 0 to 6 on the E600/600i, 0 to 5 on the E300

Command Modes

EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0 Version 7.5.1.0 pre-Version 6.2.1.1

Introduced support on E-Series ExaScale E600i Introduced on E-Series ExaScale Introduced on C-Series Introduced on E-Series

Usage

The following figure shows a line card that has an XFP interface. The type, medium, wavelength, and receive power details are displayed. When a device that is not certified by Force10 is inserted, it might work, but its details might not be readable by FTOS and not displayed here. Figure 220 show interfaces linecard Command Example (in C150)
Force10#show interfaces linecard 0 TenGigabitEthernet 0/0 is down, line protocol is down Hardware is Force10Eth, address is 00:01:e8:51:b2:d4 Current address is 00:01:e8:51:b2:d4 Pluggable media present, XFP type is 10GBASE-SR Medium is MultiRate, Wavelength is 850.00nm XFP receive power reading is -2.3538 Interface index is 33883138 Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 10000 Mbit ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 20:16:29 Queueing strategy: fifo Input Statistics: 0 packets, 0 bytes 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics: 0 packets, 0 bytes, 0 underruns 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts --More--

Example

Related Commands

show interfaces

Display information on a specific physical interface or virtual interface.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

639

show interfaces phy

ces
Syntax Parameters

Display auto-negotiation and link partner information. show interfaces gigabitethernet slot/port phy gigabitethernet
Enter the keyword gigabitethernet followed by the slot/port information.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.6.1.0 Version 6.5.4.0

Introduced on E-Series ExaScale Introduced on C-Series and S-Series Introduced on E-Series

Example

Figure 221 show interfaces gigabitethernet phy Command Example (Partial)

Force10#show int gigabitethernet 1/0 phy Mode Control: SpeedSelection: 10b AutoNeg: ON Loopback: False PowerDown: False Isolate: False DuplexMode: Full Mode Status: AutoNegComplete: False RemoteFault: False LinkStatus: False JabberDetect: False AutoNegotation Advertise: 100MegFullDplx: True 100MegHalfDplx: True 10MegFullDplx: False 10MegHalfDplx: True Asym Pause: False Sym Pause: False AutoNegotiation Remote Partner's Ability: 100MegFullDplx: False 100MegHalfDplx: False 10MegFullDplx: False 10MegHalfDplx: False Asym Pause: False Sym Pause: False AutoNegotiation Expansion: ParallelDetectionFault: False ...

Table 47 Lines in show interfaces gigabitethernet Command Example Line

Mode Control Mode Status

640

Interfaces

show interfaces phy

Table 47 Lines in show interfaces gigabitethernet Command Example Line

AutoNegotiation Advertise

Description
Displays the control words advertised by the local interface during negotiation. Duplex is either half or full. Asym- and Sym Pause is the types of flow control supported by the local interface. Displays the control words advertised by the remote interface during negotiation. Duplex is either half or full. Asym- and Sym Pause is the types of flow control supported by the remote interface ParallelDetectionFault is the handshaking scheme in which the link partner continuously transmit an idle data packet using the Fast Ethernet MLT-3 waveform. Equipment that does not support auto-negotiation must be configured to exactly match the mode of operation as the link partner or else no link can be established. 1000Base-T requires auto-negotiation. The IEEE Ethernet standard does not support setting a speed to 1000 Mbps with the speed command without auto-negotiation. E-Series line cards support both full-duplex and half-duplex 1000BaseT. Values are: 0 - Manual MDI 1 - Manual MDIX 2 - N/A 3 - Auto MDI/MDIX Displays PHY-specific status information. Cable length represents a rough estimate in meters: 0 - < 50 meters 1 - 50 - 80 meters 2 - 80 - 110 meters 3 - 110 - 140 meters 4 - 140 meters. Link Status: Up or Down Speed: Auto 1000MB 100MB 10MB

AutoNegotiation Remote Partners Ability AutoNegotiation Expansion

1000Base-T Control

Phy Specific Control

Phy Specific Status

Related Commands

show interfaces

Display information on a specific physical interface or virtual interface.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

641

show interfaces stack-unit

s
Syntax Parameters

Display information on all interfaces on a specific S-Series stack member. show interfaces stack-unit unit-number unit-number EXEC EXEC Privilege
Enter the stack member number (0 to 7).

Command Modes

Command History Example

Version 7.6.1.0

Introduced for S-Series only

Figure 222 show interfaces status Command Example

Force10#show interfaces stack-unit 0 GigabitEthernet 0/1 is down, line protocol is down Hardware is Force10Eth, address is 00:01:e8:4c:f2:82 Current address is 00:01:e8:4c:f2:82 Pluggable media not present Interface index is 34129154 Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed auto, Mode auto ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 3w0d17h Queueing strategy: fifo Input Statistics: 0 packets, 0 bytes 5144 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics: 0 packets, 0 bytes, 0 underruns 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts, 0 Unicasts 0 throttles, 0 discarded, 0 collisions Rate info (interval 299 seconds): Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Time since last interface status change: 3w0d17h GigabitEthernet 0/2 is down, line protocol is down Hardware is Force10Eth, address is 00:01:e8:4c:f2:83 Current address is 00:01:e8:4c:f2:83 !-------------output truncated ----------------!

Related Commands

show hardware stack-unit show interfaces

Display data plane and management plane input/output statistics. Display information on a specific physical interface or virtual interface.

642

Interfaces

show interfaces status

ces
Syntax Parameters

Display a summary of interface information or specify a line card slot and interface to display status information on that specific interface only. show interfaces [interface | linecard slot-number] status interface
(OPTIONAL) Enter one of the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

linecard slot-number

(OPTIONAL) Enter the keyword linecard followed by the slot number. C-Series Range: 0 to 7 for C300; 03 for C150 E-Series Range: 0 to 13 on the E1200, 0 to 6 on the E600, 0 to 5 on the E300

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.5.1.0

Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

Example

Figure 223 show interfaces status Command Example

Force10#show interfaces status Port Description Status Speed Gi 0/0 Up 1000 Mbit Gi 0/1 Down Auto Gi 0/2 Down Auto Gi 0/3 Down Auto Gi 0/4 Force10Port Up 1000 Mbit Gi 0/5 Down Auto Gi 0/6 Down Auto Gi 0/7 Up 1000 Mbit Gi 0/8 Down Auto Gi 0/9 Down Auto Gi 0/10 Down Auto Gi 0/11 Down Auto Gi 0/12 Down Auto Gi 0/13 Down Auto Gi 0/14 Down Auto Gi 0/15 Down Auto Force10# Duplex Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Vlan -1 1 -30-130 --1502,1504,1506-1508,1602 ---------

Related Commands

show interfaces

Display information on a specific physical interface or virtual interface.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

643

show interfaces switchport

ces
Syntax Parameters

Display only virtual and physical interfaces in Layer 2 mode. This command displays the Layer 2 mode interfaces IEEE 802.1Q tag status and VLAN membership. show interfaces switchport [interface [linecard slot-number] | stack-unit unit-id ] interface
Enter one of the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For SONET interfaces, enter the keyword sonet followed by the slot/port information. This keyword is only available on E-Series and C-Series. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. Enter the keyword backup to view the backup interface for this interface.

linecard slot-number

(OPTIONAL) Enter the keyword linecard followed by the slot number. This option is available only on E-Series and C-Series. C-Series Range: 0-7 for C300; 03 for C150 E-Series Range: 0 to 13 on the E1200, 0 to 6 on the E600, 0 to 5 on the E300 (OPTIONAL) Enter the keyword stack-unit followed by the stack member number. This option is available only on S-Series. Range: 0 to 1

stack-unit unit-id

Command Modes

EXEC EXEC Privilege

Command History

Version 8.2.1.0 Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0

Support for 4093 VLANs on E-Series ExaScale Introduced on E-Series ExaScale Support added for hybrid port/native VLAN, introduced on S-Series Introduced on C-Series

E-Series legacy command

644

Interfaces

show interfaces switchport

Example

Figure 224 show interfaces switchport Command Example

Force10#show interfaces switchport Name: GigabitEthernet 13/0 802.1QTagged: Hybrid Vlan membership: Vlan 2, Vlan 20 Native VlanId: 20 Name: GigabitEthernet 13/1 802.1QTagged: True Vlan membership: Vlan 2 Name: GigabitEthernet 13/2 802.1QTagged: True Vlan membership: Vlan 2 Name: GigabitEthernet 13/3 802.1QTagged: True Vlan membership: Vlan 2 --More--

Table 48 Items in show interfaces switchport Command Example Items

Name 802.1QTagged

Description
Displays the interfaces type, slot and port number. Displays whether if the VLAN tagged (True), untagged (False), or hybrid (Hybrid, which supports both untagged and tagged VLANs by port 13/0. Lists the VLANs to which the interface is a member. Starting with FTOS 7.6.1, this field can display native VLAN membership by port 13/0.

Vlan membership

Related Commands

interface show ip interface show interfaces show interfaces transceiver

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

645

show interfaces transceiver

ces
Syntax Parameters

Display the physical status and operational status of an installed transceiver. The output also displays the transceivers serial number. show interfaces [gigabitethernet | tengigabitethernet] slot/port transceiver gigabitethernet tengigabitethernet
For a 10/100/1000 interface, enter the keyword gigabitethernet followed by the slot/port information. For a 10G interface, enter the keyword tengigabitethernet followed by the slot/port information.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0 Version 6.5.4.0

Introduced on E-Series ExaScale Output augmented with diagnostic data for pluggable media Removed three fields in output: Vendor Name, Vendor OUI, Vendor PN Introduced on C-Series and S-Series Introduced on E-Series

Usage

See the figure below for an example screenshot, and see the following table or a description of the output fields. For related commands, see the Related Commands section, below, and see the Debugging and Diagnostics chapter for your platform at the end of this book.

646

Interfaces

show interfaces transceiver

Example

Figure 225 show interfaces gigabitethernet transceiver Command Example

Force10#show interfaces gigabitethernet 1/0 transceiver SFP is present. SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Serial Base ID fields Id = 0x03 Ext Id = 0x04 Connector = 0x07 Transciever Code = 0x00 0x00 0x00 0x01 0x20 0x40 0x0c 0x05 Encoding = 0x01 BR Nominal = 0x15 Length(9um) Km = 0x00 Length(9um) 100m = 0x00 Length(50um) 10m = 0x1e Length(62.5um) 10m = 0x0f Length(Copper) 10m = 0x00 Vendor Rev = A Laser Wavelength = 850 nm CheckCodeBase = 0x66 Serial Extended ID fields Options= 0x00 0x12 BR max= 0 BR min= 0 Vendor SN= P5N1ACE Datecode = 040528 CheckCodeExt = 0x5b

SFP 1 Diagnostic Information =================================== SFP 1 Rx Power measurement type = Average =================================== SFP 1 Temp High Alarm threshold = 95.000C SFP 1 Voltage High Alarm threshold = 3.900V SFP 1 Bias High Alarm threshold = 17.000mA SFP 1 TX Power High Alarm threshold = 0.631mW SFP 1 RX Power High Alarm threshold = 1.259mW SFP 1 Temp Low Alarm threshold = -25.000C SFP 1 Voltage Low Alarm threshold = 2.700V SFP 1 Bias Low Alarm threshold = 1.000mA SFP 1 TX Power Low Alarm threshold = 0.067mW SFP 1 RX Power Low Alarm threshold = 0.010mW =================================== SFP 1 Temp High Warning threshold = 90.000C SFP 1 Voltage High Warning threshold = 3.700V SFP 1 Bias High Warning threshold = 14.000mA SFP 1 TX Power High Warning threshold = 0.631mW SFP 1 RX Power High Warning threshold = 0.794mW SFP 1 Temp Low Warning threshold = -20.000C SFP 1 Voltage Low Warning threshold = 2.900V SFP 1 Bias Low Warning threshold = 2.000mA SFP 1 TX Power Low Warning threshold = 0.079mW SFP 1 RX Power Low Warning threshold = 0.016mW =================================== SFP 1 Temperature = 39.930C SFP 1 Voltage = 3.293V SFP 1 Tx Bias Current = 6.894mA SFP 1 Tx Power = 0.328mW SFP 1 Rx Power = 0.000mW =================================== SFP 1 Data Ready state Bar = False SFP 1 Rx LOS state = True SFP 1 Tx Fault state = False SFP 1 Rate Select state = False SFP 1 RS state = False SFP 1 Tx Disable state = False =================================== SFP 1 Temperature High Alarm Flag = False SFP 1 Voltage High Alarm Flag = False SFP 1 Tx Bias High Alarm Flag = False SFP 1 Tx Power High Alarm Flag = False SFP 1 Rx Power High Alarm Flag = False SFP 1 Temperature Low Alarm Flag = False SFP 1 Voltage Low Alarm Flag = False SFP 1 Tx Bias Low Alarm Flag = False SFP 1 Tx Power Low Alarm Flag = False SFP 1 Rx Power Low Alarm Flag = True =================================== !-------output truncated -------------------------!

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

647

show interfaces transceiver

Table 49 Diagnostic Data in show interfaces transceiver Line

Rx Power measurement type Temp High Alarm threshold Voltage High Alarm threshold Bias High Alarm threshold TX Power High Alarm threshold RX Power High Alarm threshold Temp Low Alarm threshold Voltage Low Alarm threshold Bias Low Alarm threshold TX Power Low Alarm threshold RX Power Low Alarm threshold Temp High Warning threshold Voltage High Warning threshold Bias High Warning threshold TX Power High Warning threshold RX Power High Warning threshold Temp Low Warning threshold Voltage Low Warning threshold Bias Low Warning threshold TX Power Low Warning threshold Power Low Warning threshold Temperature

Description
Output depends on the vendor, typically either Average or OMA (Receiver optical modulation amplitude). Factory-defined setting, typically in Centigrade. Value differs between SFPs and SFP+. Displays the interface index number used by SNMP to identify the interface. Factory-defined setting. Value can differ between SFP and SFP+. Factory-defined setting. Value can differ between SFP and SFP+. Factory-defined setting. Value can differ between SFP and SFP+. Factory-defined setting. Value can differ between SFP and SFP+. Factory-defined setting. Value can differ between SFP and SFP+. Factory-defined setting. Value can differ between SFP and SFP+. Factory-defined setting. Value can differ between SFP and SFP+. Factory-defined setting. Value can differ between SFP and SFP+. Factory-defined setting. Value can differ between SFP and SFP+. Factory-defined setting. Value can differ between SFP and SFP+. Factory-defined setting. Value can differ between SFP and SFP+. Factory-defined setting. Value can differ between SFP and SFP+. Factory-defined setting. Value can differ between SFP and SFP+. Factory-defined setting. Value can differ between SFP and SFP+. Factory-defined setting. Value can differ between SFP and SFP+. Factory-defined setting. Value can differ between SFP and SFP+. Factory-defined setting. Value can differ between SFP and SFP+. Factory-defined setting. Value can differ between SFP and SFP+. Current temperature of the sfps.If this temperature crosses Temp High alarm/warning thresholds, then the temperature high alarm/warning flag is set to true. Current voltage of the sfps.If this voltage crosses voltage high alarm/ warning thresholds, then the voltage high alarm/warning flag is set to true.

Voltage

648

Interfaces

show interfaces transceiver

Table 49 Diagnostic Data in show interfaces transceiver (continued) Line

Tx Bias Current

Description
Present Tx bias current of the SFP. If this crosses bias high alarm/ warning thresholds, then the tx bias high alarm/warning flag is set to true. If it falls below the low alarm/warning thresholds, then the tx bias low alarm/warning flag is set to true. Present Tx power of the SFP. If this crosses Tx power alarm/warning thresholds, then the Tx power high alarm/warning flag is set to true. If it falls below the low alarm/warning thresholds, then the Tx power low alarm/warning flag is set to true. Present Rx power of the SFP. This value is either average Rx power or OMA.This depends upon on the Rx Power measurement type displayed above. If this crosses Rx power alarm/warning thresholds, then the Rx power high alarm/warning flag is set to true. If it falls below the low alarm/warning thresholds, then the Rx power low alarm/ warning flag is set to true. This field indicates that the transceiver has achieved power up and data is ready. This is set to true if data is ready to be sent, false if data is being transmitted. This is the digital state of the Rx_LOS output pin.This is set to true if the operating status is down. This is the digital state of the Tx Fault output pin. This is the digital state of the SFP rate_select input pin. This is the reserved digital state of the pin AS(1) per SFF-8079 and RS(1) per SFF-8431. If the admin status of the port is down then this flag will be set to true. This can be either true/False and it depends on the Current Temperature value displayed above. This can be either true or false, depending on the Current voltage value displayed above. This can be either true or false, depending on the present Tx bias current value displayed above. This can be either true or false, depending on the Current Tx power value displayed above. This can be either true or false, depending on the Current Rx power value displayed above. This can be either true or false, depending on the Current Temperature value displayed above. This can be either true or false, depending on the Current voltage value displayed above. This can be either true or false, depending on the Tx bias current value displayed above. This can be either true or false, depending on the Current Tx power value displayed above. This can be either true or false, depending on the Current Rx power value displayed above. This can be either true or false, depending on the Current Temperature value displayed above.

Tx Power

Rx Power

Data Ready state Bar

Rx LOS state Tx Fault state Rate Select state RS state Tx Disable state Temperature High Alarm Flag Voltage High Alarm Flag Tx Bias High Alarm Flag Tx Power High Alarm Flag Rx Power High Alarm Flag Temperature Low Alarm Flag Voltage Low Alarm Flag Tx Bias Low Alarm Flag Tx Power Low Alarm Flag Rx Power Low Alarm Flag Temperature High Warning Flag

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

649

show interfaces transceiver

Table 49 Diagnostic Data in show interfaces transceiver (continued) Line

Voltage High Warning Flag Tx Bias High Warning Flag Tx Power High Warning Flag Rx Power High Warning Flag Temperature Low Warning Flag Voltage Low Warning Flag Tx Bias Low Warning Flag Tx Power Low Warning Flag Rx Power Low Warning Flag

Description
This can be either true or false, depending on the Current voltage value displayed above. This can be either true or false, depending on the Tx bias current value displayed above. This can be either true or false, depending on the Current Tx power value displayed above. This can be either true or false, depending on the Current Tx power value displayed above. This can be either true or false, depending on the Current Temperature value displayed above. This can be either true or false, depending on the Current voltage value displayed above. This can be either true or false, depending on the present Tx bias current value displayed above. This can be either true or false, depending on the Current Tx power value displayed above. This can be either true or false, depending on the Current Rx power value displayed above.

Related Commands

interface show ip interface show interfaces show inventory (C-Series and E-Series) show inventory (S-Series)

Configure a physical interface on the switch. Displays Layer 3 information about the interfaces. Display information on a specific physical interface or virtual interface. Display the chassis type, components (including media), FTOS version including hardware identification numbers and configured protocols. Display the S-Series switch type, components (including media), FTOS version including hardware identification numbers and configured protocols.

650

Interfaces

show range

show range
ces
Syntax Command Mode Command History

Display all interfaces configured using the interface range command. show range INTERFACE RANGE (config-if-range)
Version 8.2.1.0 Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 6.1.1.0 Support for 4093 VLANs on E-Series ExaScale Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced

Example

Figure 226 show range Command Example

Force10(conf-if-range-so-2/0-1,fa-0/0)#show range interface sonet 2/0 - 1 interface fastethernet 0/0 Force10(conf-if-range-so-2/0-1,fa-0/0)#

Related Commands

interface show ip interface show interfaces

Configure a physical interface on the switch. Displays Layer 3 information about the interfaces. Display information on a specific physical interface or virtual interface.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

651

shutdown

shutdown
ces
Syntax

Disable an interface. shutdown To activate an interface, enter no shutdown.

Defaults Command Modes Command History

The interface is disabled. INTERFACE

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 E-Series legacy command Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

Usage Information

The shutdown command marks a physical interface as unavailable for traffic. To discover if an interface is disabled, use the show ip interface brief command. Disabled interfaces are listed as down. Disabling a VLAN or a port channel causes different behavior. When a VLAN is disabled, the Layer 3 functions within that VLAN are disabled. Layer 2 traffic continues to flow. Entering the shutdown command on a port channel disables all traffic on the port channel and the individual interfaces within the port channel. To enable a port channel, you must enter no shutdown on the port channel interface and at least one interface within that port channel. The shutdown and description commands are the only commands that you can configure on an interface that is a member of a port channel.

Related Commands

interface port-channel interface vlan show ip interface

Create a port channel interface. Create a VLAN. Displays the interface routing status. Add the keyword brief to display a table of interfaces and their status.

652

Interfaces

speed (for 10/100/1000 interfaces)

ces
Set the speed for 10/100/1000 Base-T Ethernet interfaces. Both sides of a link must be set to the same speed (10/100/1000) or to auto or the link may not come upSyntax speed {10 | 100 | 1000 | auto} To return to the default setting, use the no speed {10 | 100 | 1000} command.
Parameters

Enter the keyword 10 to set the interfaces speed to 10 Mb/s.

Note: This i speed is not supported on the LC-EH-GE-50P or the

LC-EJ-GE-50P card. If the command is entered for these interfaces, an error message appears. 100
Enter the keyword 100 to set the interfaces speed to 10/100 Mb/s.

Note: When this setting is enabled, only 100Base-FX optics are

supported on the LC-EH-GE-50P or the LC-EJ-GE-50P card. 1000
Enter the keyword 1000 to set the interfaces speed to 1000 Mb/s. (Auto-negotiation is enabled. See negotiation auto for more information)

Note: When this setting is enabled, only 100oBase-FX optics are

supported on the LC-EH-GE-50P or the LC-EJ-GE-50P card. auto
Enter the keyword auto to set the interface to auto-negotiate its speed. (Auto-negotiation is enabled. See negotiation auto for more information)

Defaults Command Modes Command History

auto INTERFACE
Version 8.3.1.0 Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 E-Series legacy command Supported on LC-EH-GE-50P or the LC-EJ-GE-50P cards Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

Usage Information

This command is found on the 10/100/1000 Base-T Ethernet interfaces. When auto is enabled, the system performs and automatic discovery to determine the optics installed and configure the appropriate speed. When you configure a speed for the 10/100/1000 interface, you should confirm negotiation auto command setting. Both sides of the link should have auto-negotiation either enabled or disabled. For speed settings of 1000 or auto, the software sets the link to auto-negotiation, and you cannot change that setting.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

653

speed (Management interface)

Related Commands

duplex (10/100 Interfaces) negotiation auto

Configure duplex mode on physical interfaces with the speed set to 10/100. Enable or disable auto-negotiation on an interface.

speed (Management interface)

ce
Syntax

Set the speed for the Management interface. speed {10 | 100 | auto} To return to the default setting, use the no speed {10 | 100} command.

Parameters

10 100 auto

Enter the keyword 10 to set the interfaces speed to 10 Mb/s. Enter the keyword 100 to set the interfaces speed to 100 Mb/s. Enter the keyword auto to set the interface to auto-negotiate its speed.

Defaults Command Modes Command History

auto INTERFACE
Version 8.1.1.0 Version 7.5.1.0 pre-Version 6.2.1.0 Introduced on E-Series ExaScale Introduced on C-Series Introduced for E-Series

Usage Information Related Commands

This command is found on the Management interface only.

interface ManagementEthernet duplex (Management) management route

Configure the Management port on the system (either the Primary or Standby RPM). Set the mode of the Management interface. Configure a static route that points to the Management interface or a forwarding router.

654

Interfaces

switchport

switchport
ces
Syntax

Place an interface in Layer 2 mode. switchport [backup interface {gigabit slot/port | tengigabit slot/port | port-channel number}] To remove an interface from Layer 2 mode and place it in Layer 3 mode, enter no switchport. If a switchport backup interface is configured, you must first remove the backup configuration. To remove a switchport backup interface, enter no switchport backup interface {gigabit slot/port | tengigabit slot/port | port-channel number}].

Parameters

backup interface gigabit tengigabit port-channel slot/port

Use this option to configure a redundant Layer 2 link without using Spanning Tree. This keyword configures a backup port so that if the primary port fails the backup port changes to the up state. If the primary later comes up, it becomes the backup. Enter this keyword if the backup port is a 1G port. Enter this keyword if the backup port is a 10G port. Enter this keyword if the backup port is a static or dynamic port channel. Specify the line card and port number of the backup port.

Defaults Command Modes Command History

Disabled (The interface is in Layer 3 mode.) INTERFACE

Version 8.4.1.0 Version 8.1.1.0 Version 7.7.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.0 Added support for port-channel interfaces (port-channel number option). Introduced on E-Series ExaScale Added backup interface option. Introduced on S-Series Introduced on C-Series Introduced for E-Series

Usage Information

If an IP address or VRRP group is assigned to the interface, you cannot use the switchport command on the interface. To use the switchport command on an interface, only the no ip address and no shutdown statements must be listed in the show config output. When you enter the switchport command, the interface is automatically added to the default VLAN. To use the switchport backup interface command on a port, you must first enter the switchport command. For details, see the Configuring Redundant Links section in the Layer 2 chapter of the FTOS Configuration Guide.

Related Commands

interface port-channel show interfaces switchport

Create a port channel interface. Display information about switchport interfaces.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

655

wanport

wanport
e
Syntax

Enable the WAN mode on a TenGigabitEthernet interface. wanport To disable the WAN Port, enter no wanport.

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 8.1.1.2 pre-Version 6.2.1.0 Introduced on E-Series ExaScale Introduced for E-Series

Usage Information

The port must be in a shutdown state to change from LAN mode to WAN mode and vice-versa as shown in the figure below. For E-Series ExaScale systems, you must configure all the ports in a port-pipe to either WANPHY or non-WANPHY. They cannot be mixed on the same port-pipe.

Example

Figure 227 wanport Command with shutdown Command Example

interface TenGigabitEthernet 13/0 no ip address no shutdown Force10(conf-if-te-13/0)# Force10(conf-if-te-13/0)#wanport % Error: Port should be in shutdown mode, config ignored Te 13/0. Force10(conf-if-te-13/0)# Force10(conf-if-te-13/0)#shutdown Force10(conf-if-te-13/0)# Force10(conf-if-te-13/0)#wanport Force10(conf-if-te-13/0)#

Related Commands

ais-shut alarm-report clock source down-when-looped flag framing keepalive loopback

Send LAIS on shutdown Enable reporting of a selected alarm Configure a clock source Send a message when a loopback condition is detected Set flags to ensure interoperability Set framing type Enable keepalive Troubleshoot a SONET loopback

656

Interfaces

channel-member

Port Channel Commands

A Link Aggregation Group (LAG) is a group of links that appear to a MAC client as if they were a single link according to IEEE 802.3ad. In FTOS, a LAG is referred to as a Port Channel. Table 50 Port Channel Limits Platform
E-Series ExaScale E-Series TeraScale E-Series EtherScale C-Series S-Series

Maximum Port Channel IDs

255 255 32 128 128

Maximum Members per Port Channel

64 16 16 8 8

Because each port can be assigned to only one Port Channel, and each Port Channel must have at least one port, some of those nominally available Port Channels might have no function because they could have no members if there are not enough ports installed. In the S-Series, those ports could be provided by stack members. The commands in this section are specific to Port Channel interfaces: channel-member group interface port-channel minimum-links port-channel failover-group show config show interfaces port-channel show port-channel-flow

Note: The FTOS implementation of LAG or Port Channel requires that you configure
a LAG on both switches manually. For information on FTOS Link Aggregation Control Protocol (LACP) for dynamic LAGs, refer to Chapter 29, Link Aggregation Control Protocol (LACP). For more information on configuring and using Port Channels, refer to the FTOS Configuration Guide.

channel-member
ces
Syntax

Add an interface to the Port Channel, while in the INTERFACE PORTCHANNEL mode. channel-member interface To delete an interface from a Port Channel, use the no channel-member interface command.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

657

channel-member

Parameters

interface

Enter the following keywords and slot/port or number information: For a 100/1000 Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a Ten Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Defaults Command Modes Command History

Not configured. INTERFACE PORTCHANNEL

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced for E-Series

Usage Information

Use the interface port-channel command to access this command. You cannot add an interface to a Port Channel if the interface contains an IP address in its configuration. Only the shutdown, description, mtu, and ip mtu commands can be configured on an interface if it is to be added to a Port Channel. The mtu and ip mtu commands are only available when the chassis is in Jumbo mode. Link MTU and IP MTU considerations for Port Channels are: All members must have the same link MTU value and the same IP MTU value. The Port Channel link MTU and IP MTU must be less than or equal to the link MTU and IP MTU values configured on the channel members. Example: If the members have a link MTU of 2100 and an IP MTU 2000, the Port Channels MTU values cannot be higher than 2100 for link MTU or 2000 bytes for IP MTU. When an interface is removed from a Port Channel with the no channel-member command syntax, the interface reverts to its configuration prior to joining the Port Channel. An interface can belong to only one Port Channel. On the E-Series TeraScale, you can add up to 16 interfaces to a Port Channel; E-Series ExaScale can have up to 64. You can have eight interfaces per Port Channel on the C-Series and S-Series. The interfaces can be located on different line cards but must be the same physical type and speed (for example, all 1-Gigabit Ethernet interfaces). However, you can combine 100/1000 interfaces and GE interfaces in the same Port Channel. If the Port Channel contains a mix of interfaces with 100 Mb/s speed and 1000 Mb/s speed, the software disables those interfaces whose speed does not match the speed of the first interface configured and enabled in the Port Channel. If that first interface goes down, the Port Channel does not change its designated speed; you must disable and re-enable the Port Channel or change the order of the channel members configuration to change the designated speed. Refer to the FTOS Configuration Guide for more information on Port Channels.

658

Interfaces

group

Related Commands

description interface port-channel shutdown

Assign a descriptive text string to the interface. Create a Port Channel interface. Disable/Enable the port channel.

group
ces
Syntax

Group two LAGs in a supergroup (fate-sharing group or failover group). group group_number port-channel number port-channel number To remove an existing LAG supergroup, use the no group group_number command.

Parameters

group_number port-channel number

Enter an integer from 1 to 32 that will uniquely identify this LAG fate-sharing group. Enter the keyword port-channel followed by an existing LAG number. Enter this keyword/variable combination twice, identifying the two LAGs to be paired.

Defaults Command Modes Command History

No default values or behavior PORT-CHANNEL FAILOVER-GROUP (conf-po-failover-grp)

Version 8.1.1.0 Version 7.6.1.0 Introduced on E-Series ExaScale Introduced for C-Series, E-Series, and S-Series

Example
Force10(conf)#port-channel failover-group Force10(conf-po-failover-grp)#group 1 port-channel 1 port-channel 2 Force10(conf-po-failover-grp)#

Related Commands

port-channel failover-group show interfaces port-channel

Access the PORT-CHANNEL FAILOVER-GROUP mode to configure a LAG failover group. Display information on configured Port Channel groups.

interface port-channel
ces
Syntax

Create a Port Channel interface, which is a link aggregation group containing up to 16 physical interfaces on E-Series, eight physical interfaces on C-Series and S-Series. interface port-channel channel-number To delete a Port Channel, use the no interface port-channel channel-number command.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

659

interface port-channel

Parameters

channel-number

For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale.

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced for E-Series

Example

Figure 228 interface port-channel Command Example

Force10(conf)#int port-channel 2 Force10(conf-if-po-2)#

Usage Information

Port Channel interfaces are logical interfaces and can be either in Layer 2 mode (by using the switchport command) or Layer 3 mode (by configuring an IP address). You can add a Port Channel in Layer 2 mode to a VLAN. The shutdown, description, and name commands are the only commands that you can configure on an interface while it is a member of a Port Channel. To add a physical interface to a Port Channel, the interface can only have the shutdown, description, and name commands configured. The Port Channels configuration is applied to the interfaces within the Port Channel. A Port Channel can contain both 100/1000 interfaces and GE interfaces. Based on the first interface configured in the Port Channel and enabled, FTOS determines if the Port Channel uses 100 Mb/s or 1000 Mb/s as the common speed. Refer to channel-member for more information. If the line card is in a Jumbo mode chassis, then the mtu and ip mtu commands can also be configured. The Link MTU and IP MTU values configured on the channel members must be greater than the Link MTU and IP MTU values configured on the Port Channel interface.

Note: In a Jumbo-enabled system, all members of a Port Channel must be configured

with the same link MTU values and the same IP MTU values.
Related Commands

channel-member interface interface loopback interface null interface vlan shutdown

Add a physical interface to the LAG. Configure a physical interface. Configure a Loopback interface. Configure a null interface. Configure a VLAN. Disable/Enable the port channel.

660

Interfaces

minimum-links

minimum-links
ces
Syntax Parameters

Configure the minimum number of links in a LAG (Port Channel) that must be in oper up status for the LAG to be also in oper up status. minimum-links number number
Enter the number of links in a LAG that must be in oper up status. Range: 1 to 16 Default: 1

Defaults Command Modes Command History

1 INTERFACE
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced for E-Series

Usage Information

If you use this command to configure the minimum number of links in a LAG that must be in oper up status, then the LAG must have at least that number of oper up links before it can be declared as up. For example, if the required minimum is four, and only three are up, then the LAG will be considered down.

port-channel failover-group
ces
Syntax

Access the PORT-CHANNEL FAILOVER-GROUP mode to configure a LAG failover group. port-channel failover-group To remove all LAG failover groups, use the no port-channel failover-group command.

Defaults Command Modes Command History

No default values or behavior CONFIGURATION

Version 8.1.1.0 Version 7.6.1.0 Introduced on E-Series ExaScale Introduced for C-Series, E-Series, and S-Series

Usage Information

This feature groups two LAGs to work in tandem as a supergroup, so that, for example, if one LAG goes down, the other LAG is taken down automatically, providing an alternate path to reroute traffic, avoiding oversubscription on the other LAG. You can use both static and dynamic (LACP) LAGs to configure failover groups. For details, see the Port Channel chapter in the FTOS Configuration Guide.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

661

show config

Related Commands

group show interfaces port-channel

Group two LAGs in a supergroup (fate-sharing group). Display information on configured Port Channel groups.

show config
ces
Syntax Command Modes Example

Display the current configuration of the selected LAG. show config INTERFACE PORTCHANNEL Figure 229 show config Command Sample Output for a Selected LAG
Force10(conf-if-po-1)#show config ! interface Port-channel 1 no ip address shutdown Force10(conf-if-po-1)#

Command History

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1

Introduced on S-Series Introduced on C-Series Introduced on E-Series

show interfaces port-channel

ces
Syntax Parameters

Display information on configured Port Channel groups. show interfaces port-channel [channel-number] [brief] channel-number
For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. (OPTIONAL) Enter the keyword brief to display only the port channel number, the state of the port channel, and the number of interfaces in the port channel.

brief

Command Modes

EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.6.1.0

Introduced on E-Series ExaScale Introduced for S-Series; Modified to display LAG failover group status

662

Interfaces

show interfaces port-channel

Version 7.5.1.0

Introduced for C-Series

E-Series legacy command Example

Figure 230 show interfaces port-channel Command Example (EtherScale)

Force10#show interfaces port-channel 20 Port-channel 20 is up, line protocol is up (Failover-group 1 is down) Hardware address is 00:01:e8:01:46:fa Port-channel is part of failover-group 1 Internet address is 1.1.120.1/24 MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 2000 Mbit Members in this channel: Gi 0/5 Gi 0/18 ARP type: ARPA, ARP timeout 04:00:00 Last clearing of "show interfaces" counters 00:00:00 Queueing strategy: fifo 44507301 packets input, 3563070343 bytes Input 44506754 IP Packets, 0 Vlans 0 MPLS 41 64-byte pkts, 44502871 over 64-byte pkts, 249 over 127-byte pkts 407 over 255-byte pkts, 3127 over 511-byte pkts, 606 over 1023-byte pkts Received 0 input symbol errors, 0 runts, 0 giants, 0 throttles 0 CRC, 0 IP Checksum, 0 overrun, 0 discarded 1218120 packets output, 100745130 bytes, 0 underruns Output 5428 Multicasts, 4 Broadcasts, 1212688 Unicasts 1216142 IP Packets, 0 Vlans, 0 MPLS 0 throttles, 0 discarded Rate info (interval 299 sec): Input 01.50Mbits/sec, 2433 packets/sec Output 00.02Mbits/sec, 4 packets/sec Time since last interface status change: 00:22:34 Force10#

Table 51 show interfaces port-channel Command Example Fields Field

Port-Channel 1... Hardware is... Port-channel is part... Internet address... MTU 1554... LineSpeed Members in this ... ARP type:... Last clearing... Queueing strategy.. packets input ...

Description
Displays the LAGs status. In the example, the status of the LAGs LAG fate-sharing group (Failover-group) is listed. Displays the interfaces hardware information and its assigned MAC address. Indicates whether the LAG is part of a LAG fate-sharing group (Failover-group). States whether an IP address is assigned to the interface. If one is, that address is displayed. Displays link and IP MTU. Displays the interfaces line speed. For a port channel interface, it is the line speed of the interfaces in the port channel. Displays the interfaces belonging to this port channel. Displays the ARP type and the ARP timeout value for the interface. Displays the time when the show interfaces counters were cleared. States the packet queuing strategy. FIFO means first in first out. Displays the number of packets and bytes into the interface.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

663

show interfaces port-channel

Table 51 show interfaces port-channel Command Example Fields (continued) Field

Input 0 IP packets...

Description
Displays the number of packets with IP headers, VLAN tagged headers and MPLS headers. The number of packets may not add correctly because a VLAN tagged IP packet counts as both a VLAN packet and an IP packet. Displays the size of packets and the number of those packets entering that interface. This information is displayed over two lines. Displays the type and number of errors or other specific packets received. This information is displayed over three lines. Displays the type and number of packets sent out the interface. This information is displayed over three lines. Displays the traffic rate information into and out of the interface. Traffic rate is displayed in bits and packets per second. Displays the time since the last change in the configuration of this interface.

0 64-byte... Received 0... Output 0... Rate information... Time since...

Figure 231 show interfaces port-channel brief Command Example

Force10#sh int por 1 br LAG Mode 1 L2 Force10# Status up Uptime 00:00:08 Ports Gi 3/0 Gi 3/1 Gi 3/2 (Up) * (Down) (Up)

Table 52 show interfaces port-channel brief Command Example Fields Field

LAG Mode

Description
Lists the port channel number. Lists the mode: L3 - for Layer 3 L2 - for Layer 2 down - if the port channel is disabled (shutdown) up - if the port channel is enabled (no shutdown)

Status

Displays the status of the port channel.

Uptime Ports (untitled)

Displays the age of the port channel in hours:minutes:seconds. Lists the interfaces assigned to this port channel. Displays the status of the physical interfaces (up or down). In Layer 2 port channels, an * (asterisk) indicates which interface is the primary port of the port channel. The primary port sends out interface PDU. In Layer 3 port channels, the primary port is not indicated.

Related Commands

show lacp

Display the LACP matrix.

664

Interfaces

show port-channel-flow

show port-channel-flow
ces
Syntax

Display an egress port in a given port-channel flow. show port-channel-flow outgoing-port-channel number incoming-interface interface {source-ip address destination-ip address} | {protocol number | icmp | tcp | udp} | {source-port number destination-port number} | {source-mac address destination-mac address} outgoing-port-channel number
Enter the keyword outgoing-port-channel followed by the number of the port channel to display flow information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale.

Parameters

incoming-interface interface

Enter the keyword incoming-interface followed by the interface type and slot/port or number information: For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

source-ip address destination-ip address protocol number | icmp tcp | udp

Enter the keyword source-ip followed by the IP source address in IP address format. Enter the keyword destination-ip followed by the IP destination address in IP address format.

On the E-Series only, enter the keyword protocol followed by one of the protocol type keywords: tcp, udp, icmp or protocol number Note: The protocol number keyword applies to E-Series only. Enter the keyword source-port followed by the source port number. Range: 1-65536 Default: None Enter the keyword destination-port followed by the destination port number. Range: 1-65536 Default: None Enter the keyword source-mac followed by the MAC source address in the nn:nn:nn:nn:nn:nn format. Enter the keyword destination-mac followed by the MAC destination address in the nn:nn:nn:nn:nn:nn format.

source-port number

destination-port number

source-mac address destination-mac address

Command Modes

EXEC

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

665

show port-channel-flow

Usage Information

Since this command calculates based on a Layer 2 hash algorithm, use this command to display flows for switched Layer 2 packets, not for routed packets (use the show ip flow command to display routed packets). The show port-channel-flow command returns the egress port identification in a given port-channel, if a valid flow is entered. A mismatched flow error occurs if MAC-based hashing is configured for a Layer 2 interface and the user is trying to display a Layer 3 flow. The output will display three entries: Egress port for unfragmented packets. In the event of fragmented packets, egress port of the first fragment. In the event of fragmented packets, egress port of the subsequent fragments.

Example

show port-channel-flow outgoing-port-channel number incoming-interface interface source-mac address destination-mac address Load-balance is configured for MAC Load balance is configured for IP 4-tuple/2-tuple for the C-Series and S-Series A non-IP payload is going out of Layer 2 LAG interface that is a member of VLAN with an IP address.

Figure 232 show port-channel-flow Command for MAC Addresses

Force10#show port-channel-flow outgoing-port-channel 1 incoming-interface gi 3/0 source-mac 00:00:50:00:00:00 destination-mac 00:00:a0:00:00:00 Egress Port for port-channel 1, for the given flow, is Te 13/01

Example

On the E-Series only: show port-channel-flow outgoing-port-channel number incoming-interface interface source-ip address destination-ip address {protocol number [icmp/tcp/ udp]} {source-port number destination-port number} Load balance is configured for IP 5-tuple/3-tuple. An IP payload is going out of a Layer 2 LAG interface that is a member of a VLAN with an IP address.

Force10#show port-channel-flow outgoing-port-channel 2 incoming-interface gi 3/0 source-ip 2.2.2.0 destination-ip 3.2.3.1 protocol tcp source-port 5 destination-port 6

Egress Port for port-channel 2, for the given flow: Unfragmented packet: Gi 1/6 Fragmented packets (first fragment): Gi 1/12 Fragmented packets (remaining fragments): Gi 1/12
Related Commands load-balance (E-Series) Balance traffic over E-Series port channel members.

666

Interfaces

tdr-cable-test

Time Domain Reflectometer (TDR) TDR is supported on E-Series ExaScale ex with FTOS 8.2.1.0. and later.
TDR is useful for troubleshooting an interface that is not establishing a link; either it is flapping or not coming up at all. TDR detects open or short conditions of copper cables on 100/1000 Base-T modules. tdr-cable-test show tdr

Important Points to Remember

The interface and port must be enabled (configuredsee the interface command) before running TDR. An error message is generated if you have not enabled the interface. The interface on the far-end device must be shut down before running TDR. Since TDR is an intrusive test on an interface that is not establishing a link, do not run TDR on an interface that is passing traffic. When testing between two devices, do not run the test on both ends of the cable.

tdr-cable-test
ces
Syntax Parameters

Test the condition of copper cables on 100/1000 Base-T modules. tdr-cable-test interface interface
Enter the keyword GigabitEthernet followed by the slot/port information for the 100/1000 Ethernet interface.

Defaults Command Modes Command History

No default behavior or setting EXEC

Version 8.2.1.0 Version 7.7.1.0 Version 7.6.1.0 Version 6.1.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

The interface must be enabled to run the test or an error message is generated:
Force10#tdr-cable-test gigabitethernet 5/2 %Error: Interface is disabled GI 5/2

The C-Series and S-Series do not generate log messages is generated when the link flaps down/up during TDR tests. The E-series, does produce these log messages.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

667

show tdr

Related Commands

show tdr

Display the results of the TDR test.

show tdr
ces
Syntax Parameters

Display the TDR test results. show tdr interface interface

Enter the keyword GigabitEthernet followed by the slot/port information for the 100/1000 Ethernet interface.

Defaults Command Modes Command History

No default behavior or settings EXEC

Version 8.2.1.0 Version 7.7.1.0 Version 7.6.1.0 Version 6.1.1.0 Introduced on E-Series ExaScale Support added for S-Series Support added for C-Series Introduced

Example

Figure 233 show tdr gigabitethernet Command Example

Force10#show tdr gigabitethernet 10/47 Time since last test: 00:00:02 Pair A, Length: OK Status: Terminated Pair B, Length: 92 (+/- 1) meters, Status: Short Pair C, Length: 93 (+/- 1) meters, Status: Open Pair D, Length: 0 (+/- 1) meters, Status: Impedance Mismatch

Table 53 TDR Test Status Status OK Status: Terminated Length: 92 (+/- 1) meters, Status: Shorted

Definition TDR test is complete, no fault is detected on the cable, and the test is terminated A short is detected on the cable. The location, in this example 92 meters, of the short is accurate to plus or minus one meter. An opening is detected on the cable. The location, in this example 93 meters, of the open is accurate to plus or minus one meter. There is an impedance mismatch in the cables.

Length: 93 (+/- 1) meters, Status: Open Status: Impedance Mismatch

Usage Information

If the TDR test has not been run, an error messages is generated:
%Error: Please run the TDR test first

Related Commands

tdr-cable-test

Run the TDR test.

668

Interfaces

debug ip udp-helper

UDP Broadcast
The User Datagram Protocol (UDP) broadcast feature is a software-based method to forward low throughput (not to exceed 200 pps) IP/UDP broadcast traffic arriving on a physical or VLAN interface.

Important Points to Remember

This feature is available only on the E-Series platform, as noted by this symbol under each command heading: e This feature applies only to E-Series Layer 3 physical or VLAN interfaces. Routing Information Protocol (RIP) is not supported with the UDP Broadcast feature. If this feature is configured on an interface using ip udp-helper udp-port, then the command ip directed-broadcast becomes ineffective on that interface. The existing command show interface has been modified to display the configured broadcast address.

The commands for UDP Broadcast are: debug ip udp-helper ip udp-broadcast-address ip udp-helper udp-port show ip udp-helper

debug ip udp-helper
e
Syntax

Enable UDP debug and display the debug information on a console. debug ip udp-helper To disable debug information, use the no debug ip udp-helper command.

Defaults Command Modes

Debug disabled EXEC EXEC Privilege

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

669

ip udp-broadcast-address

Example

Figure 234 Debug Output Example

Force10#debug ip udp-helper UDP helper debugging is on 01:20:22: Pkt rcvd on Gi 5/0 with IP DA (0xffffffff) will be sent on Gi 5/1 Gi 5/2 Vlan 3 01:44:54: Pkt rcvd on Gi 7/0 is handed over for DHCP processing.

Related Commands

ip udp-broadcast-address ip udp-helper udp-port show ip udp-helper

Configure a UDP IP address for broadcast Enable the UDP broadcast feature on an interface. Display the configured UDP helper(s) on all interfaces.

ip udp-broadcast-address
e
Syntax

Configure an IP UDP address for broadcast. ip udp-broadcast-address address To delete the configuration, use the no ip udp-broadcast-address address command.

Parameters

address Not Configured INTERFACE (config-if)

Enter an IP broadcast address in dotted decimal format (A.B.C.D).

Defaults Command Modes Usage Information

When a UDP broadcast packet is flooded out of an interface, and the outgoing interface is configured using this command, the outgoing packets IP destination address is replaced with the configured broadcast address.
debug ip udp-helper show ip udp-helper Enable debug and display the debug information on a console. Display the configured UDP helper(s) on all interfaces.

Related Commands

ip udp-helper udp-port
e
Syntax

Enable the UDP broadcast feature on an interface either for all UDP ports or a specified list of UDP ports. ip udp-helper udp-port [udp-port-list] To disable the UDP broadcast on a port, use the no ip udp-helper udp-port [udp-port-list] command.

670

Interfaces

show ip udp-helper

Parameters

udp-port-list

(OPTIONAL) Enter up to 16 comma separated UDP port numbers. Note: If this option is not used, all UDP Ports are considered by default.

Defaults Command Modes Usage Information

No default behavior or values INTERFACE (config-if) If the ip helper-address command and ip udp-helper udp-port command are configured, the behavior is that the UDP broadcast traffic with port numbers 67/68 will be unicast relayed to the DHCP server per the ip helper-address configuration. This will occur regardless if the ip udp-helper udp-port command contains port numbers 67/68 or not. If only the ip udp-helper udp-port command is configured, all the UDP broadcast traffic is flooded, including ports 67/68 traffic if those ports are part of the udp-port-list.

Related Commands

ip helper-address debug ip udp-helper show ip udp-helper

Configure the destination broadcast or host address for DHCP server. Enable debug and display the debug information on a console. Display the configured UDP helper(s) on all interfaces.

show ip udp-helper
e
Syntax Defaults Command Modes Example

Display the configured UDP helper(s) on all interfaces. show ip udp-helper No default configuration or values EXEC Figure 235 show ip udp-helper Command Example
Force10#show ip udp-helper -------------------------------------------------Port UDP port list -------------------------------------------------Gi 10/0 656, 658 Gi 10/1 All

Related Commands

debug ip udp-helper ip udp-broadcast-address ip udp-helper udp-port

Enable debug and display the debug information on a console. Configure a UDP IP address for broadcast. Enable the UDP broadcast feature on an interface either for all UDP ports or a specified list of UDP ports.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

671

show ip udp-helper

672

Interfaces

Chapter 24
Overview

IPv4 Routing

The characters that appear below command headings indicate support for the associated Force10 platform, as follows: C-Series: c E-Series: e S-Series: s

Commands
IPv4-related commands are described in this chapter. They are: arp arp learn-enable arp retries arp timeout clear arp-cache clear host clear ip fib linecard clear ip route clear tcp statistics debug arp debug ip dhcp debug ip icmp debug ip packet ip address ip directed-broadcast ip domain-list ip domain-lookup ip domain-name ip fib download-igp-only ip helper-address ip helper-address hop-count disable ip host ip max-frag-count Publication Date: July 20, 2011 673

Command Line Reference for FTOS version 8.4.2.4

arp

ip mtu ip name-server ip proxy-arp ip redirects ip route ip source-route ip unreachables ip vlan-flooding load-balance (C-Series and S-Series) load-balance (E-Series) management route show arp show arp retries show hosts show ip cam linecard show ip cam stack-unit show ip fib linecard show ip fib stack-unit show ip flow show ip interface show ip management-route show ipv6 management-route show ip protocols show ip route show ip route list show ip route summary show ip traffic show protocol-termination-table show tcp statistics

arp
ces
Syntax

Use Address Resolution Protocol (ARP) to associate an IP address with a MAC address in the switch. arp vrf {vrf name} ip-address mac-address interface To remove an ARP address, use the no arp ip-address command.

Parameters

vrf name ip-address

E-Series Only: Enter the VRF process identifier to tie the static route to the VRF process . Enter an IP address in dotted decimal format.

674

IPv4 Routing

arp learn-enable

mac-address interface

Enter a MAC address in nnnn.nnnn.nnnn format. Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For the Management interface, enter the keyword ManagementEthernet followed by the slot/port information. The slot range is 0-1 and the port range is 0. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information Related Commands

You cannot use Class D or Class E IP addresses or zero IP address (0.0.0.0) when creating a static ARP. Zero MAC addresses (00:00:00:00:00:00) are also invalid.
clear arp-cache show arp Clear dynamic ARP entries from the ARP table. Display ARP table.

arp learn-enable
ces
Syntax Defaults Command Modes Command History Usage Information

Enable ARP learning via Gratuitous ARP. arp learn-enable Disabled CONFIGURATION
Version 8.3.1.0 Introduced

In FTOS versions prior to 8.3.1.0, if a gratuitous ARP is received some time after an ARP request is sent, only RP2 installs the ARP information. For example:

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

675

arp retries

1 2 3

At time t=0 FTOS sends an ARP request for IP A.B.C.D At time t=1 FTOS receives an ARP request for IP A.B.C.D At time t=2 FTOS installs an ARP entry for A.B.C.D only on RP2.

Beginning with version 8.3.1.0, when a Gratuitous ARP is received, FTOS installs an ARP entry on all 3 CPUs.

arp retries
ces
Syntax Parameters

Set the number of ARP retries in case the system does not receive an ARP reply in response to an ARP request. arp retries number number
Enter the number of retries. Range: 5 to 20. Default: 5

Defaults Command Modes Command History Usage Information Related Commands

5 CONFIGURATION
Version 8.3.1.0 Introduced

Retries are 20 seconds apart.

show arp retries

Display the configured number of ARP retries.

arp timeout
ces
Syntax

Set the time interval for an ARP entry to remain in the ARP cache. arp timeout minutes To return to the default value, enter no arp timeout.

Parameters

seconds

Enter the number of minutes. Range: 0 to 35790. Default: 240 minutes.

Defaults Command Modes

240 minutes (4 hours) INTERFACE

676

IPv4 Routing

clear arp-cache

Command History

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1

Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced on E-Series Displays the ARP timeout value for all available interfaces.

Related Commands

show interfaces

clear arp-cache
ces
Syntax Parameters

Clear the dynamic ARP entries from a specific interface or optionally delete (no-refresh) ARP entries from CAM. clear arp-cache [vrf name | interface | ip ip-address] [no-refresh] vrf name interface
E-Series Only: Clear only the ARP cache entries tied to the VRF process. (OPTIONAL) Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For the Management interface, enter the keyword ManagementEthernet followed by the slot/port information. The slot range is 0-1 and the port range is 0. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/ port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

ip ip-address no-refresh

(OPTIONAL) Enter the keyword ip followed by the IP address of the ARP entry you wish to clear. (OPTIONAL) Enter the keyword no-refresh to delete the ARP entry from CAM. Or use this option with interface or ip ip-address to specify which dynamic ARP entires you want to delete. Note: Transit traffic may not be forwarded during the period when deleted ARP entries are resolved again and re-installed in CAM. Use this option with extreme caution.

Command Modes Command History

EXEC Privilege
Version 8.2.1.0 Version 8.1.1.0 Version 7.9.1.0 Support 4094 VLANs on E-Series ExaScale (prior limit was 2094) Introduced on E-Series ExaScale Introduced VRF on the E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

677

clear host

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1

Introduced on S-Series Introduced on C-Series Introduced on E-Series

clear host
ces
Syntax Parameters

Remove one or all dynamically learnt host table entries. clear host name name
Enter the name of the host to delete. Enter * to delete all host table entries.

Command Modes Command History

EXEC Privilege
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

clear ip fib linecard

ces
Syntax Parameters

Clear all Forwarding Information Base (fib) entries in the specified line card (use this command with caution, see Usage Information below) clear ip fib linecard slot-number | vrf vrf instance slot-number
Enter the number of the line card slot. C-Series and S-Series Range: 0-7 E-Series Range: 0 to 13 on E12001200i, 0 to 6 on E600/E600i; 0 to 5 on E300 (Optional) E-Series Only: Clear only the FIB entries on the specificed card associated with the VRF instance.

vrf instance

Command Mode

EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0 Version 7.9.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1

Introduced support on E-Series ExaScale E600i Introduced on E-Series ExaScale Introduced VRF on the E-Series Introduced on S-Series Introduced on C-Series Introduced on E-Series

678

IPv4 Routing

clear ip route

Usage Information

Use this command to clear Layer 3 CAM inconsistencies.

Caution: Executing this command will cause traffic disruption.

Related Commands

show ip fib linecard

Show FIB entries.

clear ip route
ces
Syntax Parameters

Clear one or all routes in the routing table. clear ip route {* | ip-address mask | vrf vrf instance} * ip-address mask vrf instance
Enter an asterisk (*) to clear all learned IP routes. Enter a specific IP address and mask in dotted decimal format to clear that IP address from the routing table. (Optional) E-Series Only: Clear only the routes tied to the VRF instance.

Command Modes Command History

EXEC Privilege
Version 8.1.1.0 Version 7.9.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Introduced on E-Series ExaScale Introduced VRF Introduced on S-Series Introduced on C-Series Introduced on E-Series Assign an IP route to the switch. View the routing table. View a summary of the routing table.

Related Commands

ip route show ip route show ip route summary

clear tcp statistics

ces
Syntax

Clear TCP counters. clear tcp statistics [all | cp | rp1 | rp2]

Note: These options are supported only on the E-Series.

Parameters

all cp

Enter the keyword all to clear all TCP statistics maintained on all switch processors. (OPTIONAL) Enter the cp to clear only statistics from the Control Processor.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

679

debug arp

rp1 rp2
Command Modes Command History

(OPTIONAL) Enter the keyword rp1 to clear only the statistics from Route Processor 1. (OPTIONAL) Enter the keyword rp2 to clear only the statistics from Route Processor 2.

EXEC Privilege
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

debug arp
ces
Syntax

View information on ARP transactions. debug arp [interface] [count value] To stop debugging ARP transactions, enter no debug arp.

Parameters

interface

(OPTIONAL) Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword gigabitethernet followed by the slot/port information. For the Management interface, enter the keyword managementethernet followed by the slot/port information. The slot range is 0-1 and the port range is 0. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword tengigabitethernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

count value

(OPTIONAL) Enter the keyword count followed by the count value. Range: 1 to 65534

Command Modes Command History

EXEC Privilege
Version 8.2.1.0 Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 6.3.1.0 Support 4094 VLANs on E-Series ExaScale (prior limit was 2094) Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Added the count option

Defaults

No default behavior or values

680

IPv4 Routing

debug ip dhcp Use the count option to stop packets from flooding the user terminal when debugging is turned on.

Usage Information

debug ip dhcp
ces
Syntax

Enable debug information for DHCP relay transactions and display the information on the console. debug ip dhcp To disable debug, use the no debug ip dhcp command.

Defaults Command Modes Command History

Debug disabled EXEC Privilege

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 6.4.10 Introduced on E-Series ExaScale Added support for S-Series Introduced on C-Series Introduced on E-Series

Example

Figure 236 debug ip dhcp Command Example

Force10#debug ip dhcp 00:12:21 : %RELAY-I-PACKET: BOOTP REQUEST (Unicast) received at interface 113.3.3.17 BOOTP Request, hops = 0, XID = 0xbf05140f, secs = 0, hwaddr = 00:60:CF:20:7B:8C, giaddr = 0.0.0.0 00:12:21 : %RELAY-I-BOOTREQUEST: Forwarded BOOTREQUEST for 00:60:CF:20:7B:8C to 14.4.4.2 00:12:26 : %RELAY-I-PACKET: BOOTP REQUEST (Unicast) received at interface 113.3.3.17 BOOTP Request, hops = 0, XID = 0xbf05140f, secs = 5, hwaddr = 00:60:CF:20:7B:8C, giaddr = 0.0.0.0 00:12:26 : %RELAY-I-BOOTREQUEST: Forwarded BOOTREQUEST for 00:60:CF:20:7B:8C to 14.4.4.2 00:12:40 : %RELAY-I-PACKET: BOOTP REQUEST (Unicast) received at interface 113.3.3.17 BOOTP Request, hops = 0, XID = 0xda4f9503, secs = 0, hwaddr = 00:60:CF:20:7B:8C, giaddr = 0.0.0.0 00:12:40 : %RELAY-I-BOOTREQUEST: Forwarded BOOTREQUEST for 00:60:CF:20:7B:8C to 14.4.4.2 00:12:42 : %RELAY-I-PACKET: BOOTP REPLY (Unicast) received at interface 14.4.4.1 BOOTP Reply, hops = 0, XID = 0xda4f9503, secs = 0, hwaddr = 00:60:CF:20:7B:8C, giaddr = 113.3.3.17 00:12:42 : %RELAY-I-BOOTREPLY: Forwarded BOOTREPLY for 00:60:CF:20:7B:8C to 113.3.3.254 00:12:42 : %RELAY-I-PACKET: BOOTP REQUEST (Unicast) received at interface 113.3.3.17 BOOTP Request, hops = 0, XID = 0xda4f9503, secs = 0, hwaddr = 00:60:CF:20:7B:8C, giaddr = 0.0.0.0 00:12:42 : %RELAY-I-BOOTREQUEST: Forwarded BOOTREQUEST for 00:60:CF:20:7B:8C to 14.4.4.2 00:12:42 : %RELAY-I-PACKET: BOOTP REPLY (Unicast) received at interface 14.4.4.1 BOOTP Reply, hops = 0, XID = 0xda4f9503, secs = 0, hwaddr = 00:60:CF:20:7B:8C, giaddr = 113.3.3.17 00:12:42 : %RELAY-I-BOOTREPLY: Forwarded BOOTREPLY for 00:60:CF:20:7B:8C to 113.3.3.254 Force10#

Related Commands

ip helper-address ip helper-address hop-count disable

Specify the destination broadcast or host address for DHCP server request. Disable hop-count increment for DHCP relay agent.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

681

debug ip icmp

debug ip icmp
ces
Syntax

View information on the Internal Control Message Protocol (ICMP). debug ip icmp [interface] [count value] To disable debugging, use the no debug ip icmp command.

Parameters

interface

(OPTIONAL) Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For the Management interface, enter the keyword ManagementEthernet followed by the slot/port information. The slot range is 0 and the port range is 0-1. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For VLAN, enter the keyword vlan followed by a number from 1 to 4094.

count value

(OPTIONAL) Enter the keyword count followed by the count value. Range: 1 to 65534 Default: Infinity

Command Modes Command History

Example

Figure 237 debug ip icmp Command Example (Partial)

ICMP: ICMP: ICMP: ICMP: ICMP: ICMP: ICMP: ICMP: echo request rcvd from src 40.40.40.40 src 40.40.40.40, dst 40.40.40.40, echo src 40.40.40.40, dst 40.40.40.40, echo echo request sent to dst 40.40.40.40 echo request rcvd from src 40.40.40.40 src 40.40.40.40, dst 40.40.40.40, echo src 40.40.40.40, dst 40.40.40.40, echo echo request sent to dst 40.40.40.40

reply reply reply reply

Usage Information

Use the count option to stop packets from flooding the user terminal when debugging is turned on.

682

IPv4 Routing

debug ip packet

debug ip packet
ces
Syntax

View a log of IP packets sent and received. debug ip packet [access-group name ] [count value] [interface] To disable debugging, use the no debug ip packet [access-group name ] [count value] [interface] command.

Parameters

access-group name

Enter the keyword access-group followed by the access list name (maximum 16 characters) to limit the debug output based on the defined rules in the ACL. (OPTIONAL) Enter the keyword count followed by the count value. Range: 1 to 65534 Default: Infinity (OPTIONAL) Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword gigabitethernet followed by the slot/port information. For the management interface on the RPM, enter the keyword managementethernet followed by the slot/port information. The slot range is 0-1 and the port range is 0. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword tengigabitethernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

count value

interface

Command Mode Command History

EXEC Privilege
Version 8.2.1.0 Version 8.1.1.0 Version 7.6.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 6.3.1.0 Support 4094 VLANs on E-Series ExaScale (prior limit was 2094) Introduced on E-Series ExaScale Added the access-group option Introduced on S-Series Introduced on C-Series Added the count option

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

683

debug ip packet

Example

Figure 238 debug ip packet Command Example (Partial)

IP: s=10.1.2.62 (local), d=10.1.2.206 (Ma 0/0), len 54, sending TCP src=23, dst=40869, seq=2112994894, ack=606901739, win=8191 ACK PUSH IP: s=10.1.2.206 (Ma 0/0), d=10.1.2.62, len 40, rcvd TCP src=0, dst=0, seq=0, ack=0, win=0 IP: s=10.1.2.62 (local), d=10.1.2.206 (Ma 0/0), len 226, sending TCP src=23, dst=40869, seq=2112994896, ack=606901739, win=8192 ACK PUSH IP: s=10.1.2.216 (Ma 0/0), d=10.1.2.255, len 78, rcvd UDP src=0, dst=0 IP: s=10.1.2.62 (local), d=10.1.2.3 (Ma 0/0), len 1500, sending fragment IP Fragment, Ident = 4741, fragment offset = 0 ICMP type=0, code=0 IP: s=10.1.2.62 (local), d=10.1.2.3 (Ma 0/0), len 1500, sending fragment IP Fragment, Ident = 4741, fragment offset = 1480 IP: s=40.40.40.40 (local), d=224.0.0.5 (Gi 4/11), len 64, sending broad/multicast proto=89 IP: s=40.40.40.40 (local), d=224.0.0.6 (Gi 4/11), len 28, sending broad/multicast proto=2 IP: s=0.0.0.0, d=30.30.30.30, len 100, unroutable ICMP type=8, code=0 IP: s=0.0.0.0, d=30.30.30.30, len 100, unroutable ICMP type=8, code=0

Table 54 debug ip packet Command Example Fields Field

s= d=

Description
Lists the source address of the packet and the name of the interface (in parentheses) that received the packet. Lists the destination address of the packet and the name of the interface (in parentheses) through which the packet is being sent out on the network. Displays the packets length. The last part of each line lists the status of the packet.

len sending rcvd fragment sending broad/multicast proto unroutable TCP src=

Displays the source and destination ports, the sequence number, the acknowledgement number, and the window size of the packets in that TCP packets. Displays the source and destination ports for the UDP packets. Displays the ICMP type and code. States that it is a fragment and displays the unique number identifying the fragment (Ident) and the offset (in 8-byte units) of this fragment (fragment offset) from the beginning of original datagram.

UDP src= ICMP type= IP Fragment

684

IPv4 Routing

ip address Use the count option to stop packets from flooding the user terminal when debugging is turned on. The access-group option supports only the equal to (eq) operator in TCP ACL rules. Port operators not equal to (neq), greater than (gt), less than (lt), or range are not supported in access-group option (see Figure 239). ARP packets (arp) and Ether-type (ether-type) are also not supported in access-group option. The entire rule is skipped to compose the filter. The access-group option pertains to: IP Protocol Number Internet Control Message Protocol* * but not the ICMP message type (0-255) Any Internet Protocol Transmission Control Protocol* * but not on the rst, syn, or urg bit User Datagram Protocol 0 to 255 icmp ip tcp udp

Usage Information

In the case of ambiguous access control list rules, the debug ip packet access-control command will be disabled. A message appears identifying the error (see Figure 239).
Example

Figure 239 debug ip packet access-group Command Errors

Force10#debug ip packet access-group test %Error: port operator GT not supported in access-list debug %Error: port operator LT not supported in access-list debug %Error: port operator RANGE not supported in access-list debug %Error: port operator NEQ not supported in access-list debug Force10#00:10:45: %RPM0-P:CP %IPMGR-3-DEBUG_IP_PACKET_ACL_AMBIGUOUS_EXP: Ambiguous rules not supported in access-list debug, access-list debugging is turned off Force10#

ip address
ces
Syntax

Assign a primary and secondary IP address to the interface. ip address ip-address mask [secondary] To delete an IP address from an interface, use the no ip address [ip-address] command.

Parameters

ip-address mask secondary

Enter an IP address in dotted decimal format. Enter the mask of the IP address in slash prefix format (for example, /24). (OPTIONAL) Enter the keyword secondary to designate the IP address as the secondary address.

Defaults Command Modes Command History

Not configured. INTERFACE

Version 8.1.1.0 Introduced on E-Series ExaScale

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

685

ip directed-broadcast

Version 7.6.1.0 Version 7.5.1.0 Usage Information

Introduced on S-Series Introduced on C-Series

You must be in the INTERFACE mode before you add an IP address to an interface. Assign an IP address to an interface prior to entering the ROUTER OSPF mode.

ip directed-broadcast
ces
Syntax

Enables the interface to receive directed broadcast packets. ip directed-broadcast To disable the interface from receiving directed broadcast packets, enter no ip directed-broadcast.

Defaults Command Modes Command History

Disabled (that is, the interface does not receive directed broadcast packets) INTERFACE
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

ip domain-list
ces
Syntax

Configure names to complete unqualified host names. ip domain-list name To remove the name, use the no ip domain-list name command.

Parameters

name

Enter a domain name to be used to complete unqualified names (that is, incomplete domain names that cannot be resolved).

Defaults Command Modes Command History

Disabled. CONFIGURATION
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

Usage Information

Configure the ip domain-list command up to 6 times to configure a list of possible domain names.

686

IPv4 Routing

ip domain-lookup

If both the ip domain-name and ip domain-list commands are configured, the software will try to resolve the name using the ip domain-name command. If the name is not resolved, the software goes through the list of names configured with the ip domain-list command to find a match. Use the following steps to enable dynamic resolution of hosts: specify a domain name server with the ip name-server command. enable DNS with the ip domain-lookup command.

To view current bindings, use the show hosts command. To view DNS related configuration, use the show running-config resolve command.
Related Commands ip domain-name Specify a DNS server.

ip domain-lookup
ces
Syntax

Enable dynamic host-name to address resolution (that is, DNS). ip domain-lookup To disable DNS lookup, use the no ip domain-lookup.

Defaults Command Mode Command History

Disabled. CONFIGURATION
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

Usage Information

To fully enable DNS, also specify one or more domain name servers with the ip name-server command. FTOS does not support sending DNS queries over a VLAN. DNS queries are sent out all other interfaces, including the Management port. To view current bindings, use the show hosts command.

Related Commands

ip name-server show hosts

Specify a DNS server. View current bindings.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

687

ip domain-name

ip domain-name
ces
Syntax

Configure one domain name for the switch. ip domain-name name To remove the domain name, enter no ip domain-name.

Parameters

name

Enter one domain name to be used to complete unqualified names (that is, incomplete domain names that cannot be resolved).

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series

Usage Information

You can only configure one domain name with the ip domain-name command. To configure more than one domain name, configure the ip domain-list command up to 6 times. Use the following steps to enable dynamic resolution of hosts: specify a domain name server with the ip name-server command. enable DNS with the ip domain-lookup command.

To view current bindings, use the show hosts command.

Related Commands ip domain-list Configure additional names.

ip fib download-igp-only
e
Configure the E-Series to download only IGP routes (for example, OSPF) on to line cards. When the command is configured or removed, it clears the routing table (similar to clear ip route command) and only IGP routes populate the table. ip fib download-igp-only [small-fib] To return to default setting, use the no ip fib download-igp-only [small-fib] command.
Parameters

Syntax

small-fib

(OPTIONAL) Enter the keyword small-fib to download a smaller FIB table. This option is useful on line cards with a limited FIB size.

Defaults Command Modes

Disabled CONFIGURATION

688

IPv4 Routing

ip helper-address

Command History

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1

Introduced on E-Series ExaScale Added support for S-Series Added support for C-Series Introduced on E-Series

ip helper-address
ces
Syntax

Specify the address of a DHCP server so that DHCP broadcast messages can be forwarded when the DHCP server is not on the same subnet as the client. ip helper-address ip-address | default-vrf To remove a DHCP server address, enter no ip helper-address.

Parameters

ip-address default-vrf

Enter an IP address in dotted decimal format (A.B.C.D). (Optional) E-Series Only: Enter default-vrf for the DHCP server VRF is using.

Defaults Command Modes Command History

Not configured. INTERFACE

Version 8.1.1.0 Version 7.9.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Introduced on E-Series ExaScale Introduced VRF on the E-Series Added support for S-Series Added support for C-Series Introduced on E-Series

Usage Information

You can add multiple DHCP servers by entering the ip helper-address command multiple times. If multiple servers are defined, an incoming request is sent simultaneously to all configured servers and the reply is forwarded to the DHCP client. FTOS uses standard DHCP ports, that is UDP ports 67 (server) and 68 (client) for DHCP relay services. It listens on port 67 and if it receives a broadcast, the software converts it to unicast, and forwards to it to the DHCP-server with source port=68 and destination port=67. The server replies with source port=67, destination port=67 and FTOS forwards to the client with source port=67, destination port=68.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

689

ip helper-address hop-count disable

ces
Syntax

Disable the hop-count increment for the DHCP relay agent. ip helper-address hop-count disable To reenable the hop-count increment, use the no ip helper-address hop-count disable command.

Defaults Command Modes Command History

Enabled; the hops field in the DHCP message header is incremented by default CONFIGURATION
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 6.3.1.0 Introduced on E-Series ExaScale Added support for S-Series Added support for C-Series Introduced for E-Series

Usage Information

This command disables the incrementing of the hops field when boot requests are relayed to a DHCP server through FTOS. If the incoming boot request already has a non-zero hops field, the message will be relayed with the same value for hops. However, the message will be discarded if the hops field exceeds 16, to comply with the relay agent behavior specified in RFC 1542.
ip helper-address show running-config Specify the destination broadcast or host address for DHCP server requests. Display the current configuration and changes from default values.

Related Commands

ip host
ces
Syntax

Assign a name and IP address to be used by the host-to-IP address mapping table. ip host name ip-address To remove an IP host, use the no ip host name [ip-address] command.

Parameters

name ip-address

Enter a text string to associate with one IP address. Enter an IP address, in dotted decimal format, to be mapped to the name.

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Added support for S-Series Added support for C-Series Introduced for E-Series

690

IPv4 Routing

ip max-frag-count

ip max-frag-count
ces
Syntax

Set the maximum number of fragments allowed in one packet for packet re-assembly. ip max-frag-count count To place no limit on the number of fragments allowed, enter no ip max-frag-count.

Parameters

count

Enter a number for the number of fragments allowed for re-assembly. Range: 2 to 256

Defaults Command Modes Command History

No limit is set on number of fragments allowed. CONFIGURATION

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Added support for S-Series Added support for C-Series Introduced for E-Series

Usage Information

To avoid Denial of Service (DOS) attacks, keep the number of fragments allowed for re-assembly low.

ip mtu
e
Set the IP MTU (frame size) of the packet transmitted by the RPM for the line card interface. If the packet must be fragmented, FTOS sets the size of the fragmented packets to the size specified in this command. ip mtu value To return to the default IP MTU value, enter no ip mtu.
Parameters

Syntax

value

Enter the maximum MTU size if the IP packet is fragmented. Default: 1500 bytes Range: 576 to 9234

Defaults Command Modes Command History

1500 bytes INTERFACE (Gigabit Ethernet and 10 Gigabit Ethernet interfaces)

Version 8.1.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Introduced for E-Series

Usage Information

When you enter no mtu command, FTOS reduces the ip mtu value to 1536 bytes. To return the IP MTU value to the default, enter no ip mtu.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

691

ip name-server

You must compensate for Layer 2 header when configuring link MTU on an Ethernet interface or FTOS may not fragment packets. If the packet includes a Layer 2 header, the difference between the link MTU and IP MTU (ip mtu command) must be enough bytes to include for the Layer 2 header. Link MTU and IP MTU considerations for Port Channels and VLANs are as follows. Port Channels: All members must have the same link MTU value and the same IP MTU value. The Port Channel link MTU and IP MTU must be less than or equal to the link MTU and IP MTU values configured on the channel members.

Example: if the members have a link MTU of 2100 and an IP MTU 2000, the Port Channels MTU values cannot be higher than 2100 for link MTU or 2000 bytes for IP MTU. VLANs: All members of a VLAN must have same IP MTU value. Members can have different Link MTU values. Tagged members must have a link MTU 4 bytes higher than untagged members to account for the packet tag. The VLAN link MTU and IP MTU must be less than or equal to the link MTU and IP MTU values configured on the VLAN members.

Example: The VLAN contains tagged members with Link MTU of 1522 and IP MTU of 1500 and untagged members with Link MTU of 1518 and IP MTU of 1500. The VLANs Link MTU cannot be higher than 1518 bytes and its IP MTU cannot be higher than 1500 bytes. Table 55 Difference between Link MTU and IP MTU Layer 2 Overhead Ethernet (untagged) VLAN Tag Tagged Packet with VLAN-Stack Header
Related Commands

Difference between Link MTU and IP MTU 18 bytes 22 bytes 26 bytes

Untagged Packet with VLAN-Stack Header 22 bytes

mtu

Set the link MTU for an Ethernet interface.

ip name-server
ces
Syntax

Enter up to 6 IPv4 addresses of name servers. The order you enter the addresses determines the order of their use. ip name-server ipv4-address [ipv4-address2...ipv4-address6] To remove a name server, use the no ip name-server ip-address command.

692

IPv4 Routing

ip proxy-arp

Parameters

ipv4-address ipv4-address2 ... ipv4-address6

Enter the IPv4 address, in dotted decimal format, of the name server to be used. (OPTIONAL) Enter up five more IPv4 addresses, in dotted decimal format, of name servers to be used. Separate the addresses with a space.

Defaults Command Modes Command History

No name servers are configured. CONFIGURATION

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Added support for S-Series Added support for C-Series Introduced for E-Series

Usage Information

FTOS does not support sending DNS queries over a VLAN. DNS queries are sent out all other interfaces, including the Management port. You can separately configure both IPv4 and IPv6 domain name servers.

Related Commands

ipv6 name-server on page 768

Configure an IPv6 name server.

ip proxy-arp
ces
Syntax

Enable Proxy ARP on an interface. ip proxy-arp To disable Proxy ARP, enter no ip proxy-arp.

Defaults Command Modes Command History

Enabled. INTERFACE
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Added support for S-Series Added support for C-Series Introduced for E-Series Displays the interface routing status and configuration.

Related Commands

show ip interface

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

693

ip redirects

ip redirects
e
Syntax

Enable the interface to send ICMP redirect messages. ip redirects To return to default, enter no ip redirects.

Defaults Command Modes Command History

Disabled INTERFACE
Version 8.1.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Introduced for E-Series

Usage Information

This command is available for physical interfaces and port-channel interfaces on the E-Series.

Note: This command is not supported on default VLAN (default vlan-id command).

ip route
ces
Syntax

Assign a static route to the switch. ip route vrf {vrf instance} destination mask {ip-address | interface [ip-address]} [distance] [permanent] [tag tag-value] To delete a specific static route, use the no ip route destination mask {address | interface [ip-address]} command. To delete all routes matching a certain route, use the no ip route destination mask command.

Parameters

vrf name destination mask ip-address

(OPTIONAL) E-Series Only: Enter the keyword vrf followed by the VRF Instances name to tie the static route to the VRFin stance . Enter the IP address in dotted decimal format of the destination device. Enter the mask in slash prefix formation (/x) of the destination devices IP address. Enter the IP address in dotted decimal format of the forwarding router.

694

IPv4 Routing

ip route

interface

Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a loopback interface, enter the keyword loopback followed by a number from zero (0) to 16383. For the null interface, enter the keyword null followed by zero (0). For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

distance permanent

(OPTIONAL) Enter a number as the distance metric assigned to the route. Range: 1 to 255 (OPTIONAL) Enter the keyword permanent to specify the route is not removed, even if the interface assigned to that route goes down. The route must be up initially to install it in the routing table. If you disable the interface with an IP address associated with the keyword permanent, the route disappears from the routing table. (OPTIONAL) Enter the keyword tag followed by a number to assign to the route. Range: 1 to 4294967295

tag tag-value

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 8.2.1.0 Version 8.1.1.0 Version 7.9.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Support 4094 VLANs on E-Series ExaScale (prior limit was 2094) Introduced on E-Series ExaScale Introduced VRF on the E-Series Introduced on S-Series Introduced on C-Series Introduced for E-Series

Usage Information

Using the following example of a static route: ip route 33.33.33.0 /24 gigabitethernet 0/0 172.31.5.43 The software installs a next hop that is not on the directly connected subnet but which recursively resolves to a next hop on the interfaces configured subnet. In the example, if gig 0/0 has ip address on subnet 2.2.2.0 and if 172.31.5.43 recursively resolves to 2.2.2.0, FTOS installs the static route. When the interface goes down, FTOS withdraws the route. When the interface comes up, FTOS re-installs the route. When recursive resolution is broken, FTOS withdraws the route. When recursive resolution is satisfied, FTOS re-installs the route.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

695

ip source-route

Related Commands

show ip route

View the switch routing table.

ip source-route
ces
Syntax

Enable FTOS to forward IP packets with source route information in the header. ip source-route To drop packets with source route information, enter no ip route-source.

Defaults Command Modes Command History

Enabled. CONFIGURATION
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Added support for S-Series Added support for C-Series Introduced for E-Series

ip unreachables
ces
Syntax

Enable the generation of Internet Control Message Protocol (ICMP) unreachable messages. ip unreachables To disable the generation of ICMP messages, enter no ip unreachables.

Defaults Command Modes Command History

Disabled INTERFACE
Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

696

IPv4 Routing

ip vlan-flooding

ip vlan-flooding
e
Syntax

Enable unicast data traffic flooding on VLAN member ports. ip vlan-flooding To disable, use the no ip vlan-flooding command.

Defaults Command Modes Command History

disabled CONFIGURATION
Version 8.1.1.0 Version 7.4.1.0 Introduced on E-Series ExaScale Introduced on E-Series

Usage Information

By default this command is disabled. When enabled, all the Layer 3 unicast routed data traffic going through a VLAN member port is flooded across all the member ports of that VLAN. There might be some ARP table entries which are resolved through ARP packets which had Ethernet MAC SA different from MAC information inside the ARP packet. This unicast data traffic flooding occurs only for those packets which use these ARP entries.

load-balance (C-Series and S-Series)

cs
By default for C-Series and S-Series, FTOS uses an IP 4-tuple (IP SA, IP DA, Source Port, and Destination Port) to distribute IP traffic over members of a Port Channel as well as equal-cost paths. To designate another method to balance traffic over Port Channel members, use the load-balance command. load-balance {ip-selection [dest-ip | source-ip]} | {mac [dest-mac | source-dest-mac | source-mac]} | {tcp-udp [enable]} To return to the default setting (IP 4-tuple), use the no version of the command.

Syntax

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

697

load-balance (C-Series and S-Series)

Parameters

ip-selection {dest-ip | source-ip}

Enter the keywords to distribute IP traffic based on the following criteria: dest-ipUses destination IP address and destination port fields to hash. The hashing mechanism returns a 3-bit index indicating which port the packet should be forwarded to. source-ipUses source IP address and source port fields to hash. The hashing mechanism returns a 3-bit index indicating which port the packet should be forwarded to.

mac {dest-mac | source-dest-mac | source-mac}

Enter the keywords to distribute MAC traffic based on the following criteria: dest-macUses the destination MAC address, VLAN, Ethertype, source module ID and source port ID fields to hash. The hashing mechanism returns a 3-bit index indicating which port the packet should be forwarded to. source-dest-macUses the destination and source MAC address, VLAN, Ethertype, source module ID and source port ID fields to hash. The hashing mechanism returns a 3-bit index indicating which port the packet should be forwarded to. source-macUses the source MAC address, VLAN, Ethertype, source module ID and source port ID fields to hash. The hashing mechanism returns a 3-bit index indicating which port the packet should be forwarded to. enableTakes the TCP/UDP source and destination ports into consideration when doing hash computations. (By default, this is enabled)

tcp-udp enable

Enter the keywords to distribute traffic based on the following:

Defaults Command Modes Command History

IP 4-tuple (IP SA, IP DA, Source Port, Destination Port) CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 Added support for S-Series Introduced on C-Series

Usage Information

By default, FTOS distributes incoming traffic based on a hash algorithm using the following criteria: IP source address IP destination address TCP/UDP source port TCP/UDP destination port hash-algorithm ecmp

Related Commands

698

IPv4 Routing

load-balance (E-Series)

load-balance (E-Series)
e
By default, for E-Series chassis, FTOS uses an IP 5-tuple to distribute IP traffic over members of a Port Channel as well as equal cost paths. To designate another method to balance traffic over Port Channel members, use the load-balance command. load-balance [ip-selection 3-tuple | ip-selection packet-based] [mac] To return to the default setting (IP 5-tuple), use one of the following commands:
Parameters

Syntax

no load-balance ip-selection 3-tuple no load-balance ip-selection packet-based no load-balance mac

Enter the keywords ip-selection 3-tuple to distribute IP traffic based on the following criteria: IP source address IP destination address IP Protocol type Note: For IPV6, only the first 32 bits (LSB) of IP SA and IP DA are used for hash generation..

ip-selection 3-tuple

ip-selection packet-based Enter the keywords ip-selection packet-based to distribute

IPV4 traffic based on the IP Identification field in the IPV4 header. This option does not affect IPV6 traffic; that is, IPV6 traffic is not distributed when this command is executed. Note: Hash-based load-balancing on MPLS does not work when packet-based hashing (load-balance ip-selection packet-based) is enabled.

mac

Enter the keyword mac to distribute traffic based on the following: MAC source address, and MAC destination address.

Defaults Command Modes Command History

IP 5-tuple (IP SA, IP DA, IP Protocol Type, Source Port and Destination Port) CONFIGURATION
Version 8.1.1.0 Version 6.1.1.0 Introduced on E-Series ExaScale Introduced for E-Series

Usage Information

By default, FTOS distributes incoming traffic based on a hash algorithm using the following criteria: IP source address IP destination address IP Protocol type TCP/UDP source port TCP/UDP destination port

Note: For IPV6, only the first 32 bits (LSB) of IP Source Address and IP Destination Address are used for hash generation.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

699

management route

The table below lists the load balance command options and how the command combinations

effect the distribution of traffic. Table 56 Configurations of the load-balance Command Configuration Default (IP 5-tuple) ip-selection 3-tuple mac ip-selection 3-tuple and mac ip-selection packet-based ip-selection packet-based and mac
Related Commands

Switched IP Traffic IP 5-tuple IP 3-tuple MAC based MAC based Packet based: IPV4 No distribution: IPV6 MAC based

Routed IP Traffic (IPV4 Only) IP 5-tuple IP 3-tuple IP 5-tuple IP 3-tuple Packet based: IPV4 Packet based: IPV4

Switched Non-IP Traffic MAC based MAC based MAC based MAC based MAC based MAC based

ip address

Change the algorithm used to distribute traffic on an E-Series chassis.

management route
ce
Syntax

Configure a static route that points to the Management interface or a forwarding router. management route {ipv4-address | ipv6-address}/mask {forwarding-router-address | managementethernet}
{ipv4-address | ipv6-address}/ mask Enter an IPv4 address (A.B.C.D) or IPv6 address (X:X:X:X::X), followed by the prefix-length for the IP address of the management interface. Enter an IPv4 or IPv6 address of a forwarding router. Enter the keyword managementethernet for the Management interface on the Primary RPM.

Parameters

forwarding-router-address managementethernet

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 8.4.1.0 Version 8.1.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Added support for IPv6 management routes. Introduced on E-Series ExaScale Support added for C-Series Introduced for E-Series

Usage Information

When a static route (or a protocol route) overlaps with Management static route, the static route (or a protocol route) is preferred over the Management Static route. Also, Management static routes and the Management Connected prefix are not reflected in the hardware routing tables. Separate routing tables are maintained for IPv4 and IPv6 management routes. This command manages both tables. IPv4 Routing

700

show arp

Related Commands

interface ManagementEthernet duplex (Management) speed (Management interface)

Configure the Management port on the system (either the Primary or Standby RPM).. Set the mode of the Management interface. Set the speed for the Management interface.

show arp
ces
Syntax

Display the ARP table. show arp [vrf vrf name][interface interface | ip ip-address [mask] | macaddress mac-address [mac-address mask]] [cpu {cp | rp1 | rp2}] [static | dynamic] [summary] vrf name cpu
E-Series Only: Show only the ARP cache entries tied to the VRF process. (OPTIONAL) Enter the keyword cpu with one of the following keywords to view ARP entries on that CPU:

Parameters

cp - view ARP entries on the control processer. rp1 - view ARP entries on Routing Processor 1. rp2 - view ARP entries on Routing Processor 2.

interface interface

(OPTIONAL) Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For the Management interface, enter the keyword managementethernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

ip ip-address mask

(OPTIONAL) Enter the keyword ip followed by an IP address in the dotted decimal format. Enter the optional IP address mask in the slash prefix format (/x). (OPTIONAL) Enter the keyword macaddress followed by a MAC address in nn:nn:nn:nn:nn:nn format. Enter the optional MAC address mask in nn:nn:nn:nn:nn format also. (OPTIONAL) Enter the keyword static to view entries entered manually. (OPTIONAL) Enter the keyword dynamic to view dynamic entries. (OPTIONAL) Enter the keyword summary to view a summary of ARP entries.

macaddress mac-address mask static dynamic summary

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

701

show arp

Command Modes Command History

EXEC Privilege
Version 8.2.1.0 Version 8.1.1.0 Version 7.9.1.0 Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Support 4094 VLANs on E-Series ExaScale (prior limit was 2094) Introduced on E-Series ExaScale Introduced VRF on the E-Series Augmented to display local ARP entries learned from private VLANs (PVLANs) Introduced on S-Series Introduced on C-Series Introduced for E-Series

702

IPv4 Routing

show arp

Usage Information

The following figureshows two VLANs that are associated with a private VLAN (PVLAN) (see Chapter 45, Private VLAN (PVLAN)), a feature added for C-Series and S-Series in FTOS 7.8.1.0. Figure 240 show arp Command Example (Partial)
Force10>show arp Protocol Address Age(min) Hardware Address Interface VLAN CPU -------------------------------------------------------------------------------Internet 192.2.1.254 1 00:00:c0:02:01:02 Gi 9/13 CP Internet 192.2.1.253 1 00:00:c0:02:01:02 Gi 9/13 CP Internet 192.2.1.252 1 00:00:c0:02:01:02 Gi 9/13 CP Internet 192.2.1.251 1 00:00:c0:02:01:02 Gi 9/13 CP Internet 192.2.1.250 1 00:00:c0:02:01:02 Gi 9/13 CP Internet 192.2.1.251 1 00:00:c0:02:01:02 Gi 9/13 CP Internet 192.2.1.250 1 00:00:c0:02:01:02 Gi 9/13 CP Internet 192.2.1.249 1 00:00:c0:02:01:02 Gi 9/13 CP Internet 192.2.1.248 1 00:00:c0:02:01:02 Gi 9/13 CP Internet 192.2.1.247 1 00:00:c0:02:01:02 Gi 9/13 CP Internet 192.2.1.246 1 00:00:c0:02:01:02 Gi 9/13 CP Internet 192.2.1.245 1 00:00:c0:02:01:02 Gi 9/13 CP

Example

Figure 241 show arp Command Example with Private VLAN data
Force10#show arp Protocol Address Age(min) Hardware Address Interface VLAN CPU ----------------------------------------------------------------------------------Internet 5.5.5.1 00:01:e8:43:96:5e Vl 10 pv 200 CP Internet 5.5.5.10 00:01:e8:44:99:55 Vl 10 CP Internet 10.1.2.4 1 00:01:e8:d5:9e:e2 Ma 0/0 CP Internet 10.10.10.4 1 00:01:e8:d5:9e:e2 Ma 0/0 CP Internet 10.16.127.53 1 00:01:e8:d5:9e:e2 Ma 0/0 CP Internet 10.16.134.254 20 00:01:e8:d5:9e:e2 Ma 0/0 CP Internet 133.33.33.4 1 00:01:e8:d5:9e:e2 Ma 0/0 CP

Line 1 shows community VLAN 200 (in primary VLAN 10) in a PVLAN. Line 2 shows primary VLAN 10.

Figure 242 show arp cpu cp Command Example

Force10#sho arp cpu cp Protocol Address Age(min) Hardware Address Interface VLAN CPU -------------------------------------------------------------------------------Internet 10.1.2.206 0 00:a0:80:00:15:b8 Ma 0/0 CP Internet 182.16.1.20 0 00:30:19:24:2d:70 Gi 8/0 CP Internet 100.10.10.10 0 00:30:19:4f:d3:80 Gi 8/12 CP Internet 10.1.2.209 12 00:a0:80:00:12:6c Ma 0/0 CP Force10#

Table 57 show arp Command Example Fields Row Heading

Protocol Address Age(min)

Description
Displays the protocol type. Displays the IP address of the ARP entry. Displays the age in minutes of the ARP entry.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

703

show arp retries

Table 57 show arp Command Example Fields (continued) Row Heading

Hardware Address Interface VLAN CPU

Description
Displays the MAC address associated with the ARP entry. Displays the first two letters of the interfaces type and the slot/port associated with the ARP entry. Displays the VLAN ID, if any, associated with the ARP entry. Lists which CPU the entries are stored on.

Figure 243 show arp summary Command Example

Force10# show arp summary Total Entries Static Entries Dynamic Entries CPU -----------------------------------------------------83 0 83 CP Force10

Table 58 show arp summary Command Example Fields Row Heading

Total Entries Static Entries Dynamic Entries CPU

Description
Lists the total number of ARP entries in the ARP table. Lists the total number of configured or static ARP entries. Lists the total number of learned or dynamic ARP entries. Lists which CPU the entries are stored on.

Related Commands

ip local-proxy-arp switchport mode private-vlan

Enable/disable Layer 3 communication in secondary VLANs. Set the PVLAN mode of the selected port.

show arp retries

ces
Syntax Command Modes

Display the configured number of ARP retries. show arp retries EXEC EXEC Privilege

Command History

Version 8.3.1.0

Introduced

704

IPv4 Routing

show hosts

Related Commands

arp retries

Set the number of ARP retries in case the system does not receive an ARP reply in response to an ARP request.

show hosts
ces
Syntax Command Modes

View the host table and DNS configuration. show hosts EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0

Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced for E-Series

Example

Figure 244 show hosts Command Example

Force10#show hosts Default domain is not set Name/address lookup uses static Name servers are not set Host Flags -----------ks (perm, 4200-1 (perm, 1230-3 (perm, ZZr (perm, Z10-3 (perm, Force10#

mappings TTL ---Type ---IP IP IP IP IP Address ------2.2.2.2 192.68.69.2 192.68.99.2 192.71.18.2 192.71.23.1

OK) OK) OK) OK) OK)

Table 59 show hosts Command Example Fields Field

Default domain... Name/address lookup...

Description
Displays the domain name (if configured). States if DNS is enabled on the system. If DNS is enabled, the Name/Address lookup is domain service. If DNS is not enabled, the Name/Address lookup is static mapping. Lists the name servers, if configured. Displays the host name assigned to the IP address.

Name servers are ... Host

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

705

show ip cam linecard

Table 59 show hosts Command Example Fields (continued) Field

Flags

Description
Classifies the entry as one of the following: perm - the entry was manually configured and will not time out temp - the entry was learned and will time out after 72 hours of inactivity. Also included in the flag is an indication of the validity of the route: ok - the entry is valid. ex - the entry expired. ?? - the entry is suspect.

TTL Type Address

Displays the amount of time until the entry ages out of the cache. For dynamically learnt entries only. Displays IP as the type of entry. Displays the IP address(es) assigned to the host.

Related Commands

traceroute ip host

View DNS resolution Configure a host.

show ip cam linecard

ce
Syntax

View CAM entries for a port pipe on a line card. show ip cam linecard number port-set pipe-number [ip-address mask [longer-prefixes] | index index-number | summary | vrf vrf instance] number pipe-number ip-address mask [longer-prefix] index index-number summary vrf instance
Enter the number of the line card. Range: 0 to 13 on a E1200/1200i, 0 to 6 on a E600600i, and 0 to 5 on a E300. Enter the number of the line cards port-pipe. Range: 0 to 1 (OPTIONAL) Enter the IP address and mask of a route to CAM entries for that route only. Enter the keyword longer-prefixes to view routes with a common prefix. (OPTIONAL) Enter the keyword index followed by the CAM index number. Range: depends on CAM size (OPTIONAL) Enter the keyword summary to view a table listing route prefixes and the total number of routes that can be entered into the CAM. (OPTIONAL) E-Series Only: Enter the keyword vrf followind by the VRF Instance name to show CAM information as it applies to that VRF instance.

Parameters

Command Modes

EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0

E-Series ExaScale E600i supported Introduced on E-Series ExaScale

706

IPv4 Routing

show ip cam linecard

Version 7.9.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Example

Introduced VRF on the E-Series Introduced on C-Series Introduced for E-Series

Figure 245 show ip cam Command Example on E-Series

Force10#show ip cam linecard 13 port-set 0 Index Destination EC CG V C Next-Hop VId Mac-Addr Port ------ --------------- -- -- - - --------------- ---- ---------------- ------3276 6.6.6.2 0 0 1 1 0.0.0.0 0 00:00:00:00:00:00 17c1 CP 3277 5.5.5.2 0 0 1 1 0.0.0.0 0 00:00:00:00:00:00 17c1 CP 3278 4.4.4.2 0 0 1 1 0.0.0.0 0 00:00:00:00:00:00 17c1 CP 3279 3.3.3.2 0 0 1 1 0.0.0.0 0 00:00:00:00:00:00 17c1 CP 3280 2.2.2.2 0 0 1 1 0.0.0.0 0 00:00:00:00:00:00 17c1 CP 11144 6.6.6.0 0 0 1 1 0.0.0.0 6 00:00:00:00:00:00 17c5 RP2 11145 5.5.5.0 0 0 1 1 0.0.0.0 5 00:00:00:00:00:00 17c5 RP2 11146 4.4.4.0 0 0 1 1 0.0.0.0 4 00:00:00:00:00:00 17c5 RP2 11147 3.3.3.0 0 0 1 1 0.0.0.0 3 00:00:00:00:00:00 17c5 RP2 11148 2.2.2.0 0 0 1 1 0.0.0.0 2 00:00:00:00:00:00 17c5 RP2 65535 0.0.0.0 0 0 1 1 0.0.0.0 0 00:00:00:00:00:00 17c5 RP2 Force10#

Table 60 show ip cam Command Example Fields Field

Index Destination EC

Description
Displays the CAM index number of the entry. Displays the destination route of the index. Displays the number of equal cost multipaths (ECMP) available for the default route for non-Jumbo line cards. Displays 0,1 when ECMP is more than 8, for Jumbo line cards. Displays 0. Displays a 1 if the entry is valid and a 0 if the entry is for a line card with Catalog number beginning with LC-EF. Displays the CPU bit. 1 indicates that a packet hitting this entry is forwarded to the CP or RP2, depending on Egress port. Displays the next hop IP address of the entry. Displays the VLAN ID. If the entry is 0, the entry is not part of a VLAN. Displays the next-hop routers MAC address. Displays the egress interface. Use the second half of the entry to determine the interface. For example, in the entry 17cl CP, the CP is the pertinent portion. CP = control processor RP2 = route processor 2 Gi = Gigabit Ethernet interface So = SONET interface Te = 10 Gigabit Ethernet interface

CG V C

Next-Hop VId Mac Addr Port

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

707

show ip cam stack-unit

Example

Figure 246 show ip cam summary Command Example

Force10#show ip cam linecard 4 port-set 0 summary Total Number of Routes in the CAM is 13 Total Number of Routes which can be entered in CAM is 131072 Prefix Len Current Use ---------- ----------32 7 31 0 30 0 29 0 28 0 27 0 26 0 25 0 24 6 23 0 22 0 21 0 20 0 19 0 18 0 17 0 16 0 15 0 14 0 13 0 12 0 11 0 10 0 9 0 8 0 7 0 6 0 5 0 4 0 3 0 2 0 1 0 0 0 Force10# Initial Sz ---------37994 1312 3932 1312 1312 1312 1312 1312 40610 3932 2622 2622 2622 2622 1312 1312 3932 1312 1312 1312 1312 1312 1312 1312 1312 1312 1312 1312 1312 1312 1312 1312 8

Table 61 show ip cam summary Command Example Fields Field

Prefix Length Current Use Initial Size

Description
Displays the prefix-length or mask for the IP address configured on the linecard 0 port pipe 0. Displays the number of routes currently configured for the corresponding prefix or mask on the linecard 0 port pipe 0. Displays the CAM size allocated by FTOS for the corresponding mask. The CAM size is adjusted by FTOS if the number of routes for the mask exceeds the initial allocation.

show ip cam stack-unit

s
Syntax

Display content-addressable memory (CAM) entries for an S-Series switch. show ip cam stack-unit 0-7 port-set pipe-number [ip-address mask [longer-prefixes] | summary]

708

IPv4 Routing

show ip cam stack-unit

Parameters

0-7 pipe-number ip-address mask [longer-prefix] summary

Enter the stack-unit ID, from 0 to 7. Enter the number of the Port-Pipe number. S50n, S50V range: 0 to 1; S25N, S25P, S25V range: 0 to 0 (OPTIONAL) Enter the IP address and mask of a route to CAM entries for that route only. Enter the keyword longer-prefixes to view routes with a common prefix. (OPTIONAL) Enter the keyword summary to view a table listing route prefixes and the total number routes which can be entered in to CAM.

Command Modes

EXEC EXEC Privilege

Command History

Version 7.7.1.0 Version 7.6.1.0

Modified: Added support for up to seven stack members. Introduced on S-Series

Example

Figure 247 show ip cam stack-unit Command Example

Force10#show ip cam stack-unit 0 port-set 0 10.10.10.10/32 longer-prefixes Destination EC CG V C VId Mac-Addr Port

----------------10.10.10.10 Force10#

-- -- - - ----- ----------------- ------------0 0 1 1 0 00:00:00:00:00:00 3f01 CP

Table 62 show ip cam Command Example Fields Field

Destination EC

Description
Displays the destination route of the index. Displays the number of equal cost multipaths (ECMP) available for the default route for non-Jumbo line cards. Displays 0,1 when ECMP is more than 8, for Jumbo line cards. Displays 0. Displays a 1 if the entry is valid and a 0 otherwise. Displays the CPU bit. 1 indicates that a packet hitting this entry is forwarded to the control processor, depending on Egress port. Displays the VLAN ID. If the entry is 0, the entry is not part of a VLAN. Displays the next-hop routers MAC address. Displays the egress interface. Use the second half of the entry to determine the interface. For example, in the entry 17cl CP, the CP is the pertinent portion. CP = control processor Gi = Gigabit Ethernet interface Te = 10 Gigabit Ethernet interface

CG V C

V Id Mac Addr Port

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

709

show ip fib linecard

ce
Syntax Parameters

View all Forwarding Information Base (FIB) entries. show ip fib linecard slot-number [vrf vrf instance | ip-address/prefix-list | summary] vrf instance slot-number
(OPTIONAL) E-Series Only: Enter the keyword vrf followed by the VRF INstance name to show the FIB cache entries tied to that VRF instance. Enter the number of the line card slot. C-Series Range: 0-7 E-Series Range: 0 to 13 on a E1200, 0 to 6 on a E600/E600i, 0 to 5 on a E300 (OPTIONAL) Enter the IP address of the network destination to view only information on that destination. You must enter the IP address is dotted decimal format (A.B.C.D). You must enter the mask in slash prefix format (/X). (OPTIONAL) Enter the keyword longer-prefixes to view all routes with a common prefix. (OPTIONAL) Enter the keyword summary to view the total number of prefixes in the FIB.

ip-address mask

longer-prefixes summary

Command Mode

EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.9.1.0 Version 7.5.1.0 pre-Version 6.1.1.0

Introduced on E-Series ExaScale Introduced VRF on the E-Series Introduced on C-Series Introduced for E-Series

Example

Figure 248 show ip fib linecard Command Example

Force10>show ip fib linecard 12 Destination -------------------3.0.0.0/8 3.0.0.0/8 100.10.10.0/24 100.10.10.1/32 100.10.10.10/32 101.10.10.0/24 101.10.10.1/32 101.10.10.10/32 Force10> Gateway First-Hop -------------------------- -------------via 100.10.10.10, So 2/8 100.10.10.10 via 101.10.10.10, So 2/9 Direct, So 2/8 0.0.0.0 via 127.0.0.1 127.0.0.1 via 100.10.10.10, So 2/8 100.10.10.10 Direct, So 2/9 0.0.0.0 via 127.0.0.1 127.0.0.1 via 101.10.10.10, So 2/9 101.10.10.10 Mac-Addr Port VId Index EC ---------------------- ------------00:01:e8:00:03:ff So 2/8 0 60260 0 00:01:e8:00:03:ff 00:00:00:00:00:00 00:01:e8:00:03:ff 00:00:00:00:00:00 00:00:00:00:00:00 00:01:e8:01:62:32 So 2/8 CP So 2/8 RP2 CP So 2/9 0 0 0 0 0 0 11144 3276 0 11145 3277 1 0 0 0 0 0 0

Table 63 show ip fib linecard Command Example Fields Field

Destination Gateway

Description
Lists the destination IP address. Displays either the word direct and an interface for a directly connected route or the remote IP address to be used to forward the traffic.

710

IPv4 Routing

show ip fib stack-unit

Table 63 show ip fib linecard Command Example Fields Field

First-Hop Mac-Addr Port VId Index EC

Description
Displays the first hop IP address. Displays the MAC address. Displays the egress-port information. Displays the VLAN ID. If no VLAN is assigned, zero (0) is listed. Displays the internal interface number. Displays the number of ECMP paths.

Related Commands

clear ip fib linecard

Clear FIB entries on a specified line card..

show ip fib stack-unit

s
Syntax Parameters

View all Forwarding Information Base (FIB) entries. show ip fib stack-unit 0-7 [ip-address [mask] [longer-prefixes] | summary] 0-7 ip-address mask
Enter the S-Series stack unit ID, from 0 to 7. (OPTIONAL) Enter the IP address of the network destination to view only information on that destination. Enter the IP address in dotted decimal format (A.B.C.D). You must enter the mask in slash prefix format (/X). (OPTIONAL) Enter the keyword longer-prefixes to view all routes with a common prefix. (OPTIONAL) Enter the keyword summary to view the total number of prefixes in the FIB.

longer-prefixes summary

Command Mode

EXEC EXEC Privilege

Command History

Version 7.7.1.0 Version 7.6.1.0

Modified: Added support for up to seven stack members. Introduced on S-Series

Example

Figure 249 show ip fib linecard Command Example

Force10#show ip fib stack-unit 0 Destination -----------------10.10.10.10/32 Force10> Gateway First-Hop Mac-Addr Port VId EC

--------------------------- ----------------- ------------------- -------- ----- -Direct, Nu 0 0.0.0.0 00:00:00:00:00:00 BLK HOLE 0 0

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

711

show ip flow

Table 64 show ip fib linecard Command Example Fields Field

Destination Gateway First-Hop Mac-Addr Port VId EC

Description
Lists the destination IP address. Displays either the word Direct and an interface for a directly connected route or the remote IP address to be used to forward the traffic. Displays the first hop IP address. Displays the MAC address. Displays the egress-port information. Displays the VLAN ID. If no VLAN is assigned, zero (0) is listed. Displays the number of ECMP paths.

Related Commands

clear ip fib linecard

Clear FIB entries on a specified line card..

show ip flow
ces
Syntax

Show how a Layer 3 packet is forwarded when it arrives at a particular interface. show ip flow interface [vrf vrf instance] interface {source-ip address destination-ip address} {protocol number [ tcp | udp ] | icmp} {src-port number destination-port number} vrf instance interface interface
E-Series Only: Show only the L3 flow as they apply to that VRF process. Enter the keyword interface followed by of the following interface keywords. For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. (OPTIONAL) Enter an in or out parameter in conjunction with the optional interface:

Parameters

source-ip address destination-ip address protocol number [tcp | udp ] | icmp

Enter the keyword source-ip followed by the IP source address in IP address format. Enter the keyword destination-ip followed by the IP destination address in IP address format. E-Series only: Enter the keyword protocol followed by one of the protocol type keywords: tcp, udp, icmp or protocol number

712

IPv4 Routing

show ip interface

src-port number destination-port number

Command Modes Command History

Enter the keyword src-port followed by the source port number. Enter the keyword destination-port followed by the destination port number.

EXEC
Version 8.1.1.0 Version 7.9.1.0 Version 7.6.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced on E-Series ExaScale Introduced VRF on the E-Series Introduced on S-Series Introduced on S-Series Introduced on C-Series Introduced for E-Series

Usage Information

This command provides egress port information for a given IP flow. This is useful in identifying which interface the packet will follow in the case of Port-channel and Equal Cost Multi Paths. Use this command for routed packed only. For switched packets use the show port-channel-flow command show ip flow does not compute the egress port information when load-balance mac hashing is also configured due to insufficient information (the egress MAC is not available). S-Series produces the following error message:
%Error: Unable to read IP route table

C-Series produces the message:

%Error: FIB cannot compute the egress port with the current trunk hash setting. Example

Figure 250 Command Example show ip flow on E-Series

Force10#show ip flow interface Gi 1/8 189.1.1.1 63.0.0.1 protocol tcp source-port 7898 destination-port 8 flow: 189.1.1.1 63.0.0.1 protocol 6 7868 8976 Ingress interface: Gi 1/20 Egress interface: Gi 1/14 to 1.7.1.2[CAM hit 103710] unfragmented packet Gi 1/10 to 1.2.1.2[CAM hit 103710] fragmented packet

show ip interface
ces
Syntax

View IP-related information on all interfaces. show ip interface [interface | brief | linecard slot-number] [configuration]

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

713

show ip interface

Parameter

interface

(OPTIONAL) Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Loopback interface, enter the keyword Loopback followed by a number from 0 to 16383. For the Management interface, enter the keyword ManagementEthernet followed by zero (0). For the Null interface, enter the keyword null followed by zero (0). For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

brief linecard slot-number

(OPTIONAL) Enter the keyword brief to view a brief summary of the interfaces and whether an IP address is assigned. (OPTIONAL) Enter the keyword linecard followed by the number of the line card slot. C-Series Range: 0-7 E-Series Range: 0 to 13 on a E1200/1200i, 0 to 6 on a E600/E600i, and 0 to 5 on a E300

Note: This keyword is not available on the S-Series.

configuration
(OPTIONAL) Enter the keyword configuration to display the physical interfaces with non-default configurations only.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0

Supported on E-Series ExaScale E600i Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced for E-Series

714

IPv4 Routing

show ip interface

Example

Figure 251 show ip interface Command Example

Force10#show ip int te 0/0 TenGigabitEthernet 0/0 is down, line protocol is down Internet address is not set IP MTU is 1500 bytes Inbound access list is not set Proxy ARP is enabled Split Horizon is enabled Poison Reverse is disabled ICMP redirects are not sent ICMP unreachables are not sent Force10#

Table 65 show ip interface Command Example Items Lines

TenGigabitEthernet 0/0... Internet address... IP MTU is... Inbound access... Proxy ARP... Split horizon... Poison Reverse... ICMP redirects... ICMP unreachables...

Description
Displays the interfaces type, slot/port and physical and line protocol status. States whether an IP address is assigned to the interface. If one is, that address is displayed. Displays IP MTU value. Displays the name of the any configured incoming access list. If none is configured, the phrase not set is displayed. States whether proxy ARP is enabled on the interface. States whether split horizon for RIP is enabled on the interface. States whether poison for RIP is enabled on the interface States if ICMP redirects are sent. States if ICMP unreachable messages are sent.

Figure 252 show ip interface brief Command Example (Partial)

Force10#show ip Interface GigabitEthernet GigabitEthernet GigabitEthernet GigabitEthernet GigabitEthernet GigabitEthernet GigabitEthernet int brief IP-Address 1/0 unassigned 1/1 unassigned 1/2 unassigned 1/3 unassigned 1/4 unassigned 1/5 10.10.10.1 1/6 unassigned

OK? NO NO YES YES YES YES NO

Method Manual Manual Manual Manual Manual Manual Manual

Status Protocol administratively down down administratively down down up up up up up up up up administratively down down

Table 66 show ip interface brief Column Headings Field

Interface IP-Address

Description
Displays type of interface and the associated slot and port number. Displays the IP address for the interface, if configured.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

715

show ip management-route

Table 66 show ip interface brief Column Headings (continued) Field

Ok? Method Status

Description
Indicates if the hardware is functioning properly. Displays Manual if the configuration is read from the saved configuration. States whether the interface is enabled (up) or disabled (administratively down). States whether IP is enabled (up) or disabled (down) on the interface.

Protocol

show ip management-route
ce
Syntax Parameters

View the IP addresses assigned to the Management interface. show ip management-route [all | connected | summary | static] all connected summary static
(OPTIONAL) Enter the keyword all to view all IP addresses assigned to all Management interfaces on the switch. (OPTIONAL) Enter the keyword connected to view only routes directly connected to the Management interface. (OPTIONAL) Enter the keyword summary to view a table listing the number of active and non-active routes and their sources. (OPTIONAL) Enter the keyword static to view non-active routes also.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.5.1.0 pre-Version 6.1.1.0

Introduced on E-Series ExaScale Introduced on C-Series Introduced for E-Series

716

IPv4 Routing

show ipv6 management-route

Example

Figure 253 show ip management route Command Example

Force10#show ip management-route Destination ----------10.1.2.0/24 172.16.1.0/24 Force10# Gateway ------ManagementEthernet 0/0 10.1.2.4 State ----Connected Active

show ipv6 management-route

ce
Syntax Parameters

Display the IPv6 static routes configured for the management interface. show ipv6 management-route [all | connected | summary | static] all connected summary static
Enter the keyword all to view all IP addresses assigned to all Management interfaces on the switch. Enter the keyword connected to view only routes directly connected to the Management interface. Enter the keyword summary to view a table listing the number of active and non-active routes and their sources. Enter the keyword static to view non-active routes also.

Command Modes Command History Example

EXEC Privilege
Version 8.4.1.0 Introduced

Force10#show ipv6 management-route IPv6 Destination Gateway ---------------------2001:34::0/64 ManagementEthernet 0/0 2001:68::0/64 2001:34::16 Force10#

State ----Connected Active

show ip protocols
ces
Syntax Command Modes

View information on all routing protocols enabled and active on the switch. show ip protocols EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.6.1.0 Version 7.6.1.0

Introduced on E-Series ExaScale Regular evaluation optimization enabled/disabled added to display output Introduced on S-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

717

show ip route

Version 7.5.1.0

Introduced on C-Series

pre-Version 6.1.1.0 Introduced for E-Series Example

Figure 254 show ip protocols Command Example

Force10#show ip protocols Routing Protocol is "bgp 1" Cluster Id is set to 20.20.20.3 Router Id is set to 20.20.20.3 Fast-external-fallover enabled Regular expression evaluation optimization enabled Capable of ROUTE_REFRESH For Address Family IPv4 Unicast BGP table version is 0, main routing table version 0 Distance: external 20 internal 200 local 200 Neighbor(s): Address : 20.20.20.2 Filter-list in : foo Route-map in : foo Weight : 0 Address : 5::6 Weight : 0 Force10#

show ip route
ces
Syntax

View information, including how they were learned, about the IP routes on the switch. show ip route [vrf [vrf name] hostname | ip-address [mask] [longer-prefixes] | list prefix-list | protocol [process-id | routing-tag] | all | connected | static | summary] vrf name ip-address mask longer-prefixes list prefix-list protocol
E-Series Only: Clear only the route entries tied to the VRF process. (OPTIONAL) Specify a name of a device or the IP address of the device to view more detailed information about the route. (OPTIONAL) Specify the network mask of the route. Use this parameter with the IP address parameter. (OPTIONAL) Enter the keyword longer-prefixes to view all routes with a common prefix. (OPTIONAL) Enter the keyword list and the name of a configured prefix list. See show ip route list. (OPTIONAL) Enter the name of a routing protocol (bgp, isis, ospf, rip) or the keywords connected or static.

Parameter

bgp, isis, ospf, rip are E-Series-only options.

If you enter bgp, you can include the BGP as-number. (E-Series only) If you enter isis, you can include the ISIS routing-tag. (E-Series only) If you enter ospf, you can include the OSPF process-id.

process-id routing-tag connected

(OPTIONAL) Specify that only OSPF routes with a certain process ID must be displayed. (OPTIONAL) Specify that only ISIS routes with a certain routing tag must be displayed. (OPTIONAL) Enter the keyword connected to view only the directly connected routes.

718

IPv4 Routing

show ip route

all static summary

(OPTIONAL) Enter the keyword all to view both active and non-active routes. (OPTIONAL) Enter the keyword static to view only routes configured by the ip route command. (OPTIONAL) Enter the keyword summary. See show ip route summary.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.9.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0

Introduced on E-Series ExaScale Introduced VRF on the E-Series Introduced on S-Series Introduced on C-Series Introduced for E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

719

show ip route

Example

Figure 255 show ip route all Command Example

Force10#show ip route all Codes: C - connected, S - static, R - RIP B - BGP, IN - internal BGP, EX - external BGP, LO - Locally Originated O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1 N2 - OSPF NSSA external type 2, E1 - OSPF external type 1 E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1 L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default > - non-active route + - summary route Gateway of last resort is not set Destination ----------3.0.0.0/8 Gateway ------via 100.10.10.10, So 2/8 via 101.10.10.10, So 2/9 Direct, So 2/8 Direct, So 2/8 Direct, So 2/9 Direct, So 2/9 Dist/Metric Last Change ----------- ----------120/1 00:07:12 0/0 120/0 0/0 120/0 00:08:54 00:08:54 00:09:15 00:09:15

C 100.10.10.0/24 > R 100.10.10.0/24 C 101.10.10.0/24 > R 101.10.10.0/24 Force10#

Example

Figure 256 show ip route summary and show ip route static Command Examples
Force10#show ip route summary Route Source Active Routes Non-active Routes connected 2 0 static 1 0 Total 3 0 Total 3 active route(s) using 612 bytes R1_E600i>show ip route static ? | Pipe through a command <cr> R1_E600i>show ip route static Destination Gateway Dist/Metric Last Change --------------------------- ----------*S 0.0.0.0/0 via 10.10.91.9, Gi 1/2 1/0 3d2h Force10>

720

IPv4 Routing

show ip route list

Table 67 show ip route all Command Example Fields Field

(undefined)

Description
Identifies the type of route:

C = connected S = static R = RIP B = BGP IN = internal BGP EX = external BGP LO = Locally Originated O = OSPF IA = OSPF inter area N1 = OSPF NSSA external type 1 N2 = OSPF NSSA external type 2 E1 = OSPF external type 1 E2 = OSPF external type 2 i = IS-IS L1 = IS-IS level-1 L2 = IS-IS level-2 IA = IS-IS inter-area * = candidate default > = non-active route
+ = summary routes

Destination Gateway Dist/Metric Last Change

Identifies the routes destination IP address. Identifies whether the route is directly connected and on which interface the route is configured. Identifies if the route has a specified distance or metric. Identifies when the route was last changed or configured.

show ip route list

ces
Syntax Parameters

Display IP routes in an IP prefix list. show ip route list prefix-list prefix-list EXEC EXEC Privilege
Enter the name of a configured prefix list.

Command Modes

Command History

Version 8.1.1.0 Version 7.6.1.0

Introduced on E-Series ExaScale Introduced on S-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

721

show ip route summary

Version 7.5.1.0 pre-Version 6.1.1.0 Related Commands ip prefix-list

Introduced on C-Series Introduced for E-Series Enter the CONFIGURATION-IP PREFIX-LIST mode and configure a prefix list. Display a summary of the configured prefix lists.

show ip prefix-list summary Example

Figure 257 show ip route summary Command Example

Force10#show ip route list test Codes: C - connected, S - static, R - RIP, B - BGP, IN - internal BGP, EX - external BGP,LO - Locally Originated, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination ----------2.1.0.0/24 2.1.1.0/24 2.1.2.0/24 2.1.3.0/24 2.1.4.0/24 Gateway ------via 2.1.4.1, Gi via 2.1.4.1, Gi via 2.1.4.1, Gi via 2.1.4.1, Gi Direct, Gi 4/43 Dist/Metric Last Change ----------- ----------120/2 3d0h 120/2 3d1h 120/1 3d0h 120/1 3d1h 0/0 3d1h

R R R R C

4/43 4/43 4/43 4/43

show ip route summary

ces
Syntax Command Modes

View a table summarizing the IP routes in the switch. show ip route summary EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0

Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced for E-Series

722

IPv4 Routing

show ip traffic

Example

Figure 258 show ip route summary Command Example

Force10>show ip route summary Route Source Active Routes Non-active Routes connected 17 0 static 3 0 ospf 100 1368 2 Intra-area: 762 Inter-area: 1 External-1: 600 External-2: 5 Total 1388 2 Total 1388 active route(s) using 222440 bytes Total 2 non-active route(s) using 128 bytes Force10>

Table 68 show ip route summary Column Headings Column Heading

Route Source Active Routes Non-active Routes

Description
Identifies how the route is configured in FTOS. Identifies the best route if a route is learned from two protocol sources. Identifies the back-up routes when a route is learned by two different protocols. If the best route or active route goes down, the non-active route will become the best route. If routing protocols (OSPF, RIP) are configured and routes are advertised, then information on those routes is displayed. Displays the number of active and non-active routes and the memory usage of those routes. If there are no routes configured in the FTOS, this line does not appear.

ospf 100 Total 1388 active ...

Related Commands

show ip route

Display information about the routes found in switch.

show ip traffic
ces
Syntax

View IP, ICMP, UDP, TCP and ARP traffic statistics. show ip traffic [all | cp | rp1 | rp2]

Note: These options are supported only on the E-Series.

Parameters

all cp rp1 rp2

(OPTIONAL) Enter the keyword all to view statistics from all processors. If you do not enter a keyword, you also view all statistics from all processors. (OPTIONAL) Enter the cp to view only statistics from the Control Processor. (OPTIONAL) Enter the keyword rp1 to view only the statistics from Route Processor 1. (OPTIONAL) Enter the keyword rp2 to view only the statistics from Route Processor 2.

Command Modes

EXEC Privilege Publication Date: July 20, 2011 723

Command Line Reference for FTOS version 8.4.2.4

show ip traffic

Command History

Version 8.1.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 6.5.1.0 pre-Version 6.1.1.0

Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series F10 Monitoring MIB available for ip traffic statistics Introduced for E-Series

Example

Figure 259 show ip traffic Command Example (partial)

Force10#Force10#show ip traffic Control Processor IP Traffic: IP statistics: Rcvd: 23857 total, 23829 local destination 0 format errors, 0 checksum errors, 0 bad hop count 0 unknown protocol, 0 not a gateway 0 security failures, 0 bad options Frags: 0 reassembled, 0 timeouts, 0 too big 0 fragmented, 0 couldn't fragment Bcast: 28 received, 0 sent; Mcast: 0 received, 0 sent Sent: 16048 generated, 0 forwarded 21 encapsulation failed, 0 no route ICMP statistics: Rcvd: 0 format errors, 0 checksum errors, 0 redirects, 0 unreachable 0 echo, 0 echo reply, 0 mask requests, 0 mask replies, 0 quench 0 parameter, 0 timestamp, 0 info request, 0 other Sent: 0 redirects, 0 unreachable, 0 echo, 0 echo reply 0 mask requests, 0 mask replies, 0 quench, 0 timestamp 0 info reply, 0 time exceeded, 0 parameter problem UDP statistics: Rcvd: 0 total, 0 checksum errors, 0 no port 0 short packets, 0 bad length, 0 no port broadcasts, 0 socket full Sent: 0 total, 0 forwarded broadcasts TCP statistics: Rcvd: 23829 total, 0 checksum errors, 0 no port Sent: 16048 total ARP statistics: Rcvd: 156 requests, 11 replies Sent: 21 requests, 10 replies (0 proxy) Routing Processor1 IP Traffic:

Table 69 show ip traffic output definitions Keyword

unknown protocol... not a gateway... security failures...

Definition
No receiver for these packets. Counts those packets whose protocol type field is not recognized by FTOS. Packets can not be routed; host/network is unreachable. Counts the number of received unicast/multicast packets that could not be forwarded due to: route not found for unicast/multicast; ingress interfaces do not belong to the destination multicast group destination IP address belongs to reserved prefixes; host/network unreachable

bad options... Frags: ... reassembled ... timeouts ... too big

Unrecognized IP option on a received packet. IP fragments received. Number of IP fragments that were reassembled. Number of times a timer expired on a reassembled queue. Number of invalid IP fragments received.

724

IPv4 Routing

show protocol-termination-table

Table 69 show ip traffic output definitions Keyword

... couldnt fragment ...encapsulation failed

Definition
Number of packets that could not be fragmented and forwarded. Counts those packets which could not be forwarded due to ARP resolution failure. FTOS sends an arp request prior to forwarding an IP packet. If a reply is not received, FTOS repeats the request three times. These packets are counted in encapsulation failed.

Rcvd: ...short packets ...bad length ...no port broadcasts ...socket full The number of bytes in the packet are too small. The length of the packet was not correct. The incoming broadcast/multicast packet did not have any listener. The applications buffer was full and the incoming packet had to be dropped.

Usage Information

The F10 Monitoring MIB provides access to the statistics described below. Table 70 F10 Monitoring MIB Command Display IP statistics: Bcast: Received Sent Mcast: Received Sent ARP statistics: Rcvd: Request Replies Sent: Request Replies Proxy f10ArpReqSent f10ArpReplySent f10ArpProxySent 1.3.6.1.4.1.6027.3.3.5.2.2 1.3.6.1.4.1.6027.3.3.5.2.4 1.3.6.1.4.1.6027.3.3.5.2.5 f10ArpReqRecv f10ArpReplyRecv 1.3.6.1.4.1.6027.3.3.5.2.1 1.3.6.1.4.1.6027.3.3.5.2.3 f10McastPktRecv f10McastPktSent 1.3.6.1.4.1.6027.3.3.5.1.3 1.3.6.1.4.1.6027.3.3.5.1.4 f10BcastPktRecv f10BcastPktSent 1.3.6.1.4.1.6027.3.3.5.1.1 1.3.6.1.4.1.6027.3.3.5.1.2 Object OIDs

show protocol-termination-table
e
Syntax

Display the IP Packet Termination Table (IPPTT). show protocol-termination-table linecard number port-set port-pipe-number

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

725

show protocol-termination-table

Parameters

linecard number

Enter the keyword linecard followed by slot number of the line card. E-Series Range: 0 to 13 on a E1200/1200i, 0 to 6 on a E600/ E600i, and 0 to 5 on a E300 Enter the keyword port-set followed by the line cards Port-Pipe number. Range: 0 to 1

port-set port-pipe-number

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0 Version 6.4.1.0

Introduced support for E-Series ExaScale E600i Introduced on E-Series ExaScale Introduced

Example

Figure 260 show protocol-termination-table Command Output

Force10#show protocol-termination-table linecard 2 Index Protocol Src-Port Dst-Port Queue DP ------------------------------0 ICMP any any Q0 0 1 UDP any 1812 Q7 6 2 UDP any 68 Q7 6 3 UDP any 67 Q7 6 4 TCP any 22 Q7 6 5 TCP 22 any Q7 6 6 TCP 639 any Q7 6 7 TCP any 639 Q7 6 8 TCP 646 any Q7 6 9 TCP any 646 Q7 6 10 UDP 646 any Q7 6 11 UDP any 646 Q7 6 12 TCP 23 any Q7 6 13 TCP any 23 Q7 6 14 UDP any 123 Q7 6 15 TCP any 21 Q7 6 16 TCP any 20 Q7 6 17 UDP any 21 Q7 6 18 UDP any 20 Q7 6 19 TCP 21 any Q7 6 20 TCP 20 any Q7 6 21 UDP 21 any Q7 6 22 UDP 20 any Q7 6 23 UDP any 69 Q7 6 24 UDP 69 any Q7 6 25 TCP any 161 Q7 6 26 TCP 161 any Q7 6 27 TCP 162 any Q7 6 28 TCP any 162 Q7 6 29 UDP any 161 Q7 6 30 UDP 161 any Q7 6 31 UDP any 162 Q7 6 32 UDP 162 any Q7 6 33 PIM-SM any any Q6 0 34 IGMP any any Q7 6 35 OSPF any any Q7 6 port-set 0 Blk-Hole VlanCPU ----------------No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No EgPort -----CP CP CP CP CP CP RP2 RP2 RP1 RP1 RP1 RP1 CP CP CP CP CP CP CP CP CP CP CP CP CP CP CP CP CP CP CP CP CP RP2 RP2 RP1

Usage Information

The IPPTT table is used for looking up forwarding information for IP control traffic destined to the router. For the listed control traffic types, IPPTT contains the information for the following: Which CPU to send the traffic (CP, RP1, or RP2) What QoS parameters to set

726

IPv4 Routing

show tcp statistics

Related Commands

show ip cam stack-unit

Display the CAM table

show tcp statistics

ces
Syntax Parameters

View information on TCP traffic through the switch. show tcp statistics {all | cp | rp1 | rp2} all cp rp1 rp2
Enter the keyword all to view all TCP information. Enter the keyword cp to view only TCP information from the Control Processor. Enter the keyword rp1 to view only TCP statistics from Route Processor 1. Enter the keyword rp2 to view only TCP statistics from Route Processor 2.

Command Modes Command History

EXEC Privilege
Version 8.1.1.0 Version 6.4.1.0 Introduced on E-Series ExaScale Introduced

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

727

show tcp statistics

Example

Figure 261 show tcp statistics cp Command Example

Force10#show tcp stat cp Control Processor TCP: Rcvd: 10585 Total, 0 no port 0 checksum error, 0 bad offset, 0 too short 329 packets (1263 bytes) in sequence 17 dup packets (6 bytes) 0 partially dup packets (0 bytes) 7 out-of-order packets (0 bytes) 0 packets ( 0 bytes) with data after window 0 packets after close 0 window probe packets, 41 window update packets 41 dup ack packets, 0 ack packets with unsend data 10184 ack packets (12439508 bytes) Sent: 12007 Total, 0 urgent packets 25 control packets (including 24 retransmitted) 11603 data packets (12439677 bytes) 24 data packets (7638 bytes) retransmitted 355 ack only packets (41 delayed) 0 window probe packets, 0 window update packets 7 Connections initiated, 8 connections accepted, 15 connections established 14 Connections closed (including 0 dropped, 0 embryonic dropped) 20 Total rxmt timeout, 0 connections dropped in rxmt timeout 0 Keepalive timeout, 0 keepalive probe, 0 Connections dropped in keepalive Force10#

Table 71 show tcp statistics cp Command Example Fields Field

Rcvd:

Description
Displays the number and types of TCP packets received by the switch. Total = total packets received no port = number of packets received with no designated port. checksum errors bad offset to data too short

0 checksum error...

Displays the number of packets received with the following:

329 packets ... 17 dup ... 0 partially ... 7 out-of-order... 0 packets with data after window 0 packets after close

Displays the number of packets and bytes received in sequence. Displays the number of duplicate packets and bytes received. Displays the number of partially duplicated packets and bytes received. Displays the number of packets and bytes received out of order. Displays the number of packets and bytes received that exceed the switchs window size. Displays the number of packet received after the TCP connection was closed.

0 window probe packets ... Displays the number of window probe and update packets received. 41 dup ack... 10184 ack ... Sent: 25 control packets... 11603 data packets... Displays the number of duplicate acknowledgement packets and acknowledgement packets with data received. Displays the number of acknowledgement packets and bytes received. Displays the total number of TCP packets sent and the number of urgent packets sent. Displays the number of control packets sent and the number retransmitted. Displays the number of data packets sent.

728

IPv4 Routing

show tcp statistics

Table 71 show tcp statistics cp Command Example Fields (continued) Field

24 data packets retransmitted 355 ack... 0 window probe... 7 Connections initiated ... 14 Connections closed ... 20 Total rxmt...

Description
Displays the number of data packets resent. Displays the number of acknowledgement packets sent and the number of packet delayed. Displays the number of window probe and update packets sent. Displays the number of TCP connections initiated, accepted, and established. Displays the number of TCP connections closed, dropped. Displays the number of times the switch tried to resend data and the number of connections dropped during the TCP retransmit timeout period. Lists the number of keepalive packets in timeout, the number keepalive probes and the number of TCP connections dropped during keepalive.

0 Keepalive ....

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

729

show tcp statistics

730

IPv4 Routing

Chapter 25

IPv6 Access Control Lists (IPv6 ACLs)

Overview
IPv6 ACLs and IPv6 Route Map commands are supported on platforms: c e s IPv6 ACL Commands IPv6 Route Map Commands

Note: For IPv4 ACL commands, see Chapter 8, Access Control Lists (ACL).

Important Points to Remember

E-Series platforms require IPv6-ExtACL CAM profile to support IPv6 ACLs. C-Series platforms require manual CAM usage space allotment. Refer to cam-acl later in this document. Egress IPv6 ACL and IPv6 ACL on Loopback interface is not supported. Reference to an empty ACL will permit any traffic. ACLs are not applied to self-originated traffic (e.g. Control Protocol traffic not affected by IPv6 ACL since the routed bit is not set for Control Protocol traffic and for egress ACLs the routed bit must be set). The same access list name can be used for both IPv4 and IPv6 ACLs. Both IPv4 and IPv6 ACLs can be applied on an interface at the same time. IPv6 ACLs can be applied on physical interfaces and a logical interfaces (Port-channel/ VLAN). Non-contiguous masks are not supported in source or destination addresses in IPv6 ACL entries. Since prefix mask is specified in /x format in IPv6 ACLs, inverse mask is not supported.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

731

cam-acl

IPv6 ACL Commands

The following commands configure IPv6 ACLs: cam-acl clear counters ipv6 access-group deny deny icmp deny tcp deny udp ipv6 access-group ipv6 access-list permit permit icmp permit tcp permit udp remark resequence access-list resequence prefix-list ipv6 seq show cam-acl show config show ipv6 accounting access-list show running-config acl test cam-usage

cam-acl
ces
Syntax Parameters

Allocate space for IPv6 ACLs. cam-acl {default | l2acl 1-10 ipv4acl 1-10 ipv6acl 0-10 ipv4qos 1-10 l2qos 1-10} default
Use the default CAM profile settings, and set the CAM as follows. L3 ACL (ipv4acl): 6 L2 ACL(l2acl) : 5 IPv6 L3 ACL (ipv6acl): 0 L3 QoS (ipv4qos): 1 L2 QoS (l2qos): 1 Allocate space to support IPv6 ACLs. You must enter all of the profiles and a range. Enter the CAM profile name followed by the amount to be allotted. The total space allocated must equal 13. The ipv6acl range must be a factor of 2.

l2acl 1-10 ipv4acl 1-10 ipv6acl 0-10 ipv4qos 1-10 l2qos 1-10

732

IPv6 Access Control Lists (IPv6 ACLs)

clear counters ipv6 access-group

Command Modes Command History

CONFIGURATION
Version 8.4.2.0 Version 8.2.1.0 Version 7.8.1.0 Introduced on the E-Series TeraScale Introduced on the S-Series Introduced on the C-Series

Usage Information

clear counters ipv6 access-group

ces
Syntax Parameters

Erase all counters maintained for the IPv6 access lists. clear counters ipv6 access-group [access-list-name] access-list-name
(OPTIONAL) Enter the name of a configured access-list, up to 140 characters.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.8.1.0 Version 7.4.1.0

Introduced on the S-Series Introduced on the E-Series ExaScale Introduced on the C-Series Introduced on the E-Series TeraScale Added monitor option

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

733

deny

deny
ces
Syntax

Configure a filter that drops IPv6 packets that match the filter criteria. deny {ipv6-protocol-number | icmp | ipv6 | tcp | udp} To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no deny {ipv6-protocol-number | icmp | ipv6 | tcp | udp} command. ip-protocol-number icmp ipv6 tcp udp
Enter an IPv6 protocol number. Range: 0 to 255 Enter the keyword icmp to deny Internet Control Message Protocol version 6. Enter the keyword ipv6 to deny any Internet Protocol version 6. Enter the keyword tcp to deny the Transmission Control protocol. Enter the keyword udp to deny the User Datagram Protocol.

Parameters

Defaults Command Modes Command History

Not configured. ACCESS-LIST

Version 8.4.2.1 Version 8.2.1.0 Version 7.8.1.0 Version 7.4.1.0 Introduced on the S-Series Introduced support on the E-Series ExaScale Introduced support on the C-Series Introduced support on the E-Series TeraScale

734

IPv6 Access Control Lists (IPv6 ACLs)

deny icmp

deny icmp
ces
Syntax

Configure a filter to drop all or specific ICMP messages. deny icmp {source address mask | any | host ipv6-address} {destination address | any | host ipv6-address} [message-type] [count [byte]] | [log] [monitor] To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no deny icmp {source address mask | any | host ipv6-address} {destination address | any | host ipv6-address} command. source address
Enter the IPv6 address of the network or host from which the packets were sent in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 The :: notation specifies successive hexadecimal fields of zero.

Parameters

mask any host ipv6-address

Enter a network mask in /prefix format (/x). Enter the keyword any to specify that all routes are subject to the filter. Enter the keyword host followed by the IPv6 address of the host in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zero Enter the IPv6 address of the network or host to which the packets are sent in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 The :: notation specifies successive hexadecimal fields of zero.

destination address

message-type

On the E-Series only, enter an ICMP message type, either with the type (and code, if necessary) numbers or with the name of the message type. Range: 0 to 255 for ICMP type; 0 to 255 for ICMP code (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. (OPTIONAL) Enter the keyword log to have the information kept in an ACL log file. (OPTIONAL) Enter the keyword monitor to monitor traffic on the monitoring interface specified in the flow-based monitoring session along with the filter operation.

count byte log monitor

Defaults Command Modes Command History

Not configured ACCESS-LIST

Version 8.4.2.1 Version 8.2.1.0 Introduced on the S-Series Introduced support on the E-Series ExaScale

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

735

deny icmp

Version 7.8.1.0 Version 7.4.1.0

Introduced support on the C-Series Introduced support on the E-Series TeraScale Added monitor option

Usage Information

The C-Series cannot count both packets and bytes, so when you enter the count byte options, only bytes are incremented. The following table lists the keywords displayed in the CLI help and their corresponding ICMP Message Type Name. Table 72 ICMP Message Type Keywords Keyword
dest-unreachable echo echo-reply inverse-nd-na inverse-nd-ns log mobile-advertisement mobile-solicitation mrouter-advertisement mrouter-solicitation mrouter-termination nd-na nd-ns packet-too-big parameter-problem redirect router-advertisement router-renumbering router-solicitation time-exceeded

ICMP Message Type Name

Destination unreachable Echo request (ping) Echo reply Inverse neighbor discovery advertisement Inverse neighbor discovery solicitation Log matches against this entry Mobile prefix advertisement Mobile prefix solicitation Multicast router advertisement Multicast router solicitation Multicast router termination Neighbor advertisement Neighbor solicitation Packet is too big Parameter problems Neighbor redirect Neighbor discovery router advertisement All routers renumbering Neighbor discovery router solicitation All time exceeded

736

IPv6 Access Control Lists (IPv6 ACLs)

deny tcp

deny tcp
ces
Syntax

Configure a filter that drops TCP packets that match the filter criteria. deny tcp {source address mask | any | host ipv6-address} [operator port [port]] {destination address | any | host ipv6-address} [bit] [operator port [port]] [count [byte]] | [log] [monitor] To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no deny tcp {source address mask | any | host ipv6-address} {destination address | any | host ipv6-address} command. source address
Enter the IPv6 address of the network or host from which the packets were sent in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 The :: notation specifies successive hexadecimal fields of zero.

Parameters

mask any host ipv6-address

operator

eq = equal to neq = not equal to gt = greater than lt = less than range = inclusive range of ports (you must specify two ports for the port command parameter.

port port

destination address

Enter the IPv6 address of the network or host to which the packets are sent in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 The :: notation specifies successive hexadecimal fields of zero.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

737

deny tcp

bit

Enter a flag or combination of bits:

ack: acknowledgement field fin: finish (no more data from the user) psh: push function rst: reset the connection syn: synchronize sequence numbers urg: urgent field count byte log monitor
(OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. (OPTIONAL) Enter the keyword log to enter ACL matches in the log. Supported on Jumbo-enabled line cards only. (OPTIONAL) Enter the keyword monitor to monitor traffic on the monitoring interface specified in the flow-based monitoring session along with the filter operation.

Defaults Command Modes Command History

Not configured. ACCESS-LIST

Version 8.4.2.1 Version 8.2.1.0 Version 7.8.1.0 Version 7.4.1.0 Introduced on the S-Series Introduced on the E-Series ExaScale Introduced on the C-Series Introduced on the E-Series TeraScale Added monitor option

Usage Information

The C-Series cannot count both packets and bytes, so when you enter the count byte options, only bytes are incremented. Most ACL rules require one entry in the CAM. However, rules with TCP and UDP port operators (gt, lt, range) may require more than one entry. The range of ports is configured in the CAM based on bitmask boundaries; the space required depends on exactly what ports are included in the range. For example, an ACL rule with TCP port range 4000 - 8000 uses 8 entries in the CAM:
Rule# 1 2 3 4 5 6 7 8 Data 0000111110100000 0000111111000000 0001000000000000 0001100000000000 0001110000000000 0001111000000000 0001111100000000 0001111101000000 Mask 1111111111100000 1111111111000000 1111100000000000 1111110000000000 1111111000000000 1111111100000000 1111111111000000 1111111111111111 From 4000 4032 4096 6144 7168 7680 7936 8000 To 4031 4095 6143 7167 7679 7935 7999 8000 #Covered 32 64 2048 1024 512 256 64 1

Total Ports: 4001

738

IPv6 Access Control Lists (IPv6 ACLs)

deny udp But an ACL rule with TCP port lt 1023 takes only one entry in the CAM:
Rule# 1 Data Mask From To 1023 #Covered 1024

0000000000000000 1111110000000000 0

Total Ports: 1024 Related Commands

deny deny udp

Assign a filter to deny IP traffic. Assign a filter to deny UDP traffic.

deny udp
ces
Syntax

Configure a filter to drop UDP packets meeting the filter criteria. deny udp {source address mask | any | host ipv6-address} [operator port [port]] {destination address | any | host ipv6-address} [operator port [port]] [count [byte]] | [log] [monitor] To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no deny udp {source address mask | any | host ipv6-address} {destination address | any | host ipv6-address} command. source address
Enter the IPv6 address of the network or host from which the packets were sent in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 The :: notation specifies successive hexadecimal fields of zero.

Parameters

mask any host ipv6-address

operator

eq = equal to neq = not equal to gt = greater than lt = less than range = inclusive range of ports

port port

(OPTIONAL) Enter the application layer port number. Enter two port numbers if using the range logical operand. Range: 0 to 65535

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

739

deny udp

destination address

count byte log monitor

(OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. (OPTIONAL) Enter the keyword log to enter ACL matches in the log. Supported on Jumbo-enabled line cards only. (OPTIONAL) Enter the keyword monitor to monitor traffic on the monitoring interface specified in the flow-based monitoring session along with the filter operation.

Defaults Command Modes Command History

Not configured. ACCESS-LIST

Usage Information

The C-Series cannot count both packets and bytes, so when you enter the count byte options, only bytes are incremented. Most ACL rules require one entry in the CAM. However, rules with TCP and UDP port operators (gt, lt, range) may require more than one entry. The range of ports is configured in the CAM based on bitmask boundaries; the space required depends on exactly what ports are included in the range. For example, an ACL rule with TCP port range 4000 - 8000 will use 8 entries in the CAM:
Rule# 1 2 3 4 5 6 7 8 Data 0000111110100000 0000111111000000 0001000000000000 0001100000000000 0001110000000000 0001111000000000 0001111100000000 0001111101000000 Mask 1111111111100000 1111111111000000 1111100000000000 1111110000000000 1111111000000000 1111111100000000 1111111111000000 1111111111111111 From 4000 4032 4096 6144 7168 7680 7936 8000 To 4031 4095 6143 7167 7679 7935 7999 8000 #Covered 32 64 2048 1024 512 256 64 1

Total Ports: 4001

740

IPv6 Access Control Lists (IPv6 ACLs)

ipv6 access-group But an ACL rule with TCP port lt 1023 takes only one entry in the CAM:
Rule# 1 Data Mask From To 1023 #Covered 1024

0000000000000000 1111110000000000 0

Total Ports: 1024 Related Commands

deny deny tcp

Assign a deny filter for IP traffic. Assign a deny filter for TCP traffic.

ipv6 access-group
ces
Syntax

Assign an IPv6 access-group to an interface. ipv6 access-group access-list-name {in | out} [implicit-permit] [vlan range] To delete an IPv6 access-group configuration, use the no ipv6 access-group access-list-name {in} [implicit-permit] [vlan range] command.

Parameters

access-list-name in | out implicit-permit

Enter the name of a configured access list, up to 140 characters. Enter either the keyword in or out to apply the IPv6 ACL to incoming traffic (ingress) or outgoing traffic (egress). (OPTIONAL) Enter the keyword implicit-permit to change the default action of the IPv6 ACL from implicit-deny to implicit-permit (that is, if the traffic does not match the filters in the IPv6 ACL, the traffic is permitted instead of dropped). (OPTIONAL) Enter the keyword vlan followed by the VLAN range in a comma separated format. Range: 1 to 4094

vlan range

Defaults Command Modes Command History

Disabled INTERFACE
Version 8.4.2.1 Version 7.8.1.0 Introduced on the S-Series Introduced on the C-Series Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Introduced on the E-Series TeraScale

Version 7.4.1.0 Usage Information

You can assign an IPv6 access group to a physical, LAG, or VLAN interface context.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

741

ipv6 access-list Figure 262 Command Example: ipv6 access-group

Force10(conf-if-gi-9/0)#ipv6 access-group AclList1 in implicit-permit vlan 10-20 Force10(conf-if-gi-9/0)#show config ! interface GigabitEthernet 9/0 no ip address ipv6 access-group AclList1 in implicit-permit Vlan 10-20 no shutdown Force10conf-if-gi-9/0)#

Example

ipv6 access-list
ce
Syntax

Configure an access list based on IPv6 addresses or protocols. ipv6 access-list access-list-name To delete an access list, use the no ipv6 access-list access-list-name command.

Parameters

access-list-name

Enter the as the access list name as a string, up to 140 characters.

Defaults

All access lists contain an implicit deny any; that is, if no match occurs, the packet is dropped. CONFIGURATION
Version 8.4.2.1 Version 8.2.1.0 Version 7.8.1.0 Introduced on the S-Series Introduced on the E-Series ExaScale Introduced on the C-Series Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Introduced on the E-Series TeraScale

Command Modes Command History

Version 7.4.1.0 Usage Information Related Commands

The number of entries allowed per ACL is hardware-dependent. Refer to your line card documentation for detailed specification on entries allowed per ACL.
show config View the current configuration.

742

IPv6 Access Control Lists (IPv6 ACLs)

permit

permit
ce
Syntax

Select an IPv6 protocol number, ICMP, IPv6, TCP, or UDP to configure a filter that match the filter criteria. permit {ipv6-protocol-number | icmp | ipv6 | tcp | udp} To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no permit {ipv6-protocol-number | icmp | ipv6 | tcp | udp} command. ip-protocol-number icmp ipv6 tcp udp
Enter an IPv6 protocol number. Range: 0 to 255 Enter the keyword icmp to filter Internet Control Message Protocol version 6. Enter the keyword ipv6 to filter any Internet Protocol version 6. Enter the keyword tcp to filter the Transmission Control protocol. Enter the keyword udp to filter the User Datagram Protocol.

Parameters

Defaults Command Modes

Not configured. ACCESS-LIST

permit icmp
ces
Syntax

Configure a filter to allow all or specific ICMP messages. permit icmp {source address mask | any | host ipv6-address} {destination address | any | host ipv6-address} [message-type] [count [byte]] | [log] [monitor] To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no permit icmp {source address mask | any | host ipv6-address} {destination address | any | host ipv6-address} command. source address
Enter the IPv6 address of the network or host from which the packets were sent in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 The :: notation specifies successive hexadecimal fields of zero.

Parameters

mask any

Enter a network mask in /prefix format (/x). Enter the keyword any to specify that all routes are subject to the filter.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

743

permit tcp

host ipv6-address

Enter the keyword host followed by the IPv6 address of the host in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zero Enter the IPv6 address of the network or host to which the packets are sent in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 The :: notation specifies successive hexadecimal fields of zero.

destination address

message-type

(OPTIONAL) Enter an ICMP message type, either with the type (and code, if necessary) numbers or with the name of the message type. Range: 0 to 255 for ICMP type; 0 to 255 for ICMP code (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. (OPTIONAL) Enter the keyword log to have the information kept in an ACL log file. (OPTIONAL) Enter the keyword monitor to monitor traffic on the monitoring interface specified in the flow-based monitoring session along with the filter operation.

count byte log monitor

Defaults Command Modes Command History

Not configured ACCESS-LIST

Usage Information

The C-Series cannot count both packets and bytes, so when you enter the count byte options, only bytes are incremented.

permit tcp
ces
Syntax

Configure a filter to pass TCP packets that match the filter criteria. permit tcp {source address mask | any | host ipv6-address} [operator port [port]] {destination address | any | host ipv6-address} [bit] [operator port [port]] [count [byte]] | [log] [monitor] To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no permit tcp {source address mask | any | host ipv6-address} {destination address | any | host ipv6-address} command. IPv6 Access Control Lists (IPv6 ACLs)

744

permit tcp

Parameters

source address

Enter the IPv6 address of the network or host from which the packets were sent in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 The :: notation specifies successive hexadecimal fields of zero.

mask any host ipv6-address

operator

eq = equal to neq = not equal to gt = greater than lt = less than range = inclusive range of ports (you must specify two port for the port parameter.)

port port

destination address

bit

Enter a flag or combination of bits:

ack: acknowledgement field fin: finish (no more data from the user) psh: push function rst: reset the connection syn: synchronize sequence numbers urg: urgent field count byte log monitor
(OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. (OPTIONAL) Enter the keyword log to enter ACL matches in the log. (OPTIONAL) Enter the keyword monitor to monitor traffic on the monitoring interface specified in the flow-based monitoring session along with the filter operation.

Defaults

Not configured.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

745

permit tcp

Command Modes Command History

ACCESS-LIST
Version 8.4.2.1 Version 8.2.1.0 Version 7.8.1.0 Version 7.4.1.0 Introduced on the S-Series Introduced on the E-Series ExaScale Introduced on the C-Series Introduced on the E-Series TeraScale Added monitor option

Usage Information

Total Ports: 4001

But an ACL rule with TCP port lt 1023 takes only one entry in the CAM:
Rule# 1 Data Mask From To 1023 #Covered 1024

0000000000000000 1111110000000000 0

Total Ports: 1024 Related Commands

permit permit udp

Assign a permit filter for IPv6 packets. Assign a permit filter for UDP packets.

746

IPv6 Access Control Lists (IPv6 ACLs)

permit udp

permit udp
ces
Syntax

Configure a filter to pass UDP packets meeting the filter criteria. permit udp {source address mask | any | host ipv6-address} [operator port [port]] {destination address | any | host ipv6-address} [operator port [port]] [count [byte]] | [log] [monitor] To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no permit udp {source address mask | any | host ipv6-address} {destination address | any | host ipv6-address} command. source address
Enter the IPv6 address of the network or host from which the packets were sent in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 The :: notation specifies successive hexadecimal fields of zero.

Parameters

mask any host ipv6-address

operator

eq = equal to neq = not equal to gt = greater than lt = less than range = inclusive range of ports (you must specify two ports for the port parameter.)

port port

(OPTIONAL) Enter the application layer port number. Enter two port numbers if using the range logical operand. Range: 0 to 65535 Enter the IPv6 address of the network or host to which the packets are sent in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 The :: notation specifies successive hexadecimal fields of zero.

destination address

count byte log monitor

(OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. (OPTIONAL) Enter the keyword log to enter ACL matches in the log. (OPTIONAL) Enter the keyword monitor to monitor traffic on the monitoring interface specified in the flow-based monitoring session along with the filter operation.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

747

permit udp

Defaults Command Modes Command History

Not configured. ACCESS-LIST

Usage Information

Total Ports: 4001

But an ACL rule with TCP port lt 1023 takes only one entry in the CAM:
Rule# 1 Data Mask From To 1023 #Covered 1024

0000000000000000 1111110000000000 0

Total Ports: 1024 Related Commands

permit permit tcp

Assign a permit filter for IP packets. Assign a permit filter for TCP packets.

748

IPv6 Access Control Lists (IPv6 ACLs)

remark

remark
ces
Syntax

Enter a description for an IPv6 ACL entry. remark remark number [description] To delete the description, use the no remark remark number command (it is not necessary to include the remark description that you are deleting).

Parameters

remark number

Enter the remark number. Note that the same sequence number can be used for the remark and an ACL rule. Range: 0 to 4294967290 Enter a description of up to 80 characters.

description
Defaults Command Modes Command History

Not configured ACCESS-LIST

Version 8.4.2.1 Version 8.2.1.0 Version 7.8.1.0 Version 7.4.1.0 Introduced on the S-Series Introduced on the E-Series ExaScale Introduced on the C-Series Introduced on the E-Series TeraScale

Example

Figure 263 Command Example: remark

Force10(config-ipv6-acl)#remark 10 Remark for Entry # 10 Force10(config-ipv6-acl)#show config ! ipv6 access-list Acl1 description IPV6 Access-list seq 5 permit ipv6 1111::2222/127 host 3333::1111 log count bytes remark 10 Remark for Entry # 10 seq 10 permit icmp host 3333:: any mobile-advertisement log seq 15 deny tcp any any rst seq 20 permit udp any any gt 100 count !Force10(config-ipv6-acl)#

Usage Information

As shown in the example above, the same sequence number is used for the remark and an ACL rule. The remark will precede the rule in the running-configuration because it is assumed that the remark is for that rule or that group of rules that follow the remark. You can configure up to 4294967290 remarks in a given ACL.
show config Display the current ACL configuration.

Related Commands

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

749

resequence access-list

resequence access-list
ces
Syntax

Re-assign sequence numbers to entries of an existing access-list. resequence access-list {ipv4 | ipv6 | mac} {access-list-name StartingSeqNum Step-to-Increment } ipv4 |ipv6 | mac access-list-name
Enter the keyword ipv4, ipv6 or mac to identify the access list type to resequence. Enter the name of a configured IP access list, up to 140 characters. Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Enter the starting sequence number to resequence. Range: 0 - 4294967290 Enter the step to increment the sequence number. Range: 1 - 4294967290

Parameters

StartingSeqNum Step-to-Increment

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History

Version 8.4.2.0 Version 8.2.1.0 Version 7.8.1.0 Version 7.4.1.0

Introduced on the S-Series Introduced on the E-Series ExaScale Introduced on the C-Series Introduced on the E-Series TeraScale

Usage Information Related Commands

When all sequence numbers have been exhausted, this feature permits re-assigning new sequence number to entries of an existing access-list.
resequence prefix-list ipv6 Resequence a prefix list

750

IPv6 Access Control Lists (IPv6 ACLs)

resequence prefix-list ipv6

ces
Syntax Parameters

Re-assign sequence numbers to entries of an existing prefix list. resequence prefix-list ipv6 {prefix-list-name StartingSeqNum Step-to-increment} prefix-list-name
Enter the name of configured prefix list, up to 140 characters. Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Enter the starting sequence number to resequence. Range: 0 65535 Enter the step to increment the sequence number. Range: 1 65535

StartingSeqNum Step-to-Increment

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.8.1.0 Version 7.4.1.0

Introduced on the S-Series Introduced on the E-Series ExaScale Introduced on the C-Series Introduced on the E-Series TeraScale

Usage Information Related Commands

When all sequence numbers have been exhausted, this feature permits re-assigning new sequence number to entries of an existing prefix list.
resequence access-list Resequence an access-list

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

751

seq

seq
ces
Syntax

Assign a sequence number to a deny or permit filter in an IPv6 access list while creating the filter. seq sequence-number {deny | permit} {ipv6-protocol-number | icmp | ip | tcp | udp} {source address mask | any | host ipv6-address} {destination address | any | host ipv6-address} [operator port [port]] [count [byte]] | [log] [monitor] To delete a filter, use the no seq sequence-number command.

Parameters

sequence-number deny permit ipv6-protocol-number icmp ipv6 tcp udp source address

Enter a number from 0 to 4294967290. Enter the keyword deny to configure a filter to drop packets meeting this condition. Enter the keyword permit to configure a filter to forward packets meeting this criteria. Enter an IPv6 protocol number. Range: 0 to 255 Enter the keyword icmp to configure an Internet Control Message Protocol version 6 filter. Enter the keyword ipv6 to configure any Internet Protocol version 6 filter. Enter the keyword tcp to configure a Transmission Control protocol filter. Enter the keyword udp to configure a User Datagram Protocol filter. Enter the IPv6 address of the network or host from which the packets were sent in the x:x:x:x::x format followed by the prefix length in the / x format. Range: /0 to /128 The :: notation specifies successive hexadecimal fields of zero.

mask any host ipv6-address

operator

eq = equal to neq = not equal to gt = greater than lt = less than range = inclusive range of ports (you must specify two ports for the port parameter.)

752

IPv6 Access Control Lists (IPv6 ACLs)

seq

port port

destination address

message-type

(OPTIONAL) Enter an ICMP message type, either with the type (and code, if necessary) numbers or with the name of the message type . Range: 0 to 255 for ICMP type; 0 to 255 for ICMP code (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. (OPTIONAL) Enter the keyword log to enter ACL matches in the log. Supported on Jumbo-enabled line cards only. (OPTIONAL) Enter the keyword monitor to monitor traffic on the monitoring interface specified in the flow-based monitoring session along with the filter operation.

count byte log monitor

Defaults Command Modes Command History

Not configured. ACCESS-LIST

Version 8.4.2.1 Version 8.2.1.0 Version 7.8.1.0 Version 7.4.1.0 Introduced on the E-Series TeraScale and S-Series Introduced on the E-Series ExaScale Introduced on the C-Series Added monitor option Configure a filter to drop packets. Configure a filter to forward packets.

Related Commands

deny permit

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

753

show cam-acl

show cam-acl
ces
Syntax Command Modes

Show space allocated for IPv6 ACLs. show cam-acl EXEC EXEC Privileged

Command History

Version 8.4.2.1 Version 8.4.2.0 Version 7.8.1.0

Introduced on the S-Series Introduced on the E-Series TeraScale Introduced on the C-Series Configure CAM profiles to support IPv6 ACLs

Related Commands Examples

cam-acl

Figure 264 Command Example: show cam-acl (default profile)

Figure 265 Command Example: show cam-acl (manually set profiles)

754

IPv6 Access Control Lists (IPv6 ACLs)

show config

show config
ces
Syntax Command Modes Command History

View the current IPv6 ACL configuration. show config ACCESS-LIST

Version 8.4.2.1 Version 8.4.2.0 Version 8.2.1.0 Version 7.8.1.0 Introduced on the S-Series Introduced on the E-Series TeraScale Introduced on the E-Series ExaScale Introduced on the C-Series

Example

Figure 266 Command Example: show config

Force10(conf-ipv6-acl)#show config ! ipv6 access-list Acl1 seq 5 permit ipv6 1111::2222/127 host 3333::1111 log count bytes seq 10 permit icmp host 3333:: any mobile-advertisement log seq 15 deny tcp any any rst seq 20 permit udp any any gt 100 count Force10(conf-ipv6-acl)#

show ipv6 accounting access-list

ces
Syntax

View the IPv6 access-lists created on the E-Series and the sequence of filters. show ipv6 accounting {access-list access-list-name | cam_count} interface interface access-list-name cam_count interface interface
Enter the name of the ACL to be displayed, up to 140 characters. List the count of the CAM rules for this ACL. Enter the keyword interface followed by the interface type and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Parameters

Command Modes

EXEC EXEC Privilege

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

755

show ipv6 accounting access-list

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.8.1.0

Introduced on the S-Series Introduced on the E-Series ExaScale Introduced on the C-Series Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Introduced on the E-Series TeraScale

Version 7.4.1.0 Example

Figure 267 Command Example: show ipv6 accounting access-lists

Force10#show ipv6 accounting access-list ! Ingress IPv6 access list AclList1 on GigabitEthernet 9/0 Total cam count 15 seq 10 permit icmp host 3333:: any mobile-advertisement log seq 15 deny tcp any any rst seq 20 permit udp any any gt 101 count (0 packets) ! Force10#

Table 73 show ip accounting access-lists Command Example Field Field

Ingress IPv6... seq 10 ...

Description
Displays the name of the IPv6 ACL, in this example AclList1. Displays the filter. If the keywords count or byte were configured in the filter, the number of packets or bytes processed by the filter is displayed at the end of the line.

756

IPv6 Access Control Lists (IPv6 ACLs)

show running-config acl

ces
Syntax Command Modes

Display the ACL running configuration. show running-config acl EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.8.1.0 Version 7.4.1.0

Introduced on the S-Series Introduced on the E-Series ExaScale Introduced on the C-Series Introduced support on the E-Series TeraScale

Example

Figure 268 Command Example: show running-config acl

Force10#show running-config acl ! ip access-list extended ext-acl1 ! ip access-list standard std-acl1 ! ipv6 access-list Acl1 description IPV6 Access-list seq 5 permit ipv6 1111::2222/127 host 3333::1111 log count bytes remark 10 Remark for Entry # 10 seq 10 permit icmp host 3333:: any mobile-advertisement log seq 15 deny tcp any any rst seq 20 permit udp any any gt 100 count !Force10#

test cam-usage
ces
Syntax Parameters

Verify that enough ACL CAM space is available for the IPv6 ACLs you have created. test cam-usage service-policy input input policy name linecard {number | all} policy-map name number
Enter the name of the policy-map to verify. Enter all to get information for all the linecards, or enter the linecard number to get information for a specific card.

Range: 0-6 for E-Series, 0-7 for C-Series

Defaults Command Modes Command History

None EXEC Privilege

Version 8.4.2.1 Version 8.2.1.0 Version 7.8.1.0 Introduced on the S-Series Introduced on the E-Series ExaScale Introduced on C-Series and E-Series TeraScale

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

757

test cam-usage

Usage Information

Example

The following example shows the output shown when using the test cam-usage command.

Figure 269 Command Example: test cam-usage (C-Series)

Table 74 Output Explanations: test cam-usage Term

Linecard Portpipe

Explanation
Lists the line card or linecards that are checked. Entering all shows the status for linecards in the chassis Lists the portpipe (port-set) or port pipes (port-sets) that are checked. Entering all shows the status for linecards and port-pipes in the chassis. Shows the CAM profile of the CAM Identifies the amount of CAM space remaining for that profile Estimates the amount of CAM space the listed policy will require. Indicates whether or not the policy will be allowed in the CAM

CAM Partition Available CAM Estimated CAM per Port Status

758

IPv6 Access Control Lists (IPv6 ACLs)

match ipv6 address

IPv6 Route Map Commands

The following commands allow you to configure route maps and their redistribution criteria. match ipv6 address match ipv6 next-hop match ipv6 route-source route-map set ipv6 next-hop show config show route-map

match ipv6 address

ces
Syntax

Configure a filter to match routes based on IPv6 addresses specified in an access list. match ipv6 address prefix-list-name To delete a match, use the no match ipv6 address prefix-list-name command.

Parameters

prefix-list-name Not configured. ROUTE-MAP

Version 8.4.2.1 Version 8.2.1.0 Version 7.8.1.0

Enter the name of IPv6 prefix list, up to 140 characters.

Defaults Command Modes Command History

Introduced on the S-Series Introduced support on the E-Series ExaScale Introduced support on the C-Series Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Introduced support on the E-Series TeraScale Redistribute routes that match the next-hop IP address. Redistribute routes that match routes advertised by other routers.

Version 7.4.1.0 Related Commands

match ipv6 next-hop match ipv6 route-source

match ipv6 next-hop

ces
Syntax

Configure a filter which matches based on the next-hop IPv6 addresses specified in the IPv6 prefix list. match ipv6 next-hop prefix-list prefix-list-name To delete a match, use the no match ipv6 next-hop prefix-list prefix-list-name command.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

759

match ipv6 route-source

Parameters

prefix-list prefix-list-name Not configured. ROUTE-MAP

Version 8.4.2.1 Version 8.2.1.0 Version 7.8.1.0

Enter the keywords prefix-list followed by the name of configured prefix list, up to 140 characters.

Defaults Command Modes Command History

Introduced on the S-Series Introduced support on the E-Series ExaScale Introduced support on the C-Series Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Introduced support on the E-Series TeraScale Redistribute routes that match an IP address. Redistribute routes that match routes advertised by other routers.

Version 7.4.1.0 Related Commands match ipv6 address

match ipv6 route-source

ces
Syntax

Configure a filter which matches based on the routes advertised in the IPv6 prefix lists. match ipv6 route-source prefix-list prefix-list-name To delete a match, use the no match ipv6 route-source prefix-list prefix-list-name command.

Parameters

prefix-list prefix-list-name

Enter the keywords prefix-list followed by the name of configured prefix list, up to 140 characters.

Defaults Command Modes Command History

Not configured. ROUTE-MAP

Version 8.4.2.1 Version 8.2.1.0 Version 7.8.1.0 Introduced on the S-Series Introduced support on the E-Series ExaScale Introduced support on the C-Series Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Introduced support on the E-Series TeraScale Redistribute routes that match an IP address. Redistribute routes that match the next-hop IP address.

Version 7.4.1.0 Related Commands match ipv6 address

match ipv6 next-hop

760

IPv6 Access Control Lists (IPv6 ACLs)

route-map

route-map
ces
Syntax

Designate a IPv6 route map name and enter the ROUTE-MAP mode. route-map map-name To delete a route map, use the no route-map map-name command.

Parameters

map-name Not configured ROUTE-MAP

Version 8.4.2.1 Version 8.2.1.0 Version 7.8.1.0

Enter a text string to name the route map, up to 140 characters.

Defaults Command Modes Command History

Version 7.4.1.0 Example

Figure 270 Command Example: route-map

Force10(conf)#route-map Rmap1 Force10(config-route-map)#match ? ip IP specific information ipv6 IPv6 specific information

Related Commands

show config

View the current configuration.

set ipv6 next-hop

ces
Syntax

Configure a filter that specifies IPv6 address as the next hop. set ipv6 next-hop ipv6-address To delete the setting, use the no set ipv6 next-hop ipv6-address command.

Parameters

ipv6-address

Enter the IPv6 address in the x:x:x:x::x format. Note: The :: notation specifies successive hexadecimal fields of zeros

Defaults Command Modes

Not configured. ROUTE-MAP

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

761

show config

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.8.1.0 Version 7.4.1.0

Introduced on the S-Series Introduced support on the E-Series ExaScale Introduced support on the C-Series Introduced support on the E-Series TeraScale

Usage Information

The set ipv6 next-hop command is the only way to set an IPv6 Next-Hop.

show config
ces
Syntax Command Modes Command History

View the current route map configuration. show config ROUTE-MAP

Example

Figure 271 Command Example: show config

Force10(config-route-map)#show config ! route-map Rmap1 permit 10 match ip address v4plist match ipv6 address plist1 match ipv6 next-hop prefix-list plist2 match ipv6 route-source prefix-list plist3 set next-hop 1.1.1.1 set ipv6 next-hop 3333:2222::

762

IPv6 Access Control Lists (IPv6 ACLs)

show route-map

show route-map
ces
Syntax Command Modes

View the current route map configurations. show route-map EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.8.1.0 Version 7.4.1.0

Introduced on the S-Series Introduced support on the E-Series ExaScale Introduced support on the C-Series Introduced support on the E-Series TeraScale

Example

Figure 272 Command Example: show route-map

Force10#show route-map ! route-map Rmap1, permit, sequence 10 Match clauses: ip address: v4plist ipv6 address: plist1 ipv6 next-hop prefix-lists: plist2 ipv6 route-source prefix-lists: plist3 Set clauses: next-hop 1.1.1.1 ipv6 next-hop 3333:2222::

Related Commands

route-map

Configure a route map.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

763

show route-map

764

IPv6 Access Control Lists (IPv6 ACLs)

Chapter 26
Overview

IPv6 Basics

IPv6 Basic Commands are supported on platforms:

ces

Note: Basic IPv6 basic commands are supported on all platforms. See Table 52 on page 483 in Chapter 22, IPv6 Addressing for information on the FTOS version and platform that supports IPv6 in each software feature.

Commands
The IPv6 commands in the chapter are: clear ipv6 fib clear ipv6 route ipv6 address ipv6 host ipv6 nd prefix-advertisement ipv6 route ipv6 unicast-routing show ipv6 cam linecard show ipv6 cam stack-unit show ipv6 fib linecard show ipv6 fib stack-unit show ipv6 interface show ipv6 route trust ipv6-diffserv

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

765

clear ipv6 fib

ces
Syntax Parameters

Clear (refresh) all FIB entries on a linecard. clear ipv6 fib linecard slot slot EXEC Privilege
Version 8.2.1.0 Version 7.8.1.0 Version 7.4.1.0 Introduced on E-Series ExaScale Introduced on C-Series and S-Series Introduced on E-Series TeraScale Enter the slot number to clear the FIB for a linecard.

Command Mode Command History

clear ipv6 route

ces
Syntax Parameters

Clear (refresh) all or a specific route from the IPv6 routing table. clear ipv6 route {* | ipv6-address prefix-length} * ipv6-address prefix-length
Enter the * to clear (refresh) all routes from the IPv6 routing table. Enter the IPv6 address in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 Note: The :: notation specifies successive hexadecimal fields of zeros

Command Mode Command History

EXEC Privilege
Version 8.2.1.0 Version 7.8.1.0 Version 7.4.1.0 Introduced on E-Series ExaScale Introduced on C-Series and S-Series Introduced on E-Series TeraScale

766

IPv6 Basics

ipv6 address

ipv6 address
ces
Syntax

Configure an IPv6 address to an interface. ipv6 address {ipv6-address prefix-length} To remove the IPv6 address, use the no ipv6 address {ipv6-address prefix-length} command.

Parameters

ipv6-address prefix-length

Enter the IPv6 address in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 Note: The :: notation specifies successive hexadecimal fields of zeros

Defaults Command Modes Command History

No default values or behavior INTERFACE

Version 8.4.1.0 Version 8.2.1.0 Version 7.8.1.0 Version 7.4.1.0 Support added on the management Ethernet port. Introduced on E-Series ExaScale Introduced on C-Series and S-Series Introduced on E-Series TeraScale

Example

Figure 273 Command Example: ipv6 address

Force10(conf)#interface gigabitethernet 10/0 Force10(conf-if-gi-10/0)#ipv6 address ? X:X:X:X::X IPv6 address Force10(conf-if-gi-10/0)#ipv6 address 2002:1:2::3 ? <0-128> Prefix length in bits Force10(conf-if-gi-10/0)#ipv6 address 2002:1:2::3 /96 ? <cr> Force10(conf-if-gi-10/0)#ipv6 address 2002:1:2::3 /96 Force10(conf-if-gi-10/0)#show config ! interface GigabitEthernet 10/0 no ip address ipv6 address 2002:1:2::3 /96 no shutdown Force10(conf-if-gi-10/0)#

Usage Information

FTOS allows multiple IPv6 addresses to be configured on an interface. When the no ipv6 address command is issued without specifying a particular IPv6 address, all IPv6 addresses on that interface are deleted.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

767

ipv6 name-server

ipv6 name-server
ces
Syntax Parameters

Enter up to 6 IPv6 addresses of name servers. The order you enter the addresses determines the order of their use. ipv6 name-server ipv6-address [ipv6-address2...ipv6-address6] ipv6-address ipv6-address2 ... ipv6-address6
Enter the IPv6 address (X:X:X:X::X) of the name server to be used. Enter up five more IP addresses, in dotted decimal format, of name servers to be used. Separate the addresses with a space.

Defaults Command Modes Command History

No name servers are configured. CONFIGURATION

Version 8.4.2.1 Version 8.4.1.0 Introduced on the C-Series and S-Series Introduced on E-Series TeraScale

Usage Information

You can separately configure both IPv4 and IPv6 domain name servers.

ipv6 host
ces
Syntax Parameters

Assign a name and IPv6 address to be used by the host-to-IP address mapping table. ipv6 host name ip-address name ipv6-address
Enter a text string to associate with one IP address. Enter an IPv6 address (X:X:X:X::X) to be mapped to the name.

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 8.4.2.1 Version 8.4.1.0 Introduced on the C-Series and S-Series Introduced on E-Series TeraScale

768

IPv6 Basics

ipv6 nd prefix-advertisement

ipv6 nd prefix-advertisement
ces
Specify which IPv6 prefixes are include in Neighbor Advertisements. By default, all prefixes configured as addresses on the interface are advertised. This command allows control over the individual parameters per prefix; the default keyword can be used to use the default parameters for all prefixes. ipv6 nd prefix {ipv6-address/prefix-length> | default} [no-advertise] | [no-autoconfig] [no-rtr-address] [off-link] [lifetime {valid | infinite} { preferred | infinite}] ipv6-prefix prefix-length default no-advertise no-autoconfig no-rtr-address off-link valid-lifetime | infinite
Enter an IPv6 prefix. Enter the prefix followed by the prefix length.

Syntax

Parameters

Length Range: 0-128

Enter this keyword to set default parameters for all prefixes. Enter this keyword to prevent the specified prefix from being advertised. Enter this keyword to disable Stateless Address Autoconfiguration. Enter this keyword to exclude the full router address from router advertisements (the R bit is not set). Enter this keyword to advertise the prefix without stating to recipients that the prefix is either on-link or off-link. Enter the amount of time that the prefix is advertised, or enter infinite for an unlimited amount of time. Default: 2592000 Range: 0 to 4294967295 Enter the amount of time that the prefix is preferred, or enter infinite for an unlimited amount of time. Default: 604800 Range: 0 to 4294967295; the maximum value means that the preferred lifetime does not expire.

preferred-lifetime | infinite

Command Mode Command History

INTERFACE
Version 8.3.2.0 Introduced onthe E-Series TeraScale, C-Series, and S-Series.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

769

ipv6 route

ipv6 route
ces
Syntax

Establish a static IPv6 route. ipv6 route ipv6-address prefix-length {ipv6-address | interface | interface ipv6-address} [distance] [tag value] [permanent] To remove the IPv6 route, use the no ipv6 route ipv6-address prefix-length {ipv6-address | interface | interface ipv6-address} [distance] [tag value] [permanent] command.

Parameters

ipv6-address prefix-length

Enter the IPv6 address in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 Note: The :: notation specifies successive hexadecimal fields of zeros (OPTIONAL) Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a loopback interface, enter the keyword loopback followed by a number from zero (0) to 16383. For the null interface, enter the keyword null followed by zero (0). For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

interface

ipv6-address

(OPTIONAL) Enter the forwarding router IPv6 address in the x:x:x:x::x format. Note: The :: notation specifies successive hexadecimal fields of zeros (OPTIONAL) Enter a number as the distance metric assigned to the route. Range: 1 to 255 (OPTIONAL) Enter the keyword tag followed by a tag value number. Range: 1 to 4294967295 (OPTIONAL) Enter the keyword permanent to specify that the route is not to be removed, even if the interface assigned to that route goes down. Note: If you disable the interface with an IPv6 address associated with the keyword permanent, the route disappears from the routing table.

distance tag value permanent

Defaults Command Modes Command History

No default values or behavior CONFIGURATION

Version 8.2.1.0 Version 7.8.1.0 Version 7.4.1.0 Introduced on E-Series ExaScale Introduced on C-Series and S-Series Introduced on E-Series TeraScale

770

IPv6 Basics

ipv6 unicast-routing Figure 274 Command Example: ipv6 route

Force10(conf)#ipv6 route 44::0 /64 33::1 ? <1-255> Distance metric for this route permanent Permanent route tag Set tag for this route Force10(conf)#ipv6 route 55::0 /64 ? X:X:X:X::X Forwarding router's address gigabitethernet Gigabit Ethernet interface loopback Loopback interface null Null interface port-channel Port channel interface sonet Sonet interface tenGigabitethernet TenGigabit Ethernet interface vlan VLAN interface Force10(conf)#ipv6 route 55::0 /64 gigabitethernet 9/0 ? <1-255> Distance metric for this route X:X:X:X::X Forwarding router's address permanent Permanent route tag Set tag for this route Force10(conf)#ipv6 route 55::0 /64 gigabitethernet 9/0 66::1 ? <1-255> Distance metric for this route permanent Permanent route tag Set tag for this route Force10#

Example

Usage Information

When the interface goes down, FTOS withdraws the route. The route is re-installed, by FTOS, when the interface comes back up. When a recursive resolution is broken, FTOS withdraws the route. The route is re-installed, by FTOS, when the recursive resolution is satisfied.
show ipv6 route View the IPv6 configured routes.

Related Commands

ipv6 unicast-routing
ces
Syntax

Enable IPv6 Unicast routing. ipv6 unicast-routing To disable unicast routing, use the no ipv6 unicast-routing command.

Defaults Command Modes Command History

Enabled CONFIGURATION
Version 8.4.2.1 Version 8.2.1.0 Version 7.8.1.0 Version 7.4.1.0 Introduced on S-Series Introduced on E-Series ExaScale Introduced on C-Series Introduced on E-Series TeraScale

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

771

show ipv6 cam linecard

Usage Information

Since this command is enabled by default, it does not appear in the running configuration. When unicast routing is disabled, the no ipv6 unicast-routing command is included in the running configuration. Whenever unicast routing is disabled or re-enabled, FTOS generates a syslog message indicating the action. Disabling unicast routing on an E-Series chassis causes the following behavior: static and protocol learnt routes are removed from RTM and from the CAM; packet forwarding to these routes is terminated. connected routes and resolved neighbors remain in the CAM and new IPv6 neighbors are still discoverable additional protocol adjacencies (OSPFv3 and BGP4) are brought down and no new adjacencies are formed the IPv6 address family configuration (under router bgp) is deleted IPv6 Multicast traffic continues to flow unhindered

show ipv6 cam linecard

ces
Syntax Parameters

Displays the IPv6 CAM entries for the specified line card. show ipv6 cam linecard slot-number port-set {0-1} [summary | index | ipv6 address] slot-number port-set
summary Enter the line card slot ID number. Range: 0 to 13 on the E1200; 0 on 6 for E600, and 0 to 5 on the E300. Enter the Port Set to (OPTIONAL) Enter the keyword summary to display a table listing network prefixes and the total number prefixes which can be entered into the IPv6 CAM. (OPTIONAL) Enter the index in the IPv6 CAM Enter the IPv6 address in the x:x:x:x::x/n format to display networks that have more specific prefixes. Range: /0 to /128 Note: The :: notation specifies successive hexadecimal fields of zeros.

index ipv6-address

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.8.1.0 Version 7.4.1.0

Introduced on S-Series Introduced on E-Series ExaScale Introduced on C-Series Introduced on E-Series TeraScale

Usage Information

The forwarding table displays host route first, then displays route originated by routing protocol including static route.

772

IPv6 Basics

show ipv6 cam linecard

The egress port section displays the egress port of the forwarding entry which is designated as: C for the Control Processor 1 for the Route Processor 1 2 for the Route Processor 2
Examples

Figure 275 Command Example: show ipv6 cam linecard fib (C or E-Series)

Force10#show ipv6 cam linecard 13 fib Neighbor Mac-Addr Port VId ---------------------------------------------- ----------------- --------- ---[ 31] 2002:44:1:1::11 Next-Hop 00:00:01:1a:1e:d5 Gi 13/2 Mac-Addr 0 Port VId EC

Prefix

------------------------------- ------------------------------- ----------------- --------- ---- -[ 3147] 100::/64 [ [ [ [ [ [ 0] 0] 0] 0] 0] 0] 2002:44:1:1::11 2002:44:1:24::11 2002:44:1:23::11 2002:44:1:21::11 2002:44:1:20::11 2002:44:1:19::11 Gi Gi Gi Gi Gi Gi 0/0 0/0 0/0 0/0 0/0 0/0 0 0 0 0 0 0 1 1 1 1 1 1

Force10#

Figure 276 Command Example: show ipv6 cam linecard (C or E-Series)

Force10#show ipv6 cam linecard 1 port-set 0 Neighbor --------------------------------------------------[ 0] fe80::201:e8ff:fe17:5cae [ 1] fe80::201:e8ff:fe17:5bbe [ 2] fe80::201:e8ff:fe17:5bbd [ 3] fe80::201:e8ff:fe17:5cb0 [ 4] fe80::201:e8ff:fe17:5cae [ 5] fe80::201:e8ff:fe17:5caf

Mac-Addr ----------------00:01:e8:17:5c:ae 00:01:e8:17:5b:be 00:01:e8:17:5b:bd 00:01:e8:17:5c:b0 00:01:e8:17:5c:ae 00:01:e8:17:5c:af

Port VId --------- ---BLK 100 BLK 0 BLK 0 BLK 0 BLK 1000 BLK 0

Prefix First-Hop Mac-Addr Port VId EC ------------------------------------ ------------------------ ----------------- --------- ---[ 80] 2222::2/128 [ [ 2] : 2] ::1 00:00:00:00:00:00 RP2 00:00:00:00:00:00 RP2 0 0 0 0

[ 81] 3333::2/128 Force10#

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

773

show ipv6 cam stack-unit

ces
Syntax Parameters

Displays the IPv6 CAM entries for the specified stack-unit. show ipv6 cam stack-unit unit-number port-set {0-1} [summary | index | ipv6 address] unit-number port-set
summary Enter the stack units ID number. Range: 0 to 7 Enter the Port Set to (OPTIONAL) Enter the keyword summary to display a table listing network prefixes and the total number prefixes which can be entered into the IPv6 CAM. (OPTIONAL) Enter the index in the IPv6 CAM Enter the IPv6 address in the x:x:x:x::x/n format to display networks that have more specific prefixes. Range: /0 to /128 Note: The :: notation specifies successive hexadecimal fields of zeros.

index ipv6-address

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 7.8.1.0

Introduced on C-Series and S-Series Introduced on E-Series TeraScale

show ipv6 fib linecard

ce
Syntax Parameters

View all Forwarding Information Base entries. show ipv6 fib linecard slot-number {summary | ipv6-address} slot-number
Enter the number of the line card slot. E-Series Range: 0 to 13 on a E1200, 0 to 6 on a E600/E600i, and 0 to 5 on a E300 (OPTIONAL) Enter the keyword summary to view a summary of entries in IPv6 cam. Enter the IPv6 address in the x:x:x:x::x/n format to display networks that have more specific prefixes. Range: /0 to /128 Note: The :: notation specifies successive hexadecimal fields of zeros.

summary ipv6-address

Command Mode

EXEC EXEC Privilege

774

IPv6 Basics

show ipv6 fib stack-unit

Command History

Version 8.2.1.0 Version 7.8.1.0 Version 7.4.1.0

Introduced on E-Series ExaScale Introduced on C-Series and S-Series Introduced on E-Series TeraScale

show ipv6 fib stack-unit

ces
Syntax Parameters

View all Forwarding Information Base entries. show ipv6 fib stack-unit unit-number [summary] ipv6-address slot-number summary ipv6-address
Enter the number of the stack unit. Range: 0 to 7 (OPTIONAL) Enter the keyword summary to view a summary of entries in IPv6 cam. Enter the IPv6 address in the x:x:x:x::x/n format to display networks that have more specific prefixes. Range: /0 to /128 Note: The :: notation specifies successive hexadecimal fields of zeros.

Command Mode

EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 7.8.1.0 Version 7.4.1.0

Introdcued on S-Series Introduced on C-Series Introduced on E-Series TeraScale

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

775

show ipv6 interface

ces
Syntax

Display the status of interfaces configured for IPv6. show ipv6 interface interface [brief] [configured] [gigabitethernet slot | slot/port] [linecard slot-number] [loopback interface-number] [managementethernet slot/port] [port-channel number] [tengigabitethernet slot | slot/port] [vlan vlan-id] interface
(OPTIONAL) Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Loopback interface, enter the keyword Loopback followed by a number from 0 to 16383. For the Null interface, enter the keyword null followed by zero (0). For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Parameters

brief configured gigabitethernet linecard slot-number

(OPTIONAL) View a summary of IPv6 interfaces. (OPTIONAL) View information on all IPv6 configured interfaces (OPTIONAL) View information for an IPv6 gigabitethernet interface. (OPTIONAL) View information for a specific IPv6 linecard or S-Series stack-unit Range: 0 to 13 on a E1200, 0 to 6 on a E600, and 0 to 5 on a E300. Range: 0-7 for C-Series Range 0-7 for S-Series (OPTIONAL) View information on an IPv6 Management port. Enter the slot number (0-1) and port number zero (0). (OPTIONAL) View information for IPv6 loopback interfaces. (OPTIONAL) View information for IPv6 port channels. (OPTIONAL) View information for an IPv6 tengigabitethernet interface. (OPTIONAL) View information for IPv6 VLANs.

managementethernet slot/port loopback port-channel tengigabitethernet vlan

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.8.1.0 Version 7.4.1.0

Introduced on S-Series Introduced on E-Series ExaScale. Support for the managementethernet slot/port parameter was added. Introduced on C-Series Introduced on E-Series TeraScale

Usage Information

The Management port is enabled by default (no shutdown). If necessary, use the ipv6 address command to assign an IPv6 address to the Management port.

776

IPv6 Basics

show ipv6 interface Figure 277 Command Example: show ipv6 interface
Force10#show ipv6 interface gigabitethernet 1/1 GigabitEthernet 1/1 is up, line protocol is up IPV6 is enabled Link Local address: fe80::201:e8ff:fe04:62c4 Global Unicast address(es): 2001::1, subnet is 2001::/64 2002::1, subnet is 2002::/120 2003::1, subnet is 2003::/120 2004::1, subnet is 2004::/32 Global Anycast address(es): Joined Group address(es): ff02::1 ff02::2 ff02::1:ff00:1 ff02::1:ff04:62c4 MTU is 1500 ICMP redirects are not sent DAD is enabled: number of DAD attempts: 1 ND reachable time is 30 seconds ND advertised reachable time is 30 seconds ND advertised retransmit interval is 30 seconds ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds

Example

Figure 278 Command Example: show ipv6 interface managementethernet

Force10#show ipv6 interface managementethernet 0/0 ManagementEthernet 0/0 is up, line protocol is up IPV6 is enabled Link Local address: fe80::201:e8ff:fe0b:a94c Global Unicast address(es): Actual address is 2222::5, subnet is 2222::/64 Virtual-IP IPv6 address is not set Global Anycast address(es): Joined Group address(es): ff02::1 ff02::2 ff02::1:ff00:5 ff02::1:ff0b:a94c MTU is 1500 ICMP redirects are not sent DAD is enabled, number of DAD attempts: 3 ND reachable time is 3600000 milliseconds ND advertised reachable time is 3600000 milliseconds ND advertised retransmit interval is 0 milliseconds ND router advertisements are sent every 200 to 600 seconds ND router advertisements live for 9000 seconds

Figure 279 Command Example: show ipv6 interface brief

Force10#show ipv6 interface brief GigabitEthernet 0/0 fe80::201:e8ff:fe3a:143e 10::1/64 ... ManagementEthernet 0/0 fe80::201:e8ff:fe5d:b74c fdaa:bbbb:cccc:1004::50/64 ... Vlan 3 fe80::201:e8ff:fe3a:19b7 7::1/64 [up/up]

[up/up]

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

777

show ipv6 route

ces
Syntax

Displays the IPv6 routes. show ipv6 route [ipv6-address prefix-length] [hostname] [all] [bgp as number] [connected] [isis tag] [list prefix-list name] [ospf process-id] [rip] [static] [summary] ipv6-address prefix-length hostname all bgp connected isis list ospf rip static summary
(OPTIONAL) Enter the IPv6 address in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128. The :: notation specifies successive hexadecimal fields of zeros. (OPTIONAL) View information for this IPv6 routes with Host Name (OPTIONAL) View information for all IPv6 routes (OPTIONAL) View information for all IPv6 BGP routes (OPTIONAL) View only the directly connected IPv6 routes. (OPTIONAL) View information for all IPv6 IS-IS routes (OPTIONAL) View the IPv6 prefix list (OPTIONAL) View information for all IPv6 OSPF routes (OPTIONAL) View information for all IPv6 RIP routes (OPTIONAL) View only routes configured by the ipv6 route command. (OPTIONAL) View a brief list of the configured IPv6 routes.

Parameter

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History

Version 8.2.1.0 Version 7.8.1.0 Version 7.4.1.0

Introduced on E-Series ExaScale Introduced on C-Series and S-Series Introduced on E-Series TeraScale

Example

Figure 280 Command Example: show ipv6 route

Force10#show ipv6 route Codes: C - connected, L - local, S - static, R - RIP, B - BGP, IN - internal BGP, EX - external BGP,LO - Locally Originated, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, Gateway of last resort is not set Destination Dist/Metric, Gateway, Last Change ----------------------------------------------------2001::/64 [0/0] Direct, Gi 1/1, 00:28:49 2002::/120 [0/0] Direct, Gi 1/1, 00:28:49 2003::/120 [0/0] Direct, Gi 1/1, 00:28:49 2004::/32 [0/0] Direct, Gi 1/1, 00:28:49 fe80::/10 [0/0] Direct, Nu 0, 00:29:09

C C C C L

778

IPv6 Basics

show ipv6 route

Example

Figure 281 Command Example: show ipv6 route summary

Force10#show ipv6 route summary Route Source Active Routes connected 5 static 0 Total 5 Total 5 active route(s) using 952 bytes Non-active Routes 0 0 0

Table 75 show ipv6 route Command Example Fields Field

(undefined)

Description
Identifies the type of route: L = Local C = connected S = static R = RIP B = BGP IN = internal BGP EX = external BGP LO = Locally Originated O = OSPF IA = OSPF inter area N1 = OSPF NSSA external type 1 N2 = OSPF NSSA external type 2 E1 = OSPF external type 1 E2 = OSPF external type 2 i = IS-IS L1 = IS-IS level-1 L2 = IS-IS level-2 IA = IS-IS inter-area * = candidate default > = non-active route + = summary routes

Destination Gateway Dist/Metric Last Change

Identifies the routes destination IPv6 address. Identifies whether the route is directly connected and on which interface the route is configured. Identifies if the route has a specified distance or metric. Identifies when the route was last changed or configured.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

779

trust ipv6-diffserv

trust ipv6-diffserv
ces
Syntax

Allows the dynamic classification of IPv6 DSCP. trust ipv6-diffserv To remove the definition, use the no trust ipv6-diffserv command.

Defaults Command Modes Command History

This command has no default behavior or values. CONFIGURATION-POLICY-MAP-IN

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

When trust IPv6 diffserv is configured, matched bytes/packets counters are not incremented in the show qos statistics command. Trust differv (IPv4) can co-exist with trust ipv6-diffserv in an Input Policy Map. Dynamic classification happens based on the mapping detailed in the following table. Table 76 IPv6 -Diffserv Mapping
IPv6 Service Class Field 111XXXXX 110XXXXX 101XXXXX 100XXXXX 011XXXXX 010XXXXX 001XXXXX 000XXXXX Queue ID 7 6 5 4 3 2 1 0

780

IPv6 Basics

Chapter 27

IPv6 Border Gateway Protocol (IPv6 BGP)

Overview
IPv6 Border Gateway Protocol (IPv6 BGP) is supported on platforms: This chapter includes the following commands: IPv6 BGP Commands IPv6 MBGP Commands

ces

IPv6 BGP Commands

Border Gateway Protocol (BGP) is an external gateway protocol that transmits interdomain routing information within and between Autonomous Systems (AS). BGP version 4 (BGPv4) supports classless interdomain routing and the aggregation of routes and AS paths. Basically, two routers (called neighbors or peers) exchange information including full routing tables and periodically send messages to update those routing tables. The following commands allow you to configure and enable BGP. aggregate-address bgp always-compare-med bgp bestpath as-path ignore bgp bestpath med confed bgp bestpath med missing-as-best bgp client-to-client reflection bgp cluster-id bgp confederation identifier bgp confederation peers bgp dampening bgp default local-preference bgp enforce-first-as bgp fast-external-fallover bgp four-octet-as-support Publication Date: July 20, 2011 781

Command Line Reference for FTOS version 8.4.2.4

bgp graceful-restart bgp log-neighbor-changes bgp non-deterministic-med bgp recursive-bgp-next-hop bgp regex-eval-optz-disable bgp router-id bgp soft-reconfig-backup capture bgp-pdu neighbor (ipv6) capture bgp-pdu max-buffer-size clear ip bgp as-number clear ip bgp ipv6-address clear ip bgp peer-group clear ip bgp ipv6 dampening clear ip bgp ipv6 flap-statistics clear ip bgp ipv6 unicast soft debug ip bgp debug ip bgp events debug ip bgp ipv6 dampening debug ip bgp ipv6 unicast soft-reconfiguration debug ip bgp keepalives debug ip bgp notifications debug ip bgp updates default-metric description distance bgp maximum-paths neighbor activate neighbor advertisement-interval neighbor allowas-in neighbor default-originate neighbor description neighbor distribute-list neighbor ebgp-multihop neighbor fall-over neighbor filter-list neighbor maximum-prefix neighbor X:X:X::X password neighbor next-hop-self neighbor peer-group (assigning peers) neighbor peer-group (creating group) neighbor peer-group passive neighbor remote-as neighbor remove-private-as neighbor route-map neighbor route-reflector-client neighbor send-community

782

IPv6 Border Gateway Protocol (IPv6 BGP)

address-family

neighbor shutdown neighbor soft-reconfiguration inbound neighbor subnet neighbor timers neighbor update-source neighbor weight network network backdoor redistribute redistribute isis redistribute ospf router bgp show capture bgp-pdu neighbor show config show ip bgp ipv6 unicast show ip bgp ipv6 unicast cluster-list show ip bgp ipv6 unicast community show ip bgp ipv6 unicast community-list show ip bgp ipv6 unicast dampened-paths show ip bgp ipv6 unicast detail show ip bgp ipv6 unicast extcommunity-list show ip bgp ipv6 unicast filter-list show ip bgp ipv6 unicast flap-statistics show ip bgp ipv6 unicast inconsistent-as show ip bgp ipv6 unicast neighbors show ip bgp ipv6 unicast peer-group show ip bgp ipv6 unicast summary show ip bgp next-hop show ip bgp paths show ip bgp paths as-path show ip bgp paths community show ip bgp paths extcommunity show ip bgp regexp timers bgp

address-family
c et s
Syntax Parameters

Enable the IPv4 multicast or the IPv6 address family. address-family [ipv4 multicast| ipv6unicast] ipv4 multicast ipv6 unicast
Enter BGPv4 multicast mode. Enter BGPv6 mode.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

783

aggregate-address

Defaults Command Modes Command History

Not configured. ROUTER BGP

Version 8.4.2.1 Version 6.5.1.0

Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

Usage Information

Enter ipv6 unicast to enter the BGP for IPv6 mode (CONF-ROUTER_BGPv6_AF).

aggregate-address
ces
Syntax

Summarize a range of prefixes to minimize the number of entries in the routing table. aggregate-address ipv6-address prefix-length [advertise-map map-name] [as-set] [attribute-map map-name] [summary-only] [suppress-map map-name] ipv6-address prefix-length
Enter the IPv6 address in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 The :: notation specifies successive hexadecimal fields of zeros

Parameters

advertise-map map-name as-set

(OPTIONAL) Enter the keywords advertise-map followed by the name of a configured route map to set filters for advertising an aggregate route. (OPTIONAL) Enter the keyword as-set to generate path attribute information and include it in the aggregate. AS_SET includes AS_PATH and community information from the routes included in the aggregated route. (OPTIONAL) Enter the keywords attribute-map followed by the name of a configured route map to modify attributes of the aggregate, excluding AS_PATH and NEXT_HOP attributes. (OPTIONAL) Enter the keyword summary-only to advertise only the aggregate address. Specific routes will not be advertised. (OPTIONAL) Enter the keywords suppress-map followed by the name of a configured route map to identify which more-specific routes in the aggregate are suppressed.

attribute-map map-name summary-only suppress-map map-name

Defaults Command Modes Command History

Not configured. CONFIGURATION-ROUTER-BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

At least one of the routes included in the aggregate address must be in the BGP routing table for the configured aggregate to become active.

784

IPv6 Border Gateway Protocol (IPv6 BGP)

bgp always-compare-med Do not add the as-set parameter to the aggregate, if routes within the aggregate are constantly changing as the aggregate will flap to keep track of the changes in the AS_PATH. In route maps used in the suppress-map parameter, routes meeting the deny clause are not suppress; in other words, they are allowed. The opposite is true: routes meeting the permit clause are suppressed. If the route is injected via the network command, that route will still appear in the routing table if the summary-only parameter is configured in the aggregate-address command. The summary-only parameter suppresses all advertisements. If you want to suppress advertisements to only specific neighbors, use the neighbor distribute-list command. In the show ip bgp ipv6 unicast command, aggregates contain an a in the first column and routes suppressed by the aggregate contain an s in the first column.

bgp always-compare-med
ces
Syntax

Allows you to enable comparison of the MULTI_EXIT_DISC (MED) attributes in the paths from different external ASs. bgp always-compare-med To disable comparison of MED, enter no bgp always-compare-med.

Defaults Command Modes Command History

Disabled (that is, the software only compares MEDs from neighbors within the same AS). ROUTER BGP
Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

Any update without a MED attribute is the least preferred route. If you enable this command, use the capture bgp-pdu max-buffer-size * command to recompute the best path.

bgp bestpath as-path ignore

ces
Syntax

Ignore the AS PATH in BGP best path calculations. bgp bestpath as-path ignore To return to the default, enter no bgp bestpath as-path ignore.

Defaults

Disabled (that is, the software considers the AS_PATH when choosing a route as best). Publication Date: July 20, 2011 785

Command Line Reference for FTOS version 8.4.2.4

bgp bestpath med confed

Command Modes Command History

ROUTER BGP
Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

If you enable this command, use the capture bgp-pdu max-buffer-size * command to recompute the best path.

bgp bestpath med confed

ces
Syntax

Defaults Command Modes Command History

Disabled. ROUTER BGP

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

The software compares the MEDs only if the path contains no external autonomous system numbers. If you enable this command, use the capture bgp-pdu max-buffer-size * command to recompute the best path.

bgp bestpath med missing-as-best

ces
Syntax

Defaults Command Modes

Disabled ROUTER BGP IPv6 Border Gateway Protocol (IPv6 BGP)

786

bgp client-to-client reflection

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

The MED is a 4-byte unsigned integer value and the default behavior is to assume a missing MED as 4294967295. This command causes a missing MED to be treated as 0. During the path selection, paths with a lower MED are preferred over those with a higher MED.

bgp client-to-client reflection

ces
Syntax

Allows you to enable route reflection between clients in a cluster. bgp client-to-client reflection To disable client-to-client reflection, enter no bgp client-to-client reflection.

Defaults Command Modes Command History

Enabled when a route reflector is configured. ROUTER BGP

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information Related Commands

Route reflection to clients is not necessary if all client routers are fully meshed.

bgp cluster-id neighbor route-reflector-client

Assign ID to a BGP cluster with two or more route reflectors. Configure a route reflector and clients.

bgp cluster-id
ces
Syntax

Assign a cluster ID to a BGP cluster with more than one route reflector. bgp cluster-id {ip-address | number} To delete a cluster ID, use the no bgp cluster-id {ip-address | number} command.

Parameters

ip-address number

Enter an IP address as the route reflector cluster ID. Enter a route reflector cluster ID as a number from 1 to 4294967295.

Defaults

Not configured.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

787

bgp confederation identifier

Command Modes Command History

ROUTER BGP
Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

When a BGP cluster contains only one route reflector, the cluster ID is the route reflectors router ID. For redundancy, a BGP cluster may contain two or more route reflectors and you assign a cluster ID with the bgp cluster-id command. Without a cluster ID, the route reflector cannot recognize route updates from the other route reflectors within the cluster. The default format for displaying the cluster-id is dotted decimal, but if you enter the cluster-id as an integer, it will be displayed as an integer.

Related Commands

bgp client-to-client reflection neighbor route-reflector-client show ip bgp ipv6 unicast cluster-list

Enable route reflection between route reflector and clients. Configure a route reflector and clients. View paths with a cluster ID.

bgp confederation identifier

ces
Syntax

Configure an identifier for a BGP confederation. bgp confederation identifier as-number To delete a BGP confederation identifier, use the no bgp confederation identifier as-number command.

Parameters

as-number

Enter the AS number. Range: 1 to 65535

Defaults Command Modes Command History

Not configured. ROUTER BGP

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

788

IPv6 Border Gateway Protocol (IPv6 BGP)

bgp confederation peers

ces
Syntax

Specify the Autonomous Systems (ASs) that belong to the BGP confederation. bgp confederation peers as-number [...as-number] To enter no bgp confederation peer.

Parameters

as-number ...as-number

Enter the AS number. Range: 1 to 65535 (OPTIONAL) Enter up to 16 confederation numbers. Range: 1 to 65535.

Defaults Command Modes Command History

Not configured. ROUTER BGP

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

The Autonomous Systems configured in this command are visible to the EBGP neighbors. Each Autonomous System is fully meshed and contains a few connections to other Autonomous Systems. After specifying autonomous systems numbers for the BGP confederation, recycle the peers to update their configuration.

Related Commands

bgp confederation identifier

Configure a confederation ID.

bgp dampening
ces
Syntax

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

789

bgp default local-preference

Parameters

half-life

reuse

suppress

max-suppress-time

route-map map-name

Defaults Command Modes Command History

Disabled. ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

If you enter bgp dampening, the default values for half-life, reuse, suppress, and max-suppress-time are applied. The parameters are position-dependent, therefore, if you configure one parameter, you must configure the parameters in the order they appear in the command.
show ip bgp ipv6 unicast dampened-paths View the BGP paths

Related Commands

bgp default local-preference

ces
Syntax

Change the default local preference value for routes exchanged between internal BGP peers. bgp default local-preference value

790

IPv6 Border Gateway Protocol (IPv6 BGP)

bgp enforce-first-as To return to the default value, enter no bgp default local-preference.
Parameters

value

Defaults Command Modes Command History

100 ROUTER BGP

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

The bgp default local-preference command setting is applied by all routers within the AS.

bgp enforce-first-as
ces
Syntax

Disable (or enable) enforce-first-as check for updates received from EBGP peers. bgp enforce-first-as To turn off the default, use the no bgp enforce-first-as command.

Defaults Command Modes Usage Information

Enabled ROUTER BGP This is enabled by default, that is for all updates received from EBGP peers, BGP ensures that the first AS of the first AS segment is always the AS of the peer. If not, the update is dropped and a counter is incremented. Use the show ip bgp ipv6 unicast neighbors command to view the failed enforce-first-as check counter. If enforce-first-as is disabled, it can be viewed via the show ip protocols command.

Related Commands

show ip bgp ipv6 unicast neighbors

Display IPv6 routing information exchanged by BGP neighbors.

show ip protocols
Command History Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

View Information on routing protocols.

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

791

bgp fast-external-fallover

bgp fast-external-fallover
ces
Syntax

Defaults Command Modes Command History

Enabled ROUTER BGP

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

The bgp fast-external-fallover command appears in the show config command output.

bgp four-octet-as-support
ces
Syntax

Enable 4-byte support for the BGP process bgp four-octet-as-support To disable fast external fallover, enter no bgp four-octet-as-support.

Defaults Command Modes Usage Information

Disabled (supports 2-Byte format) ROUTER BGP Routers supporting 4-Byte ASNs advertise that function in the OPEN message. The behavior of a 4-Byte router will be slightly different depending on whether it is speaking to a 2-Byte router or a 4-Byte router. When creating Confederations, all the routers in the Confederation must be 4 or 2 byte identified routers. You cannot mix them. Where the 2-Byte format is 1-65535, the 4-Byte format is 1-4294967295. Both formats are accepted, and the advertisements will reflect the entered format. For more information about using the 2 or 4-Byte format, refer to the FTOS Configuration Guide.

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

792

IPv6 Border Gateway Protocol (IPv6 BGP)

bgp graceful-restart

bgp graceful-restart
ces
Syntax

Parameters

neighbor ip-address | peer-group-name

Enter the keyword neighbor followed by one of the options listed below:

ip-address of the neighbor in IP address format of the

neighbor

peer-group-name of the neighbor peer group.

restart-time seconds

Enter the keyword restart-time followed by the maximum number of seconds needed to restart and bring up all peers. Range: 1 to 3600 seconds Default: 120 seconds Enter the keyword stale-path-time followed by the maximum number of seconds to wait before restarting a peers stale paths. Default: 360 seconds. Enter the keyword role receiver-only to designate the local router to support graceful restart as a receiver only.

stale-path-time seconds

role receiver-only

Defaults Command Modes Command History

As above ROUTER BGP

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

This feature is advertised to BGP neighbors through a capability advertisement. In receiver only mode, BGP saves the advertised routes of peers that support this capability when they restart.

bgp log-neighbor-changes
ces
Syntax

Enable logging of BGP neighbor resets. bgp log-neighbor-changes To disable logging, enter no bgp log-neighbor-changes.

Defaults Command Modes

Enabled ROUTER BGP

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

793

bgp non-deterministic-med

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information Related Commands

The bgp log-neighbor-changes command appears in the show config command output.

show config

View the current configuration

bgp non-deterministic-med
ces
Syntax

Compare MEDs of paths from different Autonomous Systems. bgp non-deterministic-med To return to the default, enter no bgp non-deterministic-med.

Defaults

Disabled (that is, paths/routes for the same destination but from different ASs will not have their MEDs compared). ROUTER BGP
Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Command Modes Command History

Usage Information

In non-deterministic mode, paths are compared in the order in which they arrive. This method can lead to FTOS choosing different best paths from a set of paths, depending on the order in which they are received from the neighbors since MED may or may not get compared between adjacent paths. In deterministic mode (no bgp non-deterministic-med), FTOS compares MED between adjacent paths within an AS group since all paths in the AS group are from the same AS. When you change the path selection from deterministic to non-deterministic, the path selection for existing paths remains deterministic until you enter capture bgp-pdu max-buffer-size command to clear existing paths.

bgp recursive-bgp-next-hop
ces
Syntax

Enable next-hop resolution through other routes learned by BGP. bgp recursive-bgp-next-hop To disable next-hop resolution, use the no bgp recursive-bgp-next-hop command.

Defaults

Enabled IPv6 Border Gateway Protocol (IPv6 BGP)

794

bgp regex-eval-optz-disable

Command Modes Usage Information

ROUTER BGP This command is a knob to disable BGP next-hop resolution via BGP learned routes. During the next-hop resolution, only the first route that the next-hop resolves through is verified for the routes protocol source and is checked if the route is learned from BGP or not. The clear ip bgp command is required for this command to take effect and to keep the BGP database consistent. Execute the clear ip bgp command right after executing this command.

Related Commands

capture bgp-pdu max-buffer-size

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Description.

Command History

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

bgp regex-eval-optz-disable
ces
Syntax

Disables the Regex Performance engine that optimizes complex regular expression with BGP. bgp regex-eval-optz-disable To re-enable optimization engine, use the no bgp regex-eval-optz-disable command.

Defaults Command Modes Usage Information

Enabled by default ROUTER BGP (conf-router_bgp) BGP uses regular expressions (regex) to filter route information. In particular, the use of regular expressions to filter routes based on AS-PATHs and communities is quite common. In a large scale configuration, filtering millions of routes based on regular expressions can be quite CPU intensive, as a regular expression evaluation involves generation and evaluation of complex finite state machines. BGP policies, containing regular expressions to match as-path and communities, tend to use a lot of CPU processing time, which in turn affects the BGP routing convergence. Additionally, the show bgp commands, which are filtered through regular expressions, use up CPU cycles particularly with large databases. The Regex Engine Performance Enhancement feature optimizes the CPU usage by caching and reusing regular expression evaluation results. This caching and reuse may be at the expensive of RP1 processor memory.

Related Commands

show ip protocols

View information on all routing protocols enabled and active on the E-Series.
Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

795

bgp router-id

bgp router-id
ces
Syntax

Assign a user-given ID to a BGP router. bgp router-id ip-address To delete a user-assigned IP address, enter no bgp router-id.

Parameters

ip-address

Enter an IP address in dotted decimal format to reset only that BGP neighbor.

Defaults

The router ID is the highest IP address of the Loopback interface or, if no Loopback interfaces are configured, the highest IP address of a physical interface on the router. ROUTER BGP
Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Command Modes Command History

Usage Information

Peering sessions are reset when you change the router ID of a BGP router.

bgp soft-reconfig-backup
c et s
Syntax

Defaults Command Modes Usage Information

Off ROUTER BGPV6 ADDRESS FAMILY (conf-router_bgpv6_af) When soft-reconfiguration is enabled for a neighbor and the clear ip bgp soft in is executed, the update database stored in the router is replayed and updates are reevaluated. With this command, the replay and update process is triggered only if route-refresh request is not negotiated with the peer. If the request is indeed negotiated (upon execution of clear ip bgp soft in), then BGP sends a route-refresh request to the neighbor and receives all of the peers updates.
clear ip bgp ipv6 unicast soft in Version 8.4.1.0 Version 7.8.1.0 Activate inbound policies for IPv6 routes without resetting the BGP TCP session.

Related Commands Command History

Added support for IPv4 multicast and IPv6 unicast address families Introduced support on S-Series

796

IPv6 Border Gateway Protocol (IPv6 BGP)

capture bgp-pdu neighbor (ipv6)

Version 7.7.1.0 Version 7.2.1.0

Introduced support on C-Series Introduced on E-Series TeraScale

capture bgp-pdu neighbor (ipv6)

ces
Syntax

Enable capture of an IPv6 BGP neighbor packet. capture bgp-pdu neighbor ipv6-address direction {both | rx | tx} To disable capture of the IPv6 BGP neighbor packet, use the no capture bgp-pdu neighbor ipv6-address command.

Parameters

ipv6-address direction {both | rx | tx}

Enter the IPv6 address of the target BGP neighbor. Enter the keyword direction and a direction either rx for inbound, tx for outbound, or both.

Defaults Command Modes

Not configured. EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale Enable route reflection between route reflector and clients. Configure a route reflector and clients. Enable capture of an IPv4 BGP neighbor packet.

Related Commands

capture bgp-pdu max-buffer-size show capture bgp-pdu neighbor capture bgp-pdu neighbor

capture bgp-pdu max-buffer-size

ces
Syntax Parameters

Defaults

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

797

clear ip bgp * (asterisk)

Command Modes

EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale Enable capture of an IPv6 BGP neighbor packet. Configure a route reflector and clients.

Related Commands

capture bgp-pdu neighbor (ipv6) show capture bgp-pdu neighbor

clear ip bgp * (asterisk)

ces
Syntax

Reset all BGP sessions in the specified category on the E-Series. The soft parameter (BGP Soft Reconfiguration) clears the policies without resetting the TCP connection. clear ip bgp * [ipv4 multicast soft [in | out] | ipv6 unicast soft [in | out] | soft [in | out]] * ipv4 multicast soft [in | out] ipv6 unicast soft [in | out] soft
Enter an asterisk ( * ) to reset all BGP sessions. (OPTIONAL) This keyword sequence sets options within the a specified IPv4 address family. (OPTIONAL) This keyword sequence sets options within the a specified IPv6 address family. (OPTIONAL) Enter the keyword soft to configure and activate policies without resetting the BGP TCP session, that is, BGP Soft Reconfiguration.

Parameters

Note: If you enter clear ip bgp ip6-address soft, both inbound and outbound policies are reset. in out
(OPTIONAL) Enter the keyword in to activate only inbound policies. (OPTIONAL) Enter the keyword out to activate only outbound policies.

Command Modes Command History

EXEC Privilege
Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

798

IPv6 Border Gateway Protocol (IPv6 BGP)

clear ip bgp as-number

ces
Syntax

Reset BGP sessions on the E-Series. The soft parameter (BGP Soft Reconfiguration) clears the policies without resetting the TCP connection. clear ip bgp as-number [flap-statistics | ipv4 {multicast {flap-statistics | soft {in | out}} | unicast {flap-statistics | soft {in | out}} | ipv6 unicast {flap-statistics | soft {in | out}| soft [in | out]

Parameters

as-number

Enter an autonomous system (AS) number to reset neighbors belonging to that AS. If used without a qualifier, the keyword resets all neighbors belonging to that AS. Range: 1 to 65535 (OPTIONAL) Enter the keyword flap-statistics to clear all flap statistics belonging to that AS or a specified address family within that AS. (OPTIONAL) Enter the keyword ipv4 to select options for that address family. (OPTIONAL) Enter the keyword ipv6 to select options for that address family. (OPTIONAL) Enter the keyword unicast to select the unicast option within the selected address family. (OPTIONAL) Enter the keyword multicast to select the multicast option within the selected address family. Multicast is supported on IPv4 only (OPTIONAL) Enter the keyword soft to configure and activate policies without resetting the BGP TCP session, that is, BGP Soft Reconfiguration.

flap-statistics

ipv4 ipv6 unicast multicast

soft

Note: If you enter clear ip bgp ipv6-address soft, both inbound and outbound policies are reset. in out
(OPTIONAL) Enter the keyword in to activate only inbound policies. (OPTIONAL) Enter the keyword out to activate only outbound policies.

Command Modes Command History

EXEC Privilege
Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

clear ip bgp ipv6-address

ces
Reset BGP sessions specific to an IPv6 address on the E-Series. The soft parameter (BGP Soft Reconfiguration) clears the policies without resetting the TCP connection.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

799

clear ip bgp peer-group clear ip bgp ipv6-address [flap-statistics | ipv4 {multicast {flap-statistics | soft {in | out}} | unicast {flap-statistics | soft {in | out}} | ipv6 unicast {flap-statistics | soft {in | out}| soft [in | out] ipv6-address
Enter an IPv6 address to reset neighbors belonging to that IP. Used without a qualifier, the keyword resets all neighbors belonging to that IP. (OPTIONAL) Enter the keyword flap-statistics to clear all flap statistics belonging to that AS or a specified address family within that IP. (OPTIONAL) Enter the keyword ipv4 to select options for that address family. (OPTIONAL) Enter the keyword ipv6 to select options for that address family. (OPTIONAL) Enter the keyword unicast to select the unicast option within the selected address family. (OPTIONAL) Enter the keyword multicast to select the multicast option within the selected address family. Multicast is supported on IPv4 only (OPTIONAL) Enter the keyword soft to configure and activate policies without resetting the BGP TCP session, that is, BGP Soft Reconfiguration.

Syntax

Parameters

flap-statistics

ipv4 ipv6 unicast multicast

soft

Command Modes Command History

EXEC Privilege
Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

clear ip bgp peer-group

ces
Syntax Parameters

Reset a peer-groups BGP sessions. clear ip bgp peer-group peer-group-name peer-group-name

Enter the peer group name to reset the BGP sessions within that peer group.

Command Modes

EXEC Privilege

800

IPv6 Border Gateway Protocol (IPv6 BGP)

clear ip bgp ipv6 dampening

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

clear ip bgp ipv6 dampening

ces
Syntax Parameters

Clear information on route dampening and return suppressed route to active state. clear ip bgp ipv6 unicast dampening [ipv6-address] ipv6-address
Enter the IPv6 address in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 The :: notation specifies successive hexadecimal fields of zeros

Command Modes Command History

EXEC Privilege
Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

After you enter this command, the software deletes history routes and returns suppressed routes to active state.

clear ip bgp ipv6 flap-statistics

ces
Syntax

Clear BGP flap statistics, which includes number of flaps and the time of the last flap. clear ip bgp ipv6 unicast flap-statistics [ipv6-address | filter-list as-path-name | regexp regular-expression] ipv6-address
(OPTIONAL) Enter the IPv6 address in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 The :: notation specifies successive hexadecimal fields of zeros

Parameters

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

801

clear ip bgp ipv6 unicast soft

filter-list as-path-name regexp regular-expression

(OPTIONAL) Enter the keyword filter-list followed by the name of a configured AS-PATH list. (OPTIONAL) Enter the keyword regexp followed by regular expressions. Use one or a combination of the following: . (period) matches on any single character, including white space * (asterisk) matches on sequences in a pattern (zero or more sequences) + (plus sign) matches on sequences in a pattern (one or more sequences) ? (question mark) matches sequences in a pattern (0 or 1 sequences) [ ] (brackets) matches a range of single-character patterns. ^ (caret) matches the beginning of the input string. (If the caret is used at the beginning of a sequence or range, it matches on everything BUT the characters specified.) $ (dollar sign) matches the end of the output string.

Command Modes Command History

EXEC Privilege
Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information Related Commands

If you enter clear ip bgp ipv6 flap-statistics without any parameters, all statistics are cleared.

show ip bgp ipv6 unicast flap-statistics

View BGP flap statistics.

clear ip bgp ipv6 unicast soft

c et s
Syntax

Clear and reapply policies for IPv6 unicast routes without resetting the TCP connection; that is, perform BGP soft reconfiguration. clear ip bgp {* | as-number | ipv4-neighbor-addr | ipv6-neighbor-addr | peer-group name} ipv6 unicast soft [in | out] *
as-number Clear and reapply policies for all BGP sessions. Clear and reapply policies for all neighbors belonging to the AS. Range: 0-65535 (2-Byte) or 1-4294967295 (4-Byte) or 0.1-65535.65535 (Dotted format)

Parameters

ipv4-neighbor-addr | ipv6-neighbor-addr peer-group name

Clear and reapply policies for a neighbor. Clear and reapply policies for all BGP routers in the specified peer group.

802

IPv6 Border Gateway Protocol (IPv6 BGP)

debug ip bgp

ipv6 unicast in out

Clear and reapply policies for all IPv6 unicast routes. Reapply only inbound policies. Note: If you enter soft, without an in or out option, both inbound and outbound policies are reset. Reapply only outbound policies. Note: If you enter soft, without an in or out option, both inbound and outbound policies are reset.

Command Modes Command History

EXEC Privilege
Version 8.4.1.0 Version 7.8.1.0 Version 7.7.1.0 Version 7.2.1.0 Added support for IPv4 multicast and IPv6 unicast routes Introduced support on S-Series Introduced support on C-Series Introduced on the E-Series TeraScale

debug ip bgp
ces
Syntax

Allows you to view all information on BGP, including BGP events, keepalives, notifications, and updates. debug ip bgp [ipv6-address | peer-group peer-group-name] [in | out] To disable all BGP debugging, enter no debug ip bgp.

Parameters

ipv6-address

(OPTIONAL) Enter the IPv6 address in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 The :: notation specifies successive hexadecimal fields of zeros.

peer-group peer-group-name in out

Enter the keyword peer-group followed by the name of the peer group. (OPTIONAL) Enter the keyword in to view only information on inbound BGP routes. (OPTIONAL) Enter the keyword out to view only information on outbound BGP routes.

Command Modes Command History

EXEC Privilege
Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

To view information on both incoming and outgoing routes, do not include the in and out parameters in the debugging command. The in and out parameters cancel each other; for example, if you enter debug ip bgp in and then enter debug ip bgp out, you will not see information on the incoming routes. Entering a no debug ip bgp command removes all configured debug commands for BGP.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

803

debug ip bgp events

Related Commands

debug ip bgp events debug ip bgp keepalives debug ip bgp notifications debug ip bgp updates

View information about BGP events. View information about BGP keepalives. View information about BGP notifications. View information about BGP updates.

debug ip bgp events

ces
Syntax

Allows you to view information on local BGP state changes and other BGP events. debug ip bgp [ipv6-address | peer-group peer-group-name] events [in | out] To disable debugging, use the no debug ip bgp ipv6-address | peer-group peer-group-name] events command.

Parameters

ipv6-address

(OPTIONAL) Enter the IPv6 address in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 The :: notation specifies successive hexadecimal fields of zeros.

peer-group peer-group-name in out

(OPTIONAL) Enter the keyword peer-group followed by the name of the peer group. (OPTIONAL) Enter the keyword in to view only events on inbound BGP messages. (OPTIONAL) Enter the keyword out to view only events on outbound BGP messages.

Command Modes Command History

EXEC Privilege
Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

Enter the no debug ip bgp command to remove all configured debug commands for BGP.

debug ip bgp ipv6 dampening

ces
Syntax

View information on IPv6 routes being dampened. debug ip bgp ipv6 unicast dampening [in | out] To disable debugging, enter no debug ip bgp ipv6 unicast dampening.

804

IPv6 Border Gateway Protocol (IPv6 BGP)

debug ip bgp ipv6 unicast soft-reconfiguration

Parameters

in out

(OPTIONAL) Enter the keyword in to view only inbound dampened routes. (OPTIONAL) Enter the keyword out to view only outbound dampened routes.

Command Modes Command History

EXEC Privilege
Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information Related Commands

Enter no debug ip bgp command to remove all configured debug commands for BGP.

show ip bgp ipv6 unicast dampened-paths

View BGP dampened routes.

debug ip bgp ipv6 unicast soft-reconfiguration

c et s
Syntax

Enable soft-reconfiguration debugging for IPv6 unicast routes. debug ip bgp [ipv4-address | ipv6-address | peer-group-name] ipv6 unicast soft-reconfiguration To disable debugging, use the no debug ip bgp [ipv4-address | ipv6-address | peer-group-name] ipv6 unicast soft-reconfiguration command.

Parameters

ipv4-address | ipv6-address peer-group-name ipv6 unicast

Defaults Command Modes Usage Information Command History

Disabled EXEC Privilege This command turns on BGP soft-reconfiguration inbound debugging for IPv6 unicast routes. If no neighbor is specified, debug is turned on for all neighbors.
Version 8.4.1.0 Version 7.8.1.0 Version 7.7.1.0 Version 7.2.1.0 Added support for IPv4 multicast and IPv6 unicast routes Introduced support on S-Series Introduced support on C-Series Introduced on the E-Series TeraScale

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

805

debug ip bgp keepalives

ces
Syntax

Allows you to view information about BGP keepalive messages. debug ip bgp [ipv6-address | peer-group peer-group-name] keepalives [in | out] To disable debugging, use the no debug ip bgp [ip-address | peer-group peer-group-name] keepalives [in | out] command.

Parameters

ipv6-address

(OPTIONAL) Enter the IPv6 address in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 The :: notation specifies successive hexadecimal fields of zeros.

peer-group peer-group-name in out

(OPTIONAL) Enter the keyword peer-group followed by the name of the peer group. (OPTIONAL) Enter the keyword in to view only inbound keepalive messages. (OPTIONAL) Enter the keyword out to view only outbound keepalive messages.

Command Modes Command History

EXEC Privilege
Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

Enter the no debug ip bgp command to remove all configured debug commands for BGP.

debug ip bgp notifications

ces
Syntax

Allows you to view information about BGP notifications received from neighbors. debug ip bgp [ipv6-address | peer-group peer-group-name] notifications [in | out] To disable debugging, use the no debug ip bgp [ip-address | peer-group peer-group-name] notifications [in | out] command.

Parameters

ipv6-address

(OPTIONAL) Enter the IPv6 address in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 The :: notation specifies successive hexadecimal fields of zeros.

peer-group peer-group-name

(OPTIONAL) Enter the keyword peer-group followed by the name of the peer group.

806

IPv6 Border Gateway Protocol (IPv6 BGP)

debug ip bgp updates

in out

(OPTIONAL) Enter the keyword in to view BGP notifications received from neighbors. (OPTIONAL) Enter the keyword out to view BGP notifications sent to neighbors.

Command Modes Command History

EXEC Privilege
Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

Enter the no debug ip bgp command to remove all configured debug commands for BGP.

debug ip bgp updates

ces
Syntax

Parameters

ipv6-address

(OPTIONAL) Enter the IPv6 address in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 The :: notation specifies successive hexadecimal fields of zeros.

peer-group peer-group-name ipv6 unicast [ipv6-address] in out

(OPTIONAL) Enter the keyword peer-group followed by the name of the peer group. (OPTIONAL) Enter the keyword ipv6 unicast, and, optionally, an ipv6 address. (OPTIONAL) Enter the keyword in to view only BGP updates received from neighbors. (OPTIONAL) Enter the keyword out to view only BGP updates sent to neighbors.

Command Modes Command History

EXEC Privilege
Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

Enter the no debug ip bgp command to remove all configured debug commands for BGP.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

807

default-metric

default-metric
ces
Syntax

Allows you to change the metrics of redistributed routes to locally originated routes. Use this command with the redistribute command. default-metric number To return to the default setting, enter no default-metric.

Parameters

number

Enter a number as the metric to be assigned to routes from other protocols. Range: 1 to 4294967295.

Defaults Command Modes Command History

0 ROUTER BGP
Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information Related Commands

The default-metric command in BGP sets the value of the BGP MULTI_EXIT_DISC (MED) attribute for redistributed routes only.
bgp always-compare-med redistribute Enable comparison of all BGP MED attributes. Redistribute routes from other routing protocols into BGP.

description
ces
Syntax

Enter a description of the BGP routing protocol description {description} To remove the description, use the no description {description} command.

Parameters

description

Enter a description to identify the BGP protocol (80 characters maximum).

Defaults Command Modes Command History

No default behavior or values ROUTER BGP

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale Enter ROUTER mode on the switch.

Related Commands

router bgp

808

IPv6 Border Gateway Protocol (IPv6 BGP)

distance bgp

distance bgp
ces
Syntax

Configure three administrative distances for routes. distance bgp external-distance internal-distance local-distance To return to default values, enter no distance bgp.

Parameters

external-distance

internal-distance

local-distance

Defaults Command Modes Command History

external-distance = 20; internal-distance = 200; local-distance = 200. ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

maximum-paths
ces
Syntax

Configure the maximum number of parallel routes (multipath support) BGP supports. maximum-paths {ebgp | ibgp} number To return to the default values, enter no maximum-paths.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

809

neighbor activate

Parameters

ebgp ibgp number

Enter the keyword ebgp to enable multipath support for External BGP routes. Enter the keyword ibgp to enable multipath support for Internal BGP routes. Enter a number as the maximum number of parallel paths. Range: 1 to 16 Default: 1

Defaults Command Modes Command History

1 ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

If you enable this command, use the capture bgp-pdu max-buffer-size command to recompute the best path.

neighbor activate
ces
Syntax

This command allows the specified neighbor/peer group to be enabled for the current AFI/ SAFI. neighbor {ipv6-address | peer-group-name} activate To disable, use the no neighbor {ipv6-address | peer-group-name} activate command.

Parameters

ipv6-address peer-group-name activate

Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. Identify a peer group by name. Enter the keyword activate to enable the identified neighbor or peer group in the new AFI/SAFI.

Defaults Command Modes Command History

Disabled ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

By default, when a neighbor/peer group configuration is created in the Router BGP context, it is enabled for the IPv6/Unicast AFI/SAFI. By using activate in the new context, the neighbor/ peer group is enabled for AFI/SAFI.

810

IPv6 Border Gateway Protocol (IPv6 BGP)

neighbor advertisement-interval

neighbor advertisement-interval
ces
Syntax

Set the advertisement interval between BGP neighbors or within a BGP peer group. neighbor {ipv6-address | peer-group-name} advertisement-interval seconds To return to the default value, use the no neighbor {ipv6-address | peer-group-name} advertisement-interval command.

Parameters

ipv6-address peer-group-name seconds

Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. Enter the name of the peer group to set the advertisement interval for all routers in the peer group. Enter a number as the time interval, in seconds, between BGP advertisements. Range: 0 to 600 seconds. Default: 5 seconds for internal BGP peers; 30 seconds for external BGP peers.

Defaults Command Modes Command History

seconds = 5 seconds (internal peers); seconds = 30 seconds (external peers) ROUTER BGPV6-ADDRESS FAMILY
Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

neighbor allowas-in
ces
Syntax

Parameters

ip-address peer-group-name number

Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros.

Enter the name of the peer group to set the advertisement interval for all routers in the peer group. Enter a number of times to allow this neighbor ID to use the AS path. Range: 1 to 10.

Defaults

Not configured.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

811

neighbor default-originate

Command Modes Related Commands Command History

ROUTER BGP bgp four-octet-as-support

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Enable 4-Byte support for the BGP process.

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

neighbor default-originate
ces
Syntax

Inject the default route to a BGP peer or neighbor. neighbor {ipv6-address | peer-group-name} default-originate [route-map map-name] To remove a default route, use the no neighbor {ipv6-address | peer-group-name} default-originate [route-map map-name] command.

Parameters

ipv6-address peer-group-name route-map map-name

Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. Enter the name of the peer group to set the default route of all routers in that peer group. (OPTIONAL) Enter the keyword route-map followed by the name of a configured route map.

Defaults Command Modes Command History

Not configured. ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

If you apply a route map to a BGP peer or neighbor with the neighbor default-originate command configured, the software does not apply the set filters in the route map to that BGP peer or neighbor.

neighbor description
ces
Syntax

Assign a character string describing the neighbor or group of neighbors (peer group). neighbor {ipv6-address | peer-group-name} description text

812

IPv6 Border Gateway Protocol (IPv6 BGP)

neighbor distribute-list To delete a description, use the no neighbor {ipv6-address | peer-group-name} description text command.
Parameters

ipv6-address peer-group-name text

Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. Enter the name of the peer group. Enter a continuous text string up to 80 characters.

Defaults Command Modes Command History

Not configured. ROUTER BGP

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

neighbor distribute-list
ces
Syntax

Distribute BGP information via an established prefix list. neighbor {ipv6-address | peer-group-name} distribute-list prefix-list-name {in | out} To delete a neighbor distribution list, use the no neighbor {ipv6-address | peer-group-name} distribute-list prefix-list-name {in | out} command.

Parameters

ipv6-address peer-group-name prefix-list-name

Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. Enter the name of the peer group. Enter the name of an established prefix list. If the prefix list is not configured, the default is permit (to allow all routes). Enter the keyword in to distribute only inbound traffic. Enter the keyword out to distribute only outbound traffic.

in out
Defaults Command Modes Command History

Not configured. ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

Other BGP filtering commands include: neighbor filter-list and neighbor route-map.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

813

neighbor ebgp-multihop

Related Commands

neighbor filter-list neighbor route-map

Assign a AS-PATH list to a neighbor or peer group. Assign a route map to a neighbor or peer group.

neighbor ebgp-multihop
ces
Syntax

Attempt and accept BGP connections to external peers on networks that are not directly connected. neighbor {ipv6-address | peer-group-name} ebgp-multihop [ttl] To disallow and disconnect connections, use the no neighbor {ipv6-address | peer-group-name} ebgp-multihop [ttl] command.

Parameters

ipv6-address peer-group-name ttl

Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. Enter the name of the peer group. (OPTIONAL) Enter the number of hops as the Time to Live (ttl) value. Range: 1 to 255. Default: 255

Defaults Command Modes Command History

Disabled. ROUTER BGP

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

To prevent loops, the neighbor ebgp-multihop command will not install default routes of the multihop peer. Networks not directly connected are not considered valid for best path selection.

neighbor fall-over
ces
Syntax

Enable or disable fast fall-over for BGP neighbors. neighbor {ipv6-address | peer-group-name} fall-over To disable, use the no neighbor {ipv6-address | peer-group-name} fall-over command.

814

IPv6 Border Gateway Protocol (IPv6 BGP)

neighbor filter-list

Parameters

ipv6-address peer-group-name

Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. Enter the name of the peer group.

Defaults Command Modes Command History

Disabled ROUTER BGP

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

When fall-over is enabled, BGP keeps track of IP or IPv6 reachability to the peer remote address and the peer local address. Whenever either address becomes unreachable (i.e, no active route exists in the routing table for peer IP or IPv6 destination/local address), BGP brings down the session with the peer.
show ip bgp ipv6 unicast neighbors Display IPv6 routing information exchanged by BGP neighbors.

Related Commands

neighbor filter-list
ces
Syntax

Configure a BGP filter based on the AS-PATH attribute. neighbor {ipv6-address | peer-group-name} filter-list as-path-name {in | out} To delete a BGP filter, use the no neighbor {ipv6-address | peer-group-name} filter-list as-path-name {in | out} command.

Parameters

ipv6-address peer-group-name as-path-name

Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. Enter the name of the peer group to apply the filter to all routers in the peer group. Enter the name of an established AS-PATH access list. If the AS-PATH access list is not configured, the default is permit (to allow routes). (16 characters maximum) Enter the keyword in to filter inbound BGP routes. Enter the keyword out to filter outbound BGP routes.

in out
Defaults Command Modes Command History

Not configured. ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Introduced on C-Series and S-Series.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

815

neighbor maximum-prefix

Version 8.2.1.0 Version 7.4.1.0

Introduced on E-Series ExaScale Introduced on E-Series TeraScale

neighbor maximum-prefix
ces
Syntax

Control the number of network prefixes received. neighbor {ipv6-address | peer-group-name} maximum-prefix maximum [threshold] [warning-only] To return to the default values, use the no neighbor {ipv6-address | peer-group-name} maximum-prefix maximum [threshold] [warning-only] command.

Parameters

ipv6-address peer-group-name maximum

Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. Enter the name of the peer group. Enter a number as the maximum number of prefixes allowed for this BGP router. Range: 1 to 4294967295. (OPTIONAL) Enter a number to be used as a percentage of the maximum value. When the number of prefixes reaches this percentage of the maximum value, the E-Series software sends a message. Range: 1 to 100 percent. Default: 75 (OPTIONAL) Enter the keyword warning-only to set the router to send a log message when the maximum value is reached. If this parameter is not set, the router stops peering when the maximum number of prefixes is reached.

threshold

warning-only

Defaults Command Modes Command History

threshold = 75 ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

If the neighbor maximum-prefix is configured and the neighbor receives more prefixes than allowed by the neighbor maximum-prefix command configuration, the neighbor goes down and the show ip bgp ipv6 unicast summary command displays (prfxd) in the State/PfxRcd column for that neighbor. The neighbor remains down until you enter the capture bgp-pdu max-buffer-size command for the neighbor or the peer group to which the neighbor belongs or you enter neighbor shutdown and neighbor no shutdown commands.
show ip bgp ipv6 unicast summary Displays the current BGP configuration.

Related Commands

816

IPv6 Border Gateway Protocol (IPv6 BGP)

neighbor X:X:X::X password

c et s
Syntax

Enable TCP MD5 Authentication for an IPv6 BGP peer session. neighbor x:x:x::x password {7 <encrypt-pass> | <clear-pass} To return to the default setting, use the no neighbor x:x:x::x password command.

Parameters

encrypt-pass clear-pass

Enter the encrypted password. Enter the clear text password.

Defaults Command Modes Command History

Disabled. ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 8.2.1.0 Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

Usage Information

The TCP session is authentication and hence prevents the data from being compromised.

neighbor next-hop-self
ces
Syntax

Allows you to configure the router as the next hop for a BGP neighbor. (This command is used for IBGP). neighbor {ipv6-address | peer-group-name} next-hop-self To return to the default setting, use the no neighbor {ipv6-address | peer-group-name} next-hop-self command.

Parameters

ipv6-address peer-group-name

Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. (OPTIONAL) Enter the name of the peer group.

Defaults Command Modes Command History

Disabled. ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

If the set ipv6 next-hop command in the ROUTE-MAP mode is configured, its configuration takes precedence over the neighbor next-hop-self command.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

817

neighbor peer-group (assigning peers)

ces
Syntax

Allows you to assign one peer to a existing peer group. neighbor ipv6-address peer-group peer-group-name To delete a peer from a peer group, use the no neighbor ipv6-address peer-group peer-group-name command.

Parameters

ipv6-address peer-group peer-group-name

Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. Enter the keyword peer-group followed by the name of a configured peer group. (maximum 16 characters)

Defaults Command Modes Command History

Not configured. ROUTER BGP

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

You can assign up to 64 peers to one peer group. When you add a peer to a peer group, it inherits all the peer groups configured parameters. A peer cannot become part of a peer group if any of the following commands are configured on the peer: neighbor advertisement-interval neighbor distribute-list out neighbor filter-list out neighbor next-hop-self neighbor route-map out neighbor route-reflector-client neighbor send-community

A neighbor may keep its configuration after it was added to a peer group if the neighbors configuration is more specific than the peer groups, and the neighbors configuration does not affect outgoing updates. A peer group must exist before you add a peer to it. If the peer group is disabled (shutdown) the peers within the group are also disabled (shutdown).
Related Commands capture bgp-pdu max-buffer-size neighbor peer-group (creating group) show ip bgp ipv6 unicast peer-group show ip bgp ipv6 unicast neighbors Resets BGP sessions. Create a peer group. View BGP peers. View BGP neighbors configurations.

818

IPv6 Border Gateway Protocol (IPv6 BGP)

neighbor peer-group (creating group)

ces
Syntax

Allows you to create a peer group and assign it a name. neighbor peer-group-name peer-group To delete a peer group, use the no neighbor peer-group-name peer-group command.

Parameters

peer-group-name Not configured. ROUTER BGP

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Enter a text string up to 16 characters long as the name of the peer group.

Defaults Command Modes Command History

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information Related Commands

When a peer group is created, it is disabled (shut mode).

neighbor peer-group (assigning peers) neighbor remote-as neighbor shutdown

Assign routers to a peer group. Assign a indirectly connected AS to a neighbor or peer group. Disable a peer or peer group.

neighbor peer-group passive

ces
Syntax

Enable passive peering on a BGP peer group, that is, the peer group does not send an OPEN message, but will respond to one. neighbor peer-group-name peer-group passive To delete a passive peer-group, use the no neighbor peer-group-name peer-group passive command.

Parameters

peer-group-name Not configured. ROUTER BGP

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Enter a text string up to 16 characters long as the name of the peer group.

Defaults Command Modes Command History

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

819

neighbor remote-as

Usage Information Related Commands

After you configure a peer group as passive, you must assign it a subnet using the neighbor subnet command.
neighbor subnet Assign a subnet to a dynamically-configured BGP neighbor.

neighbor remote-as
ces
Syntax

Create and specify the remote peer to the BGP neighbor. neighbor {ipv6-address | peer-group-name} remote-as number To delete a remote AS entry, use the no neighbor {ipv6-address | peer-group-name} remote-as number command.

Parameters

ipv6-address peer-group-name number

Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. Enter the name of the peer group to enter the remote AS into routing tables of all routers within the peer group. Enter a number of the AS. Range: 1 to 65535.

Defaults Command Modes Command History

Not configured. ROUTER BGP

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

If the number parameter is the same as the AS number used in the router bgp command, the remote AS entry in the neighbor is considered an internal BGP peer entry. This command creates a peer and the newly created peer is disabled (shutdown).

Related Commands

router bgp

Enter the ROUTER BGP mode and configure routes in an AS.

neighbor remove-private-as
ces
Syntax

Remove private AS numbers from the AS-PATH of outgoing updates. neighbor {ipv6-address | peer-group-name} remove-private-as

820

IPv6 Border Gateway Protocol (IPv6 BGP)

neighbor route-map To return to the default, use the no neighbor {ipv6-address | peer-group-name} remove-private-as command.
Parameters

ipv6-address peer-group-name

Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. Enter the name of the peer group to remove the private AS numbers

Defaults Command Modes Command History

Disabled (that is, private AS number are not removed). ROUTER BGPV6-ADDRESS FAMILY
Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

Applies to EBGP neighbors only. If the AS-PATH contains both public and private AS number or contains AS numbers of an EBGP neighbor, the private AS numbers are not removed. If a confederation contains private AS numbers in its AS-PATH, the software removes the private AS numbers only if they follow the confederation numbers in the AS path. Private AS numbers are 64512 to 65535.

neighbor route-map
ces
Syntax

Apply an established route map to either incoming or outbound routes of a BGP neighbor or peer group. neighbor {ipv6-address | peer-group-name} route-map map-name {in | out} To remove the route map, use the no neighbor {ipv6-address | peer-group-name} route-map map-name {in | out} command.

Parameters

ipv6-address peer-group-name map-name

Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. Enter the name of the peer group. Enter the name of an established route map. If the Route map is not configured, the default is deny (to drop all routes). Enter the keyword in to filter inbound routes. Enter the keyword out to filter outbound routes.

in out
Defaults Command Modes

Not configured. ROUTER BGPV6-ADDRESS FAMILY Publication Date: July 20, 2011 821

Command Line Reference for FTOS version 8.4.2.4

neighbor route-reflector-client

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

When you apply a route map to outbound routes, only routes that match at least one section of the route map are permitted. If you identify a peer group by name, the peers in that peer group inherit the characteristics in the Route map used in this command. If you identify a peer by IP address, the Route map overwrites either the inbound or outbound policies on that peer.

neighbor route-reflector-client
ces
Syntax

Configure a neighbor as a member of a route reflector cluster. neighbor {ipv6-address | peer-group-name} route-reflector-client To indicate that the neighbor is not a route reflector client or to delete a route reflector configuration, use the no neighbor {ipv6-address | peer-group-name} route-reflector-client command.

Parameters

ipv6-address peer-group-name

Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. Enter the name of the peer group. All routers in the peer group receive routes from a route reflector.

Defaults Command Modes Command History

Not configured. ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

The first time you enter this command it configures the neighbor as a route reflector and members of the route-reflector cluster. Internal BGP (IBGP) speakers do not need to be fully meshed if you configure a route reflector. When all clients of a route reflector are disabled, the neighbor is no longer a route reflector.

neighbor send-community
ces
Send a COMMUNITY attribute to a BGP neighbor or peer group. A COMMUNITY attribute indicates that all routes with that attribute belong to the same community grouping.

822

IPv6 Border Gateway Protocol (IPv6 BGP)

neighbor shutdown neighbor {ipv6-address | peer-group-name} send-community To disable sending a COMMUNITY attribute, use the no neighbor {ipv6-address | peer-group-name} send-community command.
Parameters

Syntax

ipv6-address peer-group-name

Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. Enter the name of the peer group to send a COMMUNITY attribute to all routers within the peer group.

Defaults Command Modes Command History

Not configured and COMMUNITY attributes are not sent to neighbors. ROUTER BGP
Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

neighbor shutdown
ces
Syntax

Disable a BGP neighbor or peer group. neighbor {ipv6-address | peer-group-name} shutdown To enable a disabled neighbor or peer group, use the no neighbor {ipv6-address | peer-group-name} shutdown command.

Parameters

ipv6-address peer-group-name

Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. Enter the name of the peer group to disable or enable all routers within the peer group.

Defaults Command Modes Command History

Enabled (that is, BGP neighbors and peer groups are disabled.) ROUTER BGP
Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

Peers that are enabled within a peer group are disabled when their peer group is disabled. The neighbor shutdown command terminates all BGP sessions on the BGP neighbor or BGP peer group. Use this command with caution as it terminates the specified BGP sessions. When a neighbor or peer group is shutdown, use the show ip bgp ipv6 unicast summary command to confirm its status.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

823

neighbor soft-reconfiguration inbound

Related Commands

show ip bgp ipv6 unicast summary show ip bgp ipv6 unicast neighbors

Display the current BGP configuration. Display IPv6 routing information exchanged by BGP neighbors.

neighbor soft-reconfiguration inbound

c ets
Syntax

Enable a BGP soft-reconfiguration and start storing updates for inbound IPv6 unicast routes. neighbor {ipv4-address | ipv6-address | peer-group-name} soft-reconfiguration inbound ipv4-address | ipv6-address peer-group-name
Enter the IP address of the neighbor for which you want to start storing inbound routing updates. Enter the name of the peer group for which you want to start storing inbound routing updates.

Parameters

Defaults Command Modes Usage Information

Disabled ROUTER BGPv6 ADDRESS FAMILY (conf-router_bgpv6_af) This command enables soft-reconfiguration for the specified BGP neighbor. BGP will store all updates for inbound IPv6 unicast routes received by the neighbor but will not reset the peer-session.

Caution: Inbound update storage is a memory-intensive operation. The entire BGP

update database from the neighbor is stored in memory regardless of the inbound policy results applied on the neighbor.
Related Commands Command History

show ip bgp ipv6 unicast neighbors Version 8.4.1.0 Version 7.8.1.0 Version 7.7.1.0 Version 7.4.1.0

Display IPv6 routing information exchanged by BGP neighbors.

Added support for IPv4 multicast and IPv4 unicast address families Introduced support on S-Series Introduced support on C-Series Introduced

neighbor subnet
ces
Syntax

Enable passive peering so that the members of the peer group are dynamic neighbor peer-group-name subnet subnet-number mask

824

IPv6 Border Gateway Protocol (IPv6 BGP)

neighbor timers To remove passive peering, use the no neighbor peer-group-name subnet subnet-number mask command.
Parameters

subnet-number

Enter a subnet number in dotted decimal format (A.B.C.D.) as the allowable range of addresses included in the Peer group. To allow all addresses, enter 0::0/0. Enter a prefix mask in / prefix-length format (/x).

mask
Defaults Command Modes Command History

Not configured. ROUTER BGP

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

neighbor timers
ces
Syntax

Set keepalive and hold time timers for a BGP neighbor or a peer group. neighbor {ipv6-address | peer-group-name} timers keepalive holdtime To return to the default values, use the no neighbor {ipv6-address | peer-group-name} timers command.

Parameters

ipv6-address peer-group-name keepalive

Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. Enter the name of the peer group to set the timers for all routers within the peer group. Enter a number for the time interval, in seconds, between keepalive messages sent to the neighbor routers. Range: 1 to 65535 Default: 60 seconds Enter a number for the time interval, in seconds, between the last keepalive message and declaring the router dead. Range: 3 to 65535 Default: 180 seconds

holdtime

Defaults Command Modes Command History

keepalive = 60 seconds; holdtime = 180 seconds. ROUTER BGP

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

825

neighbor update-source

Usage Information

Timer values configured with the neighbor timers command override the timer values configured with the timers bgp command. When two neighbors, configured with different keepalive and holdtime values, negotiate for new values, the resulting values will be as follows: the lower of the holdtime values is the new holdtime value, and whichever is the lower value; one-third of the new holdtime value, or the configured keepalive value is the new keepalive value.

neighbor update-source
ces
Syntax

Enable the E-Series software to use Loopback interfaces for TCP connections for BGP sessions. neighbor {ipv6-address | peer-group-name} update-source loopback interface To use the closest interface, use the no neighbor {ipv6-address | peer-group-name} update-source loopback interface command.

Parameters

ipv6-address peer-group-name loopback interface

Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. Enter the name of the peer group to disable all routers within the peer group. Enter the keyword loopback followed by a number of the loopback interface. Range: 0 to 16383.

Defaults Command Modes Command History

Not configured. ROUTER BGP

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

826

IPv6 Border Gateway Protocol (IPv6 BGP)

neighbor weight

neighbor weight
ces
Syntax

Assign a weight to the neighbor connection, which is used to determine the best path. neighbor {ipv6-address | peer-group-name} weight weight To remove a weight value, use the no neighbor {ipv6-address | peer-group-name} weight weight command.

Parameters

ipv6-address peer-group-name weight

Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. Enter the name of the peer group to disable all routers within the peer group. Enter a number as the weight. Range: 0 to 65535 Default: 0

Defaults Command Modes Command History

0 ROUTER BGP
Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

In the FTOS best path selection process, the path with the highest weight value is preferred.

Note: Reset the neighbor connection (capture bgp-pdu max-buffer-size * command) to apply the weight to the connection and recompute the best path.

network
ces
Syntax

Specify the networks for the BGP process and enter them in the BGP routing table. network ipv6-address prefix-length [route-map map-name] To remove a network, use the no network ip-address mask [route-map map-name] command.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

827

network backdoor

Parameters

ipv6-address prefix-length

Enter the IPv6 address in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 The :: notation specifies successive hexadecimal fields of zeros.

mask

Enter the mask of the IP address in the slash prefix length format (for example, /24). The mask appears in command outputs in dotted decimal format (A.B.C.D). (OPTIONAL) Enter the keyword route-map followed by the name of an established route map. Only the following ROUTE-MAP mode commands are supported: match ipv6 address match ipv6 next-hop match ipv6 route-source set ipv6 next-hop If the route map is not configured, the default is deny (to drop all routes).

route-map map-name

Defaults Command Modes Command History

Not configured. ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

The E-Series software resolves the network address configured by the network command with the routes in the main routing table to ensure that the networks are reachable via non-BGP routes and non-default routes.
redistribute Redistribute routes into BGP.

Related Commands

network backdoor
ces
Syntax

Specify this IGP route as the preferred route. network ipv6-address prefix-length backdoor To remove a network, use the no network ipv6-address prefix-length backdoor command.

Parameters

ipv6-address prefix-length

Enter the IPv6 address in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 The :: notation specifies successive hexadecimal fields of zeros.

828

IPv6 Border Gateway Protocol (IPv6 BGP)

redistribute

Defaults Command Modes Command History

Not configured. ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

Though FTOS does not generate a route due to backdoor config, there is an option for injecting/sourcing a local route in presence of network backdoor config on a learned route.

redistribute
ces
Syntax

Redistribute routes into BGP. redistribute {connected | static} [route-map map-name] To disable redistribution, use the no redistribution {connected | static} command.

Parameters

connected static route-map map-name

Enter the keyword connected to redistribute routes from physically connected interfaces. Enter the keyword static to redistribute manually configured routes. These routes are treated as incomplete routes. (OPTIONAL) Enter the keyword route-map followed by the name of an established route map. Only the following ROUTE-MAP mode commands are supported: match ipv6 address match ipv6 next-hop match ipv6 route-source set ipv6 next-hop If the route map is not configured, the default is deny (to drop all routes).

Defaults Command Modes Command History

Not configured. ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

If you do not configure default-metric command, in addition to the redistribute command, or there is no route map to set the metric, the metric for redistributed static and connected is 0. To redistribute the default route (0::0/0) configure the neighbor default-originate command.

Related Commands

neighbor default-originate

Inject the default route.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

829

redistribute isis

redistribute isis
ces
Syntax

Redistribute IS-IS routes into BGP. redistribute isis [level-1 | level-1-2 | level-2] [metric metric-value | metric-type {external | internal}] [route-map map-name] To stop redistribution of IS-IS routes, use the no redistribute isis command.

Parameters

level-1 | level-1-2 | level-2] metric metric-type

(OPTIONAL) Enter the type (level) of routes to redistribute.

(OPTIONAL) Assign metric to an interface for use with IPv6 information (OPTIONAL) The external link type associated with the default route advertised into a routing domain. You must specify one of the following:

external internal (Default) route-map map-name

(OPTIONAL) Enter the keyword route-map followed by the name of an established route map. Only the following ROUTE-MAP mode commands are supported: match ipv6 address match ipv6 next-hop match ipv6 route-source set ipv6 next-hop If the route map is not configured, the default is deny (to drop all routes). Defaults Command Modes Command History

Not configured. ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

redistribute ospf
ces
Syntax

Redistribute OSPFv3 routes into BGP. redistribute ospf process-id [[match external {1 | 2}] [match internal]] [route-map map-name] To stop redistribution of OSPF routes, use the no redistribute ospf process-id command.

830

IPv6 Border Gateway Protocol (IPv6 BGP)

router bgp

Parameters

process-id match external {1 | 2} match internal route-map map-name

Enter the number of the OSPFv3 process. Range: 1 to 65535 (OPTIONAL) Enter the keywords match external to redistribute OSPF external routes. You can specify 1 or 2 to redistribute those routes only. (OPTIONAL) Enter the keywords match internal to redistribute OSPFv3 internal routes only. (OPTIONAL) Enter the keyword route-map followed by the name of an established route map. Only the following ROUTE-MAP mode commands are supported: match ipv6 address match ipv6 next-hop match ipv6 route-source set ipv6 next-hop If the route map is not configured, the default is deny (to drop all routes).

Defaults Command Modes Command History

Not configured. ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

When you enter redistribute ospf process-id command without any other parameters, FTOS redistributes all OSPF internal routes, external type 1 routes, and external type 2 routes.

router bgp
ces
Syntax

Enter ROUTER BGP mode to configure and enable BGP. router bgp as-number To disable BGP, use the no router bgp as-number command.

Parameters

as-number

Enter the AS number. Range: 1 to 65535.

Defaults Command Modes Command History

Not enabled. CONFIGURATION

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

831

show capture bgp-pdu neighbor

ces
Syntax Parameters

Display BGP packet capture information for an IPv6 address on the E-Series. show capture bgp-pdu neighbor ipv6-address ipv6-address EXEC EXEC Privilege
Enter the IPv6 address (X:X:X:X::X) of a BGP neighbor.

Command Modes

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale Enable capture of an IPv6 BGP neighbor packet. Specify a size for the capture buffer.

Related Commands

capture bgp-pdu neighbor (ipv6) capture bgp-pdu max-buffer-size

show config
ces
Syntax Command Modes Example

View the current ROUTER BGP configuration. show config ROUTER BGPV6-ADDRESS FAMILY Figure 282 show config Command Example (Partial)
Force10(conf-router_bgp)#show conf ! router bgp 18508 neighbor RR-CLIENT peer-group neighbor RR-CLIENT remote-as 18508 neighbor RR-CLIENT no shutdown neighbor RR-CLIENT-PASSIV peer-group passive neighbor RR-CLIENT-PASSIV remote-as 18508 neighbor RR-CLIENT-PASSIV subnet 9000::9:0/120 neighbor RR-CLIENT-PASSIV no shutdown neighbor 1109::33 remote-as 18508 neighbor 1109::33 update-source Loopback 101 neighbor 1109::33 no shutdown neighbor 2222::220 remote-as 18508 neighbor 2222::220 route-reflector-client neighbor 2222::220 update-source Loopback 100 neighbor 2222::220 no shutdown neighbor 4000::33 remote-as 18508 neighbor 4000::33 no shutdown neighbor 4000::60 remote-as 18508 neighbor 4000::60 no shutdown neighbor 9000::1:2 remote-as 640 no neighbor 9000::1:2 activate neighbor 9000::1:2 no shutdown ! Force10#

832

IPv6 Border Gateway Protocol (IPv6 BGP)

show ip bgp ipv6 unicast

ces
Syntax Parameters

View the current BGP routing table for the E-Series. show ip bgp ipv6 unicast [network [network-mask] [longer-prefixes]] network network-mask longer-prefixes
(OPTIONAL) Enter the network address (in dotted decimal format) of the BGP network to view information only on that network. (OPTIONAL) Enter the network mask (in slash prefix format) of the BGP network address. (OPTIONAL) Enter the keyword longer-prefixes to view all routes with a common prefix.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

When you enable bgp non-deterministic-med command, the show ip bgp command output for a BGP route does not list the INACTIVE reason.

show ip bgp ipv6 unicast cluster-list

ces
Syntax Parameters

View BGP neighbors in a specific cluster. show ip bgp ipv6 unicast cluster-list [cluster-id] cluster-id EXEC EXEC Privilege
(OPTIONAL) Enter the cluster id in dotted decimal format.

Command Modes

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

833

show ip bgp ipv6 unicast community

ces
Syntax

View information on all routes with Community attributes or view specific BGP community groups. show ip bgp ipv6 unicast community [community-number] [local-as] [no-export] [no-advertise] community-number
Enter the community number in AA:NN format where AA is the AS number (2 bytes) and NN is a value specific to that autonomous system. You can specify up to eight community numbers to view information on those community groups. Enter the keywords local-AS to view all routes with the COMMUNITY attribute of NO_EXPORT_SUBCONFED. All routes with the NO_EXPORT_SUBCONFED (0xFFFFFF03) community attribute must not be advertised to external BGP peers. Enter the keywords no-advertise to view all routes containing the well-known community attribute of NO_ADVERTISE. All routes with the NO_ADVERTISE (0xFFFFFF02) community attribute must not be advertised to other BGP peers. Enter the keywords no-export to view all routes containing the well-known community attribute of NO_EXPORT. All routes with the NO_EXPORT (0xFFFFFF01) community attribute must not be advertised outside a BGP confederation boundary.

Parameters

local-AS

no-advertise

no-export

Command Modes

EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Usage Information

To view the total number of COMMUNITY attributes found, use the show ip bgp ipv6 unicast summary command. The text line above the route table states the number of COMMUNITY attributes found.

show ip bgp ipv6 unicast community-list

ces
Syntax Parameters

View routes that are affected by a specific community list. show ip bgp ipv6 unicast community-list community-list-name [exact-match] community-list-name exact-match
Enter the name of a configured IP community list. (OPTIONAL) Enter exact-match to display only for an exact match of the communities.

834

IPv6 Border Gateway Protocol (IPv6 BGP)

show ip bgp ipv6 unicast dampened-paths

Command Modes

EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

show ip bgp ipv6 unicast dampened-paths

ces
Syntax Command Modes

View BGP routes that are dampened (non-active). show ip bgp ipv6 unicast dampened-paths EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

show ip bgp ipv6 unicast detail

ces
Syntax Defaults Command Modes

Display BGP internal information for IPv6 Unicast address family. show ip bgp ipv6 unicast detail none EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

835

show ip bgp ipv6 unicast extcommunity-list

ces
Syntax Parameters

View information on all routes with Extended Community attributes. show ip bgp ipv6 unicast extcommunity-list [list name] list name EXEC EXEC Privilege Enter the extended community list name you wish to view.

Command Modes

Usage Information

To view the total number of COMMUNITY attributes found, use the show ip bgp ipv6 unicast summary command. The text line above the route table states the number of COMMUNITY attributes found. The show ip bgp ipv6 unicast community command without any parameters lists BGP routes with at least one BGP community attribute and the output is the same as for the show ip bgp ipv6 unicast command output.

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

show ip bgp ipv6 unicast filter-list

ces
Syntax Parameters

View the routes that match the filter lists. show ip bgp ipv6 unicast filter-list as-path-name as-path-name EXEC EXEC Privilege
Enter the name of an AS-PATH.

Command Modes

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

836

IPv6 Border Gateway Protocol (IPv6 BGP)

show ip bgp ipv6 unicast flap-statistics

ces
Syntax

View flap statistics on BGP routes. show ip bgp ipv6 unicast flap-statistics [ipv6-address prefix-length] [filter-list as-path-name] [regexp regular-expression] ipv6-address prefix-length
Enter the IPv6 address in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 The :: notation specifies successive hexadecimal fields of zeros.

Parameters

filter-list as-path-name regexp regular-expression

(OPTIONAL) Enter the keyword filter-list followed by the name of a configured AS-PATH ACL. Enter a regular expression then use one or a combination of the following characters to match: . = (period) any single character (including a white space) * = (asterisk) the sequences in a pattern (0 or more sequences) + = (plus) the sequences in a pattern (1 or more sequences) ? = (question mark) sequences in a pattern (either 0 or 1 sequences). You must enter an escape sequence (CTRL+v) prior to entering the ? regular expression. [ ] = (brackets) a range of single-character patterns. ^ = (caret) the beginning of the input string. If the caret is used at the beginning of a sequence or range, it matches on everything BUT the characters specified. $ = (dollar sign) the end of the output string.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

837

show ip bgp ipv6 unicast inconsistent-as

ces
Syntax Command Modes

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

838

IPv6 Border Gateway Protocol (IPv6 BGP)

show ip bgp ipv6 unicast neighbors

ces
Syntax

Displays information on IPv6 unicast routes exchanged by BGP neighbors. show ip bgp ipv6 unicast neighbors [ipv4-neighbor-addr | ipv6-neighbor-addr] [advertised-routes | dampened-routes | detail | flap-statistics | routes | received-routes [network [network-mask]] | denied-routes [network [network-mask]]]
ipv6 unicast Enter the ipv6 unicast keywords to view information only related to IPv6 unicast routes. (OPTIONAL) Enter the IP address of the neighbor to view only BGP route information exchanged with that neighbor. (OPTIONAL) Enter the keywords advertised-routes to view only the routes the neighbor sent. (OPTIONAL) Enter the keyword dampened-routes to view information on dampened routes from the BGP neighbor. (OPTIONAL) Enter the keyword detail to view neighbor-specific internal information for the IPv4 Unicast address family. (OPTIONAL) Enter the keyword flap-statistics to view flap statistics on the neighbors routes. (OPTIONAL) Enter the keywords routes to view only the neighbors feasible routes. (OPTIONAL) Enter the keywords received-routes followed by either the network address (in dotted decimal format) or the network mask (in slash prefix format) to view all information received from neighbors. Note: neighbor soft-reconfiguration inbound must be configured prior to viewing all the information received from the neighbors. (OPTIONAL) Enter the keywords denied-routes followed by either the network address (in dotted decimal format) or the network mask (in slash prefix format) to view all information on routes denied via neighbor inbound filters.

Parameters

ipv4-neighbor-addr | ipv6-neighbor-addr advertised-routes dampened-routes detail flap-statistics routes received-routes [network [network-mask] denied-routes [network [network-mask]
Command Modes

EXEC EXEC Privilege

Command History

Version 8.4.1.0 Version 8.2.1.0 Version 7.8.1.0 Version 7.7.1.0 Version 7.5.1.0 Version 7.2.1.0 Version 6.3.10

Added support for IPv4 multicast and IPv6 unicast address families Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Added detail option and output now displays default MED value Added received and denied route options The output is changed to display the total number of advertised prefixes

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

839

show ip bgp ipv6 unicast neighbors Figure 283 Command Example: show ip bgp ipv6 unicast neighbors
Force10#show ip bgp ipv6 unicast neighbors BGP neighbor is 5ffe:10::3, remote AS 1, external link BGP version 4, remote router ID 5.5.5.3 BGP state ESTABLISHED, in this state for 00:00:32 Last read 00:00:32, last write 00:00:32 Hold time is 180, keepalive interval is 60 seconds Received 1404 messages, 0 in queue 3 opens, 1 notifications, 1394 updates 6 keepalives, 0 route refresh requests Sent 48 messages, 0 in queue 3 opens, 2 notifications, 0 updates 43 keepalives, 0 route refresh requests Minimum time between advertisement runs is 30 seconds Minimum time before advertisements start is 0 seconds Capabilities received from neighbor for IPv6 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv6 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) For address family: IPv6 Unicast BGP table version 12, neighbor version 12 2 accepted prefixes consume 32 bytes Prefixes accepted 1 (consume 4 bytes), withdrawn 0 by peer Prefixes advertised 0, rejected 0, withdrawn 0 from peer Connections established 3; dropped 2 Last reset 00:00:39, due to Closed by neighbor Notification History 'OPEN error/Bad AS' Sent : 0 Recv: 1 Local host: 5ffe:10::4, Local port: 179 Foreign host: 5ffe:10::3, Foreign port: 35470 Notification History 'Connection Reset' Sent : 1 Recv: 0

Example 1

BGP neighbor is 5ffe:11::3, remote AS 1, external link BGP version 4, remote router ID 5.5.5.3 BGP state ESTABLISHED, in this state for 00:00:28 Last read 00:00:28, last write 00:00:28 Hold time is 180, keepalive interval is 60 seconds Received 27 messages, 3 notifications, 0 in queue Sent 0 messages, 0 notifications, 0 in queue Received 8 updates, Sent 0 updates Route refresh request: received 0, sent 0 Minimum time between advertisement runs is 30 seconds Minimum time before advertisements start is 0 seconds Capabilities received from neighbor for IPv6 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv6 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) For address family: IPv6 Unicast BGP table version 12, neighbor version 12 2 accepted prefixes consume 32 bytes Prefix advertised 0, rejected 0, withdrawn 0 Connections established 3; dropped 2 Last reset 00:00:41, due to Closed by neighbor Notification History 'OPEN error/Bad AS' Sent : 0 Recv: 1 Local host: 5ffe:11::4, Local port: 179

840

IPv6 Border Gateway Protocol (IPv6 BGP)

show ip bgp ipv6 unicast neighbors

Table 77 Command Example fields: show ip bgp ipv6 unicast neighbors Lines beginning with
BGP neighbor

BGP version BGP state Last read

Received messages

This line displays the number of BGP messages received, the number of notifications (error messages) and the number of messages waiting in a queue for processing. The line displays the number of BGP messages sent, the number of notifications (error messages) and the number of messages waiting in a queue for processing. This line displays the number of BGP updates received and sent. This line indicates that soft reconfiguration inbound is configured. Displays the minimum time, in seconds, between advertisements. Displays the policy commands configured and the names of the Route map, AS-PATH ACL or Prefix list configured for the policy. Displays IPv6 Unicast as the address family. Displays the which version of the primary BGP routing table the router and the neighbor are using. Displays the number of network prefixes accepted by the router and the amount of memory used to process those prefixes. Displays the number of network prefixes advertised, the number rejected and the number withdrawn from the BGP routing table. Displays the number of TCP connections established and dropped between the two peers to exchange BGP information. Displays the amount of time since the peering session was last reset. Also states if the peer resets the peering session. If the peering session was never reset, the word never is displayed.

Sent messages

Received updates Soft reconfiguration Minimum time (List of inbound and outbound policies) For address family: BGP table version Prefixes accepted Prefixes advertised

Connections established Last reset

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

841

show ip bgp ipv6 unicast neighbors Table 77 Command Example fields: show ip bgp ipv6 unicast neighbors Lines beginning with
Local host: Foreign host:

Description
Displays the peering address of the local router and the TCP port number. Displays the peering address of the neighbor and the TCP port number.

Related Commands

show ip bgp ipv6 unicast

View the current BGP routing table.

842

IPv6 Border Gateway Protocol (IPv6 BGP)

show ip bgp ipv6 unicast peer-group

ces
Syntax Parameters

Allows you to view information on the BGP peers in a peer group. show ip bgp ipv6 unicast peer-group [peer-group-name [summary]] peer-group-name detail summary
(OPTIONAL) Enter the name of a peer group to view information about that peer group only. (OPTIONAL) Enter the keyword detail to view peer-group-specific information for the IPv6 address family. (OPTIONAL) Enter the keyword summary to view status information of the peers in that peer group. The output is the same as that found in show ip bgp ipv6 unicast summary command

Command Modes

EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Example

Figure 284 show ip bgp peer-group Command Example

Force10#show ip bgp peer-group Peer-group RR-CLIENT, remote AS 18508 BGP version 4 Minimum time between advertisement runs is 5 seconds For address family: IPv4 Unicast BGP neighbor is RR-CLIENT, peer-group internal, Number of peers in this group 1 Peer-group members (* - outbound optimized): 9000::4: Peer-group RR-CLIENT-PASSIV, remote AS 18508 BGP version 4 Minimum time between advertisement runs is 5 seconds For address family: IPv4 Unicast BGP neighbor is RR-CLIENT-PASSIV, peer-group internal, Number of peers in this group 1 Peer-group members (* - outbound optimized): 9000::9:2* Force10#

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

843

show ip bgp ipv6 unicast summary

ces
Syntax Command Modes

Allows you to view the status of all BGP connections. show ip bgp ipv6 unicast summary EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Example

Figure 285 show ip bgp summary Command Example

Force10# show ip bgp summary BGP router identifier 55.55.55.55, local AS number 18508 BGP table version is 0, main routing table version 0 6 BGP path attribute entrie(s) using 392 bytes of memory 6 BGP AS-PATH entrie(s) using 294 bytes of memory 6 BGP community entrie(s) using 234 bytes of memory Neighbor 1109::33 2222::220 4000::33 4000::60 9000::4:2 9000::5:2 9000::6:2 9000::7:2 9000::8:2 9000::9:2 9000::a:2 9000::b:14 Force10# AS 18508 18508 18508 18508 18508 1 2 3 18508 18508 18508 18508 MsgRcvd 0 0 0 0 0 35 35 35 35 44 35 29 MsgSent 0 0 0 0 0 32 32 32 32 19 32 29 TblVer 0 0 0 0 0 0 0 0 0 0 0 0 InQ 0 0 0 0 0 0 0 0 0 0 0 0 OutQ Up/Down 0 0 0 0 0 0 0 0 0 0 0 0 never never never never never 00:16:42 00:16:39 00:16:41 00:16:42 00:16:41 00:16:43 00:13:01 State/Pfx Active Active Active Active Active 0 0 0 0 0 0 0

844

IPv6 Border Gateway Protocol (IPv6 BGP)

show ip bgp next-hop

ces
Syntax Parameters

Command Modes

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Example

Figure 286 show ip bgp next-hop Command Example

Force10#show ip bgp next-hop Next-hop Via 9000::5:2 9000::5:2, Gi 9000::6:2 9000::6:2, Gi 9000::7:2 9000::7:2, Gi 9000::8:2 9000::8:2, Gi 9000::9:2 9000::9:2, Gi 9000::a:2 9000::a:2, Gi Force10# RefCount 2 2 2 2 6000 2 Cost 0 0 0 0 0 0 Flaps 0 0 0 0 0 0 Time Elapsed 00:23:22 00:23:22 00:23:22 00:23:22 00:23:16 00:23:22

8/38 8/38 8/38 8/38 8/38 8/38

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

845

show ip bgp paths

ces
Syntax Parameters

View all the BGP path attributes in the BGP database. show ip bgp paths [regexp regular-expression] regexp regular-expression
Enter a regular expression then use one or a combination of the following characters to match: . = (period) any single character (including a white space) * = (asterisk) the sequences in a pattern (0 or more sequences) + = (plus) the sequences in a pattern (1 or more sequences) ? = (question mark) sequences in a pattern (either 0 or 1 sequences). You must enter an escape sequence (CTRL+v) prior to entering the ? regular expression. [ ] = (brackets) a range of single-character patterns. ^ = (caret) the beginning of the input string. If the caret is used at the beginning of a sequence or range, it matches on everything BUT the characters specified. $ = (dollar sign) the end of the output string.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

846

IPv6 Border Gateway Protocol (IPv6 BGP)

show ip bgp paths as-path

ces
Syntax Command Modes

View all unique AS-PATHs in the BGP database show ip bgp paths as-path EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

show ip bgp paths community

ces
Syntax Command Modes

View all unique COMMUNITY numbers in the BGP database. show ip bgp paths community EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

show ip bgp paths extcommunity

ces
Syntax Command Modes

View all unique Extended community information in the BGP database. show ip bgp paths extcommunity EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

847

show ip bgp regexp

ces
Syntax Parameters

Allows you to view the subset of BGP routing table matching the regular expressions specified. show ip bgp regexp regular-expression [character] regular-expression [character]
Enter a regular expression then use one or a combination of the following characters to match: . = (period) any single character (including a white space) * = (asterisk) the sequences in a pattern (0 or more sequences) + = (plus) the sequences in a pattern (1 or more sequences) ? = (question mark) sequences in a pattern (either 0 or 1 sequences). You must enter an escape sequence (CTRL+v) prior to entering the ? regular expression. [ ] = (brackets) a range of single-character patterns. ^ = (caret) the beginning of the input string. If the caret is used at the beginning of a sequence or range, it matches on everything BUT the characters specified. $ = (dollar sign) the end of the output string.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale

848

IPv6 Border Gateway Protocol (IPv6 BGP)

timers bgp

timers bgp
ces
Syntax

Allows you to adjust the BGP network timers for all neighbors. timers bgp keepalive holdtimer To return to the default values, use the no timers bgp command.

Parameters

keepalive

Enter the time interval in seconds between which the E-Series sends keepalive messages. Range: 1 to 65535 Default: 60 seconds Enter the time interval in seconds which the E-Series waits since the last keepalive message before declaring a BGP peer dead. Range: 3 to 65535 Default: 180 seconds

holdtimer

Defaults Command Modes Command History

keepalive = 60 seconds; holdtimer = 180 seconds ROUTER BGP

Version 8.4.2.1 Version 8.2.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series ExaScale Introduced on E-Series TeraScale Adjust BGP timers for a specific peer or peer group.

Related Commands

neighbor timers

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

849

timers bgp

IPv6 MBGP Commands

Multiprotocol BGP (MBGP) is an enhanced BGP that enables multicast routing policy throughout the Internet and connecting multicast topologies between BGP and autonomous systems (AS). FTOS MBGP is implemented as per IETF RFC 1858. The MBGP commands are: address family aggregate-address bgp dampening clear ip bgp ipv6 unicast clear ip bgp ipv6 unicast dampening clear ip bgp ipv6 unicast flap-statistics debug ip bgp ipv6 unicast dampening debug ip bgp ipv6 unicast peer-group updates debug ip bgp ipv6 unicast updates distance bgp neighbor activate neighbor advertisement-interval neighbor default-originate neighbor distribute-list neighbor filter-list neighbor maximum-prefix neighbor next-hop-self neighbor remove-private-as neighbor route-map neighbor route-reflector-client network redistribute show ip bgp ipv6 unicast show ip bgp ipv6 unicast cluster-list show ip bgp ipv6 unicast community show ip bgp ipv6 unicast community-list show ip bgp ipv6 unicast dampened-paths show ip bgp ipv6 unicast detail show ip bgp ipv6 unicast filter-list show ip bgp ipv6 unicast flap-statistics show ip bgp ipv6 unicast inconsistent-as show ip bgp ipv6 unicast neighbors show ip bgp ipv6 unicast peer-group show ip bgp ipv6 unicast summary

850

IPv6 Border Gateway Protocol (IPv6 BGP)

address family

address family
ces
Syntax

This command changes the context to SAFI (Subsequent Address Family Identifier). address family ipv6 unicast To remove SAFI context, use the no address family ipv6 unicast command.

Parameters

ipv6 unicast

Enter the keyword ipv6 to specify the address family as IPv6. Enter the keyword unicast to specify multicast as SAFI.

Defaults Command Modes Command History

IPv6 Unicast ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

Usage Information

All subsequent commands will apply to this address family once this command is executed. You can exit from this AFI/SAFI to the IPv6 Unicast (the default) family by entering exit and returning to the Router BGP context.

aggregate-address
ces
Syntax

Parameters

advertise-map map-name as-set

attribute-map map-name

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

851

bgp dampening

summary-only suppress-map map-name

(OPTIONAL) Enter the keyword summary-only to advertise only the aggregate address. Specific routes will not be advertised. (OPTIONAL) Enter the keywords suppress-map followed by the name of a configured route map to identify which more-specific routes in the aggregate are suppressed.

Defaults Command Modes Command History

Not configured. ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

Usage Information

At least one of the routes included in the aggregate address must be in the BGP routing table for the configured aggregate to become active. Do not add the as-set parameter to the aggregate. If routes within the aggregate are constantly changing, the aggregate will flap to keep track of the changes in the AS_PATH. In route maps used in the suppress-map parameter, routes meeting the deny clause are not suppress; in other words, they are allowed. The opposite is true: routes meeting the permit clause are suppressed. If the route is injected via the network command, that route will still appear in the routing table if the summary-only parameter is configured in the aggregate-address command. The summary-only parameter suppresses all advertisements. If you want to suppress advertisements to only specific neighbors, use the neighbor distribute-list command.

bgp dampening
ces
Syntax

Enable MBGP route dampening. bgp dampening [half-life time] [route-map map-name] To disable route dampening, use the no bgp dampening [half-life time] [route-map map-name] command.

Parameters

half-life time

route-map map-name

(OPTIONAL) Enter the keyword route-map followed by the name of a configured route map. Only match commands in the configured route map are supported.

Defaults

Disabled.

852

IPv6 Border Gateway Protocol (IPv6 BGP)

clear ip bgp ipv6 unicast

Command Modes Command History

ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

clear ip bgp ipv6 unicast

ces
Syntax

Reset MBGP sessions. clear ip bgp ipv6 unicast * ipv6-address prefix-length [dampening | flap-statistics] peer-group] * ipv6-address prefix-length
Enter the character * to clear all peers. Enter the IPv6 address in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 The :: notation specifies successive hexadecimal fields of zeros

Parameters

dampening flap-statistics peer-group

(OPTIONAL) Enter the keyword dampening to clear route flap dampening information. (OPTIONAL) Enter the keyword flap-statistics to reset the flap statistics on all prefixes from that neighbor. (OPTIONAL) Enter the keyword peer-group to clear all members of a peer-group.

Command Modes Command History

EXEC Privilege
Version 8.4.2.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced

clear ip bgp ipv6 unicast dampening

ces
Syntax Parameters

Clear information on route dampening. clear ip bgp dampening ipv6 unicast [network network-mask] network network-mask
(OPTIONAL) Enter the IPv6 network address in x:x:x:x::x format. If you enter the network address, then enter the network mask, from 0 to 128.

Command Modes Command History

EXEC Privilege
Version 8.4.2.1 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

853

clear ip bgp ipv6 unicast flap-statistics

ces
Syntax Parameters

Clear BGP flap statistics, which includes number of flaps and the time of the last flap. clear ip bgp ipv6 unicast flap-statistics [network | filter-list list |regexp regexp network filter-list list regexp regexp
(OPTIONAL) Enter the IPv6 network address in x:x:x:x::x format to clear flap statistics. (OPTIONAL) Enter the keyword filter-list followed by the name of a configured AS-PATH list (max 16 characters). (OPTIONAL) Enter the keyword regexp followed by regular expressions. Use one or a combination of the following: . (period) matches on any single character, including white space * (asterisk) matches on sequences in a pattern (zero or more sequences) + (plus sign) matches on sequences in a pattern (one or more sequences) ? (question mark) matches sequences in a pattern (0 or 1 sequences) [ ] (brackets) matches a range of single-character patterns. ^ (caret) matches the beginning of the input string. (If the caret is used at the beginning of a sequence or range, it matches on everything BUT the characters specified.) $ (dollar sign) matches the end of the output string.

Command Modes Command History

EXEC Privilege
Version 8.4.2.0 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced

debug ip bgp ipv6 unicast dampening

ces
Syntax

View information on routes being dampened. debug ip bgp ipv6 unicast dampening To disable debugging, enter no debug ip bgp ipv6 unicast dampening

Parameters

dampening EXEC Privilege

Version 8.4.2.1 Version 7.4.1.0

Enter the keyword dampening to clear route flap dampening information.

Command Modes Command History

Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

854

IPv6 Border Gateway Protocol (IPv6 BGP)

debug ip bgp ipv6 unicast peer-group updates

ces
Syntax

View information about BGP peer-group updates. debug ip bgp ipv6 unicast peer-group peer-group-name updates [in | out] To disable debugging, enter no debug ip bgp ipv6 unicast peer-group peer-group-name updates [in | out] command.

Parameters

peer-group peer-group-name updates in out

Command Modes Command History

EXEC Privilege
Version 8.4.2.1 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

debug ip bgp ipv6 unicast updates

ces
Syntax

View information about BGP updates. debug ip bgp ipv6 unicast ipv6-address prefix-length updates [in | out] To disable debugging, enter no debug ip bgp ipv6 unicast ipv6-address prefix-length updates [in | out] command.

Parameters

ipv6-address prefix-length

Enter the IPv6 address in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 The :: notation specifies successive hexadecimal fields of zeros

updates in out

Defaults Command Modes

Disabled. EXEC Privilege

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

855

distance bgp

Command History

Version 8.4.2.1 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

distance bgp
ces
Syntax

Define an administrative distance for routes. distance bgp external-distance internal-distance local-distance To return to default values, enter no distance bgp.

Parameters

external-distance

internal-distance

local-distance

Defaults Command Modes Command History

external-distance = 20; internal-distance = 200; local-distance = 200. ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

Caution: Force10 Networks recommends that you do not change the

administrative distance of internal routes. Changing the administrative distances may cause routing table inconsistencies.
Usage Information

856

IPv6 Border Gateway Protocol (IPv6 BGP)

neighbor activate

neighbor activate
ces
Syntax

This command allows the specified neighbor/peer group to be enabled for the current AFI/ SAFI. neighbor [ipv6-address | peer-group-name] activate To disable, use the no neighbor [ipv6-address | peer-group-name] activate command.

Parameters

ipv6-address peer-group-name activate

(OPTIONAL) Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. (OPTIONAL) Enter the name of the peer group Enter the keyword activate to enable the neighbor/peer group in the new AFI/SAFI.

Defaults Command Modes Command History

Disabled ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

Usage Information

Related Commands

Changes the context to SAFI

neighbor advertisement-interval
ces
Syntax

Parameters

ipv6-address

(OPTIONAL) Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

857

neighbor default-originate

peer-group-name seconds

Enter the name of the peer group to set the advertisement interval for all routers in the peer group. Enter a number as the time interval, in seconds, between BGP advertisements. Range: 0 to 600 seconds. Default: 5 seconds for internal BGP peers; 30 seconds for external BGP peers.

Defaults Command Modes Command History

seconds = 5 seconds (internal peers); seconds = 30 seconds (external peers) ROUTER BGPV6-ADDRESS FAMILY
=

Version 8.4.2.1 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

neighbor default-originate
ces
Syntax

Parameters

ipv6-address peer-group-name route-map map-name

(OPTIONAL) Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. Enter the name of the peer group to set the default route of all routers in that peer group. (OPTIONAL) Enter the keyword route-map followed by the name of a configured route map.

Defaults Command Modes Command History

Not configured. ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

858

IPv6 Border Gateway Protocol (IPv6 BGP)

neighbor distribute-list

neighbor distribute-list
ces
Syntax

Distribute BGP information via an established prefix list. neighbor [ipv6-address | peer-group-name] distribute-list prefix-list-name [in | out] To delete a neighbor distribution list, use the no neighbor [ipv6-address | peer-group-name] distribute-list prefix-list-name [in | out] command.

Parameters

ipv6-address peer-group-name prefix-list-name

(OPTIONAL) Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. Enter the name of the peer group to apply the distribute list filter to all routers in the peer group. Enter the name of an established prefix list. If the prefix list is not configured, the default is permit (to allow all routes). Enter the keyword in to distribute only inbound traffic. Enter the keyword out to distribute only outbound traffic.

in out
Defaults Command Modes Command History

Not configured. ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

Usage Information Related Commands

Other BGP filtering commands include: neighbor filter-list and neighbor route-map.

neighbor filter-list neighbor route-map

Assign a AS-PATH list to a neighbor or peer group. Assign a route map to a neighbor or peer group.

neighbor filter-list
ces
Syntax

Configure a BGP filter based on the AS-PATH attribute. neighbor [ipv6-address | peer-group-name] filter-list aspath access-list-name [in | out] To delete a BGP filter, use the no neighbor [ipv6-address | peer-group-name] filter-list aspath access-list-name [in | out] command.

Parameters

ipv6-address peer-group-name

(OPTIONAL) Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. Enter the name of the peer group to apply the filter to all routers in the peer group.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

859

neighbor maximum-prefix

access-list-name

Enter the name of an established AS-PATH access list. If the AS-PATH access list is not configured, the default is permit (to allow routes). Enter the keyword in to filter inbound BGP routes. Enter the keyword out to filter outbound BGP routes.

in out
Defaults Command Modes Command History

Not configured. ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

neighbor maximum-prefix
ces
Syntax

Control the number of network prefixes received. neighbor ipv6-address | peer-group-name maximum-prefix maximum [threshold] [warning-only] To return to the default values, use the no neighbor ipv6-address | peer-group-name maximum-prefix maximum command.

Parameters

ipv6-address peer-group-name maximum

(OPTIONAL) Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. (OPTIONAL) Enter the name of the peer group. Enter a number as the maximum number of prefixes allowed for this BGP router. Range: 1 to 4294967295. (OPTIONAL) Enter a number to be used as a percentage of the maximum value. When the number of prefixes reaches this percentage of the maximum value, the E-Series software sends a message. Range: 1 to 100 percent. Default: 75 (OPTIONAL) Enter the keyword warning-only to set the router to send a log message when the maximum value is reached. If this parameter is not set, the router stops peering when the maximum number of prefixes is reached.

threshold

warning-only

Defaults Command Modes Command History

threshold = 75 ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

860

IPv6 Border Gateway Protocol (IPv6 BGP)

neighbor next-hop-self

neighbor next-hop-self
ces
Syntax

Allows you to configure the router as the next hop for a BGP neighbor. neighbor ipv6-address | peer-group-name next-hop-self To return to the default setting, use the no neighbor ipv6-address | peer-group-name next-hop-self command.

Parameters

ipv6-address peer-group-name

(OPTIONAL) Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. (OPTIONAL) Enter the name of the peer group.

Defaults Command Modes Command History

Disabled. ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

Usage Information

If the set ipv6 next-hop command in the ROUTE-MAP mode is configured, its configuration takes precedence over the neighbor next-hop-self command.

neighbor remove-private-as
ces
Syntax

Remove private AS numbers from the AS-PATH of outgoing updates. neighbor ipv6-address | peer-group-name remove-private-as To return to the default, use the no neighbor ipv6-address | peer-group-name remove-private-as command.

Parameters

ipv6-address peer-group-name

(OPTIONAL) Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. (OPTIONAL) Enter the name of the peer group to remove the private AS numbers

Defaults Command Modes Command History

Disabled (that is, private AS number are not removed). ROUTER BGPV6-ADDRESS FAMILY
Version 8.4.2.1 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

861

neighbor route-map

neighbor route-map
ces
Syntax

Apply an established route map to either incoming or outbound routes of a BGP neighbor or peer group. neighbor ipv6-address | peer-group-name route-map map-name [in | out] To remove the route map, use the no neighbor [ipv6-address | peer-group-name] route-map map-name [in | out] command.

Parameters

ipv6-address peer-group-name map-name in out

(OPTIONAL) Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. (OPTIONAL) Enter the name of the peer group. Enter the name of an established route map. If the Route map is not configured, the default is deny (to drop all routes). Enter the keyword in to filter inbound routes. Enter the keyword out to filter outbound routes.

Defaults Command Modes Command History

Not configured. ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

Usage Information

neighbor route-reflector-client
ces
Syntax

Configure a neighbor as a member of a route reflector cluster. neighbor ipv6-address| peer-group-name route-reflector-client To indicate that the neighbor is not a route reflector client or to delete a route reflector configuration, use the no neighbor ipv6-address | peer-group-name route-reflector-client command.

Parameters

ipv6-address peer-group-name

(OPTIONAL) Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. (OPTIONAL) Enter the name of the peer group. All routers in the peer group receive routes from a route reflector.

862

IPv6 Border Gateway Protocol (IPv6 BGP)

network

Defaults Command Modes Command History

Not configured. ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

Usage Information

network
ces
Syntax

Specify the networks for the BGP process and enter them in the BGP routing table. network ipv6-address [route-map map-name] To remove a network, use the no network ipv6-address [route-map map-name] command.

Parameters

ipv6-address route-map map-name

Enter the IPv6 address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zeros. (OPTIONAL) Enter the keyword route-map followed by the name of an established route map. Only the following ROUTE-MAP mode commands are supported: match ipv6 address match ipv6 next-hop match ipv6 route-source set ipv6 next-hop If the route map is not configured, the default is deny (to drop all routes).

Defaults Command Modes Command History

Not configured. ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

Usage Information

Related Commands

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

863

redistribute

redistribute
ces
Syntax

Redistribute routes into BGP. redistribute [connected | static] [route-map map-name] To disable redistribution, use the no redistribution [connected | static] [route-map map-name] command.

Parameters

connected static route-map map-name

Enter the keyword connected to redistribute routes from physically connected interfaces. Enter the keyword static to redistribute manually configured routes. These routes are treated as incomplete routes. (OPTIONAL) Enter the keyword route-map followed by the name of an established route map. Only the following ROUTE-MAP mode commands are supported: match ipv6 address match ipv6 next-hop match ipv6 route-source set ipv6 next-hop If the route map is not configured, the default is deny (to drop all routes).

Defaults Command Modes Command History

Not configured. ROUTER BGPV6-ADDRESS FAMILY

Version 8.4.2.1 Version 7.4.1.0 Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

Usage Information

If you do not configure default-metric command, in addition to the redistribute command, or there is no route map to set the metric, the metric for redistributed static and connected is 0. To redistribute the default route (0::0/0) configure the neighbor default-originate command.

Related Commands

neighbor default-originate

Inject the default route.

864

IPv6 Border Gateway Protocol (IPv6 BGP)

show ip bgp ipv6 unicast

ces
Syntax Parameters

View the current MBGP routing table for the E-Series. show ip bgp ipv6 unicast [network [network-mask] [length]] network network-mask longer-prefixes
(OPTIONAL) Enter the network address (in dotted decimal format) of the BGP network to view information only on that network. (OPTIONAL) Enter the network mask (in slash prefix format) of the BGP network address. (OPTIONAL) Enter the keyword longer-prefixes to view all routes with a common prefix.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

Example

Figure 287 show ip bgp ipv6 unicast

Force10#show ip bgp ipv6 unicast BGP table version is 8, local router ID is 5.5.10.4 Status codes: s suppressed, S stale, d damped, h history, * valid, > best Path source: I - internal, a - aggregate, c - confed-external, r - redistributed, n - network Origin codes: i - IGP, e - EGP, ? incomplete Network Next Hop Metric h dead:1::/100 5ffe:10::3 0 h 5ffe:11::3 0 *> dead:2::/100 5ffe:10::3 0 * 5ffe:11::3 0 *> dead:3::/100 5ffe:10::3 0 * 5ffe:11::3 0 h dead:4::/100 5ffe:10::3 0 h 5ffe:11::3 0 Force10#show ip bgp ipv6 unicast dead:3::/100 LocPrf Weight 0 0 0 0 0 0 0 0 Path 1 i 1 i 1 i 1 i 1 i 1 i 1 i 1 i

BGP routing table entry for dead:3::/100, version 3 Paths: (2 available, table Default-MBGP-Routing-Table.) Not advertised to any peer Received from : 5ffe:10::3 (5.5.5.3) AS_PATH : 1 Best

Next-Hop : 5ffe:10::3, Cost : 0 Origin IGP, Metric 0, LocalPref 5ffe:11::3 (5.5.5.3) AS_PATH : 1 Next-Hop : 5ffe:11::3, Cost : 0 Origin IGP, Metric 0, LocalPref Inactive reason: Peer IP address Force10#

100, Weight

0, external

100, Weight

0, external

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

865

show ip bgp ipv6 unicast cluster-list

. Table 78 show ip bgp Command Example Fields Field

Network Next Hop

Description
Displays the destination network prefix of each BGP route. Displays the next hop address of the BGP router. If 0::0/0 is listed in this column, then local routes exist in the routing table. Displays the BGP routes metric, if assigned. Displays the BGP LOCAL_PREF attribute for the route. Displays the routes weight Lists all the ASs the route passed through to reach the destination network.

Metric LocPrf Weight Path

Related Commands

show ip bgp ipv6 unicast community

View BGP communities.

show ip bgp ipv6 unicast cluster-list

ces
Syntax Parameters

View BGP neighbors in a specific cluster. show ip bgp ipv6 unicast cluster-list [cluster-id] cluster-id EXEC EXEC Privilege
(OPTIONAL) Enter the cluster id in dotted decimal format.

Command Modes

Command History

Version 8.4.2.1 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

866

IPv6 Border Gateway Protocol (IPv6 BGP)

show ip bgp ipv6 unicast community

ces
Syntax

Parameters

local-AS

no-advertise

no-export

Command Modes

EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

Usage Information

To view the total number of COMMUNITY attributes found, use the show ip bgp ipv6 unicast summary command. The text line above the route table states the number of COMMUNITY attributes found.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

867

show ip bgp ipv6 unicast community-list

ces
Syntax Parameters

View routes that are affected by a specific community list. show ip bgp ipv6 unicast community-list community-list-name community-list-name EXEC EXEC Privilege
Enter the name of a configured IP community list.

Command Modes

Command History

Version 8.4.2.1 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

show ip bgp ipv6 unicast dampened-paths

ces
Syntax Command Modes

View BGP routes that are dampened (non-active). show ip bgp ipv6 unicast dampened-paths EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

show ip bgp ipv6 unicast detail

ces
Syntax Command Modes

Display detailed BGP information. show ip bgp ipv6 unicast detail EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

868

IPv6 Border Gateway Protocol (IPv6 BGP)

show ip bgp ipv6 unicast filter-list

Example

Figure 288 show ip bgp ipv6 unicast detail Command Example (Partial)
R2_Training#show ip bgp ipv6 unicast detail Detail information for BGP Node bgpNdP 0x41a17000 : NdTmrP 0x41a17000 : NdKATmrP 0x41a17014 : NdTics 327741 : NhLocAS 1 : NdState 2 : NdRPMPrim 1 : NdListSoc 13 NdAuto 1 : NdEqCost 1 : NdSync 0 : NdDefOrg 0 NdV6ListSoc 14 NdDefDid 0 : NdConfedId 0 : NdMedConfed 0 : NdMedMissVal -1 : NdIgnrIllId 0 : NdRRC2C 1 : NdClstId 33686273 : NdPaTblP 0x41a19088 NdASPTblP 0x41a19090 : NdCommTblP 0x41a19098 : NhOptTransTblP 0x41a190a0 : NdRRClsTblP 0x41a190a8 NdPktPA 0 : NdLocCBP 0x41a6f000 : NdTmpPAP 0x419efc80 : NdTmpASPAP 0x41a25000 : NdTmpCommP 0x41a25800 NdTmpRRClP 0x41a4b000 : NdTmpOptP 0x41a4b800 : NdTmpNHP : NdOrigPAP 0 NdOrgNHP 0 : NdModPathP 0x419efcc0 : NdModASPAP 0x41a4c000 : NdModCommP 0x41a4c800 NdModOptP 0x41a4d000 : NdModNHP : NdComSortBufP 0x41a19110 : NdComSortHdP 0x41a19d04 : NdUpdAFMsk 0 : AFRstSe t 0x41a1a298 : NHopDfrdHdP 0x41a1a3e0 : NumNhDfrd 0 : CfgHdrAFMsk 1

show ip bgp ipv6 unicast filter-list

ces
Syntax Parameters

View the routes that match the filter lists. show ip bgp ipv6 unicast filter-list as-path-name as-path-name EXEC EXEC Privilege
Enter the name of an AS-PATH.

Command Modes

Command History

Version 8.4.2.1 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

show ip bgp ipv6 unicast flap-statistics

ces
Syntax

View flap statistics on BGP routes. show ip bgp ipv6 unicast flap-statistics [ipv6-address prefix-length] [filter-list as-path-name] [regexp regular-expression]

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

869

show ip bgp ipv6 unicast flap-statistics

Parameters

ipv6-address prefix-length

(OPTIONAL) Enter the IPv6 address in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 The :: notation specifies successive hexadecimal fields of zeros.

filter-list as-path-name regexp regular-expression

(OPTIONAL) Enter the keyword filter-list followed by the name of a configured AS-PATH ACL. Enter a regular expression then use one or a combination of the following characters to match: . = (period) any single character (including a white space) * = (asterisk) the sequences in a pattern (0 or more sequences) + = (plus) the sequences in a pattern (1 or more sequences) ? = (question mark) sequences in a pattern (either 0 or 1 sequences). You must enter an escape sequence (CTRL+v) prior to entering the ? regular expression. [ ] = (brackets) a range of single-character patterns. ^ = (caret) the beginning of the input string. If the caret is used at the beginning of a sequence or range, it matches on everything BUT the characters specified. $ = (dollar sign) the end of the output string.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

Example

Figure 289 show ip bgp ipv6 unicast flap-statistics command

Force10#show ip bgp ipv6 unicast flap-statistics BGP table version is 8, local router ID is 5.5.10.4 Status codes: s suppressed, S stale, d damped, h history, * valid, > best Path source: I - internal, a - aggregate, c - confed-external, r - redistributed, n network Origin codes: i - IGP, e - EGP, ? - incomplete h h h h Network dead:1::/100 dead:1::/100 dead:4::/100 dead:4::/100 From 5ffe:10::3 5ffe:11::3 5ffe:10::3 5ffe:11::3 Flaps 1 1 1 1 Duration Reuse 00:03:20 00:03:20 00:04:39 00:04:39 Path 1 i 1 i 1 i 1 i

Force10#

870

IPv6 Border Gateway Protocol (IPv6 BGP)

show ip bgp ipv6 unicast inconsistent-as

ces
Syntax Command Modes

Command History

Version 8.4.2.1 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

show ip bgp ipv6 unicast neighbors

ces
Syntax

Allows you to view the information exchanged by BGP neighbors. show ip bgp ipv6 unicast neighbors [ipv6-address prefix-length [advertised-routes | dampened-routes | detail | flap-statistics | routes]] ipv6-address prefix-length
(OPTIONAL) Enter the IPv6 address in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 The :: notation specifies successive hexadecimal fields of zeros.

Parameters

advertised-routes dampened-routes flap-statistics detail routes

(OPTIONAL) Enter the keywords advertised-routes to view only the routes the neighbor sent. (OPTIONAL) Enter the keyword dampened-routes to view information on dampened routes from the BGP neighbor. (OPTIONAL) Enter the keyword flap-statistics to view flap statistics on the neighbors routes. (OPTIONAL) Display detailed neighbor information. (OPTIONAL) Enter the keywords routes to view only the neighbors feasible routes.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 7.5.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series. Modified: Added detail option; added information to output. Introduced on E-Series TeraScale

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

871

show ip bgp ipv6 unicast neighbors

Example

Figure 290 show ip bgp ipv6 unicast neighbors Command Example (Partial)
Force10#show ip bgp ipv6 unicast neighbors BGP neighbor is 5ffe:10::3, remote AS 1, external link BGP version 4, remote router ID 5.5.5.3 BGP state ESTABLISHED, in this state for 00:00:32 Last read 00:00:32, last write 00:00:32 Hold time is 180, keepalive interval is 60 seconds Received 1404 messages, 0 in queue 3 opens, 1 notifications, 1394 updates 6 keepalives, 0 route refresh requests Sent 48 messages, 0 in queue 3 opens, 2 notifications, 0 updates 43 keepalives, 0 route refresh requests Minimum time between advertisement runs is 30 seconds Minimum time before advertisements start is 0 seconds Capabilities received from neighbor for IPv6 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv6 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) For address family: IPv6 Unicast BGP table version 12, neighbor version 12 2 accepted prefixes consume 32 bytes Prefixes accepted 1 (consume 4 bytes), withdrawn 0 by peer Prefixes advertised 0, rejected 0, withdrawn 0 from peer Connections established 3; dropped 2 Last reset 00:00:39, due to Closed by neighbor Notification History 'OPEN error/Bad AS' Sent : 0 Recv: 1

Local host: 5ffe:10::4, Local port: 179 Foreign host: 5ffe:10::3, Foreign port: 35470 BGP neighbor is 5ffe:11::3, remote AS 1, external link BGP version 4, remote router ID 5.5.5.3 BGP state ESTABLISHED, in this state for 00:00:28 Last read 00:00:28, last write 00:00:28 Hold time is 180, keepalive interval is 60 seconds Received 27 messages, 3 notifications, 0 in queue Sent 0 messages, 0 notifications, 0 in queue Received 8 updates, Sent 0 updates Route refresh request: received 0, sent 0 Minimum time between advertisement runs is 30 seconds Minimum time before advertisements start is 0 seconds Capabilities received from neighbor for IPv6 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv6 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) For address family: IPv6 Unicast BGP table version 12, neighbor version 12 2 accepted prefixes consume 32 bytes Prefix advertised 0, rejected 0, withdrawn 0 Connections established 3; dropped 2 Last reset 00:00:41, due to Closed by neighbor Notification History 'OPEN error/Bad AS' Sent : 0 Recv: 1

Local host: 5ffe:11::4, Local port: 179

872

IPv6 Border Gateway Protocol (IPv6 BGP)

show ip bgp ipv6 unicast neighbors

Table 79 show ip bgp neighbors Command Fields Lines beginning with

BGP neighbor

BGP version BGP state Last read

Received messages

This line displays the number of BGP messages received, the number of notifications (error messages) and the number of messages waiting in a queue for processing. The line displays the number of BGP messages sent, the number of notifications (error messages) and the number of messages waiting in a queue for processing. This line displays the number of BGP updates received and sent. Displays the minimum time, in seconds, between advertisements. Displays the policy commands configured and the names of the Route map, AS-PATH ACL or Prefix list configured for the policy. Displays IPv6 Unicast as the address family. Displays the which version of the primary BGP routing table the router and the neighbor are using. Displays the number of network prefixes accepted by the router and the amount of memory used to process those prefixes. Displays the number of network prefixes advertised, the number rejected and the number withdrawn from the BGP routing table. Displays the number of TCP connections established and dropped between the two peers to exchange BGP information. Displays the amount of time since the peering session was last reset. Also states if the peer resets the peering session. If the peering session was never reset, the word never is displayed.

Sent messages

Received updates Minimum time (list of inbound and outbound policies) For address family: BGP table version accepted prefixes Prefix advertised

Connections established Last reset

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

873

show ip bgp ipv6 unicast peer-group

Table 79 show ip bgp neighbors Command Fields (continued) Lines beginning with
Local host: Foreign host:

Description
Displays the peering address of the local router and the TCP port number. Displays the peering address of the neighbor and the TCP port number.

Related Commands

show ip bgp ipv6 unicast

View the current BGP routing table.

show ip bgp ipv6 unicast peer-group

ces
Syntax Parameters

Allows you to view information on the BGP peers in a peer group. show ip bgp ipv6 unicast peer-group [peer-group-name [summary]] peer-group-name summary
(OPTIONAL) Enter the name of a peer group to view information about that peer group only. (OPTIONAL) Enter the keyword summary to view status information of the peers in that peer group. The output is the same as that found in show ip bgp ipv6 unicast summary command

Command Modes

EXEC EXEC Privilege

Command History

Version 8.4.2.1 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series TeraScale Assign peer to a peer-group. Create a peer group.

Related Commands

neighbor peer-group (assigning peers) neighbor peer-group (creating group)

show ip bgp ipv6 unicast summary

ces
Syntax Command Modes

Allows you to view the status of all BGP connections. show ip bgp ipv6 unicast summary EXEC EXEC Privilege

874

IPv6 Border Gateway Protocol (IPv6 BGP)

show ip bgp ipv6 unicast summary

Command History

Version 8.4.2.1 Version 7.4.1.0

Introduced on C-Series and S-Series. Introduced on E-Series TeraScale

Example

Figure 291 show ip bgp summary Command Example

Force10#show ip bgp ipv6 unicast summary BGP router identifier 5.5.10.4, local AS number 100 BGP table version is 12, main routing table version 12 2 network entrie(s) and 4 paths using 536 bytes of memory 1 BGP path attribute entrie(s) using 112 bytes of memory 1 BGP AS-PATH entrie(s) using 39 bytes of memory Dampening enabled. 0 history paths, 0 dampened paths, 0 penalized paths Neighbor 5ffe:10::3 5ffe:11::3 Force10# AS 1 1 MsgRcvd 28 27 MsgSent 0 0 TblVer 12 12 InQ 0 0 OutQ Up/Down 0 00:01:01 0 00:00:55 State/Pfx 2 2

Table 80 show ip bgp summary Command Fields Field

BGP router identifier BGP table version network entries BGP path attribute entries BGP AS-PATH entries BGP community entries

Description
Displays the local router ID and the AS number. Displays the BGP table version and the main routing table version. Displays the number of network entries and route paths and the amount of memory used to process those entries. Displays the number of BGP path attributes and the amount of memory used to process them. Displays the number of BGP AS_PATH attributes processed and the amount of memory used to process them. Displays the number of BGP COMMUNITY attributes processed and the amount of memory used to process them. The show ip bgp ipv6 unicast community command provides more details on the COMMUNITY attributes. Displayed only when dampening is enabled. Displays the number of paths designated as history, dampened, or penalized. Displays the BGP neighbor address. Displays the AS number of the neighbor. Displays the number of BGP messages that neighbor received. Displays the number of BGP messages that neighbor sent. Displays the version of the BGP table that was sent to that neighbor. Displays the number of messages from that neighbor waiting to be processed. Displays the number of messages waiting to be sent to that neighbor. If a number appears in parentheses, the number represents the number of messages waiting to be sent to the peer group.

Dampening enabled

Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

875

show ip bgp ipv6 unicast summary

Table 80 show ip bgp summary Command Fields Field

Up/Down

State/Pfx

876

IPv6 Border Gateway Protocol (IPv6 BGP)

Chapter 28

Intermediate System to Intermediate System (IS-IS)

Overview
Intermediate System to Intermediate System Protocol (IS-IS) for IPv4 and IPv6is supported only on the E-Series platform, as indicated by the e character under each command heading. IS-IS is an interior gateway protocol that uses a shortest-path-first algorithm. IS-IS facilitates the communication between open systems, supporting routers passing both IP and OSI traffic. A router is considered an intermediate system. Networks are partitioned into manageable routing domains, called areas. Intermediate systems send, receive, and forward packets to other routers within their area (Level 1 and Level 1-2 devices). Only Level 1-2 and Level 2 devices communicate with other areas. IS-IS protocol standards are listed in the Standard Compliance chapter in the FTOS Configuration Guide.

Note: The fundamental mechanisms of IS-IS are the same between IPv4 and IPv6. Where there are
differences between the two versions, they are identified and clarified in this chapter. Except where identified, the information in this chapter applies to both protocol versions.

Commands
The following are the FTOS commands to enable IS-IS. adjacency-check advertise area-password clear config clear isis clns host debug isis debug isis adj-packets debug isis local-updates

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

877

debug isis snp-packets debug isis spf-triggers debug isis update-packets default-information originate description distance distribute-list in distribute-list out distribute-list redistributed-override domain-password graceful-restart ietf graceful-restart interval graceful-restart t1 graceful-restart t2 graceful-restart t3 graceful-restart restart-wait hello padding hostname dynamic ignore-lsp-errors ip router isis ipv6 router isis isis circuit-type isis csnp-interval isis hello-interval isis hello-multiplier isis hello padding isis ipv6 metric isis metric isis network point-to-point isis password isis priority is-type log-adjacency-changes lsp-gen-interval lsp-mtu lsp-refresh-interval max-area-addresses max-lsp-lifetime maximum-paths metric-style multi-topology net passive-interface redistribute redistribute bgp redistribute ospf

878

Intermediate System to Intermediate System (IS-IS)

adjacency-check

router isis set-overload-bit show config show isis database show isis graceful-restart detail show isis hostname show isis interface show isis neighbors show isis protocol show isis traffic spf-interval

adjacency-check
e
Syntax

Verify that the protocols supported field of the IS-IS neighbor contains matching values to this router. adjacency-check To disable adjacency check, use the no adjacency-check command.

Defaults Command Modes

Enabled ROUTER ISIS (for IPv4) CONFIGURATION-ROUTER-ISIS-ADDRESS-FAMILY-IPV6 (for IPv6)

Command History Usage Information

Version 7.5.1.0

Introduced on E-Series

Use this command to perform protocol-support consistency checks on hello packets. The adjacency-check is enabled by default.

advertise
e
Syntax

Leak routes between levels (distribute IP prefixes between Level 1 and Level 2 and vice versa). advertise {level1-into-level2 | level2-into-level1} prefix-list-name To return to the default, use the no advertise {level1-into-level2 | level2-into-level1}[prefix-list-name] command.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

879

area-password

Parameters

level1-into-level2

Enter the keyword level1-into-level2 to advertise Level 1 routes into Level 2 LSPs. This is the default. Enter the keyword level2-into-level1 to advertise Level 2 inter-area routes into Level 1 LSPs. Described in RFC 2966. Enter the name of a configured IP prefix list. Routes meeting the criteria of the IP Prefix list are leaked.

level2-into-level1

prefix-list-name

Defaults Command Modes

level1-into-level2 ( Level 1 to Level 2 leaking enabled.) ROUTER ISIS (for IPv4) CONFIGURATION-ROUTER-ISIS-ADDRESS-FAMILY-IPV6 (for IPv6)

Command History

Version 7.5.1.0 Version 6.3.1.0

Introduced IPv6 ISIS support Introduced

Usage Information

You cannot disable leaking from one level to another, however you can regulate the rate flow from one level to another via an IP Prefix list. If the IP Prefix list is not configured, all routes are leaked. Additional information can be found in IETF RFC 2966, Domain-wide Prefix Distribution with Two-Level IS-IS.

area-password
e
Syntax

Configure a Hash Message Authentication Code (HMAC) authentication password for an area. area-password [hmac-md5 | encryption-type ] password To delete a password, enter no area-password.

Parameters

hmac-md5 encryption-type password

(OPTIONAL) Enter the keyword hmac-md5 to encrypt the password. (OPTIONAL) Enter 7 to encrypt the password using DES. Enter a 116-character length alphanumeric string to prevent unauthorized access or incorrect routing information corrupting the link state database. The password is processed as plain text which only provides limited security.

Defaults Command Modes

Not configured. ROUTER ISIS

880

Intermediate System to Intermediate System (IS-IS)

clear config

Usage Information

Use the area-password command on routers within an area to prevent the link state database from receiving incorrect routing information from unauthorized routers. The password configured is injected into Level 1 LSPs, CSNPs, and PSNPs.

Related Commands

domain-password isis password

Allows you to set the authentication password for a routing domain. Allows you to configure an authentication password for an interface.

clear config
e
Syntax Command Modes Usage Information Related Commands

Clear IS-IS configurations that display under the router isis heading of the show running-config command output. clear config ROUTER ISIS Use caution when you enter this command. Back up your configuration prior to using this command or your IS-IS configuration will be erased.
copy Use this command to save the current configuration to another location.

clear isis
e
Syntax Parameters

Restart the IS-IS process. All IS-IS data is cleared. clear isis [tag] {* | database | traffic} tag *
(Optional) Enter an alphanumeric string to specify the IS-IS routing tag area. Enter the keyword * to clear all IS-IS information and restarts the IS-IS process. This command removes IS-IS neighbor information and IS-IS LSP database information and the full SPF calculation will be done. Clears IS-IS LSP database information. Clears IS-IS counters.

database traffic
Command Modes

EXEC Privilege

clns host
e
Define a name-to-network service mapping point (NSAP) mapping that can then be used with commands that require NSAPs and system IDs.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

881

debug isis clns host name nsap name nsap

Defaults Command Modes Usage Information Related Commands Enter an alphanumeric string to identify the name-to-NSAP mapping. Enter a specific NSAP address that will be associated with the name parameter.

Syntax Parameters

Not configured. ROUTER ISIS Use this command to configure a shortcut name that can used instead of entering a long string of numbers associated with an NSAP address. hostname dynamic
Enables dynamic learning of hostnames from routers in the domain and allows the routers to advertise the hostnames in LSPs.

debug isis
e
Syntax

Enable debugging for all IS-IS operations. debug isis To disable debugging of IS-IS, enter no debug isis.

Command Modes Usage Information

EXEC Privilege Entering debug isis enables all debugging parameters. Use this command to display all debugging information in one output. To turn off debugging, you normally enter separate no forms of each command. Enter the no debug isis command to disable all debug messages for IS-IS at once.

debug isis adj-packets

e
Syntax

Enable debugging on adjacency-related activity such as hello packets that are sent and received on IS-IS adjacencies. debug isis adj-packets [interface] To turn off debugging, use the no debug isis adj-packets [interface] command.

882

Intermediate System to Intermediate System (IS-IS)

debug isis local-updates

Parameters

interface

(OPTIONAL) Identifies the interface type slot/port as one of the following: For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

Command Modes

EXEC Privilege

debug isis local-updates

e
Syntax

Enables debugging on a specific interface and provides diagnostic information to debug IS-IS local update packets. debug isis local-updates [interface] To turn off debugging, enter the no debug isis local-updates [interface] command.

Parameters

interface

Command Modes

EXEC Privilege

debug isis snp-packets

e
Enable debugging on a specific interface and provides diagnostic information to debug IS-IS complete sequence number PDU (CSNP) and partial sequence number PDU (PSNP) packets.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

883

debug isis spf-triggers debug isis snp-packets [interface] To turn off debugging, enter the no debug isis snp-packets [interface] command.
Parameters

Syntax

interface

(OPTIONAL) Identifies the interface type slot/port as one of the following: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

Command Modes

EXEC Privilege

debug isis spf-triggers

e
Syntax

Enable debugging on the events that triggered IS-IS shortest path first (SPF) events for debugging purposes. debug isis spf-triggers To turn off debugging, enter no debug isis spf-triggers.

Command Modes

EXEC Privilege

debug isis update-packets

e
Syntax

Enable debugging on Link State PDUs (LSPs) debug isis update-packets [interface]

that are detected by a router.

To turn off debugging, enter the no debug isis update-packets [interface] command.

884

Intermediate System to Intermediate System (IS-IS)

default-information originate

Parameters

interface

Command Modes

EXEC Privilege

default-information originate
e
Syntax

Generate a default route into an IS-IS routing domain and controls the distribution of default information. default-information originate [always] [metric metric] [route-map map-name] To disable the generation of a default route into the specified IS-IS routing domain, enter the no default-information originate [always] [metric metric] [route-map map-name] command.

Parameters

always metric metric

(OPTIONAL) Enter the keyword always to have the default route always advertised (OPTIONAL) Enter the keyword metric followed by a number to assign to the route. Range: 0 to 16777215 (OPTIONAL) A default route will be generated by the routing process if the route map is satisfied.

route-map map-name
Defaults Command Modes

Not configured. ROUTER ISIS (for IPv4) CONFIGURATION-ROUTER-ISIS-ADDRESS-FAMILY-IPV6 (for IPv6)

Command History

Version 7.5.1.0 Version 6.3.1.0

Introduced IPv6 ISIS support Introduced

Usage Information

When you use this command to redistribute routes into a routing domain, the router becomes an autonomous system (AS) boundary router. An AS boundary router does not always generate a default route into a routing domain. The router still requires its own default route before it can generate one.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

885

description

How a metric value assigned to a default route is advertised depends on how on the configuration of the metric-style command. If the metric-style is set for narrow mode and the metric value in the default-information originate command is set to a number higher than 63, the metric value advertised in LSPs will be 63. If the metric-style is set for wide mode, their the metric value in the default-information originate command is advertised.
Related Commands redistribute isis metric metric-style show isis database Redistribute routes from one routing domain to another routing domain. Configure a metric for an interface Set the metric style for the router. Display the IS-IS link state database.

description
ces
Syntax

Enter a description of the IS-IS routing protocol description {description} To remove the description, use the no description {description} command.

Parameters

description

Enter a description to identify the IS-IS protocol (80 characters maximum).

Defaults Command Modes Command History Related Commands

No default behavior or values ROUTER ISIS

pre-7.7.1.0 Introduced

router isis

Enter ROUTER mode on the switch.

distance
e
Syntax

Define the administrative distance for learned routes. distance weight [ip-address mask [prefix-list]] To return to the default values, enter the no distance weight command.

886

Intermediate System to Intermediate System (IS-IS)

distribute-list in

Parameters

weight

The administrative distance value indicates the reliability of a routing information source. Range: 1 to 255. (A higher relative value indicates lower reliability. Routes with smaller values are given preference.) Default: 115 (OPTIONAL) Enter an IP address in dotted decimal format and enter a mask in either dotted decimal or /prefix format. (OPTIONAL) Enter the name of a prefix list name.

ip-address mask prefix-list

Defaults Command Modes

weight = 115 ROUTER ISIS (for IPv4) CONFIGURATION-ROUTER-ISIS-ADDRESS-FAMILY-IPV6 (for IPv6)

Usage Information

The administrative distance indicates the trust value of incoming packets. A low administrative distance indicates a high trust rate. A high value indicates a lower trust rate. For example, a weight of 255 is interpreted that the routing information source is not trustworthy and should be ignored.

distribute-list in
e
Syntax

Filter network prefixes received in updates. distribute-list prefix-list-name in [interface] To return to the default values, enter the no distribute-list prefix-list-name in [interface] command.

Parameters

prefix-list-name interface

Specify the prefix list to filter prefixes in routing updates. (OPTIONAL) Identifies the interface type slot/port as one of the following: For a1- Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/ port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

Defaults Command Modes

Not configured. ROUTER ISIS (for IPv6)

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

887

distribute-list out

CONFIGURATION-ROUTER-ISIS-ADDRESS-FAMILY-IPV6 (for IPv6)

Command History Version 7.5.1.0 Version 6.3.1.0 Related Commands distribute-list out redistribute Introduced IPv6 ISIS support Introduced Suppress networks from being advertised in updates. Redistributes routes from one routing domain to another routing domain.

distribute-list out
e
Syntax

Parameters

prefix-list-name connected ospf process-id

Specify the prefix list to filter prefixes in routing updates. (OPTIONAL) Enter the keyword connected for directly connected routing process. (OPTIONAL) Enter the keyword ospf followed by the OSPF process-ID number. Range: 1 to 65535 (OPTIONAL) Enter the BGP followed by the AS Number. Range: 1 to 65535 (OPTIONAL) Enter the keyword rip for RIP routes. (OPTIONAL) Enter the keyword static for user-configured routing process.

bgp as number rip static

Defaults Command Modes

Not configured. ROUTER ISIS (for IPv4) CONFIGURATION-ROUTER-ISIS-ADDRESS-FAMILY-IPV6 (for IPv6)

Command History

Version 7.5.1.0 Version 6.3.1.0

Introduced IPv6 ISIS support Introduced

Usage Information Related Commands

You can assign a name to a routing process so a prefix list will be applied to only the routes derived from the specified routing process.
distribute-list in redistribute Filters networks received in updates. Redistributes routes from one routing domain to another routing domain.

888

Intermediate System to Intermediate System (IS-IS)

distribute-list redistributed-override

distribute-list redistributed-override
e
Syntax

Supress flapping of routes when the same route is redistributed into IS-IS from multiple routers in the network. distribute-list redistributed-override in To return to the default, use the no distribute-list redistributed-override in command.

Defaults Command Modes

No default behavior or values ROUTER ISIS (for IPv4) CONFIGURATION-ROUTER-ISIS-ADDRESS-FAMILY-IPV6 (for IPv6)

Command History

Version 7.8.1.0 Version 6.3.1.0

Introduced IPv6 ISIS support Introduced

Usage Information

When the command is executed, IS-IS will not download the route to the routing table if the same route was redistributed into IS-IS routing protocol on the same router.

domain-password
e
Syntax

Set the authentication password for a routing domain. domain-password [hmac-md5 | encryption-type ] password To disable the password, enter no domain-password.

Parameters

hmac-md5 encryption-type password

(OPTIONAL) Enter the keyword hmac-md5 to encrypt the password using MD5. (OPTIONAL) Enter 7 to encrypt the password using DES. Enter an alphanumeric string up to 16 characters long. If you do not specify an encryption type or hmac-md5 keywords, the password is processed as plain text which provides limited security.

Defaults Command Modes Usage Information Related Commands

No default password. ROUTER ISIS The domain password is inserted in Level 2 link state PDUs (LSPs), complete sequence number PDUs (CSNPs), and partial sequence number PDUs (PSNPs).
area-password isis password Configure an IS-IS area authentication password. Configure the authentication password for an interface.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

889

graceful-restart ietf

graceful-restart ietf
e
Syntax

Enable Graceful Restart on an IS-IS router. graceful-restart ietf To return to the default, use the no graceful-restart ietfcommand.

Parameters

ietf

Enter ietf to enable Graceful Restart on the IS-IS router.

Defaults Command Modes Command History Usage Information

Default is Graceful Restart disabled ROUTER ISIS

Version 8.3.1.0 Introduced on the E-Series

A Restart TLV included in every Graceful Restart enabled routers HELLO PDUs. This enables the (re)starting as well as the existing ISIS peers to detect the GR capability of the routers on the connected network. A flag in the Restart TLV contains Restart Request (RR), Restart Acknowledge (RA) and Suppress Adjacency Advertisement (SA) bit flags. The ISIS Graceful Restart enabled router can co-exist in mixed topologies where some routers are Graceful Restart enabled and others are not. For neighbors that are not Graceful Restart enabled, the restarting router brings up the adjacency per the susal methods.

graceful-restart interval
e
Syntax

Set the Graceful Restart grace period, the time during which all Graceful Restart attempts are prevented. graceful-restart interval minutes To return to the default, use the no graceful-restart interval command.

Parameters

minutes

Range: 1-20 minutes Default: 5 minutes

Defaults Command Modes Command History

5 minutes ROUTER ISIS

Version 8.3.1.0 Introduced on the E-Series

890

Intermediate System to Intermediate System (IS-IS)

graceful-restart t1

graceful-restart t1
e
Set the Graceful Restart wait time before unacknowledged restart requests are generated. This is the interval before the system sends a Restart Request (an IIH with RR bit set in Restart TLV) until the CSNP is reveived from the helping router. graceful-restart t1 {interval seconds | retry-times value} To return to the default, use the no graceful-restart t1command.
Parameters

Syntax

interval

Enter the keyword interval to set the wait time. Range: 5-120 seconds Default: 5 seconds Enter the keyword retry-times to set the number of times the request interval is extended until a CSNP is received from the helping router. Range: 1-10 attempts Default: 1

retry-times

Defaults Command Modes Command History

see above ROUTER ISIS

Version 8.3.1.0 Introduced on the E-Series

graceful-restart t2
e
Syntax

Configure thewait time for the Graceful Restart timer T2 that a restarting router uses as the wait time for each database to synchronize. graceful-restart t2 {level-1 | level-2} seconds To return to the default, use the no graceful-restart t2command.

Parameters

level-1, level-2 seconds

Enter the keyword level-1 or level-2 to identify the database instance type to which the wait interval applies. Range: 5-120 seconds Default: 30 seconds

Defaults Command Modes Command History

30 seconds ROUTER ISIS

Version 8.3.1.0 Introduced on the E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

891

graceful-restart t3

graceful-restart t3
e
Syntax

Configure the overall wait time before Graceful Restart is completed. graceful-restart t3 {adjacency | manual} seconds To return to the default, use the no graceful-restart t3command.

Parameters

adjacency

Enter the keyword adjacency so that the restarting router

receives the remaining time value from its peer and adjusts its T3 value accordingly if user has configured configured this option. manual
Enter the keyword manual to specify a time value that the restarting router uses. Range: 50-120 seconds default: 30 seconds

Defaults Command Modes Command History Usage Information

manual, 30 seconds ROUTER ISIS

Version 8.3.1.0 Introduced on the E-Series

The running router sets remaining time value to the current adjacency hold time. This can be overridden by implementing this command. Override the default restart-wait time by entering the no graceful-restart restart-wait command. When restart-wait is disabled, the current adjacency hold time is used. Be sure to set the t3 timer to adjacency on the restarting router when implementing this command. The restarting router gets the remaining time value from its peer and adjusts its T3 value accordingly only when you have configured graceful-restart t3 adjacency.

Related Commands

graceful-restart restart-wait

Enable the Graceful Restart maximum wait time before a restarting peer comes up.

graceful-restart restart-wait
e
Enable the Graceful Restart maximum wait time before a restarting peer comes up. Be sure to set the t3 timer to adjacency on the restarting router when implementing this command.
Syntax

graceful-restart restart-wait seconds To return to the default, use the no graceful-restart restart-wait command.

892

Intermediate System to Intermediate System (IS-IS)

hello padding

Parameters

seconds

Range: 5-300 seconds Default: 30 seconds

Defaults Command Modes Command History Related Commands

30 seconds ROUTER ISIS

Version 8.3.1.0 Introduced on the E-Series

graceful-restart t3

Configure the overall wait time before Graceful Restart is completed.

hello padding
e
Syntax

Use to turn ON or OFF padding for LAN and point-to-point hello PDUs or to selectively turn padding ON or OFF for LAN or point-to-point hello PDUs. hello padding [multi-point | point-to-point] To return to default, use no hello padding [multi-point | point-to-point].

Parameters

multi-point point-to-point

(OPTIONAL) Enter the keyword multi-point to pad only LAN hello PDUs. (OPTIONAL) Enter the keyword point-to-point to pad only point-to-point PDUs.

Defaults Command Modes Usage Information

Both LAN and point-to-point hello PDUs are padded. ROUTER ISIS IS-IS hellos are padded to the full maximum transmission unit (MTU) size. Padding IS-IS Hellos (IIHS) to the full MTU provides early error detection of large frame transmission problems or mismatched MTUs on adjacent interfaces.
isis hello padding Turn ON or OFF hello padding on an interface basis.

Related Commands

hostname dynamic
e
Syntax

Enables dynamic learning of hostnames from routers in the domain and allows the routers to advertise the hostname in LSPs. hostname dynamic To disable this command, enter no hostname dynamic.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

893

ignore-lsp-errors

Defaults Command Modes Usage Information Related Commands

Enabled. ROUTER ISIS Use this command to build name-to-systemID mapping tables through the protocol. All show commands that display systems also display the hostname.
clns host Define a name-to-NSAP mapping.

ignore-lsp-errors
e
Syntax

Ignore LSPs with bad checksums instead of purging those LSPs. ignore-lsp-errors To return to the default values, enter no ignore-lsp-errors.

Defaults Command Modes Usage Information

In IS-IS, the default deletes LSPs with internal checksum errors (no ignore-lsp-errors). ROUTER ISIS IS-IS normally purges LSPs with an incorrect data link checksum, causing the LSP source to regenerate the message. A cycle of purging and regenerating LSPs can occur when a network link continues to deliver accurate LSPs even though there is a link causing data corruption. This could cause disruption to your system operation.

ip router isis
e
Syntax

Configure IS-IS routing processes on an interface and attach an area tag name to the routing process. ip router isis [tag] To disable IS-IS on an interface, enter the no ip router isis [tag] command.

Parameters

tag

(OPTIONAL) The tag you specify identifies a specific area routing process. If you do not specify a tag, a null tag is assigned.

Defaults Command Modes Command History Usage Information

No processes are configured. INTERFACE

Version 7.5.1.0 Introduced

You must use the net command to assign a network entity title to enable IS-IS.

894

Intermediate System to Intermediate System (IS-IS)

ipv6 router isis

Related Commands

net router isis

Configures an IS-IS network entity title (NET) for the routing process. Enables the IS-IS routing protocol.

ipv6 router isis

e
Syntax

Enable the IPv6 IS-IS routing protocol and specify an IPv6 IS-IS process. ipv6 router isis [tag] To disable IS-IS routing, enter no router isis [tag].

Parameters

tag

(OPTIONAL) This is a unique name for a routing process. A null tag is assumed if the tag option is not specified. The tag name must be unique for all IP router processes for a given router.

Defaults Command Modes Command History Usage Information

Not configured. ROUTER ISIS

Version 7.5.1.0 Introduced on E-Series

You must configure a network entity title (the net command) to specify the area address and the router system ID. You must enable routing on one or more interfaces to establish adjacencies and establish dynamic routing. Only one IS-IS routing process can be configured to perform Level 2 routing. A level-1-2 designation performs Level 1 and Level 2 routing at the same time.

Related Commands

net is-type

Configure an IS-IS network entity title (NET) for a routing process. Assign a type for a given area.

isis circuit-type
e
Syntax

Configure the adjacency type on interfaces. isis circuit-type {level-1 | level-1-2 | level-2-only} To return to the default values, enter no isis circuit-type.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

895

isis csnp-interval

Parameters

level-1

You can form a Level 1 adjacency if there is at least one common area address between this system and neighbors. You cannot form Level 2 adjacencies on this interface. You can form a Level 1 and Level 2 adjacencies when the neighbor is also configured as Level-1-2 and there is at least one common area, if not, then a Level 2 adjacency is established. This is the default. You can form a Level 2 adjacencies when other Level 2 or Level 1-2 routers and their interfaces are configured for Level 1-2 or Level 2. Level 1 adjacencies cannot be established on this interface.

level-1-2

level-2-only

Defaults Command Modes Usage Information

level-1-2 INTERFACE Because the default establishes Level 1 and Level 2 adjacencies, you do not need to configure this command. Routers in an IS-IS system should be configured as a Level 1-only, Level 1-2, or Level 2-only system. Only configure interfaces as Level 1 or Level 2 on routers that are between areas (for example, a Level 1-2 router) to prevent the software from sending unused hello packets and wasting bandwidth.

isis csnp-interval
e
Syntax

Configure the IS-IS complete sequence number PDU (CSNP) interval on an interface. isis csnp-interval seconds [level-1 | level-2] To return to the default values, enter the no isis csnp-interval [seconds] [level-1 | level-2] command.

Parameters

seconds

Interval of transmission time between CSNPs on multi-access networks for the designated intermediate system. Range: 0 to 65535 Default: 10 (OPTIONAL) Independently configures the interval of time between transmission of CSNPs for Level 1. (OPTIONAL) Independently configures the interval of time between transmission of CSNPs for Level 2.

level-1 level-2

Defaults Command Modes Usage Information

seconds = 10; level-1 (if not otherwise specified) INTERFACE The default values of this command are typically satisfactory transmission times for a specific interface on a designated intermediate system. To maintain database synchronization, the designated routers send CSNPs.

896

Intermediate System to Intermediate System (IS-IS)

isis hello-interval

Level 1 and Level 2 CSNP intervals can be configured independently.

isis hello-interval
e
Syntax

Specify the length of time between hello packets sent. isis hello-interval seconds [level-1 | level-2] To return to the default values, enter the no isis hello-interval [seconds] [level-1 | level-2] command.

Parameters

seconds

Allows you to set the length of time between hello packet transmissions. Range: 1 to 65535 Default: 10 (OPTIONAL) Select this value to configure the hello interval for Level 1. This is the default. (OPTIONAL) Select this value to configure the hello interval for Level 2.

level-1 level-2
Defaults Command Modes Usage Information

seconds = 10; level-1 (if not otherwise specified) INTERFACE Hello packets are held for a length of three times the value of the hello interval. Use a high hello interval seconds to conserve bandwidth and CPU usage. Use a low hello interval seconds for faster convergence (but uses more bandwidth and CPU resources).
isis hello-multiplier Specifies the number of IS-IS hello packets a neighbor must miss before the router should declare the adjacency as down.

Related Commands

isis hello-multiplier
e
Syntax

Specify the number of IS-IS hello packets a neighbor must miss before the router declares the adjacency down. isis hello-multiplier multiplier [level-1 | level-2] To return to the default values, enter no isis hello-multiplier [multiplier] [level-1 | level-2].

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

897

isis hello padding

Parameters

multiplier

Specifies an integer that sets the multiplier for hello holding time. Never configure a hello-multiplier lower then the default (3). Range: 3 to 1000 Default: 3 (OPTIONAL) Select this value to configure the hello multiplier independently for Level 1 adjacencies. This is the default. (OPTONAL) Select this value to configure the hello multiplier independently for Level 2 adjacencies.

level-1

level-2

Defaults Command Modes Usage Information

multiplier =3; level-1 (if not otherwise specified) INTERFACE The holdtime (the product of the hello-multiplier multiplied by the hello-interval) determines how long a neighbor waits for a hello packet before declaring the neighbor is down so routes can be recalculated.I
isis hello-interval Specify the length of time between hello packets.

Related Commands

isis hello padding

e
Syntax

Turn ON or OFF padding of hello PDUs from the interface mode. isis hello padding To return to the default, use the no isis hello padding.

Defaults Command Modes Usage Information Related Commands

Padding of hello PDUs is enabled (ON). INTERFACE Hello PDUs are padded only when both the global and interface padding options are ON. Turning either one OFF will disable padding for the corresponding interface(s).
hello padding Turn ON or OFF padding for LAN and point-to-point hello PDUs.

isis ipv6 metric

e
Syntax

Assign metric to an interface for use with IPv6 information. isis ipv6 metric default-metric [level-1 | level-2] To return to the default values, enter no ipv6 isis metric [default-metric] [level-1 | level-2] command.

898

Intermediate System to Intermediate System (IS-IS)

isis metric

Parameters

default-metric

Metric assigned to the link and used to calculate the cost from each other router via the links in the network to other destinations. You can configure this metric for Level 1 or Level 2 routing. Range:0 to 16777215 Default: 10 (OPTIONAL) Enter level-1 to configure the shortest path first (SPF) calculation for Level 1 (intra-area) routing. This is the default. (OPTIONAL) Enter level-2 to configure the SPF calculation for Level 2 (inter-area) routing.

level-1

level-2

Defaults Command Modes Command History Usage Information

default-metric = 10; level-1 (if not otherwise specified) INTERFACE

Version 7.5.1.0 Introduced on E-Series

Force10 Networks recommends configuring metrics on all interfaces. Without configuring this command, the IS-IS metrics are similar to hop-count metrics.

isis metric
e
Syntax

Assign a metric to an interface. isis metric default-metric [level-1 | level-2] To return to the default values, enter no isis metric [default-metric] [level-1 | level-2].

Parameters

default-metric

Metric assigned to the link and used to calculate the cost from each other router via the links in the network to other destinations. You can configure this metric for Level 1 or Level 2 routing. Range: 0 to 63 for narrow and transition metric styles; 0 to 16777215 for wide metric styles. Default: 10 (OPTIONAL) Enter level-1 to configure the shortest path first (SPF) calculation for Level 1 (intra-area) routing. This is the default. (OPTIONAL) Enter level-2 to configure the SPF calculation for Level 2 (inter-area) routing.

level-1

level-2

Defaults Command Modes Usage Information

default-metric = 10; level-1 (if not otherwise specified) INTERFACE Force10 Networks recommends configuring metrics on all interfaces. Without configuring this command, the IS-IS metrics are similar to hop-count metrics.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

899

isis network point-to-point

e
Syntax

Enable the software to treat a broadcast interface as a point-to-point interface. isis network point-to-point To disable the feature, enter no isis network point-to-point.

Defaults Command Modes

Not enabled. INTERFACE

isis password
e
Syntax

Configure an authentication password for an interface. isis password [hmac-md5] password [level-1 | level-2] To delete a password, enter the no isis password [password] [level-1 | level-2] command.

Parameters

encryption-type hmac-md5 password level-1

(OPTIONAL) Enter 7 to encrypt the password using DES. (OPTIONAL) Enter the keyword hmac-md5 to encrypt the password using MD5. Assign the interface authentication password. (OPTIONAL) Independently configures the authentication password for Level 1. The router acts as a station router for Level 1 routing. This is the default. (OPTIONAL) Independently configures the authentication password for Level 2. The router acts as an area router for Level 2 routing.

level-2

Defaults Command Modes Usage Information

No default password. level-1 (if not otherwise specified) INTERFACE To protect your network from unauthorized access, use this command to prevent unauthorized routers from forming adjacencies. You can assign different passwords for different routing levels by using the level-1 and level-2 keywords. The no form of this command disables the password for Level 1 or Level 2 routing, using the respective keywords level-1 or level-2. This password provides limited security as it is processed as plain text.

900

Intermediate System to Intermediate System (IS-IS)

isis priority

isis priority
e
Syntax

Set priority of the designated router you select. isis priority value [level-1 | level-2] To return to the default values, enter the no isis priority [value] [level-1 | level-2] command.

Parameters

value

This value sets the router priority. The higher the value, the higher the priority. Range: 0 to 127 Default: 64 (OPTIONAL) Specify the priority for Level 1. This is the default. (OPTIONAL) Specify the priority for Level 2.

level-1 level-2
Defaults Command Modes Usage Information

value = 64; level-1 (if not otherwise specified) INTERFACE You can configure priorities independently for Level 1 and Level 2. Priorities determine which router on a LAN will be the designated router. Priorities are advertised within hellos. The router with the highest priority will become the designated intermediate system (DIS). Routers with priority of 0 cannot be a designated router. Setting the priority to 0 lowers the chance of this system becoming the DIS, but does not prevent it. If all the routers have priority 0, one with highest MAC address will become DIS even though its priority is 0.

is-type
e
Syntax

Configure IS-IS operating level for a router. is-type {level-1 | level-1-2 | level-2-only} To return to the default values, enter no is-type.

Parameters

level-1 level-1-2 level-2-only

Allows a router to act as a Level 1 router. Allows a router to act as both a Level 1 and Level 2 router. This is the default. Allows a router to act as a Level 2 router.

Defaults Command Modes Usage Information

level-1-2 ROUTER ISIS The IS-IS protocol automatically determines area boundaries and are able to keep Level 1 and Level 2 routing separate. Poorly planned use of this feature may cause configuration errors, such as accidental area partitioning. Publication Date: July 20, 2011 901

Command Line Reference for FTOS version 8.4.2.4

log-adjacency-changes

If you are configuring only one area in your network, you do not need to run both Level 1 and Level 2 routing algorithms. The IS type can be configured as Level 1.

log-adjacency-changes
e
Syntax

Generate a log messages for adjacency state changes. log-adjacency-changes To disable this function, enter no log-adjacency-changes.

Defaults Command Modes Usage Information

Adjacency changes are not logged. ROUTER ISIS This command enables you to monitor adjacency state changes, which is useful when you monitor large networks. Messages are logged in the system error message facility.

lsp-gen-interval
e
Syntax

Set the minimum interval between successive generations of link-state packets (LSPs). lsp-gen-interval [level-l | level-2] interval seconds [initial_wait_interval seconds [second_wait_interval seconds]] To restore default values, use the no lsp-gen-interval [level-l | level-2] interval seconds [initial_wait_interval seconds [second_wait_interval seconds]] command.

Parameters

level-l level-2 interval seconds

(OPTIONAL) Enter the keyword level-1 to apply the configuration to generation of Level-1 LSPs. (OPTIONAL) Enter the keyword level-2 to apply the configuration to generation of Level-2 LSPs. Enter the maximum number of seconds between LSP generations. Range: 0 to 120 seconds Default: 5 seconds (OPTIONAL) Enter the initial wait time, in seconds, before running the first LSP generation. Range: 0 to 120 seconds Default: 1 second (OPTIONAL) Enter the wait interval, in seconds, between the first and second LSP generation. Range: 0 to 120 seconds Default: 5 seconds

initial_wait_interval seconds

second_wait_interval seconds

Defaults

Defaults as above

902

Intermediate System to Intermediate System (IS-IS)

lsp-mtu

Command Modes Command History Usage Information

ROUTER ISIS
Version 7.5.1.0 Expanded to support LSP Throttling Enhancement

LSP throttling slows down the frequency at which LSPs are generated during network instability. Even though throttling LSP generations slows down network convergence, no throttling can result in a network not functioning as expected. If network topology is unstable, throttling slows down the scheduling of LSP generations until the topology regains its stability. The first generation is controlled by the initial wait interval and the second generation is controlled by the second wait interval. Each subsequent wait interval is twice as long as the previous one until the wait interval reaches the maximum wait time specified (interval seconds). Once the network calms down and there are no triggers for two times the maximum interval, fast behavior is restored (the initial wait time).

lsp-mtu
e
Syntax

Set the maximum transmission unit (MTU) of IS-IS link-state packets (LSPs). This command only limits the size of LSPs generated by this router. lsp-mtu size To return to the default values, enter no lsp-mtu.

Parameters

size

The maximum LSP size, in bytes. Range: 128 to 1497 for non-jumbo mode; 128 to 9195 for jumbo mode. Default: 1497

Defaults Command Modes Command History Usage Information

1497 bytes ROUTER ISIS

Version 7.5.1.0 Expanded to support LSP Throttling Enhancement

The link MTU (mtu command) and the LSP MTU size must be the same Since each device can generate a maximum of 255 LSPs, consider carefully whether the lsp-mtu command should be configured.

lsp-refresh-interval
e
Set the link state PDU (LSP) refresh interval. LSPs must be refreshed before they expire. When the LSPs are not refreshed after a refresh interval, they are kept in a database until their max-lsp-lifetime reaches zero and then LSPs will be purged. lsp-refresh-interval seconds Publication Date: July 20, 2011 903

Syntax

Command Line Reference for FTOS version 8.4.2.4

max-area-addresses To restore the default refresh interval, enter no lsp-refresh-interval.

Parameters

seconds

The LSP refresh interval, in seconds. This value has to be less than the seconds value specified with the max-lsp-lifetime command. Range: 1 to 65535 seconds. Default: 900

Defaults Command Modes Command History Usage Information

900 seconds ROUTER ISIS

Version 7.5.1.0 Expanded to support LSP Throttling Enhancement

The refresh interval determines the rate at which route topology information is transmitted preventing the information from becoming obsolete. The refresh interval must be less than the LSP lifetime specified with the max-lsp-lifetime command. A low value reduces the amount of time that undetected link state database corruption can persist at the cost of increased link utilization. A higher value reduces the link utilization caused by the flooding of refreshed packets.

Related Commands

max-lsp-lifetime

Sets the maximum interval that LSPs persist without being refreshed

max-area-addresses
e
Syntax

Configure manual area addresses. max-area-addresses number To return to the default values, enter no max-area-addresses.

Parameters

number

Set the maximum number of manual area addresses. Range: 3 to 6. Default: 3

Defaults Command Modes Usage Information

3 addresses ROUTER ISIS Use this command to configure the number of area addresses on router. This value should be consistent with routers in the same area, or else, the router will form only Level 2 adjacencies. The value should be same among all the routers to form Level 1 adjacencies.

904

Intermediate System to Intermediate System (IS-IS)

max-lsp-lifetime

max-lsp-lifetime
e
Syntax

Set the maximum time that link-state packets (LSPs) exist without being refreshed. max-lsp-lifetime seconds To restore the default time, enter no max-lsp-lifetime.

Parameters

seconds

The maximum lifetime of LSP in seconds. This value must be greater than the lsp-refresh-interval. The higher the value the longer the LSPs are kept. Range: 1 to 65535 Default: 1200

Defaults Command Modes Usage Information

1200 seconds ROUTER ISIS Change the maximum LSP lifetime with this command. The maximum LSP lifetime must always be greater than the LSP refresh interval. The seconds parameter enables the router to keep LSPs for the specified length of time. If the value is higher, the overhead is reduced on slower-speed links.

Related Commands

lsp-refresh-interval

Use this command to set the link-state packet (LSP) refresh interval.

maximum-paths
e
Syntax

Allows you to configure the maximum number of equal cost paths allowed in a routing table. maximum-paths number To return to the default values, enter no maximum-paths.

Parameters

number

Enter a number as the maximum number of parallel paths an IP routing installs in a routing table. Range: 1 to 16. Default: 4

Defaults Command Mode

4 ROUTER ISIS (for IPv4) CONFIGURATION-ROUTER-ISIS-ADDRESS-FAMILY-IPV6 (for IPv6)

Command History

Version 7.8.1.0 Version 6.3.1.0

Introduced MT ISIS support Introduced

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

905

metric-style

metric-style
e
Syntax

Configure a router to generate and accept old-style, new-style, or both styles of type, length, and values (TLV). metric-style {narrow [transition] | transition | wide [transition]} [level-1 | level-2] To return to the default values, enter the no metric-style {narrow [transition] | transition | wide [transition]} [level-1 | level-2] command.

Parameters

narrow transition

Allows you to configure the E-Series to generate and accept old-style TLVs. Metric range: 0 to 63 Allows you to configure the E-Series to generate both old-style and new-style TLVs. Metric range: 0 to 63 Allows you to configure the E-Series to generate and accept only new-style TLVs. Metric range: 0 to 16777215 Enables the metric style on Level 1. Enables the metric style on Level 2.

wide

level-1 level-2
Defaults Command Modes Usage Information

narrow; if no Level is specified, Level-1 and Level-2 are configured. ROUTER ISIS If you enter the metric-style wide command, the FTOS generates and accepts only new-style TLVs. The router uses less memory and other resources rather than generating both old-style and new-style TLVs. The new-style TLVs have wider metric fields than old-style TLVs.

Related Commands

isis metric

Use this command to configure a metric for an interface.

multi-topology
e
Syntax

Enables Multi-Topology IS-IS. It also allows enabling/disabling of old and new style TLVs for IP prefix information in the LSPs. multi-topology [transition] To return to a single topology configuration, enter no multi-topology [transition] .

Parameters Defaults Command Mode

transition

Disabled CONFIGURATION-ROUTER-ISIS-ADDRESS-FAMILY-IPV6

906

Intermediate System to Intermediate System (IS-IS)

net

Command History

Version 7.8.1.0

Introduced

net
e
Syntax

Use this mandatory command to configure an IS-IS network entity title (NET) for a routing process. If a NET is not configured, the IS-IS process will not start. net network-entity-title To remove a net, enter no net network-entity-title.

Parameters

network-entity-title

Specify the area address and system ID for an IS-IS routing process. The first 1 to 13 bytes identify the area address. The next 6 bytes identify the system ID. The last 1 byte is the selector byte, always identified as zero zero (00). This argument can be applied to an address or a name.

Defaults Command Modes

Not configured. ROUTER ISIS

passive-interface
e
Syntax

Suppress routing updates on an interface. This command stops the router from sending updates on that interface. passive-interface interface To delete a passive interface configuration, enter the no passive-interface interface command.

Parameters

interface

Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For Loopback interface, enter the keyword loopback followed by a number from zero (0) to 16383. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

907

redistribute

Defaults Command Modes Usage Information

Not configured. ROUTER ISIS Although the passive interface will neither send nor receive routing updates, the network on that interface will still be included in IS-IS updates sent via other interfaces

redistribute
e
Syntax

Redistribute routes from one routing domain to another routing domain. redistribute {static | connected | rip} [level-1 | level-1-2 | level-2] [metric metric-value] [metric-type {external | internal}] [route-map map-name] To end redistribution or disable any of the specified keywords, enter the no redistribute {static | connected | rip} [metric metric-value] [metric-type {external | internal}] [level-1 | level-1-2 | level-2] [route-map map-name] command.

Parameters

connected rip static metric metric-value

Enter the keyword connected redistribute active routes into IS-IS. Enter the keyword rip to redistribute RIP routes into IS-IS. Enter the keyword static to redistribute user-configured routes into IS-IS. (OPTIONAL) Assign a value to the redistributed route. Range: 0 to 16777215 Default: 0. You should use a value that is consistent with the destination protocol. (OPTIONAL) The external link type associated with the default route advertised into a routing domain. You must specify one of the following:

metric-type {external | internal}

external internal level-1 level-1-2 level-2

(OPTIONAL) Routes are independently redistributed into IS-IS as Level 1 routes. (OPTIONAL) Routes are independently redistributed into IS-IS as Level-1-2 routes. (OPTIONAL) Routes are independently redistributed into IS-IS as Level 2 routes. This is the default. (OPTIONAL) If the route-map argument is not entered, all routes are redistributed. If a map-name value is not specified, then no routers are imported.

route-map map-name

Defaults Command Modes

metric metric-value = 0; metric-type= internal; level-2 ROUTER ISIS (for IPv4) CONFIGURATION-ROUTER-ISIS-ADDRESS-FAMILY-IPV6 (for IPv6)

908

Intermediate System to Intermediate System (IS-IS)

redistribute bgp

Command History

Version 7.5.1.0 Version 6.3.1.0

Introduced IPv6 ISIS support Introduced

Usage Information

To redistribute a default route (0.0.0.0/0), configure the default-information originate command. Changing or disabling a keyword in this command will not affect the state of the other command keywords. When an LSP with an internal metric is received, the FTOS considers the route cost taking into consideration the advertised cost to reach the destination. Redistributed routing information is filtered with the distribute-list out command to ensure that the routes are properly are passed to the receiving routing protocol. How a metric value assigned to a redistributed route is advertised depends on how on the configuration of the metric-style command. If the metric-style command is set for narrow or transition mode and the metric value in the redistribute command is set to a number higher than 63, the metric value advertised in LSPs will be 63. If the metric-style command is set for wide mode, an the metric value in the redistribute command is advertised.

Related Commands

default-information originate distribute-list out

Generate a default route for the IS-IS domain. Suppress networks from being advertised in updates. Redistributed routing information is filtered by this command.

redistribute bgp
e
Syntax

Redistribute routing information from a BGP process. (new command in Release 6.3.1) redistribute bgp AS number [level-1| level-1-2 | level-2] [metric metric-value] [metric-type {external| internal} ] [route-map map-name] To return to the default values, enter the no redistribute bgp command with the appropriate parameters.

Parameters

AS number level-1 level-1-2 level-2

Enter a number that corresponds to the Autonomous System number. Range: 1 to 65355 (OPTIONAL) Routes are independently redistributed into IS-IS Level 1 routes only (OPTIONAL) Routes are independently redistributed into IS-IS Level 1 and Level 2 routes. (OPTIONAL) Routes are independently redistributed into IS-IS as Level 2 routes only. This is the default. (OPTIONAL) The value used for the redistributed route. You should use a metric value that is consistent with the destination protocol. Range: 0 to 16777215 Default: 0.

metric metric-value

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

909

redistribute ospf

metric-type {external| internal}

(OPTIONAL) The external link type associated with the default route advertised into a routing domain. The two options are: external internal

route-map map-name

map-name is an identifier for a configured route map.

The route map should filter imported routes from the source routing protocol to the current routing protocol. If you do not specify a map-name, all routes are redistributed. If you specify a keyword, but fail to list route map tags, no routes will be imported.

Defaults Command Modes

IS-IS Level 2 routes only ROUTER ISIS (for IPv4) CONFIGURATION-ROUTER-ISIS-ADDRESS-FAMILY-IPV6 (for IPv6)

Example

Figure 292 redistribute bgp Command Example

Force10(conf)#router is Force10(conf-router_isis)#redistribute bgp 1 level-1 metric 32 metric-type external route-map rmap-isis-to-bgp Force10(conf-router_bgp)#show running-config isis ! router isis redistribute bgp 1 level-1 metric 32 metric-type external route-map rmap-isis-to-bgp

Command History

Version 7.5.1.0 Version 6.3.1.0

Introduced IPv6 ISIS support Introduced

Usage Information

BGP to IS-IS redistribution supports match options using route maps. The metric value, level, and metric-type of redistributed routes can be set by the redistribution command. More advanced set options can be performed using route maps.

redistribute ospf
e
Syntax

Redistribute routing information from an OSPF process. redistribute ospf process-id [level-1| level-1-2 | level-2] [match {internal | external}] [metric metric-value] [metric-type {external | internal}] [route-map map-name] To return to the default values, enter the no redistribute ospf process-id [level-1| level-1-2 | level-2] [match {internal | external}] [metric metric-value][metric-type {external | internal}] [route-map map-name] command.

910

Intermediate System to Intermediate System (IS-IS)

redistribute ospf

Parameters

process-id

Enter a number that corresponds to the OSPF process ID to be redistributed. Range: 1 to 65355 (OPTIONAL) The value used for the redistributed route. You should use a metric value that is consistent with the destination protocol. Range: 0 to 16777215 Default: 0. (OPTIONAL) The external link type associated with the default route advertised into a routing domain. The two options are: external internal

metric metric-value

metric-type {external | internal}

level-1 level-1-2 level-2

(OPTIONAL) Routes are independently redistributed into IS-IS as Level 1 routes. (OPTIONAL) Routes are independently redistributed into IS-IS as Level-1-2 routes. (OPTIONAL) Routes are independently redistributed into IS-IS as Level 2 routes. This is the default. (OPTIONAL) The command used for OSPF to route and redistribute into other routing domains. The values are

match {external | internal}

internal external route-map map-name map-name is an identifier for a configured route map. The route map should filter imported routes from the source routing protocol to the current routing protocol.
If you do not specify a map-name, all routes are redistributed. If you specify a keyword, but fail to list route map tags, no routes will be imported. Defaults Command Modes

As above ROUTER ISIS (for IPv4) CONFIGURATION-ROUTER-ISIS-ADDRESS-FAMILY-IPV6 (for IPv6)

Command History

Version 7.5.1.0 Version 6.3.1.0

Introduced IPv6 ISIS support Introduced

Usage Information

How a metric value assigned to a redistributed route is advertised depends on how on the configuration of the metric-style command. If the metric-style command is set for narrow mode and the metric value in the redistribute ospf command is set to a number higher than 63, the metric value advertised in LSPs will be 63. If the metric-style command is set for wide mode, an the metric value in the redistribute ospf command is advertised.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

911

router isis

router isis
e
Syntax

Allows you to enable the IS-IS routing protocol and to specify an IP IS-IS process. router isis [tag] To disable IS-IS routing, enter no router isis [tag].

Parameters

tag

(OPTIONAL) This is a unique name for a routing process. A null tag is assumed if the tag option is not specified. The tag name must be unique for all IP router processes for a given router.

Defaults Command Modes Usage Information

Not configured. ROUTER ISIS You must configure a network entity title (the net command) to specify the area address and the router system ID. You must enable routing on one or more interfaces to establish adjacencies and establish dynamic routing. Only one IS-IS routing process can be configured to perform Level 2 routing. A level-1-2 designation performs Level 1 and Level 2 routing at the same time.

Related Commands

ip router isis net is-type

Configure IS-IS routing processes for IP on interfaces and attach an area designator to the routing process. Configure an IS-IS network entity title (NET) for a routing process. Assign a type for a given area.

set-overload-bit
e
Syntax

Configure the router to set the overload bit in its non-pseudonode LSPs. This prevents other routers from using it as an intermediate hop in their shortest path first (SPF) calculations. set-overload-bit To return to the default values, enter no set-overload-bit.

Defaults Command Mode

Not set. ROUTER ISIS (for IPv4) CONFIGURATION-ROUTER-ISIS-ADDRESS-FAMILY-IPV6 (for IPv6)

Usage Information

Set the overload bit when a router experiences problems, such as a memory shortage due to an incomplete link state database which can result in an incomplete or inaccurate routing table. If you set the overload bit in its LSPs, other routers ignore the unreliable router in their SPF calculations until the router has recovered.

912

Intermediate System to Intermediate System (IS-IS)

show config

Command History

Version 7.8.1.0 Version 6.3.1.0

Introduced MT ISIS support Introduced

show config
e
Syntax Command Modes

Display the changes you made to the IS-IS configuration. Default values are not shown. show config ROUTER ISIS (for IPv4) CONFIGURATION-ROUTER-ISIS-ADDRESS-FAMILY-IPV6 (for IPv6)

Examples

Figure 293 Command Example: show config (router-isis mode)

Force10(conf-router_isis)#show config ! router isis clns host ISIS 49.0000.0001.F100.E120.0013.00 log-adjacency-changes net 49.0000.0001.F100.E120.0013.00 ! address-family ipv6 unicast maximum-paths 16 Identifies that Multi-Topology multi-topology transition IS-IS is enabled in transition set-overload-bit mode spf-interval level-1 100 15 20 spf-interval level-2 120 20 25 exit-address-family

Figure 294 Command Example: show config (address-family-ipv6 mode)

Force10(conf-router_isis-af_ipv6)#show conf ! address-family ipv6 unicast maximum-paths 16 Identifies that Multi-Topology multi-topology transition IS-IS is enabled in transition set-overload-bit mode spf-interval level-1 100 15 20 spf-interval level-2 120 20 25 exit-address-family

show isis database

e
Syntax Parameters

Display the IS-IS link state database. show isis database [level-1 | level-2] [local] [detail | summary] [lspid] level-1 level-2 local
(OPTIONAL) Displays the Level 1 IS-IS link-state database. (OPTIONAL) Displays the Level 2 IS-IS link-state database. (OPTIONAL) Displays local link-state database information.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

913

show isis database

detail summary lspid

Command Modes

(OPTIONAL) Detailed link-state database information of each LSP displays when specified. If not specified, a summary displays. (OPTIONAL) Summary of link-state database information displays when specified. (OPTIONAL) Display only the specified LSP.

EXEC EXEC Privilege

914

Intermediate System to Intermediate System (IS-IS)

show isis database Figure 295 Command Example: show isis database
Force10#show isis database IS-IS Level-1 Link State Database LSPID LSP Seq Num ISIS.00-00 * 0x00000006 LSP Checksum 0xCF43 LSP Holdtime 580 LSP Holdtime 580 ATT/P/OL 0/0/0 ATT/P/OL 0/0/0

Example

IS-IS Level-2 Link State Database LSPID LSP Seq Num LSP Checksum ISIS.00-00 * 0x00000006 0xCF43 ! Force10#show isis database detail ISIS.00-00 IS-IS Level-1 Link State Database LSPID LSP Seq Num LSP Checksum ISIS.00-00 * 0x0000002B 0x853B Area Address: 49.0000.0001 NLPID: 0xCC 0x8E IP Address: 10.1.1.1 IPv6 Address: 1011::1 Topology: IPv4 (0x00) IPv6 (0x8002) Metric: 10 IS OSPF.00 Metric: 10 IS (MT-IPv6) OSPF.00 Metric: 10 IP 15.1.1.0 255.255.255.0 Metric: 10 IPv6 (MT-IPv6) 1511::/64 Metric: 10 IPv6 (MT-IPv6) 2511::/64 Metric: 10 IPv6 (MT-IPv6) 1011::/64 Metric: 10 IPv6 1511::/64 Metric: 10 IP 10.1.1.0 255.255.255.0 Hostname: ISIS IS-IS Level-2 Link State Database LSPID LSP Seq Num LSP Checksum ISIS.00-00 * 0x0000002D 0xB2CD Area Address: 49.0000.0001 NLPID: 0xCC 0x8E IP Address: 10.1.1.1 IPv6 Address: 1011::1 Topology: IPv4 (0x00) IPv6 (0x8002) Metric: 10 IS OSPF.00 Metric: 10 IS (MT-IPv6) OSPF.00 Metric: 10 IP 10.1.1.0 255.255.255.0 Metric: 10 IP 15.1.1.0 255.255.255.0 Metric: 20 IP 10.3.3.0 255.255.255.0 Metric: 10 IPv6 (MT-IPv6) 1011::/64 Metric: 10 IPv6 (MT-IPv6) 1511::/64 Metric: 10 IPv6 (MT-IPv6) 2511::/64 Metric: 20 IPv6 (MT-IPv6) 1033::/64 Metric: 10 IPv6 2511::/64 Metric: 20 IPv6 1033::/64 Hostname: ISIS Force10#

LSP Holdtime 1075

ATT/P/OL 0/0/0

LSP Holdtime 1075

ATT/P/OL 0/0/0 Multi-Topology IS-IS is enabled

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

915

show isis graceful-restart detail

Table 81 Command Example Fields Field

IS-IS Level-1/Level-2 Link State Database LSPID

Description
Displays the IS-IS link state database for Level 1 or Level 2. Displays the LSP identifier. The first six octets are the System ID of the originating router. The next octet is the pseudonode ID. If this byte is not zero, then the LSP describes system links. If this byte is zero (0), then the LSP describes the state of the originating router. The designated router for a LAN creates and floods a pseudonode LSP and describes the attached systems. The last octet is the LSP number. An LSP will be divided into multiple LSP fragments if there is more data than cannot fit in a single LSP. Each fragment has a unique LSP number. An * after the LSPID indicates that an LSP was originated by the system where this command was issued. This value is the sequence number for the LSP that allows other systems to determine if they have received the latest information from the source. This is the checksum of the entire LSP packet. This value is the amount of time, in seconds, that the LSP remains valid. A zero holdtime indicates that this is a purged LSP and is being removed from the link state database. A value between brackets indicates the duration that the purged LSP stays in the database before being removed. This value represents the Attach bit. This indicates that the router is a Level 2 router and can reach other areas. Level 1-only routers and Level 1-2 routers that have lost connection to other Level 2 routers use the Attach bit to find the closest Level 2 router. They point a default route to the closest Level 2 router. This value represents the P bit. This bit will always set be zero as Force10 Networks does not support area partition repair. This value represents the overload bit, determining congestion. If the overload bit is set, other routers will not use this system as a transit router when calculating routes.

LSP Seq Num

LSP Checksum LSP Holdtime

ATT

P OL

show isis graceful-restart detail

e
Syntax Command Modes

Display detailed IS-IS Graceful Restart related settings. show isis graceful-restart detail EXEC EXEC Privilege

Command History

Version 8.3.1.0

Introduced on the E-Series

916

Intermediate System to Intermediate System (IS-IS)

show isis hostname Figure 296 Command Example: show isis graceful-restart detail
Force10#show isis graceful-restart detail Configured Timer Value ====================== Graceful Restart : Enabled T3 Timer : Manual T3 Timeout Value : 30 T2 Timeout Value : 30 (level-1), 30 (level-2) T1 Timeout Value : 5, retry count: 1 Adjacency wait time : 30 Operational Timer Value ====================== Current Mode/State T3 Time left T2 Time left Restart ACK rcv count Restart Req rcv count Suppress Adj rcv count Restart CSNP rcv count Database Sync count Force10#

Example

: : : : : : : :

Normal/RUNNING 0 0 (level-1), 0 0 (level-1), 0 0 (level-1), 0 0 (level-1), 0 0 (level-1), 0 0 (level-1), 0

(level-2) (level-2) (level-2) (level-2) (level-2) (level-2)

show isis hostname

e
Syntax Command Modes

Display IS-IS host names configured or learned on the E-Series. show isis hostname EXEC EXEC Privilege

Example

Figure 297 Command Example: show isis hostname

Force10#show isis hostname System Id Dynamic Name *F100.E120.0013 Force10 Force10# Static Name ISIS

show isis interface

e
Syntax

Display detailed IS-IS interface status and configuration information. show isis interface [interface]

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

917

show isis neighbors

Parameters

interface

(OPTIONAL) Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For Loopback interface, enter the keyword loopback followed by a number from zero (0) to 16383. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

Command Modes

EXEC EXEC Privilege

Example

Figure 298 Command Example: show isis interface (Partial)

Force10>show isis int GigabitEthernet 0/7 is up, line protocol is up MTU 1497, Encapsulation SAP Routing Protocol: IS-IS Circuit Type: Level-1-2 Interface Index 37847070, Local circuit ID 1 Level-1 Metric: 10, Priority: 64, Circuit ID: Hello Interval: 10, Hello Multiplier: Number of active level-1 adjacencies: 1 Level-2 Metric: 10, Priority: 64, Circuit ID: Hello Interval: 10, Hello Multiplier: Number of active level-2 adjacencies: 1 Next IS-IS LAN Level-1 Hello in 2 seconds Next IS-IS LAN Level-2 Hello in 1 seconds LSP Interval: 33 GigabitEthernet 0/8 is up, line protocol is up MTU 1497, Encapsulation SAP Routing Protocol: IS-IS Circuit Type: Level-1-2 Interface Index 38371358, Local circuit ID 2 Level-1 Metric: 10, Priority: 64, Circuit ID: Hello Interval: 10, Hello Multiplier: Number of active level-1 adjacencies: 1 Level-2 Metric: 10, Priority: 64, Circuit ID: Hello Interval: 10, Hello Multiplier: --More--

systest-3.01 3, CSNP Interval: 10 systest-3.01 3, CSNP Interval: 10

systest-3.02 3, CSNP Interval: 10 systest-3.02 3, CSNP Interval: 10

show isis neighbors

e
Syntax

Display information about neighboring (adjacent) routers. show isis neighbors [level-1 | level-2] [detail] [interface]

918

Intermediate System to Intermediate System (IS-IS)

show isis neighbors

Parameters

level-1 level-2 detail interface

(OPTIONAL) Displays information about Level 1 IS-IS neighbors. (OPTIONAL) Displays information about Level 2 IS-IS neighbors. (OPTIONAL) Displays detailed information about neighbors. (OPTIONAL) Identifies the interface type slot/port as one of the following: For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

Command Modes

EXEC EXEC Privilege

Example

Figure 299 Command Example: show isis neighbors

Force10#show isis neighbors System Id Interface State Type Priority TEST Gi 7/1 Up L1L2(M) 127 ! Force10#show isis neighbors detail System Id Interface State Type Priority TEST Gi 7/1 Up L1L2(M) 127 49.0000.0001 IP Address(es): 25.1.1.3* MAC Address: 0000.0000.0000 Hold Time: 28 Link Local Address: fe80::201:e8ff:fe00:492c Topology: IPv4 IPv6 , Common (IPv4 IPv6 ) Adjacency being used for MTs: IPv4 IPv6 Force 10#

Uptime 09:28:01 Uptime 09:28:04

Circuit Id TEST.02 Circuit Id TEST.02 Area Address(es):

Identifiesd Multi-Topology ISIS enabled

Table 82 show isis neighbors Command Example Fields Field

System Id Interface State Type Priority Uptime Circuit Id

Description
The value that identifies a system in an area. The interface, slot, and port in which the router was discovered. The value providing status about the adjacency state. The valid values are Up and Init. This value displays the adjacency type (Layer 2, Layer 2 or both), and . IS-IS priority advertised by the neighbor. The neighbor with highest priority becomes the designated router for the interface. Displays the interfaces uptime. The neighbors interpretation of the designated router for the interface.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

919

show isis protocol

Usage Information

Use this command to confirm that the neighbor adjacencies are operating correctly. If you suspect that they are not, you can verify the specified area addresses of the routers by using the show isis neighbors command.

show isis protocol

e
Syntax Command Modes

Display IS-IS routing information. show isis protocol EXEC EXEC Privilege

Example

Figure 300 Command Example: show isis protocol

Force10#show isis protocol IS-IS Router: <Null Tag> System Id: F100.E120.0013 IS-Type: level-1-2 Manual area address(es): 49.0000.0001 Routing for area address(es): 49.0000.0001 Interfaces supported by IS-IS: GigabitEthernet 1/0 - IP - IPv6 GigabitEthernet 1/1 - IP - IPv6 GigabitEthernet 1/10 - IP - IPv6 Loopback 0 - IP - IPv6 Redistributing: Distance: 115 Generate narrow metrics: level-1-2 Identifies that MT IS-IS Accept narrow metrics: level-1-2 is enabled. Generate wide metrics: none Accept wide metrics: none Multi Topology Routing is enabled in transition mode. Force10#

show isis traffic

e
Syntax

This command enables you to display IS-IS traffic interface information. show isis traffic [interface]

920

Intermediate System to Intermediate System (IS-IS)

show isis traffic

Parameters

interface

Command Modes

EXEC EXEC Privilege

Example

Figure 301 Command Example: show isis traffic

Force10#sho is traffic IS-IS: Level-1 Hellos (sent/rcvd) : 0/721 IS-IS: Level-2 Hellos (sent/rcvd) : 900/943 IS-IS: PTP Hellos (sent/rcvd) : 0/0 IS-IS: Level-1 LSPs sourced (new/refresh) : 0/0 IS-IS: Level-2 LSPs sourced (new/refresh) : 1/3 IS-IS: Level-1 LSPs flooded (sent/rcvd) : 0/0 IS-IS: Level-2 LSPs flooded (sent/rcvd) : 5934/5217 IS-IS: Level-1 LSPs CSNPs (sent/rcvd) : 0/0 IS-IS: Level-2 LSPs CSNPs (sent/rcvd) : 472/238 IS-IS: Level-1 LSPs PSNPs (sent/rcvd) : 0/0 IS-IS: Level-2 LSPs PSNPs (sent/rcvd) : 10/337 IS-IS: Level-1 DR Elections : 4 IS-IS: Level-2 DR Elections : 4 IS-IS: Level-1 SPF Calculations : 0 IS-IS: Level-2 SPF Calculations : 389 IS-IS: LSP checksum errors received : 0 IS-IS: LSP authentication failures : 0 Force10#

Table 83 Command Example Fields Item

Level-1/Level-2 Hellos (sent/ rcvd) PTP Hellos (sent/rcvd) Level-1/Level-2 LSPs sourced (new/refresh) Level-1/Level-2 LSPs flooded (sent/rcvd) Level-1/Level-2 LSPs CSNPs (sent/rcvd) Level-1/Level-2 LSPs PSNPs (sent/rcvd) Level-1/Level-2 DR Elections

Description
Displays the number of Hello packets sent and received. Displays the number of point-to-point Hellos sent and received. Displays the number of new and refreshed LSPs. Displays the number of flooded LSPs sent and received. Displays the number of CSNP LSPs sent and received. Displays the number of PSNP LPSs sent and received. Displays the number of times designated router elections ran.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

921

spf-interval

Table 83 Command Example Fields (continued) Item

Level-1/Level-2 SPF Calculations LSP checksum errors received LSP authentication failures

Description
Displays the number of shortest path first calculations. Displays the number of checksum errors LSPs received. Displays the number of LSP authentication failures.

spf-interval
e
Syntax

Specify the minimum interval between Shortest Path First (SPF) calculations. spf-interval [level-l | level-2] interval seconds [initial_wait_interval seconds [second_wait_interval seconds]] To restore default values, use the no spf-interval [level-l | level-2] interval seconds [initial_wait_interval seconds [second_wait_interval seconds]] command.

Parameters

level-l level-2 interval seconds

(OPTIONAL) Enter the keyword level-1 to apply the configuration to Level-1 SPF calculations. (OPTIONAL) Enter the keyword level-2 to apply the configuration to Level-2 SPF calculations. Enter the maximum number of seconds between SPF calculations. Range: 0 to 120 seconds Default: 10 seconds (OPTIONAL) Enter the initial wait time, in seconds, before running the first SPF calculations. Range: 0 to 120 seconds Default: 5 second (OPTIONAL) Enter the wait interval, in seconds, between the first and second SPF calculations. Range: 0 to 120 seconds Default: 5 seconds

initial_wait_interval seconds

second_wait_interval seconds

Defaults Command Modes

Defaults as above ROUTER ISIS (for IPv4) CONFIGURATION-ROUTER-ISIS-ADDRESS-FAMILY-IPV6 (for IPv6)

Command History

Version 7.8.1.0 Version 7.5.1.0

Introduced to support MT ISIS Expanded to support SPF Throttling Enhancemen

Usage Information

This command spf-interval in CONFIG-ROUTER-ISIS-AF-IPV6 mode is used for IPv6 Multi-Topology route computation only. If using simgle topology mode, use the spf-interval comand in CONFIG-ROUTER-ISIS mode for both IPv4 and IPv6 route computations.

922

Intermediate System to Intermediate System (IS-IS)

spf-interval

SPF throttling slows down the frequency at which route calculation are performed during network instability. Even though throttling route calculations slows down network convergence, not throttling can result in a network not functioning as expected. If network topology is unstable, throttling slows down the scheduling of route calculations until the topology regains its stability. The first route calculation is controlled by the initial wait interval and the second calculation is controlled by the second wait interval. Each subsequent wait interval is twice as long as the previous one until the wait interval reaches the maximum wait time specified (interval seconds). Once the network calms down and there are no triggers for two times the maximum interval, fast behavior is restored (the initial wait time).

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

923

spf-interval

924

Intermediate System to Intermediate System (IS-IS)

Chapter 29

Link Aggregation Control Protocol (LACP)

Overview
This chapter contains commands for Force10s implementation of Link Aggregation Control Protocol (LACP) for the creation of dynamic link aggregration groups (LAGs called port-channels in FTOS parlance). For static LAG commands, see the section Port Channel Commands in the Interfaces chapter), based on the standards specified in the IEEE 802.3 Carrier sense multiple access with collision detection (CSMA/CD) access method and physical layer specifications. Commands in this chapter generally are supported on all three Force10 platforms C-Series, E-Series, and S-Series as indicated by the following symbols under command headings: c e s

Commands
Use the following commands for LACP: clear lacp counters debug lacp lacp long-timeout lacp port-priority lacp system-priority port-channel mode port-channel-protocol lacp show lacp

In addition, an FTOS option provides hitless dynamic LACP states (no noticeable impact to dynamic LACP states after an RPM failover) on E-Series. See redundancy protocol in the High Availability chapter.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

925

clear lacp counters

ces
Syntax Parameters

Clear Port Channel counters. clear lacp port-channel-number counters port-channel-number

Enter a port-channel number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale.

Defaults Command Modes

Without a Port Channel specified, the command clears all Port Channel counters. EXEC EXEC Privilege

Command History

Version 7.6.1.0 Version 7.5.1.0 Version 6.2.1.1

Support added for S-Series Support added for C-Series Introduced on E-Series Display the lacp configuration

Related Commands

show lacp

debug lacp
ces
Syntax

Parameters

config events

(OPTIONAL) Enter the keyword config to debug the LACP configuration. (OPTIONAL) Enter the keyword events to debug LACP event information.

926

Link Aggregation Control Protocol (LACP)

lacp long-timeout

pdu in | out

(OPTIONAL) Enter the keyword pdu to debug LACP Protocol Data Unit information. Optionally, enter an in or out parameter to: Receive enter in Transmit enter out

interface in | out

(OPTIONAL) Enter the following keywords and slot/port or number information: For a 100/1000 Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a SONET interface, enter the keyword sonet followed by the slot/ port information. For a Ten Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. Receive enter in Transmit enter out

Optionally, enter an in or out parameter: Defaults Command Modes

This command has no default values or behavior EXEC EXEC Privilege

Command History

Version 7.6.1.0 Version 7.5.1.0 Version 6.2.1.1

Support added for S-Series Support added for C-Series Introduced on E-Series

lacp long-timeout
ce
Syntax

Configure a long timeout period (30 seconds) for an LACP session. lacp long-timeout To reset the timeout period to a short timeout (1 second), use the no lacp long-timeout command.

Defaults Command Modes Command History

1 second INTERFACE (conf-if-po-number)

Version 7.6.1.0 Version 7.5.1.0 Version 7.5.1.0 Support added for S-Series Support added for C-Series Introduced on E-Series

Usage Information

This command applies to dynamic port-channel interfaces only. When applied on a static port-channel, the command has no effect.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

927

lacp port-priority

Related Commands

show lacp

Display the lacp configuration

lacp port-priority
ces
Syntax

Configure the port priority to influence which ports will be put in standby mode when there is a hardware limitation that prevents all compatible ports from aggregating. lacp port-priority priority-value To return to the default setting, use the no lacp port-priority priority-value command.

Parameters

priority-value

Enter the port-priority value. The higher the value number the lower the priority. Range: 1 to 65535 Default: 32768

Defaults Command Modes Command History

32768 INTERFACE
Version 7.6.1.0 Version 7.5.1.0 Version 6.2.1.1 Support added for S-Series Support added for C-Series Introduced on E-Series

lacp system-priority
ces
Syntax Parameters

Configure the LACP system priority. lacp system-priority priority-value priority-value

Enter the system-priority value. The higher the value, the lower the priority. Range: 1 to 65535 Default: 32768

Defaults Command Modes Command History

32768 CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 Version 6.2.1.1 Support added for S-Series Support added for C-Series Introduced on E-Series

928

Link Aggregation Control Protocol (LACP)

port-channel mode

port-channel mode
ces
Syntax Parameters

Configure the LACP port channel mode. port-channel number mode [active] [passive] [off] number
Enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. Enter the keyword active to set the mode to the active state.* Enter the keyword passive to set the mode to the passive state.* Enter the keyword off to set the mode to the off state.*

active passive off

* The LACP modes are defined in the table below.

Defaults Command Modes Command History

off INTERFACE
Version 7.6.1.0 Version 7.5.1.0 Version 6.2.1.1 Support added for S-Series Support added for C-Series Introduced

Usage Information

The LACP modes are defined in the following table. Table 84 LACP Modes Mode active Function
An interface is in an active negotiating state in this mode. LACP runs on any link configured in the active state and also automatically initiates negotiation with other ports by initiating LACP packets. An interface is not in an active negotiating state in this mode. LACP runs on any link configured in the passive state. Ports in a passive state respond to negotiation requests from other ports that are in active states. Ports in a passive state respond to LACP packets. An interface can not be part of a dynamic port channel in the off mode. LACP will not run on a port configured in the off mode.

passive

off

port-channel-protocol lacp
ces
Syntax

Enable LACP on any LAN port. port-channel-protocol lacp To disable LACP on a LAN port, use the no port-channel-protocol lacp command.

Command Modes

INTERFACE Publication Date: July 20, 2011 929

Command Line Reference for FTOS version 8.4.2.4

show lacp

Command History Related Commands

Version 6.2.1.1

Introduced

show lacp show interfaces port-channel

Display the LACP information. Display information on configured Port Channel groups.

show lacp
ces
Syntax Parameters

Display the LACP matrix. show lacp port-channel-number [sys-id | counters] port-channel-number
Enter a port-cahnnel number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. (OPTIONAL) Enter the keyword sys-id and the value that identifies a system. (OPTIONAL) Enter the keyword counters to display the LACP counters.

sys-id counters

Command Modes

EXEC EXEC Privilege

Command History

Version 7.6.1.0 Version 7.5.1.0 Version 6.2.1.1

Support added for S-Series Support added for C-Series Introduced

Example 1

Figure 302 show lacp port-channel-number command

Force10#show lacp 1 Port-channel 1 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e800.a12b Partner System ID: Priority 32768, Address 0001.e801.45a5 Actor Admin Key 1, Oper Key 1, Partner Oper Key 1 LACP LAG 1 is an aggregatable link A E I M P Active LACP, B - Passive LACP, C - Short Timeout, D - Long Timeout Aggregatable Link, F - Individual Link, G - IN_SYNC, H - OUT_OF_SYNC Collection enabled, J - Collection disabled, K - Distribution enabled L - Distribution disabled, Partner Defaulted, N - Partner Non-defaulted, O - Receiver is in expired state, Receiver is not in expired state

Port Gi 10/6 is enabled, LACP is enabled and mode is lacp Actor Admin: State ACEHJLMP Key 1 Priority 128 Oper: State ACEGIKNP Key 1 Priority 128 Partner Admin: State BDFHJLMP Key 0 Priority 0 Oper: State BCEGIKNP Key 1 Priority 128 Force10#

930

Link Aggregation Control Protocol (LACP)

show lacp

Example 2

Figure 303 show lacp sys-id command Example

Force10#show lacp 1 sys-id Actor System ID: Priority 32768, Address 0001.e800.a12b Partner System ID: Priority 32768, Address 0001.e801.45a5 Force10#

Example 3

Figure 304 show lacp counter command Example

Force10#show lacp 1 counters ---------------------------------------------------------------------LACP PDU Marker PDU Unknown Illegal Port Xmit Recv Xmit Recv Pkts Rx Pkts Rx ---------------------------------------------------------------------Gi 10/6 200 200 0 0 0 0 Force10#

Related Commands

clear lacp counters show interfaces port-channel

Clear the LACP counters. Display information on configured Port Channel groups.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

931

show lacp

932

Link Aggregation Control Protocol (LACP)

Chapter 30
Overview

Layer 2

This chapter describes commands to configure Layer 2 features. It contains the following sections: MAC Addressing Commands Virtual LAN (VLAN) Commands

Some MAC addressing commands are supported only on the E-Series, some on all three Force10 platforms, and some on two Force10 platforms. Support is indicated by these characters, where appropriate, under each command heading: c e s The VLAN commands are supported on all three Force10 platforms c e s

MAC Addressing Commands

The following commands are related to configuring, managing, and viewing MAC addresses: clear mac-address-table dynamic mac accounting destination mac-address-table aging-time mac-address-table static mac-address-table station-move threshold mac-address-table station-move time-interval mac-address-table station-move refresh-arp mac cam fib-partition mac learning-limit mac learning-limit learn-limit-violation mac learning-limit station-move-violation mac learning-limit reset show cam mac linecard (count) show cam maccheck linecard show cam mac linecard (dynamic or static) show cam mac stack-unit show mac-address-table show mac-address-table aging-time

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

933

clear mac-address-table dynamic

show mac accounting destination show mac cam show mac learning-limit

clear mac-address-table dynamic

ces
Syntax

Clear the MAC address table of all MAC address learned dynamically. clear mac-address-table dynamic {address mac-address | all | interface interface | vlan vlan-id} address mac-address all interface interface
Enter the keyword address followed by a MAC address in nn:nn:nn:nn:nn:nn format. Enter the keyword all to delete all MAC address entries in the MAC address table. Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Parameters

vlan vlan-id

Enter the keyword vlan followed by a VLAN ID number from 1 to 4094.

Command Modes Command History

EXEC Privilege
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

934

Layer 2

mac accounting destination

e
Syntax

Configure a destination counter for Layer 2 traffic. mac accounting destination {mac-address vlan vlan-id | vlan} [bytes | packets] To delete a destination counter, enter no mac accounting destination.

Parameters

mac-address vlan vlan-id

Enter the MAC address in the nn:nn:nn:nn:nn:nn format to count Layer 2 packets or bytes sent to that MAC address. Enter the keyword vlan followed by the VLAN ID to count Layer 2 packets or bytes sent to the VLAN. Range: 1 to 4094. (OPTIONAL) Enter the keyword bytes to count only bytes (OPTIONAL) Enter the keyword packets to count only packets.

bytes packets
Defaults Command Modes Command History Usage Information

Not configured. INTERFACE (available on physical interfaces only)

Version 7.4.1.0 Introduced on E-Series

You must place the interface in Layer 2 mode (using the switchport command) prior to configuring the mac accounting destination command.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

935

mac-address-table aging-time

mac-address-table aging-time
ces
Syntax Parameters

Specify an aging time for MAC addresses to be removed from the MAC Address Table. mac-address-table aging-time seconds seconds
Enter either zero (0) or a number as the number of seconds before MAC addresses are relearned. To disable aging of the MAC address table, enter 0. E-Series Range from CONFIGURATION mode: 10 - 1000000 E-Series Range from INTERFACE VLAN mode: 1 - 1000000 C-Series and S-Series Range: 10 - 1000000 Default: 1800 seconds

Defaults Command Modes

1800 seconds CONFIGURATION INTERFACE VLAN (E-Series only)

Command History

Version 8.3.1.0

On the E-Series, available in INTERFACE VLAN context and reduced minimum aging time in INTERFACE VLAN context from 10 seconds to 1 second. Introduced on S-Series Introduced on C-Series Introduced on E-Series Set the MAC address learning limits for a selected interface. Display the MAC aging time.

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Related Commands mac learning-limit

show mac-address-table aging-time

936

Layer 2

mac-address-table static

mac-address-table static
ces
Syntax

Associate specific MAC or hardware addresses to an interface and VLANs. mac-address-table static mac-address output interface vlan vlan-id To remove a MAC address, use the no mac-address-table static mac-address output interface vlan vlan-id command.

Parameters

mac-address output interface

Enter the 48-bit hexidecimal address in nn:nn:nn:nn:nn:nn format. Enter the keyword output followed by one of the following interfaces: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

vlan vlan-id

Enter the keyword vlan followed by a VLAN ID. Range:1 to 4094.

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series Displays the MAC address table.

Related Commands

show mac-address-table

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

937

mac-address-table station-move threshold

ce
Change the frequency with which the MAC address station-move trap is sent after a MAC address changes in a VLAN. A trap is sent if a station move is detected above a threshold number of times in a given interval. [no] mac-address-table station-move threshold number interval count threshold number
Enter the keyword threshold followed by the number of times MAC addresses in VLANs can change before an SNMP trap is sent. Range: 1 to 10 Enter the keyword interval followed by the number of seconds. Range: 5 to 60

Syntax Parameters

interval seconds

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 7.5.1.0 pre-Version 6.2.1.1 Introduced on C-Series Introduced on E-Series

Usage Information

For information on the specific trap sent and the corresponding Syslog refer to Appendix B, SNMP Traps.

938

Layer 2

mac-address-table station-move time-interval

e
Syntax Parameters

Reduce the amount of time FTOS takes to detect aged entries and station moves. [no] mac-address-table station-move time-interval number time-interval number
Select the interval of the successive scans of the MAC address table that are used to detect a aged entries and station moves. Range: 500 to 5000ms

Defaults Command Modes Command History Usage Information

5000ms CONFIGURATION
Version 7.8.1.0 Introduced on E-Series

FTOS takes 4 to 5 seconds to detect aged entries and station moves because the MAC address table scanning routine runs every 5000 ms by default. To achieve faster detection, reduce the scanning interval.

mac-address-table station-move refresh-arp

ces
Syntax Defaults Command Modes Command History

Ensure that ARP refreshes the egress interface when a station move occurs due to a topology change. [no] mac-address-table station-move refresh-arp No default values or behavior CONFIGURATION
Version 7.7.1.0 Version 7.6.1.0 Version 7.4.1.0 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

See the NIC Teaming section of the Layer 2 chapter in the FTOS Configuration Guide for details on using this command.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

939

mac cam fib-partition

e
Syntax

Reapportion the amount of Content Addressable Memory (CAM) available for MAC address learning (FIB) versus the amount available for MAC ACLs on a line card. mac cam fib-partition {25 | 50 | 75 | 100} slot-number To return to the default setting, enter no mac cam fib-partition.

Parameters

25 50 75 100

Enter the keyword 25 to set aside 25% of the CAM for MAC address learning. Enter the keyword 50 to set aside 50% of the CAM for MAC address learning. Enter the keyword 75 to set aside 75% of the CAM for MAC address learning. Enter the keyword 100 to set aside 100% of the MAC CAM for MAC address learning. With this configuration, no MAC ACLs are processed. Enter the line card slot number. Range: 0 to 13 for the E1200 0 to 6 for the E600 0 to 5 for the E300

slot-number

Defaults Command Modes Usage Information Related Commands

75 (75% of the MAC CAM for MAC address learning) CONFIGURATION After setting the CAM partition size, the line card resets.

show mac cam

Display the current MAC CAM partition values.

940

Layer 2

mac learning-limit

mac learning-limit
ces
Syntax

Limit the maximum number of MAC addresses (static + dynamic) learned on a selected interface. mac learning-limit address_limit [vlan vlan-id] [dynamic] [no-station-move | station-move] [sticky] address_limit
Enter the maximum number of MAC addresses that can be learned on the interface. Range: 1 to 1000000 E-Series only: Enter the keyword followed by the VLAN ID. Range: 1-4094 (OPTIONAL) Enter the keyword dynamic to allow aging of MACs even though a learning limit is configured. (OPTIONAL) Enter the keyword no-station-move to disallow a station move (associate the learned MAC address with the most recently accessed port) on learned MAC addresses. (OPTIONAL) Enter the keyword station-move to allow a station move on learned MAC addresses. (OPTIONAL) C-Series and S-Series only: Enter the keyword sticky to enable sticky MAC-address learning, which converts dynamically-learned MAC addresses on a port or port-channel interface to sticky MAC addresses that prevent trusted devices from moving to a different interface.

Parameters

vlan vlan-id dynamic no-station-move

station-move sticky

Defaults

On C-Series, the default behavior is no-station-move + static. On E-Series, the default behavior is station-move + static. Static means manually entered addresses, which do not age.

Command Modes Command History

INTERFACE
Version 8.4.2.3 Version 8.3.1.0 Version 8.2.1.0 Version 7.7.1.0 Version 6.5.1.0 Added the sticky option on the C-Series and S-Series. Added vlan option on E-Series. Introduced on S-Series Introduced on C-Series; added station-move option Added support for MAC Learning-Limit on LAG

Usage Information

This command and its options are supported on physical interfaces, static LAGs, LACP LAGs, and VLANs. If the vlan option is not specified, then the MAC address counters is not VLAN-based. That is, the sum of the addresses learned on all VLANs (not having any learning limit configuration) is counted against the MAC learning limit. MAC Learning Limit violation logs and actions are not available on a per-VLAN basis. With the keyword no-station-move option, MAC addresses learned through this feature on the selected interface will persist on a per-VLAN basis, even if received on another interface. Enabling or disabling this option has no effect on already learned MAC addresses.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

941

mac learning-limit

Once the MAC address learning limit is reached, the MAC addresses do not age out unless you add the dynamic option. To clear statistics on MAC address learning, use the clear counters command with the learning-limit parameter.

Note: If you configure this command on an interface in a routed VLAN, and once the MAC addresses learned reaches the limit set in the mac learning-limit command, IP protocols are affected. For example, VRRP sets multiple VRRP Masters, and OSPF may not come up.
When a channel member is added to a port-channel and there is not enough ACL CAM space, then the MAC limit functionality on that port-channel is undefined. When this occurs, unconfigure the existing configuration first and then reapply the limit with a lower value. When you enable sticky MAC-address learning (sticky), dynamically-learned MAC addresses of trusted devices are added to the running configuration and stick to the port or VLAN on which they are learned even if an interface goes down and comes back up. If you save sticky MAC addresses to the start-up configuration file by entering the write config command, the addresses are deleted from the running-configuration, do not have to be dynamically relearned, and do not change when the switch reboots. Any sticky MAC addresses learned after the write config is performed are not saved after a reboot.
Related Commands clear counters clear mac-address-table dynamic show mac learning-limit Clear counters used in the show interface command Clear the MAC address table of all MAC address learned dynamically. Display MAC learning-limit configuration.

942

Layer 2

mac learning-limit learn-limit-violation

ces
Syntax

Configure an action for a MAC address learning-limit violation. mac learning-limit learn-limit-violation {log | shutdown} To return to the default, use the no mac learning-limit learn-limit-violation {log | shutdown} command.

Parameters

log shutdown

Enter the keyword log to generate a syslog message on a learning-limit violation. Enter the keyword shutdown to shut down the port on a learning-limit violation.

Defaults Command Modes Command History

No default behavior or values INTERFACE (conf-if-interface-slot/port)

Version 8.2.1.0 Version 7.8.1.0 Version 7.5.1.0 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information Related Commands

This is supported on physical interfaces, static LAGs, and LACP LAGs.

show mac learning-limit

Display details of the mac learning-limit

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

943

mac learning-limit station-move-violation

ces
Syntax

Specify the actions for a station move violation. mac learning-limit station-move-violation {log | shutdown-both | shutdown-offending | shutdown-original} To disable a configuration, use the no mac learning-limit station-move-violation command, followed by the configured keyword.

Parameters

log shutdown-both shutdown-offending shutdown-original

Enter the keyword log to generate a syslog message on a station move violation. Enter the keyword shutdown to shut down both the original and offending interface and generate a syslog message. Enter the keyword shutdown-offending to shut down the offending interface and generate a syslog message. Enter the keyword shutdown-original to shut down the original interface and generate a syslog message.

Defaults Command Modes Command History

No default behavior or values INTERFACE (conf-if-interface-slot/port)

Version 8.2.1.0 Version 7.8.1.0 Version 7.5.1.0 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information Related Commands

This is supported on physical interfaces, static LAGs, and LACP LAGs.

show mac learning-limit

Display details of the mac learning-limit

mac learning-limit reset

ces
Syntax Defaults Command Modes

Reset the MAC address learning-limit error-disabled state. mac learning-limit reset No default behavior or values EXEC EXEC Privilege

Command History

Version 8.2.1.0 Version 7.7.1.0 Version 7.5.1.0

Introduced on S-Series Introduced on C-Series Introduced on E-Series

944

Layer 2

show cam mac linecard (count)

e
Syntax Display the CAM size and the portions allocated for MAC addresses and for MAC ACLs.

show cam mac linecard slot port-set port-pipe count [vlan vlan-id] [interface interface] linecard slot
(REQUIRED) Enter the keyword linecard followed by a slot number to select the linecard for which to gather information. E-Series range: 0 to 6. (REQUIRED) Enter the keyword port-set followed by a Port-Pipe number to select the Port-Pipe for which to gather information. E-Series range: 0 or 1 (REQUIRED) Enter the keyword count to display CAM usage by interface type. (OPTIONAL) Enter the keyword interface followed by the interface type, slot and port information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Parameters

port-set port-pipe

count interface interface

vlan vlan-id

(OPTIONAL) Enter the keyword vlan followed by the VLAN ID to display the MAC address assigned to the VLAN. Range: 1 to 4094.

Command Modes

EXEC EXEC Privilege

Command History

pre-Version 6.2.1.1

Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

945

show cam maccheck linecard

c
Syntax Parameters Display the results of the BCMI2 check command.

show cam maccheck linecard slot port-set port-pipe linecard slot

(REQUIRED) Enter the keyword linecard followed by a slot number to select the linecard for which to gather information. C300 range: 0 to 7; C150 range: 0 to 4 (REQUIRED) Enter the keyword port-set followed by a Port-Pipe number to select the Port-Pipe for which to gather information. Range: 0 or 1

port-set port-pipe

Command Modes

EXEC EXEC Privilege

Command History Example

Version 7.6.1.0

Introduced on C-Series

Figure 305 show cam maccheck linecard Command Output Example

Force10#show cam maccheck linecard 2 port-set 0 Dumping entries. From 0 to 16383. Progress . marks 100 memory table entries. ............................Index 5576 (0x15c8) has valid entries (H: 2b9, E: 0) <MAC_ADDR=0xffffffffffff,VLAN_ID=0xfff,PRI=0,CPU=0,DST_DISCARD=0,SRC_DISCARD=0,SCP =0,TGID_LO=0,PORT_TGID=0,TGID_PORT=0,T=0,TGID_HI=0,L2MC_PTR=0,MODULE_ID=0,REMOTE_T RUNK=0,L3=0,MAC_BLOCK_INDEX=0,STATIC_BIT=1,RPE=0,MIRROR=0,VALID=1,EVEN_PARITY=0,HI TDA=0,HITSA=0> ..........Index 6592 (0x19c0) has valid entries (H: 338, E: 0) <MAC_ADDR=0xa0000000,VLAN_ID=0xffe,PRI=0,CPU=0,DST_DISCARD=0,SRC_DISCARD=0,SCP=0,T GID_LO=0,PORT_TGID=0,TGID_PORT=0,T=0,TGID_HI=0,L2MC_PTR=0,MODULE_ID=0x10,REMOTE_TR UNK=0,L3=0,MAC_BLOCK_INDEX=0,STATIC_BIT=0,RPE=0,MIRROR=0,VALID=1,EVEN_PARITY=1,HIT DA=1,HITSA=1> !-------------output truncated-------------------!

Usage Information

Use this command to check various flags associated with each MAC address in the CAM. Figure 305 shows information for two MAC addresses. The second entry is for MAC address 00:00:a0:00:00:00 (leading 0s are not shown), which is shown as learned on VLAN ID 4094 (0xfff), as shown below in Figure 306 and Figure 307. Above, STATIC_BIT=0 means that the address is dynamically learned. When an entry is listed as STATIC_BIT=1, its HIT_SA is 0, which signifies that this address is not getting continuously learned trough traffic. The HIT_DA is set when a new learn happens, and after the first age sweep, it gets reset.

Example

Figure 306 show mac-address-table Command Output Example

Force10#show mac-address-table VlanId Mac Address 4094 00:00:a0:00:00:00 Type Interface Dynamic Gi 2/0 State Active

!-------------output truncated-------------------!

946

Layer 2

show cam mac linecard (dynamic or static)

Example

Figure 307 show cam mac linecard Command Output Example

Force10#show cam mac linecard 2 port-set 0 VlanId Mac Address Region Interface 0 ff:ff:ff:ff:ff:ff STATIC 00001 4094 00:00:a0:00:00:00 DYNAMIC Gi 2/0 !-------------output truncated-------------------!

show cam mac linecard (dynamic or static)

ce
Syntax Display the CAM size and the portions allocated for MAC addresses and for MAC ACLs.

show cam mac linecard slot port-set port-pipe [address mac_addr | dynamic | interface interface | static | vlan vlan-id] linecard slot
(REQUIRED) Enter the keyword linecard followed by a slot number to select the linecard for which to gather information. C-Series Range: 0 to 4 (C150); 0 to 8 (C300) E-Series Range: 0 to 6 (REQUIRED) Enter the keyword port-set followed by a Port-Pipe number to select the Port-Pipe for which to gather information. Range: 0 or 1 (OPTIONAL) Enter the keyword address followed by a MAC address in the nn:nn:nn:nn:nn:nn format to display information on that MAC address. (OPTIONAL) Enter the keyword dynamic to display only those MAC addresses learned dynamically by the switch. (OPTIONAL) Enter the keyword interface followed by the interface type, slot and port information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Parameters

port-set port-pipe

address mac-addr

dynamic interface interface

static vlan vlan-id

(OPTIONAL) Enter the keyword static to display only those MAC address specifically configured on the switch. (OPTIONAL) Enter the keyword vlan followed by the VLAN ID to display the MAC address assigned to the VLAN. Range: 1 to 4094.

Command Modes

EXEC EXEC Privilege

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

947

show cam mac linecard (dynamic or static)

Command History

Version 7.5.1.0 pre-Version 6.2.1.1

Added support for C-Series Introduced on E-Series

Example

Figure 308 show cam mac linecard Command Example

Force10#show cam mac linecard 1 port-set 0 Port - (TableID) assignments: 00(01) 01(01) 02(01) 03(01) 04(01) 05(01) 06(01) 07(01) 08(01) 09(01) 10(01) 11(01) 12(01) 13(01) 14(01) 15(01) 16(01) 17(01) 18(01) 19(01) 20(01) 21(01) 22(01) 23(01) Index Table ID VlanId Mac Address Region Interface 0 1 0 00:01:e8:0d:b7:3b LOCAL_DA 1e000 1 1 0 00:01:e8:0d:b7:3a LOCAL_DA 1e000 101 0 0 00:01:e8:00:04:00 SYSTEM_STATIC 01c05 102 0 0 01:80:00:00:00:00 SYSTEM_STATIC 01c05 103 0 0 01:00:0c:cc:cc:cc SYSTEM_STATIC 01c01 104 0 0 01:80:c2:00:00:02 SYSTEM_STATIC 01c02 105 0 0 01:80:c2:00:00:0e SYSTEM_STATIC 01c01 106 0 0 00:01:e8:0d:b7:68 SYSTEM_STATIC DROP 107 0 0 00:01:e8:0d:b7:67 SYSTEM_STATIC DROP 108 0 0 00:01:e8:0d:b7:66 SYSTEM_STATIC DROP 109 0 0 00:01:e8:0d:b7:65 SYSTEM_STATIC DROP 110 0 0 00:01:e8:0d:b7:64 SYSTEM_STATIC DROP 111 0 0 00:01:e8:0d:b7:63 SYSTEM_STATIC DROP 112 0 0 00:01:e8:0d:b7:62 SYSTEM_STATIC DROP 113 0 0 00:01:e8:0d:b7:61 SYSTEM_STATIC DROP 114 0 0 00:01:e8:0d:b7:60 SYSTEM_STATIC DROP 115 0 0 00:01:e8:0d:b7:5f SYSTEM_STATIC DROP 116 0 0 00:01:e8:0d:b7:5e SYSTEM_STATIC DROP 117 0 0 00:01:e8:0d:b7:5d SYSTEM_STATIC DROP Force10#

948

Layer 2

show cam mac stack-unit

s
Syntax

Display the Content Addressable Memory (CAM) size and the portions allocated for MAC addresses and for MAC ACLs. show cam mac stack-unit unit_number port-set port-pipe count [vlan vlan-id] [interface interface] stack-unit unit_number port-set port-pipe
(REQUIRED) Enter the keyword linecard followed by a stack member number to select the linecard for which to gather information. S-Series Range: 0 to 1 (REQUIRED) Enter the keyword port-set followed by a Port-Pipe number to select the Port-Pipe for which to gather information. S-Series range: 0 or 1 (OPTIONAL) Enter the keyword address followed by a MAC address in the nn:nn:nn:nn:nn:nn format to display information on that MAC address. (OPTIONAL) Enter the keyword dynamic to display only those MAC addresses learned dynamically by the switch. (OPTIONAL) Enter the keyword static to display only those MAC address specifically configured on the switch. (OPTIONAL) Enter the keyword interface followed by the interface type, slot and port information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: S-Series Range: 1-128 For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Parameters

address mac-addr

dynamic static interface interface

vlan vlan-id

(OPTIONAL) Enter the keyword vlan followed by the VLAN ID to display the MAC address assigned to the VLAN. Range: 1 to 4094.

Command Modes

EXEC EXEC Privilege

Command History

Version 7.6.1.0

This version of the command introduced for S-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

949

show mac-address-table

show mac-address-table
ces
Syntax Display the MAC address table.

show mac-address-table [dynamic | static] [address mac-address | interface interface | vlan vlan-id] [count [vlan vlan-id] [interface interface-type [slot [/port]]]] dynamic
(OPTIONAL) Enter the keyword dynamic to display only those MAC addresses learned dynamically by the switch. Optionally, you can also add one of these combinations: address/mac-address, interface/interface, or vlan vlan-id. (OPTIONAL) Enter the keyword static to display only those MAC address specifically configured on the switch. Optionally, you can also add one of these combinations: address/mac-address, interface/interface, or vlan vlan-id. (OPTIONAL) Enter the keyword address followed by a MAC address in the nn:nn:nn:nn:nn:nn format to display information on that MAC address. (OPTIONAL) Enter the keyword interface followed by the interface type, slot and port information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Parameters

static

address mac-address

interface interface

interface interface-type vlan vlan-id

(OPTIONAL) Instead of entering the keyword interface followed by the interface type, slot and port information, as above, you can enter the interface type, followed by just a slot number. (OPTIONAL) Enter the keyword vlan followed by the VLAN ID to display the MAC address assigned to the VLAN. Range: 1 to 4094. (OPTIONAL) Enter the keyword count, followed optionally, by an interface or VLAN ID, to display total or interface-specific static addresses, dynamic addresses, and MAC addresses in use.

count

Command Modes

EXEC EXEC Privilege

Command History

Version 8.4.2.3 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1

Added support for sticky-MAC learned addresses on the C-Series and S-Series. Introduced on S-Series Introduced on C-Series Introduced on E-Series

950

Layer 2

show mac-address-table

Example

Figure 309 show mac-address-table Command Example

Force10#show mac-address-table VlanId Mac Address 999 00:00:00:00:00:19 999 00:00:00:00:00:29 10 00:00:00:11:11:11 Force10# Type Dynamic Dynamic Sticky Interface Gi 0/1 Gi 0/2 Gi 0/3 State Active Active Active

Table 85 show mac-address-table Information Column Heading Description

VlanId Mac Address Type Displays the VLAN ID number. Displays the MAC address in nn:nn:nn:nn:nn:nn format. Lists whether the MAC address was manually configured (Static), learned dynamically (Dynamic), or learned on a port configured for sticky-MAC learning (Sticky). Displays the interface type and slot/port information. The following abbreviations describe the interface types: State giGigabit Ethernet followed by a slot/port. poPort Channel followed by a number. Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale soSonet followed by a slot/port. te10-Gigabit Ethernet followed by a slot/port.

Interface

Lists if the MAC address is in use (Active) or not in use (Inactive).

Figure 310 show mac-address-table count Command Example

Force10#show mac-address-table count MAC Entries for all vlans : Dynamic Address Count : Static Address (User-defined) Count : Total MAC Addresses in Use: Force10#

5 0 5

Table 86 show mac-address-table count Information Line Beginning with

MAC Entries... Dynamic Address ... Static Address ... Total MAC...

Description
Displays the number of MAC entries learnt per VLAN. Lists the number of dynamically learned MAC addresses. Lists the number of user-defined MAC addresses. Lists the total number of MAC addresses used by the switch.

Related Commands

show mac-address-table aging-time

Display MAC aging time.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

951

show mac-address-table aging-time

ces
Syntax Parameters Display the aging times assigned to the MAC addresses on the switch.

show mac-address-table aging-time [vlan vlan-id] vlan vlan-id

On the E-Series, enter the keyword vlan followed by the VLAN ID to display the MAC address aging time for MAC addresses on the VLAN. Range: 1 to 4094.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.3.1.0 Version 7.7.1.0 pre-Version 6.2.1.1

Added the vlan option on the E-Series. Introduced on C-Series and S-Series Introduced on E-Series

Example

Figure 311 show mac-address-table aging-time Command Example

Force10#show mac-address-table aging-time Mac-address-table aging time : 1800 Force10#

Related Commands

show mac-address-table

Display the current MAC address configuration.

952

Layer 2

show mac accounting destination

e
Syntax Display destination counters for Layer 2 traffic (available on physical interfaces only).

show mac accounting destination [mac-address vlan vlan-id] [interface interface [mac-address vlan vlan-id] [vlan vlan-id] ] [vlan vlan-id] mac-address interface interface
(OPTIONAL) Enter the MAC address in the nn:nn:nn:nn:nn:nn format to display information on that MAC address. (OPTIONAL) Enter the keyword interface followed by the interface type, slot and port information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Parameters

vlan vlan-id

(OPTIONAL) Enter the keyword vlan followed by the VLAN ID to display the MAC address assigned to that VLAN. Range: 1 to 4094.

Command Modes

EXEC EXEC Privilege

Command History Usage Information

pre-Version 6.2.1.1

Introduced on E-Series

MAC Accounting information can be accessed using SNMP via the Force10 Monitor MIB. For more information on enabling SNMP, refer to Chapter 3 of the FTOS Configuration Guide.

Note: Currently, the Force10 MONITOR MIB does not return the MAC addresses in an increasing order via SNMP. As a workaround, you can use the -C c option in snmpwalk or snmpbulkwalk to access the Force10 MONITOR MIB. For example:
% snmpwalk -C c -v 2c -c public 133.33.33.131 enterprise.6027.3.3.3 Example

Figure 312 show mac accounting destination Command Example

Force10-1#sh mac accounting destination interface gigabitethernet 2/1 Destination 00:44:00:00:00:02 00:44:00:00:00:01 00:22:00:00:00:00 00:44:00:00:00:02 00:44:00:00:00:01 Force10-1# Out Te Te Te Te Te Port 11/0 11/0 11/0 11/0 11/0 VLAN 1000 1000 1000 2000 2000 Packets 10000 10000 10000 10000 10000 Bytes 5120000 5120000 5120000 5120000 5120000

Related Commands

show mac accounting access-list

Display MAC access list configurations and counters (if configured).

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

953

show mac cam

e
Syntax Command Modes Display the CAM size and the portions allocated for MAC addresses and for MAC ACLs.

show mac cam EXEC EXEC Privilege

Command History Example

pre-Version 6.2.1.1

Introduced on E-Series

Figure 313 show mac cam Command Example

Force10#show mac cam Slot Type MAC CAM Size MAC FIB Entries 0 E24PD 64K entries 48K (75%) 2 E24PD2 128K entries 64K (50%) 11 EX2YD 64K entries 16K (25%) Note: All CAM entries are per portpipe. Force10# MAC ACL Entries 8K (25%) 32K (50%) 24K (75%)

Table 87 show mac cam Information Field

Slot Type MAC CAM Size

Description
Lists the active line card slots. Lists the type of line card present in the slot. Displays the total CAM size available. Note: A portion of the MAC CAM is used for system operations, therefore adding the MAC FIB and MAC ACL will be less than the MAC CAM. Displays the amount and percentage of CAM available for MAC addresses. Displays the amount and percentage of CAM available for MAC ACLs.

MAC FIB Entries MAC ACL Entries

954

Layer 2

show mac learning-limit

ce
Syntax Parameters Display MAC address learning limits set for various interfaces.

show mac learning-limit [violate-action] [detail] [interface interface [vlan vlan-id]] violate-action detail interface interface
(OPTIONALY) Enter the keyword violate-action to display the MAC learning limit violation status. (OPTIONAL) Enter the keyword detail to display the MAC learning limit in detail. (OPTIONAL) Enter the keyword interface with the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For SONET interfaces, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale.

vlan vlan-id

On the E-Series, enter the keyword vlan followed by the VLAN ID. Range: 1-4094

Command Modes

EXEC EXEC Privilege

Command History

Version 8.3.1.0 Version 7.7.1.0 Version 7.5.1.0 Version 6.5.1.0

Added vlan option on E-Series. Introduced on C-Series Added support for violate-action and detail options Added support for Port Channel

Example

E-Series output:
Force10#show Interface Slot/port Gi 5/84 Gi 5/84 Gi 5/85 Gi 5/85 Force10#show Interface Slot/port Gi 5/84 Gi 5/84 Force10#show Interface Slot/port Gi 5/84 mac learning-limit Vlan Learning Dynamic Static Id Limit MAC count MAC count 2 2 0 0 * 5 0 0 3 3 0 0 * 10 0 0 mac learning-limit interface gig 5/84 Vlan Learning Dynamic Static Id Limit MAC count MAC count 2 2 0 0 * 5 0 0 mac learning-limit interface gig 5/84 vlan 2 Vlan Learning Dynamic Static Id Limit MAC count MAC count 2 2 0 0 Unknown SA Drops 0 0 0 0 Unknown SA Drops 0 0 Unknown SA Drops 0

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

955

description

Example

C-Series/S-Series output:
Force10#show mac learning-limit Interface Learning Dynamic Static Slot/port Limit MAC count MAC count Gi 1/0 10 0 0 Gi 1/1 5 0 0 Force10#show mac learning-limit interface gig 1/0 Interface Learning Dynamic Static Slot/port Limit MAC count MAC count Gi 1/0 10 0 0 Unknown SA Drops 0 0 Unknown SA Drops 0

Virtual LAN (VLAN) Commands

The following commands configure and monitor Virtual LANs (VLANs). VLANs are a virtual interface and use many of the same commands as physical interfaces. You can configure an IP address and Layer 3 protocols on a VLAN called Inter-VLAN routing. FTP, TFTP, ACLs and SNMP are not supported on a VLAN. Occasionally, while sending broadcast traffic over multiple Layer 3 VLANs, the VRRP state of a VLAN interface may continually switch between Master and Backup. description default vlan-id default-vlan disable enable vlan-counters name show config show vlan tagged track ip untagged

See also VLAN Stacking and see VLAN-related commands, such as portmode hybrid, in Chapter 23, Interfaces.

description
ces
Syntax

Add a description about the selected VLAN. description description To remove the description from the VLAN, use the no description command.

Parameters

description

Enter a text string description to identify the VLAN (80 characters maximum).

Defaults Command Modes

No default behavior or values INTERFACE VLAN

956

Layer 2

default vlan-id

Command History

Version 7.6.1.0 Version 6.3.1.0

Introduced on C-Series and S-Series Introduced on E-Series Display VLAN configuration.

Related Commands

show vlan

default vlan-id
ces
Syntax

Specify a VLAN as the Default VLAN. default vlan-id vlan-id To remove the default VLAN status from a VLAN and VLAN 1 does not exist, use the no default vlan-id vlan-id syntax.

Parameters

vlan-id

Enter the VLAN ID number of the VLAN to become the new Default VLAN. Range: 1 to 4094. Default: 1

Defaults Command Modes Command History

The Default VLAN is VLAN 1. CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

To return VLAN 1 as the Default VLAN, use this command syntax (default-vlan-id 1). The Default VLAN contains only untagged interfaces.

Related Commands

interface vlan

Configure a VLAN.

default-vlan disable
ces
Defaults Command Modes Command History

Disable the default VLAN so that all switchports are placed in the Null VLAN until they are explicitly configured as a member of another VLAN. The default VLAN is enabled. CONFIGURATION
Version 8.3.1.0 Introduced

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

957

enable vlan-counters no default vlan disable is not listed in the running-configuration, but when the default VLAN is disabled, default-vlan disable is listed in the running-configuration.

Usage Information

enable vlan-counters
ex
Syntax

Display VLAN counters for ingress and/or egress hardware. You must be in restricted mode to use this command. enable vlan-output-counters [ingress | egress | all] To return to the default (disabled), use the no enable vlan-output-counters command.

Defaults Command Modes Command History

DisabledVLAN counters are disabled in hardware (all linecards/port-pipes) by default. CONFIGURATION

Version 8.1.1.2 Version 8.1.1.0 Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

Example
Force10(conf)#enable vlan-output-counters Force10(conf)#exit Force10#show interface vlan 101 Vlan 101 is down, line protocol is down Address is 00:01:e8:26:e0:5b, Current address is 00:01:e8:26:e0:5b Interface index is 1107787877 Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 1000 Mbit ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 01:12:44 Queueing strategy: fifo Input Statistics: 0 packets, 0 bytes Enabling VLAN output reveals the output statistics counters for the VLAN Output Statistics: 0 packets, 0 bytes Time since last interface status change: 01:12:44 Force10# Force10#show interfaces vlan 1 Vlan 1 is down, line protocol is down Address is 00:01:e8:13:a5:aa, Current address is 00:01:e8:13:a5:aa Interface index is 1107787777 Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 1000 Mbit ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 01:36:01 Queueing strategy: fifo Input Statistics: 100000 packets, 10000000 bytes Output Statistics: 200000 packets, 20800000 bytes Time since last interface status change: 01:36:01 Force10#

958

Layer 2

name

Usage Information

FTOS supports a command to enable viewing of the VLAN input/output counters. This command also applies to SNMP requests. If the command is not enabled, IFM returns zero values for VLAN output counters. SNMP counters differ from show interface counters as SNMP counters must maintain history. At any point, the value of SNMP counters reflect the amount of traffic being carried on the VLAN. VLAN output counters may show higher than expected values because source-suppression drops are counted. During an RPM failover event, all SNMP counters remain intact. The counters will sync over to the secondary RPM.

name
ces
Syntax

Assign a name to the VLAN. name vlan-name To remove the name from the VLAN, enter no name.

Parameters

vlan-name Not configured. INTERFACE VLAN

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1

Enter up to 32 characters as the name of the VLAN.

Defaults Command Modes Command History

Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information Related Commands

To display information about a named VLAN, enter the show vlan command with the name parameter or the show interfaces description command.
description interface vlan show vlan Assign a descriptive text string to the interface. Configure a VLAN. Display the current VLAN configurations on the switch.

show config
ces
Syntax Display the current configuration of the selected VLAN.

show config

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

959

show vlan

Command Modes Example

INTERFACE VLAN Figure 314 show config Command Sample Output for a Selected VLAN
Force10(conf-if-vl-100)#show config ! interface Vlan 100 no ip address no shutdown Force10(conf-if-vl-100)#

Command History

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1

Introduced on S-Series Introduced on C-Series Introduced on E-Series

show vlan
ces
Syntax Parameters Display the current VLAN configurations on the switch.

show vlan [brief | id vlan-id | name vlan-name] brief

(OPTIONAL) Enter the keyword brief to display the following information: VLAN ID VLAN name (left blank if none is configured.) Spanning Tree Group ID MAC address aging time IP address

id vlan-id name vlan-name

Command Modes

(OPTIONAL) Enter the keyword id followed by a number from 1 to 4094. Only information on the VLAN specified is displayed. (OPTIONAL) Enter the keyword name followed by the name configured for the VLAN. Only information on the VLAN named is displayed.

EXEC EXEC Privilege

Command History

Version 7.8.1.0

Augmented to display PVLAN data for C-Series and S-Series; revised output to include Description field to display user-entered VLAN description Introduced on S-Series; revised output to display Native VLAN Introduced on C-Series Introduced on E-Series

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1

960

Layer 2

show vlan

Example

Figure 315 show vlan Command Example

Force10#show vlan Codes: Q: U x G * * - Default VLAN, G - GVRP VLANs, P - Primary, C - Community, I - Isolated Untagged, T - Tagged Dot1x untagged, X - Dot1x tagged GVRP tagged, M - Vlan-stack Status Inactive Active Active Active Active Active Active Active Inactive Inactive Description Q Ports U T T T T U U T T T T U U T T T T U T T T T Po1(Gi 13/0) Po20(Gi 13/6), Gi 13/25 Gi 13/7 Po20(Gi 13/6) Gi 13/7 Gi 13/1 Po2(Gi 13/2) Po20(Gi 13/6) Gi 13/7 Po20(Gi 13/6) Gi 13/7 Gi 13/3 Po3(Gi 13/4) Po20(Gi 13/6) Gi 13/7 Po20(Gi 13/6) Gi 13/7 Gi 13/5 Po1(Gi 0/1) Gi 0/2 Gi 0/3 Gi 0/4

NUM 1 2 3 4 5 6 7

100

C 101 I 102 Force10#

Table 88 show vlan Information Column Heading

(Column 1 no heading)

Description
asterisk symbol (*) = Default VLAN

G = GVRP VLAN P = primary VLAN C = community VLAN I = isolated VLAN

NUM Status Displays existing VLAN IDs. Displays the word Inactive for inactive VLANs and the word Active for active VLANs. Displays G for GVRP tagged, M for member of a VLAN-Stack VLAN, T for tagged interface, U (for untagged interface), x (uncapitalized x) for Dot1x untagged, or X (capitalized X) for Dot1x tagged. Displays the type, slot, and port information. For the type, Po = port channel, Gi = gigabit ethernet, and Te = ten gigabit ethernet.

Ports

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

961

show vlan

Figure 316 Example of Output of show vlan id

Force10# show vlan id 40 Codes: Q: U x G * - Default VLAN, G - GVRP VLANs Untagged, T - Tagged Dot1x untagged, X - Dot1x tagged GVRP tagged, M - Vlan-stack Q Ports M Gi 13/47

NUM Status Description 40 Active Force10#show vlan id 41 Codes: Q: U x G NUM 41 * - Default VLAN, G - GVRP VLANs Untagged, T - Tagged Dot1x untagged, X - Dot1x tagged GVRP tagged, M - Vlan-stack Status Active Description

Q Ports T Gi 13/47

Force10#show vlan id 42 Codes: Q: U x G * - Default VLAN, G - GVRP VLANs Untagged, T - Tagged Dot1x untagged, X - Dot1x tagged GVRP tagged, M - Vlan-stack Status Active Description Q Ports U Gi 13/47

NUM 42 Force10#

Figure 317 Example of Output of show vlan brief

Force10#show vlan br VLAN Name ---- -------------------------------1 2 3 Force10# STG ---0 0 0 MAC Aging --------1800 1800 1800 IP Address -----------------unassigned 2.2.2.2/24 3.3.3.2/24

962

Layer 2

tagged

Figure 318 Using VLAN Name

Force10conf)#interface vlan 222 Force10(conf-if-vl-222)#name test Force10(conf-if-vl-222)#do show vlan name test Codes: Q: U x G * - Default VLAN, G - GVRP VLANs Untagged, T - Tagged Dot1x untagged, X - Dot1x tagged GVRP tagged, M - Vlan-stack Q Ports U Gi 1/22

NUM Status Description 222 Inactive Force10(conf-if-vl-222)#

Related Commands

vlan-stack compatible interface vlan

Enable the Stackable VLAN feature on the selected VLAN. Configure a VLAN.

tagged
ces
Syntax

Add a Layer 2 interface to a VLAN as a tagged interface. tagged interface To remove a tagged interface from a VLAN, use no tagged interface command.

Parameters

interface

Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Defaults Command Modes Command History

All interfaces in Layer 2 mode are untagged. INTERFACE VLAN

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

When you use the no tagged command, the interface is automatically placed in the Default VLAN as an untagged interface unless the interface is a member of another VLAN. If the interface belongs to several VLANs, you must remove it from all VLANs to change it to an untagged interface. Tagged interfaces can belong to multiple VLANs, while untagged interfaces can only belong to one VLAN at a time.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

963

track ip

Related Commands

interface vlan untagged

Configure a VLAN. Specify which interfaces in a VLAN are untagged.

track ip
ces
Syntax

Track the Layer 3 operational state of a Layer 3 VLAN, using a subset of the VLAN member interfaces. track ip interface To remove the tracking feature from the VLAN, use the no track ip interface command.

Parameters

interface

Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Defaults Command Modes Command History

Not configured INTERFACE VLAN

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

When this command is configured, the VLAN is operationally UP if any of the interfaces specified in the track ip command are operationally UP, and the VLAN is operationally DOWN if none of the tracking interfaces are operationally UP. If the track ip command is not configured, the VLAN's Layer 3 operational state depends on all the members of the VLAN. The Layer 2 state of the VLAN, and hence the Layer 2 traffic is not affected by the track ip command configuration.

Related Commands

interface vlan tagged

Configure a VLAN. Specify which interfaces in a VLAN are tagged.

964

Layer 2

untagged

untagged
ces
Syntax

Add a Layer 2 interface to a VLAN as an untagged interface. untagged interface To remove an untagged interface from a VLAN, use the no untagged interface command.

Parameters

interface

Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Defaults Command Modes Command History

All interfaces in Layer 2 mode are untagged. INTERFACE VLAN

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

Untagged interfaces can only belong to one VLAN. In the Default VLAN, you cannot use the no untagged interface command. To remove an untagged interface from all VLANs, including the Default VLAN, enter the INTERFACE mode and use the no switchport command.

Related Commands

interface vlan tagged

Configure a VLAN. Specify which interfaces in a VLAN are tagged.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

965

untagged

966

Layer 2

Chapter 31

Link Layer Detection Protocol (LLDP)

Overview
Link Layer Detection Protocol (LLDP) advertises connectivity and management from the local station to the adjacent stations on an IEEE 802 LAN. LLDP facilitates multi-vendor interoperability by using standard management tools to discover and make available a physical topology for network management. The FTOS implementation of LLDP is based on IEEE standard 801.1ab. The basic LLDP commands are supported by FTOS on all Force10 systems, as indicated by the characters that appear below each command heading: C-Series: c E-Series: e S-Series: s

Commands
This chapter contains the following commands, in addition to the commands in the related section LLDP-MED Commands. advertise dot1-tlv advertise dot3-tlv advertise management clear lldp counters clear lldp neighbors debug lldp interface disable hello mode multiplier protocol lldp (Configuration) protocol lldp (Interface) show lldp neighbors Publication Date: July 20, 2011 967

Command Line Reference for FTOS version 8.4.2.4

advertise dot1-tlv

show lldp statistics show running-config lldp

The starting point for using LLDP is invoking LLDP with the protocol lldp command in either the CONFIGURATION or INTERFACE mode. The information distributed by LLDP is stored by its recipients in a standard Management Information Base (MIB). The information can be accessed by a network management system through a management protocol such as SNMP. See the Link Layer Discovery Protocol chapter of the FTOS Configuration Guide for details on implementing LLDP/LLDP-MED.

advertise dot1-tlv
ces
Syntax

Advertise dot1 TLVs (Type, Length, Value). advertise dot1-tlv {port-protocol-vlan-id | port-vlan-id | vlan-name} To remove advertised dot1-tlv, use the no advertise dot1-tlv {port-protocol-vlan-id | port-vlan-id | vlan-name} command.

Parameters

port-protocol-vlan-id port-vlan-id vlan-name

Enter the keyword port-protocol-vlan-id to advertise the port protocol VLAN identification TLV. Enter the keyword port-vlan-id to advertise the port VLAN identification TLV. Enter the keyword vlan-name to advertise the vlan-name TLV. This keyword is only supported on C-Series and S-Series.

Defaults Command Modes Command History

Disabled CONFIGURATION (conf-lldp) and INTERFACE (conf-if-interface-lldp)

Version 7.7.1.0 Version 7.6.1.0 Version 7.4.1.0 Introduced on S-Series, added vlan-name option. Introduced on C-Series Introduced on E-Series Enable LLDP globally. Debug LLDP Display the LLDP neighbors Display the LLDP running configuration

Related Commands

protocol lldp (Configuration) debug lldp interface show lldp neighbors show running-config lldp

968

Link Layer Detection Protocol (LLDP)

advertise dot3-tlv

advertise dot3-tlv
ces
Syntax

Advertise dot3 TLVs (Type, Length, Value). advertise dot3-tlv {max-frame-size} To remove advertised dot3-tlv, use the no advertise dot3-tlv {max-frame-size } command.

Parameters

max-frame-size

Enter the keyword max-frame-size to advertise the dot3 maximum frame size.

Defaults Command Modes Command History

No default values or behavior CONFIGURATION (conf-lldp) and INTERFACE (conf-if-interface-lldp)

Version 7.7.1.0 Version 7.6.1.0 Version 7.4.1.0 Introduced on S-Series Introduced on C-Series Introduced on E-Series

advertise management
ces
Syntax

Advertise management TLVs (Type, Length, Value). advertise management -tlv {system-capabilities | system-description | system-name} To remove advertised management TLVs, use the no advertise management -tlv {system-capabilities | system-description | system-name} command.

Parameters

system-capabilities system-description system-name

Enter the keyword system-capabilities to advertise the system capabilities TLVs. Enter the keyword system-description to advertise the system description TLVs. Enter the keyword system-description to advertise the system description TLVs.

Defaults Command Modes Command History

No default values or behavior CONFIGURATION (conf-lldp)

Version 7.7.1.0 Version 7.6.1.0 Version 7.4.1.0 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

All three command options system-capabilities, system-description, and system-name} -can be invoked individually or together, in any sequence.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

969

clear lldp counters

ces
Syntax Parameters

Clear LLDP transmitting and receiving counters for all physical interfaces or a specific physical interface. clear lldp counters interface interface
Enter the following keywords and slot/port or number information: For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword gigabitEthernet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword tenGigabitEthernet followed by the slot/port information.

Defaults Command Modes Command History

No default values or behavior EXEC Privilege

Version 7.7.1.0 Version 7.6.1.0 Version 7.4.1.0 Introduced on S-Series Introduced on C-Series Introduced on E-Series

clear lldp neighbors

ces
Syntax Parameters

Clear LLDP neighbor information for all interfaces or a specific interfaces. clear lldp neighbors {interface} interface
Enter the following keywords and slot/port or number information: For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword gigabitEthernet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword tenGigabitEthernet followed by the slot/port information.

Defaults Command Modes Command History

No default values or behavior EXEC Privilege

Version 7.7.1.0 Version 7.6.1.0 Version 7.4.1.0 Introduced on S-Series Introduced on C-Series Introduced on E-Series

970

Link Layer Detection Protocol (LLDP)

debug lldp interface

ces
Syntax

Enable LLDP debugging to display timer events, neighbor additions or deletions, and other information about incoming and outgoing packets. debug lldp interface {interface | all}{events| packet {brief | detail} {tx | rx | both}} To disable debugging, use the no debug lldp interface {interface | all }{events} {packet {brief | detail} {tx | rx | both}} command.

Parameters

interface

Note: The FastEthernet option is not supported on S-Series.

all events packet brief detail tx rx both
(OPTIONAL) Enter the keyword all to display information on all interfaces. (OPTIONAL) Enter the keyword events to display major events such as timer events. (OPTIONAL) Enter the keyword packet to display information regarding packets coming in or going out. (OPTIONAL) Enter the keyword brief to display brief packet information. (OPTIONAL) Enter the keyword detail to display detailed packet information. (OPTIONAL) Enter the keyword tx to display transmit only packet information. (OPTIONAL) Enter the keyword rx to display receive only packet information (OPTIONAL) Enter the keyword both to display both receive and transmit packet information.

Defaults Command Modes Command History

No default values or behavior EXEC Privilege

Version 7.7.1.0 Version 7.6.1.0 Version 7.4.1.0 Introduced on S-Series Introduced on C-Series Introduced on E-Series

disable
ces
Syntax

Enable or disable LLDP. disable To enable LLDP, use the no disable

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

971

hello Enabled, that is no disable CONFIGURATION (conf-lldp) and INTERFACE (conf-if-interface-lldp)

Version 7.7.1.0 Version 7.6.1.0 Version 7.4.1.0 Related Commands protocol lldp (Configuration) debug lldp interface show lldp neighbors show running-config lldp Introduced on S-Series Introduced on C-Series Introduced on E-Series Enable LLDP globally. Debug LLDP Display the LLDP neighbors Display the LLDP running configuration

Defaults Command Modes Command History

hello
ces
Syntax

Configure the rate at which the LLDP control packets are sent to its peer. hello seconds To revert to the default, use the no hello seconds command.

Parameters

seconds

Enter the rate, in seconds, at which the control packets are sent to its peer. Rate: 5 - 180 seconds Default: 30 seconds

Defaults Command Modes Command History

30 seconds CONFIGURATION (conf-lldp) and INTERFACE (conf-if-interface-lldp)

Version 7.7.1.0 Version 7.6.1.0 Version 7.4.1.0 Introduced on S-Series Introduced on C-Series Introduced on E-Series

mode
ces
Syntax

Set LLDP to receive or transmit. mode {tx | rx} To return to the default, use the no mode {tx | rx} command.

Parameters

tx rx

Enter the keyword tx to set the mode to transmit. Enter the keyword rx to set the mode to receive.

972

Link Layer Detection Protocol (LLDP)

multiplier

Defaults Command Modes Command History

Both transmit and receive CONFIGURATION (conf-lldp) and INTERFACE (conf-if-interface-lldp)

Version 7.7.1.0 Version 7.6.1.0 Version 7.4.1.0 Introduced on S-Series Introduced on C-Series Introduced on E-Series Enable LLDP globally. Display the LLDP neighbors

Related Commands

protocol lldp (Configuration) show lldp neighbors

multiplier
ces
Syntax

Set the number of consecutive misses before LLDP declares the interface dead. multiplier integer To return to the default, use the no multiplier integer command.

Parameters

integer

Enter the number of consecutive misses before the LLDP declares the interface dead. Range: 2 - 10

Defaults Command Modes Command History

4 x hello CONFIGURATION (conf-lldp) and INTERFACE (conf-if-interface-lldp)

Version 7.7.1.0 Version 7.6.1.0 Version 7.4.1.0 Introduced on S-Series Introduced on C-Series Introduced on E-Series

protocol lldp (Configuration)

ces
Syntax

Enable LLDP globally on the switch. protocol lldp To disable LLDP globally on the chassis, use the no protocol lldp command.

Defaults Command Modes Command History

Disabled CONFIGURATION (conf-lldp)

Version 7.7.1.0 Introduced on S-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

973

protocol lldp (Interface)

Version 7.6.1.0 Version 7.4.1.0

Introduced on C-Series Introduced on E-Series

protocol lldp (Interface)

ces
Syntax

Enter the LLDP protocol in the INTERFACE mode. [no] protocol lldp To return to the global LLDP configuration mode, use the no protocol lldp command from the Interface mode.

Defaults Command Modes Command History

LLDP is not enabled on the interface. INTERFACE (conf-if-interface-lldp)

Version 7.7.1.0 Version 7.6.1.0 Version 7.4.1.0 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

LLDP must be enabled globally from CONFIGURATION mode, before it can be configured on an interface. This command places you in LLDP mode on the interface; it does not enable the protocol. When you enter the LLDP protocol in the Interface context, it overrides global configurations. When you execute the no protocol lldp from the INTERFACE mode, interfaces will begin to inherit the configuration from the global LLDP CONFIGURATION mode.

show lldp neighbors

ces
Syntax Parameters

Display LLDP neighbor information for all interfaces or a specified interface. show lldp neighbors [interface ] [detail] interface
(OPTIONAL) Enter the following keywords and slot/port or number information: For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword gigabitEthernet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword tenGigabitEthernet followed by the slot/port information.

detail

(OPTIONAL) Enter the keyword detail to display all the TLV information, timers, and LLDP tx and rx counters.

Defaults

No default values or behavior

974

Link Layer Detection Protocol (LLDP)

show lldp statistics

Command Modes Command History

EXEC Privilege
Version 7.7.1.0 Version 7.6.1.0 Version 7.4.1.0 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Example

Figure 319 show lldp neighbors Command Output

R1(conf-if-gi-1/31)#do show lldp neighbors Loc PortID Rem Host Name Rem Port Id Rem Chassis Id ------------------------------------------------------------------------Gi 1/21 Gi 1/31 R2 R3 GigabitEthernet 2/11 GigabitEthernet 3/11 00:01:e8:06:95:3e 00:01:e8:09:c2:4a

Usage Information

Omitting the keyword detail displays only the remote chassis ID, Port ID, and Dead Interval.

show lldp statistics

ces
Syntax Defaults Command Modes Command History

Display the LLDP statistical information. show lldp statistics No default values or behavior EXEC Privilege
Version 7.7.1.0 Version 7.6.1.0 Version 7.4.1.0 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Example

Figure 320 show lldp statistics Command Output

Force10#show lldp statistics Total number of neighbors: Last table change time : Number of Table Inserts : Number of Table Deletes : Number of Table Drops : Number of Table Age Outs : Force10# 300 Mon Oct 02 16:00:52 2006 1621 200 0 400

show running-config lldp

ces
Syntax

Display the current global LLDP configuration. show running-config lldp

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

975

show running-config lldp

Defaults Command Modes Command History

No default values or behavior EXEC Privilege

Version 7.7.1.0 Version 7.6.1.0 Version 7.4.1.0 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Example
Force10#show running-config lldp ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description hello 15 multiplier 3 no disable Force10#

LLDP-MED Commands
The LLDP-MED commands in this section are: advertise med guest-voice advertise med guest-voice-signaling advertise med location-identification advertise med power-via-mdi advertise med softphone-voice advertise med streaming-video advertise med video-conferencing advertise med video-signaling advertise med voice advertise med voice-signaling

FTOS LLDP-MED (Media Endpoint Discovery) commands are an extension of the set of LLDP TLV advertisement commands. The C-Series and S-Series support all commands, as indicated by these symbols underneath the command headings: c s The E-Series generally supports the commands, too, as indicated by the e symbol under command headings. However, LLDP-MED commands are more useful on the C-Series and the S50V model of the S-Series, because they support Power over Ethernet (PoE) devices. As defined by ANSI/TIA-1057, LLDP-MED provides organizationally specific TLVs (Type Length Value), so that endpoint devices and network connectivity devices can advertise their characteristics and configuration information. The Organizational Unique Identifier (OUI) for the Telecommunications Industry Association (TIA) is 00-12-BB. LLDP-MED Endpoint Deviceany device that is on an IEEE 802 LAN network edge, can communicate using IP, and uses the LLDP-MED framework.

976

Link Layer Detection Protocol (LLDP)

advertise med guest-voice

LLDP-MED Network Connectivity Deviceany device that provides access to an IEEE 802 LAN to an LLDP-MED endpoint device, and supports IEEE 802.1AB (LLDP) and TIA-1057 (LLDP-MED). The Force10 system is an LLDP-MED network connectivity device.

With regard to connected endpoint devices, LLDP-MED provides network connectivity devices with the ability to: manage inventory manage Power over Ethernet (POE) identify physical location identify network policy

advertise med guest-voice

ces
Syntax

Configure the system to advertise a separate limited voice service for a guest user with their own IP telephony handset or other appliances that support interactive voice services. advertise med guest-voice {vlan-id layer2_priority DSCP_value} | {priority-tagged number} To return to the default, use the no advertise med guest-voice {vlan-id layer2_priority DSCP_value} | {priority-tagged number} command.

Parameters

vlan-id layer2_priority DSCP_value priority-tagged number

Enter the VLAN ID. Range: 1 to 4094 Enter the Layer 2 priority. Range: 0 to 7 Enter the DSCP value. Range: 0 to 63 Enter the keyword priority-tagged followed the Layer 2 priority. Range: 0 to 7

Defaults Command Modes Command History

unconfigured CONFIGURATION (conf-lldp)

Version 7.7.1.0 Version 7.6.1.0 Introduced on S-Series Introduced on C-Series and E-Series Enable LLDP globally. Debug LLDP. Display the LLDP neighbors. Display the LLDP running configuration.

Related Commands

protocol lldp (Configuration) debug lldp interface show lldp neighbors show running-config lldp

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

977

advertise med guest-voice-signaling

ces
Syntax

Configure the system to advertise a separate limited voice service for a guest user when the guest voice control packets use a separate network policy than the voice data. advertise med guest-voice-signaling {vlan-id layer2_priority DSCP_value} | {priority-tagged number} To return to the default, use the no advertise med guest-voice-signaling {vlan-id layer2_priority DSCP_value} | {priority-tagged number} command.

Parameters

vlan-id layer2_priority DSCP_value priority-tagged number

Enter the VLAN ID. Range: 1 to 4094 Enter the Layer 2 priority. Range: 0 to 7 Enter the DSCP value. Range: 0 to 63 Enter the keyword priority-tagged followed the Layer 2 priority. Range: 0 to 7

Defaults Command Modes Command History

unconfigured CONFIGURATION (conf-lldp)

Version 7.7.1.0 Version 7.6.1.0

Introduced on S-Series Introduced on C-Series and E-Series Debug LLDP Display the LLDP neighbors Display the LLDP running configuration

Related Commands

debug lldp interface show lldp neighbors show running-config lldp

advertise med location-identification

ces
Syntax

Configure the system to advertise a location identifier. advertise med location-identification {coordinate-based value | civic-based value | ecs-elin value} To return to the default, use the no advertise med location-identification {coordinate-based value | civic-based value | ecs-elin value} command.

Parameters

coordinate-based value

Enter the keyword coordinate-based followed by the coordinated based location in hexadecimal value of 16 bytes.

978

Link Layer Detection Protocol (LLDP)

advertise med power-via-mdi

civic-based value

Enter the keyword civic-based followed by the civic based location in hexadecimal format. Range: 6 to 255 bytes Enter the keyword ecs-elin followed by the Emergency Call Service (ecs) Emergency Location Identification Number (elin) numeric location string. Range: 10 to 25 characters

ecs-elin value

Defaults Command Modes Command History

unconfigured CONFIGURATION (conf-lldp)

Version 7.7.1.0 Version 7.6.1.0 Introduced on S-Series Introduced on C-Series and E-Series

Usage Information

ECSEmergency Call Service such as defined by TIA or National Emergency Numbering Association (NENA) ELINEmergency Location Identification Number, a valid North America Numbering Plan format telephone number supplied for ECS purposes.

Related Commands

debug lldp interface show lldp neighbors show running-config lldp

Debug LLDP Display the LLDP neighbors Display the LLDP running configuration

advertise med power-via-mdi

cs
Syntax

Configure the system to advertise the Extended Power via MDI TLV. advertise med power-via-mdi To return to the default, use the no advertise med power-via-mdi command.

Defaults Command Modes Command History

unconfigured CONFIGURATION (conf-lldp)

Version 7.7.1.0 Version 7.6.1.0 Introduced on S-Series Introduced on C-Series

Usage Information Related Commands

Advertise the Extended Power via MDI on all ports that are connected to an 802.3af powered, LLDP-MED endpoint device.
debug lldp interface show lldp neighbors show running-config lldp Debug LLDP Display the LLDP neighbors Display the LLDP running configuration

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

979

advertise med softphone-voice

ces
Syntax

Configure the system to advertise softphone to enable IP telephony on a computer so that the computer can be used as a phone. advertise med softphone-voice {vlan-id layer2_priority DSCP_value} | {priority-tagged number} To return to the default, use the no advertise med softphone-voice {vlan-id layer2_priority DSCP_value} | {priority-tagged number} command.

Parameters

vlan-id layer2_priority DSCP_value priority-tagged number

Enter the VLAN ID. Range: 1 to 4094 Enter the Layer 2 priority (C-Series and E-Series only). Range: 0 to 7 Enter the DSCP value (C-Series and E-Series only). Range: 0 to 63 Enter the keyword priority-tagged followed the Layer 2 priority. Range: 0 to 7

Defaults Command Modes Command History

unconfigured CONFIGURATION (conf-lldp)

Version 7.7.1.0 Version 7.6.1.0 Introduced on S-Series Introduced on C-Series and E-Series Debug LLDP Display the LLDP neighbors Display the LLDP running configuration

Related Commands

debug lldp interface show lldp neighbors show lldp neighbors

advertise med streaming-video

ces
Syntax

Configure the system to advertise streaming video services for broadcast or multicast-based video. This does not include video applications that rely on TCP buffering. advertise med streaming-video {vlan-id layer2_priority DSCP_value} | {priority-tagged number} To return to the default, use the no advertise med streaming-video {vlan-id layer2_priority DSCP_value} | {priority-tagged number} command.

Parameters

vlan-id layer2_priority

Enter the VLAN ID. Range: 1 to 4094 Enter the Layer 2 priority (C-Series and E-Series only). Range: 0 to 7

980

Link Layer Detection Protocol (LLDP)

advertise med video-conferencing

DSCP_value priority-tagged number

Defaults Command Modes Command History

Enter the DSCP value (C-Series and E-Series only). Range: 0 to 63 Enter the keyword priority-tagged followed the Layer 2 priority. Range: 0 to 7

unconfigured CONFIGURATION (conf-lldp)

Version 7.7.1.0 Version 7.6.1.0 Introduced on S-Series Introduced on C-Series and E-Series Debug LLDP Display the LLDP neighbors Display the LLDP running configuration

Related Commands

debug lldp interface show lldp neighbors show lldp neighbors

advertise med video-conferencing

ces
Syntax

Configure the system to advertise dedicated video conferencing and other similar appliances that support real-time interactive video. advertise med video-conferencing {vlan-id layer2_priority DSCP_value} | {priority-tagged number} To return to the default, use the no advertise med video-conferencing {vlan-id layer2_priority DSCP_value} | {priority-tagged number} command.

Parameters

vlan-id layer2_priority DSCP_value priority-tagged number

Defaults Command Modes Command History

unconfigured CONFIGURATION (conf-lldp)

Version 7.7.1.0 Version 7.6.1.0 Introduced on S-Series Introduced on C-Series and E-Series Debug LLDP

Related Commands

debug lldp interface

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

981

advertise med video-signaling

show lldp neighbors show running-config lldp

Display the LLDP neighbors Display the LLDP running configuration

advertise med video-signaling

ces
Syntax

Configure the system to advertise video control packets that use a separate network policy than video data. advertise med video-signaling {vlan-id layer2_priority DSCP_value} | {priority-tagged number} To return to the default, use the no advertise med video-signaling {vlan-id layer2_priority DSCP_value} | {priority-tagged number} command.

Parameters

vlan-id layer2_priority DSCP_value priority-tagged number

Defaults Command Modes Command History

unconfigured CONFIGURATION (conf-lldp)

Version 7.7.1.0 Version 7.6.1.0 Introduced on S-Series Introduced on C-Series and E-Series Debug LLDP Display the LLDP neighbors Display the LLDP running configuration

Related Commands

debug lldp interface show lldp neighbors show lldp neighbors

advertise med voice

ces
Syntax

Configure the system to advertise a dedicated IP telephony handset or other appliances supporting interactive voice services. advertise med voice {vlan-id layer2_priority DSCP_value} | {priority-tagged number} To return to the default, use the no advertise med voice {vlan-id layer2_priority DSCP_value} | {priority-tagged number} command.

982

Link Layer Detection Protocol (LLDP)

advertise med voice-signaling

Parameters

vlan-id layer2_priority DSCP_value priority-tagged number

Defaults Command Modes Command History

unconfigured CONFIGURATION (conf-lldp)

Version 7.7.1.0 Version 7.6.1.0 Introduced on S-Series Introduced on C-Series and E-Series Debug LLDP Display the LLDP neighbors Display the LLDP running configuration

Related Commands

debug lldp interface show lldp neighbors show running-config lldp

advertise med voice-signaling

ces
Syntax

Configure the system to advertise when voice control packets use a separate network policy than voice data. advertise med voice-signaling {vlan-id layer2_priority DSCP_value} | {priority-tagged number} To return to the default, use the no advertise med voice-signaling {vlan-id layer2_priority DSCP_value} | {priority-tagged number} command.

Parameters

vlan-id layer2_priority DSCP_value priority-tagged number

Defaults Command Modes

unconfigured CONFIGURATION (conf-lldp)

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

983

advertise med voice-signaling

Command History

Version 7.7.1.0 Version 7.6.1.0

Introduced on S-Series Introduced on C-Series and E-Series Debug LLDP Display the LLDP neighbors Display the LLDP running configuration

Related Commands

debug lldp interface show lldp neighbors show lldp neighbors

984

Link Layer Detection Protocol (LLDP)

Chapter 32

Multicast Listener Discovery (MLD)

MLD Commands
The MLD commands are: clear ipv6 mld groups debug ipv6 mld ipv6 mld explicit-tracking ipv6 mld last-member-query-interval ipv6 mld querier-timeout ipv6 mld query-interval ipv6 mld query-max-resp-time ipv6 mld static-group ipv6 mld version show ipv6 mld interface

clear ipv6 mld groups

e
Syntax

Clear entries from the group cache table. clear ipv6 mld groups [interface | group-address]

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

985

debug ipv6 mld

Parameters

interface

(OPTIONAL) Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

group-address

(OPTIONAL) Enter the group address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zero.

Defaults Command Modes Command History Related Commands

No default values or behavior EXEC Privilege

Version 7.4.1.0 Introduced

show ipv6 mld interface

Display the IPv6 MLD interface

debug ipv6 mld

e
Syntax

Enable debugging on IPv6 MLD packets. debug ipv6 mld {group-address | interface} To turn off debugging, use the no debug ipv6 mld {group-address | interface} command.

Parameters

group-address interface

(OPTIONAL) Enter the multicast group address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zero. (OPTIONAL) Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

986

Multicast Listener Discovery (MLD)

ipv6 mld explicit-tracking

Defaults Command Modes Command History

Disabled EXEC Privilege

Version 7.4.1.0 Introduced

ipv6 mld explicit-tracking

e
Syntax

Enable MLD explicit tracking of receivers. ipv6 mld explicit-tracking To disable explicit tracking, use the no ipv6 mld explicit-tracking command.

Defaults Command Modes Command History Usage Information

Disabled INTERFACE (conf-if)

Version 7.4.1.0 Introduced

If snooping is enabled on the VLAN, this command has no effect. Enable ipv6 mld snooping explicit tracking instead.

ipv6 mld last-member-query-interval

e
Change the MAX Response Time inserted into the Group-Specific Queries sent in response to a Leave Group messages. This interval is also the interval between Group-Specific Query messages. ipv6 mld last-member-query-interval {milliseconds} To return to the default, use the no ipv6 mld last-member-query-interval {milliseconds} command.
Parameters

Syntax

milliseconds

Enter the last member query interval in milliseconds. Range: 200 - 60000 Default: 1000

Defaults Command Modes Command History

1000 milliseconds INTERFACE (conf-if)

Version 7.4.1.0 Introduced

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

987

ipv6 mld querier-timeout

e
Syntax

Change the interval that must pass before a multicast router decides that there is no longer another multicast router that should be the querier. ipv6 mld querier-timeout {seconds} To return to the default, use the no ipv6 mld querier-timeout command.

Parameters

seconds

Enter the querier timeout in seconds. Range: 60 - 300 Default: 255

Defaults Command Modes Command History

255 seconds INTERFACE (conf-if)

Version 7.4.1.0 Introduced

ipv6 mld query-interval

e
Syntax

Change the transmission frequency of the MLD host. ipv6 mld query-interval {seconds} To return to the default interval, use the no ipv6 mld query-interval command.

Parameters

seconds

Enter the interval in seconds. Range: 1 - 18000 Default: 125

Defaults Command Modes Command History

125 seconds INTERFACE (conf-if)

Version 7.4.1.0 Introduced

988

Multicast Listener Discovery (MLD)

ipv6 mld query-max-resp-time

e
Syntax

Set the maximum query response time advertised in the general queries. ipv6 mld query-max-resp-time {seconds} To return to the default, use the no ipv6 mld query-max-resp-time command.

Parameters

seconds

Enter the interval in seconds. Range: 1 - 25 Default: 10

Defaults Command Modes Command History

10 seconds INTERFACE (conf-if)

Version 7.4.1.0 Introduced

ipv6 mld static-group

e
Syntax

Configure an MLD static group to exclude or include mode. ipv6 mld static-group group-address {exclude [source-address] | include source-address} To return to default, use the no ipv6 mld static-group group-address {exclude [source-address] | include source-address} command.

Parameters

group-address exclude source-address include source-address

(OPTIONAL) Enter the multicast group address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zero. Enter the keyword exclude and optionally enter the source ip address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zero. Enter the keyword include followed by source ip address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zero.

Defaults Command Modes Command History

No default behavior or values INTERFACE (conf-if)

Version 7.4.1.0 Introduced

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

989

ipv6 mld version

e
Syntax Defaults Command Modes Command History Usage Information Command History

Set the MLD version number on this interface. ipv6 mld version 1 Version 2 INTERFACE (conf-if)
Version 7.4.1.0 Introduced

FTOS supports MLD version 2 and is backward compatible with MLD version 1.

Version 7.4.1.0

Introduced

show ipv6 mld groups

e
Syntax

View the configured MDL groups. show ipv6 mld groups [detail] [explicit] [link-local] [group-address] [interface interface [detail]] [summary] explicit link-local group-address interface interface detail summary Enter this keyword to display explicit tracking information. Enter this keyword to display link-local groups. Enter the group address for which you want to display information.
Enter the keyword inteface followed by the interface type.

Parameters

View detailed group information. View a summary of group information.

Command Modes

EXEC EXEC Privilege

Command History

Version 7.4.1.0

Introduced

990

Multicast Listener Discovery (MLD)

show ipv6 mld interface

Example

Figure 321 show ipv6 mld groups Command Example

Force10#show ipv6 mld groups vlan 100 link-local ? detail Detailed information | Pipe through a command <cr> =========================================================================== show ipv6 mld groups explicit Interface GigabitEthernet 2/14, Group ff02::1:ff00:0 Reporter fe80::200:ff:fe00:0 Uptime 00:00:19, Expires in 00:04:00 Mode EXCLUDE Interface GigabitEthernet 2/14, Group ff02::1:ff00:5 Reporter fe80::200:ff:fe00:0 Uptime 00:00:19, Expires in 00:04:00 Mode EXCLUDE Interface GigabitEthernet 2/14, Group ff3e:100::4000:1 Reporter fe80::200:ff:fe00:0 Uptime 00:00:16, Expires in 00:04:03 Mode INCLUDE 165:87:32::8 165:87:32::9 165:87:32::a Interface GigabitEthernet 2/14, Group ff3e:100::4000:2 Reporter fe80::200:ff:fe00:0 Uptime 00:00:16, Expires in 00:04:03 Mode INCLUDE 165:87:32::8 165:87:32::9 165:87:32::a [output omitted]

show ipv6 mld interface

e
Syntax Parameters

View the configured MDL interfaces. show ipv6 mld interface [interface] interface [interface]
Enter the keyword interface to display the configured MDL interfaces. Optionally, enter the keyword interface followed by one of the keywords below, with slot/port or number information, to display information for that specific interface: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

Command Modes

EXEC EXEC Privilege

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

991

ipv6 mld snooping enable

Command History Example

Version 7.4.1.0

Introduced

Figure 322 show ipv6 mld interface Command Example

Force10#show ipv6 mld interface GigabitEthernet 2/14 is up, line protocol is up Interface address is fe80::201:e8ff:fe08:9a09/64 Current MLD version is 2 MLD query interval is 125 seconds MLD querier expiry time is 255 seconds MLD max query response time is 10 seconds Last member response interval is 1000 ms MLD explicit tracking is disabled MLD querying router is fe80::201:e8ff:fe08:9a09 (this router) Port-channel 200 is up, line protocol is up Interface address is fe80::201:e8ff:fe08:9abd/64 Current MLD version is 2 MLD query interval is 125 seconds MLD querier expiry time is 255 seconds MLD max query response time is 10 seconds Last member response interval is 1000 ms MLD explicit tracking is disabled MLD querying router is fe80::201:e8ff:fe08:9abd (this router) Vlan 200 is up, line protocol is up Interface address is fe80::201:e8ff:fe08:9abc/64 Current MLD version is 2 MLD query interval is 125 seconds MLD querier expiry time is 255 seconds MLD max query response time is 10 seconds Last member response interval is 1000 ms MLD explicit tracking is disabled MLD querying router is fe80::201:e8ff:fe08:9abc (this router) Force10#

MLD Snooping Commands

The MLD Snooping commands are: ipv6 mld snooping enable ipv6 mld snooping flood ipv6 mld snooping ipv6 mld snooping explicit-tracking ipv6 mld snooping mrouter ipv6 mld snooping querier show ipv6 mld snooping groups show ipv6 mld snooping mrouter

ipv6 mld snooping enable

e
Syntax Defaults

Enable MLD Snooping globally. ipv6 mld snooping enable Disabled Multicast Listener Discovery (MLD)

992

ipv6 mld snooping flood

Command Modes Command History

CONFIGURATION (conf)
Version 7.4.1.0 Introduced

ipv6 mld snooping flood

e
Syntax

Enable MLD Snooping Flood globally. ipv6 mld snooping flood To disable, use the no ipv6 mld snooping flood command.

Defaults Command Modes Usage Information

Enabled CONFIGURATION (conf) When flooding is enabled, unregistered multicast data is flooded on the VLAN. When flooding is disabled, unregistered multicast data is forwarded only to mrouter ports on the VLAN.

Command History

Version 7.4.1.0

Introduced

ipv6 mld snooping

e
Syntax

Enable MLD Snooping (v1 and v2) on a VLAN. ipv6 mld snooping To disable MLD Snooping, use the no ipv6 mld snooping command.

Defaults Command Modes Command History

Enabled on all VLAN interfaces INTERFACE VLAN (conf-if-vl-n)

Version 7.4.1.0 Introduced

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

993

ipv6 mld snooping explicit-tracking

e
Syntax

Enable explicit MLD Snooping tracking on an interface. ipv6 mld snooping explicit-tracking To disable, use the no ipv6 mld snooping explicit-tracking command.

Defaults Command Modes Command History Usage Information

Disabled INTERFACE VLAN (conf-if-vl-n)

Version 7.4.1.0 Introduced

Whether the switch is the Querier or not, if snooping is enabled, the switch tracks all MLD joins. It has separate explicit tracking table which contains group, source, interface, VLAN and reporter details.
show ipv6 mld snooping groups

Related Commands

ipv6 mld snooping mrouter

e
Syntax Parameters

Configure a Layer 2 port as a multicast router port. ipv6 mld snooping mrouter interface {interface} interface interface
Enter the keyword interface to indicate the next-hop interface to the multicast router. Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Defaults Command Modes Command History

No default values or behavior INTERFACE VLAN (conf-if-vl-n)

Version 7.4.1.0 Introduced

994

Multicast Listener Discovery (MLD)

ipv6 mld snooping querier

e
Syntax

Enable the MLD querier processing for the VLAN interface. ipv6 mld snooping querier To disable the querier feature, use the no ipv6 mld snooping querier command.

Defaults Command Modes Command History Usage Information

Disabled INTERFACE VLAN (conf-if-vl-n)

Version 7.4.1.0 Introduced

This command enables the VLAN to send out periodic queries as a proxy querier. You must configure and IP address for the VLAN.

show ipv6 mld snooping groups

e
Syntax

Display the IPv6 MLD Snooping group information. show ipv6 mld snooping groups [group-address] [explicit] [link-local] [summary] [vlan] group-address
(OPTIONAL) Enter the multicast group address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zero. (OPTIONAL) Enter the keyword explicit to display explicit tracking information. (OPTIONAL) Enter the keyword link-local to display link local groups. (OPTIONAL) Enter the keyword summary to display a summary of groups. (OPTIONAL) Enter the keyword vlan followed by the VLAN number to display information on that specific VLAN. Range: 1 - 4094

Parameters

explicit link-local summary vlan

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History

Version 7.4.1.0

Introduced

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

995

show ipv6 mld snooping mrouter

Example

Figure 323 show ipv6 mld snooping groups summary Command Example
Force10#show ipv6 mld snooping groups summary MLD snooping connected groups summary: (*,G) routes :12 Force10#

show ipv6 mld snooping mrouter

e
Syntax Parameters

Display information on the MLD Snooping router. show ipv6 mld snooping mrouter [vlan] vlan
(OPTIONAL) Enter the keyword vlan followed by the VLAN number to display information on that specific VLAN. Range: 1 - 4094

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History Example

Version 7.4.1.0

Introduced

Figure 324 show ipv6 mld snooping mrouter Command Example

Force10#show ipv6 mld snooping mrouter Interface Ports (* - Dynamic) Vlan 2 Gi 13/18 Force10#

996

Multicast Listener Discovery (MLD)

Chapter 33

Multicast Source Discovery Protocol (MSDP)

Overview
MSDP (Multicast Source Discovery Protocol) connects multiple PIM Sparse-Mode (PIM-SM) domains together. MSDP peers connect using TCP port 639. Peers send keepalives every 60 seconds. A peer connection is reset after 75 seconds if no MSDP packets are received. MSDP connections are parallel with MBGP connections. FTOS supports MSDP commands on the E-Series only, as indicated by the e character that appears below each command heading.

Commands
The commands are: clear ip msdp peer clear ip msdp sa-cache debug ip msdp ip msdp cache-rejected-sa ip msdp default-peer ip msdp log-adjacency-changes ip msdp mesh-group ip msdp originator-id ip msdp peer ip msdp redistribute ip msdp sa-filter ip msdp sa-limit ip msdp shutdown ip multicast-msdp show ip msdp show ip msdp sa-cache rejected-sa

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

997

clear ip msdp peer

e
Syntax Parameters

Reset the TCP connection to the peer and clear all the peer statistics. clear ip msdp peer {peer address} peer address Not configured EXEC Privilege
Version 6.2.1.1 Introduced Enter the peer address in a dotted decimal format (A.B.C.D.)

Defaults Command Modes Command History

clear ip msdp sa-cache

e
Syntax Parameters

Clears the entire source-active cache, the source-active entries of a particular multicast group, rejected, or local source-active entries. clear ip msdp sa-cache [group-address | rejected-sa | local] group-address rejected-sa
Enter the group IP address in dotted decimal format (A.B.C.D.) Enter this keyword to clear the cache source-active entries that are rejected because the RPF check failed, an SA filter or limit is configured, the RP or MSDP peer is unreachable, or because of a format error. Enter this keyword to clear out local PIM advertised entries. It applies the redistribute filter (if present) while adding the local PIM SA entries to the SA cache.

local

Defaults Command Modes Command History

Without any options, this command clears the entire source-active cache. EXEC Privilege
Version 7.8.1.0 Version 7.7.1.0 Version 6.2.1.1 Added local option. Added rejected-sa option. Introduced

debug ip msdp
e
Syntax

Turn on MSDP debugging. debug ip msdp {event peer address | packet peer address | pim}

998

Multicast Source Discovery Protocol (MSDP)

ip msdp cache-rejected-sa To turn debugging off, use the no debug ip msdp {event peer address | packet peer address | pim} command.
Parameters

event peer address packet peer address pim

Enter the keyword event followed by the peer address in a dotted decimal format (A.B.C.D.). Enter the keyword packet followed by the peer address in a dotted decimal format (A.B.C.D.). Enter the keyword pim to debug advertisement from PIM.

Defaults Command Modes Command History

Not configured EXEC Privilege

Version 6.2.1.1 Introduced

ip msdp cache-rejected-sa
e
Syntax

Enable a MSDP cache for the rejected souce-active entries. ip msdp cache-rejected-sa {number} To clear the MSDP rejected source-active entries, use the no ip msdp cache-rejected-sa {number}command followed by the ip msdp cache-rejected-sa {number} command.

Parameters

number

Enter the number of rejected SA entries to cache. Range: 0 to 32766

Defaults Command Modes Command History Related Commands

No default values or behavior CONFIGURATION

Version 7.4.1.0 Introduced

show ip msdp sa-cache rejected-sa

Description.

ip msdp default-peer
e
Syntax

Define a default peer from which to accept all Source-Active (SA) messages. ip msdp default-peer peer address [list name] To remove the default peer, use the no ip msdp default-peer {peer address} list name command.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

999

ip msdp log-adjacency-changes

Parameters

peer address list name

Enter the peer address in a dotted decimal format (A.B.C.D.) Enter this keyword and specify a standard access list that contains the RP address that should be treated as the default peer. If no access list is specified, then all SAs from the peer are accepted.

Defaults Command Modes Command History

Not configured CONFIGURATION

Version 7.8.1.0 Version 6.2.1.1 Added the list option, and removed the prefix-list option. Introduced

Usage Information

If a list is not specified, all SA messages received from the default peer are accepted. You can enter multiple default peer commands.

ip msdp log-adjacency-changes
e
Syntax

Enable logging of MSDP adjacency changes. ip msdp log-adjacency-changes To disable logging, use the no ip msdp log-adjacency-changes command.

Defaults Command Modes Command History

Not configured CONFIGURATION

Version 6.2.1.1 Introduced

ip msdp mesh-group
e
Syntax

Configure a peer to be a member of a mesh group. ip msdp mesh-group {name} {peer address} To remove the peer from a mesh group, use the no ip msdp mesh-group {name} {peer address} command.

Parameters

name peer address

Enter a string of up to 16 characters long for as the mesh group name. Enter the peer address in a dotted decimal format (A.B.C.D.)

Defaults Command Modes

Not configured CONFIGURATION

1000

Multicast Source Discovery Protocol (MSDP)

ip msdp originator-id

Command History Usage Information

Version 6.2.1.1

Introduced

A MSDP mesh group is a mechanism for reducing SA flooding, typically in an intra-domain setting. When some subset of a domains MSDP speakers are fully meshed, they can be configured into a mesh-group. If member X of a mesh-group receives a SA message from an MSDP peer that is also a member of the mesh-group, member X accepts the SA message and forwards it to all of its peers that are not part of the mesh-group.However, member X can not forward the SA message to other members of the mesh-group.

ip msdp originator-id
e
Syntax

Configure the MSDP Originator ID. ip msdp originator-id {interface} To remove the originator-id, use the no ip msdp originator-id {interface} command.

Parameters

interface

Enter the following keywords and slot/port or number information: For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Loopback interface, enter the keyword loopback followed by a number from 0 to 16383. For a Port Channel interface, enter the keyword port-channel followed by a number: E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

Defaults Command Modes Command History

Not configured CONFIGURATION

Version 6.2.1.1 Introduced

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1001

ip msdp peer

ip msdp peer
e
Syntax

Configure an MSDP peer. ip msdp peer peer address [connect-source] [description] [sa-limit number ] To remove the MSDP peer, use the no ip msdp peer peer address [connect-source interface] [description name] [sa-limit number ] command.

Parameters

peer address connect-source interface

Enter the peer address in a dotted decimal format (A.B.C.D.) (OPTIONAL) Enter the keyword connect-source followed by one of the interfaces and slot/port or number information: For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Loopback interface, enter the keyword loopback followed by a number from 0 to 16383. For a Port Channel interface, enter the keyword port-channel followed by a number: E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

description name sa-limit number

(OPTIONAL) Enter the keyword description followed by a description name (max 80 characters) to designate a description for the MSDP peer. (OPTIONAL) Enter the maximum number of SA entries in SA-cache. Range: 1 to 500000 Default: 500000

Defaults Command Modes Command History

As above CONFIGURATION
Version 7.5.1.0 Version 6.2.1.1 Added option for SA upper limit and description option Introduced

Usage Information

The connect-source option is used to supply a source IP address for the TCP connection. When an interface is specified uising the connect-source option, the primary configured address on the interface is used. If the total number of SA messages received from the peer is already larger than the limit when this command is applied, those SA messages will continue to be accepted. To enforce the limit in such situation, use command clear ip msdp peer command to reset the peer.

Related Commands

ip msdp sa-limit clear ip msdp peer show ip msdp

Configure the MSDP SA Limit Clear the MSDP peer. Display the MSDP information

1002

Multicast Source Discovery Protocol (MSDP)

ip msdp redistribute

ip msdp redistribute
e
Syntax Parameters

Filter local PIM SA entries in the SA cache. SAs which are denied by the ACL will time out and not be refreshed. Until they time out, they will continue to reside in the MSDP SA cache. ip msdp redistribute [list acl-name] list acl-name
Enter the name of an extended ACL that contains permitted SAs. If you do not use this option, all local entries are blocked.

Defaults Command Modes Command History Usage Information

Not configured CONFIGURATION

Version 7.8.1.0 Introduced

Modifications to the ACL will not have an immediate affect on the sa-cache. To apply the redistribute filter to entries already present in the SA cache, use clear ip msdp sa-cache local.

ip msdp sa-filter
e
Syntax

Permit or deny MSDP source active (SA) messages based on multicast source and/or group from the specified peer. ip msdp sa-filter {in | out} peer-address list [access-list name] Remove this configuration using the command no ip msdp sa-filter {in | out} peer address list [access-list name]

Parameters

in out peer-address access-list name

Enter the keyword in to enable incoming SA filtering. Enter the keyword out to enable outgoing SA filtering. Enter the peer address of the MSDP peer in a dotted decimal format (A.B.C.D.) (OPTIONAL) Enter the IP extended access list name that defines from which peers SAs are to be permitted or denied.

Defaults Command Modes Command History

Not configured CONFIGURATION

Version 7.7.1.0 Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1003

ip msdp sa-limit

ip msdp sa-limit
e
Syntax

Configure the upper limit of SA (Source-Active) entries in SA-cache. ip msdp sa-limit number To return to the default, use the no ip msdp sa-limit number command.

Parameters

number

Enter the maximum number of SA entries in SA-cache. Range 0 to 40000

Defaults Command Modes Command History Usage Information

Default 50000 CONFIGURATION

Version 7.5.1.0 Introduced

FTOS counts the SA messages originated by itself and those received from the MSDP peers. When the total SA messages reach this limit, the subsequent SA messages are dropped (even if they pass RPF checking and policy checking). If the total number of SA messages is already larger than the limit when this command is applied, those SA messages that are already in FTOS will continue to be accepted. To enforce the limit in such situation, use the clear ip msdp sa-cache command.
ip msdp peer clear ip msdp peer show ip msdp Configure the MSDP peer Clear the MSDP peer. Display the MSDP information

Related Commands

ip msdp shutdown
e
Syntax Parameters

Administratively shut down a configured MSDP peer. ip msdp shutdown {peer address} peer address Not configured CONFIGURATION
Version 6.2.1.1 Introduced Enter the peer address in a dotted decimal format (A.B.C.D.)

Defaults Command Modes Command History

1004

Multicast Source Discovery Protocol (MSDP)

ip multicast-msdp

ip multicast-msdp
e
Syntax

Enable MSDP. ip multicast-msdp To exit MSDP, use the no ip multicast-msdp command.

Defaults Command Modes Command History

Not configured CONFIGURATION

Version 6.2.1.1 Introduced

show ip msdp
e
Syntax Parameters

Display the MSDP peer status, SA cache, or peer summary. show ip msdp {peer peer address | sa-cache | summary} peer peer address sa-cache summary
Enter the keyword peer followed by the peer address in a dotted decimal format (A.B.C.D.) Enter the keyword sa-cache to display the Source-Active cache. Enter the keyword summary to display a MSDP peer summary.

Defaults Command Modes

Not configured EXEC EXEC Privilege

Command History

Version 6.2.1.1

Introduced

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1005

show ip msdp sa-cache rejected-sa

Example 1

Figure 325 show ip msdp peer Command Example

Force10#show ip msdp peer 100.1.1.1 Peer Addr: 100.1.1.1 Local Addr: 100.1.1.2(639) Connect Source: none State: Established Up/Down Time: 00:00:08 Timers: KeepAlive 60 sec, Hold time 75 sec SourceActive packet count (in/out): 0/0 SAs learned from this peer: 0 SA Filtering: Input (S,G) filter: none Output (S,G) filter: none Force10#

Example 2

Figure 326 show ip msdp sa-cache Command Example

Force10#show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr 224.1.1.1 172.21.220.10 172.21.3.254 Force10#

LearnedFrom 172.21.3.254

Expire UpTime 102 00:02:52

Example 3

Figure 327 show ip msdp summary Command Example

Force10#show ip msdp Peer Addr Local Addr 72.30.1.2 72.30.1.1 72.30.2.2 72.30.2.1 72.30.3.2 72.30.3.1 Force10# summary State Established Established Established Source SA Up/Down none 0 00:00:03 none 0 00:00:03 none 0 00:00:02 Description peer1 peer2 test-peer-3

show ip msdp sa-cache rejected-sa

e
Syntax Defaults Command Modes

Display the rejected SAs in the SA cache. show ip mdsp sa-cache rejected-sa No default values or behavior EXEC EXEC Privilege

Command History

Version 7.4.1.0

Introduced

1006

Multicast Source Discovery Protocol (MSDP)

show ip msdp sa-cache rejected-sa

Example

Figure 328 show ip msdp sa-cache rejected-sa Command Example

Force10#sh ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 200 rejected SAs UpTime GroupAddr SourceAddr 00:00:13 225.1.2.1 10.1.1.3 00:00:13 225.1.2.2 10.1.1.4 00:00:13 225.1.2.3 10.1.1.3 00:00:13 225.1.2.4 10.1.1.4 00:00:13 225.1.2.5 10.1.1.3 00:00:13 225.1.2.6 10.1.1.4 00:00:13 225.1.2.7 10.1.1.3 00:00:13 225.1.2.8 10.1.1.4 00:00:13 225.1.2.9 10.1.1.3 00:00:13 225.1.2.10 10.1.1.4 00:00:13 225.1.2.11 10.1.1.3 00:00:13 225.1.2.11 10.1.1.3 00:00:13 225.1.2.12 10.1.1.4 00:00:13 225.1.2.13 10.1.1.3 00:00:13 225.1.2.14 10.1.1.4 00:00:13 225.1.2.15 10.1.1.3 00:00:13 225.1.2.16 10.1.1.4 00:00:13 225.1.2.17 10.1.1.3 00:00:13 225.1.2.18 10.1.1.4 00:00:13 225.1.2.19 10.1.1.3 Force10# received, cache-size 1000 RPAddr LearnedFrom Reason 110.1.1.1 13.1.1.2 Rpf-Fail 110.1.1.1 13.1.1.2 Rpf-Fail 110.1.1.1 13.1.1.2 Rpf-Fail 110.1.1.1 13.1.1.2 Rpf-Fail 110.1.1.1 13.1.1.2 Rpf-Fail 110.1.1.1 13.1.1.2 Rpf-Fail 110.1.1.1 13.1.1.2 Rpf-Fail 110.1.1.1 13.1.1.2 Rpf-Fail 110.1.1.1 13.1.1.2 Rpf-Fail 110.1.1.1 13.1.1.2 Rpf-Fail 110.1.1.1 13.1.1.2 Rpf-Fail 110.1.1.1 13.1.1.2 Rpf-Fail 110.1.1.1 13.1.1.2 Rpf-Fail 110.1.1.1 13.1.1.2 Rpf-Fail 110.1.1.1 13.1.1.2 Rpf-Fail 110.1.1.1 13.1.1.2 Rpf-Fail 110.1.1.1 13.1.1.2 Rpf-Fail 110.1.1.1 13.1.1.2 Rpf-Fail 110.1.1.1 13.1.1.2 Rpf-Fail 110.1.1.1 13.1.1.2 Rpf-Fail

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1007

show ip msdp sa-cache rejected-sa

1008

Multicast Source Discovery Protocol (MSDP)

Chapter 34

Multiple Spanning Tree Protocol (MSTP)

Overview
Multiple Spanning Tree Protocol (MSTP), as implemented by FTOS, conforms to IEEE 802.1s. MSTP is supported by FTOS on all Force10 systems (C-Series, E-Series, and S-Series), as indicated by the characters that appear below each command heading: C-Series: c E-Series: e S-Series: s

Commands
The following commands configure and monitor MSTP: debug spanning-tree mstp disable forward-delay hello-time max-age max-hops msti name protocol spanning-tree mstp revision show config show spanning-tree mst configuration show spanning-tree msti spanning-tree spanning-tree msti spanning-tree mstp tc-flush-standard

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1009

debug spanning-tree mstp

ces
Syntax

Enable debugging of Multiple Spanning Tree Protocol and view information on the protocol. debug spanning-tree mstp [all | bpdu interface {in | out} | events] To disable debugging, enter no debug spanning-tree mstp.

Parameters

all bpdu interface {in | out}

(OPTIONAL) Enter the keyword all to debug all spanning tree operations. (OPTIONAL) Enter the keyword bpdu to debug Bridge Protocol Data Units. (OPTIONAL) Enter the interface keyword along with the type slot/port of the interface you want displayed. Type slot/port options are the following: For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128

E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. Optionally, enter an in or out parameter in conjunction with the optional interface: For Receive, enter in For Transmit, enter out

events
Command Modes Command History

(OPTIONAL) Enter the keyword events to debug MSTP events.

EXEC Privilege
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Added support for S-Series Added support for C-Series Introduced on E-Series

Example

Figure 329 debug spanning-tree mstp bpdu Command Example

Force10#debug spanning-tree mstp bpdu gigabitethernet 2/0 ? in Receive (in) out Transmit (out)

1010

Multiple Spanning Tree Protocol (MSTP)

description

description
ces
Syntax

Enter a description of the Multiple Spanning Tree description {description} To remove the description, use the no description {description} command.

Parameters

description

Enter a description to identify the Multiple Spanning Tree (80 characters maximum).

Defaults Command Modes Command History Related Commands

No default behavior or values SPANNING TREE (The prompt is config-mstp.)

pre-7.7.1.0 Introduced

protocol spanning-tree mstp

Enter Multiple SPANNING TREE mode on the switch.

disable
ces
Syntax

Globally disable Multiple Spanning Tree Protocol on the switch. disable To enable Multiple Spanning Tree Protocol, enter no disable.

Defaults Command Modes Command History

Multiple Spanning Tree Protocol is disabled MULTIPLE SPANNING TREE

Version 7.6.1.0 Version 7.5.1.0 Version 6.5.1.0 Added support for S-Series Added support for C-Series Introduced Enter MULTIPLE SPANNING TREE mode.

Related Commands

protocol spanning-tree mstp

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1011

forward-delay

forward-delay
ces
Syntax

The amount of time the interface waits in the Blocking State and the Learning State before transitioning to the Forwarding State. forward-delay seconds To return to the default setting, enter no forward-delay.

Parameters

seconds

Enter the number of seconds the interface waits in the Blocking State and the Learning State before transiting to the Forwarding State. Range: 4 to 30 Default: 15 seconds.

Defaults Command Modes Command History

15 seconds MULTIPLE SPANNING TREE

Version 7.6.1.0 Version 7.5.1.0 Version 6.5.1.0 Added support for S-Series Added support for C-Series Introduced Change the wait time before MSTP refreshes protocol configuration information. Change the time interval between BPDUs.

Related Commands

max-age hello-time

hello-time
ces
Syntax

Set the time interval between generation of Multiple Spanning Tree Bridge Protocol Data Units (BPDUs). hello-time seconds To return to the default value, enter no hello-time.

Parameters

seconds

Enter a number as the time interval between transmission of BPDUs. Range: 1 to 10. Default: 2 seconds.

Defaults Command Modes Command History

2 seconds MULTIPLE SPANNING TREE

Version 7.6.1.0 Version 7.5.1.0 Version 6.5.1.0 Added support for S-Series Added support for C-Series Introduced

1012

Multiple Spanning Tree Protocol (MSTP)

max-age

Related Commands

forward-delay max-age

The amount of time the interface waits in the Blocking State and the Learning State before transitioning to the Forwarding State. Change the wait time before MSTP refreshes protocol configuration information.

max-age
ces
Syntax

Set the time interval for the Multiple Spanning Tree bridge to maintain configuration information before refreshing that information. max-age seconds To return to the default values, enter no max-age.

Parameters

max-age

Enter a number of seconds the FTOS waits before refreshing configuration information. Range: 6 to 40 Default: 20 seconds.

Defaults Command Modes Command History

20 seconds MULTIPLE SPANNING TREE

Version 7.6.1.0 Version 7.5.1.0 Version 6.5.1.0 Added support for S-Series Added support for C-Series Introduced The amount of time the interface waits in the Blocking State and the Learning State before transitioning to the Forwarding State. Change the time interval between BPDUs.

Related Commands

forward-delay hello-time

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1013

max-hops

max-hops
ces
Syntax

Configure the maximum hop count. max-hops number To return to the default values, enter no max-hops.

Parameters

range

Enter a number for the maximum hop count. Range: 1 to 40 Default: 20

Defaults Command Modes Command History

20 hops MULTIPLE SPANNING TREE

Version 7.6.1.0 Version 7.5.1.0 Version 6.5.1.0 Added support for S-Series Added support for C-Series Introduced

Usage Information

The max-hops is a configuration command that applies to both the IST and all MST instances in the MSTP region. The BPDUs sent out by the root switch set the remaining-hops parameter to the configured value of max-hops. When a switch receives the BPDU, it decrements the received value of the remaining hops and uses the resulting value as remaining-hops in the BPDUs. If the remaining-hops reaches zero, the switch discards the BPDU and ages out any information that it holds for the port.

msti
ces
Syntax

Configure Multiple Spanning Tree instance, bridge priority, and one or multiple VLANs mapped to the MST instance. msti instance {vlan range | bridge-priority priority} To disable mapping or bridge priority no msti instance {vlan range | bridge-priority priority}

Parameters

msti instance vlan range bridge-priority priority

Enter the Multiple Spanning Tree Protocol Instance Range: zero (0) to 63 Enter the keyword vlan followed by the identifier range value. Range: 1 to 4094 Enter the keyword bridge-priority followed by a value in increments of 4096 as the bridge priority. Range: zero (0) to 61440 Valid priority values are: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440. All other values are rejected.

1014

Multiple Spanning Tree Protocol (MSTP)

name

Defaults Command Modes Command History

default bridge-priority is 32768 INTERFACE

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Added support for S-Series Added support for C-Series Introduced on E-Series

Usage Information

By default, all VLANs are mapped to MST instance zero (0) unless you use the vlan range command to map it to a non-zero instance.

name
ces
Syntax

The name you assign to the Multiple Spanning Tree region. name region-name To remove the region name, enter no name

Parameters

region-name

Enter the MST region name. Range: 32 character limit

Defaults Command Modes Command History

no default name MULTIPLE SPANNING TREE

Version 7.6.1.0 Version 7.5.1.0 Version 6.5.1.0 Added support for S-Series Added support for C-Series Introduced

Usage Information Related Commands

For two MSTP switches to be within the same MSTP region, the switches must share the same region name (including matching case).
msti revision Map the VLAN(s) to an MST instance Assign revision number to the MST configuration.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1015

protocol spanning-tree mstp

ces
Syntax

Enter the MULTIPLE SPANNING TREE mode to enable and configure the Multiple Spanning Tree group. protocol spanning-tree mstp To disable the Multiple Spanning Tree group, enter no protocol spanning-tree mstp command.

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Added support for S-Series Added support for C-Series Introduced on E-Series

Example

Figure 330 protocol spanning-tree mstp Command Example

Force10(conf)#protocol spanning-tree mstp Force10(config-mstp)#no disable

Usage Information

MSTP is not enabled when you enter the MULTIPLE SPANNING TREE mode. To enable MSTP globally on the switch, enter no disable while in MULTIPLE SPANNING TREE mode. Refer to the FTOS Configuration Guide for more information on Multiple Spanning Tree Protocol.

Related Commands Defaults Command Modes Usage Information

disable

Disable Multiple Spanning Tree.

Disable. MULTIPLE SPANNING TREE Refer to the FTOS Configuration Guide for more information on Multiple Spanning Tree Protocol.

1016

Multiple Spanning Tree Protocol (MSTP)

revision

revision
ces
Syntax

The revision number for the Multiple Spanning Tree configuration revision range To return to the default values, enter no revision.

Parameters

range

Enter the revision number for the MST configuration. Range: 0 to 65535 Default: 0

Defaults Command Modes Command History

0 MULTIPLE SPANNING TREE

Version 7.6.1.0 Version 7.5.1.0 Version 6.5.1.0 Added support for S-Series Added support for C-Series Introduced

Usage Information Related Commands

For two MSTP switches to be within the same MST region, the switches must share the same revision number.
msti name Map the VLAN(s) to an MST instance Assign the region name to the MST region.

show config
ces
Syntax Command Modes Command History

View the current configuration for the mode. Only non-default values are shown. show config MULTIPLE SPANNING TREE
Version 7.6.1.0 Version 7.5.1.0 Version 6.5.1.0 Added support for S-Series Added support for C-Series Introduced on E-Series

Example

Figure 331 show config Command for MULTIPLE SPANNING TREE Mode
Force10(conf-mstp)#show config ! protocol spanning-tree mstp no disable name CustomerSvc revision 2 MSTI 10 VLAN 101-105 max-hops 5 Force10(conf-mstp)#

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1017

show spanning-tree mst configuration

ces
Syntax

View the Multiple Spanning Tree configuration. show spanning-tree mst configuration

Command Modes

EXEC EXEC Privilege

Command History

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1

Added support for S-Series Added support for C-Series Introduced on E-Series

Example

Figure 332 show spanning-tree mst configuration Command Example

Force10#show spanning-tree mst configuration MST region name: CustomerSvc Revision: 2 MSTI VID 10 101-105 Force10#

Usage Information

You must enable Multiple Spanning Tree Protocol prior to using this command.

1018

Multiple Spanning Tree Protocol (MSTP)

show spanning-tree msti

ces
Syntax Parameters

View the Multiple Spanning Tree instance. show spanning-tree msti [instance-number [brief] ] [guard] instance-number brief guard
[Optional] Enter the Multiple Spanning Tree Instance number Range: 0 to 63 [Optional] Enter the keyword brief to view a synopsis of the MST instance. [Optional] Enter the keyword guard to display the type of guard enabled on an MSTP interface and the current port state.

Command Modes

EXEC EXEC Privilege

Usage Information Command History

You must enable Multiple Spanning Tree Protocol prior to using this command.

Version 8.5.1.0 Version 8.4.2.1 Version 7.6.1.0 Version 7.5.1.0 Version 6.4.1.0

Support for the optional guard keyword was added on the E-Series ExaScale. Support for the optional guard keyword was added on the C-Series, S-Series, and E-Series TeraScale. Added support for S-Series Added support for C-Series Expanded to display port error disable state (EDS) caused by loopback BPDU inconsistency (see Figure 334)

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1019

show spanning-tree msti

Example

Figure 333 show spanning-tree msti [instance-number] Command Example

Force10#show spanning-tree msti 10 MSTI 10 VLANs mapped 101-105 Bridge Identifier has priority 32768, Address 0001.e802.3506 Configured hello time 2, max age 20, forward delay 15, max hops 5 Current root has priority 16384, Address 0001.e800.0a5c Number of topology changes 0, last change occured 3058087 Port 82 (GigabitEthernet 2/0) is designated Forwarding Port path cost 0, Port priority 128, Port Identifier 128.82 Designated root has priority 16384, address 0001.e800.0a:5c Designated bridge has priority 32768, address 0001.e802.35:06 Designated port id is 128.82, designated path cost Number of transitions to forwarding state 1 BPDU (Mrecords): sent 1109, received 0 The port is not in the portfast mode Port 88 (GigabitEthernet 2/6) is root Forwarding Port path cost 0, Port priority 128, Port Identifier 128.88 Designated root has priority 16384, address 0001.e800.0a:5c Designated bridge has priority 16384, address 0001.e800.0a:5c Designated port id is 128.88, designated path cost Number of transitions to forwarding state 4 BPDU (Mrecords): sent 19, received 1103 The port is not in the portfast mode Port 89 (GigabitEthernet 2/7) is alternate Discarding Port path cost 0, Port priority 128, Port Identifier 128.89 Designated root has priority 16384, address 0001.e800.0a:5c Designated bridge has priority 16384, address 0001.e800.0a:5c Designated port id is 128.89, designated path cost Number of transitions to forwarding state 3 BPDU (Mrecords): sent 7, received 1103 The port is not in the portfast mode

1020

Multiple Spanning Tree Protocol (MSTP)

show spanning-tree msti

Example 2

Figure 334 show spanning-tree msti with EDS and LBK

Force10#show spanning-tree msti 0 brief MSTI 0 VLANs mapped 1-4094 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e801.6aa8 Root Bridge hello time 2, max age 20, forward delay 15, max hops 20 Bridge ID Priority 32768, Address 0001.e801.6aa8 We are the root of MSTI 0 (CIST) Configured hello time 2, max age 20, forward delay 15, max hops 20 CIST regional root ID Priority 32768, Address 0001.e801.6aa8 CIST external path cost 0 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ---------- -------- ---- ------- --- ------- -------------------- -------Gi 0/0 128.257 128 20000 EDS 0 32768 0001.e801.6aa8 128.257 Interface Name Role PortID Prio Cost Sts Cost Link-type Edge Boundary ---------- ------ -------- ---- ------- --- ------- --------- ---- -------Gi 0/0 ErrDis 128.257 128 20000 EDS 0 P2P No No Force10#show spanning-tree msti 0 MSTI 0 VLANs mapped 1-4094 Root Identifier has priority 32768, Address 0001.e801.6aa8 Root Bridge hello time 2, max age 20, forward delay 15, max hops 20 Bridge Identifier has priority 32768, Address 0001.e801.6aa8 Configured hello time 2, max age 20, forward delay 15, max hops 20 We are the root of MSTI 0 (CIST) Current root has priority 32768, Address 0001.e801.6aa8 CIST regional root ID Priority 32768, Address 0001.e801.6aa8 CIST external path cost 0 Number of topology changes 1, last change occured 00:00:15 ago on Gi 0/0

Loopback BPDU Port 257 (GigabitEthernet 0/0) is LBK_INC Discarding Port path cost 20000, Port priority 128, Port Identifier 128.257Inconsistency Designated root has priority 32768, address 0001.e801.6aa8 (LBK_INC) Designated bridge has priority 32768, address 0001.e801.6aa8 Designated port id is 128.257, designated path cost 0 Number of transitions to forwarding state 1 BPDU (MRecords): sent 21, received 9 The port is not in the Edge port mode Example 3

Figure 335 show spanning-tree msti guard Command Example

Force10#show spanning-tree msti 5 guard Interface Name Instance Sts Guard type --------- ------------------------Gi 0/1 5 INCON(Root) Rootguard Gi 0/2 5 FWD Loopguard Gi 0/3 5 EDS(Shut) Bpduguard

Table 89 show spanning-tree msti guard Command Information Field

Interface Name Instance Sts Guard Type

Description
MSTP interface MSTP instance Port state: root-inconsistent (INCON Root), forwarding (FWD), listening (LIS), blocking (BLK), or shut down (EDS Shut) Type of STP guard configured (Root, Loop, or BPDU guard)

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1021

spanning-tree

spanning-tree
ces
Syntax

Enable Multiple Spanning Tree Protocol on the interface. spanning-tree To disable the Multiple Spanning Tree Protocol on the interface, use no spanning-tree

Parameters

spanning-tree

Enter the keyword spanning-tree to enable the MSTP on the interface. Default: Enable

Defaults Command Modes Command History

Enable INTERFACE
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.0 Added support for S-Series Added support for C-Series Introduced on E-Series

1022

Multiple Spanning Tree Protocol (MSTP)

spanning-tree msti

spanning-tree msti
ces
Syntax Parameters

Configure Multiple Spanning Tree instance cost and priority for an interface. spanning-tree msti instance {cost cost | priority priority} msti instance cost cost
Enter the keyword msti and the MST Instance number. Range: zero (0) to 63 (OPTIONAL) Enter the keyword cost followed by the port cost value. Range: 1 to 200000 Defaults: 100 Mb/s Ethernet interface = 200000 1-Gigabit Ethernet interface = 20000 10-Gigabit Ethernet interface = 2000 Port Channel interface with one 100 Mb/s Ethernet = 200000 Port Channel interface with one 1-Gigabit Ethernet = 20000 Port Channel interface with one 10-Gigabit Ethernet = 2000 Port Channel with two 1-Gigabit Ethernet = 18000 Port Channel with two 10-Gigabit Ethernet = 1800 Port Channel with two 100-Mbps Ethernet = 180000 Enter keyword priority followed by a value in increments of 16 as the priority. Range: 0 to 240. Default: 128

priority priority

Defaults Command Modes Command History

cost = depends on the interface type; priority = 128 INTERFACE

Version 7.6.1.0 Version 7.5.1.0 Version 6.5.1.0 Added support for S-Series Added support for C-Series Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1023

spanning-tree mstp

spanning-tree mstp
ces
Syntax

Configures a Layer 2 MSTP interface as an edge port with (optionally) a Bridge Protocol Data Unit (BPDU) guard, or enables the root guard or loop guard feature on the interface. spanning-tree mstp {edge-port [bpduguard [shutdown-on-violation]] | loopguard | rootguard} edge-port bpduguard
Enter the keyword edge-port to configure the interface as a Multiple Spanning Tree edge port. (OPTIONAL) Enter the keyword portfast to enable Portfast to move the interface into forwarding mode immediately after the root fails. Enter the keyword bpduguard to disable the port when it receives a BPDU. (OPTIONAL) Enter the keyword shutdown-on-violation to hardware disable an interface when a BPDU is received and the port is disabled. Enter the keyword loopguard to enable STP loop guard on an MSTP port or port-channel interface. Enter the keyword rootguard to enable root guard on an MSTP port or port-channel interface.

Parameters

shutdown-onviolation loopguard rootguard

Command Modes Command History

INTERFACE
Version 8.5.1.0 Version 8.4.2.1 Version 8.2.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 6.1.1.0 Introduced the loopguard and rootguard options on the E-Series ExaScale. Introduced the loopguard and rootguard options on the E-Series TeraScale, C-Series, and S-Series. Introduced hardware shutdown-on-violation option Added support for S-Series Added support for C-Series Support for BPDU guard added

Usage Information

On an MSTP switch, a port configured as an edge port will immediately transition to the forwarding state. Only ports connected to end-hosts should be configured as an edge port. Consider an edge port similar to a port with spanning-tree portfast enabled. If shutdown-on-violation is not enabled, BPDUs will still be sent to the RPM CPU. Root guard and loop guard cannot be enabled at the same time on a port. For example, if you configure loop guard on a port on which root guard is already configured, the following error message is displayed:
% Error: RootGuard is configured. Cannot configure LoopGuard.

When used in an MSTP network, if root guard blocks a boundary port in the CIST, the port is also blocked in all other MST instances. Enabling Portfast BPDU guard and loop guard at the same time on a port results in a port that remains in a blocking state and prevents traffic from flowing through it. For example, when Portfast BPDU guard and loop guard are both configured: If a BPDU is received from a remote device, BPDU guard places the port in an err-disabled blocking state and no traffic is forwarded on the port. If no BPDU is received from a remote device, loop guard places the port in a loop-inconsistent blocking state and no traffic is forwarded on the port.

1024

Multiple Spanning Tree Protocol (MSTP)

tc-flush-standard

tc-flush-standard
ces
Syntax

Enable the MAC address flushing upon receiving every topology change notification. tc-flush-standard To disable, use the no tc-flush-standard command.

Defaults Command Modes Command History

Disabled CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 Version 6.5.1.0 Added support for S-Series Added support for C-Series Introduced

Usage Information

By default FTOS implements an optimized flush mechanism for MSTP. This helps in flushing the MAC addresses only when necessary (and less often) allowing for faster convergence during topology changes. However, if a standards-based flush mechanism is needed, this knob command can be turned on to enable flushing MAC addresses upon receiving every topology change notification.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1025

tc-flush-standard

1026

Multiple Spanning Tree Protocol (MSTP)

Chapter 35
Overview

Multicast

The platforms on which a command is supported is indicated by the character e for the E-Series, c for the C-Series, and s for the S-Series that appears below each command heading. This chapter contains the following sections: IPv4 Multicast Commands IPv6 Multicast Commands

IPv4 Multicast Commands

The IPv4 Multicast commands are: clear ip mroute clear ip mroute snooping ip mroute ip multicast-lag-hashing ip multicast-routing ip multicast-limit mac-flood-list mtrace queue backplane multicast restrict-flooding show ip mroute show ip rpf show queue backplane multicast

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1027

clear ip mroute

clear ip mroute
ces
Syntax Parameters

Clear learned multicast routes on the multicast forwarding table. To clear the PIM tree information base, use clear ip pim tib command. clear ip mroute {group-address [source-address] | *} group-address [source-address]
* Enter multicast group address and source address (if desired), in dotted decimal format, to clear information on a specific group. Enter * to clear all multicast routes.

Command Modes Command History

EXEC Privilege
Version 7.8.1.0 Introduced on C-Series

E-Series legacy command Related Commands show ip pim tib Show the PIM Tree Information Base.

clear ip mroute snooping

ex
Clear the multicast routes learned through PIM-SM snooping from the IPv4 multicast snooping table. To clear tree information learned through PIM-SM snooping from the PIM tree information base, use clear ip pim snooping tib command. clear ip mroute snooping {vlan vlan-id [group-address [source-address] | *}
vlan vlan-id group-address [source-address] * Command Modes Command History Related Commands Enter a VLAN ID to clear information learned through PIM-SM snooping about a specified VLAN. Valid VLAN IDs: 1 to 4094. (OPTIONAL) Enter a group address and, optionally, a source address in dotted decimal format, to clear information learned through PIM-SM snooping about a specified multicast group and source. Enter * to clear all multicast routes learned through PIM-SM snooping.

Syntax Parameters

EXEC Privilege
Version 8.4.1.1 Introduced on E-Series ExaScale

show ip pim snooping tib

Display the information from the PIM tree information base learned through PIM snooping.

1028

Multicast

ip mroute

ip mroute
show ip pim tib Show the PIM Tree Information Base.

ces
Syntax

Assign a static mroute. ip mroute destination mask {ip-address | null 0| {{bgp| ospf} process-id | isis | rip | static} {ip-address | tag | null 0}} [distance] To delete a specific static mroute, use the command ip mroute destination mask {ip-address | null 0| {{bgp| ospf} process-id | isis | rip | static} {ip-address | tag | null 0}} [distance]. To delete all mroutes matching a certain mroute, use the no ip mroute destination mask command.

Parameters

destination mask null 0 [protocol [process-id | tag] ip-address]

Enter the IP address in dotted decimal format of the destination device. Enter the mask in slash prefix formation ( /x ) or in dotted decimal format. (OPTIONAL) Enter the null followed by zero (0). (OPTIONAL) Enter one of the routing protocols: Enter the BGP as-number followed by the IP address in dotted decimal format of the reverse path forwarding (RPF) neighbor. Range:1-65535 Enter the OSPF process identification number followed by the IP address in dotted decimal format of the reverse path forwarding (RPF) neighbor. Range: 1-65535 Enter the IS-IS alphanumeric tag string followed by the IP address in dotted decimal format of the reverse path forwarding (RPF) neighbor. Enter the RIP IP address in dotted decimal format of the reverse path forwarding (RPF) neighbor.

static ip-address ip-address distance

(OPTIONAL) Enter the Static IP address in dotted decimal format of the reverse path forwarding (RPF) neighbor. (OPTIONAL) Enter the IP address in dotted decimal format of the reverse path forwarding (RPF) neighbor. (OPTIONAL) Enter a number as the distance metric assigned to the mroute. Range: 0 to 255

Defaults Command Modes Command History Related Commands

Not configured. CONFIGURATION

E-Series legacy command

show ip mroute

View the E-Series routing table.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1029

ip multicast-lag-hashing

ip multicast-lag-hashing
e
Syntax

Distribute multicast traffic among Port Channel members in a round-robin fashion. ip multicast-lag-hashing To revert to the default, enter no ip multicast-lag-hashing.

Defaults Command Modes Command History Usage Information

Disabled CONFIGURATION
Version 6.3.1.0 Introduced for E-Series

By default, one Port Channel member is chosen to forward multicast traffic. With this feature turned on, multicast traffic will be distributed among the Port Channel members in a round-robin fashion. This feature applies to the routed multicast traffic. If IGMP Snooping is turned on, this feature also applies to switched multicast traffic. ip multicast-routing
Enable IP multicast forwarding.

Related Commands

ip multicast-routing
ces
Syntax

Enable IP multicast forwarding. ip multicast-routing To disable multicast forwarding, enter no ip multicast-routing.

Defaults Command Modes Command History Usage Information

Disabled CONFIGURATION
E-Series legacy command

You must enter this command to enable multicast on the E-Series. After you enable multicast, you can enable IGMP and PIM on an interface. In the INTERFACE mode, enter the ip pim sparse-mode command to enable IGMP and PIM on the interface.
ip pim sparse-mode Enable IGMP and PIM on an interface.

Related Commands

1030

Multicast

ip multicast-limit

ip multicast-limit
ces
Syntax Parameters

Use this feature to limit the number of multicast entries on the system. ip multicast-limit limit limit
Enter the desired maximum number of multicast entries on the system. E-Series Range: 1 to 50000 E-Series Default: 15000 C-Series Range: 1 to 10000 C-Series Default: 4000 S-Series Range: 1 to 2000 S-Series Default: 400

Defaults Command Modes Command History

As above CONFIGURATION
Version 7.8.1.0 Version 7.6.1.0 Introduced on C-Series Introduced on E-Series

Usage Information

This features allows the user to limit the number of multicast entries on the system. This number is the sum total of all the multicast entries on all line cards in the system. On each line card, the multicast module will only install the maximum possible number of entries, depending on the configured CAM profile. The IN-L3-McastFib CAM partition is used to store multicast routes and is a separate hardware limit that is exists per port-pipe. Any software-configured limit might be superseded by this hardware space limitation. The opposite is also true, the CAM partition might not be exhausted at the time the system-wide route limit set by the ip multicast-limit is reached.

Related Commands

show ip igmp groups

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1031

mac-flood-list

mac-flood-list
e
Syntax Parameters

Provide an exception to the restrict-flood configuration so that multicast frames within a specifed MAC address range to be flooded on all ports in a VLAN. mac-flood-list mac-address mask vlanvlan-list [min-speed speed] mac-address mac-mask vlan vlan-list
Enter a multicast MAC address in hexadecimal format. Enter the MAC Address mask. Enter the VLAN(s) in which flooding will be restricted. Separate values by commasno spaces ( 1,2,3 ) or indicate a list of values separated by a hyphen (1-3). Range: 1 to 4094 (OPTIONAL) Enter the minimum link speed that ports must have to receive the specified flooded multicast traffic.

min-speed min-speed

Defaults Command Modes Command History Usage Information

None CONFIGURATION
Version 7.7.1.0 Introduced on E-Series

When the mac-flood-list with the min-speed option is used in combination with the restrict-flood command, mac-flood-list command has higher priority than the restrict-flood command. Therefore, all multicast frames matching the mac-adress range specified using the mac-flood-list command are flooded according to the mac-flood-list command. Only the multicast frames not matching the mac-address range specified using the mac-flood-list command are flooded according to the restrict-flood command.

Related Commands

restrict-flooding

Prevent Layer 2 multicast traffic from being forwarded on ports below a specified speed.

1032

Multicast

mtrace

mtrace
e
Syntax

Trace a multicast route from the source to the receiver. mtrace {source-address/hostname} {destination-address/hostname} {group-address} source-address/ hostname destination-address /hostname group-address
Enter the source IP address in dotted decimal format (A.B.C.D). Enter the destination (receiver) IP address in dotted decimal format (A.B.C.D). Enter the multicast group address in dotted decimal format (A.B.C.D).

Parameters

Command Modes Command History

EXEC Privilege
Version 7.5.1.0 Version 7.4.1.0 Expanded to support originator Expanded to support intermediate (transit) router

E-Series legacy command Usage Information

Mtrace is an IGMP protocol based on the Multicast trace route facility and implemented according to the IETF draft A trace route facility for IP Multicast (draft-fenner-traceroute-ipm-01.txt). FTOS supports the Mtrace client and transmit functionality. As an Mtrace client, FTOS transmits Mtrace queries, receives, parses and prints out the details in the response packet received. As an Mtrace transit or intermediate router, FTOS returns the response to Mtrace queries. Upon receiving the Mtrace request, FTOS computes the RPF neighbor for the source, fills in the request and the forwards the request to the RPF neighbor. While computing the RPF neighbor, the static mroute and mBGP route is preferred over the unicast route.

queue backplane multicast

e
Syntax Parameters

Reallocate the amount of bandwidth dedicated to multicast traffic. queue backplane multicast bandwidth-percentage percentage percentage
Enter the percentage of backplane bandwidth to be dedicated to multicast traffic. Range: 5-95

Defaults Command Modes Command History

80% of the scheduler weight is for unicast traffic and 20% is for multicast traffic by default. CONFIGURATION
Version 7.7.1.0 Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1033

restrict-flooding

Example

Figure 336 queue backplane multicast Command Example

Force10(conf)#queue backplane multicast bandwidth-percent 30 Force10(conf)#exit Force10#00:14:04: %RPM0-P:CP %SYS-5-CONFIG_I: Configured from console by console show run | grep bandwidth queue backplane multicast bandwidth-percent 30 Force10#

Related Commands

show queue backplane multicast

Display the backplane bandwidth configuration about how much bandwidth is dedicated to multicast versus unicast.

restrict-flooding
et
Syntax Parameters

Prevent Layer 2 multicast traffic from being flooded on ports below a specified link speed. restrict-flooding multicast min-speed speed min-speed min-speed
Enter the minimum link speed that a port must have to receive flooded multicast traffic. Range: 1000

Defaults Command Modes Command History Usage Information

None INTERFACE VLAN

Version 7.7.1.0 Introduced on E-Series TeraScale

This command restricts flooding for all unknown multicast traffic on ports below a certain speed. If you want some multicast traffic to be flooded on slower ports, use the command mac-flood-list without the min-speed option, in combination with restrict-flooding. With mac-flood-list you specify the traffic you want to be flooded using a MAC address range. You may not use unicast MAC addresses when specifying MAC address ranges, and do not overlap MAC addresses ranges, when creating multiple mac-flood-list entries for the same VLAN. Restricted Layer 2 Flooding is not compatible with MAC accounting or VMANs.

Related Commands

mac-flood-list

Flood multicast frames with specified MAC addresses to all ports in a VLAN.

1034

Multicast

show ip mroute

show ip mroute
ces
Syntax

View the Multicast Routing Table. show ip mroute [static | group-address [source-address] | active [rate] | count | snooping [vlan vlan-id] [group-address [source-address]] | summary]
static group-address [source-address] (OPTIONAL) Enter the keyword static to view static multicast routes. (OPTIONAL) Enter the multicast group-address to view only routes associated with that group. Enter the source-address to view routes with that group-address and source-address. (OPTIONAL) Enter the keyword active to view only active multicast routes. Enter a rate to view active routes over the specified rate. Range: 0 to 10000000 (OPTIONAL) Enter the keyword count to view the number of multicast routes and packets on the E-Series. (OPTIONAL) E-Series ExaScale only: Enter the keyword snooping to display information on the multicast routes discovered by PIM-SM snooping. Enter a VLAN ID to limit the information displayed to the multicast routes discovered by PIM-SM snooping on a specified VLAN. Valid VLAN IDs: 1 to 4094. Enter a multicast group address and, optionally, a source multicast address in dotted decimal format (A.B.C.D) to limit the information displayed to the multicast routes discovered by PIM-SM snooping for a specified multicast group and source. (OPTIONAL) Enter the keyword summary to view routes in a tabular format.

Parameters

active [rate]

count snooping [vlan vlan-id] [group-address [source-address]]

summary

Command Modes

EXEC EXEC Privilege

Command History

Version 8.4.1.1 Version 7.6.1.0 Version 7.5.1.0

Support for the snooping keyword and optional vlan vlan-id, group-address, and source-address parameters were added on E-Series ExaScale. Introduced on S-Series Introduced on C-Series

E-Series legacy command

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1035

show ip mroute

Example 1

Figure 337 show ip mroute static Command Example

Force10#show ip mroute static Mroute: 23.23.23.0/24, interface: Lo 2 Protocol: static, distance: 0, route-map: none, last change: 00:00:23

Example 2

Figure 338 show ip mroute snooping Command Example

Force10#show ip mroute snooping IPv4 Multicast Snooping Table (*, 224.0.0.0), uptime 17:46:23 Incoming vlan: Vlan 2 Outgoing interface list: GigabitEthernet 4/13 (*, 225.1.2.1), uptime 00:04:16 Incoming vlan: Vlan 2 Outgoing interface list: GigabitEthernet 4/11 GigabitEthernet 4/13 (165.87.1.7, 225.1.2.1), uptime 00:03:17 Incoming vlan: Vlan 2 Outgoing interface list: GigabitEthernet 4/11 GigabitEthernet 4/13 GigabitEthernet 4/20

Example 3

Figure 339 show ip mroute Command Example

Force10#show ip mroute IP Multicast Routing Table (*, 224.10.10.1), uptime 00:05:12 Incoming interface: GigabitEthernet 3/12 Outgoing interface list: GigabitEthernet 3/13 (1.13.1.100, 224.10.10.1), uptime 00:04:03 Incoming interface: GigabitEthernet 3/4 Outgoing interface list: GigabitEthernet 3/12 GigabitEthernet 3/13 (*, 224.20.20.1), uptime 00:05:12 Incoming interface: GigabitEthernet 3/12 Outgoing interface list: GigabitEthernet 3/4

Table 90 show ip mroute Command Example Fields Field

(S,G) uptime Incoming interface Outgoing interface list:

Description
Displays the forwarding entry in the multicast route table. Displays the amount of time the entry has been in the multicast forwarding table. Displays the reverse path forwarding (RPF) information towards the the source for (S,G) entries and the RP for (*,G) entries. Lists the interfaces that meet one of the following: a directly connected member of the Group statically configured member of the Group received a (*,G) or (S,G) Join message

1036

Multicast

show ip rpf

show ip rpf
ces
Syntax Command Modes

View reverse path forwarding. show ip rpf EXEC EXEC Privilege

Command History Usage Information

E-Series legacy command

Static mroutes are used by network administrators to control the reachability of the multicast sources. If a PIM registered multicast source is reachable via static mroute as well as unicast route, the distance of each route is examined and the route with shorter distance is the one the PIM selects for reachability.

Note: The default distance of mroutes is zero (0) and is CLI configurable on a per route basis.
Example

Figure 340 show ip rpf Command Example

force10#show ip rpf RPF information for 10.10.10.9 RPF interface: Gi 3/4 RPF neighbor: 165.87.31.4 RPF route/mask: 10.10.10.9/255.255.255.255 RPF type: unicast

show queue backplane multicast

e
Syntax Defaults Command Modes

Display the backplane bandwidth configuration about how much bandwidth is dedicated to multicast versus unicast. show queue backplane multicast bandwidth-percentage None EXEC EXEC Privilege

Command History Example

Version 7.7.1.0

Introduced on E-Series

Figure 341 show queue backplane multicast Command Example

Force10#show queue backplane multicast bandwidth-percent Configured multicast bandwidth percentage is 80

Related Commands

queue backplane multicast

Reallocate the amount of bandwidth dedicated to multicast traffic.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1037

clear ipv6 mroute

IPv6 Multicast Commands

IPv6 Multicast commands are: clear ipv6 mroute ipv6 multicast-limit ip multicast-routing show ipv6 mroute show ipv6 mroute mld show ipv6 mroute summary

clear ipv6 mroute

e
Syntax Parameters

Clear learned multicast routes on the multicast forwarding table. To clear the PIM tib, use clear ip pim tib command. clear ipv6 mroute {group-address [source-address] | *} group-address [source-address]
Enter multicast group address and source address (if desired) to clear information on a specific group. Enter the addresses in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zero. * Enter * to clear all multicast routes.

Defaults Command Modes Command History Related Commands

No default behavior or values EXEC Privilege

Version 7.4.1.0 Introduced

show ipv6 pim tib

Display the IPv6 PIM Tree Information Base.

ipv6 multicast-limit
e
Syntax Parameters

Limit the number of multicast entries on the system. ipv6 multicast-limit limit limit
Enter the desired maximum number of multicast entries on the system. Range: 1 to 50000 Default: 15000

Defaults

15000 routes Multicast

1038

ipv6 multicast-routing

Command Modes Command History Usage Information

CONFIGURATION
Version 8.3.1.0 Introduced

The maximum number of multicast entries allowed on each line card is determined by the CAM profile. Multicast routes are stored in the IN-V6-McastFib CAM region, which has a fixed number of entries. Any limit configured via the CLI is superseded by this hardware limit. The opposite is also true; the CAM might not be exhausted at the time the CLI-configured route limit is reached.

ipv6 multicast-routing
e
Syntax

Enable IPv6 multicast forwarding. ipv6 multicast-routing To disable multicast forwarding, enter no ipv6 multicast-routing.

Defaults Command Modes Command History Related Commands

Disabled CONFIGURATION
E-Series legacy command

ipv6 pim sparse-mode

show ipv6 mroute

e
Syntax

View IPv6 multicast routes. show ipv6 mroute [group-address [source-address]] [active rate] [count group-address [source source-address]] group-address [source-address]
active [rate] (OPTIONAL) Enter the IPv6 multicast group-address to view only routes associated with that group. Optionally, enter the IPv6 source-address to view routes with that group-address and source-address. (OPTIONAL) Enter the keyword active to view active multicast sources. Enter a rate to view active routes over the specified rate. Range: 0 to 10000000 packets/second (OPTIONAL) Enter the keyword count to view the number of IPv6 multicast routes and packets on the E-Series. Optionally, enter the IPv6 source-address count information.

Parameters

count group-address [source source-address]}

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1039

show ipv6 mroute

Command Modes

EXEC EXEC Privilege

Command History

Version 7.4.1.0

Introduced

1040

Multicast

show ipv6 mroute

Example

Figure 342 show ipv6 mroute command Example

YForce10#show ipv6 mroute IP Multicast Routing Table (165:87:32::30, ff05:100::1), uptime 00:01:11 Incoming interface: Vlan 200 Outgoing interface list: GigabitEthernet 2/14 (165:87:37::30, ff05:200::1), uptime 00:01:04 Incoming interface: Port-channel 200 Outgoing interface list: Vlan 200 (165:87:31::30, ff05:300::1), uptime 00:01:19 Incoming interface: GigabitEthernet 2/14 Outgoing interface list: Port-channel 200 (165:87:32::30, ff05:1100::1), uptime 00:01:08 Incoming interface: Vlan 200 Outgoing interface list: GigabitEthernet 2/14 (165:87:37::30, ff05:2200::1), uptime 00:01:01 Incoming interface: Port-channel 200 Outgoing interface list: Vlan 200 Force10#

Example

Figure 343 show ipv6 mroute active Command Example

Force10#show ipv6 mroute active 10 Active Multicast Sources - sending >= 10 pps Group: ff05:300::1 Source: 165:87:31::30 Rate: 100 pps Group: ff05:3300::1 Source: 165:87:31::30 Rate: 100 pps Group: ff3e:300::4000:1 Source: 165:87:31::20 Rate: 100 pps Group: ff3e:3300::4000:1 Source: 165:87:31::20 Rate: 100 pps Force10#

Example

Figure 344 show ipv6 mroute count group Command Examples

Force10#show ipv6 mroute count group ff05:3300::1 IP Multicast Statistics 1 routes using 648 bytes of memory 1 groups, 1.00 average sources per group Forwarding Counts: Pkt Count/Pkts per second Group: ff05:3300::1, Source count: 1 Source: 165:87:31::30, Forwarding: 3997/0 Force10#

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1041

show ipv6 mroute mld

Example

Figure 345 show ipv6 mroute count source command Examples

Force10#show ipv6 mroute count source 165:87:31::30 IP Multicast Statistics 2 routes using 1296 bytes of memory 2 groups, 1.00 average sources per group Forwarding Counts: Pkt Count/Pkts per second Group: ff05:300::1, Source count: 1 Source: 165:87:31::30, Forwarding: 3993/0 Group: ff05:3300::1, Source count: 1 Source: 165:87:31::30, Forwarding: 3997/0 Force10#

show ipv6 mroute mld

e
Syntax Parameters

Display the Multicast MLD information. show ipv6 mroute [mld [ group-address | all | vlan vlan-id]]
mld (OPTIONAL) Enter the keyword mld to display Multicast MLD information. (OPTIONAL) Enter the multicast group address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zero. all (OPTIONAL) Enter the keyword all to view all the MLD information. (OPTIONAL) Enter the keyword vlan followed by the VLAN ID to view MLD VLAN information.

group-address

vlan vlan-id

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History

Version 7.4.1.0

Introduced

1042

Multicast

show ipv6 mroute summary

Example

Figure 346 show ipv6 mroute mld all Command Example

Force10#show ipv6 mroute mld all MLD SNOOPING MRTM Table (*, ff05:100::1), uptime 00:04:21 Incoming vlan: Vlan 200 Outgoing interface list: GigabitEthernet 2/15 GigabitEthernet 2/16 (*, ff05:200::1), uptime 00:04:15 Incoming vlan: Vlan 200 Outgoing interface list: GigabitEthernet 2/15 GigabitEthernet 2/16 (*, ff05:1100::1), uptime 00:04:18 Incoming vlan: Vlan 200 Outgoing interface list: GigabitEthernet 2/15 GigabitEthernet 2/16 Force10#

show ipv6 mroute summary

e
Syntax Defaults Command Modes

Display a summary of the Multicast routing table. show ipv6 mroute summary No default values or behavior EXEC EXEC Privilege

Command History Example

Version 7.4.1.0

Introduced

Figure 347 show ipv6 mroute summary Command Example

Force10#show ipv6 mroute summary IP Multicast Routing Table 12 groups, 12 routes (165:87:32::30, (165:87:37::30, (165:87:31::30, (165:87:32::30, (165:87:37::30, (165:87:31::30, (165:87:32::20, Force10# ff05:100::1), 00:00:24 ff05:200::1), 00:00:24 ff05:300::1), 00:00:24 ff05:1100::1), 00:00:21 ff05:2200::1), 00:00:21 ff05:3300::1), 00:00:21 ff3e:100::4000:1), 00:00:41

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1043

show ipv6 mroute summary

1044

Multicast

Chapter 36

Neighbor Discovery Protocol (NDP)

Overview
Neighbor Discovery Protocol for IPv6 is defined in RFC 2461 as part of the Stateless Address Autoconfiguration protocol. It replaces the Address Resolution Protocol used with IPv4. It defines mechanisms for solving the following problems: Router discovery: Hosts can locate routers residing on a link. Prefix discovery: Hosts can discover address prefixes for the link. Parameter discovery Address autoconfiguration configuration of addresses for an interface Address resolution mapping from IP address to link-layer address Next-hop determination Neighbor Unreachability Detection (NUD): Determine that a neighbor is no longer reachable on the link. Duplicate Address Detection (DAD): Allow a node to check whether a proposed address is already in use. Redirect: The router can inform a node about a better first-hop.

NDP makes use of the following five ICMPv6 packet types in its implementation: Router Solicitation Router Advertisement Neighbor Solicitation Neighbor Advertisement Redirect

Commands
The Neighbor Discovery Protocol (NDP) commands in this chapter are: clear ipv6 neighbors ipv6 nd managed-config-flag ipv6 nd max-ra-interval ipv6 nd mtu

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1045

clear ipv6 neighbors

ipv6 nd other-config-flag ipv6 nd prefix ipv6 nd ra-lifetime ipv6 nd reachable-time ipv6 nd suppress-ra ipv6 neighbor show ipv6 neighbors

clear ipv6 neighbors

e
Syntax Parameters

Delete all entries in the IPv6 neighbor discovery cache, or neighbors of a specific interface. Static entries will not be removed using this command. clear ipv6 neighbors [ipv6-address] [interface ] ipv6-address
Enter the IPv6 address of the neighbor in the x:x:x:x::x format to remove a specific IPv6 neighbor. The :: notation specifies successive hexadecimal fields of zero. To remove all neighbor entries learned on a specific interface, enter the keyword interface followed by the interface type and slot/port or number information of the interface: For a Fast Ethernet interface, enter the keyword fastEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by the VLAN ID. The range is from 1 to 4094.

interface interface

Command Modes

EXEC EXEC Privilege

1046

Neighbor Discovery Protocol (NDP)

ipv6 nd managed-config-flag

ipv6 nd managed-config-flag
e
Set the managed address configuration flag in the IPv6 router advertisement. The description of this flag from RFC 2461 (http://tools.ietf.org/html/rfc2461) is: M: 1-bit "Managed address configuration" flag. When set, hosts use the administered (stateful) protocol for address autoconfiguration in addition to any addresses autoconfigured using stateless address autoconfiguration. The use of this flag is described in: Thomson, S. and T. Narten, "IPv6 Address Autoconfiguration", RFC 2462, December 1998.
Syntax

ipv6 nd managed-config-flag To clear the flag from the IPv6 router advertisements, use the no ipv6 nd managed-config-flag command.

Defaults Command Modes

The default flag is 0. INTERFACE

ipv6 nd max-ra-interval
e
Syntax

Configure the interval between the IPv6 router advertisement (RA) transmissions on an interface. ipv6 nd max-ra-interval {interval} min-ra-interval {interval} To restore the default interval, use the no ipv6 nd max-ra-interval command.

Parameters

max-ra-interval {interval}

Enter the keyword max-ra-interval followed by the interval in seconds. Range: 4 to 1800 seconds Enter the keyword min-ra-interval followed by the interval in seconds. Range: 3 to 1350 seconds

min-ra-interval {interval}

Defaults Command Modes

Max RA inteval: 600 seconds, Min RA interval: 200 seconds INTERFACE

ipv6 nd mtu
ces
Syntax Parameters

Configure an IPv6 neighbor discovery. ipv6 nd mtu number mtu number Set the MTU advertisement value in Routing Prefix Advertisement packets. Range: 1280 to 9234

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1047

ipv6 nd other-config-flag

Defaults Command Modes Command History Usage Information

No default values or behavior INTERFACE

Version 8.3.1.0 Introduced

The ip nd mtu command sets the value advertised to routers. It does not set the actual MTU rate. For example, if ip nd mtu is set to 1280, the interface will still pass 1500-byte packets. The mtu command sets the actual frame size passed, and can be larger than the advertised MTU. If the mtu setting is larger than the ip nd mtu, an error message is sent, but the configuration is accepted.
% Error: nd ra mtu is greater than link mtu, link mtu will be used.

Related Commands

mtu

Set the maximum link MTU (frame size) for an Ethernet interface.

ipv6 nd other-config-flag
e
Set the other stateful configuration flag in the IPv6 router advertisement. The description of this flag from RFC 2461 (http://tools.ietf.org/html/rfc2461) is: O: 1-bit "Other stateful configuration" flag. When set, hosts use the administered (stateful) protocol for autoconfiguration of other (non-address) information. The use of this flag is described in: Thomson, S. and T. Narten, "IPv6 Address Autoconfiguration", RFC 2462, December 1998.
Syntax

ipv6 nd other-config-flag To clear the flag from the IPv6 router advertisements, use the no ipv6 nd other-config-flag command.

Defaults Command Modes

The default flag is 0. INTERFACE

ipv6 nd prefix
e
Configure how IPv6 prefixes are advertised in the IPv6 router advertisements. The description of an IPv6 prefix from RFC 2461(http://tools.ietf.org/html/rfc2461) is a bit string that consists of some number of initial bits of an address. ipv6 nd prefix {ipv6-address prefix-length | default} [no-advertise] | [no-autoconfig | no-rtr-address | off-link]

Syntax

1048

Neighbor Discovery Protocol (NDP)

ipv6 nd ra-lifetime

Parameters

ipv6-address prefix-length

Enter the IPv6 address in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 The :: notation specifies successive hexadecimal fields of zeros

default no-advertise no-autoconfig no-rtr-address off-link

(OPTIONAL) Enter the keyword default to specify the prefix default parameters. (OPTIONAL) Enter the keyword no-advertise to not advertise prefixes. (OPTIONAL) Enter the keyword no-autoconfig to not use prefixes for auto-configuration. (OPTIONAL) Enter the keyword no-rtr-address to not send full router addresses in prefix advertisement. (OPTIONAL) Enter the keyword off-link to not use prefixes for on-link determination.

Defaults Command Modes

Not configured INTERFACE

ipv6 nd ra-lifetime
e
Configure the router lifetime value in the IPv6 router advertisements on an interface. The description of router lifetime from RFC 2461(http://tools.ietf.org/html/rfc2461) is: Router Lifetime: 16-bit unsigned integer. The lifetime associated with the default router in units of seconds. The maximum value corresponds to 18.2 hours. A Lifetime of 0 indicates that the router is not a default router and SHOULD NOT appear on the default router list. The Router Lifetime applies only to the router's usefulness as a default router; it does not apply to information contained in other message fields or options. Options that need time limits for their information include their own lifetime fields.
Syntax

ipv6 nd ra-lifetime seconds To restore the default values, use the no ipv6 nd ra-lifetime command.

Parameters

seconds

Enter the lifetime value in seconds. Range: 0 to 9000

Defaults Command Modes

9000 seconds INTERFACE

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1049

ipv6 nd reachable-time

ipv6 nd reachable-time
e
Configure the amount of time that a remote IPv6 node is considered available after a reachability confirmation event has occurred. The description of reachable time from RFC 2461(http://tools.ietf.org/html/rfc2461) is: Reachable Time: 32-bit unsigned integer. The time, in milliseconds, that a node assumes a neighbor is reachable after having received a reachability confirmation. Used by the Neighbor Unreachability Detection algorithm. A value of zero means unspecified (by this router).
Syntax

ipv6 nd reachable-time {milliseconds} To restore the default time, use the no ipv6 nd reachable-time command.

Parameters

milliseconds

Enter the leachability time in milliseconds. Range: 0 to 3600000

Defaults Command Modes

3600000 milliseconds INTERFACE

ipv6 nd suppress-ra
e
Syntax

Suppress the IPv6 router advertisement transmissions on an interface. ipv6 nd suppress-ra To enable the sending of IPv6 router advertisement transmissions on an interface, use the no ipv6 nd suppress-ra command.

Defaults Command Modes

Enabled INTERFACE

ipv6 neighbor
e
Syntax

Configure a static entry in the IPv6 neighbor discovery. ipv6 neighbor {ipv6-address} {interface interface} {hardware_address} To remove a static IPv6 entry from the IPv6 neighbor discovery, use the no ipv6 neighbor {ipv6-address} {interface interface} command.

1050

Neighbor Discovery Protocol (NDP)

show ipv6 neighbors

Parameters

ipv6-address interface interface

Enter the IPv6 address of the neighbor in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zero Enter the keyword interface followed by the interface type and slot/ port or number information: For a Fast Ethernet interface, enter the keyword fastEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

hardware_address
Defaults Command Modes

Enter a 48-bit hardware MAC address in nn:nn:nn:nn:nn:nn format.

No default behavior or values CONFIGURATION

show ipv6 neighbors

e
Syntax

Display IPv6 discovery information. Entering the command without options shows all IPv6 neighbor addresses stored on the CP (control processor). show ipv6 neighbors [ipv6-address] [cpu {rp1 [ipv6-address] | rp2 [ipv6-address]}] [interface interface] ipv6-address cpu
Enter the IPv6 address of the neighbor in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zero Enter the keyword cpu followed by either rp1 or rp2 (Route Processor 1 or 2), optionally followed by an IPv6 address to display the IPv6 neighbor entries stored on the designated RP. For a Fast Ethernet interface, enter the keyword fastEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number from 1 to 255. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by the VLAN ID. The range is from 1 to 4094.

Parameters

interface interface

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1051

show ipv6 neighbors

Example

Figure 348 show ipv6 neighbors Command Example

Force10#show ipv6 neighbors IPv6 Address Expires(min) Hardware Address State Interface VLAN CPU -----------------------------------------------------------------------------fe80::201:e8ff:fe17:5bc6 1439 00:01:e8:17:5b:c6 STALE Gi 1/9 CP fe80::201:e8ff:fe17:5bc7 1439 00:01:e8:17:5b:c7 STALE Gi 1/10 CP fe80::201:e8ff:fe17:5bc8 1439 00:01:e8:17:5b:c8 STALE Gi 1/11 CP fe80::201:e8ff:fe17:5caf 0.3 00:01:e8:17:5c:af REACH Po 1 CP fe80::201:e8ff:fe17:5cb0 1439 00:01:e8:17:5c:b0 STALE Po 32 CP fe80::201:e8ff:fe17:5cb1 1439 00:01:e8:17:5c:b1 STALE Po 255 CP fe80::201:e8ff:fe17:5cae 1439 00:01:e8:17:5c:ae STALE Gi 1/3 Vl 100 CP fe80::201:e8ff:fe17:5cae 1439 00:01:e8:17:5c:ae STALE Gi 1/5 Vl 1000 CP fe80::201:e8ff:fe17:5cae 1439 00:01:e8:17:5c:ae STALE Gi 1/7 Vl 2000 CP Force10#

1052

Neighbor Discovery Protocol (NDP)

Chapter 37

Object Tracking

Object Tracking supports IPv4 and IPv6, and is available on platforms: c e s

Overview
Object tracking allows you to define objects of interest, monitor their state, and report to a client when a change in an objects state occurs. The following tracked objects are supported: Link status of Layer 2 interfaces Routing status of Layer 3 interfaces (IPv4 and IPv6) Reachability of IPv4 and IPv6 routes Metric thresholds of IPv4 and IPv6 routes

You can configure client applications, such VRRP, to receive a notification when the state of a tracked object changes. This chapter has the following sections: IPv4 Object Tracking Commands on page 1053 IPv6 Object Tracking Commands on page 1067

IPv4 Object Tracking Commands

The IPv4 VRRP commands are: debug track delay description show running-config track show track threshold metric track interface ip routing track interface line-protocol track ip route metric threshold track ip route reachability track resolution ip route

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1053

debug track

debug track
ces
Syntax Parameters

Enables debugging for tracked objects. debug track [all | notifications | object-id] all notifications object-id
Enables debugging on the state and notifications of all tracked objects. Enables debugging on the notifications of all tracked objects. Enables debugging on the state and notifications of the specified tracked object. Range: 1 to 65535.

Defaults Command Modes

Enable debugging on the state and notifications of all tracked objects (debug track all).

EXEC EXEC Privilege

Command History Example

Version 8.4.1.0

Introduced

Command Example: debug track

Force10#debug track all 04:35:04: %RPM0-P:RP2 %OTM-5-STATE: track 6 - Interface GigabitEthernet 0/2 line-protocol DOWN 04:35:04: %RPM0-P:RP2 %OTM-5-NOTIF: VRRP notification: resource ID 6 DOWN

1054

Object Tracking

delay

delay
ces
Syntax

Configure the time delay used before communicating a change in the status of a tracked object to clients. delay {[up seconds] [down seconds]} To return to the default setting, enter no delay.

Parameters

seconds

Enter the number of seconds the object tracker waits before sending a notification about the change in the UP and/or DOWN state of a tracked object to clients. Range: 0 to 180 Default: 0 seconds.

Defaults Command Modes Command History Related Commands

0 seconds OBJECT TRACKING (conf_track_object-id)

Version 8.4.1.0 Introduced

track interface ip routing track interface line-protocol track ip route metric threshold track ip route reachability

Configure object tracking on the routing status of an IPv4 Layer 3 interface. Configure object tracking on the line-protocol state of a Layer 2 interface. Configure object tracking on the threshold of an IPv4 route metric. Configure object tracking on the reachability of an IPv4 route.

Usage Information

You can configure an UP and/or DOWN timer for each tracked object to set the time delay before a change in the state of a tracked object is communicated to clients. The configured time delay starts when the state changes from UP to DOWN or vice-versa. If the state of an object changes back to its former UP/DOWN state before the timer expires, the timer is cancelled and the client is not notified. For example, if the DOWN timer is running when an interface goes down and comes back up, the DOWN timer is cancelled and the client is not notified of the event. If the timer expires and an objects state has changed, a notification is sent to the client. If no delay is configured, a notification is sent immediately as soon as a change in the state of a tracked object is detected. The time delay in communicating a state change is specified in seconds.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1055

description

description
ces
Syntax

Enter a description of a tracked object. description {text } To remove the description, enter the no description {text} command.

Parameters

text

Enter a description to identify a tracked object (80 characters maximum).

Defaults Command Modes Command History Related Commands

No default behavior or values OBJECT TRACKING (conf_track_object-id)

Version 8.4.1.0 Introduced

track interface ip routing track interface line-protocol track ip route metric threshold track ip route reachability

1056

Object Tracking

show running-config track

ces
Syntax Parameters

Display the current configuration of tracked objects. show running-config track [object-id] object-id
(OPTIONAL) Display information on the specified tracked object. Range: 1 to 65535.

Command Modes Command History Related Commands

EXEC Privilege
Version 8.4.1.0 Introduced

show track track interface ip routing track interface line-protocol track ip route metric threshold track ip route reachability

Display information about tracked objects, including configuration, current state, and clients which track the object. Configure object tracking on the routing status of an IPv4 Layer 3 interface. Configure object tracking on the line-protocol state of a Layer 2 interface. Configure object tracking on the threshold of an IPv4 route metric. Configure object tracking on the reachability of an IPv4 route.

Example

Command Example: show running-config track

Force10#show running-config track track 1 ip route 23.0.0.0/8 reachability track 2 ipv6 route 2040::/64 metric threshold delay down 3 delay up 5 threshold metric up 200 track 3 ipv6 route 2050::/64 reachability track 4 interface GigabitEthernet 13/4 ip routing track 5 ip route 192.168.0.0/24 reachability vrf red track resolution ip route isis 20 track resolution ip route ospf 10

Command Example: show running-config track object-id

Force10#show running-config track 300 track 300 ip route 10.0.0.0/8 metric threshold delay down 3 delay up 5 threshold metric up 100

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1057

show track

show track
ces
Syntax

Display information about tracked objects, including configuration, current tracked state (UP or DOWN), and the clients which are tracking an object. show track [object-id [brief] | interface [brief] [vrf vrf-name] | ip route [brief] [vrf vrf-name] | resolution | vrf vrf-name [brief] | brief] object-id interface ip route resolution brief vrf vrf-name
(OPTIONAL) Display information on the specified tracked object. Range: 1 to 65535. (OPTIONAL) Display information on all tracked interfaces (Layer 2 and IPv4 Layer 3). (OPTIONAL) Display information on all tracked IPv4 routes. (OPTIONAL) Display information on the configured resolution values used to scale protocol-specific route metrics to the range 0 to 255. (OPTIONAL) Display a single line summary of the tracking information for a specified object, object type, or all tracked objects. (OPTIONAL) E-Series only: Display information on only the tracked objects that are members of the specified VRF instance. Maximum: 32 characters. If you do not enter a VRF name, information on the tracked objects from all VRFs is displayed.

Parameters

Command Modes Command History Related Commands

EXEC Privilege
Version 8.4.1.0 Introduced

show running-config track track interface ip routing track interface line-protocol track ip route metric threshold track ip route reachability

Display configuration information about tracked objects. Configure object tracking on the routing status of an IPv4 Layer 3 interface. Configure object tracking on the line-protocol state of a Layer 2 interface. Configure object tracking on the threshold of an IPv4 route metric. Configure object tracking on the reachability of an IPv4 route.

1058

Object Tracking

show track Figure 349 Command Example: show track

Force10#show track Track 1 IP route 23.0.0.0/8 reachability Reachability is Down (route not in route table) 2 changes, last change 00:16:08 Tracked by: Track 2 IPv6 route 2040::/64 metric threshold Metric threshold is Up (STATIC/0/0) 5 changes, last change 00:02:16 Metric threshold down 255 up 254 First-hop interface is GigabitEthernet 13/2 Tracked by: VRRP GigabitEthernet 7/30 IPv6 VRID 1 Track 3 IPv6 route 2050::/64 reachability Reachability is Up (STATIC) 5 changes, last change 00:02:16 First-hop interface is GigabitEthernet 13/2 Tracked by: VRRP GigabitEthernet 7/30 IPv6 VRID 1

Example

Table 91 Command Example Description: show track show track Output

Track object-id Interface type slot/port IP route ip-address IPv6 route ipv6-address object is Up/Down number changes, last change time First hop interface Tracked by

Description
Displays the number of the tracked object. Displays the interface type and slot/port number or address of the IPv4/IPv6 route that is being tracked. Up/Down state of tracked object; for example, IPv4 interface, reachability or metric threshold of an IP route. Number of times that the state of the tracked object has changed and the time since the last change in hours:minutes:seconds Displays the type and slot/port number of the first-hop interface of the tracked route. Client that is tracking an objects state; for example, VRRP.

Figure 350 Command Example: show track brief

Force10>show track brief ResId 1 2 3 Resource IP route reachability Interface line-protocol Interface ip routing Parameter 10.16.0.0/16 Ethernet0/2 VLAN100 State Up Down Up LastChange 00:01:08 00:05:00 01:10:05

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1059

threshold metric

Table 92 Command Example Description: show track brief show track Output
ResID Resource Parameter State Last Change

Description
Number of the tracked object Type of tracked object Detailed description of the tracked object Up or Down state of the tracked object Time since the last change in the state of the tracked object

threshold metric
ces
Syntax

Configure the metric threshold used to determine the UP and/or DOWN state of a tracked IPv4 or IPv6 route. threshold metric {up number | down number} To return to the default setting, enter no threshold metric {up number | down number}.

Parameters

object-id up number

Enter the ID number of the tracked object. Range: 1 to 65535. Enter a number for the UP threshold to be applied to the scaled metric of an IPv4 or IPv6 route. Default UP threshold: 254. The routing state is UP if the scaled route metric is less than or equal to the UP threshold. Enter a number for the DOWN threshold to be applied to the scaled metric of an IPv4 or IPv6 route Default DOWN threshold: 255. The routing state is DOWN if the scaled route metric is greater than or equal to the DOWN threshold.

down number

Defaults Command Modes Command History Related Commands

None OBJECT TRACKING (conf_track_object-id)

Version 8.4.1.0 Introduced

track ip route metric threshold track resolution ip route

Configure object tracking on the threshold of an IPv4 route metric. Configure the protocol-specific resolution value used to scale an IPv4 route metric.

Usage Information

Use this command to configure the UP and/or DOWN threshold for the scaled metric of a tracked IPv4 or IPv6 route.

1060

Object Tracking

track

The UP/DOWN state of a tracked route is determined by the threshold for the current value of the route metric in the routing table. To provide a common tracking interface for different clients, route metrics are scaled in the range 0 to 255, where 0 is connected and 255 is inaccessible. The scaled metric value communicated to a client always considers a lower value to have priority over a higher value. The resulting scaled value is compared against the configured threshold values to determine the state of a tracked route as follows: If the scaled metric for a route entry is less than or equal to the UP threshold, the state of a route is UP. If the scaled metric for a route is greater than or equal to the DOWN threshold or the route is not entered in the routing table, the state of a route is DOWN.

You configure the UP and DOWN thresholds for each tracked route with the threshold metric command. The default UP threshold is 254; the default DOWN threshold is 255. The notification of a change in the state of a tracked object is sent when a metric value crosses a configured threshold. The tracking process uses a protocol-specific resolution value to convert the actual metric in the routing table to a scaled metric in the range 0 to 255. You can configure the resolution value used to scale route metrics for supported protocols with the track resolution ip route and track resolution ipv6 route commands.

track
ces
Syntax Parameters

Enter Object Tracking command mode to modify the configuration of a tracked object. track object-id object-id None CONFIGURATION
Version 8.4.1.0 Introduced Enter the ID number of the tracked object. Range: 1 to 65535.

Defaults Command Modes Command History Related Commands Usage Information

show track

Display information about tracked objects, including configuration, current state, and clients which track the object.

Use this command to enter the Object Tracking mode to edit an existing configuration of a tracked object. For example, after you enter the track object-id command, you can modify or add a delay timer (delay command) or a metric threshold (threshold metric command) for the UP or DOWN state of the tracked object.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1061

track ip route metric threshold

ces
Syntax

Configure object tracking on the threshold of an IPv4 route metric. track object-id ip route ip-address/prefix-len metric threshold [vrf vrf-name] To return to the default setting, enter no track object-id.

Parameters

object-id ip-address/ prefix-len vrf vrf-name

Enter the ID number of the tracked object. Range: 1 to 65535. Enter an IPv4 address in dotted decimal format. Valid IPv4 prefix lengths are from /0 to /32. (Optional) E-Series only: You can configure a VPN routing and forwarding (VRF) instance to specify the virtual routing table to which the tracked route belongs.

Defaults Command Modes Command History Related Commands

None CONFIGURATION
Version 8.4.1.0 Introduced

show track threshold metric track resolution ip route

Display information about tracked objects, including configuration, current state, and clients which track the object. Configure the metric threshold used to determine the UP and/or DOWN state of a tracked route. Configure the protocol-specific resolution value used to scale an IPv4 route metric.

Usage Information

Use this command to create an object that tracks the UP and/or DOWN threshold of an IPv4 route metric. In order for a routes metric to be tracked, the route must appear as an entry in the routing table. A tracked IPv4 route is considered to match an entry in the routing table only if the exact IPv4 address and prefix length match a table entry. For example, when configured as a tracked route, 10.0.0.0/24 does not match the routing table entry 10.0.0.0/8. If no route-table entry has the exact IPv4 address and prefix length, the status of the tracked route is considered to be DOWN. When you configure the threshold of an IPv4 route metric as a tracked object, the UP/DOWN state of the tracked route is also determined by the current metric for the route in the routing table. To provide a common tracking interface for different clients, route metrics are scaled in the range 0 to 255, where 0 is connected and 255 is inaccessible. The scaled metric value communicated to a client always considers a lower value to have priority over a higher value. The resulting scaled value is compared against the configured threshold values to determine the state of a tracked route as follows: If the scaled metric for a route entry is less than or equal to the UP threshold, the state of a route is UP.

1062

Object Tracking

track ip route reachability

If the scaled metric for a route is greater than or equal to the DOWN threshold or the route is not entered in the routing table, the state of a route is DOWN.

You configure the UP and DOWN thresholds for each tracked route by using the threshold metric command. The default UP threshold is 254; the default DOWN threshold is 255. The notification of a change in the state of a tracked object is sent when a metric value crosses a configured threshold.

track ip route reachability

ces
Syntax

Configure object tracking on the reachability of an IPv4 route. track object-id ip route ip-address/prefix-len reachability [vrf vrf-name] To return to the default setting, enter no track object-id.

Parameters

object-id ip-address/ prefix-len vrf vrf-name

Defaults Command Modes Command History Related Commands

None CONFIGURATION
Version 8.4.1.0 Introduced

show track track ip route metric threshold

Display information about tracked objects, including configuration, current state, and clients which track the object. Configure object tracking on the threshold of an IPv4 route metric.

Usage Information

Use this command to create an object that tracks the reachability of an IPv4 route. In order for a routes reachability to be tracked, the route must appear as an entry in the routing table. A tracked IPv4 route is considered to match an entry in the routing table only if the exact IPv4 address and prefix length match a table entry. For example, when configured as a tracked route, 10.0.0.0/24 does not match the routing table entry 10.0.0.0/8. If no route-table entry has the exact IPv4 address and prefix length, the status of the tracked route is considered to be DOWN. When you configure IPv4 route reachability as a tracked object, the UP/DOWN state of the tracked route is also determined by the entry of the next-hop address in the ARP cache. A tracked route is considered to be reachable if there is an ARP cache entry for the route's next-hop address. If the next-hop address in the ARP cache ages out for a route tracked for its reachability, an attempt is made to regenerate the ARP cache entry to see if the next-hop address appears before considering the route DOWN.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1063

track interface ip routing

ces
Syntax

Configure object tracking on the routing status of an IPv4 Layer 3 interface. track object-id interface interface ip routing To return to the default setting, enter no track object-id.

Parameters

object-id interface

Enter the ID number of the tracked object. Range: 1 to 65535. Enter one of the following values: For a 1-Gigabit Ethernet interface, enter gigabitethernet slot-number/ port-number. For a Loopback interface, enter loopback number, where number is from 0 to 16383. For a Port Channel interface, enter port-channel number, where the valid values are: C-Series and S-Series: 1 to 128 E-Series: 1 to 32 for EtherScale; 1 to 255 for TeraScale; 1 to 512 for ExaScale. For SONET interfaces, enter the sonet slot-number/port-number. For a 10-Gigabit Ethernet interface, enter tengigabitethernet slot-number/ port-number For a VLAN interface, enter vlan number, where number is from 1 to 4094.

Defaults Command Modes Command History Related Commands

None CONFIGURATION
Version 8.4.1.0 Introduced

show track track interface line-protocol

Display information about tracked objects, including configuration, current state, and clients which track the object. Configure object tracking on the line-protocol state of a Layer 2 interface.

Usage Information

Use this command to create an object that tracks the routing state of an IPv4 Layer 2 interface: The status of the IPv4 interface is UP only if the Layer 2 status of the interface is UP and the interface has a valid IP address. The Layer 3 status of an IPv4 interface goes DOWN when its Layer 2 status goes down (for a Layer 3 VLAN, all VLAN ports must be down) or the IP address is removed from the routing table.

1064

Object Tracking

track interface line-protocol

ces
Syntax

Configure object tracking on the line-protocol state of a Layer 2 interface. track object-id interface interface line-protocol To return to the default setting, enter no track object-id.

Parameters

object-id interface

Defaults Command Modes Command History Related Commands

None CONFIGURATION
Version 8.4.1.0 Introduced

show track track interface ip routing

Display information about tracked objects, including configuration, current state, and clients which track the object. Configure object tracking on the routing status of an IPv4 Layer 3 interface.

Usage Information

Use this command to create an object that tracks the line-protocol state of a Layer 2 interface by monitoring its operational status (UP or DOWN). When the link-level status goes down, the tracked object status is considered to be DOWN; if the link-level status is up, the tracked object status is considered to be UP.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1065

track resolution ip route

ces
Syntax

Configure the protocol-specific resolution value used to scale an IPv4 route metric. track resolution ip route {isis resolution-value | ospf resolution-value} To return to the default setting, enter no track object-id.

Parameters

object-id isis resolution-value ospf resolution-value

Enter the ID number of the tracked object. Range: 1 to 65535. Enter the resolution used to convert the metric in the routing table for ISIS routes to a scaled metric. Enter the resolution used to convert the metric in the routing table for OSPF routes to a scaled metric.

Defaults Command Modes Command History Related Commands

None CONFIGURATION
Version 8.4.1.0 Introduced

threshold metric track ip route metric threshold

Configure the metric threshold used to determine the UP and/or DOWN state of a tracked route. Configure object tracking on the threshold of an IPv4 route metric.

Usage Information

Use this command to configure the protocol-specific resolution value that converts the actual metric of an IPv4 route in the routing table to a scaled metric in the range 0 to 255. The UP/DOWN state of a tracked IPv4 route is determined by a user-configurable threshold (threshold metric command) for the routes metric in the routing table. To provide a common tracking interface for different clients, route metrics are scaled in the range 0 to 255, where 0 is connected and 255 is inaccessible. The protocol-specific resolution value calculates the scaled metric by dividing a route's cost by the resolution value set for the route protocol: For ISIS, you can set the resolution in the range 1 to 1000, where the default is 10. For OSPF, you can set the resolution in the range 1 to 1592, where the default is 1. The resolution value used to map static routes is not configurable. By default, FTOS assigns a metric of 0 to static routes. The resolution value used to map RIP routes is not configurable. The RIP hop-count is automatically multiplied by 16 to scale it. For example, a RIP metric of 16 (unreachable) scales to 256, which considers the route to be DOWN.

1066

Object Tracking

show track ipv6 route

IPv6 Object Tracking Commands

The IPv6 object tracking commands are: show track ipv6 route track interface ipv6 routing track ipv6 route metric threshold track ipv6 route reachability track resolution ipv6 route

The following object tracking commands apply to IPv4 and IPv6: debug track delay description show running-config track threshold metric track interface line-protocol

show track ipv6 route

ces
Syntax Parameters

Display information about all tracked IPv6 routes, including configuration, current tracked state (UP or DOWN), and the clients which are tracking an object. show track ipv6 route [brief] brief
(OPTIONAL) Display a single line summary of information for tracked IPv6 routes.

Command Modes

EXEC EXEC Privilege

Command History Related Commands

Version 8.4.1.0

Introduced

show running-config track show track track interface ipv6 routing track ipv6 route metric threshold track ipv6 route reachability

Display configuration information about tracked objects. Display information about tracked objects, including configuration, current state, and clients which track the object. Configure object tracking on the routing status of an IPv6 Layer 3 interface. Configure object tracking on the threshold of an IPv6 route metric. Configure object tracking on the reachability of an IPv6 route.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1067

show track ipv6 route Figure 351 Command Example: show track ipv6 route
Force10#show track ipv6 route Track 2 IPv6 route 2040::/64 metric threshold Metric threshold is Up (STATIC/0/0) 5 changes, last change 00:02:30 Metric threshold down 255 up 254 First-hop interface is GigabitEthernet 13/2 Tracked by: VRRP GigabitEthernet 7/30 IPv6 VRID 1 Track 3 IPv6 route 2050::/64 reachability Reachability is Up (STATIC) 5 changes, last change 00:02:30 First-hop interface is GigabitEthernet 13/2 Tracked by: VRRP GigabitEthernet 7/30 IPv6 VRID 1

Example

Table 93 Command Example Description: show track ipv6 route show track ipv6 route Output
Track object-id Interface type slot/port IP route ip-address IPv6 route ipv6-address object is Up/Down number changes, last change time First hop interface Tracked by

Figure 352 Command Example: show track ipv6 route brief

Force10#show track ipv6 route brief ResId 2 3 Resource Parameter IPv6 route metric threshold 2040::/64 IPv6 route reachability 2050::/64 State Up Up LastChange 00:02:36 00:02:36

Table 94 Command Example Description: show track ipv6 route brief show track ipv6 route brief Output
ResID Resource Parameter State Last Change

1068

Object Tracking

track interface ipv6 routing

ces
Syntax

Configure object tracking on the routing status of an IPv6 Layer 3 interface. track object-id interface interface ipv6 routing To return to the default setting, enter no track object-id.

Parameters

object-id interface

Defaults Command Modes Command History Related Commands

None CONFIGURATION
Version 8.4.1.0 Introduced

show track ipv6 route track interface ip routing

Display information about tracked IPv6 routes, including configuration, current state, and clients which track the route. Configure object tracking on the routing status of an IPv4 Layer 3 interface.

Usage Information

Use this command to create an object that tracks the routing state of an IPv6 Layer 3 interface: The status of the IPv6 interface is UP only if the Layer 2 status of the interface is UP and the interface has a valid IP address. The Layer 3 status of an IPv6 interface goes DOWN when its Layer 2 status goes down (for a Layer 3 VLAN, all VLAN ports must be down) or the IP address is removed from the routing table.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1069

track ipv6 route metric threshold

ces
Syntax

Configure object tracking on the threshold of an IPv4 route metric. track object-id ipv6 route ipv6-address/prefix-len metric threshold To return to the default setting, enter no track object-id.

Parameters

object-id ipv6-address/ prefix-len

Enter the ID number of the tracked object. Range: 1 to 65535. Enter an IPv6 address in X:X:X:X::X format. Valid IPv6 prefix lengths are from /0 to /128.

Defaults Command Modes Command History Related Commands

None CONFIGURATION
Version 8.4.1.0 Introduced

show track ipv6 route threshold metric track resolution ipv6 route

Display information about tracked IPv6 routes, including configuration, current state, and clients which track the route. Configure the metric threshold used to determine the UP and/or DOWN state of a tracked route. Configure the protocol-specific resolution value used to scale an IPv6 route metric.

Usage Information

Use this command to create an object that tracks the UP and/or DOWN threshold of an IPv6 route metric. In order for a routes metric to be tracked, the route must appear as an entry in the routing table. A tracked IPv6 route is considered to match an entry in the routing table only if the exact IPv6 address and prefix length match a table entry. For example, when configured as a tracked route, 3333:100:200:300:400::/80 does not match routing table entry 3333:100:200:300::/64. If no route-table entry has the exact IPv6 address and prefix length, the status of the tracked route is considered to be DOWN. When you configure the threshold of an IPv6 route metric as a tracked object, the UP/DOWN state of the tracked route is also determined by the current metric for the route in the routing table. To provide a common tracking interface for different clients, route metrics are scaled in the range 0 to 255, where 0 is connected and 255 is inaccessible. The scaled metric value communicated to a client always considers a lower value to have priority over a higher value. The resulting scaled value is compared against the configured threshold values to determine the state of a tracked route as follows: If the scaled metric for a route entry is less than or equal to the UP threshold, the state of a route is UP. If the scaled metric for a route is greater than or equal to the DOWN threshold or the route is not entered in the routing table, the state of a route is DOWN.

1070

Object Tracking

track ipv6 route reachability

You configure the UP and DOWN thresholds for each tracked IPv6 route by using the threshold metric command. The default UP threshold is 254; the default DOWN threshold is 255. The notification of a change in the state of a tracked object is sent when a metric value crosses a configured threshold.

track ipv6 route reachability

ces
Syntax

Configure object tracking on the reachability of an IPv6 route. track object-id ipv6 route ip-address/prefix-len reachability To return to the default setting, enter no track object-id.

Parameters

object-id ipv6-address/ prefix-len

Enter the ID number of the tracked object. Range: 1 to 65535. Enter an IPv6 address in X:X:X:X::X format. Valid IPv6 prefix lengths are from /0 to /128.

Defaults Command Modes Command History Related Commands

None CONFIGURATION
Version 8.4.1.0 Introduced

show track ipv6 route track ip route reachability

Display information about tracked IPv6 routes, including configuration, current state, and clients which track the route. Configure object tracking on the reachability of an IPv4 route.

Usage Information

Use this command to create an object that tracks the reachability of an IPv6 route. In order for a routes reachability to be tracked, the route must appear as an entry in the routing table. A tracked route is considered to match an entry in the routing table only if the exact IPv6 address and prefix length match a table entry. For example, when configured as a tracked route, 3333:100:200:300:400::/80 does not match routing table entry 3333:100:200:300::/64. If no route-table entry has the exact IPv6 address and prefix length, the tracked route is considered to be DOWN. When you configure IPv6 route reachability as a tracked object, the UP/DOWN state of the tracked route is also determined by the entry of the next-hop address in the ARP cache. A tracked route is considered to be reachable if there is an ARP cache entry for the route's next-hop address. If the next-hop address in the ARP cache ages out for a route tracked for its reachability, an attempt is made to regenerate the ARP cache entry to see if the next-hop address appears before considering the route DOWN.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1071

track resolution ipv6 route

ces
Syntax

Configure the protocol-specific resolution value used to scale an IPv6 route metric. track resolution ipv6 route {isis resolution-value | ospf resolution-value} To return to the default setting, enter no track object-id.

Parameters

object-id isis resolution-value ospf resolution-value

Defaults Command Modes Command History Related Commands

None CONFIGURATION
Version 8.4.1.0 Introduced

threshold metric track ipv6 route metric threshold

Configure the metric threshold used to determine the UP and/or DOWN state of a tracked route. Configure object tracking on the threshold of an IPv6 route metric.

Usage Information

Use this command to configure the protocol-specific resolution value that converts the actual metric of an IPv6 route in the routing table to a scaled metric in the range 0 to 255. The UP/DOWN state of a tracked IPv6 route is determined by the user-configurable threshold (threshold metric command) for a routes metric in the routing table. To provide a common tracking interface for different clients, route metrics are scaled in the range 0 to 255, where 0 is connected and 255 is inaccessible. The protocol-specific resolution value calculates the scaled metric by dividing a route's cost by the resolution value set for the route protocol: For ISIS, you can set the resolution in the range 1 to 1000, where the default is 10. For OSPF, you can set the resolution in the range 1 to 1592, where the default is 1. The resolution value used to map static routes is not configurable. By default, FTOS assigns a metric of 0 to static routes. The resolution value used to map RIP routes is not configurable. The RIP hop-count is automatically multiplied by 16 to scale it. For example, a RIP metric of 16 (unreachable) scales to 256, which considers the route to be DOWN.

1072

Object Tracking

Chapter 38

Open Shortest Path First (OSPFv2 and OSPFv3)

Overview
Open Shortest Path First version 2 for IPv4 is supported on platforms c e s Open Shortest Path First version 3 (OSPFv3) for IPv6 is supported on platforms c e

Note: The C-Series supports OSPFv3 with FTOS version 7.8.1.0 and later.

OSPF is an Interior Gateway Protocol (IGP), which means that it distributes routing information between routers in a single Autonomous System (AS). OSPF is also a link-state protocol in which all routers contain forwarding tables derived from information about their links to their neighbors. The fundamental mechanisms of OSPF (flooding, DR election, area support, SPF calculations, etc.) are the same for OSPFv2 and OSPFv3. OSPFv3 runs on a per-link basis instead of on a per-IP-subnet basis. This chapter is divided into 2 sections. There is no overlap between the two sets of commands. You cannot use an OSPFv2 command in the IPv6 OSPFv3 mode. OSPFv2 Commands OSPFv3 Commands

Note: FTOS version 7.8.1.0 introduces Multi-Process OSPF on IPv4 (OSPFv2) only. It
is not supported on OSPFv3 (IPv6). Note that the CLI now requires that the Process ID be included when entering the ROUTER-OSPF mode. Each command entered applies to the specified OSPFv2 process only.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1073

OSPFv2 Commands
The Force10 Networks implementation of OSPFv2 is based on IETF RFC 2328. The following commands enable you to configure and enable OSPFv2. area default-cost area nssa area range area stub area virtual-link auto-cost clear ip ospf clear ip ospf statistics debug ip ospf default-information originate default-metric description distance distance ospf distribute-list in distribute-list out enable inverse mask fast-convergence flood-2328 graceful-restart grace-period graceful-restart helper-reject graceful-restart mode graceful-restart role ip ospf auth-change-wait-time ip ospf authentication-key ip ospf cost ip ospf dead-interval ip ospf hello-interval ip ospf message-digest-key ip ospf mtu-ignore ip ospf network ip ospf priority ip ospf retransmit-interval ip ospf transmit-delay log-adjacency-changes maximum-paths mib-binding network area passive-interface redistribute redistribute bgp

1074

Open Shortest Path First (OSPFv2 and OSPFv3)

area default-cost

redistribute isis router-id router ospf show config show ip ospf show ip ospf asbr show ip ospf database show ip ospf database asbr-summary show ip ospf database external show ip ospf database network show ip ospf database nssa-external show ip ospf database opaque-area show ip ospf database opaque-as show ip ospf database opaque-link show ip ospf database router show ip ospf database summary show ip ospf interface show ip ospf neighbor show ip ospf routes show ip ospf statistics show ip ospf topology show ip ospf virtual-links summary-address timers spf

area default-cost
ces
Syntax

Set the metric for the summary default route generated by the area border router (ABR) into the stub area. Use this command on the border routers at the edge of a stub area. area area-id default-cost cost To return default values, use the no area area-id default-cost command.

Parameters

area-id cost

Specify the OSPF area in dotted decimal format (A.B.C.D.) or enter a number from zero (0) to 65535. Specifies the stub areas advertised external route metric. Range: zero (0) to 65535.

Defaults Command Modes Command History

cost = 1; no areas are configured. ROUTER OSPF

Version 7.8.1.0 Version 7.6.1.0 Introduced support for Multi-Process OSPF. Introduced on S-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1075

area nssa

Version 7.5.1.0 pre-Version 6.1.1.1 Usage Information Related Commands

Introduced on C-Series Introduced on E-Series

In FTOS, cost is defined as reference bandwidth/bandwidth.

area stub

Create a stub area.

area nssa
ces
Syntax

Specify an area as a Not So Stubby Area (NSSA). area area-id nssa [default-information-originate] [no-redistribution] [no-summary] To delete an NSSA, enter no area area-id nssa.

Parameters

area-id no-redistribution

Specify the OSPF area in dotted decimal format (A.B.C.D) or enter a number from 0 and 65535. (OPTIONAL) Specify that the redistribute command should not distribute routes into the NSSA. You should only use this command in a NSSA Area Border Router (ABR). (OPTIONAL) Allows external routing information to be imported into the NSSA by using Type 7 default. (OPTIONAL) Specify that no summary LSAs should be sent into the NSSA.

default-informationoriginate no-summary

Defaults Command Mode Command History

Not configured ROUTER OSPF

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced support for Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

area range
ces
Syntax

Summarize routes matching an address/mask at an area border router (ABR). area area-id range ip-address mask [not-advertise] To disable route summarization, use the no area area-id range ip-address mask command.

1076

Open Shortest Path First (OSPFv2 and OSPFv3)

area stub

Parameters

area-id ip-address mask not-advertise

Specify the OSPF area in dotted decimal format (A.B.C.D.) or enter a number from zero (0) to 65535. Specify an IP address in dotted decimal format. Specify a mask for the destination prefix. Enter the full mask (for example, 255.255.255.0). (OPTIONAL) Enter the keyword not-advertise to set the status to DoNotAdvertise (that is, the Type 3 summary-LSA is suppressed and the component networks remain hidden from other areas.)

Defaults Command Modes Command History

No range is configured. ROUTER OSPF

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced support for Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information Related Commands

Only the routes within an area are summarized, and that summary is advertised to other areas by the ABR. External routes are not summarized.
area stub router ospf Create a stub area. Enter the ROUTER OSPF mode to configure an OSPF instance.

area stub
ces
Syntax

Configure a stub area, which is an area not connected to other areas. area area-id stub [no-summary] To delete a stub area, enter no area area-id stub.

Parameters

area-id no-summary

Specify the stub area in dotted decimal format (A.B.C.D.) or enter a number from zero (0) to 65535. (OPTIONAL) Enter the keyword no-summary to prevent the ABR from sending summary Link State Advertisements (LSAs) into the stub area.

Defaults Command Modes Command History

Disabled ROUTER OSPF

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced support for Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1077

area virtual-link

Usage Information Related Commands

Use this command to configure all routers and access servers within a stub.

router ospf

Enter the ROUTER OSPF mode to configure an OSPF instance.

area virtual-link
ces
Syntax

Set a virtual link and its parameters. area area-id virtual-link router-id [[authentication-key [encryption-type] key] | [message-digest-key keyid md5 [encryption-type] key]] [dead-interval seconds] [hello-interval seconds] [retransmit-interval seconds] [transmit-delay seconds] To delete a virtual link, use the no area area-id virtual-link router-id command. To delete a parameter of a virtual link, use the no area area-id virtual-link router-id [[authentication-key [encryption-type] key] | [message-digest-key keyid md5 [encryption-type] key]] [dead-interval seconds] [hello-interval seconds] [retransmit-interval seconds] [transmit-delay seconds] command syntax.

Parameters

area-id router-id authentication-key [encryption-type] key | message-digest-key keyid md5 [encryption-type] key

Specify the transit area for the virtual link in dotted decimal format (A.B.C.D.) or enter a number from zero (0) to 65535. Specify an ID (IP address in dotted decimal format) associated with a virtual link neighbor. (OPTIONAL) Choose between two authentication methods: Enter the keyword authentication-key to enable simple authentication followed by an alphanumeric string up to 8 characters long. Optionally, for the encryption-type variable, enter the number 7 before entering the key string to indicate that an encrypted password will follow. Enter the keyword message-digest-key followed by a number from 1 to 255 as the keyid. After the keyid, enter the keyword md5 followed by the key. The key is an alphanumeric string up to 16 characters long. Optionally, for the encryption-type variable, enter the number 7 before entering the key string to indicate that an encrypted password will follow.

dead-interval seconds

(OPTIONAL) Enter the keyword dead-interval followed by a number as the number of seconds for the interval. Range: 1 to 8192. Default: 40 seconds. (OPTIONAL) Enter the keyword hello-interval followed by the number of seconds for the interval. Range: 1 to 8192. Default: 10 seconds.

hello-interval seconds

1078

Open Shortest Path First (OSPFv2 and OSPFv3)

auto-cost

retransmit-interval seconds

(OPTIONAL) Enter the keyword retransmit-interval followed by the number of seconds for the interval. Range: 1 to 8192. Default: 5 seconds. (OPTIONAL) Enter the keyword transmit-delay followed by the number of seconds for the interval. Range: 1 to 8192. Default: 1 second.

transmit-delay seconds

Defaults

dead-interval seconds = 40 seconds; hello-interval seconds = 10 seconds; retransmit-interval seconds = 5 seconds; transmit-delay seconds = 1 second ROUTER OSPF
Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced support for Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Command Modes Command History

Usage Information

All OSPF areas must be connected to a backbone area (usually Area 0). Virtual links connect broken or discontiguous areas. You cannot enable both authentication options. Choose either the authentication-key or message-digest-key option.

auto-cost
ces
Syntax

Specify how the OSPF interface cost is calculated based on the reference bandwidth method. auto-cost [reference-bandwidth ref-bw] To return to the default bandwidth or to assign cost based on the interface type, use the no auto-cost [reference-bandwidth] command.

Parameters

ref-bw

(OPTIONAL) Specify a reference bandwidth in megabits per second. Range: 1 to 4294967 Default: 100 megabits per second.

Defaults Command Modes Command History

100 megabits per second. ROUTER OSPF

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced support for Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1079

clear ip ospf

clear ip ospf
ces
Syntax Parameters

Clear all OSPF routing tables. clear ip ospf process-id [process] process-id process
Enter the OSPF Process ID to clear a specific process. If no Process ID is entered, all OSPF processes are cleared. (OPTIONAL) Enter the keyword process to reset the OSPF process.

Command Modes Command History

EXEC Privilege
Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced support for Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

clear ip ospf statistics

ces
Syntax Parameters

Clear the packet statistics in interfaces and neighbors. clear ip ospf process-id statistics [interface name {neighbor router-id}] process-id interface name
Enter the OSPF Process ID to clear statistics for a specific process. If no Process ID is entered, all OSPF processes are cleared. (OPTIONAL) Enter the keyword interface followed by one of the following interface keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

neighbor router-id

(OPTIONAL) Enter the keyword neighbor followed by the neighbors router-id in dotted decimal format (A.B.C.D.).

Defaults Command Modes

No defaults values or behavior EXEC Privilege

1080

Open Shortest Path First (OSPFv2 and OSPFv3)

debug ip ospf

Command History

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0

Introduced support for Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series Display the OSPF statistics

Related Commands

show ip ospf statistics

debug ip ospf
ces
Syntax

Display debug information on OSPF. Entering debug ip ospf enables OSPF debugging for the first OSPF process,. debug ip ospf process-id [bfd |event | packet | spf] To cancel the debug command, enter no debug ip ospf.

Parameters

process-id bfd event packet spf

Enter the OSPF Process ID to debug a specific process. If no Process ID is entered, command applies only to the first OSPF process. (OPTIONAL) Enter the keyword bfd to debug only OSPF BFD information. (OPTIONAL) Enter the keyword event to debug only OSPF event information. (OPTIONAL) Enter the keyword packet to debug only OSPF packet information. (OPTIONAL) Enter the keyword spf to display the Shortest Path First information.

Command Modes Command History

EXEC Privilege
Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced support for Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1081

debug ip ospf Figure 353 Command example: debug ip ospf process-id packet
Force10#debug ip ospf 1 packet OSPF process 90, packet debugging is on Force10# 08:14:24 : OSPF(100:00): Xmt. v:2 t:1(HELLO) l:44 rid:192.1.1.1 aid:0.0.0.1 chk:0xa098 aut:0 auk: keyid:0 to:Gi 4/3 dst:224.0.0.5 netmask:255.255.255.0 pri:1 N-, MC-, E+, T-, hi:10 di:40 dr:90.1.1.1 bdr:0.0.0.0

Example

Table 95 Output Descriptions for debug ip ospf process-id packet Field

8:14 OSPF v: t:

Description
Displays the time stamp. Displays the OSPF process ID: instance ID. Displays the OSPF version. FTOS supports version 2 only. Displays the type of packet sent: 1 - Hello packet 2 - database description 3 - link state request 4 - link state update 5 - link state acknowledgement

l: rid: aid: chk: aut:

Displays the packet length. Displays the OSPF router ID. Displays the Autonomous System ID. Displays the OSPF checksum. States if OSPF authentication is configured. One of the following is listed: 0 - no authentication configured 1 - simple authentication configured using the ip ospf authentication-key command) 2 - MD5 authentication configured using the ip ospf message-digest-key command.

auk: keyid: to: dst: netmask: pri:

If the ip ospf authentication-key command is configured, this field displays the key used. If the ip ospf message-digest-key command is configured, this field displays the MD5 key Displays the interface to which the packet is intended. Displays the destination IP address. Displays the destination IP address mask. Displays the OSPF priority

1082

Open Shortest Path First (OSPFv2 and OSPFv3)

default-information originate Table 95 Output Descriptions for debug ip ospf process-id packet Field
N, MC, E, T

Description
Displays information available in the Options field of the HELLO packet: N + (N-bit is set) N - (N-bit is not set) MC+ (bit used by MOSPF is set and router is able to forward IP multicast packets) MC- (bit used by MOSPF is not set and router cannot forward IP multicast packets) E + (router is able to accept AS External LSAs) E - (router cannot accept AS External LSAs) T + (router can support TOS) T - (router cannot support TOS)

hi: di: dr: bdr:

Displays the amount of time configured for the HELLO interval. Displays the amount of time configured for the DEAD interval. Displays the IP address of the designated router. Displays the IP address of the Border Area Router.

default-information originate
ces
Syntax

Configure the FTOS to generate a default external route into an OSPF routing domain. default-information originate [always] [metric metric-value] [metric-type type-value] [route-map map-name] To return to the default values, enter no default-information originate.

Parameters

always metric metric-value

(OPTIONAL) Enter the keyword always to specify that default route information must always be advertised. (OPTIONAL) Enter the keyword metric followed by a number to configure a metric value for the route. Range: 1 to 16777214 (OPTIONAL) Enter the keyword metric-type followed by an OSPF link state type of 1 or 2 for default routes. The values are: 1 = Type 1 external route 2 = Type 2 external route.

metric-type type-value

route-map map-name

(OPTIONAL) Enter the keyword route-map followed by the name of an established route map.

Defaults Command Modes Command History

Disabled. ROUTER OSPF

Version 7.8.1.0 Version 7.6.1.0 Introduced support for Multi-Process OSPF. Introduced on S-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1083

default-metric

Version 7.5.1.0 pre-Version 6.1.1.1 Related Commands

Introduced on C-Series Introduced on E-Series

redistribute

Redistribute routes from other routing protocols into OSPF.

default-metric
ces
Syntax

Change the metrics of redistributed routes to a value useful to OSPF. Use this command with the redistribute command. default-metric number To return to the default values, enter no default-metric [number].

Parameters

number

Enter a number as the metric. Range: 1 to 16777214.

Defaults Command Modes Command History

Disabled. ROUTER OSPF

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced support for Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Related Commands

redistribute

Redistribute routes from other routing protocols into OSPF.

description
ces
Syntax

Add a description about the selected OSPF configuration. description description To remove the OSPF description, use the no description command.

Parameters

description

Enter a text string description to identify the OSPF configuration (80 characters maximum).

Defaults Command Modes

No default behavior or values ROUTER OSPF

1084

Open Shortest Path First (OSPFv2 and OSPFv3)

distance

Command History

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1

Introduced support for Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series Display VLAN configuration.

Related Commands

show ip ospf asbr

distance
ces
Syntax

Define an administrative distance for particular routes to a specific IP address. distance weight [ip-address mask access-list-name] To delete the settings, use the no distance weight [ip-address mask access-list-name] command.

Parameters

weight

Specify an administrative distance. Range: 1 to 255. Default: 110 (OPTIONAL) Enter a router ID in the dotted decimal format. If you enter a router ID, you must include the mask for that router address. (OPTIONAL) Enter a mask in dotted decimal format or /n format. (OPTIONAL) Enter the name of an IP standard access list, up to 140 characters.

ip-address

mask access-list-name

Defaults Command Modes Command History

110 ROUTER OSPF

Version 7.8.1.0 Introduced support for Multi-Process OSPF. Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16 characters long. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1085

distance ospf

distance ospf
ces
Syntax

Configure an OSPF distance metric for different types of routes. distance ospf [external dist3] [inter-area dist2] [intra-area dist1] To delete these settings, enter no distance ospf.

Parameters

external dist3

(OPTIONAL) Enter the keyword external followed by a number to specify a distance for external type 5 and 7 routes. Range: 1 to 255 Default: 110. (OPTIONAL) Enter the keyword inter-area followed by a number to specify a distance metric for routes between areas. Range: 1 to 255 Default: 110. (OPTIONAL) Enter the keyword intra-area followed by a number to specify a distance metric for all routes within an area. Range: 1 to 255 Default: 110.

inter-area dist2

intra-area dist1

Defaults Command Modes Command History

external dist3 = 110; inter-area dist2 = 110; intra-area dist1 = 110. ROUTER OSPF
Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced support for Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

To specify a distance for routes learned from other routing domains, use the redistribute

command.

distribute-list in
ces
Syntax

Apply a filter to incoming routing updates from OSPF to the routing table. distribute-list prefix-list-name in [interface] To delete a filter, use the no distribute-list prefix-list-name in [interface] command.

1086

Open Shortest Path First (OSPFv2 and OSPFv3)

distribute-list out

Parameters

prefix-list-name interface

Enter the name of a configured prefix list. (OPTIONAL) Enter one of the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/ port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

Defaults Command Modes Command History

Not configured. ROUTER OSPF

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced support for Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

distribute-list out
ces
Syntax

Parameters

prefix-list-name bgp connected isis rip static

Enter the name of a configured prefix list. (OPTIONAL) Enter the keyword bgp to specify that BGP routes are distributed.* (OPTIONAL) Enter the keyword connected to specify that connected routes are distributed. (OPTIONAL) Enter the keyword isis to specify that IS-IS routes are distributed.* (OPTIONAL) Enter the keyword rip to specify that RIP routes are distributed.* (OPTIONAL) Enter the keyword static to specify that only manually configured routes are distributed.

* BGP and ISIS routes are not available on the C-Series. BGP, ISIS, and RIP routes are not available on the S-Series.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1087

enable inverse mask

Defaults Command Modes Command History

Not configured. ROUTER OSPF

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced support for Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

The distribute-list out command applies to routes being redistributed by autonomous system boundary routers (ASBRs) into OSPF. It can be applied to external type 2 and external type 1 routes, but not to intra-area and inter-area routes.

enable inverse mask

ce
Syntax

FTOS, by default, permits the user to input OSPF network command with a net-mask. This command provides a choice between inverse-mask or net-mask (the default). enable inverse mask To return to the default net-mask, enter no enable inverse mask.

Defaults Command Modes Command History

net-mask CONFIGURATION
Version 7.5.1.0 pre-Version 6.1.1.1 Introduced on C-Series Introduced on E-Series

fast-convergence
ces
Syntax

This command sets the minimum LSA origination and arrival times to zero (0), allowing more rapid route computation so that convergence takes less time. fast-convergence {number} To cancel fast-convergence, enter no fast convergence.

Parameters

number

Enter the convergence level desired. The higher this parameter is set, the faster OSPF converge takes place. Range: 1-4

Defaults Command Modes

None. ROUTER OSPF Open Shortest Path First (OSPFv2 and OSPFv3)

1088

flood-2328

Command History Usage Information

Version 7.8.1.0

Introduced on all platforms.

The higher this parameter is set, the faster OSPF converge takes place. Note that the faster the convergence, the more frequent the route calculations and updates. This will impact CPU utilization and may impact adjacency stability in larger topologies. Generally, convergence level 1 meets most convergence requirements. Higher convergence levels should only be selected following consultation with Force10 technical support.

flood-2328
ces
Syntax

Enable RFC-2328 flooding behavior. flood-2328 To disable, use the no flood-2328 command.

Defaults Command Modes Command History

Disabled ROUTER OSPF

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 Introduced support for Multi-Process OSPF. Introduced on S-Series Introduced on C-Series and E-Series

Usage Information

In OSPF, flooding is the most resource-consuming task. The flooding algorithm, described in RFC-2328, requires that OSPF flood LSAs (Link State Advertisements) on all interfaces, as governed by LSAs flooding scope (see Section 13 of the RFC). When multiple direct links connect two routers, the RFC-2328 flooding algorithm generates significant redundant information across all links. By default, FTOS implements an enhanced flooding procedure that dynamically and intelligently determines when to optimize flooding. Whenever possible, the OSPF task attempts to reduce flooding overhead by selectively flooding on a subset of the interfaces between two routers. When flood-2328 is enabled, this command configures FTOS to flood LSAs on all interfaces.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1089

graceful-restart grace-period

graceful-restart grace-period
ces
Syntax

Specifies the time duration, in seconds, that the routers neighbors will continue to advertise the router as fully adjacent regardless of the synchronization state during a graceful restart. graceful-restart grace-period seconds To disable the grace period, enter no graceful-restart grace-period.

Parameters

seconds

Time duration, in seconds, that specifies the duration of the restart process before OSPF terminates the process. Range: 40 to 3000 seconds

Defaults Command Modes Command History

Not Configured ROUTER OSPF

Version 7.8.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced for S-Series Introduced support for Multi-Process OSPF. Introduced on C-Series Introduced on E-Series

graceful-restart helper-reject
ces
Syntax

Specify the OSPF router to not act as a helper during graceful restart. graceful-restart helper-reject ip-address To return to default value, enter no graceful-restart helper-reject.

Parameters

ip-address

Enter the OSPF router-id, in IP address format, of the restart router that will not act as a helper during graceful restart.

Defaults Command Modes Command History

Not Configured ROUTER OSPF

Version 7.8.1.0 Introduced support for Multi-Process OSPF. Restart role enabled on S-Series (Both Helper and Restart roles now supported on S-Series. Helper-Role supported on S-Series Introduced on C-Series Introduced on E-Series

Version 7.7.1.0 Version 7.5.1.0 pre-Version 6.1.1.1

1090

Open Shortest Path First (OSPFv2 and OSPFv3)

graceful-restart mode

graceful-restart mode
ces
Syntax

Enable the graceful restart mode. graceful-restart mode [planned-only | unplanned-only] To disable graceful restart mode, enter no graceful-restart mode.

Parameters

planned-only unplanned-only

(OPTIONAL) Enter the keywords planned-only to indicate graceful restart is supported in a planned restart condition only. (OPTIONAL) Enter the keywords unplanned-only to indicate graceful restart is supported in an unplanned restart condition only.

Defaults Command Modes Command History

Support for both planned and unplanned failures. ROUTER OSPF

Version 7.8.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

graceful-restart role
ces
Syntax

Specify the role for your OSPF router during graceful restart. graceful-restart role [helper-only | restart-only] To disable graceful restart role, enter no graceful-restart role.

Parameters

role helper-only role restart-only

(OPTIONAL) Enter the keywords helper-only to specify the OSPF router is a helper only during graceful restart. (OPTIONAL) Enter the keywords restart-only to specify the OSPF router is a restart only during graceful-restart.

Defaults Command Modes Command History

OSPF routers are, by default, both helper and restart routers during a graceful restart. ROUTER OSPF
Version 7.8.1.0 Version 7.7.1 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced support for Multi-Process OSPF. Restart and helper roles supported on S-Series Helper-Role supported on S-Series Introduced on C-Series Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1091

ip ospf auth-change-wait-time

ip ospf auth-change-wait-time
ces
OSPF provides a grace period while OSPF changes its interface authentication type. During the grace period, OSPF sends out packets with new and old authentication scheme till the grace period expires. ip ospf auth-change-wait-time seconds To return to the default, enter no ip ospf auth-change-wait-time.
Parameters

Syntax

seconds

Enter seconds Range: 0 to 300

Defaults Command Modes Command History

zero (0) seconds INTERFACE

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

ip ospf authentication-key
ces
Syntax

Enable authentication and set an authentication key on OSPF traffic on an interface. ip ospf authentication-key [encryption-type] key To delete an authentication key, enter no ip ospf authentication-key.

Parameters

encryption-type key

(OPTIONAL) Enter 7 to encrypt the key. Enter an 8 character string. Strings longer than 8 characters are truncated.

Defaults Command Modes Command History

Not configured. INTERFACE

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

All neighboring routers in the same network must use the same password to exchange OSPF information.

1092

Open Shortest Path First (OSPFv2 and OSPFv3)

ip ospf cost

ip ospf cost
ces
Syntax

Change the cost associated with the OSPF traffic on an interface. ip ospf cost cost To return to default value, enter no ip ospf cost.

Parameters

cost

Enter a number as the cost. Range: 1 to 65535.

Defaults Command Modes Command History

The default cost is based on the reference bandwidth. INTERFACE

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

If this command is not configured, cost is based on the auto-cost command. When you configure OSPF over multiple vendors, use the ip ospf cost command to ensure that all routers use the same cost. Otherwise, OSPF routes improperly.

Related Commands

auto-cost

Control how the OSPF interface cost is calculated.

ip ospf dead-interval
ces
Syntax

Set the time interval since the last hello-packet was received from a router. After the interval elapses, the neighboring routers declare the router dead. ip ospf dead-interval seconds To return to the default values, enter no ip ospf dead-interval.

Parameters

seconds

Enter the number of seconds for the interval. Range: 1 to 65535. Default: 40 seconds.

Defaults Command Modes Command History

40 seconds INTERFACE
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1093

ip ospf hello-interval

Usage Information Related Commands

By default, the dead interval is four times the default hello-interval.

ip ospf hello-interval

Set the time interval between hello packets.

ip ospf hello-interval
ces
Syntax

Specify the time interval between the hello packets sent on the interface. ip ospf hello-interval seconds To return to the default value, enter no ip ospf hello-interval.

Parameters

seconds

Enter a the number of second as the delay between hello packets. Range: 1 to 65535. Default: 10 seconds.

Defaults Command Modes Command History

10 seconds INTERFACE
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information Related Commands

The time interval between hello packets must be the same for routers in a network.

ip ospf dead-interval

Set the time interval before a router is declared dead.

ip ospf message-digest-key
ces
Syntax

Enable OSPF MD5 authentication and send an OSPF message digest key on the interface. ip ospf message-digest-key keyid md5 key To delete a key, use the no ip ospf message-digest-key keyid command.

Parameters

keyid key

Enter a number as the key ID. Range: 1 to 255. Enter a continuous character string as the password.

Defaults

No MD5 authentication is configured.

1094

Open Shortest Path First (OSPFv2 and OSPFv3)

ip ospf mtu-ignore

Command Modes Command History

INTERFACE
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

To change to a different key on the interface, enable the new key while the old key is still enabled. The FTOS will send two packets: the first packet authenticated with the old key, and the second packet authenticated with the new key. This process ensures that the neighbors learn the new key and communication is not disrupted by keeping the old key enabled. After the reply is received and the new key is authenticated, you must delete the old key. Force10 Networks recommends keeping only one key per interface.

Note: The MD5 secret is stored as plain text in the configuration file with service
password encryption.

ip ospf mtu-ignore
ces
Syntax

Disable OSPF MTU mismatch detection upon receipt of database description (DBD) packets. ip ospf mtu-ignore To return to the default, enter no ip ospf mtu-ignore.

Defaults Command Modes Command History

Enabled INTERFACE
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

ip ospf network
ces
Syntax

Set the network type for the interface. ip ospf network {broadcast | point-to-point} To return to the default, enter no ip ospf network.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1095

ip ospf priority

Parameters

broadcast point-to-point

Enter the keyword broadcast to designate the interface as part of a broadcast network. Enter the keyword point-to-point to designate the interface as part of a point-to-point network.

Defaults Command Modes Command History

Not configured. ROUTER OSPF

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced support for Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

ip ospf priority
ces
Syntax

Set the priority of the interface to determine the Designated Router for the OSPF network. ip ospf priority number To return to the default setting, enter no ip ospf priority.

Parameters

number

Enter a number as the priority. Range: 0 to 255. The default is 1.

Defaults Command Modes Command History

1 INTERFACE
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

Setting a priority of 0 makes the router ineligible for election as a Designated Router or Backup Designated Router. Use this command for interfaces connected to multi-access networks, not point-to-point networks.

1096

Open Shortest Path First (OSPFv2 and OSPFv3)

ip ospf retransmit-interval

ip ospf retransmit-interval
ces
Syntax

Set the retransmission time between lost link state advertisements (LSAs) for adjacencies belonging to the interface. ip ospf retransmit-interval seconds To return to the default values, enter no ip ospf retransmit-interval.

Parameters

seconds

Enter the number of seconds as the interval between retransmission. Range: 1 to 3600. Default: 5 seconds. This interval must be greater than the expected round-trip time for a packet to travel between two routers.

Defaults Command Modes Command History

5 seconds INTERFACE
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

Set the time interval to a number large enough to prevent unnecessary retransmissions. For example, the interval should be larger for interfaces connected to virtual links.

ip ospf transmit-delay
ces
Syntax

Set the estimated time elapsed to send a link state update packet on the interface. ip ospf transmit-delay seconds To return to the default value, enter no ip ospf transmit-delay.

Parameters

seconds

Enter the number of seconds as the transmission time. This value should be greater than the transmission and propagation delays for the interface. Range: 1 to 3600. Default: 1 second.

Defaults Command Modes Command History

1 second INTERFACE
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1097

log-adjacency-changes

log-adjacency-changes
ces
Syntax Defaults Command Mode Command History

Generate a Syslog message for OSPF adjacency state changes. When enabled, changes are logged for both IPv4 and IPv6 adjacencies. log-adjacency-changes Disabled. ROUTER OSPF
Version 8.4.1.0 Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced for IPv6. Introduced support for Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

maximum-paths
ces
Syntax

Enable the software to forward packets over multiple paths. maximum-paths number To disable packet forwarding over multiple paths, enter no maximum-paths.

Parameters

number

Specify the number of paths. Range: 1 to 16. Default: 4 paths.

Defaults Command Modes Command History

4 ROUTER OSPF
Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced support for Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

mib-binding
ces
Syntax

Enable this OSPF process ID to manage the SNMP traps and process SNMP queries. mib-binding To mib-binding on this OSPF process, enter no mib-binding.

1098

Open Shortest Path First (OSPFv2 and OSPFv3)

network area

Defaults Command Modes Command History Usage Information

None. ROUTER OSPF

Version 7.8.1.0 Introduced to all platforms.

This command is either enabled or disabled. If no OSPF process is identified as the MIB manager, the first OSPF process will be used. If an OSPF process has been selected, it must be disabled prior to assigning new process ID the MIB responsibility.

network area
ces
Syntax

Define which interfaces run OSPF and the OSPF area for those interfaces. network ip-address mask area area-id To disable an OSPF area, use the no network ip-address mask area area-id command.

Parameters

ip-address mask area-id

Specify a primary or secondary address in dotted decimal format. The primary address is required before adding the secondary address. Enter a network mask in /prefix format. (/x) Enter the OSPF area ID as either a decimal value or in a valid IP address. Decimal value range: 0 to 65535 IP address format: dotted decimal format A.B.C.D. Note: If the area ID is smaller than 65535, it will be converted to a decimal value. For example, if you use an area ID of 0.0.0.1, it will be converted to 1.

Command Modes Command History

ROUTER OSPF
Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced support for Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

To enable OSPF on an interface, the network area command must include, in its range of addresses, the primary IP address of an interface.

Note: An interface can be attached only to a single OSPF area.

If you delete all the network area commands for Area 0, the show ip ospf command output will not list Area 0.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1099

passive-interface

passive-interface
ces
Syntax

Suppress both receiving and sending routing updates on an interface. passive-interface {default | interface} To enable both the receiving and sending routing, enter the no passive-interface interface command. To return all OSPF interfaces (current and future) to active, enter the no passive-interface default command.

Parameters

default interface

Enter the keyword default to make all OSPF interfaces (current and future) passive. Enter the following keywords and slot/port or number information: For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

Command Modes Command History

ROUTER OSPF
Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 pre-Version 6.1.1.1 Introduced support for Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Modified to include the default keyword. Introduced on E-Series

Usage Information

Although the passive interface will neither send nor receive routing updates, the network on that interface will still be included in OSPF updates sent via other interfaces. The default keyword sets all interfaces as passive. You can then configure individual interfaces, where adjacencies are desired, using the no passive-interface interface command. The no form of this command is inserted into the configuration for individual interfaces when the no passive-interface interface command is issued while passive-interface default is configured. This command behavior has changed as follows: passive-interface interface The previous no passive-interface interface is removed from the running configuration. The ABR status for the router is updated. Save passive-interface interface into the running configuration. Open Shortest Path First (OSPFv2 and OSPFv3)

1100

redistribute passive-interface default All present and future OSPF interface are marked as passive. Any adjacency are explicitly terminated from all OSPF interfaces. All previous passive-interface interface commands are removed from the running configuration. All previous no passive-interface interface commands are removed from the running configuration.

no passive-interface interface Remove the interface from the passive list. The ABR status for the router is updated. If passive-interface default is specified, then save no passive-interface interface into the running configuration.

No passive-interface default Clear everything and revert to the default behavior. All previously marked passive interfaces are removed. May update ABR status.

redistribute
ces
Syntax

Redistribute information from another routing protocol throughout the OSPF process. redistribute {connected | rip | static} [metric metric-value | metric-type type-value] [route-map map-name] [tag tag-value] To disable redistribution, use the no redistribute {connected | isis | rip | static} command.

Parameters

connected rip static metric metric-value metric-type type-value

Enter the keyword connected to specify that information from active routes on interfaces is redistributed. Enter the keyword rip to specify that RIP routing information is redistributed. Enter the keyword static to specify that information from static routes is redistributed. (OPTIONAL) Enter the keyword metric followed by a number. Range: 0 (zero) to 16777214. (OPTIONAL) Enter the keyword metric-type followed by one of the following: 1 = OSPF External type 1 2 = OSPF External type 2

route-map map-name tag tag-value

(OPTIONAL) Enter the keyword route-map followed by the name of the route map. (OPTIONAL) Enter the keyword tag followed by a number. Range: 0 to 4294967295

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1101

redistribute bgp

Defaults Command Modes Command History

Not configured. ROUTER OSPF

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced support for Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information Related Commands

To redistribute the default route (0.0.0.0/0), configure the default-information originate command.
default-information originate Generate a default route into the OSPF routing domain.

redistribute bgp
ces
Syntax

Redistribute BGP routing information throughout the OSPF instance. redistribute bgp as number [metric metric-value] | [metric-type type-value] | [tag tag-value] To disable redistribution, use the no redistribute bgp as number [metric metric-value] | [metric-type type-value] [route-map map-name] [tag tag-value] command.

Parameters

as number metric metric-value

Enter the autonomous system number. Range: 1 to 65535 (OPTIONAL) Enter the keyword metric followed by the metric-value number. Range: 0 to16777214 (OPTIONAL) Enter the keyword metric-type followed by one of the following: 1 = for OSPF External type 1 2 = for OSPF External type 2

metric-type type-value

route-map map-name tag tag-value

(OPTIONAL) Enter the keyword route-map followed by the name of the route map. (OPTIONAL) Enter the keyword tag to set the tag for routes redistributed into OSPF. Range: 0 to 4294967295

Defaults Command Modes Command History

No default behavior or values ROUTER OSPF

Version 7.8.1.3 Version 7.8.1.0 Introduced Route Map for BGP Redistribution to OSPF Introduced support for Multi-Process OSPF.

1102

Open Shortest Path First (OSPFv2 and OSPFv3)

redistribute isis

Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 pre-Version 6.1.1.1

Introduced on S-Series Introduced on C-Series Modified to include the default keyword. Introduced on E-Series

redistribute isis
ces
Syntax

Redistribute IS-IS routing information throughout the OSPF instance. redistribute isis [tag] [level-1 | level-1-2 | level-2] [metric metric-value | metric-type type-value] [route-map map-name] [tag tag-value] To disable redistribution, use the no redistribute isis [tag] [level-1 | level-1-2 | level-2] [metric metric-value | metric-type type-value] [route-map map-name] [tag tag-value] command.

Parameters

tag level-1 level-1-2 level-2 metric metric-value metric-type type-value

(OPTIONAL) Enter the name of the IS-IS routing process. (OPTIONAL) Enter the keyword level-1 to redistribute only IS-IS Level-1 routes. (OPTIONAL) Enter the keyword level-1-2 to redistribute both IS-IS Level-1 and Level-2 routes. (OPTIONAL) Enter the keyword level-2 to redistribute only IS-IS Level-2 routes. (OPTIONAL) Enter the keyword metric followed by a number. Range: 0 (zero) to 4294967295. (OPTIONAL) Enter the keyword metric-type followed by one of the following: 1 = for OSPF External type 1 2 = for OSPF External type 2

route-map map-name tag tag-value

(OPTIONAL) Enter the keyword route-map followed by the name of the route map. (OPTIONAL) Enter the keyword tag followed by a number. Range: 0 to 4294967295

Defaults Command Modes Command History

Not configured. ROUTER OSPF

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced support for Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

IS-IS is not supported on S-Series platforms.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1103

router-id

router-id
ces
Syntax

Use this command to configure a fixed router ID. router-id ip-address To remove the fixed router ID, use the no router-id ip-address command.

Parameters

ip-address

Enter the router ID in the IP address format

Defaults Command Modes Command History

This command has no default behavior or values. ROUTER OSPF

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced support for Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Example

Figure 354 Command Example: router-id

Force10(conf)#router ospf 100 Force10(conf-router_ospf)#router-id 1.1.1.1 Changing router-id will bring down existing OSPF adjacency [y/n]: Force10(conf-router_ospf)#show config ! router ospf 100 router-id 1.1.1.1 Force10(conf-router_ospf)#no router-id Changing router-id will bring down existing OSPF adjacency [y/n]: Force10#

Usage Information

You can configure an arbitrary value in the IP address format for each router. However, each router ID must be unique. If this command is used on an OSPF router process, which is already active (that is, has neighbors), a prompt reminding you that changing router-id will bring down the existing OSPF adjacency. The new router ID is effective at the next reload

1104

Open Shortest Path First (OSPFv2 and OSPFv3)

router ospf

router ospf
ces
Syntax

Enter the ROUTER OSPF mode to configure an OSPF instance. router ospf process-id [vrf {vrf name}] To clear an OSPF instance, enter no router ospf process-id.

Parameters

process-id vrf name

Enter a number for the OSPF instance. Range: 1 to 65535. (Optional) E-Series Only: Enter the VRF process identifier to tie the OSPF instance to the VRF. All network commands under this OSPF instance are subsequently tied to the VRF instance.

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 7.9.1.0 Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced VRF Introduced support of Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Example

Figure 355 Command Example: router ospf

Force10(conf)#router ospf 2 Force10(conf-router_ospf)#

Usage Information

You must have an IP address assigned to an interface to enter the ROUTER OSPF mode and configure OSPF. Once the OSPF process and the VRF are tied together, the OSPF Process ID cannot be used again in the system.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1105

show config

show config
ces
Syntax Command Modes Command History

Display the non-default values in the current OSPF configuration. show config ROUTER OSPF
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Example

Figure 356 Command Example: show config

Force10(conf-router_ospf)#show config ! router ospf 3 passive-interface FastEthernet 0/1 Force10(conf-router_ospf)#

show ip ospf
ces
Syntax Parameters

Display information on the OSPF process configured on the switch. show ip ospf process-id [vrf vrf name] process-id vrf name
Enter the OSPF Process ID to show a specific process. If no Process ID is entered, command applies only to the first OSPF process. E-Series Only: Show only the OSPF information tied to the VRF process.

Command Modes

EXEC EXEC Privilege

Command History

Version 7.9.1.0 Version 7.9.1.0 Version 7.8.1.0 Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1

Introduced VRF Introduced VRF Introduced support of Multi-Process OSPF. Introduced process-id option, in support of Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

1106

Open Shortest Path First (OSPFv2 and OSPFv3)

show ip ospf

If you delete all the network area commands for Area 0, the show ip ospf command output will not list Area 0.
Example

Figure 357 Command Example: show ip ospf process-id

Force10>show ip ospf 1 Routing Process ospf 1 with ID 11.1.2.1 Supports only single TOS (TOS0) routes It is an autonomous system boundaryrouter SPF schedule delay 0 secs, Hold time between two SPFs 5 secs Number of area in this router is 1, normal 1 stub 0 nssa 0 Area BACKBONE (0.0.0.0) Number of interface in this area is 2 SPF algorithm executed 4 times Area ranges are Force10>

Table 96 Command Output Descriptions: show ip ospf process-id Line Beginning with
Routing Process... Supports only... SPF schedule... Number of...

Description
Displays the OSPF process ID and the IP address associated with the process ID. Displays the number of Type of Service (TOS) rouse supported. Displays the delay and hold time configured for this process ID. Displays the number and type of areas configured for this process ID.

Related Commands

show ip ospf database show ip ospf interface show ip ospf neighbor show ip ospf virtual-links

Displays information about the OSPF routes configured. Displays the OSPF interfaces configured. Displays the OSPF neighbors configured. Displays the OSPF virtual links configured.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1107

show ip ospf asbr

ces
Syntax Parameters

Display all ASBR routers visible to OSPF. show ip ospf process-id asbr process-id
Enter the OSPF Process ID to show a specific process. If no Process ID is entered, command applies only to the first OSPF process.

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History

Version 7.8.1.0 Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0

Introduced support of Multi-Process OSPF. Introduced process-id option, in support of Multi-Process OSPF. Introduced on S-Series Introduced on C-Series and E-Series

Usage Information

If you are using Multi-Process OSPF, you must enter the Process ID to view information regarding a specific OSPF process. If you do not enter the Process ID, only the first configured process is listed. Use this command to isolate problems with external routes. In OSPF, external routes are calculated by adding the LSA cost to the cost of reaching the ASBR router. If an external route does not have the correct cost, use this command to determine if the path to the originating router is correct. The display output is not sorted in any order.

Note: ASBRs that are not in directly connected areas are also displayed.
Figure 358 Command Example: show ip ospf process-id asbr
Force10#show ip ospf 1asbr RouterID 3.3.3.3 1.1.1.1 Force10# Flags Cost Nexthop -/-/-/ 2 10.0.0.2 E/-/-/ 0 0.0.0.0 Interface Gi 0/1 1 Area 0

Example

You can determine if an ASBR is in a directly connected area (or not) by the flags. For ASBRs in a directly connected area, E flags are set. In the figure above, router 1.1.1.1 is in a directly connected area since the Flag is E/-/-/. For remote ASBRs, the E flag is clear (-/-/-/)

1108

Open Shortest Path First (OSPFv2 and OSPFv3)

show ip ospf database

ces
Syntax Parameters

Display all LSA information. If OSPF is not enabled on the switch, no output is generated. show ip ospf process-id database [database-summary] process-id
Enter the OSPF Process ID to show a specific process. If no Process ID is entered, command applies only to the first OSPF process. (OPTIONAL) Enter the keywords database-summary to the display summary of the information stored in the OSPFv2 database of the router, including the number of LSAs received from OSPFv2 neighbor routers.

database-summary

Command Modes

EXEC EXEC Privilege

Command History

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1

Introduced support of Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

Example

Force10#show ip ospf database database-summary ! OSPF Router with ID (200.1.1.1) (Process ID 1) Area ID 0 Router Net 4 3 S-Net 3000 S-ASBR Type7 0 0 Type9 1 Type10 Total 0 3008 ChSum 0x5e69164

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1109

show ip ospf database Figure 360 Command Example: show ip ospf process-id database
Force10>show ip ospf 1 database OSPF Router with ID (11.1.2.1) (Process ID 1) Router (Area 0.0.0.0) Link ID ADV Router Age Seq# Checksum 11.1.2.1 11.1.2.1 673 0x80000005 0x707e 13.1.1.1 13.1.1.1 676 0x80000097 0x1035 192.68.135.2 192.68.135.2 1419 0x80000294 0x9cbd Link ID 10.2.3.2 10.2.4.2 Link ID 0.0.0.0 1.1.1.1 10.1.1.0 10.1.2.0 10.2.2.0 10.2.3.0 10.2.4.0 11.1.1.0 11.1.2.0 12.1.2.0 13.1.1.0 13.1.2.0 172.16.1.0 Force10> Network (Area 0.0.0.0) ADV Router Age 13.1.1.1 676 192.68.135.2 908 Type-5 AS External ADV Router Age 192.68.135.2 908 192.68.135.2 908 11.1.2.1 718 11.1.2.1 718 11.1.2.1 718 11.1.2.1 718 13.1.1.1 1184 11.1.2.1 718 11.1.2.1 718 192.68.135.2 1663 13.1.1.1 1192 13.1.1.1 1184 13.1.1.1 148 Seq# 0x80000003 0x80000055 Seq# 0x80000052 0x8000002a 0x80000002 0x80000002 0x80000002 0x80000002 0x80000068 0x80000002 0x80000002 0x80000054 0x8000006b 0x8000006b 0x8000006d Checksum 0x6592 0x683e Checksum 0xeb83 0xbd27 0x9012 0x851c 0x7927 0x6e31 0x45db 0x831e 0x7828 0xd8d6 0x2718 0x1c22 0x533b Tag 100 0 0 0 0 0 0 0 0 0 0 0 0

Example

Link count 2 2 1

Table 97 Command Output Description: show ip ospf process-id database Field

Link ID ADV Router Age Seq# Checksum Link count

Description
Identifies the router ID. Identifies the advertising routers ID. Displays the link state age. Identifies the link state sequence number. This number enables you to identify old or duplicate link state advertisements. Displays the Fletcher checksum of an LSAs complete contents. Displays the number of interfaces for that router.

Related Commands

show ip ospf database asbr-summary

Displays only ASBR summary LSA information.

1110

Open Shortest Path First (OSPFv2 and OSPFv3)

show ip ospf database asbr-summary

ces
Syntax

Display information about AS Boundary LSAs. show ip ospf process-id database asbr-summary [link-state-id] [adv-router ip-address] process-id link-state-id
Enter the OSPF Process ID to show a specific process. If no Process ID is entered, command applies only to the first OSPF process. (OPTIONAL) Specify LSA ID in dotted decimal format. The LSA ID value depends on the LSA type, and it can be one of the following: the networks IP address for Type 3 LSAs or Type 5 LSAs the routers OSPF router ID for Type 1 LSAs or Type 4 LSAs the default destination (0.0.0.0) for Type 5 LSAs

Parameters

adv-router ip-address
Command Modes

(OPTIONAL) Enter the keywords adv-router ip-address to display only the LSA information about that router.

EXEC EXEC Privilege

Command History

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1

Introduced support of Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1111

show ip ospf database asbr-summary Figure 361 Command Example: show ip ospf database asbr-summary (Partial)
Force10#show ip ospf 100 database asbr-summary OSPF Router with ID (1.1.1.10) (Process ID 100) Summary Asbr (Area 0.0.0.0) LS age: 1437 Options: (No TOS-capability, No DC, E) LS type: Summary Asbr Link State ID: 103.1.50.1 Advertising Router: 1.1.1.10 LS Seq Number: 0x8000000f Checksum: 0x8221 Length: 28 Network Mask: /0 TOS: 0 Metric: 2 LS age: 473 Options: (No TOS-capability, No DC, E) LS type: Summary Asbr Link State ID: 104.1.50.1 Advertising Router: 1.1.1.10 LS Seq Number: 0x80000010 Checksum: 0x4198 Length: 28 --More--

Example

Table 98 Command Output Descriptions: show ip ospf database asbr-summary Item

LS Age Options

Description
Displays the LSAs age. Displays the optional capabilities available on router. The following options can be found in this item: TOS-capability or No TOS-capability is displayed depending on whether the router can support Type of Service. DC or No DC is displayed depending on whether the originating router can support OSPF over demand circuits. E or No E is displayed on whether the originating router can accept AS External LSAs.

LS Type Link State ID Advertising Router Checksum Length Network Mask TOS Metric

Displays the LSAs type. Displays the Link State ID. Identifies the advertising routers ID. Displays the Fletcher checksum of the an LSAs complete contents. Displays the length in bytes of the LSA. Displays the network mask implemented on the area. Displays the Type of Service (TOS) options. Option 0 is the only option. Displays the LSA metric.

Related Commands

show ip ospf database

Displays OSPF database information.

1112

Open Shortest Path First (OSPFv2 and OSPFv3)

show ip ospf database external

ces
Syntax Parameters

Display information on the AS external (type 5) LSAs. show ip ospf process-id database external [link-state-id] [adv-router ip-address] process-id link-state-id
Enter the OSPF Process ID to show a specific process. If no Process ID is entered, command applies only to the first OSPF process. (OPTIONAL) Specify LSA ID in dotted decimal format. The LSA ID value depends on the LSA type, and it can be one of the following: the networks IP address for Type 3 LSAs or Type 5 LSAs the routers OSPF router ID for Type 1 LSAs or Type 4 LSAs the default destination (0.0.0.0) for Type 5 LSAs

adv-router ip-address
Command Modes

(OPTIONAL) Enter the keywords adv-router ip-address to display only the LSA information about that router.

EXEC EXEC Privilege

Command History

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1

Introduced support of Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1113

show ip ospf database external Figure 362 Command Example: show ip ospf database external
Force10#show ip ospf 1 database external OSPF Router with ID (20.20.20.5) (Process ID 1) Type-5 AS External LS age: 612 Options: (No TOS-capability, No DC, E) LS type: Type-5 AS External Link State ID: 12.12.12.2 Advertising Router: 20.31.3.1 LS Seq Number: 0x80000007 Checksum: 0x4cde Length: 36 Network Mask: /32 Metrics Type: 2 TOS: 0 Metrics: 25 Forward Address: 0.0.0.0 External Route Tag: 43 LS age: 1868 Options: (No TOS-capability, DC) LS type: Type-5 AS External Link State ID: 24.216.12.0 Advertising Router: 20.20.20.8 LS Seq Number: 0x80000005 Checksum: 0xa00e Length: 36 Network Mask: /24 Metrics Type: 2 TOS: 0 Metrics: 1 Forward Address: 0.0.0.0 External Route Tag: 701 Force10#

Example

Table 99 Command Example Descriptions: show ip ospf process-id database external Item
LS Age Options

Description
Displays the LSA age. Displays the optional capabilities available on router. The following options can be found in this item: TOS-capability or No TOS-capability is displayed depending on whether the router can support Type of Service. DC or No DC is displayed depending on whether the originating router can support OSPF over demand circuits. E or No E is displayed on whether the originating router can accept AS External LSAs.

LS Type Link State ID Advertising Router LS Seq Number Checksum Length Network Mask Metrics Type

Displays the LSAs type. Displays the Link State ID. Identifies the router ID of the LSAs originating router. Identifies the link state sequence number. This number enables you to identify old or duplicate LSAs. Displays the Fletcher checksum of an LSAs complete contents. Displays the length in bytes of the LSA. Displays the network mask implemented on the area. Displays the external type.

1114

Open Shortest Path First (OSPFv2 and OSPFv3)

show ip ospf database network Table 99 Command Example Descriptions: show ip ospf process-id database external Item
TOS Metrics Forward Address

Description
Displays the TOS options. Option 0 is the only option. Displays the LSA metric. Identifies the address of the forwarding router. Data traffic is forwarded to this router. If the forwarding address is 0.0.0.0, data traffic is forwarded to the originating router. Displays the 32-bit field attached to each external route. This field is not used by the OSPF protocol, but can be used for external route management.

External Route Tag

Related Commands

show ip ospf database

Displays OSPF database information.

show ip ospf database network

ces
Syntax Parameters

Display the network (type 2) LSA information. show ip ospf process-id database network [link-state-id] [adv-router ip-address] process-id link-state-id
Enter the OSPF Process ID to show a specific process. If no Process ID is entered, command applies only to the first OSPF process. (OPTIONAL) Specify LSA ID in dotted decimal format. The LSA ID value depends on the LSA type, and it can be one of the following: the networks IP address for Type 3 LSAs or Type 5 LSAs the routers OSPF router ID for Type 1 LSAs or Type 4 LSAs the default destination (0.0.0.0) for Type 5 LSAs

adv-router ip-address
Command Modes

(OPTIONAL) Enter the keywords adv-router ip-address to display only the LSA information about that router.

EXEC EXEC Privilege

Command History

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1

Introduced support of Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1115

show ip ospf database network Figure 363 Command Example: show ip ospf process-id database network
Force10#show ip ospf 1 data network OSPF Router with ID (20.20.20.5) (Process ID 1) Network (Area 0.0.0.0) LS age: 1372 Options: (No TOS-capability, DC, E) LS type: Network Link State ID: 202.10.10.2 Advertising Router: 20.20.20.8 LS Seq Number: 0x80000006 Checksum: 0xa35 Length: 36 Network Mask: /24 Attached Router: 20.20.20.8 Attached Router: 20.20.20.9 Attached Router: 20.20.20.7 Network (Area 0.0.0.1) LS age: 252 Options: (TOS-capability, No DC, E) LS type: Network Link State ID: 192.10.10.2 Advertising Router: 192.10.10.2 LS Seq Number: 0x80000007 Checksum: 0x4309 Length: 36 Network Mask: /24 Attached Router: 192.10.10.2 Attached Router: 20.20.20.1 Attached Router: 20.20.20.5 Force10#

Example

Table 100 Command Example Descriptions: show ip ospf process-id database network Item
LS Age Options

LS Type Link State ID Advertising Router Checksum Length Network Mask Attached Router

Displays the LSAs type. Displays the Link State ID. Identifies the router ID of the LSAs originating router. Identifies the link state sequence number. This number enables you to identify old or duplicate LSAs. Displays the Fletcher checksum of an LSAs complete contents. Displays the length in bytes of the LSA. Identifies the IP address of routers attached to the network.

Related Commands

show ip ospf database

Displays OSPF database information.

1116

Open Shortest Path First (OSPFv2 and OSPFv3)

show ip ospf database nssa-external

ces
Syntax Parameters

Display NSSA-External (type 7) LSA information. show ip ospf database nssa-external [link-state-id] [adv-router ip-address] link-state-id
(OPTIONAL) Specify LSA ID in dotted decimal format. The LSA ID value depends on the LSA type, and it can be one of the following: the networks IP address for Type 3 LSAs or Type 5 LSAs the routers OSPF router ID for Type 1 LSAs or Type 4 LSAs the default destination (0.0.0.0) for Type 5 LSAs

adv-router ip-address
Command Modes

(OPTIONAL) Enter the keywords adv-router ip-address to display only the LSA information about that router.

EXEC EXEC Privilege

Command History

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1

Introduced support of Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

Related Commands

show ip ospf database opaque-area

ces
Syntax Parameters

Display the opaque-area (type 10) LSA information. show ip ospf process-id database opaque-area [link-state-id] [adv-router ip-address] process-id link-state-id
Enter the OSPF Process ID to show a specific process. If no Process ID is entered, command applies only to the first OSPF process. (OPTIONAL) Specify LSA ID in dotted decimal format. The LSA ID value depends on the LSA type, and it can be one of the following: the networks IP address for Type 3 LSAs or Type 5 LSAs the routers OSPF router ID for Type 1 LSAs or Type 4 LSAs the default destination (0.0.0.0) for Type 5 LSAs

adv-router ip-address
Command Modes

(OPTIONAL) Enter the keywords adv-router ip-address to display only the LSA information about that router.

EXEC

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1117

show ip ospf database opaque-area

EXEC Privilege
Command History Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Usage Information Introduced support of Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Example

Table 101 Command Example Descriptions: show ip ospf process-id database opaque-area Item
LS Age Options

LS Type Link State ID Advertising Router

Displays the LSAs type. Displays the Link State ID. Identifies the advertising routers ID.

1118

Open Shortest Path First (OSPFv2 and OSPFv3)

show ip ospf database opaque-as Table 101 Command Example Descriptions: show ip ospf process-id database opaque-area Item
Checksum Length Opaque Type Opaque ID

Description
Displays the Fletcher checksum of the an LSAs complete contents. Displays the length in bytes of the LSA. Displays the Opaque type field (the first 8 bits of the Link State ID). Displays the Opaque type-specific ID (the remaining 24 bits of the Link State ID).

Related Commands

show ip ospf database

Displays OSPF database information.

show ip ospf database opaque-as

ces
Syntax Parameters

Display the opaque-as (type 11) LSA information. show ip ospf process-id database opaque-as [link-state-id] [adv-router ip-address] process-id link-state-id
Enter the OSPF Process ID to show a specific process. If no Process ID is entered, command applies only to the first OSPF process. (OPTIONAL) Specify LSA ID in dotted decimal format. The LSA ID value depends on the LSA type, and it can be one of the following: the networks IP address for Type 3 LSAs or Type 5 LSAs the routers OSPF router ID for Type 1 LSAs or Type 4 LSAs the default destination (0.0.0.0) for Type 5 LSAs

adv-router ip-address
Command Modes

(OPTIONAL) Enter the keywords adv-router ip-address to display only the LSA information about that router.

EXEC EXEC Privilege

Command History

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1

Introduced support of Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

Related Commands

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1119

show ip ospf database opaque-link

ces
Syntax Parameters

Display the opaque-link (type 9) LSA information. show ip ospf process-id database opaque-link [link-state-id] [adv-router ip-address] process-id link-state-id
Enter the OSPF Process ID to show a specific process. If no Process ID is entered, command applies only to the first OSPF process. (OPTIONAL) Specify LSA ID in dotted decimal format. The LSA ID value depends on the LSA type, and it can be one of the following: the networks IP address for Type 3 LSAs or Type 5 LSAs the routers OSPF router ID for Type 1 LSAs or Type 4 LSAs the default destination (0.0.0.0) for Type 5 LSAs

adv-router ip-address
Command Modes

(OPTIONAL) Enter the keyword adv-router followed by the IP address of an Advertising Router to display only the LSA information about that router.

EXEC EXEC Privilege

Command History

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1

Introduced support of Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

Related Commands

1120

Open Shortest Path First (OSPFv2 and OSPFv3)

show ip ospf database router

ces
Syntax Parameters

Display the router (type 1) LSA information. show ip ospf process-id database router [link-state-id] [adv-router ip-address] process-id link-state-id
Enter the OSPF Process ID to show a specific process. If no Process ID is entered, command applies only to the first OSPF process. (OPTIONAL) Specify LSA ID in dotted decimal format. The LSA ID value depends on the LSA type, and it can be one of the following: the networks IP address for Type 3 LSAs or Type 5 LSAs the routers OSPF router ID for Type 1 LSAs or Type 4 LSAs the default destination (0.0.0.0) for Type 5 LSAs

adv-router ip-address
Command Modes

(OPTIONAL) Enter the keywords adv-router ip-address to display only the LSA information about that router.

EXEC EXEC Privilege

Command History

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1

Introduced support of Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1121

show ip ospf database router Figure 365 Command Example: show ip ospf process-id database router (Partial)
Force10#show ip ospf 100 database router OSPF Router with ID (1.1.1.10) (Process ID 100) Router (Area 0) LS age: 967 Options: (No TOS-capability, No DC, E) LS type: Router Link State ID: 1.1.1.10 Advertising Router: 1.1.1.10 LS Seq Number: 0x8000012f Checksum: 0x3357 Length: 144 AS Boundary Router Area Border Router Number of Links: 10 Link connected to: a Transit Network (Link ID) Designated Router address: 192.68.129.1 (Link Data) Router Interface address: 192.68.129.1 Number of TOS metric: 0 TOS 0 Metric: 1 Link connected to: a Transit Network (Link ID) Designated Router address: 192.68.130.1 (Link Data) Router Interface address: 192.68.130.1 Number of TOS metric: 0 TOS 0 Metric: 1 Link connected to: a Transit Network (Link ID) Designated Router address: 192.68.142.2 (Link Data) Router Interface address: 192.68.142.2 Number of TOS metric: 0 TOS 0 Metric: 1 Link connected to: a Transit Network (Link ID) Designated Router address: 192.68.141.2 (Link Data) Router Interface address: 192.68.141.2 Number of TOS metric: 0 TOS 0 Metric: 1 Link connected to: a Transit Network (Link ID) Designated Router address: 192.68.140.2 (Link Data) Router Interface address: 192.68.140.2 Number of TOS metric: 0 TOS 0 Metric: 1 Link connected to: a Stub Network (Link ID) Network/subnet number: 11.1.5.0 --More--

Example

Table 102 Command Example Descriptions: show ip ospf process-id database router Item
LS Age Options

LS Type Link State ID

Displays the LSA type. Displays the Link State ID.

1122

Open Shortest Path First (OSPFv2 and OSPFv3)

show ip ospf database summary Table 102 Command Example Descriptions: show ip ospf process-id database router Item
Advertising Router LS Seq Number Checksum Length Number of Links Link connected to: (Link ID) (Link Data) Number of TOS Metric TOS 0 Metric

Description
Identifies the router ID of the LSAs originating router. Displays the link state sequence number. This number detects duplicate or old LSAs. Displays the Fletcher checksum of an LSAs complete contents. Displays the length in bytes of the LSA. Displays the number of active links to the type of router (Area Border Router or AS Boundary Router) listed in the previous line. Identifies the type of network to which the router is connected. Identifies the link type and address. Identifies the router interface address. Lists the number of TOS metrics. Lists the number of TOS 0 metrics.

Related Commands

show ip ospf database

Displays OSPF database information.

show ip ospf database summary

ces
Syntax Parameters

Display the network summary (type 3) LSA routing information. show ip ospf process-id database summary [link-state-id] [adv-router ip-address] process-id link-state-id
Enter the OSPF Process ID to show a specific process. If no Process ID is entered, command applies only to the first OSPF process. (OPTIONAL) Specify LSA ID in dotted decimal format. The LSA ID value depends on the LSA type, and it can be one of the following: the networks IP address for Type 3 LSAs or Type 5 LSAs the routers OSPF router ID for Type 1 LSAs or Type 4 LSAs the default destination (0.0.0.0) for Type 5 LSAs

adv-router ip-address
Command Modes

(OPTIONAL) Enter the keywords adv-router ip-address to display only the LSA information about that router.

EXEC EXEC Privilege

Command History

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1

Introduced support of Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1123

show ip ospf database summary

Usage Information

Example

Table 103 Command Example Descriptions: show ip ospf process-id database summary Items
LS Age Options

LS Type Link State ID Advertising Router

Displays the LSAs type. Displays the Link State ID. Identifies the router ID of the LSAs originating router.

1124

Open Shortest Path First (OSPFv2 and OSPFv3)

show ip ospf interface Table 103 Command Example Descriptions: show ip ospf process-id database summary Items
LS Seq Number Checksum Length Network Mask TOS Metric

Description
Identifies the link state sequence number. This number enables you to identify old or duplicate LSAs. Displays the Fletcher checksum of an LSAs complete contents. Displays the length in bytes of the LSA. Displays the network mask implemented on the area. Displays the TOS options. Option 0 is the only option. Displays the LSA metrics.

Related Commands

show ip ospf database

Displays OSPF database information.

show ip ospf interface

ces
Syntax Parameters

Display the OSPF interfaces configured. If OSPF is not enabled on the switch, no output is generated. show ip ospf process-id interface [interface] process-id interface
Enter the OSPF Process ID to show a specific process. If no Process ID is entered, command applies only to the first OSPF process. (OPTIONAL) Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For the null interface, enter the keyword null followed by zero (0). For loopback interfaces, enter the keyword loopback followed by a number from 0 to 16383. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by the VLAN ID. The range is from 1 to 4094.

Command Modes

EXEC EXEC Privilege

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1125

show ip ospf interface

Command History

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1

Introduced process-id option, in support of Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

If you are using Multi-Process OSPF, you must enter the Process ID to view information regarding a specific OSPF process. If you do not enter the Process ID, only the first configured process is listed. Figure 367 Command Example: show ip ospf process-id interface
Force10>show ip ospf int GigabitEthernet 13/17 is up, line protocol is up Internet Address 192.168.1.2/30, Area 0.0.0.1 Process ID 1, Router ID 192.168.253.2, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 192.168.253.2, Interface address 192.168.1.2 Backup Designated Router (ID) 192.168.253.1, Interface address 192.168.1.1 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:02 Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 192.168.253.1 (Backup Designated Router) GigabitEthernet 13/23 is up, line protocol is up Internet Address 192.168.0.1/24, Area 0.0.0.1 Process ID 1, Router ID 192.168.253.2, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State DROTHER, Priority 1 Designated Router (ID) 192.168.253.5, Interface address 192.168.0.4 Backup Designated Router (ID) 192.168.253.3, Interface address 192.168.0.2 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:08 Neighbor Count is 3, Adjacent neighbor count is 2 Adjacent with neighbor 192.168.253.5 (Designated Router) Adjacent with neighbor 192.168.253.3 (Backup Designated Router) Loopback 0 is up, line protocol is up Internet Address 192.168.253.2/32, Area 0.0.0.1 Process ID 1, Router ID 192.168.253.2, Network Type LOOPBACK, Cost: 1 Loopback interface is treated as a stub Host. Force10>

Example

Table 104 Command Example Descriptions: show ip ospf process-id interface Line beginning with
GigabitEthernet... Internet Address... Process ID... Transmit Delay... Designated Router... Backup Designated...

Description
This line identifies the interface type slot/port and the status of the OSPF protocol on that interface. This line displays the IP address, network mask and area assigned to this interface. This line displays the OSPF Process ID, Router ID, Network type and cost metric for this interface. This line displays the interfaces settings for Transmit Delay, State, and Priority. In the State setting, BDR is Backup Designated Router. This line displays the ID of the Designated Router and its interface address. This line displays the ID of the Backup Designated Router and its interface address.

1126

Open Shortest Path First (OSPFv2 and OSPFv3)

show ip ospf neighbor Table 104 Command Example Descriptions: show ip ospf process-id interface Line beginning with
Timer intervals... Hello due... Neighbor Count...

Description
This line displays the interfaces timer settings for Hello interval, Dead interval, Transmit Delay (Wait), and Retransmit Interval. This line displays the amount time till the next Hello packet is sent out this interface. This line displays the number of neighbors and adjacent neighbors. Listed below this line are the details about each adjacent neighbor.

show ip ospf neighbor

ces
Syntax Parameters

Display the OSPF neighbors configured. show ip ospf process-id neighbor process-id
Enter the OSPF Process ID to show a specific process. If no Process ID is entered, command applies only to the first OSPF process.

Command Modes

EXEC EXEC Privilege

Command History

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1

Introduced support of Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

Example

Table 105 Command Example Descriptions: show ip ospf process-id neighbor Row Heading
Neighbor ID Pri

Description
Displays the neighbor router ID. Displays the priority assigned neighbor.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1127

show ip ospf routes Table 105 Command Example Descriptions: show ip ospf process-id neighbor Row Heading
State Dead Time Address Interface Area

Description
Displays the OSPF state of the neighbor. Displays the expected time until FTOS declares the neighbor dead. Displays the IP address of the neighbor. Displays the interface type slot/port information. Displays the neighbors area (process ID).

show ip ospf routes

ces
Syntax Parameters

Display routes as calculated by OSPF and stored in OSPF RIB. show ip ospf process-id routes process-id
Enter the OSPF Process ID to show a specific process. If no Process ID is entered, command applies only to the first OSPF process.

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0

Introduced support of Multi-Process OSPF. Introduced on S-Series Introduced on C-Series and E-Series

Usage Information

If you are using Multi-Process OSPF, you must enter the Process ID to view information regarding a specific OSPF process. If you do not enter the Process ID, only the first configured process is listed. This command is useful in isolating routing problems between OSPF and RTM. For example, if a route is missing from the RTM/FIB but is visible from the display output of this command, then likely the problem is with downloading the route to the RTM. This command has the following limitations: The display output is sorted by prefixes; intra-area ECMP routes are not displayed together. For Type 2 external routes, type1 cost is not displayed.

1128

Open Shortest Path First (OSPFv2 and OSPFv3)

show ip ospf statistics Figure 369 Command Example: show ip ospf process-id routes
Force10#show ip ospf 100 route Prefix 1.1.1.1 3.3.3.3 13.0.0.0 150.150.150.0 172.30.1.0 Force10# Cost 1 2 1 2 2 Nexthop 0.0.0.0 13.0.0.3 0.0.0.0 13.0.0.3 13.0.0.3 Interface Lo 0 Gi 0/47 Gi 0/47 Gi 0/47 Gi 0/47 Area 0 1 0 1 Type Intra-Area Intra-Area Intra-Area External Intra-Area

Example

show ip ospf statistics

ces
Syntax Parameters

Display OSPF statistics. show ip ospf process-id statistics global | [interface name {neighbor router-id}] process-id
Enter the OSPF Process ID to show a specific process. If no Process ID is entered, command applies only to the first OSPF process. Enter the keyword global to display the packet counts received on all running OSPF interfaces and packet counts received and transmitted by all OSPF neighbors. (OPTIONAL) Enter the keyword interface followed by one of the following interface keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/ port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

global

interface name

neighbor router-id

(OPTIONAL) Enter the keyword neighbor followed by the neighbors router-id in dotted decimal format (A.B.C.D.).

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History

Version 7.8.1.0 Version 7.6.1.0

Introduced support of Multi-Process OSPF. Introduced on S-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1129

show ip ospf statistics

Version 7.5.1.0 Version 7.4.1.0 Usage Information

Introduced on C-Series Introduced on E-Series

Example

OSPF Global Queue Length TxQ-Len Hello-Q 0 LSR-Q 0 Other-Q 0

RxQ-Len 0 0 0

Error packets (Only for RX) Intf-Down Wrong-Len Auth-Err Version No-Buffer Q-OverFlow 0 0 0 0 0 0 Non-Dr Invld-Nbr MD5-Err AreaMis Seq-No Unkown-Pkt 0 0 0 0 0 0 Self-Org Nbr-State Chksum Conf-Issues Socket 0 0 0 0 0

Error packets (Only for TX) Socket Errors Force10# 0

Table 106 Command Example Descriptions: show ip ospf statistics process-id global Row Heading Description
Total Error Hello DDiscr LSReq LSUpd LSAck TxQ-Len RxQ-Len Tx-Mark Rx-Mark Hello-Q Displays the total number of packets received/transmitted by the OSPF process Displays the error count while receiving and transmitting packets by the OSPF process Number of OSPF Hello packets Number of database description packets Number of link state request packets Number of link state update packets Number of link state acknowledgement packets The transmission queue length The reception queue length The highest number mark in the transmission queue The highest number mark in the reception queue The queue, for transmission or reception, for the hello packets

1130

Open Shortest Path First (OSPFv2 and OSPFv3)

show ip ospf statistics Table 106 Command Example Descriptions: show ip ospf statistics process-id global Row Heading Description
LSR-Q Other-Q The queue, for transmission or reception, for the link state request packets. The queue, for transmission or reception, for the link state acknowledgement, database description, and update packets.

Table 107 Error Definitions: show ip ospf statistics process-id global Error Type
Intf_Down Non-Dr Self-Org Wrong_Len Invld-Nbr Nbr-State Auth-Error MD5-Error Cksum-Err Version AreaMismatch Conf-Issue No-Buffer Seq-no Socket Q-overflow Unknown-Pkt

Description
Received packets on an interface that is either down or OSPF is not enabled. Received packets with a destination address of ALL_DRS even though SELF is not a designated router Receive the self originated packet The received packet length is different to what was indicated in the OSPF header LSA, LSR, LSU, and DDB are received from a peer which is not a neighbor peer LSA, LSR, and LSU are received from a neighbor with stats less than the loading state Simple authentication error MD5 error Checksum Error Version mismatch Area mismatch The received hello packet has a different hello or dead interval than the configuration Buffer allocation failure A sequence no errors occurred during the database exchange process Socket Read/Write operation error Packet(s) dropped due to queue overflow Received packet is not an OSPF packet

The show ip ospf process-id statistics command displays the error packet count received on each interface as: The hello-timer remaining value for each interface The wait-timer remaining value for each interface The grace-timer remaining value for each interface The packet count received and transmitted for each neighbor Dead timer remaining value for each neighbor Transmit timer remaining value for each neighbor The LSU Q length and its highest mark for each neighbor The LSR Q length and its highest mark for each neighbor

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1131

show ip ospf topology Figure 371 Command Example: show ip ospf process-id statistics
Force10#show ip ospf 100 statistics Interface GigabitEthernet 0/8 Hello-Timer 9, Wait-Timer 0, Grace-Timer 0 Error packets (Only for RX) Intf-Down Wrong-Len Auth-Error Version SeqNo-Err 0 0 0 0 0 Non-Dr Invld-Nbr MD5-Error AreaMisMatch Unkown-Pkt 0 0 0 0 0 Self-Org Nbr-State Cksum-Err Conf-Issue 0 0 0 0

Example

Neighbor ID 9.1.1.2 RX TX Hello 59 62 DDiscr 3 2 LSReq 1 1 LSUpd 1 0 0 0 1 LSAck 1 0

Dead-Timer LSU-Q-Len LSR-Q-Len

37, Transmit-Timer 0, LSU-Q-Wmark 0, LSR-Q-Wmark

Related Commands

clear ip ospf statistics

Clear the packet statistics in all interfaces and neighbors

show ip ospf topology

ces
Syntax Parameters

Display routers in directly connected areas. show ip ospf process-id topology process-id
Enter the OSPF Process ID to show a specific process. If no Process ID is entered, command applies only to the first OSPF process.

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0

Introduced support of Multi-Process OSPF. Introduced on S-Series Introduced on C-Series and E-Series

Usage Information

1132

Open Shortest Path First (OSPFv2 and OSPFv3)

show ip ospf virtual-links

This command can be used to isolate problems with inter-area and external routes. In OSPF inter-area and external routes are calculated by adding LSA cost to the cost of reaching the router. If an inter-area or external route is not of correct cost, the display can determine if the path to the originating router is correct or not.
Example

Figure 372 Command Example: show ip ospf process-id topology

Force10#show ip ospf 1 topology Router ID 3.3.3.3 1.1.1.1 Force10# Flags Cost Nexthop E/B/-/ 1 20.0.0.3 E/-/-/ 1 10.0.0.1 Interface Gi 13/1 0 Gi 7/1 Area 1

show ip ospf virtual-links

ces
Syntax Parameters

Display the OSPF virtual links configured and is useful for debugging OSPF routing operations. If no OSPF virtual-links are enabled on the switch, no output is generated. show ip ospf process-id virtual-links process-id
Enter the OSPF Process ID to show a specific process. If no Process ID is entered, command applies only to the first OSPF process.

Command Modes

EXEC EXEC Privilege

Command History

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1

Introduced support of Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1133

show ip ospf virtual-links Figure 373 Command Example: show ip ospf process-id virtual-links
Force10#show ip ospf 1 virt Virtual Link to router 192.168.253.5 is up Run as demand circuit Transit area 0.0.0.1, via interface GigabitEthernet 13/16, Cost of using 2 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:02 Force10#

Example

Table 108 Command Example Descriptions: show ip ospf process-id virtual-links Items
Virtual Link... Run as... Transit area... Transmit Delay... Timer intervals...

Description
This line specifies the OSPF neighbor to which the virtual link was created and the links status. This line states the nature of the virtual link. This line identifies the area through which the virtual link was created, the interface used, and the cost assigned to that link. This line displays the transmit delay assigned to the link and the State of the OSPF neighbor. This line displays the timer values assigned to the virtual link. The timers are Hello is hello-interval, Dead is dead-interval, Wait is transmit-delay, and Retransmit is retransmit-interval. This line displays the amount of time until the next Hello packet is expected from the neighbor router. This line displays the adjacency state between neighbors.

Hello due... Adjacency State...

1134

Open Shortest Path First (OSPFv2 and OSPFv3)

summary-address

summary-address
ces
Syntax

Set the OSPF ASBR to advertise one external route. summary-address ip-address mask [not-advertise] [tag tag-value] To disable summary address, use the no summary-address ip-address mask command.

Parameters

ip-address mask not-advertise tag tag-value

Specify the IP address in dotted decimal format of the address to be summarized. Specify the mask in dotted decimal format of the address to be summarized. (OPTIONAL) Enter the keyword not-advertise to suppress that match the network prefix/mask pair. (OPTIONAL) Enter the keyword tag followed by a value to match on routes redistributed through a route map. Range: 0 to 4294967295

Defaults Command Modes Command History

Not configured. ROUTER OSPF

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced support of Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

If you are using Multi-Process OSPF, you must enter the Process ID to view information regarding a specific OSPF process. If you do not enter the Process ID, only the first configured process is listed. The command area range summarizes routes for the different areas. With "not-advertise" parameter configured, this command can be used to filter out some external routes. For example, you want to redistribute static routes to OSPF, but you don't want OSPF to advertise routes with prefix 1.1.0.0. Then you can configure summary-address 1.1.0.0 255.255.0.0 not-advertise to filter out all the routes fall in range 1.1.0.0/16.

Related Commands

area range

Summarizes routes within an area.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1135

timers spf

timers spf
ces
Syntax

Set the time interval between when the switch receives a topology change and starts a shortest path first (SPF) calculation. timers spf delay holdtime To return to the default, enter no timers spf.

Parameters

delay

Enter a number as the delay. Range: 0 to 4294967295. Default: 5 seconds Enter a number as the hold time. Range: 0 to 4294967295. Default: 10 seconds.

holdtime

Defaults Command Modes Command History

delay = 5 seconds; holdtime = 10 seconds ROUTER OSPF

Version 7.8.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Introduced support of Multi-Process OSPF. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

Setting the delay and holdtime parameters to a low number enables the switch to switch to an alternate path quickly but requires more CPU usage.

1136

Open Shortest Path First (OSPFv2 and OSPFv3)

timers spf

OSPFv3 Commands
Open Shortest Path First version 3 (OSPFv3) for IPv6 is supported on the c and e platforms.

Note: The C-Series supports OSPFv3 with FTOS version 7.8.1.0 and later.

The fundamental mechanisms of OSPF (flooding, DR election, area support, SPF calculations, etc.) remain unchanged. However, OSPFv3 runs on a per-link basis instead of on a per-IP-subnet basis. Most changes were necessary to handle the increased address size of IPv6. The Force10 Networks implementation of OSPFv3 is based on IETF RFC 2740. The following commands allow you to configure and enable OSPFv3. area authentication area encryption clear ipv6 ospf process debug ipv6 ospf packet default-information originate graceful-restart grace-period graceful-restart mode ipv6 ospf area ipv6 ospf authentication ipv6 ospf cost ipv6 ospf dead-interval ipv6 ospf encryption ipv6 ospf graceful-restart helper-reject ipv6 ospf hello-interval ipv6 ospf priority ipv6 router ospf passive-interface redistribute router-id show crypto ipsec policy show crypto ipsec sa ipv6 show ipv6 ospf database show ipv6 ospf interface show ipv6 ospf neighbor

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1137

area authentication

area authentication
et
Syntax

Configure an IPsec authentication policy for OSPFv3 packets in an OSPFv3 area. area area-id authentication ipsec spi number {MD5 | SHA1} [key-encryption-type] key area area-id ipsec spi number MD5 | SHA1 key-encryption-type key
Area for which OSPFv3 traffic is to be authenticated. For area-id, you can enter a number or an IPv6 prefix. Security Policy index (SPI) value that identifies an IPsec security policy. Range: 256 to 4294967295. Authentication type: Message Digest 5 (MD5) or Secure Hash Algorithm 1 (SHA-1). (OPTIONAL) Specifies if the key is encrypted. Valid values: 0 (key is not encrypted) or 7 (key is encrypted). Text string used in authentication. For MD5 authentication, the key must be 32 hex digits (non-encrypted) or 64 hex digits (encrypted). For SHA-1 authentication, the key must be 40 hex digits (non-encrypted) or 80 hex digits (encrypted).

Parameters

Default Command Modes Command History Usage Information

Not configured. ROUTER OSPFv3

Version 8.4.2.0 Introduced

Before you enable IPsec authentication on an OSPFv3 area, you must first enable OSPFv3 globally on the router. You must configure the same authentication policy (same SPI and key) on each interface in an OSPFv3 link. An SPI number must be unique to one IPsec security policy (authentication or encryption) on the router. If you have enabled IPsec encryption in an OSPFv3 area with the area encryption command, you cannot use the area authentication command in the area at the same time. The configuration of IPsec authentication on an interface-level takes precedence over an area-level configuration. If you remove an interface configuration, an area authentication policy that has been configured is applied to the interface. To remove an IPsec authentication policy from an OSPFv3 area, enter the no area area-id authentication spi number command.

Related Commands

ipv6 ospf authentication show crypto ipsec policy

Configure an IPsec authentication policy on an OSPFv3 interface. Display the configuration of IPsec authentication policies.

1138

Open Shortest Path First (OSPFv2 and OSPFv3)

area encryption

area encryption
et
Syntax

Configure an IPsec encryption policy for OSPFv3 packets in an OSPFv3 area. area area-id encryption ipsec spi number esp encryption-algorithm [key-encryption-type] key authentication-algorithm [key-encryption-type] key area area-id ipsec spi number esp encryption-algo rithm key-encryption-type key
Area for which OSPFv3 traffic is to be encrypted. For area-id, you can enter a number or an IPv6 prefix. Security Policy index (SPI) value that identifies an IPsec security policy. Range: 256 to 4294967295. Encryption algorithm used with ESP. Valid values are: 3DES, DES, AES-CBC, and NULL. For AES-CBC, only the AES-128 and AES-192 ciphers are supported. (OPTIONAL) Specifies if the key is encrypted. Valid values: 0 (key is not encrypted) or 7 (key is encrypted). Text string used in encryption. The required lengths of a non-encrypted or encrypted key are: 3DES - 48 or 96 hex digits; DES - 16 or 32 hex digits; AES-CBC 32 or 64 hex digits for AES-128 and 48 or 96 hex digits for AES-192. Specifies the authentication algorithm to use for encryption. Valid values are MD5 or SHA1. (OPTIONAL) Specifies if the authentication key is encrypted. Valid values: 0 (key is not encrypted) or 7 (key is encrypted). Text string used in authentication. For MD5 authentication, the key must be 32 hex digits (non-encrypted) or 64 hex digits (encrypted). For SHA-1 authentication, the key must be 40 hex digits (non-encrypted) or 80 hex digits (encrypted). Causes an encryption policy configured for the area to not be inherited on the interface.

Parameters

authentication-algori thm key-encryption-type key

null

Default Command Modes Command History Usage Information

Not configured. ROUTER OSPFv3

Version 8.4.2.0 Introduced

Before you enable IPsec encryption on an OSPFv3 interface, you must first enable OSPFv3 globally on the router. You must configure the same encryption policy (same SPI and keys) on each interface in an OSPFv3 link. An SPI value must be unique to one IPsec security policy (authentication or encryption) on the router. Note that when you configure encryption for an OSPFv3 area with the area encryption command, you enable both IPsec encryption and authentication. However, when you enable authentication on an area with the area authentication command, you do not enable encryption at the same time.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1139

clear ipv6 ospf process

If you have enabled IPsec authentication in an OSPFv3 area with the area authentication command, you cannot use the area encryption command in the area at the same time. The configuration of IPsec encryption on an interface-level takes precedence over an area-level configuration. If you remove an interface configuration, an area encryption policy that has been configured is applied to the interface. To remove an IPsec encryption policy from an interface, enter the no area area-id encryption spi number command.
Related Commands
-

ipv6 ospf encryption show crypto ipsec policy

Configure an IPsec encryption policy on an OSPFv3 interface. Display the configuration of IPsec encryption policies.

clear ipv6 ospf process

ce
Syntax Parameters

Reset an OSPFv3 router process without removing or re-configuring the process. clear ipv6 ospf process [process-id] process-id EXEC EXEC Privilege
(OPTIONAL) Enter the process identification number.

Command Modes

Command History

Version 7.8.1.0 Version 7.4.1.0

Added support for C-Series Introduced

1140

Open Shortest Path First (OSPFv2 and OSPFv3)

debug ipv6 ospf packet

ce
Syntax

Display debug information on OSPF IPv6 packets. debug ipv6 ospf packet [interface] To cancel the debug, use the no debug ipv6 ospf packet [interface] command.

Parameters

interface

(OPTIONAL) Enter one of the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094

Command Modes Command History

EXEC Privilege
Version 7.8.1.0 Version 7.4.1.0 Added support for C-Series Introduced

Example

Figure 374 debug ipv6 ospf packet Command Example

Force10#debug ipv6 ospf packet OSPFv3 packet related debugging is on for all interfaces 05:21:01 : OSPFv3: Sending, Ver:3, Type:1(Hello), Len:40, Router ID:223.255.255.254, Area ID:0, Inst:0, on Po 255 05:21:03 : OSPFv3: Received, Ver:3, Type:1(Hello), Len:40, Router ID:223.255.255.255, Area ID:0, Chksum:a177, Inst:0, from Vl 100 05:20:25 : OSPFv3: Sending, Ver:3, Type:4(LS Update), Len:580, Router ID:223.255.255.254, Area ID:0, Inst:0, on Vl 1000 Force10#

Table 109 debug ip ospf Output Fields Field

OSPFv3 ... 05:21:01 Sending Ver:3

Description
Debugging is on for all OSPFv3 packets and all interfaces Displays the time stamp. Sending OSPF3 version.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1141

default-information originate

Table 109 debug ip ospf Output Fields Field

Type:

Description
Displays the type of packet sent: 1 - Hello packet 2 - database description 3 - link state request 4 - link state update 5 - link state acknowledgement

Length: Router ID: Area ID: Chksum:

Displays the packet length. Displays the OSPF3 router ID. Displays the Area ID. Displays the OSPF3 checksum.

default-information originate
ce
Syntax

Configure FTOS to generate a default external route into the OSPFv3 routing domain. default-information originate [always [metric metric-value] [metric-type type-value]] [route-map map-name] To return to the default, use the no default-information originate command.

Parameters

always metric metric-value

(OPTIONAL) Enter the keyword always to indicate that default route information must always be advertised. (OPTIONAL) Enter the keyword metric followed by the number to configure a metric value for the route. Range: 1 to 16777214 (OPTIONAL) Enter the keyword metric-type followed by the OSPFv3 link state type of 1 or 2 for default routes. The values are: 1 = Type 1 external route 2 = Type 2 external route Default: 2

metric-type type-value

route-map map-name

(OPTIONAL) Enter the keyword route-map followed by the name of an established route map.

Defaults Command Modes Command History

Disabled ROUTER OSPFv3

Version 7.8.1.0 Version 7.4.1.0 Added support for C-Series Introduced Redistribute routes from other routing protocols into OSPFv3.

Related Commands

redistribute

1142

Open Shortest Path First (OSPFv2 and OSPFv3)

graceful-restart grace-period

graceful-restart grace-period
et
Enable OSPFv3 graceful restart globally by setting the grace period (in seconds) that an OSPFv3 routers neighbors will continue to advertise the router as adjacent during a graceful restart. graceful-restart grace-period seconds To disable OSPFv3 graceful restart, enter no graceful-restart grace-period.
Parameters

Syntax

seconds

Time duration, in seconds, that specifies the duration of the restart process before OSPFv3 terminates the process. Range: 40 to 1800 seconds

Defaults Command Modes Command History Usage Information

OSPFv3 graceful restart is disabled and functions in a helper-only role. ROUTER OSPFv3
Version 8.4.2.2 Introduced on E-Series TeraScale.

By default, OSPFv3 graceful restart is disabled and functions only in a helper role to help restarting neighbor routers in their graceful restarts when it receives a Grace LSA. To enable OSPFv3 graceful restart, you must enter the ipv6 router ospf command to enter OSPFv3 configuration mode and then configure a grace period using the graceful-restart grace-period command. The grace period is the length of time that OSPFv3 neighbors continue to advertise the restarting router as though it is fully adjacent. When graceful restart is enabled (restarting role), an OSPFv3 restarting expects its OSPFv3 neighbors to help when it restarts by not advertising the broken link. When you enable the helper-reject role on an interface with the ipv6 ospf graceful-restart helper-reject command, you reconfigure OSPFv3 graceful restart to function in a restarting-only role. In a restarting-only role, OSPFv3 does not participate in the graceful restart of a neighbor.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1143

graceful-restart mode

graceful-restart mode
et
Syntax

Specify the type of events that trigger an OSPFv3 graceful restart. graceful-restart mode [planned-only | unplanned-only] To disable the configured graceful-restart mode, enter no graceful-restart mode.

Parameters

planned-only unplanned-only

Defaults Command Modes Command History Usage Information

OSPFv3 graceful restart supports both planned and unplanned failures. ROUTER OSPFv3
Version 8.4.2.2 Introduced on E-Series TeraScale.

OSPFv3 graceful restart supports planned-only and/or unplanned-only restarts. The default is support for both planned and unplanned restarts. A planned restart occurs when you enter the redundancy force-failover rpm command to force the primary RPM to switch to the backup RPM. During a planned restart, OSPF sends out a Type-11 Grace LSA before the system switches over to the backup RPM. An unplanned restart occurs when an unplanned event causes the active RPM to switch to the backup RPM, such as when an active process crashes, the active RPM is removed, or a power failure happens. During an unplanned restart, OSPF sends out a Grace LSA when the backup RPM comes online.

By default, both planned and unplanned restarts trigger an OSPFv3 graceful restart. Selecting one or the other mode restricts OSPFv3 to the single selected mode.

1144

Open Shortest Path First (OSPFv2 and OSPFv3)

ipv6 ospf area

ce
Syntax

Enable IPv6 OSPF on an interface. ipv6 ospf process-id area area-id To disable OSPFv6 routing for an interface, use the no ipv6 ospf process-id area area-id command.

Parameters

process-id area area-id

Enter the process identification number. Specify the OSPF area. Range: 0 to 65535

Defaults Command Modes Command History

No default values or behavior INTERFACE

Version 7.4.1.0 Introduced

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1145

ipv6 ospf authentication

et
Syntax

Configure an IPsec authentication policy for OSPFv3 packets on an IPv6 interface. ipv6 ospf authentication {null | ipsec spi number {MD5 | SHA1} [key-encryption-type] key} null ipsec spi number MD5 | SHA1 key-encryption-type key
Causes an authentication policy configured for the area to not be inherited on the interface. Security Policy index (SPI) value that identifies an IPsec security policy. Range: 256 to 4294967295. Authentication type: Message Digest 5 (MD5) or Secure Hash Algorithm 1 (SHA-1). (OPTIONAL) Specifies if the key is encrypted. Valid values: 0 (key is not encrypted) or 7 (key is encrypted). Text string used in authentication. For MD5 authentication, the key must be 32 hex digits (non-encrypted) or 64 hex digits (encrypted). For SHA-1 authentication, the key must be 40 hex digits (non-encrypted) or 80 hex digits (encrypted).

Parameters

Default Command Modes Command History Usage Information

Not configured. INTERFACE

Version 8.4.2.0 Introduced

Before you enable IPsec authentication on an OSPFv3 interface, you must first enable IPv6 unicast routing globally, configure an IPv6 address and enable OSPFv3 on the interface, and assign the interface to an area. An SPI value must be unique to one IPsec security policy (authentication or encryption) on the router. You must configure the same authentication policy (same SPI and key) on each OSPFv3 interface in a link. To remove an IPsec authentication policy from an interface, enter the no ipv6 ospf authentication spi number command. To remove null authentication on an interface to allow the interface to inherit the authentication policy configured for the OSPFv3 area, enter the no ipv6 ospf authentication null command.

Related Commands

area authentication show crypto ipsec policy show crypto ipsec sa ipv6

Configure an IPsec authentication policy for an OSPFv3 area. Display the configuration of IPsec authentication policies. Display the security associations set up for OSPFv3 interfaces in authentication policies.

1146

Open Shortest Path First (OSPFv2 and OSPFv3)

ipv6 ospf encryption

et
Syntax

Configure an IPsec encryption policy for OSPFv3 packets on an IPv6 interface. ipv6 ospf encryption {null | ipsec spi number esp encryption-algorithm [key-encryption-type] key authentication-algorithm [key-encryption-type] key} null ipsec spi number esp encryption-algo rithm key-encryption-type key
Causes an encryption policy configured for the area to not be inherited on the interface. Security Policy index (SPI) value that identifies an IPsec security policy. Range: 256 to 4294967295. Encryption algorithm used with ESP. Valid values are: 3DES, DES, AES-CBC, and NULL. For AES-CBC, only the AES-128 and AES-192 ciphers are supported. (OPTIONAL) Specifies if the key is encrypted. Valid values: 0 (key is not encrypted) or 7 (key is encrypted). Text string used in encryption. The required lengths of a non-encrypted or encrypted key are: 3DES - 48 or 96 hex digits; DES - 16 or 32 hex digits; AES-CBC 32 or 64 hex digits for AES-128 and 48 or 96 hex digits for AES-192. Specifies the authentication algorithm to use for encryption. Valid values are MD5 or SHA1. (OPTIONAL) Specifies if the authentication key is encrypted. Valid values: 0 (key is not encrypted) or 7 (key is encrypted). Text string used in authentication. For MD5 authentication, the key must be 32 hex digits (non-encrypted) or 64 hex digits (encrypted). For SHA-1 authentication, the key must be 40 hex digits (non-encrypted) or 80 hex digits (encrypted).

Parameters

authentication-algori thm key-encryption-type key

Default Command Modes Command History Usage Information

Not configured. INTERFACE

Version 8.4.2.0 Introduced

Before you enable IPsec encryption on an OSPFv3 interface, you must first enable IPv6 unicast routing globally, configure an IPv6 address and enable OSPFv3 on the interface, and assign the interface to an area. An SPI value must be unique to one IPsec security policy (authentication or encryption) on the router. You must configure the same encryption policy (same SPI and keys) on each OSPFv3 interface in a link. To remove an IPsec encryption policy from an interface, enter the no ipv6 ospf encryption spi number command. To remove null authentication on an interface to allow the interface to inherit the authentication policy configured for the OSPFv3 area, enter the no ipv6 ospf encryption null command.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1147

ipv6 ospf cost

Related Commands

area encryption show crypto ipsec policy show crypto ipsec sa ipv6

Configure an IPsec encryption policy for an OSPFv3 area. Display the configuration of IPsec encryption policies. Display the security associations set up for OSPFv3 interfaces in encryption policies.

ipv6 ospf cost

ce
Syntax

Explicitly specify the cost of sending a packet on an inter. ipv6 ospf cost interface-cost To reset the interface cost to the default value, use the no ipv6 ospf cost interface-cost command.

Parameters

interface-cost

Enter a unsigned integer value expressed as the link-state metric. Range: 1 to 65535

Defaults Command Modes Command History

Default cost based on the bandwidth INTERFACE

Version 7.8.1.0 Version 7.4.1.0 Added support for C-Series Introduced

Usage Information

In general, the path cost is calculated as: 10^8 / bandwidth Using this formula, the default path cost are calculated as: GigabitEthernetDefault cost is 1 TenGigabitEthernetDefault cost is 1 EthernetDefault cost is 10

1148

Open Shortest Path First (OSPFv2 and OSPFv3)

ipv6 ospf dead-interval

ce
Syntax

Set the time interval since the last hello-packet was received from a router. After the time interval elapses, the neighboring routers declare the router down. ipv6 ospf dead-interval seconds To return to the default time interval, use the no ipv6 ospf dead-interval command.

Parameters

seconds

Enter the time interval in seconds. Range: 1 to 65535 seconds Default: 40 seconds (Ethernet)

Defaults Command Modes Command History

As above INTERFACE
Version 7.8.1.0 Version 7.4.1.0 Added support for C-Series Introduced

Usage Information Related Commands

By default, the dead interval is four times longer than the default hello-interval.

ipv6 ospf hello-interval

Specify the time interval between hello packets

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1149

ipv6 ospf graceful-restart helper-reject

et
Syntax

Configure an OSPFv3 interface to not act upon the Grace LSAs that it receives from a restarting OSPFv3 neighbor. graceful-restart helper-reject To disable the helper-reject role, enter no ipv6 ospf graceful-restart helper-reject.

Defaults Command Modes Command History Usage Information

The helper-reject role is not configured. INTERFACE

Version 8.4.2.2 Introduced on E-Series TeraScale.

By default, OSPFv3 graceful restart is disabled and functions only in a helper role to help restarting neighbor routers in their graceful restarts when it receives a Grace LSA. When configured in a helper-reject role, an OSPFv3 router ignores the Grace LSAs that it receives from a restarting OSPFv3 neighbor. The graceful-restart role command is not supported in OSPFv3. When you enable the helper-reject role on an interface, you reconfigure an OSPFv3 router to function in a restarting-only role.

1150

Open Shortest Path First (OSPFv2 and OSPFv3)

ipv6 ospf hello-interval

ce
Syntax

Specify the time interval between the hello packets sent on the interface. ipv6 ospf hello-interval seconds To return to the default value, enter no ipv6 ospf hello-interval.

Parameters

seconds

Enter a the time interval in seconds as the time between hello packets. Range: 1 to 65535. Default: 10 seconds (Ethernet)

Defaults Command Modes Command History

As above INTERFACE
Version 7.8.1.0 Version 7.4.1.0 Added support for C-Series Introduced

Usage Information Related Commands

The time interval between hello packets must be the same for routers in a network.

ipv6 ospf dead-interval

Set the time interval since the last hello-packet was received from a router.

ipv6 ospf priority

ce
Syntax

Set the priority of the interface to determine the Designated Router for the OSPFv3 network. ipv6 ospf priority number To return to the default value, use the no ipv6 ospf priority command.

Parameters

number

Enter a number as the priority. Range: 0 to 255. Default: 1

Defaults Command Modes Command History

1 INTERFACE
Version 7.8.1.0 Version 7.4.1.0 Added support for C-Series Introduced

Usage Information

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1151

ipv6 router ospf

ce
Syntax

Enable OSPF for IPv6 router configuration. ipv6 router ospf process-id To exit OSPF for IPv6, enter no ipv6 router ospf process-id

Parameters

process-id

Enter the process identification number. Range: 1 to 65535

Defaults Command Modes Command History

No default behavior or values CONFIGURATION

Version 7.8.1.0 Version 7.4.1.0 Added support for C-Series Introduced

passive-interface
ce
Syntax

Disable (suppress) sending routing updates on an interface. passive-interface interface To enable sending routing updates on an interface, use the no passive-interface interface command.

Parameters

interface

Enter the following keywords and slot/port or number information: For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

Defaults Command Modes Command History

Enabled, that is sending of routing updates are enabled by default ROUTER OSPFv3
Version 7.8.1.0 Version 7.4.1.0 Added support for C-Series Introduced

Usage Information

By default, no interfaces are passive. Routing updates are sent to all interfaces on which the routing protocol is enabled. Open Shortest Path First (OSPFv2 and OSPFv3)

1152

redistribute

If you disable the sending of routing updates on an interface, the particular address prefix will continue to be advertised to other interfaces, and updates from other routers on that interface continue to be received and processed. OSPFv3 for IPv6 routing information is neither sent nor received through the specified router interface. The specified interface address appears as a stub network in the OSPFv3 for IPv6 domain.

redistribute
ce
Syntax

Redistribute into OSPFv3. redistribute {bgp as number} {connected | static} [metric metric-value | metric-type type-value] [route-map map-name] [tag tag-value] To disable redistribution, use the no redistribute {connected | static} command.

Parameters

bgp as number connected static metric metric-value

Enter the keyword bgp followed by the autonomous system number. Range: 1 to 65535 Enter the keyword connected to redistribute routes from physically connected interfaces. Enter the keyword static redistribute manually configured routes. Enter the keyword metric followed by the metric value. Range: 0 to 16777214 Default: 20 (OPTIONAL) Enter the keyword metric-type followed by the OSPFv3 link state type of 1 or 2 for default routes. The values are: 1 = Type 1 external route 2 = Type 2 external route Default: 2

metric-type type-value

route-map map-name tag tag-value

(OPTIONAL) Enter the keyword route-map followed by the name of an established route map. If the route map is not configured, the default is deny (to drop all routes). (OPTIONAL) Enter the keyword tag to set the tag for routes redistributed into OSPFv3. Range: 0 to 4294967295 Default: 0

Default Command Modes Command History

Not configured. ROUTER OSPFv3

Version 7.8.1.0 Version 7.4.1.0 Added support for C-Series Introduced

Usage Information Related Commands

To redistribute the default route (x:x:x:x::x), configure the default-information originate command.
default-information originate Configure default external route into OSPFv3

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1153

router-id

router-id
ce
Syntax

Designate a fixed router ID. router-id ip-address To return to the previous router ID, use the no router-id ip-address command.

Parameters

ip-address

Enter the router ID in the dotted decimal format.

Defaults Command Modes Command History

The router ID is selected automatically from the set of IPv4 addresses configured on a router ROUTER OSPF
Version 7.8.1.0 Version 7.4.1.0 Added support for C-Series Introduced

Usage Information

You can configure an arbitrary value in the IP address for each router. However, each router ID must be unique. If this command is used on an OSPFv3 process that is already active (has neighbors), all the neighbor adjacencies are brought down immediately and new sessions are initiated with the new router ID.

Related Commands

clear ipv6 ospf process

Reset an OSPFv3 router process

show crypto ipsec policy

et
Syntax Parameters

Display the configuration of IPsec authentication and encryption policies. show crypto ipsec policy [name name] name name
(OPTIONAL) Displays configuration details about a specified policy.

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History Usage Information Related Commands

Version 8.4.2.0

Introduced

The show crypto ipsec policy command output displays the AH and ESP parameters configured in IPsec security policies, including the SPI number, keys, and algorithms used.
show crypto ipsec sa ipv6 Display the IPsec security associations used on OSPFv3 interfaces.

1154

Open Shortest Path First (OSPFv2 and OSPFv3)

show crypto ipsec policy

Example

Figure 375 show crypto ipsec policy Command

Force10#show crypto ipsec policy Crypto IPSec client security policy data Policy name : OSPFv3-1-502 Policy refcount : 1 Inbound ESP SPI : 502 (0x1F6) Outbound ESP SPI : 502 (0x1F6) Inbound ESP Auth Key : 123456789a123456789b123456789c12 Outbound ESP Auth Key : 123456789a123456789b123456789c12 Inbound ESP Cipher Key : 123456789a123456789b123456789c123456789d12345678 Outbound ESP Cipher Key : 123456789a123456789b123456789c123456789d12345678 Transform set : esp-3des esp-md5-hmac Crypto IPSec client security policy data Policy name : OSPFv3-1-500 Policy refcount : 2 Inbound AH SPI : 500 (0x1F4) Outbound AH SPI : 500 (0x1F4) Inbound AH Key : bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97e Outbound AH Key : bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97e Transform set : ah-md5-hmac Crypto IPSec client security policy data Policy name : OSPFv3-0-501 Policy refcount : 1 Inbound ESP SPI : 501 (0x1F5) Outbound ESP SPI : 501 (0x1F5) Inbound ESP Auth Key : bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97eb7c0 c30808825fb5 Outbound ESP Auth Key : bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97eb7c0 c30808825fb5 Inbound ESP Cipher Key : bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba10345a1039ba8f8a Outbound ESP Cipher Key : bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba10345a1039ba8f8a Transform set : esp-128-aes esp-sha1-hmac

Table 110 show crypto ipsec policy Command Fields Field

Policy name Policy refcount Inbound ESP SPI Outbound ESP SPI Inbound ESP Auth Key Outbound ESP Auth Key Inbound ESP Cipher Key Outbound ESP Cipher Key Transform set

Description
Displays the name of an IPsec policy. Number of interfaces on the router that use the policy. The encapsulating security payload (ESP) security policy index (SPI) for inbound and outbound links. The ESP authentication key for inbound and outbound links. The ESP encryption key for inbound and outbound links. The set of security protocols and algorithms used in the policy.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1155

show crypto ipsec sa ipv6

Table 110 show crypto ipsec policy Command Fields Field

Inbound AH SPI Outbound AH SPI Inbound AH Key Outbound AH Key

Description
The authentication header (AH) security policy index (SPI) for inbound and outbound links. The AH key for inbound and outbound links.

show crypto ipsec sa ipv6

et
Syntax Parameters

Display the IPsec security associations (SAs) used on OSPFv3 interfaces. show crypto ipsec sa ipv6 [interface interface] interface interface
(OPTIONAL) Displays information about the SAs used on a specified OSPFv3 interface, where interface is one of the following values: For a 1-Gigabit Ethernet interface, enter GigabitEthernet slot/port. For a Port Channel interface, enter port-channel number. Valid port-channel numbers (on an E-Series TeraScale): 1 to 255. For a 10-Gigabit Ethernet interface, enter TenGigabitEthernet slot/port. For a VLAN interface, enter vlan vlan-id. Valid VLAN IDs: 1 to 4094.

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History Usage Information Related Commands

Version 8.4.2.0

Introduced

The show crypto ipsec sa ipv6 command output displays security associations set up for OSPFv3 links in IPsec authentication and encryption policies on the router.
show crypto ipsec policy Display the configuration of IPsec authentication and encryption policies.

1156

Open Shortest Path First (OSPFv2 and OSPFv3)

show crypto ipsec sa ipv6

Example

Figure 376 show crypto ipsec sa ipv6 Command

Force10#show crypto ipsec policy Force10#show crypto ipsec sa ipv6 Interface: TenGigabitEthernet 0/0 Link Local address: fe80::201:e8ff:fe40:4d10 IPSecv6 policy name: OSPFv3-1-500 inbound ah sas spi : 500 (0x1f4) transform : ah-md5-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE outbound ah sas spi : 500 (0x1f4) transform : ah-md5-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE inbound esp sas outbound esp sas Interface: TenGigabitEthernet 0/1 Link Local address: fe80::201:e8ff:fe40:4d11 IPSecv6 policy name: OSPFv3-1-600 inbound ah sas outbound ah sas inbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE outbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE

Table 111 show crypto ipsec sa ipv6 Command Fields Field

Interface Link local address IPSecv6 policy name inbound/outbound ah inbound/outbound esp spi transform in use settings replay detection support STATUS

Description
IPv6 interface IPv6 address of interface Name of the IPsec security policy applied to the interface. Authentication policy applied to inbound or outbound traffic. Encryption policy applied to inbound or outbound traffic. Security policy index number used to identify the policy. Security algorithm that is used to provide authentication, integrity, and confidentiality. Transform that the SA uses (only transport mode is supported). Y: An SA has enabled the replay detection feature. N: The replay detection feature is not enabled. ACTIVE: The authentication or encryption policy is enabled on the interface.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1157

show ipv6 ospf database

ce
Syntax Parameters

Display information in the OSPFv3 database, including link-state advertisements (LSAs). show ipv6 ospf database [database-summary | grace-lsa] database-summary grace-lsa
(OPTIONAL) Enter the keywords database-summary to view a summary of database LSA information. (OPTIONAL) E-Series TeraScale only: Enter the keywords grace-lsa to display the Type-11 Grace LSAs sent and received on an OSPFv3 router.

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History

Version 8.4.2.2 Version 7.8.1.0 Version 7.4.1.0

Added support for the display of graceful restart parameters and Type-11 Grace LSAs on E-Series TeraScale routers. Added support for C-Series Introduced

Example

Figure 377 show ipv6 ospf database grace-lsa Command

Force10#show ipv6 ospf database grace-lsa ! Type-11 Grace LSA (Area 0) LS Age Link State ID Advertising Router LS Seq Number Checksum Length Associated Interface Restart Interval Restart Reason : : : : : : : : : 10 6.16.192.66 100.1.1.1 0x80000001 0x1DF1 36 Gi 5/3 180 Switch to Redundant Processor

1158

Open Shortest Path First (OSPFv2 and OSPFv3)

show ipv6 ospf database

Example

Figure 378 show ipv6 ospf database database-summary Command

Force10#show ipv6 ospf database database-summary OSPFv3 Router with ID (1.1.1.1) (Process ID 1) Process 1 database summary Type Count/Status Oper Status 1 Admin Status 1 Area Bdr Rtr Status 1 AS Bdr Rtr Status 1 AS Scope LSA Count 0 AS Scope LSA Cksum sum 0 Originate New LSAS 50 Rx New LSAS 22 Ext LSA Count 0 Rte Max Eq Cost Paths 10 GR grace-period 180 GR mode planned and unplanned Area 0 database summary Type Count/Status Brd Rtr Count 1 AS Bdr Rtr Count 1 LSA count 6 Rtr LSA Count 2 Net LSA Count 1 Inter Area Pfx LSA Count 1 Inter Area Rtr LSA Count 0 Group Mem LSA Count 0 Type-7 LSA count 0 Intra Area Pfx LSA Count 2 Intra Area TE LSA Count 2 Area 1 database summary Type Count/Status Brd Rtr Count 1 AS Bdr Rtr Count 1 LSA count 8 Rtr LSA Count 1 Net LSA Count 0 Inter Area Pfx LSA Count 5 Inter Area Rtr LSA Count 0 Group Mem LSA Count 0 Type-7 LSA count 0 Intra Area Pfx LSA Count 2 Intra Area TE LSA Count 2 E1200-T2C2#sh ipv6 ospf neighbor Neighbor ID Interface 63.114.8.36 Pri 1 State FULL/DR Dead Time Interface ID 00:00:37 4 Gi 9/0

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1159

show ipv6 ospf interface

ce
Syntax Parameters

View OSPFv3 interface information. show ipv6 ospf [interface] interface

Defaults Command Modes Command History

No default behavior or values EXEC

Version 7.8.1.0 Version 7.4.1.0 Added support for C-Series Introduced

Example

Figure 379 show ipv6 ospf interface command

Force10#show ipv6 ospf interface gigabitethernet 1/0 GigabitEthernet 1/0 is up, line protocol is up Link Local Address fe80::201:e8ff:fe17:5bbd, Interface ID 67420217 Area 0, Process ID 1, Instance ID 0, Router ID 11.1.1.1 NetworkType BROADCAST, Cost: 1, Passive: No Transmit Delay is 100 sec, State DR, Priority 1 Designated router on this network is 11.1.1.1 (local) No backup designated router on this network Timer intervals configured, Hello 10, Dead 40, Wait 1, Retransmit 5 Force10#

1160

Open Shortest Path First (OSPFv2 and OSPFv3)

show ipv6 ospf neighbor

ce
Syntax Parameters

Display the OSPF neighbor information on a per-interface basis. show ipv6 ospf neighbor [interface] interface
(OPTIONAL) Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by the VLAN ID. The range is from 1 to 4094.

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History

Version 7.8.1.0 Version 7.4.1.0

Added support for C-Series Introduced

Example

Figure 380 show ipv6 ospf neighbor Command Example

Force10#show ipv6 ospf neighbor gi 9/0 Neighbor ID 63.114.8.36 Force10# Pri 1 State FULL/DR Dead Time Interface ID Interface 00:00:38 4 Gi 9/0

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1161

show ipv6 ospf neighbor

1162

Open Shortest Path First (OSPFv2 and OSPFv3)

Chapter 39
Overview

Policy-based Routing (PBR)

Policy-based Routing (PBR) enables you to apply routing policies to specific interfaces. To enable PBR, you create a redirect list and then apply it to the interface. Once the redirect list is applied to the interface, all traffic passing through the interface is subject to the rules defined in the redirect list. PBR is supported by FTOS on the C-Series, E-Series, and S-Series platforms.

Commands
Policy-based routing includes the following commands: description ip redirect-group ip redirect-list permit redirect seq show cam pbr show ip redirect-list

PBR can be applied to physical interfaces and logical interfaces (such as LAG or VLAN). Trace lists and redirect lists do not function correctly when both are configured in the same configuration.

Note: Apply Policy-based Routing to Layer 3 interfaces only.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1163

description

description
ces
Syntax

Add a description to this redirect list. description {description} To remove the description, use the no description {description} command.

Parameters

description

Enter a description to identify the IP redirect list (80 characters maximum).

Defaults Command Modes Command History

No default behavior or values REDIRECT-LIST

Version 8.4.2.1 Version 8.4.2.0 pre-Version 7.7.1.0 Introduced on the C-Series and S-Series Introduced on the E-Series TeraScale Introduced on the E-Series ExaScale Enable an IP Redirect List

Related Commands

ip redirect-list

ip redirect-group
ces
Syntax

Apply a redirect list (policy-based routing) on an interface. You can apply multiple redirect lists to an interface by entering this command multiple times. ip redirect-group redirect-list-name To remove a redirect list from an interface, use the no ip redirect-group name command.

Parameters Defaults Command Modes Command History

redirect-list-name

Enter the name of a configured redirect list.

No default behavior or values INTERFACE (conf-if-vl-)

Version 8.4.2.1 Version 8.4.2.0 Version 7.4.2.0 Version 6.5.3.0 Introduced on the C-Series and S-Series Introduced on the E-Series TeraScale Added support for LAG and VLAN interfaces Introduced on the E-Series ExaScale

Usage Information

Any number of redirect-groups can be applied to an interface. A redirect list can contain any number of configured rules. These rules includes the next-hop IP address where the incoming traffic is to be redirected.

1164

Policy-based Routing (PBR)

ip redirect-list

If the next hop address is reachable, traffic is forwarded to the specified next hop. Otherwise the normal routing table is used to forward traffic. When a redirect-group is applied to an interface and the next-hop is reachable, the rules are added into the PBR CAM region. When incoming traffic hits an entry in the CAM, the traffic is redirected to the corresponding next-hop IP address specified in the rule.

Note: Apply redirect list to physical, VLAN, or LAG interfaces only.

Related Commands

show cam pbr show ip redirect-list

Display the content of the PBR CAM. Display the redirect-list configuration.

ip redirect-list
ces
Syntax

Configure a redirect list and enter the REDIRECT-LIST mode. ip redirect-list redirect-list-name To remove a redirect list, enter no ip redirect-list.

Parameters Defaults Command Modes Command History

redirect-list-name

Enter the name of a redirect list.

No default behavior or values CONFIGURATION

Version 8.4.2.1 Version 8.4.2.0 Version 6.5.3.0 Introduced on the C-Series and S-Series Introduced on the E-Series TeraScale Introduced on the E-Series ExaScale

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1165

permit

permit
ces
Syntax

Configure a rule for the redirect list. permit {ip-protocol-number | protocol-type } {source mask | any | host ip-address} {destination mask | any | host ip-address} [bit] [operators] To remove the rule, use one of the following: If you know the filter sequence number, use the no seq sequence-number syntax. no permit {ip-protocol-number | protocol-type } {source mask | any | host ip-address} {destination mask | any | host ip-address} [bit] [operators] ip-protocol-number
protocol-type Enter a number from 0 to 255 for the protocol identified in the IP protocol header. Enter one of the following keywords as the protocol type:

Parameters

icmp for Internet Control Message Protocol ip for Any Internet Protocol tcp for Transmission Control Protocol udp for User Datagram Protocol

source mask any host ip-address destination bit

Enter the IP address of the network or host from which the packets were sent. Enter a network mask in /prefix format (/x). Enter the keyword any to specify that all traffic is subject to the filter. Enter the keyword host followed by the IP address to specify a host IP address. Enter the IP address of the network or host to which the packets are sent. (OPTIONAL) For TCP protocol type only, enter one or a combination of the following TCP flags:

ack = acknowledgement fin = finish (no more data from the user) psh = push function rst = reset the connection syn = synchronize sequence number urg = urgent field

operator

(OPTIONAL) For TCP and UDP parameters only. Enter one of the following logical operand:

eq = equal to neq = not equal to gt = greater than lt = less than range = inclusive range of ports (you must specify two ports for the port command parameter.)

Defaults Command Modes Command History

No default behavior or values REDIRECT-LIST

Version 8.4.2.1 Introduced on the C-Series and S-Series

1166

Policy-based Routing (PBR)

redirect

Version 8.4.2.0 Version 7.5.1.0

Introduced on the E-Series TeraScale Introduced on the E-Series ExaScale

redirect
ces
Syntax

Configure a rule for the redirect list. redirect {ip-address | sonet slot/port} {ip-protocol-number | protocol-type [bit]} {source mask | any | host ip-address} {destination mask | any | host ip-address} [operator] To remove this filter, use one of the following: Use the no seq sequence-number command syntax if you know the filters sequence number. Use the no redirect {ip-address | sonet slot/port} {ip-protocol-number [bit] | protocol-type} {source mask | any | host ip-address} {destination mask | any | host ip-address} [operator]
Enter the IP address of the forwarding router. Enter the keyword sonet followed by the slot/port information. Enter a number from 0 to 255 for the protocol identified in the IP protocol header. Enter one of the following keywords as the protocol type:

Parameters

ip-address

sonet slot/port ip-protocol-number

protocol-type

icmp for Internet Control Message Protocol ip for Any Internet Protocol tcp for Transmission Control Protocol udp for User Datagram Protocol

bit

(OPTIONAL) For TCP protocol type only, enter one or a combination of the following TCP flags:

ack = acknowledgement fin = finish (no more data from the user) psh = push function rst = reset the connection syn = synchronize sequence number urg = urgent field

source mask any host ip-address

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1167

seq

destination operator

Enter the IP address of the network or host to which the packets are sent. (OPTIONAL) For TCP and UDP parameters only. Enter one of the following logical operand:

eq = equal to neq = not equal to gt = greater than lt = less than range = inclusive range of ports (you must specify two ports for the port command parameter.)

Defaults Command Modes Command History

No default behavior or values REDIRECT-LIST

Version 8.4.2.1 Version 8.4.2.0 Version 7.4.1.0 Version 6.5.3.0 Introduced on the C-Series and S-Series Introduced on the E-Series TeraScale Added the bit variable for TCP protocols only Introduced on the E-Series ExaScale

seq
ces
Syntax

Configure a filter with an assigned sequence number for the redirect list. seq sequence-number {permit | redirect {ip-address | sonet slot/port}} {ip-protocol-number | protocol-type} {source mask | any | host ip-address} {destination mask | any | host ip-address} [bit] [operator] To delete a filter, use the no seq sequence-number command.

Parameters

sequence-number

Enter a number from 1 to 65535. Enter the keyword permit assign the sequence to the permit list. Enter the keyword redirect to assign the sequence to the redirect list. Enter the IP address of the forwarding router. Enter the keyword sonet followed by the slot/port information. Enter a number from 0 to 255 for the protocol identified in the IP protocol header. Enter one of the following keywords as the protocol type:

permit redirect
ip-address

sonet slot/port ip-protocol-number

protocol-type

icmp for Internet Control Message Protocol ip for Any Internet Protocol tcp for Transmission Control Protocol udp for User Datagram Protocol

source

Enter the IP address of the network or host from which the packets were sent.

1168

Policy-based Routing (PBR)

seq

mask any host ip-address destination bit

Enter a network mask in /prefix format (/x). Enter the keyword any to specify that all traffic is subject to the filter. Enter the keyword host followed by the IP address to specify a host IP address. Enter the IP address of the network or host to which the packets are sent. (OPTIONAL) For TCP protocol type only, enter one or a combination of the following TCP flags:

ack = acknowledgement fin = finish (no more data from the user) psh = push function rst = reset the connection syn = synchronize sequence number urg = urgent field

operator

(OPTIONAL) For TCP and UDP parameters only. Enter one of the following logical operand:

eq = equal to neq = not equal to gt = greater than lt = less than range = inclusive range of ports (you must specify two ports for the port command parameter.)

Defaults Command Modes Command History

No default behavior or values REDIRECT-LIST

Version 8.4.2.1 Version 8.4.2.0 Version 7.5.1.0 Version 6.5.3.0 Introduced on the C-Series and S-Series Introduced on the E-Series TeraScale Added the bit variable and Permit and Redirect Introduced on the E-Series ExaScale

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1169

show cam pbr

ces
Syntax

Display the PBR CAM content. show cam pbr {[interface interface] | linecard slot-number port-set number]} [summary] interface interface linecard slot-number
Enter the keyword interface followed by the name of the interface. Enter the keyword linecard followed the slot number. Range: 0 to 13 for the E1200, 0 to 6 for the E600/E600i, 0 to 5 for the E300 Enter the keyword port-set followed the port-pipe number. Range: 0 to 1 Enter the keyword summary to view only the total number of CAM entries.

Parameters

port-set number summary

Defaults Command Modes Command History Example

No default values or behavior EXEC

Version 7.4.1.0 Introduced

Figure 381 Command example: show cam pbr linecard 2 port-set 0

Force10#Force10#show cam pbr linecard 2 p 0 TCP Flag: Bit 5 - URG, Bit 4 - ACK, Bit 3 - PSH, Bit 2 - RST, Bit 1 - SYN, Bit 0 FIN Cam Port VlanID Proto Tcp Src Dst SrcIp DstIp Next-hop Egress Index Flag Port Port MAC Port -----------------------------------------------------------------------------------------------------. . . 15230 _ 10 TCP 0x10 0 0 100.55.1.0/24 182.16.1.1/24 N/A N/A Force10#

Usage Information Related Commands

The show cam pbr command displays the PBR CAM content. The VlanID column displays the corresponding VLAN ID to which the redirect-group is applied.
ip redirect-group show ip redirect-list show cam-usage Apply a redirect group to an interface. Display the redirect-list configuration. Display the CAM usage on ACL, router, or switch.

1170

Policy-based Routing (PBR)

show ip redirect-list

show ip redirect-list
ces
Syntax Parameters Command Modes

View the redirect list configuration and the interfaces it is applied to. show ip redirect-list redirect-list-name
redirect-list-name Enter the name of a configured Redirect list.

EXEC EXEC Privilege

Example

Figure 382 show ip redirect-list Command Example

Force10#show ip redirect-list test_sonet IP redirect-list rcl0: Defined as: seq 5 permit ip any host 182.16.2.10 seq 10 redirect 182.16.1.2 ip any any, Next-hop un-reachable, ARP un-resolved Applied interfaces: Gi 9/0 So 8/2 Vl 10 Po 3 Force10#

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1171

show ip redirect-list

1172

Policy-based Routing (PBR)

Chapter 40
Overview

PIM-Dense Mode (PIM-DM)

PIM-DM is supported on E-Series ExaScale ex in FTOS 8.1.1.0. and later. PIM-DM is supported on E-Series TeraScale et, C-Series c, and S-Series s platforms in FTOS 8.4.2.0. and later. For information on the commands required to configure and use PIM-Dense Mode (PIM-DM), refer to: IPv4 PIM Commands on page 1215 IPv4 PIM-Dense Mode Commands

IPv4 PIM-Dense Mode Commands

The IPv4 PIM-Dense Mode (PIM-DM) commands are: ip pim dense-mode

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1173

ip pim dense-mode

ip pim dense-mode
ces
Syntax

Enable PIM Dense-Mode (PIM-DM) Multicast capability for the specified interface. ip pim dense-mode To disable PIM-DM, use the no ip pim dense-mode command.

Defaults Command Modes Command History

Disabled INTERFACE
Version 8.4.2.1 Version 8.4.2.0 Version 8.1.1.0 Version 6.5.1.0 Introduced on the C-Series and S-Series Introduced on the E-Series TeraScale Introduced on the E-Series ExaScale Introduced

Example

Figure 383 ip pim dense-mode Command Example

Force10#conf Force10(conf)# interface gigabitethernet 3/27 Force10(gigabitethernet 3/27)# ip address 10.1.1.1 /24 Force10(gigabitethernet 3/27)# no shut Force10(gigabitethernet 3/27)# ip pim dense-mode Force10#

Usage Information

Currently, the chassis operates in either PIM Dense-Mode or PIM Sparse-Mode. The mode configuration for the first PIM enabled interface determines the mode for the entire chassis. Subsequent configurations, on other interfaces, to enable PIM is only accepted if the mode is the same as the original configuration mode. The chassis PIM mode can be changed if PIM-configuration from all interfaces are removed prior to applying a new PIM mode configuration.
ip pim sparse-mode show ip pim tib Configure sparse-mode Display PIM tree information.

Related Commands

1174

PIM-Dense Mode (PIM-DM)

Chapter 41
Overview

PIM-Sparse Mode (PIM-SM)

The platforms on which a command is supported is indicated by the character e for the E-Series, c for the C-Series, and s for the S-Series that appears below each command heading. PIM is supported on E-Series ExaScale ex with FTOS 8.1.1.0. and later. This chapter contains the following sections: IPv4 PIM-Sparse Mode Commands IPv6 PIM-Sparse Mode Commands

IPv4 PIM-Sparse Mode Commands

The IPv4 PIM-Sparse Mode (PIM-SM) commands are: clear ip pim rp-mapping clear ip pim tib clear ip pim snooping tib debug ip pim ip pim bsr-border ip pim bsr-candidate ip pim dr-priority ip pim graceful-restart ip pim join-filter ip pim ingress-interface-map ip pim neighbor-filter ip pim query-interval ip pim register-filter ip pim rp-address ip pim rp-candidate ip pim snooping ip pim sparse-mode ip pim sparse-mode sg-expiry-timer ip pim spt-threshold Publication Date: July 20, 2011 1175

Command Line Reference for FTOS version 8.4.2.4

clear ip pim rp-mapping

no ip pim snooping dr-flood show ip pim bsr-router show ip pim interface show ip pim neighbor show ip pim rp show ip pim snooping interface show ip pim snooping neighbor show ip pim snooping tib show ip pim summary show ip pim tib show running-config pim

clear ip pim rp-mapping

ces
Syntax Parameters

Used by the bootstrap router (BSR) to remove all or particular Rendezvous Point (RP) Advertisement. clear ip pim rp-mapping rp-address rp-address EXEC Privilege
Version 8.1.1.0 Version 7.8.1.0 Introduced on E-Series ExaScale Introduced on S-Series (OPTIONAL) Enter the RP address in dotted decimal format (A.B.C.D)

Command Modes Command History

clear ip pim tib

ces
Syntax Parameters

Clear PIM tree information from the PIM database. clear ip pim tib [group] group EXEC Privilege
Version 8.1.1.0 Version 7.8.1.0 Introduced on E-Series ExaScale Introduced on S-Series (OPTIONAL) Enter the multicast group address in dotted decimal format (A.B.C.D)

Command Modes Command History

1176

PIM-Sparse Mode (PIM-SM)

clear ip pim snooping tib

ces
Syntax Parameters

Clear tree information discovered by PIM-SM snooping from the PIM database. clear ip pim snooping tib [vlan vlan-id] [group-address]
vlan vlan-id group-address (OPTIONAL) Enter a VLAN ID to clear TIB information learned through PIM-SM snooping about a specified VLAN. Valid VLAN IDs: 1 to 4094. (OPTIONAL) Enter a multicast group address in dotted decimal format (A.B.C.D) to clear TIB information learned through PIM-SM snooping about a specified multicast group.

Command Modes Command History Related Commands

EXEC Privilege
Version 8.4.1.1 Introduced on E-Series ExaScale

show ip pim snooping tib

Display TIB information learned through PIM-SM snooping.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1177

debug ip pim

debug ip pim
ces
Syntax

Parameters

bsr events group packet [in | out]

(OPTIONAL) Enter the keyword bsr to view PIM Candidate RP/BSR activities. (OPTIONAL) Enter the keyword events to view PIM events. (OPTIONAL) Enter the keyword group to view PIM messages for a specific group. (OPTIONAL) Enter the keyword packet to view PIM packets. Enter one of the optional parameters in: to view incoming packets out: to view outgoing packets.

register state timer [assert | hello | joinprune | register]

(OPTIONAL) Enter the keyword register to view PIM register address in dotted decimal format (A.B.C.D). (OPTIONAL) Enter the keyword state to view PIM state changes. (OPTIONAL) Enter the keyword timer to view PIM timers. Enter one of the optional parameters: assert: to view the assertion timer. hello: to view the PIM neighbor keepalive timer. joinprune: to view the expiry timer (join/prune timer) register: to view the register suppression timer.

Defaults Command Modes Command History

Disabled EXEC Privilege

Version 8.1.1.0 Version 7.8.1.0 Introduced on E-Series ExaScale Introduced on S-Series

ip pim bsr-border
ces
Syntax

Define the border of PIM domain by filtering inbound and outbound PIM-BSR messages per interface. ip pim bsr-border To return to the default value, enter no ip pim bsr-border.

Defaults Command Modes

Disabled INTERFACE PIM-Sparse Mode (PIM-SM)

1178

ip pim bsr-candidate

Command History

Version 8.1.1.0 Version 7.8.1.0

Introduced on E-Series ExaScale Introduced on C-Series on port-channels and S-Series.

Usage Information

This command is applied to the subsequent PIM-BSR. Existing BSR advertisements are cleaned up by time out. Candidate RP advertisements can be cleaned using the clear ip pim rp-mapping command.

ip pim bsr-candidate
ces
Syntax

Configure the PIM router to join the Bootstrap election process. ip pim bsr-candidate interface [hash-mask-length] [priority] To return to the default value, enter no ip pim bsr-candidate.

Parameters

interface

Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Loopback interface, enter the keyword loopback followed by a number from 0 to 16383. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/ port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

hash-mask-length

(OPTIONAL) Enter the hash mask length. Range: zero (0) to 32 Default: 30 (OPTIONAL) Enter the priority used in Bootstrap election process. Range: zero (0) to 255 Default: zero (0)

priority

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 7.8.1.0 Version 6.1.1.0 Introduced on S-Series Added support for VLAN interface

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1179

ip pim dr-priority

ip pim dr-priority
ces
Syntax

Change the Designated Router (DR) priority for the interface. ip pim dr-priority priority-value To remove the DR priority value assigned, use the no ip pim dr-priority command.

Parameters

priority-value

Enter a number. Preference is given to larger/higher number. Range: 0 to 4294967294 Default: 1

Defaults Command Modes Command History

1 INTERFACE
Version 8.1.1.0 Version 7.8.1.0 Introduced on E-Series ExaScale Introduced on C-Series on port-channels and S-Series

Usage Information

The router with the largest value assigned to an interface becomes the Designated Router. If two interfaces contain the same DR priority value, the interface with the largest interface IP address becomes the Designated Router.

ip pim graceful-restart
e
Syntax Parameters

This feature permits configuration of Non-stop Forwarding (NFS or graceful restart) capability of a
PIM router to its neighbors.

[ipv6] ip pim graceful-restart {helper-only | nsf [restart-time | stale-entry-time]} ipv6 helper-only nsf restart-time
Enter this keyword to enable graceful-restart for IPv6 Multicast Routes. Enter the keyword helper-only to configure as a receiver (helper) only by preserving the PIM status of a graceful restart PIM neighboring router. Enter the keyword nfs to configure the Non-stop Forwarding capability. (OPTIONAL) Enter the keyword restart-time followed by the number of seconds estimated for the PIM speaker to restart. Range: 30 to 300 seconds Default: 180 seconds (OPTIONAL) Enter the keyword stale-entry-time followed by the number of seconds for which entries are kept alive after restart. Range: 30 to 300 seconds Default: 60 seconds

stale-entry-time

Defaults Command Modes

as above CONFIGURATION

1180

PIM-Sparse Mode (PIM-SM)

ip pim join-filter

Command History

Version 8.2.1.0 Version 7.6.1.0

Introduced on E-Series ExaScale. Added the ipv6 option for E-Series. Introduced on E-Series

Usage Information

When an NSF-capable router comes up, it announces the graceful restart capability and restart duration as a Hello option. The receiving router notes the Hello option. Routers not NSF capable will discard the unknown Hello option and adjacency is not affected. When an NSF-capable router goes down, neighboring PIM speaker preserves the states and continues the forwarding of multicast traffic while the neighbor router restarts.

ip pim join-filter
ces
Permit or deny PIM Join/Prune messages on an interface using an extended IP access list. This command prevents the PIM SM router from creating state based on multicast source and/or group. ip pim join-filter ext-access-list {in | out} Remove the access list using the command no ip pim join-filter ext-access-list {in | out}
Parameters

Syntax

ext-access-list in out

Enter the name of an extended access list. Enter this keyword to apply the access list to inbound traffic. Enter this keyword to apply the access list to outbound traffic.

Defaults Command Modes Command History

None INTERFACE
Version 8.1.1.0 Version 7.8.1.0 Version 7.7.1.0 Introduced on E-Series ExaScale Introduced on C-Series on port-channels and S-Series Introduced on E-Series.

Example

Figure 384 ip pim join-filter Command Example

Force10(conf)# ip access-list extended iptv-channels Force10(config-ext-nacl)# permit ip 10.1.2.3/24 225.1.1.0/24 Force10(config-ext-nacl)# permit ip any 232.1.1.0/24 Force10(config-ext-nacl)# permit ip 100.1.1.0/16 any Force10(config-if-gi-1/1)# ip pim join-filter iptv-channels in Force10(config-if-gi-1/1)# ip pim join-filter iptv-channels out

Related Commands

ip access-list extended

Configure an access list based on IP addresses or protocols.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1181

ip pim ingress-interface-map

ip pim ingress-interface-map
ces
Syntax Parameters

When the Force10 system is the RP, statically map potential incoming interfaces to (*,G) entries to create a lossless multicast forwarding environment. ip pim ingress-interface-map std-access-list std-access-list None INTERFACE
Version 8.4.1.0 Introduced Enter the name of an standard access list that permits the

Defaults Command Modes Command History Example

Force10(conf)# ip access-list standard map1 Force10(config-std-nacl)# permit 224.0.0.1/24 Force10(config-std-nacl)#exit Force10(conf)#int gig 1/1 Force10(config-if-gi-1/1)# ip pim ingress-interface-map map1

ip pim neighbor-filter
ces
Syntax

Configure this feature to prevent a router from participating in protocol independent Multicast (PIM). ip pim neighbor-filter {access-list} To remove the restriction, use the no ip pim neighbor-filter {access-list} command.

Parameters

access-list Defaults. CONFIGURATION.

Version 8.1.1.0 Version 7.8.1.0 Version 7.6.1.0

Enter the name of a standard access list. Maximum 16 characters.

Defaults Command Modes Command History

Introduced on E-Series ExaScale Introduced on C-Series and S-Series Introduced on the E-Series

Usage Information

Do not enter this command before creating the access-list.

1182

PIM-Sparse Mode (PIM-SM)

ip pim query-interval

ip pim query-interval
ces
Syntax

Change the frequency of PIM Router-Query messages. ip pim query-interval seconds To return to the default value, enter no ip pim query-interval seconds command.

Parameters

seconds

Enter a number as the number of seconds between router query messages. Default: 30 seconds Range: 0 to 65535

Defaults Command Modes Command History

30 seconds INTERFACE
Version 8.1.1.0 Version 7.8.1.0 Introduced on E-Series ExaScale Introduced on C-Series on port-channels and S-Series

ip pim register-filter
ces
Syntax

Use this feature to prevent a PIM source DR from sending register packets to an RP for the specified multicast source and group. ip pim register-filter access-list To return to the default, use the no ip pim register-filter access-list command.

Parameters

access-list Not configured CONFIGURATION

Version 7.8.1.0 Version 7.6.1.0

Enter the name of an extended access list. Maximum 16 characters.

Defaults Command Modes Command History

Introduced on C-Series and S-Series Introduced

Usage Information

The access name is an extended IP access list that denies PIM register packets to RP at the source DR based on the multicast and group addresses. Do not enter this command before creating the access-list.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1183

ip pim rp-address

ip pim rp-address
ces
Syntax

Configure a static PIM Rendezvous Point (RP) address for a group or access-list. ip pim rp-address address {group-address group-address mask} override To remove an RP address, use the no ip pim rp-address address {group-address group-address mask} override command.

Parameters

address group-address group-address mask override

Enter the RP address in dotted decimal format (A.B.C.D). Enter the keyword group-address followed by a group-address mask, in dotted decimal format (/xx), to assign that group address to the RP. Enter the keyword override to override the BSR updates with static RP. The override will take effect immediately during enable/disable. Note: This option is applicable to multicast group range.

Defaults Command Modes Command History

Not configured CONFIGURATION

Version 8.1.1.0 Version 7.8.1.0 pre-Version 6.1.1.1 Introduced on E-Series ExaScale Introduced on S-Series Introduced on E-Series

Usage Information

This address is used by first-hop routers to send Register packets on behalf of source multicast hosts. The RP addresses are stored in the order in which they are entered. RP addresses learned via BSR take priority over static RP addresses. Without the override option, RPs advertised by the BSR updates take precedence over the statically configured RPs.

1184

PIM-Sparse Mode (PIM-SM)

ip pim rp-candidate

ip pim rp-candidate
ces
Syntax

Configure a PIM router to send out a Candidate-RP-Advertisement message to the Bootstrap (BS) router or define group prefixes that are defined with the RP address to PIM BSR. ip pim rp-candidate {interface [priority] To return to the default value, enter no ip pim rp-candidate {interface [priority] command.

Parameters

interface

Enter the following keywords and slot/port or number information: For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Loopback interface, enter the keyword loopback followed by a number from 0 to 16383. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

priority

(OPTIONAL) Enter the priority used in Bootstrap election process. Range: zero (0) to 255 Default: 192

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 8.1.1.0 Version 7.8.1.0 pre-Version 6.1.1.1 Introduced on E-Series ExaScale Introduced on S-Series Introduced on E-Series

Usage Information

Priority is stored at BSR router when receiving a Candidate-RP-Advertisement.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1185

ip pim snooping

ip pim snooping
ex
Syntax

Enable PIM-SM snooping globally on a switch or on a VLAN interface. ip pim snooping [enable] To disable PIM-SM snooping enter the no form of the command.

Defaults Command Modes

Disabled. CONFIGURATION: To configure PIM-SM snooping globally, enter the ip pim snooping
enable command in global configuration mode.

VLAN INTERFACE: To configure PIM-SM snooping on a VLAN interface, enter the ip pim snooping command in VLAN interface configuration mode.
Command History Usage Information Version 8.4.1.1 Introduced on E-Series ExaScale

Because PIM-SM snooping is used in a Layer 2 environment, PIM-SM snooping and PIM multicast routing are mutually exclusive. PIM-SM snooping cannot be enabled on a switch/ router if PIM-SM or PIM-DM is enabled. If enabled at the global level, PIM-SM snooping is automatically enabled on all VLANs unless the no ip pim snooping command has been entered on a VLAN. If enabled at the VLAN level, PIM-SM snooping requires that you also enter the no shutdown command to enable the interface. PIM-SM snooping is supported with IGMP snooping, and forwards the IGMP report on the port that connects to the PIM DR. It is recommended that you do not enable IGMP snooping on a PIM-SM snooping-enabled VLAN interface unless until it is necessary for VLAN operation. PIM-SM snooping listens to PIM hello and PIM-SM join and prune messages while maintaining the VLAN- and port-specific information in multicast packets that are snooped. To display information about the operation of PIM-SM snooping on a switch, enter the show ip pim summary command.

Related Commands

show ip pim snooping tib

Display TIB information learned through PIM-SM snooping.

1186

PIM-Sparse Mode (PIM-SM)

ip pim sparse-mode

ip pim sparse-mode
ces
Syntax

Enable PIM sparse mode and IGMP on the interface. ip pim sparse-mode To disable PIM sparse mode and IGMP, enter no ip pim sparse-mode.

Defaults Command Modes Command History

Disabled. INTERFACE
Version 8.1.1.0 Version 7.8.1.0 Introduced on E-Series ExaScale Introduced on C-Series on port-channels and S-Series

Usage Information

C-Series supports a maximum of 31 PIM interfaces. The interface must be enabled (no shutdown command) and not have the switchport command configured. Multicast must also be enabled globally (using the ip multicast-lag-hashing command). PIM is supported on the port-channel interface.

Related Commands

ip multicast-lag-hashing

Enable multicast globally.

ip pim sparse-mode sg-expiry-timer

ces
Syntax

Enable expiry timers globally for all sources, or for a specific set of (S,G) pairs defined by an access list. ip pim sparse-mode sg-expiry-timer seconds [access-list name] To disable configured timers and return to default mode, enter no ip pim sparse-mode sg-expiry-timer.

Parameters

seconds access-list name

Enter the number of seconds the S, G entries will be retained. Range 211-86400 (OPTIONAL) Enter the name of a previously configured Extended ACL to enable the expiry time to specified S,G entries

Defaults Command Modes Command History

Disabled. The default expiry timer (with no times configured) is 210 sec. CONFIGURATION
Version 8.1.1.0 Version 7.8.1.0 Version 7.7.1.1 Introduced on E-Series ExaScale Introduced Introduced

Usage Information

This command configures an expiration timer for all S.G entries, unless they are assigned to an Extended ACL.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1187

ip pim spt-threshold

ip pim spt-threshold
ce
Syntax

Configure PIM router to switch to shortest path tree when the traffic reaches the specified threshold value. ip pim spt-threshold value | infinity To return to the default value, enter no ip pim spt-threshold.

Parameters

value

(OPTIONAL) Enter the traffic value in kilobits per second. Default: 10 packets per second. A value of zero (0) will cause a switchover on the first packet. (OPTIONAL) To never switch to the source-tree, enter the keyword infinity.

infinity
Defaults Command Modes Command History Usage Information

Not configured. CONFIGURATION

Version 8.1.1.0 Introduced on E-Series ExaScale

This is applicable to last hop routers on the shared tree towards the Rendezvous Point (RP).

1188

PIM-Sparse Mode (PIM-SM)

no ip pim snooping dr-flood

ex
Syntax

Disable the flooding of multicast packets to the PIM designated router. no ip pim snooping dr-flood To re-enable the flooding of multicast packets to the PIM designated router, enter the ip pim snooping dr-flood command.

Defaults Command Modes Command History Usage Information

Enabled. CONFIGURATION
Version 8.4.1.1 Introduced on E-Series ExaScale

By default, when you enable PIM-SM snooping, a switch floods all multicast traffic to the PIM designated router (DR), including unnecessary multicast packets. To minimize the traffic sent over the network to the designated router, you can disable designated-router flooding. When designated-router flooding is disabled, PIM-SM snooping only forwards the multicast traffic, which belongs to a multicast group for which the switch receives a join request, on the port connected towards the designated router. If the PIM DR flood is not disabled (default setting): Multicast traffic is transmitted on the egress port towards the PIM DR if the port is not the incoming interface. Multicast traffic for an unknown group is sent on the port towards the PIM DR. When DR flooding is disabled, multicast traffic for an unknown group is dropped.

Related Commands

ip pim snooping

Enable PIM-SM snooping.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1189

show ip pim bsr-router

ces
Syntax Command Modes

View information on the Bootstrap router. show ip pim bsr-router EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.8.1.0

Introduced on E-Series ExaScale Introduced on S-Series

Example

Figure 385 show ip pim bsr-router Command Example

E600-7-rpm0#show ip pim bsr-router PIMv2 Bootstrap information This system is the Bootstrap Router (v2) BSR address: 7.7.7.7 (?) Uptime: 16:59:06, BSR Priority: 0, Hash mask length: 30 Next bootstrap message in 00:00:08 This system is a candidate BSR Candidate BSR address: 7.7.7.7, priority: 0, hash mask length: 30

1190

PIM-Sparse Mode (PIM-SM)

show ip pim interface

ces
Syntax Command Modes

View information on the interfaces with IP PIM enabled. show ip pim interface EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.8.1.0

Introduced on E-Series ExaScale Introduced on S-Series

Example

Figure 386 show ip pim interface Command Example

E600-7-RPM0#show ip pim interface Address Interface Ver/ Nbr Mode Count 172.21.200.254 Gi 7/9 v2/S 0 172.60.1.2 Gi 7/11 v2/S 0 192.3.1.1 Gi 7/16 v2/S 1 192.4.1.1 Gi 13/5 v2/S 0 172.21.110.1 Gi 13/6 v2/S 0 172.21.203.1 Gi 13/7 v2/S 0 Query Intvl 30 30 30 30 30 30 DR DR Prio 1 172.21.200.254 1 172.60.1.2 1 192.3.1.1 1 192.4.1.1 1 172.21.110.1 1 172.21.203.1

Table 112 show ip pim interface Command Example Fields Field

Address Interface Ver/Mode

Description
Lists the IP addresses of the interfaces participating in PIM. List the interface type, with either slot/port information or ID (VLAN or Port Channel), of the interfaces participating in PIM. Displays the PIM version number and mode for each interface participating in PIM. v2 = PIM version 2 S = PIM Sparse mode

Nbr Count Query Intvl DR Prio DR

Displays the number of PIM neighbors discovered over this interface. Displays the query interval for Router Query messages on that interface (configured with ip pim query-interval command). Displays the Designated Router priority value configured on the interface (ip pim dr-priority command). Displays the IP address of the Designated Router for that interface.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1191

show ip pim neighbor

ces
Syntax Command Modes

View PIM neighbors. show ip pim neighbor EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.8.1.0

Introduced on E-Series ExaScale Introduced on S-Series

Example

Figure 387 show ip pim neighbor Command Example

Force10#show ip pim neighbor Neighbor Interface Address 127.87.3.4 Gi 7/16 Force10# Uptime/Expires 09:44:58/00:01:24 Ver v2 DR Prio/Mode 1 / S

Table 113 show ip pim neighbor Command Example Fields Field

Neighbor address Interface Uptime/expires

Description
Displays the IP address of the PIM neighbor. List the interface type, with either slot/port information or ID (VLAN or Port Channel), on which the PIM neighbor was found. Displays the amount of time the neighbor has been up followed by the amount of time until the neighbor is removed from the multicast routing table (that is, until the neighbor hold time expires). Displays the PIM version number. v2 = PIM version 2 1 = default Designated Router priority (use ip pim dr-priority) DR = Designated Router S = Sparse mode Displays the Designated Router priority and the mode.

Ver DR prio/Mode

1192

PIM-Sparse Mode (PIM-SM)

show ip pim rp

show ip pim rp
ces
Syntax Parameters

View all multicast groups-to-RP mappings. show ip pim rp [mapping | group-address] mapping group-address
(OPTIONAL) Enter the keyword mapping to display the multicast groups-to-RP mapping and information on how RP is learnt. (OPTIONAL) Enter the multicast group address mask in dotted decimal format to view RP for a specific group.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.8.1.0

Introduced on E-Series ExaScale Introduced on S-Series

Example 1

Figure 388 show ip pim rp mapping Command Example 1

Force10#sh ip pim rp Group RP 224.2.197.115 165.87.20.4 224.2.217.146 165.87.20.4 224.3.3.3 165.87.20.4 225.1.2.1 165.87.20.4 225.1.2.2 165.87.20.4 229.1.2.1 165.87.20.4 229.1.2.2 165.87.20.4 Force10#

Example 2

Figure 389 show ip pim rp mapping Command Example 2

Force10#sh ip pim rp mapping Group(s): 224.0.0.0/4 RP: 165.87.20.4, v2 Info source: 165.87.20.5, via bootstrap, priority 0 Uptime: 00:03:11, expires: 00:02:46 RP: 165.87.20.3, v2 Info source: 165.87.20.5, via bootstrap, priority 0 Uptime: 00:03:11, expires: 00:03:03 Force10#

Example 3

Figure 390 show ip pim rp group-address Command Example 3

Force10#sh ip pim rp 229.1.2.1 Group RP 229.1.2.1 165.87.20.4 Force10#

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1193

show ip pim snooping interface

ex
Syntax Parameters

Display information on VLAN interfaces with PIM-SM snooping enabled. show ip pim snooping interface [vlan vlan-id]
vlan vlan-id (OPTIONAL) Enter a VLAN ID to display information about a specified VLAN configured for PIM-SM snooping. Valid VLAN IDs: 1 to 4094.

Command Modes

EXEC EXEC Privilege

Command History Example

Version 8.4.1.1

Introduced on E-Series ExaScale

Figure 391 show ip pim snooping interface Command Example

Force10#show ip pim snooping interface Interface Ver Nbr DR DR Count Prio Vlan 2 v2 3 1 165.87.32.2

Table 114 show ip pim snooping interface Command Example Fields Field
Interface Ver/Mode

Description
Displays the VLAN interfaces with PIM-SM snooping enabled. Displays the PIM version number for each VLAN interface with PIM-SM snooping enabled: v2 = PIM version 2 S = PIM Sparse mode

Nbr Count DR Prio DR

Displays the number of neighbors learned through PIM-SM snooping on the interface. Displays the Designated Router priority value configured on the interface (ip pim dr-priority command). Displays the IP address of the Designated Router for that interface.

1194

PIM-Sparse Mode (PIM-SM)

show ip pim snooping neighbor

ex
Syntax Parameters

Display information on PIM neighbors learned through PIM-SM snooping. show ip pim snooping neighbor [vlan vlan-id]
vlan vlan-id (OPTIONAL) Enter a VLAN ID to display information about PIM neighbors that was discovered by PIM-SM snooping on a specified VLAN. Valid VLAN IDs: 1 to 4094.

Command Modes

EXEC EXEC Privilege

Command History Example

Version 8.4.1.1

Introduced on E-Series ExaScale

Figure 392 show ip pim snooping neighbor Command Example

Force10#show ip pim snooping neighbor Neighbor Address 165.87.32.2 165.87.32.10 165.87.32.12 Interface Vl 2 [Gi 4/13 ] Vl 2 [Gi 4/11 ] Vl 2 [Gi 4/20 ] Uptime/Expires 00:04:03/00:01:42 00:00:46/00:01:29 00:00:51/00:01:24 Ver v2 v2 v2 DR Prio 1 0 0

Table 115 show ip pim snooping neighbor Command Example Fields Field
Neighbor address Interface Uptime/expires

Description
Displays the IP address of the neighbor learned through PIM-SM snooping. Displays the VLAN ID number and slot/port on which the PIM-SM-enabled neighbor was discovered. Displays the amount of time the neighbor has been up followed by the amount of time until the neighbor is removed from the multicast routing table (that is, until the neighbor hold time expires). Displays the PIM version number. v2 = PIM version 2 1 = default Designated Router priority (use ip pim dr-priority) DR = Designated Router S = Sparse mode Displays the Designated Router priority and the mode.

Ver DR prio/Mode

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1195

show ip pim snooping tib

ex
Syntax Parameters

Display information from the tree information base (TIB) discovered by PIM-SM snooping about multicast group members and states. show ip pim snooping tib [vlan vlan-id] [group-address [source-address]]
vlan vlan-id group-address (OPTIONAL) Enter a VLAN ID to display TIB information discovered by PIM-SM snooping on a specified VLAN. Valid VLAN IDs: 1 to 4094. (OPTIONAL) Enter the group address in dotted decimal format (A.B.C.D) to display TIB information discovered by PIM-SM snooping for a specified multicast group. (OPTIONAL) Enter the source address in dotted decimal format (A.B.C.D) to display TIB information discovered by PIM-SM snooping for a specified multicast source.

source-address

Command Modes

EXEC EXEC Privilege

Command History Example

Version 8.4.1.1

Introduced on E-Series ExaScale

Figure 393 show ip pim snooping tib Command Example

Force10#show ip pim snooping tib PIM Multicast Snooping Table Flags: J/P - (*,G) Join/Prune, j/p - (S,G) Join/Prune SGR-P - (S,G,R) Prune Timers: Uptime/Expires * : Inherited port (*, 225.1.2.1), uptime 00:00:01, expires 00:02:59, RP 165.87.70.1, flags: J Incoming interface: Vlan 2, RPF neighbor 0.0.0.0 Outgoing interface list: GigabitEthernet 4/11 RPF 165.87.32.2 00:00:01/00:02:59 GigabitEthernet 4/13 Upstream Port -/Force10#show ip pim snooping tib vlan 2 225.1.2.1 165.87.1.7 PIM Multicast Snooping Table Flags: J/P - (*,G) Join/Prune, j/p - (S,G) Join/Prune SGR-P - (S,G,R) Prune Timers: Uptime/Expires * : Inherited port (165.87.1.7, 225.1.2.1), uptime 00:00:08, expires 00:02:52, flags: j Incoming interface: Vlan 2, RPF neighbor 0.0.0.0 Outgoing interface list: GigabitEthernet 4/11 Upstream Port -/GigabitEthernet 4/13 DR Port -/GigabitEthernet 4/20 RPF 165.87.32.10 00:00:08/00:02:52

1196

PIM-Sparse Mode (PIM-SM)

show ip pim snooping tib

Table 116 show ip pim snooping tib Command Example Fields Field
(S, G) uptime expires RP flags

Description
Displays the entry in the PIM multicast snooping database. Displays the amount of time the entry has been in the PIM multicast route table. Displays the amount of time until the entry expires and is removed from the database. Displays the IP address of the RP/source for this entry. List the flags to define the entries: S = PIM Sparse Mode C = directly connected L = local to the multicast group P = route was pruned R = the forwarding entry is pointing toward the RP F = FTOS is registering this entry for a multicast source T = packets were received via Shortest Tree Path J = first packet from the last hop router is received and the entry is ready to switch to SPT K=acknowledge pending state

Incoming interface RPF neighbor Outgoing interface list:

Displays the reverse path forwarding (RPF) interface towards the RP/source. Displays the next hop from this interface towards the RP/source. Lists the interfaces that meet one of the following criteria: a directly connect member of the Group. statically configured member of the Group. received a (*,G) Join message.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1197

show ip pim summary

ces
Syntax Command Modes

View information about PIM-SM operation. show ip pim summary EXEC EXEC Privilege

Command History

Version 8.4.1.1 Version 8.1.1.0 Version 7.8.1.0

Support for the display of PIM-SM snooping status was added on E-Series ExaScale Introduced on E-Series ExaScale Introduced on S-Series

Example

Figure 394 show ip pim summary Command Example

Force10#show ip pim summary PIM TIB version 495 Uptime 22:44:52 Entries in PIM-TIB/MFC : 2/2 Active Modes : PIM-SNOOPING Interface 1 0 3 summary: active PIM interface passive PIM interfaces active PIM neighbors

TIB summary: 1/1 (*,G) entries in PIM-TIB/MFC 1/1 (S,G) entries in PIM-TIB/MFC 0/0 (S,G,Rpt) entries in PIM-TIB/MFC 0 0 0 0 PIM nexthops RPs sources Register states

Message summary: 2582/2583 Joins sent/received 5/0 Prunes sent/received 0/0 Candidate-RP advertisements sent/received 0/0 BSR messages sent/received 0/0 State-Refresh messages sent/received 0/0 MSDP updates sent/received 0/0 Null Register messages sent/received 0/0 Register-stop messages sent/received Data path event summary: 0 no-cache messages received 0 last-hop switchover messages received 0/0 pim-assert messages sent/received 0/0 register messages sent/received Memory usage: TIB Nexthop cache Interface table Neighbor table RP Mapping : : : : : 3768 bytes 0 bytes 992 bytes 528 bytes 0 bytes

1198

PIM-Sparse Mode (PIM-SM)

show ip pim tib

ces
Syntax Parameters

View the PIM tree information base (TIB). show ip pim tib [group-address [source-address]] group-address source-address
(OPTIONAL) Enter the group address in dotted decimal format (A.B.C.D). (OPTIONAL) Enter the source address in dotted decimal format (A.B.C.D).

Command Modes

EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.8.1.0

Introduced on E-Series ExaScale Introduced on S-Series

Example

Figure 395 show ip pim tib Command Example

Force10#show ip pim tib PIM Multicast Routing Table Flags: D - Dense, S - Sparse, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set, J - Join SPT, M - MSDP created entry, A - Candidate for MSDP Advertisement, K - Ack-Pending State Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (*, 226.1.1.1), uptime 01:29:19, expires 00:00:52, RP 10.211.2.1, flags: SCJ Incoming interface: GigabitEthernet 4/23, RPF neighbor 10.211.1.2 Outgoing interface list: GigabitEthernet 8/0 (*, 226.1.1.2), uptime 00:18:08, expires 00:00:52, RP 10.211.2.1, flags: SCJ Incoming interface: GigabitEthernet 4/23, RPF neighbor 10.211.1.2 Outgoing interface list: GigabitEthernet 8/0 (*, 226.1.1.3), uptime 00:18:08, expires 00:00:52, RP 10.211.2.1, flags: SCJ Incoming interface: GigabitEthernet 4/23, RPF neighbor 10.211.1.2 Outgoing interface list: GigabitEthernet 8/0 (*, 226.1.1.4), uptime 00:18:08, expires 00:00:52, RP 10.211.2.1, flags: SCJ Incoming interface: GigabitEthernet 4/23, RPF neighbor 10.211.1.2 Outgoing interface list: GigabitEthernet 8/0

Table 117 show ip pim tib Command Example Fields Field

(S, G) uptime expires RP

Description
Displays the entry in the multicast PIM database. Displays the amount of time the entry has been in the PIM route table. Displays the amount of time until the entry expires and is removed from the database. Displays the IP address of the RP/source for this entry.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1199

show ip pim tib

Table 117 show ip pim tib Command Example Fields (continued) Field
flags

Description
List the flags to define the entries: D = PIM Dense Mode S = PIM Sparse Mode C = directly connected L = local to the multicast group P = route was pruned R = the forwarding entry is pointing toward the RP F = FTOS is registering this entry for a multicast source T = packets were received via Shortest Tree Path J = first packet from the last hop router is received and the entry is ready to switch to SPT K=acknowledge pending state

Incoming interface RPF neighbor Outgoing interface list:

1200

PIM-Sparse Mode (PIM-SM)

show running-config pim

ex
Syntax Command Modes Command History Related Commands Example

Display the current configuration of PIM-SM snooping. show running-config pim EXEC Privilege
Version 8.4.1.0 Introduced on E-Series ExaScale.

ip pim snooping

Enable PIM-SM snooping.

Command Example: show running-config pim

Force10#show running-config pim ! ip pim snooping enable

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1201

clear ipv6 pim tib

IPv6 PIM-Sparse Mode Commands

The IPv6 PIM-SM commands are: ipv6 pim bsr-border ipv6 pim bsr-candidate ipv6 pim dr-priority ipv6 pim join-filter ipv6 pim query-interval ipv6 pim neighbor-filter ipv6 pim register-filter ipv6 pim rp-address ipv6 pim rp-candidate ip pim sparse-mode ipv6 pim spt-threshold show ipv6 pim bsr-router show ipv6 pim interface show ipv6 pim neighbor show ipv6 pim rp show ipv6 pim tib

clear ipv6 pim tib

e
Syntax Parameters

Clear the IPv6 PIM multicast-routing database (tree information basetib). clear ipv6 pim tib [group-address] group-address
(OPTIONAL) Enter the multicast group address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zero.

Defaults Command Modes Command History Related Commands

No default values or behavior EXEC Privilege

Version 7.4.1.0 Introduced

show ipv6 pim tib

Display the IPv6 PIM tree information base (tib)

1202

PIM-Sparse Mode (PIM-SM)

debug ipv6 pim

e
Syntax

Parameters

bsr events group group packet register [group]

(OPTIONAL) Enter the keyword bsr to invoke debugging of IPv6 PIM Candidate RP/BSR activities. (OPTIONAL) Enter the keyword events to invoke debugging of IPv6 PIM events. (OPTIONAL) Enter the keyword group followed by the group address to invoke debugging on that specific group. (OPTIONAL) Enter the keyword packet to invoke debugging of IPv6 PIM packets. (OPTIONAL) Enter the keyword register and optionally the group address to invoke debugging of IPv6 PIM register messages for a particular group. (OPTIONAL) Enter the keyword state to view IPv6 PIM state changes. (OPTIONAL) Enter the keyword timer to view IPv6 PIM timers. Enter one of the optional parameters: assert: to view the assertion timer. hello: to view the IPv6 PIM neighbor keepalive timer. joinprune: to view the expiry timer (join/prune timer) register: to view the register suppression timer.

state timer [assert | hello | joinprune | register]

Defaults Command Modes Command History

Disabled EXEC Privilege

Version 7.4.1.0 Introduced

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1203

ipv6 pim bsr-border

e
Syntax Defaults Command Modes Command History Usage Information

Define the border of PIM domain by filtering inbound and outbound PIM-BSR messages per interface. ipv6 pim bsr-border Disabled INTERFACE
Version 8.3.1.0 Introduced

This command is applied to the subsequent PIM-BSR messages. Existing BSR advertisements are cleaned up by time-out.

ipv6 pim bsr-candidate

e
Syntax

Configure the router as a bootstrap (bsr) candidate. ipv6 pim bsr-candidate interface [hash-mask-length] [priority] To disable the bootstrap candidate, use the no ipv6 pim bsr-candidate command.

Parameters

interface

Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Loopback interface, enter the keyword loopback followed by a number from 0 to 16383. For a Port Channel interface, enter the keyword port-channel followed by a number: E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

hash-mask-length

(OPTIONAL) Enter the hash mask length for RP selection. Range: 0 to 128 Default: 126 (OPTIONAL) Enter the priority value for Bootstrap election process. Range: 0 to 255 Default: 0

priority

Defaults Command Modes

As above CONFIGURATION

1204

PIM-Sparse Mode (PIM-SM)

ipv6 pim dr-priority

Command History

Version 7.4.1.0

Introduced

ipv6 pim dr-priority

e
Syntax

Change the Designated Router (DR) priority for the IPv6 interface. ipv6 pim dr-priority priority-value To remove the DR priority value assigned, use the no ipv6 pim dr-priority command.

Parameters

priority-value

Enter a number. Preference is given to larger/higher number. Range: 0 to 4294967294 Default: 1

Defaults Command Modes Command History Usage Information

1 INTERFACE
Version 7.4.1.0 Introduced

ipv6 pim join-filter

e
Syntax Parameters

Permit or deny PIM Join/Prune messages on an interface using an access list. This command prevents the PIM-SM router from creating state based on multicast source and/or group. ipv6 pim join-filter access-list access-list in out
Enter the name of an extended access list. Enter this keyword to apply the access list to inbound traffic. Enter this keyword to apply the access list to outbound traffic.

Defaults Command Modes Command History

None INTERFACE
Version 8.3.1.0 Introduced

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1205

ipv6 pim query-interval

Example

Force10(conf)#ipv6 access-list JOIN-FIL_ACL Force10(conf-ipv6-acl)#permit ipv6 165:87:34::0/112 ff0e::225:1:2:0/112 Force10(conf-ipv6-acl)#permit ipv6 any ff0e::230:1:2:0/112 Force10(conf-ipv6-acl)#permit ipv6 165:87:32::0/112 any Force10(conf-ipv6-acl)#exit Force10(conf)#interface gigabitethernet 0/84 Force10(conf-if-gi-0/84)#ipv6 pim join-filter JOIN-FIL_ACL in Force10(conf-if-gi-0/84)#ipv6 pim join-filter JOIN-FIL_ACL out

ipv6 pim query-interval

e
Syntax

Change the frequency of IPv6 PIM Router-Query messages. ipv6 pim query-interval seconds To return to the default value, enter no ipv6 pim query-interval seconds command.

Parameters

seconds

Enter a number as the number of seconds between router query messages. Default: 30 seconds Range: 0 to 65535

Defaults Command Modes Command History

30 seconds INTERFACE
Version 7.4.1.0 Introduced

ipv6 pim neighbor-filter

e
Syntax Parameters

Prevent the system from forming a PIM adjacency with a neighboring system. ipv6 pim neighbor-filter {access-list} access-list None CONFIGURATION
Version 8.3.1.0 Introduced Enter the name of a standard access list. Maximum 16 characters.

Defaults Command Modes Command History Usage Information

Do not enter this command before creating the access-list.

1206

PIM-Sparse Mode (PIM-SM)

ipv6 pim register-filter

e
Syntax Parameters

Configure the source DR so that it does not send register packets to the RP for the specified sources and groups. ipv6 pim register-filter access-list access-list
Enter the name of the extended ACL that contains the sources and groups to be filtered.

Defaults Command Modes Command History Example

None CONFIGURATION
Version 8.3.1.0 Introduced

Force10(conf)#ipv6 pim register-filter REG-FIL_ACL Force10(conf)#ipv6 access-list REG-FIL_ACL Force10(conf-ipv6-acl)#deny ipv6 165:87:34::10/128 ff0e::225:1:2:0/112 Force10(conf-ipv6-acl)#permit ipv6 any any Force10(conf-ipv6-acl)#exit

ipv6 pim rp-address

e
Syntax

Configure a static PIM Rendezvous Point (RP) address for a group. This address is used by first-hop routers to send Register packets on behalf of the source multicast host. ipv6 pim rp-address address group-address group-address mask override To remove an RP address, use the no ipv6 pim re-address address group-address mask override.

Parameters

address group-address group-address mask

Enter the IPv6 RP address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zero. Enter the keyword group-address followed by the group address in the x:x:x:x::x format and then the mask in /nn format to assign that group address to the RP. The :: notation specifies successive hexadecimal fields of zero. Enter the keyword override to override the BSR updates with static RP. The override will take effect immediately during enable/disable. Note: This option is applicable to multicast group range.

override

Defaults Command Modes Command History Usage Information

No default values or behavior CONFIGURATION

Version 7.4.1.0 Introduced

The RP addresses are stored in the order in which they are entered. RP addresses learnt via BSR take priority over static RP addresses. Publication Date: July 20, 2011 1207

Command Line Reference for FTOS version 8.4.2.4

ipv6 pim rp-candidate

Without the override option, RPs advertised by the BSR updates take precedence over the statically configured RPs.

ipv6 pim rp-candidate

e
Syntax Parameters

Specify an interface as an RP candidate. ipv6 pim rp-candidate interface [priority-value] interface

Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Loopback interface, enter the keyword loopback followed by a number from 0 to 16383. For a Port Channel interface, enter the keyword port-channel followed by a number: E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

priority-value

(OPTIONAL) Enter a number as the priority of this RP Candidate, which is included in the Candidate-RP-Advertisements. Range: 0 (highest) to 255 (lowest)

Defaults Command Modes Command History

No default values or behavior CONFIGURATION

Version 7.4.1.0 Introduced

1208

PIM-Sparse Mode (PIM-SM)

ipv6 pim sparse-mode

e
Syntax

Enable IPv6 PIM sparse mode on the interface. ipv6 pim sparse-mode To disable IPv6 PIM sparse mode, enter no ipv6 pim sparse-mode.

Defaults Command Modes Command History Usage Information

Disabled INTERFACE
Version 7.4.1.0 Introduced

The interface must be enabled (no shutdown command) and not have the switchport command configured. Multicast must also be enabled globally. PIM is supported on the port-channel interface.

ipv6 pim spt-threshold

e
Syntax

Specifies when a PIM leaf router should join the shortest path tree. ipv6 pim spt-threshold {kbps | infinity} To return to the default value, enter no ipv6 pim spt-threshold.

Parameters

kbps

Enter a traffic rate in kilobytes per second. Range: 0 to 4294967 kbps Default: 10 kbps Enter the keyword infinity to have all sources for the specified group use the shared tree and never join shortest path tree (SPT).

infinity

Defaults Command Modes Command History Usage Information

10 kbps CONFIGURATION
Version 7.4.1.0 Introduced

PIM leaf routers join the shortest path tree immediately after the first packet arrives from a new source.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1209

show ipv6 pim bsr-router

e
Syntax Command Modes

View information on the bootstrap router (v2). show ipv6 pim bsr-router EXEC EXEC Privilege

Command History Example

Version 7.4.1.0

Introduced

Figure 396 show ipv6 pim bsr-router Command Example

Force10#show ipv6 pim bsr-router PIMv2 Bootstrap information This system is the Bootstrap Router (v2) BSR address: 14::2 Uptime: 00:02:54, BSR Priority: 0, Hash mask length: 126 Next bootstrap message in 00:00:06 This system is a candidate BSR Candidate BSR address: 14::2, priority: 0, hash mask length: 126 Force10#

show ipv6 pim interface

e
Syntax Command Modes

Display IPv6 PIM enabled interfaces. show ipv6 pim interface EXEC EXEC Privilege

Command History

Version 7.4.1.0

Introduced

1210

PIM-Sparse Mode (PIM-SM)

show ipv6 pim neighbor

Example

Figure 397 show ipv6 pim interface Command Example

Force10#show ipv6 pim interface Interface Ver/ Nbr Query DR Mode Count Intvl Prio Gi 10/3 v2/S 1 30 1 Address : fe80::201:e8ff:fe02:140f DR : this router Gi 10/11 v2/S 0 30 1 Address : fe80::201:e8ff:fe02:1417 DR : this router Force10#

show ipv6 pim neighbor

e
Syntax Parameters

DisplaysIPv6 PIM neighbor information. show ipv6 pim neighbor [detail] detail
(OPTIONAL) Enter the keyword detail to displayed PIM neighbor detailed information.

Command Modes

EXEC EXEC Privilege

Command History Example

Version 7.4.1.0

Introduced

Figure 398 show ipv6 pim neighbor detail Command Example

Force10#show ipv6 pim neighbor detail Neighbor Interface Address fe80::201:e8ff:fe00:6265 Gi 10/3 165:87:50::6 Force10# Uptime/Expires 00:07:39/00:01:42 Ver v2 DR Prio/Mode 1 / S

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1211

show ipv6 pim rp

e
Syntax Parameters

View all IPv6 multicast groups-to-rendezvous point (RP) mappings. show ipv6 pim rp [mapping | group-address] mapping group-address
(OPTIONAL) Enter the keyword mapping to display the multicast groups-to-RP mapping and information on how RP is learnt. (OPTIONAL) Enter the multicast group address in the x:x:x:x::x format to view RP mappings for a specific group. The :: notation specifies successive hexadecimal fields of zero.

Command Modes

EXEC EXEC Privilege

Command History Example 1

Version 7.4.1.0

Introduced

Figure 399 show ipv6 pim rp Command Example

Force10#show ipv6 pim rp Group RP ff0e::225:1:2:1 14::1 ff0e::225:1:2:2 14::1 ff0e::226:1:2:1 14::1 ff0e::226:1:2:2 14::1 Force10#

Example 2

Figure 400 show ipv6 pim rp mapping Command Example

Force10#show ipv6 pim rp mapping PIM Group-to-RP Mappings Group(s): ff00::/8 RP: 14::1, v2 Info source: 14::1, via bootstrap, priority 192 Uptime: 00:03:37, expires: 00:01:53 Group(s): ff00::/8, Static RP: 14::2, v2 Force10#

1212

PIM-Sparse Mode (PIM-SM)

show ipv6 pim tib

e
Syntax Parameters

View the IPv6 PIM multicast-routing database (tree information basetib). show ipv6 pim tib [group-address [source-address]] group-address source-address
(OPTIONAL) Enter the IPv6 group address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zero (OPTIONAL) Enter the source address in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zero

Command Modes

EXEC EXEC Privilege

Command History Example

Version 7.4.1.0

Introduced

Figure 401 show ipv6 pim tib Command Example

Force10#show ipv6 pim tib PIM Multicast Routing Table Flags: D - Dense, S - Sparse, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set, J - Join SPT, M - MSDP created entry, A - Candidate for MSDP Advertisement K - Ack-Pending State Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (25::1, ff0e::225:1:2:1), uptime 00:09:53, expires 00:00:00,flags: CJ RPF neighbor: GigabitEthernet 10/3, fe80::201:e8ff:fe00:6265 Outgoing interface list: GigabitEthernet 10/11 (25::1, ff0e::225:1:2:2), uptime 00:09:54, expires 00:00:00,flags: CJ RPF neighbor: GigabitEthernet 10/3, fe80::201:e8ff:fe00:6265 Outgoing interface list: GigabitEthernet 10/11 (25::2, ff0e::225:1:2:2), uptime 00:09:54, expires 00:00:00,flags: CJ RPF neighbor: GigabitEthernet 10/3, fe80::201:e8ff:fe00:6265 Outgoing interface list: GigabitEthernet 10/11 (25::1, ff0e::226:1:2:1), uptime 00:09:54, expires 00:00:00,flags: CJ RPF neighbor: GigabitEthernet 10/3, fe80::201:e8ff:fe00:6265 Outgoing interface list: GigabitEthernet 10/11 Force10#

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1213

show ipv6 pim tib

1214

PIM-Sparse Mode (PIM-SM)

Chapter 42

PIM-Source Specific Mode (PIM-SSM)

Overview
The platforms on which a command is supported is indicated by the character e for the E-Series, c for the C-Series, and s for the S-Series that appears below each command heading. PIM is supported on E-Series ExaScale ex with FTOS 8.1.1.0. and later. This chapter contains the following sections: IPv4 PIM Commands IPv4 PIM-Source Specific Mode Commands IPv6 PIM Commands IPv6 PIM-Source Specific Mode Commands

IPv4 PIM Commands

The following commands apply to IPv4 PIM-SM, PIM-SSM, and PIM-DM: clear ip pim tib debug ip pim ip pim dr-priority ip pim graceful-restart ip pim neighbor-filter ip pim query-interval show ip pim interface show ip pim neighbor show ip pim tib

IPv4 PIM-Source Specific Mode Commands

The IPv4 PIM-Source Specific Mode (PIM-SSM) commands are: Command Line Reference for FTOS version 8.4.2.4 Publication Date: July 20, 2011 1215

ip pim ssm-range

ip pim ssm-range ip pim join-filter show ip pim ssm-range

ip pim ssm-range
ces
Syntax Parameters

Specify the SSM group range using an access-list. ip pim ssm-range {access_list_name} access_list_name
Enter the name of the access list.

Defaults Command Modes Command History

Default SSM range is 232/8 and ff3x/32 CONFIGURATION

Version 8.1.1.0 Version 7.8.1.0 Version 7.7.1.0 Version 7.5.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series. Introduced on E-Series.

Usage Information

FTOS supports standard access list for the SSM range. Extended ACL cannot be used for configuring SSM range. If an Extended ACL is configured and then used in the ip pim ssm-range {access list name} configuration, an error is reported. However, if ip pim ssm-range {access list name} is configured first and then the ACL is configured as an Extended ACL, an error is not reported and the ACL is not applied to the SSM range. FTOS recommended best-practices are to configure the standard ACL, and then apply the ACL to the SSM range. Once the SSM range is applied, the changes are applied internally without requiring clearing of the TIB. When ACL rules change, the ACL and PIM modules apply the new rules automatically. When SSM range is configured, FTOS supports SSM for configured group range as well as default SSM range. When the SSM ACL is removed, PIM SSM is supported for default SSM range only

show ip pim ssm-range

ces
Syntax

Display the non-default groups added using the SSM range feature. show ip pim ssm-range

1216

PIM-Source Specific Mode (PIM-SSM)

ipv6 pim ssm-range

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.8.1.0 Version 7.7.1.0 Version 7.5.1.0

Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series. Introduced on E-Series.

IPv6 PIM Commands

The following commands apply to IPv6 PIM-SM and PIM-SSM: clear ipv6 pim tib debug ip pim ipv6 pim dr-priority ipv6 pim join-filter ipv6 pim query-interval ipv6 pim neighbor-filter show ipv6 pim interface show ipv6 pim neighbor show ipv6 pim tib

IPv6 PIM-Source Specific Mode Commands

The IPv6 PIM-SSM commands are: ipv6 pim ssm-range show ipv6 pim ssm-range

ipv6 pim ssm-range

e
Syntax Parameters

Specify the SSM group range using an access-list. ipv6 pim ssm-range {access_list_name} access_list_name
Enter the name of the access list. Maximum 16 characters.

Defaults Command Modes

Default SSM range is 232/8 and ff3x/32 CONFIGURATION Publication Date: July 20, 2011 1217

Command Line Reference for FTOS version 8.4.2.4

show ipv6 pim ssm-range

Command History Usage Information

Version 7.5.1.0

Introduced

Once the SSM range is applied, the changes are applied internally without requiring clearing of the TIB. SSM ACL overrides the default range. To use the default range while SSM range is active, add the default range to the SSM ACL. When ACL rules change, the ACL manager and PIM modules apply the new rules automatically. When the SSM ACL is removed, the default range is restored. When SSM range is configured, FTOS supports SSM for configured group range as well as default SSM range.

show ipv6 pim ssm-range

e
Syntax Command Modes

Display the non-default groups added using the SSM range feature. show ipv6 pim ssm-range EXEC EXEC Privilege

Command History Example

Version 7.4.1.0

Introduced

Figure 402 show ipv6 pim ssm-range Command Example

Force10(conf)#ipv6 pim ssm-range SSM_ACL Force10(conf)#ipv6 access-list SSM_ACL Force10(conf-ipv6-acl)#permit ipv6 any ff0e::225:1:2:0/112 Force10(conf-ipv6-acl)# Force10(conf-ipv6-acl)#do show ipv6 pim ssm-range Group Address / MaskLen ff0e::225:1:2:0 / 112 Force10(conf-ipv6-acl)#

1218

PIM-Source Specific Mode (PIM-SSM)

Chapter 43
Overview

Power over Ethernet (PoE)

FTOS supports Power over Ethernet (PoE), as described by IEEE 802.3af, on C-Series and S-Series systems (S25V and S50V models), as indicated by the c and s characters, respectively, that appear below each command heading.

Commands
This chapter contains the following commands: power budget power inline power inline priority show power detail show power inline show power supply

power budget
s
If an S25V or S50V model of the S-Series has an external power supply, this command allows the external power supply of the specified stack member to be used for powering PoE ports. An external DC power supply operates, by default, in backup mode. However, if the power supply is the 470W Redundant Power Supply (catalog # S50-01-PSU-V) from Force10, and it is attached to the Current Sharing terminal, you can use this command to convert its use to load-sharing mode to support additional PoE devices. Other external DC power supplies are not supported for PoE. [no] power budget stack-unit 0-7 321-790 Enter no power budget stack-unit 0-7 to disable the use of power for PoE from the external power supply on the designated stack member.

Syntax

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1219

power inline

Parameters

0-7 321-790

Enter the stack unit ID, from 0 to 7, of the stack member that you want to configure. After entering the stack unit number, enter a value representing the watts to be used for PoE. Range: 321 to 790

Defaults Command Modes Command History Usage Information

320W (i.e., redundancy mode) CONFIGURATION

Version 7.7.1.0 Introduced on S-Series

Setting a value above 320 causes a warning to be displayed that the device might lose power redundancy.

power inline
cs
Syntax

Enable power to be supplied to a device connected to a port. [no] power inline {auto [max_milliwatts] | static [max_milliwatts]} To disable power to a port that has been enabled for PoE, use the no power inline command.

Parameters

auto

Enter the keyword auto to allow the port to determine how much power the connected Class 0,1, 2, 3, or 4 device requires, and supply it (up to 15.4 watts). (OPTIONAL) Enter the number of milliwatts to be the maximum amount of power that a port can provide. Range: 5000 to 15400 (milliwatts) Entering the keyword static without the max_milliwatts variable sets the amount of power available on the selected port to the maximum (up to 15.4 watts).

max_milliwatts

static

Defaults Command Modes Command History

no (power is disabled to the port) INTERFACE

Version 7.7.1.0 Version 7.5.1.0 Introduced on S-Series Introduced on C-Series

Usage Information

Ports configured with power inline auto have a lower priority for access to power than those configured with power inline static. As a second layer of priority setting, use the power inline priority command. FTOS treats powered devices rated as Class 0, 3, or 4 the same.

1220

Power over Ethernet (PoE)

power inline priority

Related Commands

power inline priority show power inline

Set the PoE priority of the selected port. Display the ports that are enabled with PoE and the amount of power that each is consuming.

power inline priority

cs
Syntax Parameters

Set the PoE priority of the selected port. [no] power inline priority {critical | high | low} critical high low
Enter the keyword critical to set the PoE priority of the port to the highest level. Enter the keyword high to set the PoE priority of the port to the second highest level. Enter the keyword low to set the PoE priority of the port to the lowest level.

Defaults Command Modes Command History Usage Information

none INTERFACE
Version 7.7.1.0 Introduced on C-Series and S-Series

Power allocation is a function of per-port power priority settings, port TLVs, port IDs, which ports request power first, and how much power is actually consumed by the active ports. Power priority is allocated by this formula:
PoE_off_priority = static_or_auto_prio * 10000 + (user/LLDP-MED)priority * 1000 + slotId*100 + portId

where: static_prio = 0 auto_prio = 1

The lower the value of PoE_off_priority for the selected port, the higher its power priority. So, if a port is configured "static" (assigned a value of 0 in the formula), its priority is higher than a port configured as "auto" (assigned a value of 1). Two ports with the same static/auto settings are then prioritized by their user-set priorities and LLDP-MED values. In a similar fashion, lower numbered slots/ports get a higher priority than higher numbered slots/ports. For example, 0/1 has a higher priority than 1/10, which has a higher priority than 2/1. As the slot / port number increases, the value of "PoE_off_priority" for the port increases and hence a lower priority. Basically, priority is assigned in this order: 1 2 3 4 static/auto settings (using the power inline command) user-set priorities (using this command) LLDP-MED TLV, only if user priority is not configured (see Link Layer Detection Protocol (LLDP).) Slot ID (breaks tie of same-priority ports)

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1221

show power detail

5
Related Commands

Port ID (breaks tie of same-priority ports in same slot)

Enable power to be supplied to a device connected to a port. Display the ports that are enabled with PoE and the amount of power that each is consuming.

power inline show power inline

show power detail

cs
Syntax Command Modes

Display the total power consumption and power consumption by component. show power detail EXEC EXEC Privilege

Command History

Version 8.4.1.0 Version 7.7.1.0 Version 4.2.1.0

Inline Power Used removed from output. Introduced on S-Series Introduced on C-Series

Example

Force10(conf-if-range-gi-0/1-48)#do show power detail Unit Total Logic Inline Inline Inline Inline Power Power Power Power Power Power Available Consumed Available Allocated Consumed Remaining (Watts) (Watts) (Watts) (Watts) (Watts) (Watts) ------------------------------------------------------------------------------0 470.00 150 320.00 308.00 190.00 12.00

Table 118 show power detail Command Output Fields

Unit Catalog Name Slot ID Total Power Available (S-Series only) The stack member unit ID. (C-Series only) Displays the components Force10 catalog number. (C-Series only) Displays the slot number in which the line card or RPM is installed. The total power available in the stack member or chassis. Note:On the S-Series a maximum of 790W can be allocated for PoE, even if you add the 470W external power supply. The power consumed by the system logic. Power available for PoE (whatever was configured using power-budget command. Default: 320 watts Total power allocated to the ports. Total power consumed by connected devices. Difference between power available and power allocated. Enable power to be supplied to a device connected to a port. Set the PoE priority of the selected port

Logic Power Consumed Inline Power Available Inline Power Allocated Inline Power Consumed Inline Power Remaining Related Commands power inline power inline priority

1222

Power over Ethernet (PoE)

show power inline

cs
Syntax Command Modes

Display the ports that are enabled with PoE and the amount of power that each is consuming. show power inline EXEC EXEC Privilege

Command History

Version 8.4.1.0 Version 7.7.1.0 Version 7.5.1.0

Operational Status removed from output. Introduced on S-Series Introduced on C-Series

Example

Force10(conf-if-range-gi-0/1-48)#do show power inline Interface Admin Inline Power Inline Power Class Allocated Consumed (Watts) (Watts) --------------------------------------Gi 0/1 auto 0.00 0.00 NO_DEVICE Gi 0/2 auto 7.00 3.20 2

User Priority ---------Low Low

Table 119 show power inline Command Output Field Description

Interface Admin Inline Power Allocated Inline Power Consumed Class User Priority Displays the line card slot and port number. Displays the PoE mode of the port. The mode can be either auto or static. See power budget. Displays the amount of power allocated to the port. Displays the amount of power that is consumed by the connected device. Displays the power classification of the connected device. Valid classes are 0-4. Displays the power configured by the user for the port (default is low). See power inline priority. Enable power to be supplied to a device connected to a port. Set the PoE priority of the selected port

Related Commands

power inline power inline priority

show power supply

cs
Syntax Command Modes

Display the power supply status. show power supply EXEC EXEC Privilege

Command History

Version 7.7.1.0 Version 7.5.1.0

Introduced on S-Series Introduced on C-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1223

show power supply

C-Series Example

Figure 403 show power supply (C-Series) Command Example

Force10#show power supply Power Model Supply Number Type Status --------------------------------------------------------------------PEM0 Absent PEM1 Absent PEM2 CC-C-1200W-AC AC Active PEM3 Absent PEM4 CC-C-1200W-AC AC Powered Off PEM5 CC-C-1200W-AC AC Active Force10#

Table 121 describes the nine possible power supply conditions. Table 120 Power Supply Conditions
AC Fail Active Fail Not Present Over Current Shutdown Over Temperature Shutdown Over Temperature Warning OverCurrent Warning Power Off S-Series Example The PSU is unplugged. The PSU is supplying power to the chassis. The PSU has failed. The PSU is not installed in the chassis. The PSU has turned off due to an high input current condition. The PSU has turned off due to an high temperature condition. The temperature of the PSU is greater than the recommended maximum operating temperature. The current being supplied to the PSU is greater than the recommended maximum input current. The PSU is present but not on.

Figure 404 show power supply (S-Series) Command Example

Force10#show power supply Unit Power Model Type Status Supply Number ---------------------------------------------------------------------0 PS0 S50-PWR-AC AC Active 0 PS1 S50-PWR-DC DC Active 1 PS0 S50-PWR-AC AC Active 1 PS1 Not present 2 PS0 S50-PWR-AC AC Active 2 PS1 Not present Force10

Table 121 describes the nine possible power supply conditions. Table 121 Power Supply Conditions
AC Fail Active Fail Not Present Over Current Shutdown Over Temperature Shutdown Over Temperature Warning The PSU is unplugged. The PSU is supplying power to the chassis. The PSU has failed. The PSU is not installed in the chassis. The PSU has turned off due to an high input current condition. The PSU has turned off due to an high temperature condition. The temperature of the PSU is greater than the recommended maximum operating temperature.

1224

Power over Ethernet (PoE)

show power supply

Table 121 Power Supply Conditions

OverCurrent Warning Power Off The current being supplied to the PSU is greater than the recommended maximum input current. The PSU is present but not on.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1225

show power supply

1226

Power over Ethernet (PoE)

Chapter 44
Overview

Port Monitoring

The Port Monitoring feature enables you to monitor network traffic by forwarding a copy of each incoming or outgoing packet from one port to another port. The Remote Port Mirroring feature allows you to monitor traffic on multiple source ports on different switches and transport mirrored packets on a dedicated L2 VLAN to multiple destination ports on different switches. The commands in this chapter are generally supported on the C-Series, E-Series, and S-Series, with one exception, as noted in the Command History fields and by these symbols under the command headings: c e s

Commands
description flow-based enable mode remote-port-mirroring monitor session show config show monitor session show running-config monitor session source (port monitoring) source (remote port mirroring) source remote vlan (remote port mirroring) tagged destination untagged destination

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1227

description

Important Points to Remember

On the E-Series, Port Monitoring is supported on TeraScale and ExaScale platforms. Port Monitoring is supported on physical ports only. Logical interfaces, such as Port Channels and VLANs, are not supported. FTOS supports as many monitor sessions on a system as the number of port-pipes. A SONET port can only be configured as a monitored port. The monitoring (destination, MG) and monitored (source, MD) ports must be on the same switch. A monitoring port can monitor any physical port in the chassis. Only one MG and one MD may be in a single port-pipe. A monitoring port can monitor more than one port. More than one monitored port can have the same destination monitoring port. FTOS on the S-Series supports multiple source ports to be monitored by a single destination port in one monitor session. On the S-Series, one monitor session can have only one MG port. There is no restriction on the number of source ports, or destination ports on the chassis.

Note: The monitoring port should not be a part of any other configuration.

Remote Port Mirroring is supported only on the E-Series ExaScale platform.

description
ces
Syntax

Enter a description of this monitoring session description {description} To remove the description, use the no description {description} command.

Parameters

description

Enter a description regarding this session(80 characters maximum).

Defaults Command Modes Command History

No default behavior or values MONITOR SESSION (conf-mon-sess-session-ID)

Version 8.1.1.0 Version 7.7.1.0 Version 7.5.1.0 pre-7.7.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced on E-Series Enable a monitoring session.

Related Commands

monitor session

1228

Port Monitoring

flow-based enable

flow-based enable
e
Syntax

Enable flow-based monitoring. flow-based enable To disable flow-based monitoring, use the no flow-based enable command.

Defaults Command Modes Command History

Disabled, that is flow-based monitoring is not applied MONITOR SESSION (conf-mon-sess-session-ID)

Version 8.1.1.0 Version 7.4.1.0 Introduced on E-Series ExaScale Introduced on E-Series

Usage Information Related Commands

To monitoring traffic with particular flows ingressing/egressing the interface, appropriate ACLs can be applied in both ingress and egress direction.
monitor session Create a monitoring session.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1229

mode remote-port-mirroring

mode remote-port-mirroring
ex
Syntax Defaults Command Modes Command History Example

Configure a L2 VLAN as the VLAN used to transport mirrored traffic in a remote-port mirroring session. mode remote-port-mirroring No default values or behaviors VLAN INTERFACE
Version 8.4.1.2 Introduced on the E-Series ExaScale.

Figure 405 Command Example: mode remote-port-mirroring

Force10(conf)# interface vlan 10 Force10(conf-if-vlan)# mode remote-port-mirroring

Usage Information

A remote port mirroring session mirrors Layer 2 and Layer 3 traffic by prefixing the reserved VLAN tag to monitored packets so that they are copied to the reserve VLAN. Mirrored traffic is transported across the network using 802.1Q-in-802.1Q tunneling. The source address, destination address and original VLAN ID of the mirrored packet are preserved with the tagged VLAN header. Untagged source packets are tagged with the reserved VLAN ID. There is no restriction on the VLAN IDs used for the reserved remote-monitoring VLAN. Valid VLAN IDs are 1 to 4094. The default VLAN ID is not supported. The reserved VLAN for remote port mirroring can be automatically configured in intermediate switches by using GVRP. MAC address learning in the reserved VLAN is automatically disabled. To change the reserved VLAN used in a source session, you can remove the current VLAN by entering the complete no source destination vlan vlan-id command. Then re-enter the source (remote port mirroring) command to configure a new reserved VLAN for the source session.

Related Commands

interface vlan show monitor session tagged destination

Configure a VLAN. Display the monitor session. Configure a tagged port to carry mirrored traffic in a reserved VLAN.

1230

Port Monitoring

monitor session

monitor session
ces
Syntax

Create a session for monitoring traffic with port monitoring or remote port mirroring. monitor session session-ID To delete a session, use the no monitor session session-ID command. To delete all monitor sessions, use the no monitor session all command.

Parameters

session-ID

Enter a session identification number. Range: 0 to 65535

Defaults Command Modes Command History

No default values or behaviors MONITOR SESSION (conf-mon-sess-session-ID)

Version 8.4.1.2 Version 8.1.1.0 Version 7.7.1.0 Version 7.5.1.0 Version 7.4.1.0 Support for remote port mirroring was added on the E-Series ExaScale. Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

Example

Figure 406 Command Example: monitor session

Force10(conf)# monitor session 60 Force10(conf-mon-sess-60)

Usage Information

The monitor command is saved in the running configuration at the Monitor Session mode level and can be restored after a chassis reload. In remote-port mirroring sessions: Up to 4 source sessions are supported on a switch. Up to 128 ports are supported in a source session, including all ports in source port channels and source VLANs. Up to 64 destination sessions are supported on a switch. Up to 64 ports are supported in a destination session.
show monitor session show running-config monitor session Display the monitor session Display the running configuration of a monitor session

Related Commands

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1231

show config

show config
ces
Syntax Defaults Command Modes Command History

Display the current monitor session configuration. show config No default values or behavior MONITOR SESSION (conf-mon-sess-session-ID)
Version 8.1.1.0 Version 7.7.1.0 Version 7.5.1.0 Version 7.4.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

Example
Force10(conf-mon-sess-11)#show config ! monitor session 11 source GigabitEthernet 10/0 destination GigabitEthernet 10/47 direction rx Force10#

1232

Port Monitoring

show monitor session

ces
Syntax

Display the monitor information of a particular session or all sessions. show monitor session {session-ID} To display monitoring information for all sessions, use the show monitor session command.

Parameters

session-ID

(OPTIONAL) Enter a session identification number. Range: 0 to 65535

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.7.1.0 Version 7.5.1.0 Version 7.4.1.0

Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

Example

Figure 407 Commands Example: show monitor session

Force10#show monitor session 11 SessionID --------11 12 Source -----Gi 10/0 Po 1 Destination ------------Gi 10/47 remote-vlan 12 Direction --------rx both Mode ------interface Remote-Port-Mirroring Type ---------Port-based Port-based

Related Commands

monitor session

Create a session for monitoring.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1233

show running-config monitor session

ces
Syntax

Display the running configuration of all monitor sessions or a specific session. show running-config monitor session {session-ID} To display the running configuration for all monitor sessions, use just the show running-config monitor session command.

Parameters

session-ID

(OPTIONAL) Enter a session identification number. Range: 0 to 65535

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History

Version 8.1.1.0 Version 7.7.1.0 Version 7.5.1.0 Version 7.4.1.0

Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

Example
Force10#show running-config monitor session ! monitor session 8 source GigabitEthernet 10/46 destination GigabitEthernet 10/1 direction rx ! monitor session 11 source GigabitEthernet 10/0 destination GigabitEthernet 10/47 direction rx Force10#show running-config monitor session 11 ! monitor session 11 source GigabitEthernet 10/0 destination GigabitEthernet 10/47 direction rx

Usage Information Related Commands

The monitoring command is saved in the running configuration at the Monitor Session mode level and can be restored after a chassis reload.
monitor session show monitor session Create a session for monitoring. Display a monitor session.

1234

Port Monitoring

source (port monitoring)

ces
Syntax

Configure a port monitor source. source interface destination interface direction {rx | tx | both} To disable a monitor source, use the no source interface destination interface direction {rx | tx | both} command.

Parameters

interface

Enter the one of the following keywords and slot/port information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a SONET interface, enter the keyword sonet followed by the slot/port information.

destination direction {rx | tx | both}

Enter the keyword destination to indicate the interface destination. Enter the keyword direction followed by one of the packet directional indicators.

rx: to monitor receiving packets only tx: to monitor transmitting packets only both: to monitor both transmitting and receiving packets
Defaults Command Modes Command History

No default behavior or values MONITOR SESSION (conf-mon-sess-session-ID)

Version 8.1.1.0 Version 7.7.1.0 Version 7.5.1.0 Version 7.4.1.0 Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

Example

Figure 408 Command Example: Configuring a Port Monitor Source

Force10(conf-mon-sess-11)#source gi 10/0 destination gi 10/47 direction rx Force10(conf-mon-sess-11)#

Usage Information

Note: A SONET port can only be configured as a monitored port.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1235

source (remote port mirroring)

ex
Syntax

Configure one or more source ports, the ingress/egress traffic to be mirrored, and the reserved L2 VLAN used to transport mirrored traffic. source {single-interface | vlan vlan-id | range {interface-list | interface-range | mixed-interface-list | vlan-list | vlan-range | mixed-vlan-list}} destination remote vlan vlan-id direction {rx | tx | both} single-interface
Specifies one of the following interface types: 1-Gigabit Ethernet: Enter gigabitethernet slot/port. 10-Gigabit Ethernet: Enter tengigabitethernet slot/port. Port channel: Enter port-channel {1-511}.

Parameters

vlan vlan-id range interface-list

Specifies a single VLAN ID. Range: 1-4094 Specifies multiple interfaces separated by a comma and space: single-interface, single-interface, single-interface... For example: source range port-channel 2, gigabitethernet 3/4 Specifies one of the following interface ranges: gigabitethernet slot/first_port - last_port tengigabitethernet slot/first_port - last_port port-channel first_number - last_number A space is required before and after the dash (-). For example: source range gigabitethernet 1/2 - 4 Or: source range port-channel 1 - 12

range interface-range

range mixed-interface-list

Specifies single interfaces and interface ranges in any order: range single-interface, interface-range, single-interface... For example: source range port-channel 2, gigabitethernet 3/4 - 5 Specifies multiple source VLANs separated by a comma and space: range vlan vlan-id, vlan vlan-id, vlan vlan-id... For example: source range vlan 2, vlan 12, vlan 22 Specifies a range of source VLANs in the format: range vlan first_vlanID - last_vlanID. A space is required before and after the dash (-). For example: source range vlan 9-11 Specifies single VLANs and VLAN ranges in any order: range vlan vlan-id, vlan first_vlanID - last_vlanID, vlan vlan-id... For example: source range vlan 2, vlan 10 - 11, vlan 5 Associates the reserved L2 VLAN with the source ports used in the source session. Valid VLAN IDs are 1 to 4094. The default VLAN ID is not supported. Specifies the direction of the traffic to be mirrored:

range vlan-list

range vlan-range

range mixed-vlan-list

destination remote-vlan vlan-id direction {rx | tx | both}

rx: incoming packets only tx: outgoing packets only both: both incoming and outgoing packets
Defaults

No default behavior or values

1236

Port Monitoring

source (remote port mirroring)

Command Modes Command History Example

MONITOR SESSION (conf-mon-sess-session-ID)

Version 8.4.1.2 Introduced on the E-Series ExaScale.

Figure 409 Command Example: Configuring a Source Port

Force10(conf-mon-sess-11)#source gigabitethernet 10/0 destination remote-vlan 2 direction rx Force10(conf-mon-sess-11)#

Usage Information

You can configure physical ports, port-channels, and VLANs as sources in remote port mirroring and use them in the same source session. You can use both Layer 2 (configured with the switchport command) and Layer 3 ports as source ports. In remote port mirroring: Up to 4 source sessions are supported on a switch. Up to 128 source ports are supported in a source session. When you configure a port channel or VLAN in a source session, all ports in the port channel or VLAN are used as source ports, up to a maximum of 128 source ports. You can configure trunk ports and access ports as source ports. You can configure trunk ports and non-trunk ports as source ports in a remote-port mirroring session. You can use the default VLAN and native VLANs as a source VLAN. You cannot configure the dedicated VLAN used to transport mirrored traffic as a source VLAN. A destination port for remote port mirroring cannot be used as a source port, including the session in which the port functions as the destination port. A source port channel or source VLAN, which has a member port that is configured as a destination port, cannot be used as a source port channel or source VLAN. You can use ACLs on a source port. In a flow-based source session, packets sent from the RPM are not monitored. Rate-limiting tagged-VLAN egress traffic on a source port is supported. To delete one or more monitored ports from a source session, enter the complete no source (remote port mirroring) command. The dedicated L2 VLAN used for remote port mirroring is configured with the mode remote-port-mirroring command. To change the reserved VLAN used in a source session, you can remove the current VLAN by entering the no source destination vlan vlan-id command. Then re-enter the complete source (remote port mirroring) command as described above to configure a new reserved VLAN for the source session.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1237

source remote vlan (remote port mirroring)

ex
Associate the reserved L2 VLAN used to transport mirrored traffic in remote port mirroring with a destination session and configure the destination ports to which an analyzer is connected. source remote vlan vlan-id destination {single-interface | range {interface-list | interface-range | mixed-interface-list}} vlan-id
VLAN ID of the reserved L2 VLAN used for remote port mirroring. Valid VLAN IDs are 1 to 4094. The default VLAN ID is not supported. Specifies one of the following interface types: 1-Gigabit Ethernet: Enter gigabitethernet slot/port. 10-Gigabit Ethernet: Enter tengigabitethernet slot/port.

Syntax

Parameters

single-interface

range interface-list

Specifies multiple interfaces separated by a comma and space: single-interface, single-interface, single-interface... For example: source remote-vlan 4 destination range gig 1/2, tengig 3/4 Specifies one of the following interface ranges: gigabitethernet slot/first_port - last_port tengigabitethernet slot/first_port - last_port A space is required before and after the dash (-). For example: source remote-vlan 4 destination range gig 1/2 - 4

range interface-range

range mixed-interface-list

Specifies single interfaces and interface ranges in any order: single-interface, interface-range, single-interface... For example: source remote-vlan 4 destination range gig 3/4 - 5, tengig 1/0

Defaults Command Modes Command History Example

No default behavior or values MONITOR SESSION (conf-mon-sess-session-ID)

Version 8.4.1.2 Introduced on the E-Series ExaScale.

Figure 410 Command Example: Associating the Reserved VLAN with a Destination Session
Force10(conf-mon-sess-11)#source remote vlan 10 destination gigabitethernet 10/0 - 2 Force10(conf-mon-sess-11)#

1238

Port Monitoring

tagged destination

Usage Information

You can configure any port as a destination port. You cannot configure a VLAN, port-channel, or SONET interface as a destination port You can configure additional destination ports in an active session. You can tunnel the mirrored traffic from multiple remote-port source sessions to the same destination port. You can configure a destination port to send only tagged or untagged traffic to the analyzer. By default, the port sends untagged packets so that the reserved VLAN ID is removed and the original monitored packet is analyzed. By default, ingress traffic on a destination port is dropped. A destination port for remote port mirroring cannot be used as a source port, including the session in which the port functions as the destination port. A destination port cannot be used in any spanning tree instance. The dedicated L2 VLAN used for remote port mirroring is configured with the mode remote-port-mirroring command. To delete one or more destination ports from a destination session, enter the no source remote vlan (remote port mirroring) command. To change the reserved VLAN used in the destination session, you must first remove all destination ports. Then delete the current VLAN by entering the no monitor session source remote vlan (remote port mirroring) command and re-enter the monitor session source remote vlan (remote port mirroring) command to configure the new VLAN ID.

tagged destination
ex
Syntax Parameters

Configure destination ports for remote port mirroring so that the reserved VLAN tag is added to mirrored traffic sent to an analyzer. tagged destination {single-interface | range interface-range} single-interface
Specifies one of the following interface types: 1-Gigabit Ethernet: Enter gigabitethernet slot/port. 10-Gigabit Ethernet: Enter tengigabitethernet slot/port.

range interface-range

Specifies one of the following interface ranges: gigabitethernet slot/first_port - last_port tengigabitethernet slot/first_port - last_port A space is required before and after the dash (-). For example: tagged destination range gigabitethernet 1/2 - 4

Defaults

Destination ports send untagged packets to an analyzer so that the reserved VLAN ID is removed and the original monitored packet is mirrored. MONITOR SESSION (conf-mon-sess-session-ID)

Command Modes

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1239

untagged destination

Command History Usage Information Related Commands

Version 8.4.1.2

Introduced on the E-Series ExaScale.

To reconfigure destination ports in a remote-port mirroring session as untagged ports, enter the untagged destination command.
untagged destination Configure destination ports to remove the reserved VLAN tag from mirrored traffic.

untagged destination
ex
Syntax Parameters

Configure destination ports for remote port mirroring so that the reserved VLAN tag is removed from mirrored traffic sent to an analyzer. untagged destination {single-interface | range interface-range} single-interface
Specifies one of the following interface types: 1-Gigabit Ethernet: Enter gigabitethernet slot/port. 10-Gigabit Ethernet: Enter tengigabitethernet slot/port.

range interface-range

Defaults

Destination ports send untagged packets to an analyzer so that the reserved VLAN ID is removed and the original monitored packet is mirrored. MONITOR SESSION (conf-mon-sess-session-ID)
Version 8.4.1.2 Introduced on the E-Series ExaScale.

Command Modes Command History Usage Information Related Commands

To configure destination ports in a remote-port mirroring session as tagged ports, enter the tagged destination command.
tagged destination Configure destination ports to add the reserved VLAN tag to mirrored traffic.

1240

Port Monitoring

Chapter 45
Overview

Private VLAN (PVLAN)

Starting with FTOS 7.8.1.0, the Private VLAN (PVLAN) feature of FTOS is available for the C-Series and S-Series: c s

Commands
ip local-proxy-arp private-vlan mode private-vlan mapping secondary-vlan show interfaces private-vlan show vlan private-vlan show vlan private-vlan mapping switchport mode private-vlan

See also the following commands. The command output is augmented in FTOS 7.8.1.0 to provide PVLAN data: show arp in Chapter 24, IPv4 Routing show vlan in Chapter 30, Layer 2

Private VLANs extend the FTOS security suite by providing Layer 2 isolation between ports within the same private VLAN. A private VLAN partitions a traditional VLAN into subdomains identified by a primary and secondary VLAN pair. The FTOS private VLAN implementation is based on RFC 3069.

Private VLAN Concepts

Primary VLAN: The primary VLAN is the base VLAN and can have multiple secondary VLANs. There are two types of secondary VLAN community VLAN and isolated VLAN: A primary VLAN can have any number of community VLANs and isolated VLANs. Private VLANs block all traffic to isolated ports except traffic from promiscuous ports. Traffic received from an isolated port is forwarded only to promiscuous ports or trunk ports.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1241

ip local-proxy-arp

Community VLAN: A community VLAN is a secondary VLAN of the primary VLAN: Ports in a community VLAN can talk to each other. Also, all ports in a community VLAN can talk to all promiscuous ports in the primary VLAN and vice-versa. Devices on a community VLAN can communicate with each other via member ports, while devices in an isolated VLAN cannot.

Isolated VLAN: An isolated VLAN is a secondary VLAN of the primary VLAN: Ports in an isolated VLAN cannot talk to each other. Servers would be mostly connected to isolated VLAN ports. Isolated ports can talk to promiscuous ports in the primary VLAN, and vice-versa.

Port types: Community port: A community port is, by definition, a port that belongs to a community VLAN and is allowed to communicate with other ports in the same community VLAN and with promiscuous ports. Isolated port: An isolated port is, by definition, a port that, in Layer 2, can only communicate with promiscuous ports that are in the same PVLAN. Promiscuous port: A promiscuous port is, by definition, a port that is allowed to communicate with any other port type. Trunk port: A trunk port, by definition, carries VLAN traffic across switches:

A trunk port in a PVLAN is always tagged. Primary or secondary VLAN traffic is carried by the trunk port in tagged mode. The tag on the packet helps identify the VLAN to which the packet belongs. A trunk port can also belong to a regular VLAN (non-private VLAN).

ip local-proxy-arp
cs
Syntax

Enable/disable Layer 3 communication between secondary VLANs in a private VLAN. [no] ip local-proxy-arp To disable Layer 3 communication between secondary VLANs in a private VLAN, use the no ip local-proxy-arp command in the INTERFACE VLAN mode for the primary VLAN. To disable Layer 3 communication in a particular secondary VLAN, use the no ip local-proxy-arp command in the INTERFACE VLAN mode for the selected secondary VLAN. Note: Even after ip-local-proxy-arp is disabled (no ip-local-proxy-arp) in a secondary VLAN, Layer 3 communication may happen between some secondary VLAN hosts, until the ARP timeout happens on those secondary VLAN hosts.

Defaults Command Modes

Layer 3 communication is disabled between secondary VLANs in a private VLAN. INTERFACE VLAN

1242

Private VLAN (PVLAN)

private-vlan mode

Command History Related Commands

Version 7.8.1.0

Introduced on C-Series and S-Series

private-vlan mode private-vlan mapping secondary-vlan show arp show interfaces private-vlan show vlan private-vlan switchport mode private-vlan

Set the mode of the selected VLAN to community, isolated, or primary. Map secondary VLANs to the selected primary VLAN. Display the ARP table. Display type and status of PVLAN interfaces. Display PVLANs and/or interfaces that are part of a PVLAN. Set the PVLAN mode of the selected port.

private-vlan mode
cs
Syntax

Set the PVLAN mode of the selected VLAN to community, isolated, or primary. [no] private-vlan mode {community | isolated | primary} To remove the PVLAN configuration, use the no private-vlan mode {community | isolated | primary} command syntax.

Parameters

community isolated primary

Enter community to set the VLAN as a community VLAN, as described above. Enter isolated to configure the VLAN as an isolated VLAN, as described above. Enter primary to configure the VLAN as a primary VLAN, as described above.

Defaults Command Modes Command History Usage Information

none INTERFACE VLAN

Version 7.8.1.0 Introduced on C-Series and S-Series

The VLAN: Can be in only one mode, either community, isolated, or primary. Mode can be set to community or isolated even before associating it to a primary VLAN. This secondary VLAN will continue to work normally as a normal VLAN even though it is not associated to a primary VLAN. (A syslog message indicates this.) Must not have a port in it when the VLAN mode is being set.

Only ports (and port channels) configured as promiscuous, host, or PVLAN trunk ports (as described above) can be added to the PVLAN. No other regular ports can be added to the PVLAN. After using this command to configure a VLAN as a primary VLAN, use the private-vlan mapping secondary-vlan command to map secondary VLANs to this VLAN.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1243

private-vlan mapping secondary-vlan

Related Commands

private-vlan mapping secondary-vlan show interfaces private-vlan show vlan private-vlan show vlan private-vlan mapping switchport mode private-vlan

Set the mode of the selected VLAN to primary and then associate secondary VLANs to it. Display type and status of PVLAN interfaces. Display PVLANs and/or interfaces that are part of a PVLAN. Display primary-secondary VLAN mapping. Set the PVLAN mode of the selected port.

private-vlan mapping secondary-vlan

cs
Syntax

Map secondary VLANs to the selected primary VLAN. [no] private-vlan mapping secondary-vlan vlan-list To remove specific secondary VLANs from the configuration, use the no private-vlan mapping secondary-vlan vlan-list command syntax.

Parameters

vlan-list

Enter the list of secondary VLANs to associate with the selected primary VLAN, as described above. The list can be in comma-delimited or hyphenated-range

format, following the convention for range input.

Defaults Command Modes Command History Usage Information

none INTERFACE VLAN

Version 7.8.1.0 Introduced on C-Series and S-Series

The list of secondary VLANs can be: Specified in comma-delimited or hyphenated-range format. Specified with this command even before they have been created. Amended by specifying the new secondary VLAN to be added to the list.
private-vlan mode show interfaces private-vlan show vlan private-vlan show vlan private-vlan mapping switchport mode private-vlan Set the mode of the selected VLAN to community, isolated, or primary. Display type and status of PVLAN interfaces. Display PVLANs and/or interfaces that are part of a PVLAN. Display primary-secondary VLAN mapping. Set the PVLAN mode of the selected port.

Related Commands

1244

Private VLAN (PVLAN)

show interfaces private-vlan

cs
Syntax Parameters

Display type and status of PVLAN interfaces. show interfaces private-vlan [interface interface] interface interface
(OPTIONAL) Enter the keyword interface, followed by the ID of the specific interface for which to display PVLAN status.

Defaults Command Modes

none EXEC EXEC Privilege

Command History Usage Information Examples

Version 7.8.1.0

Introduced on C-Series and S-Series

This command has two types of display a list of all PVLAN interfaces or for a specific interface. Examples of both types of output are shown below. Figure 411 show interfaces private-vlan Command Output
Force10# show interfaces private-vlan Interface Vlan PVLAN-Type Interface Type --------- ---- ---------- -------------Gi 2/1 10 Primary Promiscuous Gi 2/2 100 Isolated Host Gi 2/3 10 Primary Trunk Gi 2/4 101 Community Host Status -------Up Down Up Up

Force10# show interfaces private-vlan Gi Interface Vlan PVLAN-Type Interface Type --------- ---- ---------- -------------Gi 2/2 100 Isolated Host

2/2 Status -------Up

The table, below, defines the fields in the output, above. Table 122 show interfaces description Command Example Fields
Field Interface Vlan PVLAN-Type Interface Type Status Description Displays type of interface and associated slot and port number Displays the VLAN ID of the designated interface Displays the type of VLAN in which the designated interface resides Displays the PVLAN port type of the designated interface. States whether the interface is operationally up or down.

Related Commands

private-vlan mode show vlan private-vlan

Set the mode of the selected VLAN to community, isolated, or primary. Display PVLANs and/or interfaces that are part of a PVLAN.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1245

show vlan private-vlan

show vlan private-vlan mapping switchport mode private-vlan

Display primary-secondary VLAN mapping. Set the PVLAN mode of the selected port.

show vlan private-vlan

cs
Syntax

Display PVLANs and/or interfaces that are part of a PVLAN. show vlan private-vlan [community | interface | isolated | primary | primary_vlan | interface interface] community interface isolated primary primary_vlan interface interface
(OPTIONAL) Enter the keyword community to display VLANs configured as community VLANs, along with their interfaces. (OPTIONAL) Enter the keyword community to display VLANs configured as community VLANs, along with their interfaces. (OPTIONAL) Enter the keyword isolated to display VLANs configured as isolated VLANs, along with their interfaces. (OPTIONAL) Enter the keyword primary to display VLANs configured as primary VLANs, along with their interfaces. (OPTIONAL) Enter a private VLAN ID or secondary VLAN ID to display interface details about the designated PVLAN. (OPTIONAL) Enter the keyword interface and an interface ID to display the PVLAN configuration of the designated interface.

Parameters

Defaults Command Modes

none EXEC EXEC Privilege

Command History Usage Information

Version 7.8.1.0

Introduced on C-Series and S-Series

Examples of all types of command output are shown below. The first type of output is the result of not entering an optional keyword. It displays a detailed list of all PVLANs and their member VLANs and interfaces. The other types of output show details about PVLAN subsets. Figure 412 show vlan private-vlan Command Output
Force10# show vlan private-vlan Primary Secondary Type Active ------- --------- --------- -----10 primary Yes 100 isolated Yes 101 community Yes 20 primary Yes 200 201 202 isolated Yes community No community Yes Ports -----------------------Gi 2/1,3 Gi 2/2 Gi 2/10 Po 10, 12-13 Gi 3/1 Gi 3/2,4-6 Gi 3/11-12

Examples

1246

Private VLAN (PVLAN)

show vlan private-vlan

Force10# show vlan private-vlan primary Primary Secondary Type Active Ports ------- --------- --------- ------ -----------------------10 primary Yes Gi 2/1,3 20 primary Yes Gi 3/1,3

Force10# show vlan private-vlan isolated Primary Secondary Type Active Ports ------- --------- --------- ------ -----------------------10 primary Yes Gi 2/1,3 100 isolated Yes Gi 2/2,4-6 200 isolated Yes Gi 3/2,4-6

Force10# show vlan private-vlan community Primary Secondary Type Active Ports ------- --------- --------- ------ -----------------------10 primary Yes Gi 2/1,3 101 community Yes Gi 2/7-10 20 primary Yes Po 10, 12-13 Gi 3/1 201 community No 202 community Yes Gi 3/11-12

Force10# show vlan private-vlan interface Gi 2/1 Primary Secondary Type Active Ports ------- --------- --------- ------ -----------------------10 primary Yes Gi 2/1

If the VLAN ID is that of a primary VLAN, then the entire private VLAN output will be displayed, as shown in Figure 413. If the VLAN ID is a secondary VLAN, only its primary VLAN and its particular secondary VLAN properties will be displayed, as shown in Figure 414. Figure 413 Output of show vlan private-vlan (primary)
Force10# show vlan private-vlan 10 Primary Secondary Type Active ------- --------- --------- -----10 primary Yes 1020 isolated Yes 101 community Yes Ports -----------------------Gi 2/1,3 Gi 0/4 Gi 2/7-10

Figure 414 Output of show vlan private-vlan (secondary)

Force10#show vlan private-vlan 102 Primary Secondary Type Active Ports ------- --------- --------- ------ -----------------------------------------10 Primary Yes Po 1 Gi 0/2 102 Isolated Yeso Gi 0/4

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1247

show vlan private-vlan mapping

The table, below, defines the fields in the output, above. Table 123 show interfaces description Command Example Fields
Field Primary Secondary Type Active Ports Description Displays the VLAN ID of the designated or associated primary VLAN(s) Displays the VLAN ID of the designated or associated secondary VLAN(s Displays the type of VLAN in which the listed interfaces reside States whether the interface is operationally up or down Displays the interface IDs in the listed VLAN.

Related Commands

private-vlan mode show interfaces private-vlan show vlan private-vlan mapping switchport mode private-vlan

Set the mode of the selected VLAN to either community or isolated. Display type and status of PVLAN interfaces. Display primary-secondary VLAN mapping. Set the PVLAN mode of the selected port.

show vlan private-vlan mapping

cs
Syntax Defaults Command Modes

Display primary-secondary VLAN mapping. show vlan private-vlan mapping none EXEC EXEC Privilege

Command History Usage Information

Version 7.8.1.0

Introduced on C-Series and S-Series

The output of this command, shown below, displays the community and isolated VLAN IDs that are associated with each primary VLAN. Figure 415 show vlan private-vlan mapping Command Output
Force10# show vlan private-vlan mapping Private Vlan: Primary : 100 Isolated : 102 Community : 101 Unknown : 200

1248

Private VLAN (PVLAN)

switchport mode private-vlan

Related Commands

private-vlan mode show interfaces private-vlan show vlan private-vlan mapping switchport mode private-vlan

Set the mode of the selected VLAN to either community or isolated. Display type and status of PVLAN interfaces. Display primary-secondary VLAN mapping. Set the PVLAN mode of the selected port.

switchport mode private-vlan

cs
Syntax

Set the PVLAN mode of the selected port. [no] switchport mode private-vlan {host | promiscuous | trunk} To remove the PVLAN mode from the selected port, use the no switchport mode private-vlan command.

Parameters

host promiscuous trunk

Enter host to configure the selected port or port channel as an isolated interface in a PVLAN, as described above. Enter promiscuous to configure the selected port or port channel as an promiscuous interface, as described above. Enter trunk to configure the selected port or port channel as a trunk port in a PVLAN, as described above.

Defaults Command Modes Command History Usage Information Example

disabled INTERFACE
Version 7.8.1.0 Introduced on C-Series and S-Series

The assignment of the various PVLAN port types to port and port channel (LAG) interfaces is demonstrated below. Figure 416 Examples of switchport mode private-vlan Command
Force10#conf Force10(conf)#interface GigabitEthernet 2/1 Force10(conf-if-gi-2/1)#switchport mode private-vlan promiscuous Force10(conf)#interface GigabitEthernet 2/2 Force10(conf-if-gi-2/2)#switchport mode private-vlan host Force10(conf)#interface GigabitEthernet 2/3 Force10(conf-if-gi-2/3)#switchport mode private-vlan trunk Force10(conf)#interface port-channel 10 Force10(conf-if-gi-2/3)#switchport mode private-vlan promiscuous

Related Commands

private-vlan mode private-vlan mapping secondary-vlan

Set the mode of the selected VLAN to either community or isolated. Set the mode of the selected VLAN to primary and then associate secondary VLANs to it.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1249

switchport mode private-vlan

show interfaces private-vlan show vlan private-vlan mapping

Display type and status of PVLAN interfaces. Display primary-secondary VLAN mapping.

1250

Private VLAN (PVLAN)

Chapter 46

Per-VLAN Spanning Tree plus (PVST+)

Overview
The FTOS implementation of PVST+ (Per-VLAN Spanning Tree plus) is based on the IEEE 802.1d standard Spanning Tree Protocol, but it creates a separate spanning tree for each VLAN configured. PVST+ (Per-VLAN Spanning Tree plus) is supported by FTOS on all Force10 systems, as indicated by the characters that appear below each command heading: C-Series: c E-Series: e S-Series: s

Commands
The FTOS PVST+ commands are: disable description extend system-id protocol spanning-tree pvst show spanning-tree pvst spanning-tree pvst spanning-tree pvst err-disable tc-flush-standard vlan bridge-priority vlan forward-delay vlan hello-time vlan max-age

Note: For easier command line entry, the plus (+) sign is not used at the command
line.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1251

disable

disable
ces
Syntax

Disable PVST+ globally. disable To enable PVST+, enter no disable.

Defaults Command Modes Command History

PVST+ is disabled CONFIGURATION (conf-pvst)

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Support added for S-Series Support added for C-Series Introduced on E-Series Enter PVST+ mode.

Related Commands

protocol spanning-tree pvst

description
ces
Syntax

Enter a description of the PVST+ description {description} To remove the description, use the no description {description} command.

Parameters

description

Enter a description to identify the Spanning Tree (80 characters maximum).

Defaults Command Modes Command History Related Commands

No default behavior or values SPANNING TREE PVST+ (The prompt is config-pvst.)

pre-7.7.1.0 Introduced

protocol spanning-tree pvst

Enter SPANNING TREE mode on the switch.

1252

Per-VLAN Spanning Tree plus (PVST+)

extend system-id

extend system-id
ces
Use Extend System ID to augment the Bridge ID with a VLAN ID so that PVST+ differentiate between BPDUs for each VLAN. If for some reason on VLAN receives a BPDU meant for another VLAN, PVST+ will then not detect a loop, and both ports can remain in forwarding state. extend system-id Disabled PROTOCOL PVST
Version 8.3.1.0 Introduced

Syntax Defaults Command Modes Command History Example

Force10(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773, Address 0001.e832.73f7 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32773 (priority 32768 sys-id-ext 5), Address 0001.e832.73f7 We are the root of Vlan 5 Configured hello time 2, max age 20, forward delay 15 Interface Name ---------Gi 0/10 Gi 0/12 Interface Name ---------Gi 0/10 Gi 0/12 PortID -------128.140 128.142 Role -----Desg Dis Prio ---128 128 Cost -----200000 200000 Prio ---128 128 Sts --FWD DIS Designated Cost Bridge ID PortID ------- -------------------- -------0 32773 0001.e832.73f7 128.140 0 32773 0001.e832.73f7 128.142 Sts --FWD DIS Cost ------0 0 Link-type Edge --------- -----------------------P2P No P2P No

PortID -------128.140 128.142

Cost ------200000 200000

Related Commands

protocol spanning-tree pvst

Enter SPANNING TREE mode on the switch.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1253

protocol spanning-tree pvst

ces
Syntax

Enter the PVST+ mode to enable PVST+ on a device. protocol spanning-tree pvst To disable PVST+, use the disable command.

Defaults Command Modes Command History

This command has no default value or behavior. CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 Version 6.2.1.1 Support added for S-Series Support added for C-Series Introduced

Example

Figure 417 Configuring with protocol spanning-tree pvst Command

Force10#conf Force10(conf)#protocol spanning-tree pvst Force10(conf-pvst)#no disable Force10(conf-pvst)#vlan 2 bridge-priority 4096 Force10(conf-pvst)#vlan 3 bridge-priority 16384 Force10(conf-pvst)# Force10(conf-pvst)#show config ! protocol spanning-tree pvst no disable vlan 2 bridge-priority 4096 vlan 3 bridge-priority 16384 Force10#

Usage Information Related Commands

Once PVST+ is enabled, the device runs an STP instance for each VLAN it supports.

disable show spanning-tree pvst

Disable PVST+. Display the PVST+ configuration.

1254

Per-VLAN Spanning Tree plus (PVST+)

show spanning-tree pvst

ces
Syntax Parameters

View the Per-VLAN Spanning Tree configuration. show spanning-tree pvst [vlan vlan-id] [brief] [guard] vlan vlan-id brief Interface
(OPTIONAL) Enter the keyword vlan followed by the VLAN ID. Range: 1 to 4094 (OPTIONAL) Enter the keyword brief to view a synopsis of the PVST+ configuration information. (OPTIONAL) Enter one of the interface keywords along with the slot/ port information: For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

guard

(OPTIONAL) Enter the keyword guard to display the type of guard enabled on a PVST interface and the current port state.

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History

Version 8.5.1.0 Version 8.4.2.1 Version 7.6.1.0 Version 7.5.1.0 Version 6.4.1.0 Version 6.2.1.1

Support for the optional guard keyword was added on the E-Series ExaScale. Support for the optional guard keyword was added on the C-Series, S-Series, and E-Series TeraScale. Support added for S-Series Support added for C-Series Expanded to display port error disable state (EDS) caused by loopback BPDU inconsistency and Port VLAN ID inconsistency. Introduced

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1255

show spanning-tree pvst

Example 1

Figure 418 show spanning-tree pvst brief Command

Force10#show spanning-tree pvst vlan 3 brief VLAN 3 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 4096, Address 0001.e801.6aa8 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 16384, Address 0001.e805.e306 Configured hello time 2, max age 20, forward delay 15 Interface Name ---------Gi 1/0 Gi 1/1 Gi 1/16 Gi 1/17 Interface Name ---------Gi 1/0 Gi 1/1 Gi 1/16 Gi 1/17 PortID -------128.130 128.131 128.146 128.147 Role -----Root Altr Desg Desg Prio ---128 128 128 128 Cost -----20000 20000 20000 20000 Prio ---128 128 128 128 Sts --FWD BLK FWD FWD Cost ------20000 20000 20000 20000 Sts --FWD BLK FWD FWD Designated Bridge ID PortID -------------------- -------4096 0001.e801.6aa8 128.426 4096 0001.e801.6aa8 128.427 16384 0001.e805.e306 128.146 16384 0001.e805.e306 128.147 Cost ------20000 20000 20000 20000 Link-type --------P2P P2P P2P P2P Edge ---No No Yes Yes

PortID -------128.130 128.131 128.146 128.147

Cost ------20000 20000 20000 20000

Example 2

Figure 419 show spanning-tree pvst vlan Command

Force10#show spanning-tree pvst vlan 2 VLAN 2 Root Identifier has priority 4096, Address 0001.e805.e306 Root Bridge hello time 2, max age 20, forward delay 15 Bridge Identifier has priority 4096, Address 0001.e805.e306 Configured hello time 2, max age 20, forward delay 15 We are the root of VLAN 2 Current root has priority 4096, Address 0001.e805.e306 Number of topology changes 3, last change occured 00:57:00 Port 130 (GigabitEthernet 1/0) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.130 Designated root has priority 4096, address 0001.e805.e3:06 Designated bridge has priority 4096, address 0001.e805.e3:06 Designated port id is 128.130, designated path cost 0 Number of transitions to forwarding state 1 BPDU sent 1567, received 3 The port is not in the Edge port mode Port 131 (GigabitEthernet 1/1) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.131 Designated root has priority 4096, address 0001.e805.e3:06 Designated bridge has priority 4096, address 0001.e805.e3:06 Designated port id is 128.131, designated path cost 0 Number of transitions to forwarding state 1 BPDU sent 1567, received 0 The port is not in the Edge port mode Port 146 (GigabitEthernet 1/16) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.146 Designated root has priority 4096, address 0001.e805.e3:06 Designated bridge has priority 4096, address 0001.e805.e3:06 Designated port id is 128.146, designated path cost 0 Number of transitions to forwarding state 1 BPDU sent 1578, received 0 The port is in the Edge port mode Port 147 (GigabitEthernet 1/17) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.147 Designated root has priority 4096, address 0001.e805.e3:06 Designated bridge has priority 4096, address 0001.e805.e3:06 Designated port id is 128.147, designated path cost 0 Number of transitions to forwarding state 1 BPDU sent 1579, received 0 The port is in the Edge port mode

1256

Per-VLAN Spanning Tree plus (PVST+)

show spanning-tree pvst

Example 3

Figure 420 show spanning-tree pvst command with EDS and LBK

Force10#show spanning-tree pvst vlan 2 interface gigabitethernet 1/0 GigabitEthernet 1/0 of VLAN 2 is LBK_INC discarding Edge port:no (default) port guard :none (default) Link type: point-to-point (auto) bpdu filter:disable (default) Bpdu guard :disable (default) Bpdus sent 152, received 27562

Loopback BPDU Inconsistency (LBK_INC)

Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID --------- -------- ---- ------- --- ------- -------------------- -------Gi 1/0 128.1223 128 20000 EDS 0 32768 0001.e800.a12b 128.1223

Example 4

Figure 421 show spanning-tree pvst with EDS and PVID

Force10#show spanning-tree pvst vlan 2 interface gigabitethernet 1/0 GigabitEthernet 1/0 of VLAN 2 is PVID_INC discarding Edge port:no (default) port guard :none (default) Link type: point-to-point (auto) bpdu filter:disable (default) Bpdu guard :disable (default) Bpdus sent 1, received 0 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID --------- -------- ---- ------- --- ------- -------------------- -------Gi 1/0 128.1223 128 20000 EDS 0 32768 0001.e800.a12b 128.1223

Port VLAN ID (PVID) Inconsistency

Example 5

Figure 422 show spanning-tree pvst guard Command

Force10#show spanning-tree pvst vlan 5 guard Interface Name Instance Sts Guard type --------- ------------------------Gi 0/1 5 INCON(Root) Rootguard Gi 0/2 5 FWD Loopguard Gi 0/3 5 EDS(Shut) Bpduguard

Table 124 show spanning-tree pvst guard Command Information Field

Interface Name Instance Sts Guard Type

Description
PVST interface PVST instance Port state: root-inconsistent (INCON Root), forwarding (FWD), listening (LIS), blocking (BLK), or shut down (EDS Shut) Type of STP guard configured (Root, Loop, or BPDU guard)

Related Commands

spanning-tree pvst

Configure PVST+ on an interface.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1257

spanning-tree pvst

spanning-tree pvst
ces
Configure a PVST+ interface with one of these settings: edge port with optional Bridge Port Data Unit (BPDU) guard, port diablement if an error condition occurs, port priority or cost for a VLAN range, loop guard, or root guard. spanning-tree pvst {edge-port [bpduguard [shutdown-on-violation]] | err-disable | vlan vlan-range {cost number | priority value} | loopguard | rootguard} edge-port bpduguard
Enter the keyword edge-port to configure the interface as a PVST+ edge port. Enter the keyword portfast to enable Portfast to move the interface into forwarding mode immediately after the root fails. Enter the keyword bpduguard to disable the port when it receives a BPDU. (OPTIONAL) Enter the keyword shutdown-on-violation to hardware disable an interface when a BPDU is received and the port is disabled. Enter the keyword err-disable to enable the port to be put into error-disable state (EDS) if an error condition occurs. Enter the keyword vlan followed by the VLAN number(s). Range: 1 to 4094 Enter the keyword cost followed by the port cost value. Range: 1 to 200000 Defaults: 100 Mb/s Ethernet interface = 200000 1-Gigabit Ethernet interface = 20000 10-Gigabit Ethernet interface = 2000 Port Channel interface with one 100 Mb/s Ethernet = 200000 Port Channel interface with one 1-Gigabit Ethernet = 20000 Port Channel interface with one 10-Gigabit Ethernet = 2000 Port Channel with two 1-Gigabit Ethernet = 18000 Port Channel with two 10-Gigabit Ethernet = 1800 Port Channel with two 100-Mbps Ethernet = 180000 Enter the keyword priority followed the Port priority value in increments of 16. Range: 0 to 240. Default: 128 Enter the keyword loopguard to enable loop guard on a PVST+ port or port-channel interface. Enter the keyword rootguard to enable root guard on a PVST+ port or port-channel interface.

Syntax

Parameters

shutdown-onviolation err-disable vlan vlan-range cost number

priority value loopguard rootguard

Defaults Command Modes

Not Configured INTERFACE

1258

Per-VLAN Spanning Tree plus (PVST+)

spanning-tree pvst

Command History

Version 8.5.1.0 Version 8.4.2.1 Version 8.2.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 Version 6.2.1.1

Introduced the loopguard and rootguard options on the E-Series ExaScale. Introduced the loopguard and rootguard options on the E-Series TeraScale, C-Series, and S-Series. Introduced hardware shutdown-on-violation option Support added for S-Series Support added for C-Series Added the optional Bridge Port Data Unit (BPDU) guard Introduced

Usage Information

The BPDU guard option prevents the port from participating in an active STP topology in case a BPDU appears on a port unintentionally, or is misconfigured, or is subject to a DOS attack. This option places the port into an error disable state if a BPDU appears, and a message is logged so that the administrator can take corrective action.

Note: A port configured as an edge port, on a PVST switch, will immediately

transition to the forwarding state. Only ports connected to end-hosts should be configured as an edge port. Consider an edge port similar to a port with a spanning-tree portfast enabled. If shutdown-on-violation is not enabled, BPDUs will still be sent to the RPM CPU. Root guard and loop guard cannot be enabled at the same time on a port. For example, if you configure loop guard on a port on which root guard is already configured, the following error message is displayed:
% Error: RootGuard is configured. Cannot configure LoopGuard.

When used in a PVST+ network, loop guard is performed per-port or per-port channel at a VLAN level. If no BPDUs are received on a VLAN interface, the port or port-channel transitions to a loop-inconsistent (blocking) state only for this VLAN. Enabling Portfast BPDU guard and loop guard at the same time on a port results in a port that remains in a blocking state and prevents traffic from flowing through it. For example, when Portfast BPDU guard and loop guard are both configured: If a BPDU is received from a remote device, BPDU guard places the port in an err-disabled blocking state and no traffic is forwarded on the port. If no BPDU is received from a remote device, loop guard places the port in a loop-inconsistent blocking state and no traffic is forwarded on the port.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1259

spanning-tree pvst err-disable

Example

Figure 423 spanning-tree pvst vlan Command Example

Force10(conf-if-gi-1/1)#spanning-tree pvst vlan 3 cost 18000 Force10(conf-if-gi-1/1)#end Force10(conf-if-gi-1/1)#show config ! interface GigabitEthernet 1/1 no ip address switchport spanning-tree pvst vlan 3 cost 18000 no shutdown Force10(conf-if-gi-1/1)#end Force10#

Related Commands

show spanning-tree pvst

View PVST+ configuration

spanning-tree pvst err-disable

ces
Syntax Defaults

Place ports in an err-disabled state if they receive a PVST+ BPDU when they are members an untagged VLAN. spanning-tree pvst err-disable cause invalid-pvst-bpdu Enabled; ports are placed in err-disabled state if they receive a PVST+ BPDU when they are members of an untagged VLAN. INTERFACE
Version 8.2.1.0 Introduced

Command Modes Command History Usage Information

Some non-Force10 systems which have hybrid ports participating in PVST+ transmit two kinds of BPDUs: an 802.1D BPDU and an untagged PVST+ BPDU. Force10 systems do not expect PVST+ BPDU on an untagged port. If this happens, FTOS places the port in error-disable state. This behavior might result in the network not converging. To prevent FTOS from executing this action, use the command no spanning-tree pvst err-disable cause invalid-pvst-bpdu.

Related Commands

show spanning-tree pvst

View the PVST+ configuration.

1260

Per-VLAN Spanning Tree plus (PVST+)

tc-flush-standard

tc-flush-standard
ces
Syntax

Enable the MAC address flushing upon receiving every topology change notification. tc-flush-standard To disable, use the no tc-flush-standard command.

Defaults Command Modes Command History

Disabled CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 Version 6.5.1.0 Support added for S-Series Support added for C-Series Introduced

Usage Information

By default FTOS implements an optimized flush mechanism for PVST+. This helps in flushing the MAC addresses only when necessary (and less often) allowing for faster convergence during topology changes. However, if a standards-based flush mechanism is needed, this knob command can be turned on to enable flushing MAC addresses upon receiving every topology change notification.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1261

vlan bridge-priority

vlan bridge-priority
ces
Syntax

Set the PVST+ bridge-priority for a VLAN or a set of VLANs. vlan vlan-range bridge-priority value To return to the default value, enter no vlan bridge-priority command.

Parameters

vlan vlan-range bridge-priority value

Enter the keyword vlan followed by the VLAN number(s). Range: 1 to 4094 Enter the keyword bridge-priority followed by the bridge priority value in increments of 4096. Range: 0 to 61440 Default: 32768

Defaults Command Modes Command History

32768 CONFIGURATION (conf-pvst)

Version 7.6.1.0 Version 7.5.1.0 Version 6.2.1.1 Support added for S-Series Support added for C-Series Introduced Change the time interval before FTOS transitions to the forwarding state Change the time interval between BPDUs Change the time interval before PVST+ refreshes Display the PVST+ configuration

Related Commands

vlan forward-delay vlan hello-time vlan max-age show spanning-tree pvst

1262

Per-VLAN Spanning Tree plus (PVST+)

vlan forward-delay

vlan forward-delay
ces
Syntax

Set the amount of time the interface waits in the Listening State and the Learning State before transitioning to the Forwarding State. vlan vlan-range forward-delay seconds To return to the default setting, enter no vlan forward-delay command.

Parameters

vlan vlan-range forward-delay seconds

Enter the keyword vlan followed by the VLAN number(s). Range: 1 to 4094 Enter the keyword forward-delay followed by the time interval, in seconds, that FTOS waits before transitioning PVST+ to the forwarding state. Range: 4 to 30 seconds Default: 15 seconds

Defaults Command Modes Command History

15 seconds CONFIGURATION (conf-pvst)

Version 7.6.1.0 Version 7.5.1.0 Version 6.2.1.1 Support added for S-Series Support added for C-Series Introduced Set the bridge-priority value Change the time interval between BPDUs Change the time interval before PVST+ refreshes Display the PVST+ configuration

Related Commands

vlan bridge-priority vlan hello-time vlan max-age show spanning-tree pvst

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1263

vlan hello-time

vlan hello-time
ces
Syntax

Set the time interval between generation of PVST+ Bridge Protocol Data Units (BPDUs). vlan vlan-range hello-time seconds To return to the default value, enter no vlan hello-time command.

Parameters

vlan vlan-range hello-time seconds

Enter the keyword vlan followed by the VLAN number(s). Range: 1 to 4094 Enter the keyword hello-time followed by the time interval, in seconds, between transmission of BPDUs. Range: 1 to 10 seconds Default: 2 seconds

Defaults Command Modes Command History

2 seconds CONFIGURATION (conf-pvst)

Version 7.6.1.0 Version 7.5.1.0 Version 6.2.1.1 Support added for S-Series Support added for C-Series Introduced Set the bridge-priority value Change the time interval before FTOS transitions to the forwarding state Change the time interval before PVST+ refreshes Display the PVST+ configuration

Related Commands

vlan bridge-priority vlan forward-delay vlan max-age show spanning-tree pvst

1264

Per-VLAN Spanning Tree plus (PVST+)

vlan max-age

vlan max-age
ces
Syntax

Set the time interval for the PVST+ bridge to maintain configuration information before refreshing that information. vlan vlan-range max-age seconds To return to the default, use the no vlan max-age command.

Parameters

vlan vlan-range max-age seconds

Enter the keyword vlan followed by the VLAN number(s). Range: 1 to 4094 Enter the keyword max-age followed by the time interval, in seconds, that FTOS waits before refreshing configuration information. Range: 6 to 40 seconds Default: 20 seconds

Defaults Command Modes Command History

20 seconds CONFIGURATION (conf-pvst)

Related Commands

vlan bridge-priority vlan forward-delay vlan hello-time show spanning-tree pvst

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1265

vlan max-age

1266

Per-VLAN Spanning Tree plus (PVST+)

Chapter 47
Overview

Quality of Service (QoS)

FTOS commands for Quality of Service (QoS) include traffic conditioning and congestion control. QoS commands are not universally supported on all Force10 platforms. Support is indicated by the c , e and s characters under command headings. This chapter contains the following sections: Global Configuration Commands Per-Port QoS Commands Policy-Based QoS Commands Queue-Level Debugging (E-Series Only)

Global Configuration Commands

qos-rate-adjust

qos-rate-adjust
ces
By default, while rate limiting, policing, and shaping, FTOS does not include the Preamble, SFD, or the IFG fields. These fields are overhead; only the fields from MAC Destination Address to the CRC are used for forwarding and are included in these rate metering calculations. You can optionally include overhead fields in rate metering calculations by enabling QoS Rate Adjustment. qos-rate-adjustment overhead-bytes overhead-bytes
Include a specified number of bytes of packet overhead to include in rate limiting, policing, and shaping calculations. C-Series and S-Series Range: 1-31 E-Series Range: 1-144

Syntax Parameters

Defaults

QoS Rate Adjustment is disabled by default, and no qos-rate-adjust is listed in the running-configuration

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1267

dot1p-priority

Command Modes Command History

CONFIGURATION
Version 8.3.1.0 Introduced

Per-Port QoS Commands

Per-port QoS (port-based QoS) allows users to defined QoS configuration on a per-physical-port basis. The commands include: dot1p-priority rate limit rate police rate shape service-class dynamic dot1p show interfaces rate strict-priority queue

dot1p-priority
ces
Syntax

Assign a value to the IEEE 802.1p bits on the traffic received by this interface. dot1p-priority priority-value To delete the IEEE 802.1p configuration on the interface, enter no dot1p-priority.

Parameters

priority-value

Enter a value from 0 to 7. dot1p Queue Number 0 2 1 0 2 1 3 3 4 4 5 5 6 6 7 7 For the C-Series and S-Series, enter a value 0, 2, 4, or 6 dot1p Queue Number 0 1 1 0 2 0 3 1 4 2 5 2 6 3 7 3

1268

Quality of Service (QoS)

rate limit

Defaults Command Modes Command History

No default behavior or values INTERFACE

Version 7.5.1.0 Introduced on C-Series

pre-Version 6.1.1.1 Introduced on E-Series Usage Information

The dot1p-priority command changes the priority of incoming traffic on the interface. The system places traffic marked with a priority in the correct queue and processes that traffic according to its queue. When you set the priority for a Port Channel, the physical interfaces assigned to the Port Channel are configured with the same value. You cannot assign dot1p-priority command to individual interfaces in a Port Channel.

rate limit
e
Syntax

Limit the outgoing traffic rate on the selected interface. rate limit [kbps] committed-rate [burst-KB] [peak [kbps] peak-rate [burst-KB]] [vlan vlan-id] kbps
Enter this keyword to specify the rate limit in Kilobits per second (Kbps). On the E-Series, Force10 recommends using a value greater than or equal to 512 as lower values does not yeild accruate results.The default granularity is Megabits per second (Mbps). Range: 0-10000000 Enter the bandwidth in Mbps Range: 0 to 10000 (OPTIONAL) Enter the burst size in KB. Range: 16 to 200000 Default: 50 (OPTIONAL) Enter the keyword peak followed by a number to specify the peak rate in Mbps. Range: 0 to 10000 (OPTIONAL) Enter the keyword vlan followed by a VLAN ID to limit traffic to those specific VLANs. Range: 1 to 4094

Parameters

committed-rate burst-KB

peak peak-rate

vlan vlan-id

Defaults Command Modes Command History

Granularity for commited-rate and peak-rate is Mbps unless the kbps option is used. INTERFACE
Version 8.2.1.0 Version 7.7.1.0 Version 7.5.1.0 Added kbps option on E-Series. Removed from C-Series Introduced on C-Series

pre-Version 6.1.1.1 Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1269

rate police

Usage Information

Note: Per Port rate limit and rate police is supported for Layer 2 tagged and
untagged switched traffic and for Layer 3 traffic. Per VLAN rate limit and rate police is supported on only tagged ports with Layer 2 switched traffic. On one interface, you can configure the rate limit or rate police command for a VLAN or you can configure the rate limit or the rate police command for the interface. For each physical interface, you can configure six rate limit commands specifying different VLANS. If you receive the error message:

%Error: Specified VLANs overlap with existing config.

after configuring VLANs in the rate police command, check to see if the same VLANs are used in rate limit command on other interfaces. To clear the problem, remove the rate limit configuration(s), and re-configure the rate police command. After the rate police command is configured, return to the other interfaces and re-apply the rate limit configuration.

rate police
ces
Syntax

Police the incoming traffic rate on the selected interface. rate police [kbps] committed-rate [burst-KB] [peak [kbps] peak-rate [burst-KB]] [vlan vlan-id] kbps
Enter this keyword to specify the rate limit in Kilobits per second (Kbps). On C-Series and S-Series make the following value a multiple of 64. On the E-Series, Force10 recommends using a value greater than or equal to 512 as lower values does not yeild accruate results. The default granularity is Megabits per second (Mbps). Range: 0-10000000 Enter a number as the bandwidth in Mbps. Range: 0 to 10000 (OPTIONAL) Enter a number as the burst size in KB. Range: 16 to 200000 Default: 50 (OPTIONAL) Enter the keyword peak followed by a number to specify the peak rate in Mbps. Range: 0 to 10000 (OPTIONAL) Enter the keyword vlan followed by a VLAN ID to police traffic to those specific VLANs. Range: 1 to 4094

Parameters

committed-rate burst-KB

peak peak-rate

vlan vlan-id

Defaults

Granularity for commited-rate and peak-rate is Mbps unless the kbps option is used.

1270

Quality of Service (QoS)

rate police

Command Mode Command History

INTERFACE
Version 8.2.1.0 Version 7.6.1.0 Version 7.5.1.0 Added kbps option on C-Series, E-Series, and Series. Introduced on S-Series Introduced on C-Series

pre-Version 6.1.1.1 Introduced on E-Series Usage Information

C-Series and S-Series

On one interface, you can configure the rate police command for a VLAN or you can configure the rate police command for an interface. For each physical interface, you can configure three rate police commands specifying different VLANS.

E-Series
On one interface, you can configure the rate limit or rate police command for a VLAN or you can configure the rate limit or the rate police command for the interface. For each physical interface, you can configure six rate police commands specifying different VLANS. After configuring VLANs in the rate police command, if this error message appears:

%Error: Specified VLANs overlap with existing config.

Check to see if the same VLANs are used with the rate limit command on other interfaces. To clear the problem, remove the rate limit configuration(s), and re-configure the rate police command. After the rate police command is configured, return to the other interfaces and re-apply the rate limit configuration.
Related Commands rate-police Police traffic output as part of the designated policy.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1271

rate shape

rate shape
ces
Syntax Parameters

Shape the traffic output on the selected interface. rate shape [kbps] rate [burst-KB] kbps
Enter this keyword to specify the rate limit in Kilobits per second (Kbps). On C-Series and S-Series make the following value a multiple of 64. The default granularity is Megabits per second (Mbps). Range: 0-10000000 Enter the outgoing rate in multiples of 10 Mbps. Range: 10 to 10000 (OPTIONAL) Enter a number as the burst size in KB. Range: 0 to 10000 Default: 10

rate burst-KB

Defaults Command Modes Command History

Granularity for rate is Mbps unless the kbps option is used. INTERFACE
Version 8.2.1.0 Version 7.6.1.0 Added kbps option on C-Series, E-Series, and Series. Introduced on S-Series and on C-Series

pre-Version 6.1.1.1 Introduced on E-Series Usage Information

On 40-port 10G linecards, if the traffic is shaped between 64 and 1000kbs, for some values the shaped rate is much less than the value configured. Do not use values in this range for 10G interfaces.
rate-shape Shape traffic output as part of the designated policy.

Related Commands

service-class dynamic dot1p

ces
Honor all 802.1p markings on incoming switched traffic on an interface (from INTERFACE mode) or on all interfaces (from CONFIGURATION mode). A CONFIGURATION mode entry supercedes INTERFACE mode entries. service-class dynamic dot1p To return to the default setting, enter no service-class dynamic dot1p.

Syntax

1272

Quality of Service (QoS)

service-class dynamic dot1p All dot1p traffic is mapped to Queue 0 unless service-class dynamic dot1p is enabled. Then the default mapping is as follows: Table 125 Default dot1p to Queue Mapping E-Series Queue ID 2 0 1 3 4 5 6 7 C-Series Queue ID 1 0 0 1 2 2 3 3 S-Series Queue ID 1 0 0 1 2 2 3 3

Defaults

dot1p 0 1 2 3 4 5 6 7
Command Modes

INTERFACE CONFIGURATION (C-Series and S-Series only)

Command History

Version 8.2.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 6.5.1.0 pre-Version 6.1.1.1

Available globally on the C-Series and S-Series so that the configuration applies to all ports. Introduced on S-Series Introduced on C-Series Expanded command to permit configuration on port channels Introduced on E-Series

Usage Information

Enter this command to honor all incoming 802.1p markings, on incoming switched traffic, on the interface. By default, this facility is not enabled (that is, the 802.1p markings on incoming traffic are not honored). This command can be applied on both physical interfaces and port channels. When you set the service-class dynamic for a port channel, the physical interfaces assigned to the port channel are automatically configured; you cannot assign the service-class dynamic command to individual interfaces in a port channel. On the C-Series and S-Series all traffic is by default mapped to the same queue, Queue 0. If you honor dot1p on ingress, then you can create service classes based the queueing strategy using the command service-class dynamic dot1p from INTERFACE mode. You may apply this queuing strategy to all interfaces by entering this command from CONFIGURATION mode. All dot1p traffic is mapped to Queue 0 unless service-class dynamic dot1p is enabled on an interface or globally. Layer 2 or Layer 3 service policies supercede dot1p service classes.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1273

service-class bandwidth-weight

service-class bandwidth-weight
cs
Syntax

Specify a minimum bandwidth for queues service-class bandwidth-weight queue0 number queue1 number queue2 number queue3 number number
Enter the bandwidth-weight. The value must be a power of 2. Range 1-1024.

Parameters

Defaults Command Modes Command History Usage Information

None CONFIGURATION
Version 8.2.1.0 Introduced on C-Series and S-Series.

Guarantee a minimum bandwidth to different queues globally using the command service-class bandwidth-weight from CONFIGURATION mode. The command is applied in the same way as the bandwidth-weight command in an output QoS policy. The bandwidth-weight command in QOS-POLICY-OUT mode supercedes the service-class bandwidth-weight command.

show interfaces rate

e
Syntax Parameters

Display information of either rate limiting or rate policing on the interface. show interfaces [interface] rate [limit | police] interface
(OPTIONAL) Enter the following keywords and slot/port or number information: For a 100/1000 Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

limit police
Command Mode

(OPTIONAL) Enter the keyword limit to view the outgoing traffic rate. (OPTIONAL) Enter the keyword police to view the incoming traffic rate.

EXEC EXEC Privilege

Command History

pre-Version 6.1.1.1 Introduced on E-Series

1274

Quality of Service (QoS)

show interfaces rate

Example

Figure 424 show interfaces rate limit Command Example

Force10#show interfaces gigabitEthernet 1/1 rate limit Rate limit 300 (50) peak 800 (50) Traffic Monitor 0: normal 300 (50) peak 800 (50) Out of profile yellow 23386960 red 320605113 Traffic Monitor 1: normal NA peak NA Out of profile yellow 0 red 0 Traffic Monitor 2: normal NA peak NA Out of profile yellow 0 red 0 Traffic Monitor 3: normal NA peak NA Out of profile yellow 0 red 0 Traffic Monitor 4: normal NA peak NA Out of profile yellow 0 red 0 Traffic Monitor 5: normal NA peak NA Out of profile yellow 0 red 0 Traffic Monitor 6: normal NA peak NA Out of profile yellow 0 red 0 Traffic Monitor 7: normal NA peak NA Out of profile yellow 0 red 0 Total: yellow 23386960 red 320605113

Table 126 show interfaces Command Example Fields Field

Rate limit peak Traffic monitor 0 Normal peak Out of profile Yellow Out of profile Red Traffic monitor 1 Traffic monitor 2 Traffic monitor 3 Traffic monitor 4 Traffic monitor 5 Traffic monitor 6 Traffic monitor 7 Total: yellow Total: red

Description
Committed rate (Mbs) and burst size (KB) of the committed rate Peak rate (Mbs) and burst size (KB) of the peak rate Traffic coming to class 0 Committed rate (Mbs) and burst size (KB) of the committed rate Peak rate (Mbs) and burst size (KB) of the peak rate Number of packets that have exceeded the configured committed rate Number of packets that have exceeded the configured peak rate Traffic coming to class 1 Traffic coming to class 2 Traffic coming to class 3 Traffic coming to class 4 Traffic coming to class 5 Traffic coming to class 6 Traffic coming to class 7 Total number of packets that have exceeded the configured committed rate Total number of packets that have exceeded the configured peak rate

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1275

strict-priority queue

Figure 425 show interfaces rate police Command Example

Force10#show interfaces gigabitEthernet 1/2 rate police Rate police 300 (50) peak 800 (50) Traffic Monitor 0: normal 300 (50) peak 800 (50) Out of profile yellow 23386960 red 320605113 Traffic Monitor 1: normal NA peak NA Out of profile yellow 0 red 0 Traffic Monitor 2: normal NA peak NA Out of profile yellow 0 red 0 Traffic Monitor 3: normal NA peak NA Out of profile yellow 0 red 0 Traffic Monitor 4: normal NA peak NA Out of profile yellow 0 red 0 Traffic Monitor 5: normal NA peak NA Out of profile yellow 0 red 0 Traffic Monitor 6: normal NA peak NA Out of profile yellow 0 red 0 Traffic Monitor 7: normal NA peak NA Out of profile yellow 0 red 0 Total: yellow 23386960 red 320605113

Table 127 show interfaces police Command Example Fields Field

Rate police peak Traffic monitor 0 Normal peak Out of profile Yellow Out of profile Red Traffic monitor 1 Traffic monitor 2 Traffic monitor 3 Traffic monitor 4 Traffic monitor 5 Traffic monitor 6 Traffic monitor 7 Total: yellow Total: red

strict-priority queue
ces
Syntax

Configure a unicast queue as a strict-priority (SP) queue. strict-priority queue unicast number

1276

Quality of Service (QoS)

strict-priority queue

Parameters

unicast number

Enter the keyword unicast followed by the queue number. C-Series and S-Series Range: 1 to 3 E-Series Range: 1 to 7

Defaults Command Modes Command History

No default behavior or value CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 Introduced on S-Series Introduced on C-Series

pre-Version 6.1.1.1 Introduced on E-Series Usage Information

Once a unicast queue is configured as strict-priority, that particular queue, on the entire chassis, is treated as strict-priority queue. Traffic for a strict priority is scheduled before any other queues are serviced. For example, if you send 100% line rate traffic over the SP queue, it will starve all other queues on the ports on which this traffic is flowing.

Policy-Based QoS Commands

Policy-based traffic classification is handled with class maps. These maps classify unicast traffic into one of eight classes in E-Series and one of four classes in C-Series and S-Series. FTOS enables you to match multiple class maps and specify multiple match criteria. Policy-based QoS is not supported on logical interfaces, such as port-channels, VLANS, or loopbacks. The commands are: bandwidth-percentage bandwidth-weight class-map clear qos statistics description match ip access-group match ip dscp match ip precedence match mac access-group match mac dot1p match mac vlan policy-aggregate policy-map-input policy-map-output qos-policy-input qos-policy-output queue backplane ignore-backpressure queue egress queue ingress rate-limit rate-police

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1277

bandwidth-percentage

rate-shape service-policy input service-policy output service-queue set show cam layer2-qos show cam layer3-qos show qos class-map show qos policy-map show qos policy-map-input show qos policy-map-output show qos qos-policy-input show qos qos-policy-output show qos statistics show qos wred-profile test cam-usage threshold trust wred wred-profile

bandwidth-percentage
e
Syntax

Assign a percentage of weight to class/queue. bandwidth-percentage percentage To remove the bandwidth percentage, use the no bandwidth-percentage command.

Parameters

percentage

Enter the percentage assignment of weight to class/queue. Range: 0 to 100% (granularity 1%)

Defaults Command Modes Command History Usage Information

No default behavior or values CONFIGURATION (conf-qos-policy-out)

Version 6.2.1.1 Introduced on E-Series

The unit of bandwidth percentage is 1%. A bandwidth percentage of 0 is allowed and will disable the scheduling of that class. If the sum of the bandwidth percentages given to all eight classes exceeds 100%, the bandwidth percentage will automatically scale down to 100%.
qos-policy-output Create a QoS output policy.

Related Commands

1278

Quality of Service (QoS)

bandwidth-weight

bandwidth-weight
cs
Syntax

Assign a priority weight to a queue. bandwidth-weight weight To remove the bandwidth weight, use the no bandwidth-weight command.

Parameters

weight

Enter the weight assignment to queue. Range: 1 to 1024 (in increments of powers of 2: 2, 4, 8, 16, 32, 64, 128, 256, 512, or 1024)

Defaults Command Modes Command History

No default behavior or values CONFIGURATION (conf-qos-policy-out)

Version 7.7.1.0 Version 7.6.1.0 Introduced on S-Series Introduced on C-Series

Usage Information

This command provides a minimum bandwidth guarantee to traffic flows in a particular queue. The minimum bandwidth is provided by scheduling packets from that queue a certain number of times relative to scheduling packets from the other queues using the Deficit Round Robin method.
qos-policy-output Create a QoS output policy.

Related Commands

class-map
ces
Syntax Parameters

Create/access a class map. Class maps differentiate traffic so that you can apply separate quality of service policies to each class. class-map {match-all | match-any} class-map-name [layer2] match-all
Determines how packets are evaluated when multiple match criteria exist. Enter the keyword match-all to determine that the packets must meet all the match criteria in order to be considered a member of the class. Determines how packets are evaluated when multiple match criteria exist. Enter the keyword match-any to determine that the packets must meet at least one of the match criteria in order to be considered a member of the class. Enter a name of the class for the class map in a character format (32 character maximum). Enter the keyword layer2 to specify a Layer 2 Class Map. Default: Layer 3

match-any

class-map-name layer2

Defaults

Layer 3

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1279

clear qos statistics

Command Modes Command History

CONFIGURATION
Version 8.2.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 Class-map names can be 32 characters. layer2 available on C-Series and S-Series. Introduced on S-Series Introduced on C-Series E-Series Only: Expanded to add support for Layer 2

Usage Information

Packets arriving at the input interface are checked against the match criteria, configured using this command, to determine if the packet belongs to that class. This command accesses the CLASS-MAP mode, where the configuration commands include match ip and match mac options.
ip access-list extended ip access-list standard match ip access-group match ip precedence match ip dscp match mac access-group match mac dot1p match mac vlan service-queue show qos class-map Configure an extended IP ACL. Configure a standard IP ACL. Configure the match criteria based on the access control list (ACL) Identify IP precedence values as match criteria Configure the match criteria based on the DSCP value Configure a match criterion for a class map, based on the contents of the designated MAC ACL. Configure a match criterion for a class map, based on a dot1p value. Configure a match criterion for a class map based on VLAN ID. Assign a class map and QoS policy to different queues. View the current class map information.

Related Commands

clear qos statistics

ces
Syntax Parameters

Clears Matched Packets, Matched Bytes, and Dropped Packets. For TeraScale, clears Matched Packets, Matched Bytes, Queued Packets, Queued Bytes, and Dropped Packets. clear qos statistics interface-name. interface-name
Enter one of the following keywords: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History

Version 7.6.1.0

Introduced on S-Series

1280

Quality of Service (QoS)

match ip access-group

Version 7.5.1.0

Introduced on C-Series

pre-Version 6.1.1.1 Introduced on E-Series Usage Information

E-Series Only Behavior If a Policy QoS is applied on an interface when clear qos statistics is issued, it will clear the egress counters in show queue statistics and vice versa. This behavior is due to the values being read from the same hardware registers. The clear qos statistics command clears both the queued and matched byte and packet counters if the queued counters incremented based on classification of packets to the queues because of policy-based QoS. If the queued counters were incremented because of some other reason and do not reflect a matching QoS entry in CAM, then this command clears the matched byte and packet counters only.

Related Commands

show qos statistics

Display qos statistics.

match ip access-group
ces
Syntax

Configure match criteria for a class map, based on the access control list (ACL). match ip access-group access-group-name [set-ip-dscp value] To remove ACL match criteria from a class map, enter no match ip access-group access-group-name [set-ip-dscp value] command.

Parameters

access-group-name set-ip-dscp value

Enter the ACL name whose contents are used as the match criteria in determining if packets belong to the class specified by class-map. (OPTIONAL) Enter the keyword set-ip-dscp followed by the IP DSCP value. The matched traffic will be marked with the DSCP value. Range: 0 to 63

Defaults Command Modes Command History

No default behavior or values CLASS-MAP CONFIGURATION (config-class-map)

Version 7.7.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Added DSCP Marking option support on S-Series Introduced on S-Series Introduced on C-Series Added support for DSCP Marking option Introduced on E-Series

Usage Information

You must enter the class-map command in order to access this command. Once the class map is identified, you can configure the match criteria. For class-map match-any, a maximum of five ACL match criteria are allowed. For class-map match-all, only one ACL match criteria is allowed.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1281

description

Related Commands

class-map

Identify the class map.

description
ces
Syntax

Add a description to the selected policy map or QOS policy. description {description} To remove the description, use the no description {description} command.

Parameters

description

Enter a description to identify the policies (80 characters maximum).

Defaults Command Modes

No default behavior or values CONFIGURATION (policy-map-input and policy-map-output; conf-qos-policy-in and conf-qos-policy-out; wred)
pre-Version 7.7.1.0 Introduced

Command History

Related Commands

policy-map-input policy-map-output qos-policy-input qos-policy-output wred-profile

Create an input policy map. Create an output policy map. Create an input QOS-policy on the router. Create an output QOS-policy on the router. Create a WRED profile.

match ip dscp
ces
Syntax

Use a DSCP (Differentiated Services Code Point) value as a match criteria. match ip dscp dscp-list [[multicast] set-ip-dscp value] To remove a DSCP value as a match criteria, enter no match ip dscp dscp-list [[multicast] set-ip-dscp value] command.

Parameters

dscp-list

Enter the IP DSCP value(s) that is to be the match criteria. Separate values by commasno spaces ( 1,2,3 ) or indicate a list of values separated by a hyphen (1-3). Range: 0 to 63

1282

Quality of Service (QoS)

match ip dscp

multicast

(OPTIONAL) Enter the keyword multicast to match against multicast traffic. Note: This option is not supported on C-Series or S-Series. (OPTIONAL) Enter the keyword set-ip-dscp followed by the IP DSCP value. The matched traffic will be marked with the DSCP value. Range: 0 to 63 Note: This option is not supported on S-Series.

set-ip-dscp value

Defaults Command Modes Command History

No default behavior or values CLASS-MAP CONFIGURATION (config-class-map)

Version 7.7.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 6.2.1.1 Added keyword multicast. Added DSCP Marking option support on S-Series Introduced on S-Series Introduced on C-Series Added support for DSCP Marking option Introduced on E-Series

Usage Information

You must enter the class-map command in order to access this command. Once the class map is identified, you can configure the match criteria. The match ip dscp and match ip precedence commands are mutually exclusive. Up to 64 IP DSCP values can be matched in one match statement. For example, to indicate IP DCSP values 0 1 2 3 4 5 6 7, enter either the command match ip dscp 0,1,2,3,4,5,6,7 or match ip dscp 0-7.

Note: Only one of the IP DSCP values must be a successful match criterion, not all of
the specified IP DSCP values need to match.
Related Commands

class-map

Identify the class map.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1283

match ip precedence

match ip precedence
ces
Syntax

Use IP precedence values as a match criteria. match ip precedence ip-precedence-list [[multicast] set-ip-dscp value] To remove IP precedence as a match criteria, enter no match ip precedence ip-precedence-list [[multicast] set-ip-dscp value] command.

Parameters

ip-precedence-list

Enter the IP precedence value(s) as the match criteria. Separate values by commasno spaces ( 1,2,3 ) or indicate a list of values separated by a hyphen (1-3). Range: 0 to 7 (OPTIONAL) Enter the keyword multicast to match against multicast traffic. Note: This option is not supported on C-Series or S-Series. (OPTIONAL) Enter the keyword set-ip-dscp followed by the IP DSCP value. The matched traffic will be marked with the DSCP value. Range: 0 to 63 Note: This option is not supported on S-Series.

multicast

set-ip-dscp value

Defaults Command Modes Command History

No default behavior or values CLASS-MAP CONFIGURATION (conf-class-map)

Version 7.7.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 6.2.1.1 Added keyword multicast. Added DSCP marking option support for S-Series Introduced on S-Series Introduced on C-Series Added support for DSCP Marking option Introduced on E-Series

Usage Information

You must enter the class-map command in order to access this command. Once the class map is identified, you can configure the match criteria. The match ip precedence command and the match ip dscp command are mutually exclusive. Up to eight precedence values can be matched in one match statement. For example, to indicate the IP precedence values 0 1 2 3 enter either the command match ip precedence 0-3 or match ip precedence 0,1,2,3.

Note: Only one of the IP precedence values must be a successful match criterion,
not all of the specified IP precedence values need to match.
Related Commands

class-map

Identify the class map.

1284

Quality of Service (QoS)

match mac access-group

ces
Syntax Parameters

Configure a match criterion for a class map, based on the contents of the designated MAC ACL. match mac access-group {mac-acl-name } mac-acl-name
Enter a MAC ACL name. Its contents will be used as the match criteria in the class map.

Defaults Command Modes Command History

No default values or behavior CLASS-MAP

Version 8.2.1.0 Version 7.5.1.0 Version 7.4.1.0 Available on the C-Series and S-Series. Added support for DSCP Marking option Introduced

Usage Information Related Commands

You must enter the class-map command in order to access this command. Once the class map is identified, you can configure the match criteria.
class-map Identify the class map.

match mac dot1p

ces
Syntax Parameters

Configure a match criterion for a class map, based on a dot1p value. match mac dot1p {dot1p-list} dot1p-list
Enter a dot1p value. Range: 07

Defaults Command Modes Command History

No default values or behavior CLASS-MAP

Version 8.2.1.0 Version 7.5.1.0 Version 7.4.1.0 Available on the C-Series and S-Series. Added support for DSCP Marking option Introduced

Usage Information Related Commands

You must enter the class-map command in order to access this command. Once the class map is identified, you can configure the match criteria.
class-map Identify the class map.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1285

match mac vlan

ces
Syntax Parameters

Configure a match criterion for a class map based on a VLAN ID. match mac vlan {vlan-id | vlan-list | vlan-range | mixed-vlan-list} vlan-id vlan-list
Enter the VLAN ID. Valid VLAN IDs are from 1 to 4094 S25 and S50 only: Enter two or more VLAN IDs separated by a comma: vlan-id,vlan-id,vlan-id,... For example: match mac vlan 2,4,6 There is no space between VLAN IDs and the comma. S25 and S50 only: Enter a range VLAN IDs separated by a dash (-): vlan-id-vlan-id For example: match mac vlan 3-5 There is no space between VLAN IDs and the comma. S25 and S50 only: Enter single VLAN IDs and VLAN ranges in any order: vlan-id,vlan-range,vlan-id... For example: match mac vlan 1,3-5,8

vlan-range

mixed-vlan-list

Defaults Command Modes Command History

None CLASS-MAP
Version 8.4.2.4 Version 8.2.0.1 Support for multiple VLAN IDs as match criteria was introduced on the S25 and S50. Introduced.

Usage Information

You must first enter the class-map command in order to access this command. In a class map, you can match and classify traffic using a VLAN ID.

Note: The use of multiple VLAN IDs (VLAN list or range) as match criteria in a class
map is supported only on the S25 and S50.
Related Commands

class-map

Create/access a class map.

1286

Quality of Service (QoS)

policy-aggregate

policy-aggregate
ces
Syntax

Allow an aggregate method of configuring per-port QoS via policy maps. An aggregate QoS policy is part of the policy map (input/output) applied on an interface. policy-aggregate qos-policy-name To remove a policy aggregate configuration, use no policy-aggregate qos-policy-name command.

Parameters

qos-policy-name

Enter the name of the policy map in character format (32 characters maximum)

Defaults Command Modes Command History

No default behavior or values CONFIGURATION (policy-map-input and policy-map-output)

Version 8.2.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.1 Policy name character limit increased from 16 to 32. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

C-Series and S-Series Aggregate input/output QoS policy applies to all the port ingoing/outgoing traffic. Aggregate input/output QoS policy can co-exist with per queue input/output QoS policies. 1. If only aggregate input QoS policy exists, input traffic conditioning configurations (rate-police) will apply. Any marking configurations in aggregate input QoS policy will be ignored. 2. If aggregate input QoS policy and per class input QoS policy co-exist, then aggregate input QoS policy will preempt per class input QoS policy on input traffic conditioning (rate-police). In other words, if rate police configuration exists in aggregate QoS policy, the rate police configurations in per class QoS are ignored. Marking configurations in per class input QoS policy still apply to each queue. E-Series Aggregate input/output QoS policy applies to all the port ingoing/outgoing traffic. Aggregate input/output QoS policy can co-exist with per queue input/output QoS policies. 1. If only an aggregate input QoS policy exists, input traffic conditioning configurations (rate-police) will apply. Any marking configurations in the aggregate input QoS policy will be ignored. 2. If an aggregate input QoS policy and a per-class input QoS policy co-exist, then the aggregate input QoS policy will preempt the per-class input QoS policy on input traffic conditioning (rate-police). In other words, if a rate police configuration exists in the aggregate QoS policy, the rate police configurations in the per-class QoS are ignored. Marking configurations in the per-class input QoS policy still apply to each queue. 3. If only an aggregate output QoS policy exists, egress traffic conditioning configurations (rate-limit and rate-shape) in the aggregate output QoS policy will apply. Scheduling and queuing configurations in the aggregate output QoS policy (if existing) are ignored. Each

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1287

policy-map-input

queue will use default scheduling and queuing configuration ( Weighted Random Early Detection (WRED) and Bandwidth). 4. If the aggregate output QoS policy and per-queue output QoS policy co-exist, the aggregate output QoS policy will preempt a per-queue output QoS policy on egress traffic conditioning (rate-limit). In other words, if a rate limit configuration exists in the aggregate output QoS policy, the rate limit configurations in per-queue output QoS policies are ignored. Scheduling and queuing configurations (WRED and Bandwidth) in the per-queue output QoS policy still apply to each queue.
Related Commands

policy-map-input policy-map-output

Create an inputy policy map Create an output policy map (E-Series Only)

policy-map-input
ces
Syntax

Create an input policy map. policy-map-input policy-map-name [layer2] To remove an input policy map, use the no policy-map-input policy-map-name [layer2] command.

Parameters

policy-map-name layer2

Enter the name for the policy map in character format (32 characters maximum). (OPTIONAL) Enter the keyword layer2 to specify a Layer 2 Class Map. Default: Layer 3

Defaults Command Modes Command History

Layer 3 CONFIGURATION
Version 8.2.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 pre-Version 6.1.1.1 Policy name character limit increased from 16 to 32. Introduced on S-Series Introduced on C-Series Expanded to add support for Layer 2 Introduced on E-Series

Usage Information

Input policy map is used to classify incoming traffic to different flows using class-map, QoS policy, or simply using incoming packets DSCP. This command enables policy-map-input configuration mode (conf-policy-map-in).
service-queue policy-aggregate service-policy input Assign a class map and QoS policy to different queues.. Allow an aggregate method of configuring per-port QoS via policy maps. Apply an input policy map to the selected interface.

Related Commands

1288

Quality of Service (QoS)

policy-map-output

policy-map-output
ces
Syntax

Create an output policy map. policy-map-output policy-map-name To remove a policy map, use the no policy-map-output policy-map-name command.

Parameters

policy-map-name

Enter the name for the policy map in character format (16 characters maximum).

Defaults Command Modes Command History

No default behavior or values CONFIGURATION

Version 8.2.1.0 Version 7.6.1.0 pre-Version 6.1.1.1 Policy name character limit increased from 16 to 32. Introduced on C-Series and S-Series Introduced on E-Series

Usage Information Related Commands

Output policy map is used to assign traffic to different flows using QoS policy. This command enables the policy-map-output configuration mode (conf-policy-map-out).
service-queue policy-aggregate service-policy output Assign a class map and QoS policy to different queues.. Allow an aggregate method of configuring per-port QoS via policy maps. Apply an output policy map to the selected interface.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1289

qos-policy-input

qos-policy-input
ces
Syntax

Create a QoS input policy on the router. qos-policy-input qos-policy-name [layer2] To remove an existing input QoS policy from the router, use no qos-policy-input qos-policy-name [layer2] command.

Parameters

qos-policy-name layer2

Enter your input QoS policy name in character format (32 character maximum). (OPTIONAL) Enter the keyword layer2 to specify a Layer 2 Class Map. Default: Layer 3

Defaults Command Modes Command History

Layer 3 CONFIGURATION
Version 8.2.1.0 Version 7.6.1.0 Verision 7.5.1.0 Version 7.4.1.0 Policy name character limit increased from 16 to 32. Introduced on S-Series Introduced on C-Series E-Series Only: Expanded to add support for Layer 2

Usage Information

Use this command to specify the name of the input QoS policy. Once input policy is specified, rate-police can be defined. This command enables the qos-policy-input configuration mode (conf-qos-policy-in). When changing a "service-queue" configuration in a QoS policy map, all QoS rules are deleted and re-added automatically to ensure that the order of the rules is maintained. As a result, the Matched Packets value shown in the "show qos statistics" command is reset. Note: On ExaScale, FTOS cannot classify IGMP packets on a Layer 2 interface using Layer 3 policy map. The packets always take the default queue, Queue 0, and cannot be rate-policed.

Related Commands

rate-police

Incoming traffic policing function

1290

Quality of Service (QoS)

qos-policy-output

qos-policy-output
ces
Syntax

Create a QoS output policy. qos-policy-output qos-policy-name To remove an existing output QoS policy, use no qos-policy-output qos-policy-name command.

Parameters

qos-policy-name

Enter your output QoS policy name in character format (32 character maximum).

Defaults Command Modes Command History

No default behavior or values CONFIGURATION

Version 8.2.1.0 Version 7.6.1.0 Policy name character limit increased from 16 to 32. Introduced on C-Series and S-Series

pre-Version 6.1.1.1 Introduced on E-Series Usage Information

Use this command to specify the name of the output QoS policy. Once output policy is specified, rate-limit, bandwidth-percentage, and WRED can be defined. This command enables the qos-policy-output configuration mode(conf-qos-policy-out). When changing a "service-queue" configuration in a QoS policy map, all QoS rules are deleted and re-added automatically to ensure that the order of the rules is maintained. As a result, the Matched Packets value shown in the "show qos statistics" command is reset.

Related Commands

rate-limit bandwidth-percentage bandwidth-weight wred

Outgoing traffic rate-limit functionality Assign weight to class/queue percentage Assign a priority weight to a queue. Assign yellow or green drop precedence

queue backplane ignore-backpressure

e
Syntax

Reduce egress pressure by ignoring the ingress backpressure queue backplane ignore-backpressure To return to the default, use the no queue backplane ignore-backpressure command.

Defaults Command Modes Command History

No default behavior or values CONFIGURATION

Version 7.7.1.0 Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1291

queue egress

queue egress
e
Syntax

Assign a WRED Curve to all eight egress Multicast queues or designate the percentage for the Multicast bandwidth queue. queue egress multicast linecard {slot number port-set number | all} [wred-profile name | multicast-bandwidth percentage] To return to the default, use the no queue egress multicast linecard {slot number port-set number | all} [wred-profile name | multicast-bandwidth percentage] command.

Parameters

linecard number

Enter the keyword linecard followed by the line card slot number. E-Series Range: 0 to 13 on a E1200, 0 to 6 on a E600/E600i, and 0 to 5 on a E300. Enter the keyword port-set followed by the line cards port pipe. Range: 0 or 1 Enter the keyword all to apply to all line cards. (OPTIONAL) Enter the keyword wred-profile followed by your WRED profile name in character format (16 character maximum). Or use one of the pre-defined WRED profile names. Pre-defined Profiles: wred_drop, wred-ge_y, wred_ge_g, wred_teng_y, wred_teng_g (OPTIONAL) Enter the keyword multicast-bandwidth followed by the bandwidth percentage. Range: 0 to 100%

port-set number all wred-profile name

multicast-bandwidth percentage

Defaults Command Modes Command History

No default behavior or values CONFIGURATION

Version 7.5.1.0 Version 7.4.1.0 and 6.5.3.0 Added support for multicast-bandwidth Introduced on E-Series

Usage Information

This command does not uniquely identify a queue, but rather identifies only a set of queues. The WRED curve is applied to all eight egress Multicast queues.

Important Points to Remembermulticast-bandwidth option

A unique Multicast Weighted Fair Queuing (WFQ) setting can be applied only on a per port-pipe basis. The minumum percentage of the multicast bandwidth assigned to any of the ports in the port-pipe will take effect for the entire port-pipe. If the percentage of multicast bandwidth is 0, control traffic going through mutilcast queues are dropped. The no form of the command without multicast-bandwidth and wred-profile, will remove both the wred-profile and multicast-bandwidth configuration. On 10 Gigabit ports only, the multicast bandwidth option will work only if the total unicast bandwidth is more than the multicast bandwidth. If strict priority is applied along with multicast-bandwidth, the effect of strict priority is on all ports where unicast and multicast bandwidth are applied. Quality of Service (QoS)

1292

queue ingress

When multicast bandwidth is assigned along with unicast bandwidth, first multicast bandwidth will be reserved for that port, then the remaining unicast bandwidth configured is adjusted according to the bandwidth available after reserving for multicast bandwidth. show queue statistics egress
Display the egress queue statistics

Related Commands

queue ingress
e
Syntax

Assign a WRED Curve to all eight ingress Multicast queues or designate the percentage for the Multicast bandwidth queue.. queue ingress multicast {linecard slot number port-set number | all} [wred-profile name ] To return to the default, use the no queue ingress multicast {linecard slot number port-set number | all} [wred-profile name ] command.

Parameters

linecard number

port-set number all wred-profile name

Defaults Command Modes Command History Usage Information

No default behavior or values CONFIGURATION

Version 7.4.1.0 and 6.5.3.0 Introduced on E-Series

This command does not uniquely identify a queue, but rather identifies only a set of queues. The WRED Curve is applied to all eight ingress Multicast queues.

Note: The multicast-bandwidth option is not supported on queue ingress. If you

attempt to use the multicast-bandwidth option, the following reject error message is generated:

% Error:Bandwidth-percent is not allowed for ingress multicast

Related Commands

show queue statistics ingress

Display the ingress queue statistics

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1293

rate-limit

rate-limit
e
Syntax Parameters

Specify the rate-limit functionality on outgoing traffic as part of the selected policy. rate-limit [kbps] committed-rate [burst-KB ] [peak [kbps] peak-rate [burst-KB ]] kbps
Enter this keyword to specify the rate limit in Kilobits per second (Kbps). On the E-Series, Force10 recommends using a value greater than or equal to 512 as lower values does not yeild accruate results. The default granularity is Megabits per second (Mbps). Range: 0-10000000 Enter the committed rate in Mbps. Range: 0 to 10000 Mbps (OPTIONAL) Enter the burst size in KB. Range: 16 to 200000 KB Default: 50 KB (OPTIONAL) Enter the keyword peak followed by the peak rate in Mbps. Range: 0 to 10000 Mbps Default: Same as designated for committed-rate

committed-rate burst-KB

peak peak-rate

Defaults

Burst size is 50 KB. peak-rate is by default the same as commited-rate. Granularity for commited-rate and peak-rate is Mbps unless the kbps option is used. QOS-POLICY-OUT
Version 8.2.1.0 Version 7.7.1.0 Version 7.5.1.0 Added kbps option on E-Series. Removed from C-Series Introduced on C-Series

Command Modes Command History

pre-Version 6.1.1.1 Introduced on E-Series Related Commands rate limit qos-policy-output Specify rate-limit functionality on the selected interface. Create a QoS output policy.

1294

Quality of Service (QoS)

rate-police

rate-police
ces
Syntax Parameters

Specify the policing functionality on incoming traffic. rate-police [kbps] committed-rate [burst-KB ] [peak [kbps] peak-rate [burst-KB ]] kbps
Enter this keyword to specify the rate limit in Kilobits per second (Kbps). On C-Series and S-Series make the following value a multiple of 64. On the E-Series, Force10 recommends using a value greater than or equal to 512 as lower values does not yeild accruate results. The default granularity is Megabits per second (Mbps). Range: 0-10000000 Enter the committed rate in Mbps. Range: 0 to 10000 Mbps (OPTIONAL) Enter the burst size in KB. Range: 16 to 200000 KB Default: 50 KB (OPTIONAL) Enter the keyword peak followed by the peak rate in Mbps. Range: 0 to 10000 Mbps Default: Same as designated for committed-rate

committed-rate burst-KB

peak peak-rate

Defaults

Burst size is 50 KB. peak-rate is by default the same as commited-rate. Granularity for commited-rate and peak-rate is Mbps unless the kbps option is used. QOS-POLICY-IN
Version 8.2.1.0 Version 7.6.1.0 Version 7.5.1.0 Added kbps option on C-Series, E-Series, and Series. Introduced on S-Series Introduced on C-Series

Command Modes Command History

pre-Version 6.1.1.1 Introduced on E-Series Related Commands rate police qos-policy-input Specify traffic policing on the selected interface. Create a QoS output policy.

rate-shape
ces
Syntax Parameters

Shape traffic output as part of the designated policy. rate-shape [kbps] rate [burst-KB] kbps
Enter this keyword to specify the rate limit in Kilobits per second (Kbps). On C-Series and S-Series make the following value a multiple of 64. The default granularity is Megabits per second (Mbps). Range: 0-10000000

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1295

service-policy input

rate burst-KB

Enter the outgoing rate in multiples of 10 Mbps. Range: 10 to 10000 (OPTIONAL) Enter a number as the burst size in KB. Range: 0 to 10000 Default: 10

Defaults Command Modes Command History

Burst size is 10 KB. Granularity for rate is Mbps unless the kbps option is used. QOS-POLICY-OUT
Version 8.2.1.0 Version 7.6.1.0 Version 7.5.1.0 Added kbps option on C-Series, E-Series, and Series. Introduced on S-Series Introduced on C-Series

pre-Version 6.1.1.1 Introduced on E-Series Usage Information

rate-shape can be applied only as an aggregate policy. If it is applied as a class-based policy, then rate-shape will not take effect. On 40-port 10G linecards, if the traffic is shaped between 64 and 1000kbs, for some values the shaped rate is much less than the value configured. Do not use values in this range for 10G interfaces.

Related Commands

rate shape qos-policy-output

Shape the traffic output of the selected interface. Create a QoS output policy.

service-policy input
ces
Syntax

Apply an input policy map to the selected interface. service-policy input policy-map-name [layer2] To remove the input policy map from the interface, use the no service-policy input policy-map-name [layer2] command.

Parameters

policy-map-name

Enter the name for the policy map in character format (16 characters maximum). You can identify an existing policy map or name one that does not yet exist. (OPTIONAL) Enter the keyword layer2 to specify a Layer 2 Class Map. Default: Layer 3

layer2

Defaults Command Modes

Layer 3 INTERFACE

1296

Quality of Service (QoS)

service-policy output

Command History

Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 pre-Version 6.1.1.1

Introduced on S-Series Introduced on C-Series E-Series Only: Expanded to add support for Layer 2 Introduced on E-Series

Usage Information

A single policy-map can be attached to one or more interfaces to specify the service-policy for those interfaces. A policy map attached to an interface can be modified.

Note: The service-policy commands are not allowed on a port channel.

The service-policy input policy-map-name command and the service-class dynamic dot1p command are not allowed simultaneously on an interface. However, the service-policy input command (without the policy-map-name option) and the service-class dynamic dot1p command are allowed on an interface. Related Commands

policy-map-input

Create an input policy map.

service-policy output
ces
Syntax

Apply an output policy map to the selected interface. service-policy output policy-map-name To remove the output policy map from the interface, use the no service-policy output policy-map-name command.

Parameters

policy-map-name

Enter the name for the policy map in character format (16 characters maximum). You can identify an existing policy map or name one that does not yet exist.

Defaults Command Modes Command History

No default behavior or values INTERFACE

Version 7.6.1.0 Introduced on C-Series and S-Series

pre-Version 6.1.1.1 Introduced on E-Series Usage Information Related Commands

A single policy-map can be attached to one or more interfaces to specify the service-policy for those interfaces. A policy map attached to an interface can be modified.
policy-map-output Create an output policy map.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1297

service-queue

service-queue
ces
Syntax

Assign a class map and QoS policy to different queues. service-queue queue-id [class-map class-map-name] [qos-policy qos-policy-name] To remove the queue assignment, use the no service-queue queue-id [class-map class-map-name] [qos-policy qos-policy-name] command.

Parameters

queue-id

Enter the value used to identify a queue. Range: 0 to 7 on E-Series (eight queues per interface), 0-3 on C-Series and S-Series (four queues per interface; four queues are reserved for control traffic.) (OPTIONAL) Enter the keyword class-map followed by the class map name assigned to the queue in character format (16 character maximum). Note: This option

class-map class-map-name

is available under policy-map-input only.

qos-policy qos-policy-name

(OPTIONAL) Enter the keyword qos-policy followed by the QoS policy name assigned to the queue in text format (16 characters maximum). This specifies the input QoS policy assigned to the queue under policy-map-input and output QoS policy under policy-map-output context.

Defaults Command Modes Command History

No default behavior or values CONFIGURATION (conf-policy-map-in and conf-policy-map-out)

Version 7.6.1.0 Version 7.5.1.0 Introduced on S-Series Introduced on C-Series

pre-Version 6.1.1.1 Introduced on E-Series Usage Information

There are eight (8) queues per interface on the E-Series and four (4) queues per interface on the C-Series and S-Series. This command assigns a class map or QoS policy to different queues.
class-map service-policy input service-policy output Identify the class map. Apply an input policy map to the selected interface. Apply an output policy map to the selected interface.

Related Commands

1298

Quality of Service (QoS)

set

set
ces
Syntax Parameters

Mark outgoing traffic with a Differentiated Service Code Point (DSCP) or dot1p value. set {ip-dscp value | mac-dot1p value } ip-dscp value
(OPTIONAL) Enter the keyword ip-dscp followed by the IP DSCP value. Range: 0 to 63 Enter the keyword mac-dot1p followed by the dot1p value. Range: 0 to 7 On the C-Series and S-Series allowed values are:0,2,4,6

mac-dot1p value

Defaults Command Modes Command History

No default behavior or values CONFIGURATION (conf-qos-policy-in)

Version 8.2.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 pre-Version 6.1.1.1 mac-dot1p available on the C-Series and S-Series Introduced on S-Series Introduced on C-Series E-Series Only: Expanded to add support for mac-dot1p Introduced on E-Series

Usage Information

C-Series and S-Series Once the IP DSCP bit is set, other QoS services can then operate on the bit settings. E-Series Once the IP DSCP bit is set, other QoS services can then operate on the bit settings. WRED (Weighted Random Early Detection) ensures that high-precedence traffic has lower loss rates than other traffic during times of congestion.

show cam layer2-qos

e
Syntax

Display the Layer 2 QoS CAM entries. show cam layer2-qos {[linecard number port-set number] | [interface interface ]} [summary] linecard number
Enter the keyword linecard followed by the line card slot number. E-Series Range: 0 to 13 on a E1200, 0 to 6 on a E600/E600i, and 0 to 5 on a E300. Enter the keyword port-set followed by the line cards port pipe. Range: 0 or 1

Parameters

port-set number

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1299

show cam layer2-qos

interface interface

Enter the keyword interface followed by one of the keywords below and slot/port or number information: For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/port information. For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a Ten Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

summary

(OPTIONAL) Enter the keyword summary to display only the total number of CAM entries.

Defaults Command Modes Command History Example

No default behavior or values EXEC

Version 7.4.1.0 Introduced on E-Series

Figure 426 show cam layer2-qos interface Command Output

Force10#show cam layer2-qos interface gigabitethernet 2/0 Cam Port Dot1p Proto SrcMac SrcMask DstMac DstMask Dot1p DSCP Queue Index Marking Marking ------------------------------------------------------------------------------------------------------------------------------01817 0 0 00:00:00:00:cc:cc 00:00:00:00:ff:ff 00:00:00:00:dd:dd 00:00:00:00:ff:ff 7 01818 0 0 00:00:00:00:00:c0 00:00:00:00:00:f0 00:00:00:00:00:d0 00:00:00:00:00:f0 45 5 01819 0 4 0 00:00:00:a0:00:00 00:00:00:ff:00:00 00:00:00:b0:00:00 00:00:00:ff:00:00 4 4 01820 0 0x2000 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:b0 ff:ff:ff:ff:ff:ff 1 02047 0 0 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 0 Force10#

Example

Figure 427 show cam layer2-qos linecard Command Output

Force10#show cam layer2-qos linecard 2 port-set 0 Cam Port Dot1p Proto SrcMac SrcMask DstMac DstMask Dot1p DSCP Queue Index Marking Marking ----------------------------------------------------------------------------------------------------------------------=-01817 0 0 00:00:00:00:cc:cc 00:00:00:00:ff:ff 00:00:00:00:dd:dd 00:00:00:00:ff:ff 7 01818 0 0 00:00:00:00:00:c0 00:00:00:00:00:f0 00:00:00:00:00:d0 00:00:00:00:00:f0 45 5 01819 0 4 0 00:00:00:a0:00:00 00:00:00:ff:00:00 00:00:00:b0:00:00 00:00:00:ff:00:00 4 4 01820 0 0x2000 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:b0 ff:ff:ff:ff:ff:ff 1 02047 0 0 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 0 Force10#

1300

Quality of Service (QoS)

show cam layer3-qos

e
Syntax

Display the Layer 3 QoS CAM entries. show cam layer3-qos {[linecard number port-set number] | [interface interface ]} [summary] linecard number
Enter the keyword linecard followed by the line card slot number. E-Series Range: 0 to 13 on a E1200, 0 to 6 on a E600/E600i, and 0 to 5 on a E300. Enter the keyword port-set followed by the line cards port pipe. Range: 0 or 1 Enter the keyword interface followed by one of the keywords below and slot/port or number information: For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/port information. For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a Ten Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Parameters

port-set number interface interface

summary

(OPTIONAL) Enter the keyword summary to display only the total number of CAM entries.

Defaults Command Modes Command History Example

No default behavior or values EXEC

Version 6.5.1.0 Introduced on E-Series

Figure 428 show cam layer3-qos linecard interface Command Output

In these figures outputs, note that: The entry TRUST-DSCP in the Queue column indicates that the trust diffserv is configured on the policy-map. A hypen (-) entry in the DSCP Marking column indicates that there is no DSCP marking. In the Proto column (Protocol), IP, ICMP, UDP, and TCP strings are displayed. For other protocols, the corresponding protocol number is displayed.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1301

show qos class-map

Example

Figure 429 show cam layer3-qos linecard port-set Command Output

Force10#show cam layer3-qos linecard 13 port-set 0 Cam Port Dscp Proto Tcp Src Dst SrcIp DstIp DSCP Queue Index Flag Port Port Marking ---------------------------------------------------------------------------------------24511 1 0 TCP 0x5 2 5 1.0.0.1/24 2.0.0.2/24 TRUST-DSCP 24512 1 0 UDP 0x2 2 5 8.0.0.8/24 8.0.0.8/24 23 3 Force10#

Example

Figure 430 show cam layer3-qos linecard interface Command without Trust Output

Force10#sh cam layer3-qos interface gigabitethernet 2/1 Cam Port Dscp Proto Tcp Src Dst SrcIp DstIp DSCP Queue Index Flag Port Port Marking ----------------------------------------------------------------------------------------------23488 1 56 0 0x0 0 0 0.0.0.0/0 0.0.0.0/0 7 23489 1 48 0 0x0 0 0 0.0.0.0/0 0.0.0.0/0 6 23490 1 40 0 0x0 0 0 0.0.0.0/0 0.0.0.0/0 5 23491 1 0 IP 0x0 0 0 10.1.1.1/32 20.1.1.1/32 0 23492 1 0 IP 0x0 0 0 10.1.1.1/32 20.1.1.2/32 0 24511 1 0 0 0x0 0 0 0.0.0.0/0 0.0.0.0/0 0 Force10#

Example

Figure 431 show cam layer3-qos summary Command Output

Force10#show cam layer3-qos linecard 13 port-set 0 summary Total number of CAM entries for Port-Set 0 is 100 Force10#

show qos class-map

ces
Syntax Parameters

View the current class map information. show qos class-map [class-name] class-name
(Optional) Enter the name of a configured class map.

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History

Version 7.6.1.0 Version 7.5.1.0

Introduced on S-Series Introduced on C-Series

pre-Version 6.1.1.1 Introduced on E-Series

1302

Quality of Service (QoS)

show qos policy-map

Example

Figure 432 show qos class-map Command Output

Force10#show qos class-map Class-map match-any CM Match ip access-group ACL

Related Commands

class-map

Identify the class map

show qos policy-map

ces
Syntax Parameters

View the QoS policy map information. show qos policy-map {summary [interface] | detail [interface]} summary interface
To view a policy map interface summary, enter the keyword summary and optionally one of the following keywords and slot/port or number information: For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/port information. For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a SONET interface, enter the keyword sonet followed by the slot/ port information. For a Ten Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

detail interface

To view a policy map interface in detail, enter the keyword detail and optionally one of the following keywords and slot/port or number information: For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/port information. For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a SONET interface, enter the keyword sonet followed by the slot/ port information. For a Ten Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History

Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 Version 6.2.1.1

Introduced on S-Series Introduced on C-Series E-Series only: Added Trust IPv6 diffserv Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1303

show qos policy-map-input

Example 1

Figure 433 show qos policy-map detail (IPv4) Command Output

Force10#show qos policy-map detail gigabitethernet 0/0 Interface GigabitEthernet 4/1 Policy-map-input policy Trust diffserv Queue# Class-map-name 0 1 CM1 2 CM2 3 CM3 4 CM4 5 CM5 6 CM6 7 CM7 Force10#

Qos-policy-name q0 q1 q2 q3 q4 q5 q6 q7

Example 2

Figure 434 show qos policy-map detail (IPv6) Command Output (E-Series only)
Force10# show qos policy-map detail gigabitethernet 0/0 Interface GigabitEthernet 8/29 Policy-map-input pmap1 Trust ipv6-diffserv Queue# Class-map-name 0 c0 1 c1 2 c2 3 c3 4 c4 5 c5 6 c6 7 c7 Force10#

Qos-policy-name q0 q1 q2 q3 q4 q6 q7

Example 3

Figure 435 show qos policy-map summary (IPv4) Command Output

Force10#sho qos policy-map summary Interface Gi 4/1 Gi 4/2 Force10# policy-map-input PM1 PM2 policy-map-output PMOut

show qos policy-map-input

ces
Syntax

View the input QoS policy map details. show qos policy-map-input [policy-map-name] [class class-map-name] [qos-policy-input qos-policy-name] policy-map-name class class-map-name qos-policy-input qos-policy-name
Enter the policy map name. Enter the keyword class followed by the class map name. Enter the keyword qos-policy-input followed by the QoS policy name.

Parameters

Defaults

No default behavior or values

1304

Quality of Service (QoS)

show qos policy-map-output

Command Modes

EXEC EXEC Privilege

Command History

Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 Version 6.2.1.1

Introduced on S-Series Introduced on C-Series E-Series Only: Added Trust IPv6 diffserv Introduced on E-Series

Example 1

Figure 436 show qos policy-map-input (IPv4) Command Output

Force10#show qos policy-map-input Policy-map-input PolicyMapInput Aggregate Qos-policy-name AggPolicyIn Queue# Class-map-name Qos-policy-name 0 ClassMap1 qosPolicyInput Force10#

Example 2

Figure 437 show qos policy-map-input (IPv6) Command Output

Force10# show qos policy-map-input Policy-map-input pmap1 Trust ipv6-diffserv Queue# Class-map-name 0 c0 1 c1 2 c2 3 c3 4 c4 5 c5 6 c6 7 c7 Force10#

Qos-policy-name q0 q1 q2 q3 q4 q6 q7

show qos policy-map-output

ces
Syntax

View the output QoS policy map details. show qos policy-map-output [policy-map-name] [qos-policy-output qos-policy-name] policy-map-name qos-policy-output qos-policy-name
Enter the policy map name. Enter the keyword qos-policy-output followed by the QoS policy name.

Parameters

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1305

show qos qos-policy-input

Command History

Version 7.6.1.0

Introduced on C-Series and S-Series

pre-Version 6.1.1.1 Introduced on E-Series Example

Figure 438 show qos policy-map-output Command Output

Force10#show qos policy-map-output Policy-map-output PolicyMapOutput Aggregate Qos-policy-name AggPolicyOut Queue# Qos-policy-name 0 qosPolicyOutput Force10#

show qos qos-policy-input

ces
Syntax Parameters

View the input QoS policy details. show qos qos-policy-input [qos-policy-name] qos-policy-name
Enter the QoS policy name.

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History

Version 7.6.1.0 Version 7.5.1.0

Introduced on S-Series Introduced on C-Series

pre-Version 6.1.1.1 Introduced on E-Series Example

Figure 439 show qos qos-policy-input Command Output

Force10#show qos qos-policy-input Qos-policy-input QosInput Rate-police 100 50 peak 100 50 Dscp 32 Force10#

show qos qos-policy-output

ces
Syntax Parameters

View the output QoS policy details. show qos qos-policy-output [qos-policy-name] qos-policy-name
Enter the QoS policy name.

1306

Quality of Service (QoS)

show qos statistics

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History

Version 7.6.1.0

Introduced on C-Series and S-Series

pre-Version 6.1.1.1 Introduced on E-Series Example

Figure 440 show qos qos-policy-output Command Output

Force10#show qos qos-policy-output Qos-policy-output qosOut Rate-limit 50 50 peak 50 50 Wred yellow 1 Wred green 1

show qos statistics

ces
Syntax Parameters

View QoS statistics. show qos statistics {wred-profile [interface]} | [interface] wred-profile interface PlatformE-Series Only: Enter the keyword wred-profile
and optionally one of the following keywords and slot/port or number information: For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/port information. For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a Ten Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

interface

Enter one of the following keywords and slot/port or number information: On the C-Series and E-Series, For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/port information. For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a Ten Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1307

show qos statistics

Command History

Version 7.7.1.1 Version 7.5.1.0

Introduced on S-Series Introduced on C-Series

pre-Version 6.1.1.1 Introduced on E-Series Usage Information

The show qos statistics command can be used on the C-Series, but the wred-profile keyword must be omitted in the syntax. The show qos statistics output differs from the ED and EE series line cards and the EF series line cards. The QoS statistics for the EF series generates two extra columns, Queued Pkts and Dropped Pkts, see Example 2.

Note: The show qos statistics command displays Matched Packets and Matched
Bytes. The show queue statistics egress command (E-Series only) displays Queued Packets and Queued Bytes. The following example explains how these two displays relate to each other. 9000 byte size packets are sent from Interface A to Interface B. The Matched Packets on Interface A are equal to the Queued Packets on Interface B. Matched bytes on Interface A = matched packets *9000 Queued bytes on Interface B = queued packets *(9020)Each packet has an additional header of 20 bytes.
Example 1

Figure 441 show qos statistics Command Ouput (ED and EE Series of E-Series)
Force10#show qos statistics Interface Gi 0/0 Queue# Queued Bytes 0 0 1 0 2 0 3 0 4 0 5 0 6 0 7 0 Interface Gi 0/1 Queue# Queued Bytes 0 0 1 0 2 0 3 0 4 0 5 0 6 0 7 0 Matched Pkts 0 0 0 0 0 0 0 0 Matched Pkts 0 0 0 0 0 0 0 0 Matched Bytes 0 0 0 0 0 0 0 0 Matched Bytes 0 0 0 0 0 0 0 0

Table 128 show qos statistics Command Example Fields (ED and EE Series) Field
Queue # Queued Bytes Matched Pkts

Description
Queue Number Snapshot of the byte count in that queuet. The number of packets that matched the class-map criteria.

Note: When trust is configured, matched packet counters

are not incremented in this field.
Matched Bytes The number of bytes that matched the class-map criteria.

Note: When trust is configured, matched byte counters are

not incremented in this field. 1308 Quality of Service (QoS)

show qos statistics

Example 2

Figure 442 show qos statistics Command Ouput (EFSeries of E-Series)

Force10#show qos statistics gig 0/1 Queue# 0 1 2 3 4 5 6 7 Force10# Queued Bytes (Cumulative) 0 0 0 0 0 0 0 0 Queued Pkts (Cumulative) 0 0 0 0 0 0 0 0 Matched Pkts 1883725 1883725 1883725 1883725 1883725 1883724 1883720 1883720 Matched Bytes 1883725000 1883725000 1883725000 1883725000 1883725000 1883724000 1883720000 1883720000 Dropped Pkts 0 0 0 0 0 0 0 0

Table 129 show qos statistics Command Example Fields (EF Series) Field
Queue # Queued Bytes Queued Pkts Matched Pkts

Description
Queue Number Cumulative byte count in that queue Cumulative packet count in that queue. The number of packets that matched the class-map criteria.

Note: When trust is configured, matched packet counters are not

incremented in this field.
Matched Bytes The number of bytes that matched the class-map criteria.

Note: When trust is configured, matched byte counters are not

incremented in this field.
Dropped Pkts The total of the number of packets dropped for green, yellow and out-of-profile.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1309

show qos wred-profile

Example 3

Figure 443 show qos statistics wred-profile Command Ouput (ED, EE, and EF Series)
Force10#show qos statistics wred-profile Interface Gi 5/11 Queue# Drop-statistic WRED-name Dropped Pkts 0 1 2 3 4 5 6 7 Force10# Green Yellow Out of Green Yellow Out of Green Yellow Out of Green Yellow Out of Green Yellow Out of Green Yellow Out of Green Yellow Out of Green Yellow Out of WRED1 WRED2 Profile WRED1 WRED2 Profile WRED1 WRED2 Profile WRED1 WRED2 Profile WRED1 WRED2 Profile WRED1 WRED2 Profile WRED1 WRED2 Profile WRED1 WRED2 Profile 51623 51300 0 52082 51004 0 50567 49965 0 50477 49815 0 50695 49476 0 50245 49535 0 50033 49595 0 50474 49522 0

Table 130 show qos statistics wred-profile Command Example Fields (ED, EE, and EF Series) Field
Queue # Drop-statistic WRED-name Dropped Pkts

Description
Queue Number Drop statistics for green, yellow and out-of-profile packets WRED profile name The number of packets dropped for green, yellow and out-of-profile

Related Commands

clear qos statistics

Clears counters as shown in show qos statistics

show qos wred-profile

e
Syntax Parameters

View the WRED profile details. show qos wred-profile wred-profile-name wred-profile-name
Enter the WRED profile name to view the profile details.

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

1310

Quality of Service (QoS)

test cam-usage

Command History Example

pre-Version 6.1.1.1 Introduced on E-Series

Figure 444 show qos wred-profile Command Ouput

Force10#show qos wred-profile Wred-profile-name wred_drop wred_ge_y wred_ge_g wred_teng_y wred_teng_g WRED1 min-threshold 0 1024 2048 4096 8192 2000 max-threshold 0 2048 4096 8192 16384 7000

test cam-usage
ces
Syntax

Check the Input Policy Map configuration for the CAM usage. test cam-usage service-policy input policy-map linecard { [number port-set portpipe number ] | [all] } policy-map linecard number port-set portpipe number
Enter the policy map name. (OPTIONAL) Enter the keyword linecard followed by the line card slot number. Enter the keyword port-set followed by the line cards port pipe number. Range: 0 or 1 (OPTIONAL) Enter the keywords linecard all to indicate all line cards.

Parameters

linecard all

Defaults Command Modes Command History

No default values or behavior EXEC

Version 7.6.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1311

test cam-usage

Example

Figure 445 test cam-usage service-policy input policy-map linecard all Example Command
Force10# test cam-usage service-policy input pmap_l2 linecard all For a L2 Input Policy Map pmap_l2, the output must be as follows, Linecard 0 0 1 1 | | Portpipe | CAM Partition | | 0 1 0 1 L2ACL L2ACL L2ACL L2ACL L2ACL | Available CAM | Estimated CAM | Status | per Port | (Allowed ports) 500 100 1000 0 200 200 200 200 Allowed (2) Exception Allowed (5) Exception

13 Force10#

400

200

Allowed (2)

Note: In a Layer 2 Policy Map, IPv4/IPv6 rules are not allowed and hence the output
contains only L2ACL CAM partition entries.

Table 131 test cam-usage Command Example Fields Field

Linecard Portpipe CAM Partition Available CAM

Description
Indicates the line card slot number. Indicates the portpipe number. The CAM space where the rules are added. Indicates the free CAM space, in the partition, for the classification rules. Note: The CAM entries reserved for the default rules are not included in the Available CAM column; free entries, from the default rules space, can not be used as a policy map for the classification rules. Indicates the number of free CAM entries required (for the classification rules) to apply the input policy map on a single interface. Note: The CAM entries for the default rule are not included in this column; a CAM entry for the default rule is always dedicated to a port and is always available for that interface. Indicates if the input policy map configuration on an interface belonging to a linecard/port-pipe is successfulAllowed (n)or not successfulException. The allowed number (n) indicates the number of ports in that port-pipe on which the Policy Map can be applied successfully.

Estimated CAM per Port

Status (Allowed ports)

Usage Information

This features allows you to determine if the CAM has enough space available before applying the configuration on an interface.

1312

Quality of Service (QoS)

threshold

An input policy map with both Trust and Class-map configuration, the Class-map rules are ignored and only the Trust rule is programmed in the CAM. In such an instance, the Estimated CAM output column will contain the size of the CAM space required for the Trust rule and not the Class-map rule.

threshold
e
Syntax

Specify the minimum and maximum threshold values for the configured WRED profiles. threshold min number max number To remove the threshold values, use the no threshold min number max number command.

Parameters

min number

Enter the keyword min followed by the minimum threshold number for the WRED profile. Range: 1024 to 77824 KB Enter the keyword max followed by the maximum threshold number for the WRED profile. Range: 1024 to 77824 KB

max number

Defaults Command Modes Command History Usage Information

No default behavior or values CONFIGURATION (config-wred)

pre-Version 6.1.1.1 Introduced on E-Series

Use this command to configure minimum and maximum threshold values for user defined profiles. Additionally, use this command to modify the minimum and maximum threshold values for the pre-defined WRED profiles. If you delete threshold values of the pre-defined WRED profiles, the profiles will revert to their original default values. Table 132 Pre-defined WRED Profile Threshold Values
Pre-defined WRED Profile Name wred_drop wred_ge_y wred_ge_g wred_teng_y wred_teng_g Minimum Threshold 0 1024 2048 4096 8192 Create a WRED profile. Maximum Threshold 0 2048 4096 8192 16384

Related Commands

wred-profile

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1313

trust

trust
ces
Syntax Parameters

Specify dynamic classification (DSCP) or dot1p to trust. trust {diffserv [fallback]| dot1p [fallback]| ipv6-diffserv} diffserv dot1p fallback
Enter the keyword diffserv to specify trust of DSCP markings. Enter the keyword dot1p to specify trust dot1p configuration. Enter this keyword to classify packets according to their DSCP value as a secondary option in case no match occurs against the configured class maps. On E-Series only, enter the keyword ipv6-diffserv to specify trust configuration of IPv6 DSCP.

ipv6-diffserv

Defaults Command Modes Command History

No default behavior or values CONFIGURATION (conf-policy-map-in)

Version 8.3.1.0 Version 8.2.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 pre-Version 6.1.1.1

fallback available on the E-Series. dot1p available on the C-Series and S-Series.
Introduced on S-Series Introduced on C-Series Expanded to add support for dot1p and IPv6 DSCP Introduced on E-Series

Usage Information

When trust is configured, matched bytes/packets counters are not incremented in the show qos statistics command. The trust diffserv feature is not supported on E-Series ExaScale when an IPv6 microcode is enabled. Dynamic mapping honors packets marked according to the standard definitions of DSCP. The default mapping table is detailed in the following table.

1314

Quality of Service (QoS)

wred

Table 133 Standard Default DSCP Mapping Table

DSCP/CP hex range (XXX)xxx DSCP Definition Traditional IP Precedence E-Series Internal Queue ID DSCP/CP C-Series and S-Series decimal Internal Queue ID

111XXX 110XXX 101XXX 100XXX 011XXX 010XXX 001XXX 000XXX EF (Expedited Forwarding) AF4 (Assured Forwarding) AF3 AF2 AF1 BE (Best Effort)

Network Control Internetwork Control CRITIC/ECP Flash Override Flash Immediate Priority Best Effort

7 6 5 4 3 2 1 0

3 3 2 2 1 1 0 0

4863

3247

1631 015

wred
e
Syntax

Designate the WRED profile to yellow or green traffic. wred {yellow | green} profile-name To remove the WRED drop precedence, use the no wred {yellow | green} [profile-name] command.

Parameters

yellow | green

Enter the keyword yellow for yellow traffic. DSCP value of xxx110 and xxx100 maps to yellow. Enter the keyword green for green traffic. DSCP value of xxx010 maps to green.

profile-name

Enter your WRED profile name in character format (16 character maximum). Or use one of the 5 pre-defined WRED profile names. Pre-defined Profiles: wred_drop, wred-ge_y, wred_ge_g, wred_teng_y, wred_teng_

Defaults Command Modes Command History

No default behavior or values CONFIGURATION (conf-qos-policy-out)

Version 8.2.1.0 Profile name character limit increased from 16 to 32.

pre-Version 6.1.1.1 Introduced on E-Series Usage Information

Use this command to assign drop precedence to green or yellow traffic. If there is no honoring enabled on the input, all the traffic defaults to green drop precedence.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1315

wred-profile

Related Commands

wred-profile trust

Create a WRED profile and name that profile Define the dynamic classification to trust DSCP

wred-profile
e
Syntax

Create a WRED profile and name that profile. wred-profile wred-profile-name To remove an existing WRED profile, use the no wred-profile command.

Parameters

wred-profile-name

Enter your WRED profile name in character format (16 character maximum). Or use one of the pre-defined WRED profile names. You can configure up to 26 WRED profiles plus the 5 pre-defined profiles, for a total of 31 WRED profiles. Pre-defined Profiles: wred_drop, wred-ge_y, wred_ge_g, wred_teng_y, wred_teng_g

Defaults

The five pre-defined WRED profiles. When a new profile is configured, the minimum and maximum threshold defaults to predefined wred_ge_g values CONFIGURATION
pre-Version 6.1.1.1 Introduced on E-Series

Command Modes Command History Usage Information

Use the default pre-defined profiles or configure your own profile. You can not delete the pre-defined profiles or their default values. This command enables the WRED configuration mode(conf-wred).
threshold Specify the minimum and maximum threshold values of the WRED profile

Related Commands

Queue-Level Debugging
Queue-Level Debugging is an E-Series-only feature, , as indicated by the e character that appears below each command heading. The following queuing statistics are available on both the EtherScale and TeraScale versions of E-Series systems. clear queue statistics egress clear queue statistics ingress show queue statistics egress show queue statistics ingress

1316

Quality of Service (QoS)

clear queue statistics egress

e
Syntax Parameters

Clear egress queue statistics. clear queue statistics egress [unicast | multicast] [Interface] unicast | multicast
(OPTIONAL) Enter the keyword multicast to clear only Multicast queue statistics. Enter the keyword unicast to clear only Unicast queue statistics. Default: Both Unicast and Multicast queue statistics are cleared. (OPTIONAL) Enter one of the following interfaces to display the interface specific queue statistics. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a SONET interface, enter the keyword sonet followed by the slot/port information. Fast Ethernet is not supported

Interface

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History Usage Information

Version 6.2.1.1

Introduced

If a Policy QoS is applied on an interface when clear queue statistics egress is issued, it will clear the egress counters in show queue statistics and vice-versa. This behavior is due to the values being read from the same hardware registers. clear queue statistics egress show queue statistics egress show queue statistics ingress
Clear ingress queue statistics Display egress queue statistics Display ingress queue statistics

Related Commands

clear queue statistics ingress

e
Syntax

Clear ingress queue statistics. clear queue statistics ingress [unicast [src-card ID [dst-card ID ]] | [multicast] [src-card ID ]]

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1317

show queue statistics egress

Parameters

unicast [src-card ID [dst-card ID ]]

(OPTIONAL) Enter the keyword unicast to clear Unicast queue statistics. Optionally, enter the source card identification (src-card ID) and the destination card identification (dst-card ID ) to clear the unicast statistics from the source card to the destination card. (OPTIONAL) Enter the keyword multicast to clear only Multicast queue statistics. Optionally, enter the source card identification (src-card ID) to clear the multicast statistics from the source card. Default: Both Unicast and Multicast queue statistics are cleared.

multicast [src-card ID ]

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History Related Commands

Version 6.2.1.1

Introduced

clear queue statistics egress show queue statistics egress show queue statistics ingress

Clear egress queue statistics Display egress queue statistics Display ingress queue statistics

show queue statistics egress

e
Syntax Parameters

Display the egress queue statistics. show queue statistics egress [unicast | multicast] [Interface] [brief] unicast | multicast
(OPTIONAL) Enter the keyword multicast to display only Multicast queue statistics. Enter the keyword unicast to display only Unicast queue statistics. Default: Both Unicast and Multicast queue statistics are displayed. (OPTIONAL) Enter one of the following interfaces to display the interface specific queue statistics. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a SONET interface, enter the keyword sonet followed by the slot/port information. Fast Ethernet is not supported.

Interface

brief

(OPTIONAL) Enter the keyword brief to display only ingress per link buffering and egress per port buffering statistics.

Defaults

No default behavior or values

1318

Quality of Service (QoS)

show queue statistics egress

Command Modes

EXEC EXEC Privilege

Command History Usage Information

Version 6.2.1.1

Introduced for E-Series

EtherScale systems display cumulative dropped packets, while TeraScale systems display cumulative queued bytes (in KB), cumulative queued packets (in KB), and cumulative dropped packets (in KB). The display area is limited to 80 spaces to accommodate the screen and for optimal readability. Numbers, that is values, are limited to 12 characters. The numbering conventions are detailed inthe table below. Table 134 Numbering Conventions for show queue egress statistics Output
Value (10^11) - (10^14) (10^14) - (10^17) > (10^17) Divide the number by 1024 1024*1024 1024*1024*1024 Quotient Display K M T Examples 12345678901K 12345678901M 12345678901T

Note: The show queue statistics command displays Queued Packets and
Queued Bytes. The show qos statistics command displays Matched Packets and Matched Bytes. The following example explains how these two outputs relate to each other. 9000 byte size packets are sent from Interface A to Interface B. The Matched Packets on Interface A are equal to the Queued Packets on Interface B. Matched bytes on Interface A = matched packets *9000 Queued bytes on Interface B = queued packets *(9020)Each packet has an additional header of 20 bytes.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1319

show queue statistics egress

Example 1

Figure 446 show queue statistics egress Command (TeraScale)

Force10#show queue statistics egress unicast gigabitethernet 9/1 Interface Gi 9/1 Egress Queued Port bytes Queue# 0 281513847K 1 2 3 4 5 6 7 99281660K 99281660K 38984440000 99281660K 39760160000 39642900000 99274410K Queued packets 31959000 11271000 11271000 4322000 11271000 4408000 4395000 11270177 Packet Type Green Yellow Out of Green Yellow Out of Green Yellow Out of Green Yellow Out of Green Yellow Out of Green Yellow Out of Green Yellow Out of Green Yellow Out of Min KB 2048 1024 Profile 2048 1024 Profile 2048 1024 Profile 2048 1024 Profile 2048 1024 Profile 2048 1024 Profile 2048 1024 Profile 2048 1024 Profile 4096 2048 4096 2048 4096 2048 4096 2048 4096 2048 4096 2048 4096 2048 Max KB 4096 2048 Dropped packets 0 0 30385770 0 0 9886100 0 0 9784600 0 0 3053753 0 0 9581600 0 0 3070671 0 0 3026100 0 0 9273402

Force10#

Table 135 show queue statistics egress Command Fields Field

Egress Port Queue# Queued bytes Queued packets Packet type Min KB Max KB Dropped Pkts

Description
Egress Port Queue Number Cumulative byte count in that queue Cumulative packet count in that queue. Green, yellow, and out-of-profile packets Minimum threshold for WRED queue Maximum threshold for WRED queue The number of packets dropped for green, yellow and out-of-profile

1320

Quality of Service (QoS)

show queue statistics egress

Example 2

Figure 447 show queue statistics egress multicast Command Ouput (EtherScale)
Force10#sho queue statistics egress multicast Linecard 3 port pipe 0, multicast Packet Type Green Yellow Out of Profile Min KB 8192 4096 Max KB 16384 8192 Dropped packets 0 0 0

Linecard 3 port pipe 1, multicast Packet Type Green Yellow Out of Profile Min KB 8192 4096 Max KB 16384 8192 Dropped packets 0 0 0

Linecard 7 port pipe 0, multicast Packet Type Green Yellow Out of Profile Min KB 2048 1024 Max KB 4096 2048 Dropped packets 0 0 0

Linecard 7 port pipe 1, multicast Packet Type Green Yellow Out of Profile Force10# Min KB 2048 1024 Max KB 4096 2048 Dropped packets 0 0 0

Table 136 show queue statistics egress multicast Command Fields Field
Packet type Min KB Max KB Dropped Pkts

Description
Green, yellow, and out-of-profile packets Minimum threshold for WRED queue Maximum threshold for WRED queue The number of packets dropped for green, yellow and out-of-profile

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1321

show queue statistics ingress

Example 3

Figure 448 show queue statistics egress brief Command Output

Force10#show queue statistics egress brief LC 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 Force10# Portpipe PortPipe 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 0 Port 0 1 2 3 4 5 6 7 8 9 10 11 M 0 1 2 3 4 5 6 7 8 9 10 11 M 0 Dropped packets 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

Table 137 show queue statistics egress brief Command Fields Field
LC Portpipe Port Dropped Pkts

Description
Line Card Portpipe number Port Queue. Where M is Multicast queue The number of packets dropped for green, yellow and out-of-profile

Related Commands

clear queue statistics egress clear queue statistics ingress show queue statistics ingress

Clear egress queue statistics. Clear ingress queue statistics. Display ingress queue statistics

show queue statistics ingress

e
Syntax

Display the ingress queue statistics. show queue statistics ingress [unicast [src-card ID [dst-card ID ]] | [multicast] [src-card ID ]] [brief]

1322

Quality of Service (QoS)

show queue statistics ingress

Parameters

unicast [src-card ID [dst-card ID ]]

(OPTIONAL) Enter the keyword unicast to display Unicast queue statistics. Optionally, enter the source card identification (src-card ID) and the destination card identification (dst-card ID ) to display the unicast statistics from the source card to the destination card. Destination card Identification: Range 0 to 13 or RPM (OPTIONAL) Enter the keyword multicast to display only Multicast queue statistics. Optionally, enter the source card identification (src-card ID) to display the multicast statistics from the source card. Default: Both Unicast and Multicast queue statistics are displayed. (OPTIONAL) Enter the keyword brief to display only ingress per link buffering and egress per port buffering statistics.

multicast [src-card ID ]

brief

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History Usage Information

Version 6.2.1.1

Introduced

EtherScale systems display cumulative dropped packets, while TeraScale systems display cumulative queued bytes (in KB), cumulative queued packets (in KB), and cumulative dropped packets (in KB). The display area is limited to 80 spaces to accommodate the screen and for optimal readability. Numbers, that is values, are limited to 12 characters. The conventions are detailed in the following table. Table 138 Numbering Conventions for show queue statistics ingress Output
Value (10^11) - (10^14) (10^14) - (10^17) > (10^17) Divide the number by 1024 1024*1024 1024*1024*1024 Quotient Display K M T Examples 12345678901K 12345678901M 12345678901T

Note: The show queue statistics command displays Queued Packets and
Queued Bytes. The show qos statistics command displays Matched Packets and Matched Bytes. The following example explains how these two displays relate to each other. 9000 byte size packets are sent from Interface A to Interface B. The Matched Packets on Interface A are equal to the Queued Packets on Interface B. Matched bytes on Interface A = matched packets *9000 Queued bytes on Interface B = queued packets *(9020)Each packet has an additional header of 20 bytes.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1323

show queue statistics ingress

Figure 449 show queue statistics ingress Command (EtherScale) Partial

Force10#show queue statistics ingress unicast src-card 7 dst-card 3 Linecard 7 port pipe 0, to linecard 3 port pipe 0, unicast SF Ingress Queue# 0 Packet Type Min KB Max KB Dropped packets

Green 4096 4096 0 Yellow 3276 3276 0 Out of Profile 0 1 Green 4096 4096 0 Yellow 3276 3276 0 Out of Profile 0 2 Green 4096 4096 0 Yellow 3276 3276 0 Out of Profile 0 3 Green 4096 4096 0 Yellow 3276 3276 0 Out of Profile 0 4 Green 4096 4096 0 Yellow 3276 3276 0 Out of Profile 0 5 Green 4096 4096 0 Yellow 3276 3276 0 Out of Profile 0 6 Green 4096 4096 0 Yellow 3276 3276 0 Out of Profile 0 7 Green 4096 4096 0 Yellow 3276 3276 0 Out of Profile 0 Linecard 7 port pipe 0, to linecard 3 port pipe 1, unicast SF Packet Type Min Max Dropped Ingress KB KB packets Queue# 0 Green 4096 4096 0 Yellow 3276 3276 0 Out of Profile 0 1 Green 4096 4096 0 Yellow 3276 3276 0 Out of Profile 0 2 Green 4096 4096 0 Yellow 3276 3276 0 Out of Profile 0 3 Green 4096 4096 0 Yellow 3276 3276 0 Out of Profile 0 4 Green 4096 4096 0 Yellow 3276 3276 0 Out of Profile 0 5 Green 4096 4096 0 Yellow 3276 3276 0 Out of Profile 0 6 Green 4096 4096 0 Yellow 3276 3276 0 Out of Profile 0 7 Green 4096 4096 0 Yellow 3276 3276 0 Out of Profile 0 4 Green 4096 4096 0 Yellow 3276 3276 0 Out of Profile 0 5 Green 4096 4096 0 Yellow 3276 3276 0 Out of Profile 0 6 Green 4096 4096 0 Yellow 3276 3276 0 Out of Profile 0 7 Green 4096 4096 0 Yellow 3276 3276 0 Out of Profile 0

1324

Quality of Service (QoS)

show queue statistics ingress

Table 139 show queue statistics Command Fields Field

SF Ingress Queue # Packet type Min KB Max KB Dropped Pkts

Description
Switch Fabric Queue Number Green, yellow, and out-of-profile packets Minimum threshold for WRED queue Maximum threshold for WRED queue The number of packets dropped for green, yellow and out-of-profile

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1325

show queue statistics ingress

Example 2

Figure 450 show queue statistics ingress Multicast Command Output (EtherScale)
Force10#show queue statistics ingress multicast src-card 7 Linecard 7 port pipe 0, multicast SF Ingress Queue# 0 1 2 3 4 5 6 7 Packet Type Green Yellow Out of Green Yellow Out of Green Yellow Out of Green Yellow Out of Green Yellow Out of Green Yellow Out of Green Yellow Out of Green Yellow Out of Min KB 4096 3276 Profile 4096 3276 Profile 4096 3276 Profile 4096 3276 Profile 4096 3276 Profile 4096 3276 Profile 4096 3276 Profile 4096 3276 Profile 4096 3276 4096 3276 4096 3276 4096 3276 4096 3276 4096 3276 4096 3276 Max KB 4096 3276 Dropped packets 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

Linecard 7 port pipe 1, multicast SF Ingress Queue# 0 1 2 3 4 5 6 7 Force10# Packet Type Green Yellow Out of Green Yellow Out of Green Yellow Out of Green Yellow Out of Green Yellow Out of Green Yellow Out of Green Yellow Out of Green Yellow Out of Min KB 4096 3276 Profile 4096 3276 Profile 4096 3276 Profile 4096 3276 Profile 4096 3276 Profile 4096 3276 Profile 4096 3276 Profile 4096 3276 Profile 4096 3276 4096 3276 4096 3276 4096 3276 4096 3276 4096 3276 4096 3276 Max KB 4096 3276 Dropped packets 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

Table 140 show queue statistics ingress Multicast Command Fields Field
SF Ingress Queue # Packet type Min KB

Description
Switch Fabric Queue Number Green, yellow, and out-of-profile packets Minimum threshold for WRED queue

1326

Quality of Service (QoS)

show queue statistics ingress

Table 140 show queue statistics ingress Multicast Command Fields Field
Max KB Dropped Pkts

Description
Maximum threshold for WRED queue The number of packets dropped for green, yellow and out-of-profile

Example 3

Figure 451 show queue statistics ingress brief Command Output

Force10#show queue statistics ingress src-card 0 brief Source Linecard 0 Dest LC 0 0 0 0 1 1 1 1 2 2 2 2 3 3 3 3 4 4 4 4 5 5 5 5 6 6 6 6 RPM RPM Multicast Multicast Force10# Src Port set 0 0 1 1 0 0 1 1 0 0 1 1 0 0 1 1 0 0 1 1 0 0 1 1 0 0 1 1 0 1 0 1 Dest Port set 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 Dropped packets 0 100 0 100 0 100 0 100 0 100 0 100 0 100 0 100 0 100 0 100 0 100 0 100 0 100 0 100 0 100 0 0

Table 141 show queue statistics ingress brief Command Fields Field
Dest LC Src Port Set Dest Port Set Dropped Pkts

Description
Destination Line Card Source PortPipe Number Destination PortPipe Number The number of packets dropped

Related Commands

clear queue statistics egress clear queue statistics ingress show queue statistics ingress

Clear egress queue statistics. Clear ingress queue statistics. Display egress queue statistics

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1327

show queue statistics ingress

1328

Quality of Service (QoS)

Chapter 48

Router Information Protocol (RIP)

Overview
Router Information Protocol (RIP) is a Distance Vector routing protocol. FTOS supports both RIP version 1 (RIPv1) and RIP version 2 (RIPv2) on C-Series and E-Series and S-Series systems, as indicated by the characters that appear below each command heading: C-Series: c E-Series: e S-Series: s

Note: The C-Series platform supports RIP with FTOS version 7.6.1.0 and later. The
S-Series platform supports RIP with FTOS version 7.8.1.0 and later. Prior to 7.6.1.0, only the E-Series platform supported RIP. The FTOS implementation of RIP is based on IETF RFCs 2453 and RFC 1058. For more information on configuring RIP, refer to FTOS Configuration Guide.

Commands
The following commands enable you to configure RIP: auto-summary clear ip rip debug ip rip default-information originate default-metric description distance distribute-list in distribute-list out ip poison-reverse ip rip receive version ip rip send version

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1329

auto-summary

ip split-horizon maximum-paths neighbor network offset-list output-delay passive-interface redistribute redistribute isis redistribute ospf router rip show config show ip rip database show running-config rip timers basic version

auto-summary
ces
Syntax

Restore the default behavior of automatic summarization of subnet routes into network routes. This command applies only to RIP version 2. auto-summary To send sub-prefix routing information, enter no auto-summary.

Default Command Modes Command History

Enabled. ROUTER RIP

Version 7.8.1.0 Version 7.6.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

clear ip rip
ces
Syntax Command Modes

Update all the RIP routes in the FTOS routing table. clear ip rip EXEC Privilege

1330

Router Information Protocol (RIP)

debug ip rip

Command History

Version 7.8.1.0 Version 7.6.1.0 pre-Version 6.2.1.1

Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

This command triggers updates of the main RIP routing tables.

debug ip rip
ces
Syntax

Examine RIP routing information for troubleshooting. debug ip rip [interface | database | events [interface] | packet [interface] | trigger] To turn off debugging output, use the no debug ip rip command.

Parameters

interface

(OPTIONAL) Enter the interface type and ID as one of the following: For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

Note: This option is available only on E-Series when entered as a

standalone option. It is available on both C-Series and E-Series as a sub-option. database events packet trigger
Command Modes Command History (OPTIONAL) Enter the keyword database to display messages when there is a change to the RIP database. (OPTIONAL) Enter the keyword events to debug only RIP protocol changes. (OPTIONAL) Enter the keyword events to debug only RIP protocol packets.

Note: This option is available only on C-Series.

(OPTIONAL) Enter the keyword trigger to debug only RIP trigger extensions.

EXEC Privilege
Version 7.8.1.0 Version 7.6.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1331

default-information originate

default-information originate
ces
Syntax

Generate a default route for the RIP traffic. default-information originate [always] [metric metric-value] [route-map map-name] To return to the default values, enter no default-information originate.

Parameters

always metric metric-value

(OPTIONAL) Enter the keyword always to enable the switch software to always advertise the default route. (OPTIONAL) Enter the keyword metric followed by a number as the metric value. Range: 1 to 16 Default: 1 (OPTIONAL) Enter the keyword route-map followed by the name of a configured route-map.

route-map map-name

Defaults

Disabled. metric: 1

Command Modes Command History

ROUTER RIP
Version 7.8.1.0 Version 7.6.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

The default route must be present in the switch routing table for the default-information originate command to take effect.

default-metric
ces
Syntax

Change the default metric for routes. Use this command with the redistribute command to ensure that all redistributed routes use the same metric value. default-metric number To return the default metric to the original values, enter no default-metric.

Parameters

number

Specify a number. Range: 1 to 16. The default is 1.

Default Command Modes

1 ROUTER RIP

1332

Router Information Protocol (RIP)

description

Command History

Version 7.8.1.0 Version 7.6.1.0 pre-Version 6.2.1.1

Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information Related Commands

This command ensures that route information being redistributed is converted to the same metric value.
redistribute Allows you to redistribute routes learned by other methods.

description
ces
Syntax

Enter a description of the RIP routing protocol description {description} To remove the description, use the no description {description} command.

Parameters

description

Enter a description to identify the RIP protocol (80 characters maximum).

Defaults Command Modes Command History

No default behavior or values ROUTER RIP

Version 7.8.1.0 Version 7.6.1.0 pre-7.7.1.0 Introduced on S-Series Introduced on C-Series Introduced on E-Series Enter ROUTER mode on the switch.

Related Commands

router rip

distance
ces
Syntax

Assign a weight (for prioritization) to all routes in the RIP routing table or to a specific route. Lower weights (administrative distance) are preferred. distance weight [ip-address mask [prefix-name]] To return to the default values, use the no distance weight [ip-address mask] command.

Parameters

weight ip-address

Enter a number from 1 to 255 for the weight (for prioritization). The default is 120. (OPTIONAL) Enter the IP address, in dotted decimal format (A.B.C.D), of the host or network to receive the new distance metric.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1333

distribute-list in

mask prefix-name
Defaults Command Modes Command History

If you enter an IP address, you must also enter a mask for that IP address, in either dotted decimal format or /prefix format (/x) (OPTIONAL) Enter a configured prefix list name.

weight = 120 ROUTER RIP

Version 7.8.1.0 Version 7.6.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series Assign one distance metric to all routes learned using the redistribute command.

Related Commands

default-metric

distribute-list in
ces
Syntax

Configure a filter for incoming routing updates. distribute-list prefix-list-name in [interface] To delete the filter, use the no distribute-list prefix-list-name in command.

Parameters

prefix-list-name interface

Enter the name of a configured prefix list. (OPTIONAL) Identifies the interface type slot/port as one of the following: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

Defaults Command Modes Command History

Not configured. ROUTER RIP

Version 7.8.1.0 Version 7.6.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

1334

Router Information Protocol (RIP)

distribute-list out

Related Commands

ip prefix-list

Enter the PREFIX-LIST mode and configure a prefix list.

distribute-list out
ces
Syntax

Parameters

prefix-list-name interface

Enter the name of a configured prefix list. (OPTIONAL) Identifies the interface type slot/port as one of the following: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/ port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

connected isis ospf static

Defaults Command Modes Command History

(OPTIONAL) Enter the keyword connected to filter only directly connected routes. (OPTIONAL) Enter the keyword isis to filter only IS-IS routes.

Note: This option is only available on E-Series.

(OPTIONAL) Enter the keyword ospf to filter all OSPF routes. (OPTIONAL) Enter the keyword static to filter manually configured routes.

Not configured. ROUTER RIP

Version 7.8.1.0 Version 7.6.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series Enter the PREFIX-LIST mode and configure a prefix list.

Related Commands

ip prefix-list

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1335

ip poison-reverse

ip poison-reverse
ces
Syntax

Set the prefix of the RIP routing updates to the RIP infinity value. ip poison-reverse To disable poison reverse, enter no ip poison-reverse.

Defaults Command Modes Command History

Disabled. INTERFACE
Version 7.8.1.0 Version 7.6.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series Set RIP routing updates to exclude routing prefixes.

Related Commands

ip split-horizon

ip rip receive version

ces
Syntax

Set the interface to receive specific versions of RIP. The RIP version you set on the interface overrides the version command in the ROUTER RIP mode. ip rip receive version [1] [2] To return to the default, enter no ip rip receive version.

Parameters

1 2

(OPTIONAL) Enter the number 1 for RIP version 1. (OPTIONAL) Enter the number 2 for RIP version 2.

Defaults Command Modes Command History

RIPv1 and RIPv2. INTERFACE

Version 7.8.1.0 Version 7.6.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information Related Commands

If you want the interface to receive both versions of RIP, enter ip rip receive version 1 2.

ip rip send version version

Sets the RIP version to be used for sending RIP traffic on an interface. Sets the RIP version to be used for the switch software.

1336

Router Information Protocol (RIP)

ip rip send version

ces
Syntax

Set the interface to send a specific version of RIP. The version you set on the interface overrides the version command in the ROUTER RIP mode. ip rip send version [1] [2] To return to the default value, enter no ip rip send version.

Parameters

1 2

(OPTIONAL) Enter the number 1 for RIP version 1. The default is RIPv1. (OPTIONAL) Enter the number 2 for RIP version 2.

Defaults Command Modes Command History

RIPv1. INTERFACE
Version 7.8.1.0 Version 7.6.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information Related Commands

To enable the interface to send both version of RIP packets, enter ip rip send version 1 2.

ip rip receive version version

Sets the RIP version for the interface to receive traffic. Sets the RIP version to be used for the switch software.

ip split-horizon
ces
Enable split-horizon for RIP data on the interface. As described in RFC 2453, the split-horizon scheme prevents any routes learned over a specific interface to be sent back out that interface. ip split-horizon To disable split-horizon, enter no ip split-horizon.
Defaults Command Modes Command History

Syntax

Enabled INTERFACE
Version 7.8.1.0 Version 7.6.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series Set the prefix for RIP routing updates.

Related Commands

ip poison-reverse

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1337

maximum-paths

maximum-paths
ces
Syntax

Set RIP to forward packets over multiple paths. maximum-paths number To return to the default values, enter no maximum-paths.

Parameters

number

Enter the number of paths. Range: 1 to 16. The default is 4 paths.

Defaults Command Modes Command History

4 ROUTER RIP
Version 7.8.1.0 Version 7.6.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

RIP supports a maximum of 16 ECMP paths.

neighbor
ces
Syntax

Define a neighbor router with which to exchange RIP information. neighbor ip-address To delete a neighbor setting, use the no neighbor ip-address command.

Parameters

ip-address

Enter the IP address, in dotted decimal format, of a router with which to exchange information.

Defaults Command Modes Command History

Not configured. ROUTER RIP

Version 7.8.1.0 Version 7.6.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

When a neighbor router is identified, unicast data exchanges occur. Multiple neighbor routers are possible. Use the passive-interface command in conjunction with the neighbor command to ensure that only specific interfaces are receiving and sending data.

1338

Router Information Protocol (RIP)

network

Related Commands

passive-interface

Sets the interface to only listen to RIP broadcasts.

network
ces
Syntax

Enable RIP for a specified network. Use this command to enable RIP on all networks connected to the switch. network ip-address To disable RIP for a network, use the no network ip-address command.

Parameter

ip-address

Specify an IP network address in dotted decimal format. You cannot specify a subnet.

Defaults Command Modes Command History

No RIP network is configured. ROUTER RIP

Version 7.8.1.0 Version 7.6.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

You can enable an unlimited number of RIP networks. RIP operates over interfaces configured with any address specified by the network command.

offset-list
ces
Syntax

Specify a number to add to the incoming or outgoing route metrics learned via RIP. offset-list prefix-list-name {in | out} offset [interface] To delete an offset list, use the no offset-list prefix-list-name {in | out} offset [interface] command.

Parameters

prefix-list-name

Enter the name of an established Prefix list to determine which incoming routes will be modified.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1339

output-delay

offset

Enter a number from zero (0) to 16 to be applied to the incoming route metric matching the access list specified. If you set an offset value to zero (0), no action is taken. (OPTIONAL) Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/ port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

interface

Defaults Command Modes Command History

Not configured. ROUTER RIP

Version 7.8.1.0 Version 7.6.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information Related Commands

When the offset metric is applied to an interface, that value takes precedence over an offset value that is not extended to an interface.
ip prefix-list Enter the PREFIX-LIST mode and configure a prefix list.

output-delay
ces
Syntax

Set the interpacket delay of successive packets to the same neighbor. output-delay delay To return to the switch software defaults for interpacket delay, enter no output-delay.

Parameters

delay

Specify a number of milliseconds as the delay interval. Range: 8 to 50.

Default Command Modes

Not configured. ROUTER RIP

1340

Router Information Protocol (RIP)

passive-interface

Command History

Version 7.8.1.0 Version 7.6.1.0 pre-Version 6.2.1.1

Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

This command is intended for low-speed interfaces.

passive-interface
ces
Syntax

Suppress routing updates on a specified interface. passive-interface interface To delete a passive interface, use the no passive-interface interface command.

Parameters

interface

Enter the following information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN, enter the keyword vlan followed by a number from 1 to 4094.

Defaults Command Modes Command History

Not configured. ROUTER RIP

Version 7.8.1.0 Version 7.6.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information Related Commands

Although the passive interface will neither send nor receive routing updates, the network on that interface will still be included in RIP updates sent via other interfaces.
neighbor network Enable RIP for a specified network. Define a neighbor.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1341

redistribute

redistribute
ces
Syntax

Redistribute information from other routing instances. redistribute {connected | static} To disable redistribution, use the no redistribute {connected | static} command.

Parameters

connected static

Enter the keyword connected to specify that information from active routes on interfaces is redistributed. Enter the keyword static to specify that information from static routes is redistributed.

Defaults Command Modes Command History

Not configured. ROUTER RIP

Version 7.8.1.0 Version 7.6.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information Related Commands

To redistribute the default route (0.0.0.0/0), configure the default-information originate command.
default-information originate Generate a default route for RIP traffic.

redistribute isis
e
Syntax

Redistribute routing information from an IS-IS instance. redistribute isis [tag] [level-1 | level-1-2 | level-2] [metric metric-value] [route-map map-name] To disable redistribution, use the no redistribute isis [tag] [level-1 | level-1-2 | level-2] [metric metric-value] [route-map map-name] command.

Parameters

tag level-1 level-1-2 level-2

1342

Router Information Protocol (RIP)

redistribute ospf

metric metric-value

(OPTIONAL) Enter the keyword metric followed by a number as the metric value. Range: 0 to16 (OPTIONAL) Enter the keyword route-map followed by the name of a configured route map.

route-map map-name
Defaults Command Modes Command History Usage Information

Not configured. ROUTER RIP

pre-Version 6.2.1.1 Introduced on E-Series

IS-IS is not supported on S-Series systems.

redistribute ospf
ces
Syntax

Redistribute routing information from an OSPF process. redistribute ospf process-id [match external {1 | 2} | match internal | metric metric-value] [route-map map-name] To disable redistribution, enter no redistribute ospf process-id [match external {1 | 2} | match internal | metric metric-value] [route-map map-name] command.

Parameters

process-id

Enter a number that corresponds to the OSPF process ID to be redistributed. Range: 1 to 65355. (OPTIONAL) Enter the keywords match external followed by the numbers 1 or 2 to indicated that external 1 routes or external 2 routes should be redistributed. (OPTIONAL) Enter the keywords match internal to indicate that internal routes should be redistributed. (OPTIONAL) Enter the keyword metric followed by a number as the metric value. Range: 0 to16 (OPTIONAL) Enter the keyword route-map followed by the name of a configured route map.

match external {1 | 2} match internal metric metric-value route-map map-name

Defaults Command Modes Command History

Not configured. ROUTER RIP

Version 7.8.1.0 Version 7.6.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1343

router rip

router rip
ces
Syntax

Enter the ROUTER RIP mode to configure and enable RIP. router rip To disable RIP, enter no router rip.

Defaults Command Modes Command History

Disabled. CONFIGURATION
Version 7.8.1.0 Version 7.6.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information Example

To enable RIP, you must assign a network address using the network command. Figure 452 router rip Command Example
Force10(conf)#router rip Force10(conf-router_rip)#

Related Commands

network exit

Enable RIP. Return to the CONFIGURATION mode.

show config
ces
Syntax Command Modes Command History

Display the changes you made to the RIP configuration. Default values are not shown. show config ROUTER RIP
Version 7.8.1.0 Version 7.6.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

1344

Router Information Protocol (RIP)

show ip rip database

Example

Figure 453 show config Command Example in ROUTER RIP Mode

Force10(conf-router_rip)#show config ! router rip network 172.31.0.0 passive-interface GigabitEthernet 0/1 Force10(conf-router_rip)#

show ip rip database

ces
Syntax Parameters

Display the routes learned by RIP. If the switch learned no RIP routes, no output is generated. show ip rip database [ip-address mask] ip-address
(OPTIONAL) Specify an IP address in dotted decimal format to view RIP information on that network only. If you enter an IP address, you must also enter a mask for that IP address. (OPTIONAL) Specify a mask, in /network format, for the IP address.

mask
Command Modes Command History

EXEC Privilege
Version 7.8.1.0 Version 7.6.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1345

show running-config rip

Example

Figure 454 show ip rip database Command Example (partial)

Force10#show ip rip database Total number of routes in RIP database: 1624 204.250.54.0/24 [50/1] via 192.14.1.3, 00:00:12, GigabitEthernet 9/15 204.250.54.0/24 auto-summary 203.250.49.0/24 [50/1] via 192.13.1.3, 00:00:12, GigabitEthernet 9/14 203.250.49.0/24 auto-summary 210.250.40.0/24 [50/2] via 1.1.18.2, 00:00:14, Vlan 18 [50/2] via 1.1.130.2, 00:00:12, Port-channel 30 210.250.40.0/24 auto-summary 207.250.53.0/24 [50/2] via 1.1.120.2, 00:00:55, Port-channel 20 [50/2] via 1.1.130.2, 00:00:12, Port-channel 30 [50/2] via 1.1.10.2, 00:00:18, Vlan 10 207.250.53.0/24 auto-summary 208.250.42.0/24 [50/2] via 1.1.120.2, 00:00:55, Port-channel 20 [50/2] via 1.1.130.2, 00:00:12, Port-channel 30 [50/2] via 1.1.10.2, 00:00:18, Vlan 10 208.250.42.0/24 auto-summary

Table 142 Fields in show ip rip database Command Output Field

Total number of routes in RIP database 100.10.10.0/24 directly connected 150.100.0.0 redistributed 209.9.16.0/24 ...

Description
Displays the number of RIP routes stored in the RIP database. Lists the route(s) directly connected. Lists the routes learned through redistribution. Lists the routes and the sources advertising those routes.

show running-config rip

ces
Syntax Defaults Command Modes

Use this feature to display the current RIP configuration . show running-config rip No default values or behavior EXEC Privilege

1346

Router Information Protocol (RIP)

timers basic

Example

Figure 455 show running-config rip Command Example

show running-config rip ! router rip distribute-list Test1 in distribute-list Test21 out network 10.0.0.0 passive-interface GigabitEthernet 2/0 neighbor 20.20.20.20 redistribute ospf 999 version 2

Command History

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

Introduced on S-Series Introduced on C-Series Introduced on E-Series

timers basic
ces
Syntax

Manipulate the RIP timers for routing updates, invalid, holddown times and flush time. timers basic update invalid holddown flush To return to the default settings, enter no timers basic.

Parameters

update

Enter the number of seconds to specify the rate at which RIP routing updates are sent. Range: zero (0) to 4294967295. Default: 30 seconds. Enter the number of seconds to specify the time interval before routing updates are declared invalid or expired. The invalid value should be at least three times the update timer value. Range: zero (0) to 4294967295. Default: 180 seconds. Enter the number of seconds to specify a time interval during which the route is marked as unreachable but still sending RIP packets. The holddown value should be at least three times the update timer value. Range: zero (0) to 4294967295. Default: 180 seconds. Enter the number of seconds to specify the time interval during which the route is advertised as unreachable. When this interval expires, the route is flushed from the routing table. The flush value should be greater than the update value. Range: zero (0) to 4294967295. Default is 240 seconds.

invalid

holddown

flush

Defaults

update = 30 seconds; invalid = 180 seconds; holddown = 180 seconds; flush = 240 seconds. ROUTER RIP

Command Modes

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1347

version

Command History

Version 7.8.1.0 Version 7.6.1.0 pre-Version 6.2.1.1

Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

If the timers on one router are changed, the timers on all routers in the RIP domain must also be synchronized.

version
ces
Syntax

Specify either RIP version 1 or RIP version 2. version {1 | 2} To return to the default version setting, enter no version.

Parameters

1 2

Enter the keyword 1 to specify RIP version 1. Enter the keyword 2 to specify RIP version 2.

Default Command Modes Command History

The FTOS sends RIPv1 and receives RIPv1 and RIPv2. ROUTER RIP
Version 7.8.1.0 Version 7.6.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series Set the RIP version to be received on the interface. Set the RIP version to be sent out the interface.

Related Commands

ip rip receive version ip rip send version

1348

Router Information Protocol (RIP)

Chapter 49
Overview

Remote Monitoring (RMON)

FTOS RMON is implemented on all Force10 switching platforms (C-Series, E-Series, and S-Series), as indicated by the characters that appear below each command heading: C-Series: c E-Series: e S-Series: s

FTOS RMON is based on IEEE standards, providing both 32-bit and 64-bit monitoring, and long-term statistics collection. FTOS RMON supports the following RMON groups, as defined in RFC-2819, RFC-3273, and RFC-3434: Ethernet Statistics Table Ethernet Statistics High-Capacity Table Ethernet History Control Table Ethernet History Table Ethernet History High-Capacity Table Alarm Table High-Capacity Alarm Table (64bits) Event Table Log Table RFC-2819 RFC-3273, 64bits RFC-2819 RFC-2819 RFC-3273, 64bits RFC-2819 RFC-3434, 64bits RFC-2819 RFC-2819

FTOS RMON does not support the following statistics: etherStatsCollisions etherHistoryCollisions etherHistoryUtilization

Note: Only SNMP GET/GETNEXT access is supported. Configure RMON using the RMON commands. Collected data is lost during a chassis reboot.

Commands
The FTOS Remote Network Monitoring RMON commands are: rmon alarm rmon collection history

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1349

rmon alarm

rmon collection statistics rmon event rmon hc-alarm show rmon show rmon alarms show rmon events show rmon hc-alarm show rmon history show rmon log show rmon statistics

rmon alarm
ces
Syntax

Set an alarm on any MIB object. rmon alarm number variable interval {delta | absolute} rising-threshold value event-number falling-threshold value event-number [owner string] To disable the alarm, use the no rmon alarm number command.

Parameters

number variable

Enter the alarm integer number from 1 to 65535. The value must be unique in the RMON Alarm Table. The MIB object to monitor. The variable must be in the SNMP OID format, for example, 1.3.6.1.2.1.1.3 The object type must be a 32 bit integer. Time, in seconds, the alarm monitors the MIB variables; this is the alarmSampleType in the RMON Alarm table. Range: 5 to 3600 seconds Enter the keyword delta to test the change between MIB variables. This is the alarmSampleType in the RMON Alarm table. Enter the keyword absolute to test each MIB variable directly. This is the alarmSampleType in the RMON Alarm table. Enter the keyword rising-threshold followed by the value (32bit) the rising-threshold alarm is either triggered or reset. Then enter the event-number to trigger when the rising threshold exceeds its limit. This value is the same as the alarmRisingEventIndex or alarmTable of the RMON MIB. If there is no corresponding rising-threshold event, the value is zero. Enter the keyword falling-threshold followed by the value (32bit) the falling-threshold alarm is either triggered or reset. Then enter the event-number to trigger when the falling threshold exceeds its limit. This value is the same as the alarmFallingEventIndex or the alarmTable of the RMON MIB. If there is no corresponding falling-threshold event, the value is zero. (OPTIONAL) Enter the keyword owner followed by the owner name to specify an owner for the alarm. This is the alarmOwner object in the alarmTable of the RMON MIB.

interval

delta absolute rising-threshold value event-number

falling-threshold value event-number

owner string

1350

Remote Monitoring (RMON)

rmon collection history

Default Command Modes Command History

owner CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 Version 6.1.1.0 Support added for S-Series Support added for C-Series Introduced for E-Series

rmon collection history

ces
Syntax

Enable the RMON MIB history group of statistics collection on an interface. rmon collection history {controlEntry integer} [owner name] [buckets number] [interval seconds] To remove a specified RMON history group of statistics collection, use the no rmon collection history {controlEntry integer} command.

Parameters

controlEntry integer

Enter the keyword controlEntry to specify the RMON group of statistics using a value. Then enter an integer value from 1 to 65535 that identifies the RMON group of statistics. The integer value must be a unique index in the RMON History Table. (OPTIONAL) Enter the keyword owner followed by the owner name to record the owner of the RMON group of statistics. (OPTIONAL) Enter the keyword buckets followed the number of buckets for the RMON collection history group of statistics. Bucket Range: 1 to 1000 Default: 50 (OPTIONAL) Enter the keyword interval followed the number of seconds in each polling cycle. Range: 5 to 3600 seconds Default: 1800 seconds

owner name buckets number

interval seconds

Defaults Command Modes Command History

No default behavior CONFIGURATION INTERFACE (config-if)

Version 7.6.1.0 Version 7.5.1.0 Version 6.1.1.0 Support added for S-Series Support added for C-Series Introduced for E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1351

rmon collection statistics

ces
Syntax

Enable RMON MIB statistics collection on an interface. rmon collection statistics {controlEntry integer} [owner name] To remove RMON MIB statistics collection on an interface, use the no rmon collection statistics {controlEntry integer} command.

Parameters

controlEntry integer

Enter the keyword controlEntry to specify the RMON group of statistics using a value. Then enter an integer value from 1 to 65535 that identifies the RMON Statistic Table. The integer value must be a unique in the RMON Statistic Table. (OPTIONAL) Enter the keyword owner followed by the owner name to record the owner of the RMON group of statistics.

owner name

Defaults Command Modes Command History

No default behavior CONFIGURATION INTERFACE (config-if)

Version 7.6.1.0 Version 7.5.1.0 Version 6.1.1.0 Support added for S-Series Support added for C-Series Introduced for E-Series

rmon event
ces
Syntax

Add an event in the RMON event table. rmon event number [log] [trap community] [description string] [ownername] To disable RMON on an interface, use the no rmon event number [log] [trap community] [description string] command.

Parameters

number log

Assign an event number in integer format from 1 to 65535. The number value must be unique in the RMON Event Table. (OPTIONAL) Enter the keyword log to generate an RMON log entry. The log entry is triggered and sets the eventType in the RMON MIB to log or log-and-trap. Default: No log (OPTIONAL) Enter the keyword trap followed by an SNMP community string to configure the eventType setting in the RMON MIB. This sets either snmp-trap or log-and-trap. Default: public (OPTIONAL) Enter the keyword description followed by a string describing the event. (OPTIONAL) Enter the keyword owner followed by the name of the owner of this event.

trap community

description string owner name

1352

Remote Monitoring (RMON)

rmon hc-alarm

Defaults Command Modes Command History

as described above CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 Version 6.1.1.0 Support added for S-Series Support added for C-Series Introduced for E-Series

rmon hc-alarm
ces
Syntax

Set an alarm on any MIB object. rmon hc-alarm number variable interval {delta | absolute} rising-threshold value event-number falling-threshold value event-number [owner string] To disable the alarm, use the no rmon hc-alarm number command.

Parameters

number variable

Enter the alarm integer number from 1 to 65535. The value must be unique in the RMON Alarm Table. The MIB object to monitor. The variable must be in the SNMP OID format, for example, 1.3.6.1.2.1.1.3 The object type must be a 64 bit integer. Time, in seconds, the alarm monitors the MIB variables; this is the alarmSampleType in the RMON Alarm table. Range: 5 to 3600 seconds Enter the keyword delta to test the change between MIB variables. This is the alarmSampleType in the RMON Alarm table. Enter the keyword absolute to test each MIB variable directly. This is the alarmSampleType in the RMON Alarm table. Enter the keyword rising-threshold followed by the value (64 bit) the rising-threshold alarm is either triggered or reset. Then enter the event-number to trigger when the rising threshold exceeds its limit. This value is the same as the alarmRisingEventIndex or alarmTable of the RMON MIB. If there is no corresponding rising-threshold event, the value is zero. Enter the keyword falling-threshold followed by the value (64 bit) the falling-threshold alarm is either triggered or reset. Then enter the event-number to trigger when the falling threshold exceeds its limit. This value is the same as the alarmFallingEventIndex or the alarmTable of the RMON MIB. If there is no corresponding falling-threshold event, the value is zero. (OPTIONAL) Enter the keyword owner followed the owner name to specify an owner for the alarm. This is the alarmOwner object in the alarmTable of the RMON MIB.

interval

delta absolute rising-threshold value event-number

falling-threshold value event-number

owner string

Defaults Command Modes

owner CONFIGURATION

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1353

show rmon

Command History

Version 7.6.1.0 Version 7.5.1.0 Version 6.1.1.0

Support added for S-Series Support added for C-Series Introduced for E-Series

show rmon
ces
Syntax Defaults Command Modes Command History

Display the RMON running status including the memory usage. show rmon No default behavior EXEC
Version 7.6.1.0 Version 7.5.1.0 Version 6.1.1.0 Support added for S-Series Support added for C-Series Introduced for E-Series

Example

Figure 456 show rmon Command Example

Force10# show rmon RMON status total memory used 218840 bytes. ether statistics table: 8 entries, 4608 bytes ether history table: 8 entries, 6000 bytes alarm table: 390 entries, 102960 bytes high-capacity alarm table: 5 entries, 1680 bytes event table: 500 entries, 206000 bytes log table: 2 entries, 552 bytes Force10#

show rmon alarms

ces
Syntax Parameters

Display the contents of the RMON Alarm Table. show rmon alarms [index] [brief] index brief
(OPTIONAL) Enter the table index number to display just that entry. (OPTIONAL) Enter the keyword brief to display the RMON Alarm Table in an easy-to-read format.

Defaults Command Modes

No default behavior EXEC

1354

Remote Monitoring (RMON)

show rmon events

Command History

Version 7.6.1.0 Version 7.5.1.0 Version 6.1.1.0

Support added for S-Series Support added for C-Series Introduced for E-Series

Example 1

Figure 457 show rmon alarms index Command Example

Force10#show rmon alarm 1 RMON alarm entry 1 sample Interval: 5 object: 1.3.6.1.2.1.1.3 sample type: absolute value. value: 255161 alarm type: rising or falling alarm. rising threshold: 1, RMON event index: 1 falling threshold: 501, RMON event index: 501 alarm owner: 1 alarm status: OK Force10#

Example 2

Figure 458 show rmon alarms brief Command Example

Force10#show rmon alarm br index SNMP OID -------------------------------------------------------------------1 1.3.6.1.2.1.1.3 2 1.3.6.1.2.1.1.3 3 1.3.6.1.2.1.1.3 4 1.3.6.1.2.1.1.3 5 1.3.6.1.2.1.1.3 6 1.3.6.1.2.1.1.3 7 1.3.6.1.2.1.1.3 8 1.3.6.1.2.1.1.3 9 1.3.6.1.2.1.1.3 10 1.3.6.1.2.1.1.3 11 1.3.6.1.2.1.1.3 12 1.3.6.1.2.1.1.3 13 1.3.6.1.2.1.1.3 14 1.3.6.1.2.1.1.3 15 1.3.6.1.2.1.1.3 16 1.3.6.1.2.1.1.3 17 1.3.6.1.2.1.1.3 18 1.3.6.1.2.1.1.3 19 1.3.6.1.2.1.1.3 20 1.3.6.1.2.1.1.3 21 1.3.6.1.2.1.1.3 22 1.3.6.1.2.1.1.3 Force10#

show rmon events

ces
Syntax Parameters

Display the contents of RMON Event Table. show rmon events [index] [brief] index brief
(OPTIONAL) Enter the table index number to display just that entry. (OPTIONAL) Enter the keyword brief to display the RMON Event Table in an easy-to-read format.

Defaults

No default behavior

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1355

show rmon hc-alarm

Command Modes Command History

EXEC
Version 7.6.1.0 Version 7.5.1.0 Version 6.1.1.0 Support added for S-Series Support added for C-Series Introduced for E-Series

Example 1

Figure 459 show rmon event index Command Example

Force10#show rmon event 1 RMON event entry 1 description: 1 event type: LOG and SNMP TRAP. event community: public event last time sent: none event owner: 1 event status: OK Force10#

Example 2

Figure 460 show rmon event brief Command Example

Force10#show rmon event br index description -------------------------------------------------------------------1 1 2 2 3 3 4 4 5 5 6 6 7 7 8 8 9 9 10 10 11 11 12 12 13 13 14 14 15 15 16 16 17 17 18 18 19 19 20 20 21 21 22 22 Force10#

show rmon hc-alarm

ces
Syntax Parameters

Display the contents of RMON High-Capacity Alarm Table. show rmon hc-alarm [index] [brief] index brief
(OPTIONAL) Enter the table index number to display just that entry. (OPTIONAL) Enter the keyword brief to display the RMON High-Capacity Alarm Table in an easy-to-read format.

Defaults

No default behavior

1356

Remote Monitoring (RMON)

show rmon history

Command Modes Command History

EXEC
Version 7.6.1.0 Version 7.5.1.0 Version 6.1.1.0 Support added for S-Series Support added for C-Series Introduced for E-Series

Example 1

Figure 461 show rmon hc-alarm brief Command Example

Force10#show rmon hc-alarm brief index SNMP OID -------------------------------------------------------------------1 1.3.6.1.2.1.1.3 2 1.3.6.1.2.1.1.3 3 1.3.6.1.2.1.1.3 4 1.3.6.1.2.1.1.3 5 1.3.6.1.2.1.1.3 Force10#

Example 2

Figure 462 show rmon hc-alarm index Command Example

Force10#show rmon hc-alarm 1 RMON high-capacity alarm entry 1 object: 1.3.6.1.2.1.1.3 sample interval: 5 sample type: absolute value. value: 185638 alarm type: rising or falling alarm. alarm rising threshold value: positive. rising threshold: 1001, RMON event index: 1 alarm falling threshold value: positive. falling threshold: 999, RMON event index: 6 alarm sampling failed 0 times. alarm owner: 1 alarm storage type: non-volatile. alarm status: OK Force10#

show rmon history

ces
Syntax Parameters

Display the contents of the RMON Ethernet History table. show rmon history [index] [brief] index brief
(OPTIONAL) Enter the table index number to display just that entry. (OPTIONAL) Enter the keyword brief to display the RMON Ethernet History table in an easy-to-read format.

Defaults Command Modes Command History

No default behavior EXEC

Version 7.6.1.0 Version 6.1.1.0 Support added for S-Series Introduced for E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1357

show rmon log

Example 1

Figure 463 show rmon history index Command Example

Force10#show rmon history 6001 RMON history control entry 6001 interface: ifIndex.100974631 GigabitEthernet 2/0 bucket requested: 1 bucket granted: 1 sampling interval: 5 sec owner: 1 status: OK Force10#

Example 2

Figure 464 show rmon history brief Command Example

Force10#show rmon history brief index ifIndex interface -------------------------------------------------------------------6001 100974631 GigabitEthernet 2/0 6002 100974631 GigabitEthernet 2/0 6003 101236775 GigabitEthernet 2/1 6004 101236775 GigabitEthernet 2/1 9001 134529054 GigabitEthernet 3/0 9002 134529054 GigabitEthernet 3/0 9003 134791198 GigabitEthernet 3/1 9004 134791198 GigabitEthernet 3/1 Force10#

show rmon log

ces
Syntax Parameters

Display the contents of RMON Log Table. show rmon log [index] [brief] index brief
(OPTIONAL) Enter the log index number to display just that entry. (OPTIONAL) Enter the keyword brief to display the RMON Log Table in an easy-to-read format.

Defaults Command Modes Command History

No default behavior EXEC

Version 7.6.1.0 Version 7.5.1.0 Version 6.1.1.0 Support added for S-Series Support added for C-Series Introduced for E-Series

1358

Remote Monitoring (RMON)

show rmon statistics

Example 1

Figure 465 show rmon log index Command Example

Force10#show rmon log 2 RMON log entry, alarm table index 2, log index 1 log time: 14638 (THU AUG 12 22:10:40 2004) description: 2 Force10#

Example 2

Figure 466 show rmon log brief Command Example

Force10#show rmon log br eventIndex description -------------------------------------------------------------------2 2 4 4 Force10#

Usage Information

The log table has a maximum of 500 entries. If the log exceeds that maximum, the oldest log entry is purged to allow room for the new entry.

show rmon statistics

ces
Syntax Parameters

Display the contents of RMON Ethernet Statistics table. show rmon statistics [index] [brief] index brief
(OPTIONAL) Enter the index number to display just that entry. (OPTIONAL) Enter the keyword brief to display the RMON Ethernet Statistics table in an easy-to-read format.

Defaults Command Modes Command History

No default behavior EXEC

Version 7.6.1.0 Version 7.5.1.0 Version 6.1.1.0 Support added for S-Series Support added for C-Series Introduced for E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1359

show rmon statistics

Example 1

Figure 467 show rmon statistics index Command Example

Force10#show rmon statistics 6001 RMON statistics entry 6001 interface: ifIndex.100974631 GigabitEthernet 2/0 packets dropped: 0 bytes received: 0 packets received: 0 broadcast packets: 0 multicast packets: 0 CRC error: 0 under-size packets: 0 over-size packets: 0 fragment errors: 0 jabber errors: 0 collision: 0 64bytes packets: 0 65-127 bytes packets: 0 128-255 bytes packets: 0 256-511 bytes packets: 0 512-1023 bytes packets: 0 1024-1518 bytes packets: 0 owner: 1 status: OK <high-capacity data> HC packets received overflow: 0 HC packets received: 0 HC bytes received overflow: 0 HC bytes received: 0 HC 64bytes packets overflow: 0 HC 64bytes packets: 0 HC 65-127 bytes packets overflow: 0 HC 65-127 bytes packets: 0 HC 128-255 bytes packets overflow: 0 HC 128-255 bytes packets: 0 HC 256-511 bytes packets overflow: 0 HC 256-511 bytes packets: 0 HC 512-1023 bytes packets overflow: 0 HC 512-1023 bytes packets: 0 HC 1024-1518 bytes packets overflow: 0 HC 1024-1518 bytes packets: 0 Force10#

Example 2

Figure 468 show rmon statistics brief Command Example

Force10#show rmon statistics br index ifIndex interface -------------------------------------------------------------------6001 100974631 GigabitEthernet 2/0 6002 100974631 GigabitEthernet 2/0 6003 101236775 GigabitEthernet 2/1 6004 101236775 GigabitEthernet 2/1 9001 134529054 GigabitEthernet 3/0 9002 134529054 GigabitEthernet 3/0 9003 134791198 GigabitEthernet 3/1 9004 134791198 GigabitEthernet 3/1 Force10#

1360

Remote Monitoring (RMON)

Chapter 50

Rapid Spanning Tree Protocol (RSTP)

Overview
The FTOS implementation of RSTP (Rapid Spanning Tree Protocol) is based on the IEEE 802.1w standard spanning-tree protocol. The RSTP algorithm configures connectivity throughout a bridged LAN that is comprised of LANs interconnected by bridges. RSTP is supported by FTOS on all Force10 systems, as indicated by the characters that appear below each command heading: C-Series: c E-Series: e S-Series: s

Commands
The FTOS RSTP commands are: bridge-priority debug spanning-tree rstp description description forward-delay hello-time max-age protocol spanning-tree rstp show config show spanning-tree rstp spanning-tree rstp tc-flush-standard

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1361

bridge-priority

bridge-priority
ces
Syntax

Set the bridge priority for RSTP. bridge-priority priority-value To return to the default value, enter no bridge-priority.

Parameters

priority-value

Enter a number as the bridge priority value in increments of 4096. Range: 0 to 61440. Default: 32768

Defaults Command Modes Command History

32768 CONFIGURATION RSTP (conf-rstp)

Version 7.6.1.0 Version 7.5.1.0 Version 6.2.1.1 Support added for S-Series Support added for C-Series Introduced for E-Series Enter the Rapid Spanning Tree mode

Related Commands

protocol spanning-tree rstp

1362

Rapid Spanning Tree Protocol (RSTP)

debug spanning-tree rstp

ces
Syntax

Enable debugging of RSTP and view information on the protocol. debug spanning-tree rstp [all | bpdu interface {in | out} | events] To disable debugging, enter no debug spanning-tree rstp.

Parameters

all bpdu interface {in | out}

events
Command Modes Command History

(OPTIONAL) Enter the keyword eventsto debug RSTP events.

EXEC Privilege
Version 7.6.1.0 Version 7.5.1.0 Version 6.2.1.1 Support added for S-Series Support added for C-Series Introduced for E-Series

Example

Figure 469 debug spanning-tree rstp bpdu Command Example

Force10#debug spanning-tree rstp bpdu gigabitethernet 2/0 ? in Receive (in) out Transmit (out)

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1363

description

description
ces
Syntax

Enter a description of the Rapid Spanning Tree description {description} To remove the description, use the no description {description} command.

Parameters

description

Enter a description to identify the Rapid Spanning Tree (80 characters maximum).

Defaults Command Modes Command History Related Commands

No default behavior or values SPANNING TREE (The prompt is config-rstp.)

pre-7.7.1.0 Introduced

protocol spanning-tree rstp

Enter SPANNING TREE mode on the switch.

disable
ces
Syntax

Disable RSTP globally on the system. disable To enable Rapid Spanning Tree Protocol, enter no disable.

Defaults Command Modes Command History

RSTP is disabled CONFIGURATION RSTP (conf-rstp)

Version 7.6.1.0 Version 7.5.1.0 Version 6.2.1.1 Support added for S-Series Support added for C-Series Introduced for E-Series Enter the Rapid Spanning Tree mode

Related Commands

protocol spanning-tree rstp

1364

Rapid Spanning Tree Protocol (RSTP)

forward-delay

forward-delay
ces
Syntax

Configure the amount of time the interface waits in the Listening State and the Learning State before transitioning to the Forwarding State. forward-delay seconds To return to the default setting, enter no forward-delay.

Parameters

seconds

Enter the number of seconds that FTOS waits before transitioning RSTP to the forwarding state. Range: 4 to 30 Default: 15 seconds

Defaults Command Modes Command History

15 seconds CONFIGURATION RSTP (conf-rstp)

Version 7.6.1.0 Version 7.5.1.0 Version 6.2.1.1 Support added for S-Series Support added for C-Series Introduced for E-Series Change the time interval between BPDUs. Change the wait time before RSTP refreshes protocol configuration information.

Related Commands

hello-time max-age

hello-time
ces
Syntax

Set the time interval between generation of RSTP Data Units (BPDUs). hello-time [milli-second] seconds To return to the default value, enter no hello-time.

Parameters

seconds

Enter a number as the time interval between transmission of BPDUs. Range: 1 to 10 seconds Default: 2 seconds. Enter this keyword to configure a hello time on the order of milliseconds. Range: 50 - 950 milliseconds

milli-second

Defaults Command Modes Command History

2 seconds CONFIGURATION RSTP (conf-rstp)

Version 8.3.1.0 Version 7.6.1.0 Added milli-second to S-Series. Support added for S-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1365

max-age

Version 7.5.1.0 Version 6.2.1.1 Usage Information

Support added for C-Series Introduced for E-Series

The hello time is encoded in BPDUs in increments of 1/256ths of a second. The standard minimum hello time in seconds is 1 second, which is encoded as 256. Millisecond hello times are encoded using values less than 256; the millisecond hello time equals (x/1000)*256. When millisecond hellos are configured, the default hello interval of 2 seconds is still used for edge ports; the millisecond hello interval is not used.

Related Commands

forward-delay max-age

Change the wait time before RSTP transitions to the Forwarding state. Change the wait time before RSTP refreshes protocol configuration information.

max-age
ces
Syntax

Set the time interval for the RSTP bridge to maintain configuration information before refreshing that information. max-age seconds To return to the default values, enter no max-age.

Parameters

max-age

Enter a number of seconds the FTOS waits before refreshing configuration information. Range: 6 to 40 seconds Default: 20 seconds

Defaults Command Modes Command History

20 seconds CONFIGURATION RSTP (conf-rstp)

Version 7.6.1.0 Version 7.5.1.0 Version 6.2.1.1 Support added for S-Series Support added for C-Series Introduced for E-Series Change the wait time before RSTP transitions to the Forwarding state. Change the time interval between BPDUs.

Related Commands

max-age hello-time

1366

Rapid Spanning Tree Protocol (RSTP)

protocol spanning-tree rstp

ces
Syntax

Enter the RSTP mode to configure RSTP. protocol spanning-tree rstp To exit the RSTP mode, enter exit

Defaults Command Modes Command History

Not configured CONFIGURATION RSTP (conf-rstp)

Version 7.6.1.0 Version 7.5.1.0 Version 6.2.1.1 Support added for S-Series Support added for C-Series Introduced for E-Series

Example

Figure 470 protocol spanning-tree rstp Command

Force10(conf)#protocol spanning-tree rstp Force10(config-rstp)##no disable

Usage Information Related Commands

RSTP is not enabled when you enter the RSTP mode. To enable RSTP globally on the system, enter no description from the RSTP mode.
description

Disable RSTP globally on the system.

show config
ces
Syntax Command Modes Command History

View the current configuration for the mode. Only non-default values are displayed. show config CONFIGURATION RSTP (conf-rstp)
Version 7.6.1.0 Version 7.5.1.0 Version 6.2.1.1 Support added for S-Series Support added for C-Series Introduced for E-Series

Example

Figure 471 show config Command for the RSTP Mode

Force10(conf-rstp)#show config ! protocol spanning-tree rstp no disable bridge-priority 16384

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1367

show spanning-tree rstp

ces
Syntax Parameters

Display the RSTP configuration. show spanning-tree rstp [brief] [guard] brief guard
(OPTIONAL) Enter the keyword brief to view a synopsis of the RSTP configuration information. (OPTIONAL) Enter the keyword guard to display the type of guard enabled on an RSTP interface and the current port state.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.5.1.0 Version 8.4.2.1 Version 7.6.1.0 Version 7.5.1.0 Version 6.4.1.0 Version 6.2.1.1

Example 1

Figure 472 show spanning-tree rstp brief Command Example

Force10#show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 8192, Address 0001.e805.e306 Root Bridge hello time 4, max age 20, forward delay 15 Bridge ID Priority 16384, Address 0001.e801.6aa8 Configured hello time 2, max age 20, forward delay 15 Interface Name ---------Gi 4/0 Gi 4/1 Gi 4/8 Gi 4/9 Interface Name ---------Gi 4/0 Gi 4/1 Gi 4/8 Gi 4/9 Force10# PortID -------128.418 128.419 128.426 128.427 Role -----Desg Desg Root Altr Prio ---128 128 128 128 Cost ------20000 20000 20000 20000 Prio ---128 128 128 128 Sts --FWD FWD FWD BLK Cost ------20000 20000 20000 20000 Sts --FWD FWD FWD BLK Designated Bridge ID -------------------16384 0001.e801.6aa8 16384 0001.e801.6aa8 8192 0001.e805.e306 8192 0001.e805.e306 Cost ------20000 20000 20000 20000 Link-type --------P2P P2P P2P P2P Edge ---Yes Yes No No PortID -------128.418 128.419 128.130 128.131

PortID -------128.418 128.419 128.426 128.427

Cost ------20000 20000 20000 20000

1368

Rapid Spanning Tree Protocol (RSTP)

show spanning-tree rstp

Example 2

Figure 473 show spanning-tree rstp with EDS and LBK

Force10#show spanning-tree rstp br Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e801.6aa8 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 0001.e801.6aa8 We are the root Configured hello time 2, max age 20, forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ---------- -------- ---- ------- --- ------- -------------------- -------Gi 0/0 128.257 128 20000 EDS 0 32768 0001.e801.6aa8 128.257 Interface Name Role PortID Prio Cost Sts Cost Link-type Edge ---------- ------ -------- ---- ------- --- ------- --------- ---Gi 0/0 ErrDis 128.257 128 20000 EDS 0 P2P No Force10#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.6aa8 Root Bridge hello time 2, max age 20, forward delay 15, max hops 0 Bridge Identifier has priority 32768, Address 0001.e801.6aa8 Configured hello time 2, max age 20, forward delay 15, max hops 0 We are the root Current root has priority 32768, Address 0001.e801.6aa8 Number of topology changes 1, last change occured 00:00:31 ago on Gi 0/0 Port 257 (GigabitEthernet 0/0) is LBK_INC Discarding LBK_INC means Port path cost 20000, Port priority 128, Port Identifier 128.257 Loopback BPDU Designated root has priority 32768, address 0001.e801.6aa8 Inconsistency Designated bridge has priority 32768, address 0001.e801.6aa8 Designated port id is 128.257, designated path cost 0 Number of transitions to forwarding state 1 BPDU : sent 27, received 9 The port is not in the Edge port mode

Example 3

Figure 474 show spanning-tree rstp guard Command Example

Force10#show spanning-tree rstp guard Interface Name Instance Sts Guard type --------- ------------------------Gi 0/1 0 INCON(Root) Rootguard Gi 0/2 0 FWD Loopguard Gi 0/3 0 BLK Bpduguard

Table 143 show spanning-tree rstp guard Command Information Field

Interface Name Instance Sts Guard Type

Description
RSTP interface RSTP instance Port state: root-inconsistent (INCON Root), forwarding (FWD), listening (LIS), blocking (BLK), or shut down (EDS Shut) Type of STP guard configured (Root, Loop, or BPDU guard)

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1369

spanning-tree rstp

spanning-tree rstp
ces
Syntax

Configure an RSTP interface with one of these settings: port cost, edge port with optional Bridge Port Data Unit (BPDU) guard, port priority, loop guard, or root guard. spanning-tree rstp {cost port-cost | edge-port [bpduguard [shutdown-on-violation]] | priority priority | {loopguard | rootguard}} cost port-cost
Enter the keyword cost followed by the port cost value. Range: 1 to 200000 Defaults: 100 Mb/s Ethernet interface = 200000 1-Gigabit Ethernet interface = 20000 10-Gigabit Ethernet interface = 2000 Port Channel interface with one 100 Mb/s Ethernet = 200000 Port Channel interface with one 1-Gigabit Ethernet = 20000 Port Channel interface with one 10-Gigabit Ethernet = 2000 Port Channel with two 1-Gigabit Ethernet = 18000 Port Channel with two 10-Gigabit Ethernet = 1800 Port Channel with two 100-Mbps Ethernet = 180000 Enter the keyword edge-port to configure the interface as a Rapid Spanning Tree edge port. (OPTIONAL) Enter the keyword portfast to enable Portfast to move the interface into forwarding mode immediately after the root fails. Enter the keyword bpduguard to disable the port when it receives a BPDU. (OPTIONAL) Enter the keyword shutdown-on-violation to hardware disable an interface when a BPDU is received and the port is disabled. Enter keyword priority followed by a value in increments of 16 as the priority. Range: 0 to 240. Default: 128 Enter the keyword loopguard to enable loop guard on an RSTP port or port-channel interface. Enter the keyword rootguard to enable root guard on an RSTP port or port-channel interface.

Parameters

edge-port bpduguard

shutdown-onviolation priority priority loopguard rootguard

Defaults Command Modes Command History

Not configured INTERFACE

Version 8.5.1.0 Version 8.4.2.1 Version 8.2.1.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 Version 6.2.1.1 Introduced the loopguard and rootguard options on the E-Series ExaScale. Introduced the loopguard and rootguard options on the E-Series TeraScale, C-Series, and S-Series. Introduced hardware shutdown-on-violation options Support added for S-Series Support added for C-Series Added the optional Bridge Port Data Unit (BPDU) guard. Introduced for E-Series

1370

Rapid Spanning Tree Protocol (RSTP)

spanning-tree rstp

Usage Information

Note: A port configured as an edge port, on an RSTP switch, will immediately

transition to the forwarding state. Only ports connected to end-hosts should be configured as edge ports. Consider an edge port similar to a port with a spanning-tree portfast enabled. If shutdown-on-violation is not enabled, BPDUs will still be sent to the RPM CPU. STP root guard and loop guard cannot be enabled at the same time on a port. For example, if you configure loop guard on a port on which root guard is already configured, the following error message is displayed:
% Error: RootGuard is configured. Cannot configure LoopGuard.

Enabling Portfast BPDU guard and loop guard at the same time on a port results in a port that remains in a blocking state and prevents traffic from flowing through it. For example, when Portfast BPDU guard and loop guard are both configured: If a BPDU is received from a remote device, BPDU guard places the port in an err-disabled blocking state and no traffic is forwarded on the port. If no BPDU is received from a remote device, loop guard places the port in a loop-inconsistent blocking state and no traffic is forwarded on the port.

Example

Figure 475 spanning-tree rstp edge-port Command

Force10(conf)#interface gigabitethernet 4/0 Force10(conf-if-gi-4/0)#spanning-tree rstp edge-port Force10(conf-if-gi-4/0)#show config ! interface GigabitEthernet 4/0 no ip address switchport spanning-tree rstp edge-port no shutdown Force10#

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1371

tc-flush-standard

tc-flush-standard
ces
Syntax

Enable the MAC address flushing upon receiving every topology change notification. tc-flush-standard To disable, use the no tc-flush-standard command.

Defaults Command Modes Command History

Disabled CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 Version 6.5.1.0 Support added for S-Series Support added for C-Series Introduced for E-Series

Usage Information

By default FTOS implements an optimized flush mechanism for RSTP. This helps in flushing MAC addresses only when necessary (and less often), allowing for faster convergence during topology changes. However, if a standards-based flush mechanism is needed, this knob command can be turned on to enable flushing MAC addresses upon receiving every topology change notification.

1372

Rapid Spanning Tree Protocol (RSTP)

Chapter 51
Overview

Security

Except for the Trace List feature (E-Series only), most of the commands in this chapter are available on all three Force10 platforms C-Series, E-Series, and S-Series (the S-Series models that run FTOS), as noted by the following icons that appear under each command icon: c e s

Commands
This chapter contains various types of security commands in FTOS, in the following sections: AAA Accounting Commands Authorization and Privilege Commands Authentication and Password Commands RADIUS Commands TACACS+ Commands Port Authentication (802.1X) Commands SSH Server and SCP Commands Trace List Commands Secure DHCP Commands

For configuration details, see the Security chapter in the FTOS Configuration Guide.

Note: Starting with FTOS v7.2.1.0, LEAP with MSCHAP v2 supplicant is implemented.

AAA Accounting Commands

AAA Accounting enables tracking of services that users are accessing and the amount of network resources being consumed by those services.When AAA Accounting is enabled, the network server reports user activity to the TACACS+ security server in the form of accounting records. Each accounting record is comprised of accounting AV pairs and is stored on the access control server.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1373

aaa accounting

As with authentication and authorization, you must configure AAA Accounting by defining named list of accounting methods, and then apply that list to various interfaces. The commands are: aaa accounting aaa accounting suppress accounting show accounting

aaa accounting
ces
Syntax

Enable AAA Accounting and create a record for monitoring the accounting function. aaa accounting {system | exec | commands level} {name | default}{start-stop | wait-start | stop-only} {tacacs+} To disable AAA Accounting, use the no aaa accounting {system | exec | command level} {name | default}{start-stop | wait-start | stop-only} {tacacs+} command.

Parameters

system exec commands level name | default

Enter the keyword system to send accounting information of any other AAA configuration. Enter the keyword exec to send accounting information when a user has logged in to the EXEC mode. Enter the keyword command followed by a privilege level for accounting of commands executed at that privilege level. Enter one of the following: For name, a user-defined name of a list of accounting methods default for the default accounting methods

start-stop

Enter the keyword start-stop to send a start accounting notice at the beginning of the requested event and a stop accounting notice at the end of the event. Enter the keyword wait-start to ensure that the TACACS+ security server acknowledges the start notice before granting the users process request. Enter the keyword stop-only to instruct the TACACS+ security server to send a stop record accounting notice at the end of the requested user process. Enter the keyword tacacs+ to use TACACS+ data for accounting. FTOS currently only supports TACACS+ accounting.

wait-start stop-only

tacacs+

Defaults Command Modes Command History

No default configuration or behavior CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 Version 6.3.1.0 Introduced for S-Series Introduced for C-Series Introduced for E-Series

1374

Security

aaa accounting suppress

Example

Figure 476 aaa accounting Command Examples

Force10(conf)# aaa accounting exec default start-stop tacacs+ Force10(conf)# aaa accounting command 15 default start-stop tacacs+ Force10 (config)#

Usage Information

In the example above, TACACS+ accounting is used to track all usage of EXEC command and commands on privilege level 15. Privilege level 15 is the default. If you want to track usage at privilege level 1, for example, use aaa accounting command 1.

Related Commands

enable password login authentication password tacacs-server host

Change the password for the enable command. Enable AAA login authentication on terminal lines. Create a password. Specify a TACACS+ server host.

aaa accounting suppress

ces
Syntax

Prevent the generation of accounting records of users with user name value of NULL. aaa accounting suppress null-username To permit accounting records to users with user name value of NULL, use the no aaa accounting suppress null-username command

Defaults Command Modes Command History

Accounting records are recorded for all users. CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 Version 6.3.1.0 Introduced for S-Series Introduced for C-Series Introduced

Usage Information

FTOS issues accounting records for all users on the system, including users whose username string, due to protocol translation, is NULL. For example, a user who comes on line with the aaa authentication login method-list none command is applied. Use aaa accounting suppress command to prevent accounting records from being generated for sessions that do not have user names associated to them.

accounting
ces
Syntax

Apply an accounting method list to terminal lines. accounting {exec | commands level} method-list

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1375

show accounting

Parameters

exec commands level method-list

Enter this keyword to apply an EXEC level accounting method list. Enter this keyword to apply an EXEC and CONFIGURATION level accounting method list. Enter a method list that you defined using the command aaa accounting exec or aaa accounting commands.

Defaults Command Modes Command History

None LINE
Version 7.6.1.0 Version 7.5.1.0 Version 6.3.1.0 Introduced for S-Series Introduced for C-Series Introduced on E-Series Enable AAA Accounting and create a record for monitoring the accounting function.

Usage Information

aaa accounting

show accounting
ces
Syntax Defaults Command Modes Command History

Display the active accounting sessions for each online user. show accounting No default configuration or behavior EXEC
Version 7.6.1.0 Version 7.5.1.0 Version 6.3.1.0 Introduced for S-Series Introduced for C-Series Introduced

Example

Figure 477 show accounting Command Example

Force10#show accounting Active accounted actions on tty2, User admin Priv 1 Task ID 1, EXEC Accounting record, 00:00:39 Elapsed, service=shell Active accounted actions on tty3, User admin Priv 1 Task ID 2, EXEC Accounting record, 00:00:26 Elapsed, service=shell Force10#

Usage Information

This command steps through all active sessions and then displays the accounting records for the active account functions.

1376

Security

authorization

Authorization and Privilege Commands

Set command line authorization and privilege levels with the following commands: authorization aaa authorization commands aaa authorization config-commands aaa authorization exec privilege level (CONFIGURATION mode) privilege level (LINE mode)

authorization
ces
Syntax Parameters

Apply an authorization method list to terminal lines. authorization {exec | commands level} method-list exec commands level method-list
Enter this keyword to apply an EXEC level authorization method list. Enter this keyword to apply an EXEC and CONFIGURATION level authorization method list. Enter a method list that you defined using the command aaa authorization exec or aaa authorization commands.

Defaults Command Modes Command History

None LINE
Version 7.6.1.0 Version 7.5.1.0 Version 6.3.1.0 Introduced for S-Series Introduced for C-Series Introduced on E-Series Set parameters that restrict (or permit) a users access to EXEC and CONFIGURATION level commands Set parameters that restrict (or permit) a users access to EXEC level commands.

Usage Information

aaa authorization commands aaa authorization exec

aaa authorization commands

ces
Syntax

Set parameters that restrict (or permit) a users access to EXEC and CONFIGURATION level commands aaa authorization commands level {name | default} {local || tacacs+ || none}

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1377

aaa authorization config-commands Undo a configuration with the no aaa authorization commands level {name | default} {local || tacacs+ || none} command syntax.
Parameters

commands level name default local tacacs+ none

Enter the keyword commands followed by the command privilege level for command level authorization. Define a name for the list of authorization methods. Define the default list of authorization methods. Use the authorization parameters on the system to perform authorization. Use the TACACS+ protocol to perform authorization. Enter this keyword to apply no authorization.

Defaults Command Modes Command History

None CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 Version 6.1.1.0 Introduced for S-Series Introduced for C-Series Added support for RADIUS

aaa authorization config-commands

e
Syntax

Set parameters that restrict (or permit) a users access to EXEC level commands. aaa authorization config-commands Disable authorization checking for CONFIGURATION level commands using the command no aaa authorization config-commands.

Defaults Command Modes Command History Usage Information

Enabled when you configure aaa authorization commands CONFIGURATION

Version 7.5.1.0 Introduced for E-Series

By default, the command aaa authorization commands configures the system to check both EXEC level and CONFIGURATION level commands. Use the command no aaa authorization config-commands to enable only EXEC-level command checking.

aaa authorization exec

ces
Syntax

Set parameters that restrict (or permit) a users access to EXEC-level commands. aaa authorization exec {name | default} {local || tacacs+ || if-authenticated || none} Security

1378

privilege level (CONFIGURATION mode) Disable authorization checking for EXEC level commands using the command no aaa authorization exec.
Parameters

name default local tacacs+ none

Define a name for the list of authorization methods. Define the default list of authorization methods. Use the authorization parameters on the system to perform authorization. Use the TACACS+ protocol to perform authorization. Enter this keyword to apply no authorization.

Defaults Command Modes Command History

None CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 Version 6.1.1.0 Introduced for S-Series Introduced for C-Series Added support for RADIUS

privilege level (CONFIGURATION mode)

ces
Syntax

Change the access or privilege level of one or more commands. privilege mode {level level command | reset command} To delete access to a level and command, use the no privilege mode level level command command.

Parameters

mode

Enter one of the following keywords as the mode for which you are controlling access:

configure for the CONFIGURATION mode exec for the EXEC mode interface for the INTERFACE modes line for the LINE mode route-map for the ROUTE-MAP router for the ROUTER OSPF, ROUTER RIP, ROUTER ISIS and ROUTER
BGP modes.

level level

Enter the keyword level followed by a number for the access level. Range: 0 to 15. Level 1 is the EXEC mode and Level 15 allows access to all CLI modes and commands. Enter the keyword reset to return the security level to the default setting. Enter the commands keywords to assign the command to a certain access level. You can enter one or all of the keywords

reset command

Defaults

Not configured.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1379

privilege level (LINE mode)

Command Modes Command History

CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced for S-Series Introduced for C-Series Introduced for E-Series

Usage Information

Use the enable password command to define a password for the level to which you are assigning privilege or access.

privilege level (LINE mode)

ces
Syntax

Change the access level for users on the terminal lines. privilege level level To delete access to a terminal line, use the no privilege level level command.

Parameters

level level

Enter the keyword level followed by a number for the access level. Range: 0 to 15. Level 1 is the EXEC mode and Level 15 allows access to all CLI modes.

Defaults Command Modes Command History

level = 15 LINE
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced for S-Series Introduced for C-Series Introduced for E-Series

Authentication and Password Commands

This section contains the following commands controlling management access to the system: aaa authentication enable aaa authentication login access-class enable password enable restricted enable secret login authentication password password-attributes privilege level (CONFIGURATION mode) privilege level (LINE mode)

1380

Security

aaa authentication enable

service password-encryption show privilege show users timeout login response username

aaa authentication enable

ces
Syntax

Configure AAA Authentication method lists for user access to the EXEC privilege mode (the Enable access). aaa authentication enable {default | method-list-name} method [... method2 ] To return to the default setting, use the no aaa authentication enable {default | method-list-name} method [... method2 ] command.

Parameters

default

Enter the keyword default followed by the authentication methods to use as the default sequence of methods to be used for the Enable log-in. Default: default enable Enter a text string (up to 16 characters long) to name the list of enabled authentication methods activated at log in. Enter one of the following methods:

method-list-name method

enable - use the password defined by the enable password

command in the CONFIGURATION mode.

line - use the password defined by the password command in the

LINE mode.

none - no authentication. radius - use the RADIUS server(s) configured with the
radius-server host command.

tacacs+ - use the TACACS+ server(s) configured with the

tacacs-server host command.

... method2 Use the enable password. CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 Version 6.2.1.1 Usage Information

(OPTIONAL) In the event of a "no response" from the first method, FTOS applies the next configured method.

Defaults Command Modes Command History

Introduced for S-Series Introduced for C-Series Introduced

By default, the Enable password is used. If aaa authentication enable default is configured, FTOS will use the methods defined for Enable access instead.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1381

aaa authentication login Methods configured with the aaa authentication enable command are evaluated in the order they are configured. If authentication fails using the primary method, FTOS employs the second method (or third method, if necessary) automatically. For example, if the TACACS+ server is reachable, but the server key is invalid, FTOS proceeds to the next authentication method. The TACACS+ is incorrect, but the user is still authenticated by the secondary method.
Related Commands enable password login authentication password radius-server host tacacs-server host Change the password for the enable command. Enable AAA login authentication on terminal lines. Create a password. Specify a RADIUS server host. Specify a TACACS+ server host.

aaa authentication login

ces
Syntax

Configure AAA Authentication method lists for user access to the EXEC mode (Enable log-in). aaa authentication login {method-list-name | default} method [... method4] To return to the default setting, use the no aaa authentication login {method-list-name | default} command.

Parameters

method-list-name default method

Enter a text string (up to 16 characters long) as the name of a user-configured method list that can be applied to different lines. Enter the keyword default to specify that the method list specified is the default method for all terminal lines. Enter one of the following methods:

enable - use the password defined by the enable password

command in the CONFIGURATION mode.

line - use the password defined by the password command in the

LINE mode.

local - use the user name/password defined by the in the local configuration. none - no authentication. radius - use the RADIUS server(s) configured with the radius-server
host command.

tacacs+ - use the TACACS+ server(s) configured with the

tacacs-server host command.

... method4

(OPTIONAL) Enter up to four additional methods. In the event of a no response from the first method, FTOS applies the next configured method (up to four configured methods).

Default Command Modes

Not configured (that is, no authentication is performed) CONFIGURATION

1382

Security

access-class

Command History

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.0

Introduced for S-Series Introduced for C-Series Introduced on E-Series

Usage Information

By default, the locally configured username password will be used. If aaa authentication login default is configured, FTOS will use the methods defined by this command for login instead. Methods configured with the aaa authentication login command are evaluated in the order they are configured. If users encounter an error with the first method listed, FTOS applies the next method configured. If users fail the first method listed, no other methods are applied. The only exception is the local method. If the users name is not listed in the local database, the next method is applied. If the correct user name/password combination are not entered, the user is not allowed access to the switch.

Note: If authentication fails using the primary method, FTOS employs the second
method (or third method, if necessary) automatically. For example, if the TACACS+ server is reachable, but the server key is invalid, FTOS proceeds to the next authentication method. The TACACS+ is incorrect, but the user is still authenticated by the secondary method. After configuring the aaa authentication login command, configure the login authentication command to enable the authentication scheme on terminal lines. Connections to the SSH server will work with the following login mechanisms: local, radius and tacacs.
Related Commands login authentication password radius-server host tacacs-server host Apply an authentication method list to designated terminal lines. Create a password. Specify a RADIUS server host. Specify a TACACS+ server host.

access-class
ces
Syntax

Restrict incoming connections to a particular IP address in a defined IP access control list (ACL). access-class access-list-name To delete a setting, use the no access-class command.

Parameters

access-list-name Not configured. LINE

Enter the name of an established IP Standard ACL.

Defaults Command Modes

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1383

enable password

Command History

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1

Introduced for S-Series Introduced for C-Series Introduced on E-Series Apply an authentication method list to designated terminal lines. Name (or select) a standard access list to filter based on IP address.. Name (or select) an extended access list based on IP addresses or protocols.

Related Commands

line ip access-list standard ip access-list extended

enable password
ces
Syntax

Change the password for the enable command. enable password [level level] [encryption-type] password To delete a password, use the no enable password [encryption-type] password [level level] command.

Parameters

level level

(OPTIONAL) Enter the keyword level followed by a number as the level of access. Range: 1 to 15 (OPTIONAL) Enter the number 7 or 0 as the encryption type. Enter a 7 followed by a text string as the hidden password. The text string must be a password that was already encrypted by a Force10 Networks router. Use this parameter only with a password that you copied from the show running-config file of another Force10 Networks router.

encryption-type

password
Defaults Command Modes Command History

Enter a text string, up to 32 characters long, as the clear text password.

No password is configured. level = 15 CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced for S-Series Introduced for C-Series Introduced for E-Series

Usage Information

1384

Security

enable restricted

Passwords can have a regular expression as the password. To create a password with a regular expression in it, you must use CNTL + v prior to entering regular expression. For example, to create the password abcd]e, you type abcd CNTL v ]e. When the password is created, you do not use the CNTL + v key combination and enter abcd]e.

Note: The question mark (?) and the tilde (~) are not supported characters.

Related Commands

show running-config privilege level (CONFIGURATION mode)

View the current configuration. Control access to command modes within the switch.

enable restricted
ces
Syntax

Allows Force10 Networks technical support to access restricted commands. enable restricted [encryption-type] password To disallow access to restricted commands, enter no enable restricted.

Parameters

encryption-type

(OPTIONAL) Enter the number 7 as the encryption type. Enter 7 followed a text string as the hidden password. The text string must be a password that was already encrypted by a Force10 Networks router. Use this parameter only with a password that you copied from the show running-config file of another Force10 Networks router.

password
Command Modes Command History

Enter a text string, up to 32 characters long, as the clear text password.

Not configured.
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced for S-Series Introduced for C-Series Introduced for E-Series

Usage Information

Only Force10 Networks Technical Support staff use this command.

enable secret
ces
Syntax

Change the password for the enable command. enable secret [level level] [encryption-type] password To delete a password, use the no enable secret [encryption-type] password [level level] command.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1385

Parameters

level level

(OPTIONAL) Enter the keyword level followed by a number as the level of access. Range: 1 to 15 (OPTIONAL) Enter the number 5 or 0 as the encryption type. Enter a 5 followed a text string as the hidden password. The text string must be a password that was already encrypted by a Force10 Networks router. Use this parameter only with a password that you copied from the show running-config file of another Force10 Networks router.

encryption-type

password
Defaults Command Modes Command History

Enter a text string, up to 32 characters long, as the clear text password.

No password is configured. level = 15 CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced for S-Series Introduced for C-Series Introduced for E-Series

Usage Information

Use this command to define a password for a level and use the privilege level (CONFIGURATION mode) command to control access to command modes. Passwords must meet the following criteria: Start with a letter, not a number. Passwords can have a regular expression as the password. To create a password with a regular expression in it, you must use CNTL + v prior to entering regular expression. For example, to create the password abcd]e, you type abcd CNTL v ]e and when the password is created, you do not use the CNTL + v key combination and enter abcd]e.

Note: The question mark (?) and the tilde (~) are not supported characters.

Related Commands

show running-config privilege level (CONFIGURATION mode)

View the current configuration. Control access to command modes within the E-Series.

Apply an authentication method list to designated terminal lines. login authentication {method-list-name | default} To use the local user/password database for login authentication, enter no login authentication.

1386

Security

password

Parameters

method-list-name

Enter the method-list-name to specify that method list, created in the aaa authentication login command, to be applied to the designated terminal line. Enter the keyword default to specify that the default method list, created in the aaa authentication login command, is applied to the terminal line.

default

Defaults

No authentication is performed on the console lines, and local authentication is performed on the virtual terminal and auxiliary lines. LINE
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.0 Introduced for S-Series Introduced for C-Series Introduced on E-Series

Command Modes Command History

Usage Information Related Commands

If you configure the aaa authentication login default command, then the login authentication default command automatically is applied to all terminal lines.
aaa authentication login Select login authentication methods.

password
ces
Syntax

Specify a password for users on terminal lines. password [encryption-type] password To delete a password, use the no password password command.

Parameters

encryption-type

(OPTIONAL) Enter either zero (0) or 7 as the encryption type for the password entered. The options are: 0 is the default and means the password is not encrypted and stored as clear text. 7 means that the password is encrypted and hidden.

password

Enter a text string up to 32 characters long. The first character of the password must be a letter. You cannot use spaces in the password.

Defaults Command Modes Command History

No password is configured. LINE

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced for S-Series Introduced for C-Series Introduced for E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1387

password-attributes

Usage Information Related Commands

FTOS prompts users for these passwords when the method for authentication or authorization used is "line".
enable password login authentication service password-encryption radius-server key tacacs-server key username Set the password for the enable command. Configure an authentication method to log in to the switch. Encrypt all passwords configured in FTOS. Configure a key for all RADIUS communications between the switch and the RADIUS host server. Configure a key for communication between a TACACS+ server and client. Establish an authentication system based on user names.

password-attributes
ces
Syntax

Configure the password attributes (strong password). password-attributes [min-length number] [max-retry number] [character-restriction [upper number] [lower number] [numeric number] [special-char number]] To return to the default, use the no password-attributes [min-length number] [max-retry number] [character-restriction [upper number] [lower number] [numeric number] [special-char number]] command.

Parameters

min-length number

(OPTIONAL) Enter the keyword min-length followed by the number of characters. Range: 0 - 32 characters (OPTIONAL) Enter the keyword max-retry followed by the number of maximum password retries. Range: 0 - 16 (OPTIONAL) Enter the keyword character-restriction to indicate a character restriction for the password. (OPTIONAL) Enter the keyword upper followed the upper number. Range: 0 - 31 (OPTIONAL) Enter the keyword lower followed the lower number. Range: 0 - 31 (OPTIONAL) Enter the keyword numeric followed the numeric number. Range: 0 - 31 (OPTIONAL) Enter the keyword special-char followed the number of special characters permitted. Range: 0 - 31

max-retry number

character-restriction upper number lower number numeric number

special-char number

Defaults Command Modes

No default values or behavior CONFIGURATION

1388

Security

service password-encryption

Command History

Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0

Introduced for S-Series Introduced for C-Series Introduced Specify a password for users on terminal lines.

Related Commands

password

service password-encryption
ces
Syntax

Encrypt all passwords configured in FTOS. service password-encryption To store new passwords as clear text, enter no service password-encryption.

Defaults Command Modes Command History

Enabled. CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced for S-Series Introduced for C-Series Introduced for E-Series

Caution: Encrypting passwords with this command does not provide a high level of
security. When the passwords are encrypted, you cannot return them to plain text unless you re-configure them. To remove an encrypted password, use the no password password command.
Usage Information

To keep unauthorized people from viewing passwords in the switch configuration file, use the service password-encryption command. This command encrypts the clear-text passwords created for user name passwords, authentication key passwords, the privileged command password, and console and virtual terminal line access passwords. To view passwords, use the show running-config command.

show privilege
ces
Syntax Command Modes

View your access level. show privilege EXEC EXEC Privilege

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1389

show users

Command History

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0

Introduced for S-Series Introduced for C-Series Introduced for E-Series

Example

Figure 478 show privilege Command Output

Force10#show privilege Current privilege level is 15 Force10#

Related Commands

privilege level (CONFIGURATION mode)

Assign access control to different command modes.

show users
ces
Syntax Parameters

View information on all users logged into the switch. show users [all] all EXEC Privilege
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced for S-Series Introduced for C-Series Introduced for E-Series (OPTIONAL) Enter the keyword all to view all terminal lines in the switch.

Command Modes Command History

Example

Figure 479 show users Command Example

Force10#show user Line 0 console 0 * 3 vty 1 Force10# User admin admin Host(s) idle idle Location 172.31.1.4

Table 144 describes the information in the show users command example. Table 144 show users Command Example Fields Field
(untitled) Line User Host(s) Location

Description
Indicates with a * which terminal line you are using. Displays the terminal lines currently in use. Displays the user name of all users logged in. Displays the terminal line status. Displays the IP address of the user.

1390

Security

timeout login response

Related Commands

username

Enable a user.

timeout login response

ces
Syntax

Specify how long the software will wait for login input (for example, user name and password) before timing out. timeout login response seconds To return to the default values, enter no timeout login response.

Parameters

seconds

Enter a number of seconds the software will wait before logging you out. Range: VTY: 1 to 30 seconds, default: 30 seconds. Console: 1 to 300 seconds, default: 0 seconds (no timeout). AUX: 1 to 300 seconds, default: 0 seconds (no timeout).

Defaults Command Modes Command History

see above LINE

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced for S-Series Introduced for C-Series Introduced for E-Series

Usage Information

The software measures the period of inactivity defined in this command as the period between consecutive keystrokes. For example, if your password is password you can enter p and wait 29 seconds to enter the next letter.

username
ces
Syntax

Establish an authentication system based on user names. username name [access-class access-list-name] [nopassword | {password | secret} [encryption-type] password] [privilege level] If you do not want a specific user to enter a password, use the nopassword option. To delete authentication for a user, use the no username name command.

Parameters

name access-class access-list-name

Enter a text string for the name of the user up to 63 characters. Enter the keyword access-class followed by the name of a configured access control list (either a IP access control list or MAC access control list).

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1391

username

nopassword password secret encryption-type

Enter the keyword nopassword to specify that the user should not enter a password. Enter the keyword password followed by the encryption-type or the password. Enter the keyword secret followed by the encryption-type or the password. Enter an encryption type for the password that you will enter. 0 directs FTOS to store the password as clear text. It is the default encryption type when using the password option. 7 to indicate that a password ecrypted using a DES hashing algorithm will follow. This encryption type is available with the password option only. 5 to indicate that a password ecrypted using an MD5 hashing algorithm will follow. This encryption type is available with the secret option only, and is the default enryption type for this option.

password privilege level secret

Defaults

Enter a string up to 32 characters long. Enter the keyword privilege followed by a number from zero (0) to 15. Enter the keyword secret followed by the encryption type.

The default encryption type for the password option is 0. The default encryption type for the secret option is 0. CONFIGURATION
Version 7.7.1.0 Version 7.6.1.0 Version 7.5.1.0 Added support for secret option and MD5 password encryption. Extended name from 25 characters to 63. Introduced for S-Series Introduced for C-Series

Command Modes Command History

E-Series original Command Usage Information Related Commands

To view the defined user names, use the show running-config user command.

password show running-config

Specify a password for users on terminal lines. View the current configuration.

RADIUS Commands
The RADIUS commands supported by FTOS. are: debug radius ip radius source-interface radius-server deadtime radius-server host radius-server key radius-server retransmit radius-server timeout

1392

Security

debug radius

debug radius
ces
Syntax

View RADIUS transactions to assist with troubleshooting. debug radius To disable debugging of RADIUS, enter no debug radius.

Defaults Command Modes Command History

Disabled. EXEC Privilege

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Support added for S-Series Support added for C-Series Introduced on E-Series

ip radius source-interface
ces
Syntax

Specify an interfaces IP address as the source IP address for RADIUS connections. ip radius source-interface interface To delete a source interface, enter no ip radius source-interface.

Parameters

interface

Enter the following keywords and slot/port or number information: For an 100/1000 Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For Loopback interfaces, enter the keyword loopback followed by a number from zero (0) to 16838. For the Null interface, enter the keywords null 0. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a Ten Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For VLAN interface, enter the keyword vlan followed by a number from 1 to 4094.

Defaults Command Mode

Not configured. CONFIGURATION

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1393

radius-server deadtime

Command History

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1

Support added for S-Series Support added for C-Series Introduced on E-Series

radius-server deadtime
ces
Syntax

Configure a time interval during which non-responsive RADIUS servers to authentication requests are skipped. radius-server deadtime seconds To disable this function or return to the default value, enter no radius-server deadtime.

Parameters

seconds

Enter a number of seconds during which non-responsive RADIUS servers are skipped. Range: 0 to 2147483647 seconds. Default: 0 seconds.

Defaults Command Modes Command History

0 seconds CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced for S-Series Introduced for C-Series Introduced for E-Series

radius-server host
ces
Syntax

Configure a RADIUS server host. radius-server host {hostname | ipv4-address | ipv6-address} [auth-port port-number] [retransmit retries] [timeout seconds] [key [encryption-type] key] hostname ipv4-address | ipv6-address auth-port port-number
Enter the name of the RADIUS server host. Enter the IPv4 address (A.B.C.D) or IPv6 address (X:X:X:X::X), of the RADIUS server host. (OPTIONAL) Enter the keyword auth-port followed by a number as the port number. Range: zero (0) to 65535 The default port-number is 1812.

Parameters

1394

Security

radius-server host

retransmit retries

(OPTIONAL) Enter the keyword retransmit followed by a number as the number of attempts. This parameter overwrites the radius-server retransmit command. Range: zero (0) to 100 Default: 3 attempts (OPTIONAL) Enter the keyword timeout followed by the seconds the time interval the switch waits for a reply from the RADIUS server. This parameter overwrites the radius-server timeout command. Range: 0 to 1000 Default: 5 seconds (OPTIONAL) Enter the keyword key followed by an optional encryption-type and a string up to 42 characters long as the authentication key. This authentication key is used by the RADIUS host server and the RADIUS daemon operating on this switch. For the encryption-type, enter either zero (0) or 7 as the encryption type for the key entered. The options are: 0 is the default and means the password is not encrypted and stored as clear text. 7 means that the password is encrypted and hidden. Configure this parameter last because leading spaces are ignored.

timeout seconds

key [encryption-type] key

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 8.4.1.0 Version 7.7.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Added support for IPv6 Authentication key length increased to 42 characters Support added for S-Series Support added for C-Series Introduced on E-Series

Usage Information

Use this command to configure any number of RADIUS server hosts for each server host that is configured. FTOS searches for the RADIUS hosts in the order they are configured in the software. The global default values for timeout, retransmit, and key optional parameters are applied, unless those values are specified in the radius-server host or other commands. If you configure timeout, retransmit, or key values, you must include those keywords when entering the no radius-server host command syntax to return to the global default values.

Related Commands

login authentication radius-server key radius-server retransmit radius-server timeout

Set the database to be checked when a user logs in. Set a authentication key for RADIUS communications. Set the number of times the RADIUS server will attempt to send information. Set the time interval before the RADIUS server times out.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1395

radius-server key

radius-server key
ces
Syntax

Configure a key for all RADIUS communications between the switch and the RADIUS host server. radius-server key [encryption-type] key To delete a password, enter no radius-server key.

Parameters

encryption-type

(OPTIONAL) Enter either zero (0) or 7 as the encryption type for the key entered. The options are: 0 is the default and means the key is not encrypted and stored as clear text. 7 means that the key is encrypted and hidden.

key

Enter a string that is the key to be exchanged between the switch and RADIUS servers. It can be up to 42 characters long.

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 7.7.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Authentication key length increased to 42 characters Support added for S-Series Support added for C-Series Introduced on E-Series

Usage Information

The key configured on the switch must match the key configured on the RADIUS server daemon. If the key parameter in the radius-server host command is configured, the key configured with the radius-server key command is the default key for all RADIUS communications.

Related Commands

radius-server host

Configure a RADIUS host.

radius-server retransmit
ces
Syntax

Configure the number of times the switch attempts to connect with the configured RADIUS host server before declaring the RADIUS host server unreachable. radius-server retransmit retries To configure zero retransmit attempts, enter no radius-server retransmit. To return to the default setting, enter radius-server retransmit 3.

Parameters

retries

Enter a number of attempts that FTOS tries to locate a RADIUS server. Range: zero (0) to 100. Default: 3 retries.

1396

Security

radius-server timeout

Defaults Command Modes Command History

3 retries CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Support added for S-Series Support added for C-Series Introduced on E-Series Configure a RADIUS host.

Related Commands

radius-server host

radius-server timeout
ces
Syntax

Configure the amount of time the RADIUS client (the switch) waits for a RADIUS host server to reply to a request. radius-server timeout seconds To return to the default value, enter no radius-server timeout.

Parameters

seconds

Enter the number of seconds between an unsuccessful attempt and the FTOS times out. Range: zero (0) to 1000 seconds. Default: 5 seconds.

Defaults Command Modes Command History

5 seconds CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Support added for S-Series Support added for C-Series Introduced on E-Series Configure a RADIUS host.

Related Commands

radius-server host

TACACS+ Commands
FTOS supports TACACS+ as an alternate method for login authentication. debug tacacs+ ip tacacs source-interface tacacs-server host tacacs-server key

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1397

debug tacacs+

debug tacacs+
ces
Syntax

View TACACS+ transactions to assist with troubleshooting. debug tacacs+ To disable debugging of TACACS+, enter no debug tacacs+.

Defaults Command Modes Command History

Disabled. EXEC Privilege

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Introduced for S-Series Introduced for C-Series Introduced on E-Series

ip tacacs source-interface
ces
Syntax

Specify an interfaces IP address as the source IP address for TACACS+ connections. ip tacacs source-interface interface To delete a source interface, enter no ip tacacs source-interface.

Parameters

interface

Enter the following keywords and slot/port or number information: For an 100/1000 Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For Loopback interfaces, enter the keyword loopback followed by a number from zero (0) to 16838. For the Null interface, enter the keywords null 0. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/ port information. For a Ten Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For VLAN interface, enter the keyword vlan followed by a number from 1 to 4094.

Defaults Command Mode

Not configured. CONFIGURATION

1398

Security

tacacs-server host

Command History

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1

Introduced for S-Series Introduced for C-Series Introduced on E-Series

tacacs-server host
ces
Syntax

Specify a TACACS+ host. tacacs-server host {hostname | ipv4-address | ipv6-address} [port number] [timeout seconds] [key key] hostname ipv4-address | ipv6-address port number
Enter the name of the TACACS+ server host. Enter the IPv4 address (A.B.C.D) or IPv6 address (X:X:X:X::X), of the TACACS+ server host. (OPTIONAL) Enter the keyword port followed by a number as the port to be used by the TACACS+ server. Range: zero (0) to 65535 Default: 49 (OPTIONAL) Enter the keyword timeout followed by the number of seconds the switch waits for a reply from the TACACS+ server. Range: 0 to 1000 Default: 10 seconds (OPTIONAL) Enter the keyword key followed by a string up to 42 characters long as the authentication key. This authentication key must match the key specified in the tacacs-server key for the TACACS+ daemon. Configure this parameter last because leading spaces are ignored.

Parameters

timeout seconds

key key

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 8.4.1.0 Version 7.7.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Added support for IPv6 Authentication key length increased to 42 characters Introduced for S-Series Introduced for C-Series Introduced on E-Series

Usage Information

To list multiple TACACS+ servers to be used by the aaa authentication login command, configure this command multiple times. If you are not configuring the switch as a TACACS+ server, you do not need to configure the port, timeout and key optional parameters. If you do not configure a key, the key assigned in the tacacs-server key command is used.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1399

tacacs-server key

Related Commands

aaa authentication login tacacs-server key

Specify the login authentication method. Configure a TACACS+ key for the TACACS server.

tacacs-server key
ces
Syntax

Configure a key for communication between a TACACS+ server and client. tacacs-server key [encryption-type] key To delete a key, use the no tacacs-server key key

Parameters

encryption-type

key

Enter a text string, up to 42 characters long, as the clear text password. Leading spaces are ignored.

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 7.7.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Authentication key length increased to 42 characters Introduced for S-Series Introduced for C-Series Introduced on E-Series

Usage Information

The key configured with this command must match the key configured on the TACACS+ daemon.

Port Authentication (802.1X) Commands

The 802.1X Port Authentication commands are: 1400 dot1x authentication (Configuration) dot1x authentication (Interface) dot1x auth-fail-vlan dot1x auth-server dot1x guest-vlan dot1x max-eap-req dot1x port-control dot1x quiet-period dot1x reauthentication dot1x reauth-max Security

dot1x authentication (Configuration)

dot1x server-timeout dot1x supplicant-timeout dot1x tx-period show dot1x interface

Important Points to Remember

FTOS limits network access for certain users by using VLAN assignments. 802.1X with VLAN assignment has these characteristics when configured on the switch and the RADIUS server. 802.1X is supported on C-Series, E-Series, and S-Series. 802.1X is not supported on the LAG or the channel members of a LAG. If no VLAN is supplied by the RADIUS server or if 802.1X authorization is disabled, the port is configured in its access VLAN after successful authentication. If 802.1X authorization is enabled but the VLAN information from the RADIUS server is not valid, the port returns to the unauthorized state and remains in the configured access VLAN. This prevents ports from appearing unexpectedly in an inappropriate VLAN due to a configuration error. Configuration errors create an entry in Syslog. If 802.1X authorization is enabled and all information from the RADIUS server is valid, the port is placed in the specified VLAN after authentication. If port security is enabled on an 802.1X port with VLAN assignment, the port is placed in the RADIUS server assigned VLAN. If 802.1X is disabled on the port, it is returned to the configured access VLAN. When the port is in the force authorized, force unauthorized, or shutdown state, it is placed in the configured access VLAN. If an 802.1X port is authenticated and put in the RADIUS server assigned VLAN, any change to the port access VLAN configuration will not take effect. The 802.1X with VLAN assignment feature is not supported on trunk ports, dynamic ports, or with dynamic-access port assignment through a VLAN membership.

dot1x authentication (Configuration)

ces
Syntax

Enable dot1x globally; dot1x must be enabled both globally and at the interface level. dot1x authentication To disable dot1x on an globally, use the no dot1x authentication command.

Defaults Command Modes

Disabled CONFIGURATION

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1401

dot1x authentication (Interface)

Command History

Version 7.6.1.0 Version 7.4.1.0

Introduced on C-Series and S-Series Introduced on E-Series Enable dot1x on an interface

Related Commands

dot1x authentication (Interface)

ces
Syntax

Enable dot1x on an interface; dot1x must be enabled both globally and at the interface level. dot1x authentication To disable dot1x on an interface, use the no dot1x authentication command.

Defaults Command Modes Command History

Disabled INTERFACE
Version 7.6.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series Introduced on E-Series Enable dot1x globally

Related Commands

dot1x authentication (Configuration)

dot1x auth-fail-vlan
ces
Syntax

Parameters

vlan-id max-attempts number

Enter the VLAN Identifier. Range: 1 to 4094 (OPTIONAL) Enter the keyword max-attempts followed number of attempts desired before authentication fails. Range: 1 to 5 Default: 3

Defaults Command Modes Command History

3 attempts CONFIGURATION (conf-if-interface-slot/port)

Version 7.6.1.0 Introduced on C-Series, E-Series and S-Series

1402

Security

dot1x auth-server

Usage Information

Related Commands

dot1x port-control dot1x guest-vlan show dot1x interface

Enable port-control on an interface Configure a guest VLAN for non-dot1x devices Display the 802.1X information on an interface

dot1x auth-server
ces
Syntax Defaults Command Modes Command History

dot1x guest-vlan
ces
Syntax

Configure a guest VLAN for limited access users or for devices that are not 802.1X capable. dot1x guest-vlan vlan-id To disable the guest VLAN, use the no dot1x guest-vlan vlan-id command.

Parameters

vlan-id

Enter the VLAN Identifier. Range: 1 to 4094

Defaults Command Modes Command History

Not configured CONFIGURATION (conf-if-interface-slot/port)

Version 7.6.1.0 Introduced on C-Series, E-Series, and S-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1403

dot1x max-eap-req

Usage Information

dot1x auth-fail-vlan
dot1x reauthentication show dot1x interface

Configure a VLAN for authentication failures Enable periodic re-authentication Display the 802.1X information on an interface

dot1x max-eap-req
ces
Syntax

Parameters

number

Enter the number of times an EAP request is transmitted before a session time-out. Range: 1 to 10 Default: 2

Defaults Command Modes Command History

2 INTERFACE
Version 7.6.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series Introduced on E-Series Configure a range of interfaces

Related Commands

interface range

1404

Security

dot1x port-control

dot1x port-control
ces
Syntax Parameters

Defaults Command Modes Command History

No default behavior or values INTERFACE

Version 7.6.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series Introduced on E-Series

Usage Information

The authenticator performs authentication only when port-control is set to auto.

dot1x quiet-period
ces
Syntax

Set the number of seconds that the authenticator remains quiet after a failed authentication with a client. dot1x quiet-period seconds To disable quiet time, use the no dot1x quiet-time command.

Parameters

seconds

Enter the number of seconds. Range: 1 to 65535 Default: 30

Defaults Command Modes Command History

30 seconds INTERFACE
Version 7.6.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1405

dot1x reauthentication

dot1x reauthentication
ces
Syntax

Enable periodic re-authentication of the client. dot1x reauthentication [interval seconds] To disable periodic re-authentication, use the no dot1x reauthentication command.

Parameters

interval seconds

(Optional) Enter the keyword interval followed by the interval time, in seconds, after which re-authentication will be initiated. Range: 1 to 31536000 (1 year) Default: 3600 (1 hour)

Defaults Command Modes Command History

3600 seconds (1 hour) INTERFACE

Version 7.6.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series Introduced on E-Series Configure a range of interfaces

Related Commands

interface range

dot1x reauth-max
ces
Syntax

Configure the maximum number of times a port can re-authenticate before the port becomes unauthorized. dot1x reauth-max number To return to the default, use the no dot1x reauth-max command.

Parameters

number

Enter the permitted number of re-authentications. Range: 1 - 10 Default: 2

Defaults Command Modes Command History

2 INTERFACE
Version 7.6.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series Introduced on E-Series

1406

Security

dot1x server-timeout

dot1x server-timeout
ces
Syntax

Configure the amount of time after which exchanges with the server time out. dot1x server-timeout seconds To return to the default, use the no dot1x server-timeout command.

Parameters

seconds

Enter a time-out value in seconds. Range: 1 to 300, where 300 is implementation dependant. Default: 30

Defaults Command Modes Command History

30 seconds INTERFACE
Version 7.6.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series Introduced on E-Series

dot1x supplicant-timeout
ces
Syntax

Configure the amount of time after which exchanges with the supplicant time out. dot1x supplicant-timeout seconds To return to the default, use the no dot1x supplicant-timeout command.

Parameters

seconds

Enter a time-out value in seconds. Range: 1 to 300, where 300 is implementation dependant. Default: 30

Defaults Command Modes Command History

30 seconds INTERFACE
Version 7.6.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series Introduced on E-Series

dot1x tx-period
ces
Syntax

Configure the intervals at which EAPOL PDUs are transmitted by the Authenticator PAE. dot1x tx-period seconds To return to the default, use the no dot1x tx-period command.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1407

show dot1x interface

Parameters

seconds

Enter the interval time, in seconds, that EAPOL PDUs are transmitted. Range: 1 to 31536000 (1 year) Default: 30

Defaults Command Modes Command History

30 seconds INTERFACE
Version 7.6.1.0 Version 7.4.1.0 Introduced on C-Series and S-Series Introduced on E-Series

show dot1x interface

ces
Syntax Parameters

Display the 802.1X information on an interface. show dot1x interface interface interface
Enter one of the following keywords and slot/port or number information:

For a Ten Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Defaults Command Modes

No default values or behavior EXEC EXEC privilege

Command History

Version 7.6.1.0

Introduced on C-Series, E-Series, and S-Series

1408

Security

show dot1x interface

Example

Figure 480 show dot1x interface command Example

SSH Server and SCP Commands

FTOS supports SSH Protocol versions 1.5 and 2.0. Secure Shell (SSH) is a protocol for secure remote login over an insecure network. SSH sessions are encrypted and use authentication. crypto key generate debug ip ssh ip scp topdir ip ssh authentication-retries ip ssh connection-rate-limit ip ssh hostbased-authentication ip ssh key-size ip ssh password-authentication ip ssh pub-key-file ip ssh rhostsfile ip ssh rsa-authentication (Config) ip ssh rsa-authentication (EXEC) ip ssh server show crypto show ip ssh show ip ssh client-pub-keys show ip ssh rsa-authentication ssh

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1409

crypto key generate

ces
Syntax Parameters

Generate keys for the SSH server. crypto key generate {rsa | rsa1} rsa
Enter the keyword rsa followed by the key size to generate a SSHv2 RSA host keys. Range: 1024 to 2048 Default: 1024 Enter the keyword rsa1 followed by the key size to generate a SSHv1 RSA host keys. Range: 1024 to 2048 Default: 1024

rsa1

Defaults Command Modes Command History

Key size 1024 CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced for S-Series Introduced for C-Series Introduced for E-Series

Example

Figure 481 crypto key generate rsa1 command example

Force10#conf Force10(conf)#crypto key generate rsa1 Enter key size <1024-2048>. Default<1024>: 1024 Host key already exists. Do you want to replace. [y/n] Force10(conf)# :y

Usage Information

The host keys are required for key-exchange by the SSH server. If the keys are not found when the server is enabled (ip ssh server enable), the keys are automatically generated. This command requires user interaction and will generate a prompt prior to overwriting any existing host keys.

Note: Only a user with superuser permissions should generate host-keys.

Related Commands

ip ssh server show crypto

Enable the SSH server. Display SSH host public keys

1410

Security

debug ip ssh

debug ip ssh
ces
Syntax

Enables collecting SSH debug information. debug ip ssh {client | server} To disable debugging, use the no debug ip ssh {client | server} command.

Parameters

client server

Enter the keyword client to enable collecting debug information on the client. Enter the keyword server to enable collecting debug information on the server.

Defaults Command Modes Command History

Disabled on both client and server EXEC

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced for S-Series Introduced for C-Series Introduced for E-Series

Usage Information

Debug information includes details for key-exchange, authentication, and established session for each connection.

ip scp topdir
ces
Syntax

Identify a location for files used in secure copy transfer. ip scp topdir directory To return to the default setting, enter no ip scp topdir command.

Parameters

Enter a directory name.

Defaults Command Modes Command History

The internal flash (flash:) is the default directory. CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced for S-Series Introduced for C-Series Introduced for E-Series

Usage Information Related Commands

To configure the switch as a SCP server, use the ip ssh server command.

ip ssh server

Enable SSH and SCP server on the switch.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1411

ip ssh authentication-retries

ip ssh authentication-retries
ces
Syntax Parameters

Configure the maximum number of attempts that should be used to authenticate a user. ip ssh authentication-retries 1-10 1-10
Enter the number of maximum retries to authenticate a user. Range: 1 to 10 Default: 3

Defaults Command Modes Command History

3 CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced for S-Series Introduced for C-Series Introduced for E-Series

Usage Information

This command specifies the maximum number of attempts to authenticate a user on a SSH connection with the remote host for password authentication. SSH will disconnect when the number of password failures exceeds authentication-retries.

ip ssh connection-rate-limit
ces
Syntax Parameters

Configure the maximum number of incoming SSH connections per minute. ip ssh connection-rate-limit 1-10 1-10
Enter the number of maximum number of incoming SSH connections allowed per minute. Range: 1 to 10 per minute Default: 10 per minute

Defaults Command Modes Command History

10 per minute CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced for S-Series Introduced for C-Series Introduced for E-Series

1412

Security

ip ssh hostbased-authentication

ip ssh hostbased-authentication
ces
Syntax

Enable hostbased-authentication for the SSHv2 server. ip ssh hostbased-authentication enable To disable hostbased-authentication for SSHv2 server, use the no ip ssh hostbased-authentication enable command.

Parameters

enable

Enter the keyword enable to enable hostbased-authentication for SSHv2 server.

Defaults Command Modes Command History

Disable by default CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced for S-Series Introduced for C-Series Introduced for E-Series

Usage Information

If this command is enabled, clients can login without a password prompt. This provides two levels of authentication: rhost-authentication is done with the file specified in the ip ssh rhostfile command checking client host-keys is done with the file specified in the ip ssh pub-key-file command

If no ip ssh rsa-authentication enable is executed, host-based authentication is disabled.

Note: Administrators must specify the two files (rhosts and pub-key-file) to configure
host-based authentication.
Related Commands

ip ssh pub-key-file ip ssh rhostsfile

Public keys of trusted hosts from a file. Trusted hosts and users for rhost authentication.

ip ssh key-size
ces
Syntax Parameters

Configure the size of the server-generated RSA SSHv1 key. ip ssh key-size 512-869 512-869
Enter the key-size number for the server-generated RSA SSHv1 key. Range: 512 to 869 Default: 768

Defaults

Key size 768

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1413

ip ssh password-authentication

Command Modes Command History

CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced for S-Series Introduced for C-Series Introduced for E-Series

Usage Information

The server-generated key is used for SSHv1 key-exchange.

ip ssh password-authentication
ces
Syntax

Enable password authentication for the SSH server. ip ssh password-authentication enable To disable password-authentication, use the no ip ssh password-authentication enable.

Parameters

enable enabled

Enter the keyword enable to enable password-authentication for the SSH server.

Defaults Command Modes Command History

CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced for S-Series Introduced for C-Series Introduced for E-Series

Usage Information

With password authentication enabled, users can authenticate using local, RADIUS, or TACACS+ password fallback order as configured.

ip ssh pub-key-file
ces
Syntax Parameters

Specify the file to be used for host-based authentication. ip ssh pub-key-file {WORD} WORD
Enter the file name for the host-based authentication.

Defaults Command Modes

No default behavior or values CONFIGURATION

1414

Security

ip ssh rhostsfile

Command History

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0

Introduced for S-Series Introduced for C-Series Introduced for E-Series

Example

Figure 482 ip ssh pub-key-file Command Example

Force10#conf Force10(conf)# ip ssh pub-key-file flash://knownhosts Force10(conf)#

Usage Information

This command specifies the file to be used for the host-based authentication. The file creates/ overwrites the file flash://ADMIN_DIR/ssh/knownhosts and deletes the user specified file. Even though this is a global configuration command, it will not appear in the running configuration since this command needs to be run just once. The file contains the OpenSSH compatible public keys of the host for which host-based authentication is allowed. An example known host file format:
poclab4,123.12.1.123 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAox/ QQp8xYhzOxn07yh4VGPAoUfgKoieTHO9G4sNV+ui+DWEc3cgYAcU5Lai1MU2ODrzhCwyDNp05tK BU3tReG1o8AxLi6+S4hyEMqHzkzBFNVqHzpQc+Rs4p2urzV0F4pRKnaXdHf3Lk4D460HZRhhVrxqe NxPDpEnWIMPJi0ds= ashwani@poclab4

Note: For rhostfile and pub-key-file, the administrator must FTP the file to the
chassis.
Related Commands

show ip ssh client-pub-keys

Display the client-public keys used for the host-based authentication.

ip ssh rhostsfile
ces
Syntax Parameters

Specify the rhost file to be used for host-based authorization. ip ssh rhostsfile {WORD} WORD
Enter the rhost file name for the host-based authentication.

Defaults Command Modes Command History

No default behavior or values CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced for S-Series Introduced for C-Series Introduced for E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1415

ip ssh rsa-authentication (Config)

Example

Figure 483 ip ssh rhostsfile Command Example

Force10#conf Force10(conf)# ip ssh rhostsfile flash://shosts Force10(conf)#

Usage Information

This command specifies the rhost file to be used for host-based authentication. This file creates/overwrites the file flash:/ADMIN_DIR/ssh/shosts and deletes the user specified file. Even though this is a global configuration command, it will not appear in the running configuration since this command needs to be run just once. This file contains hostnames and usernames, for which hosts and users, rhost-authentication can be allowed.

Note: For rhostfile and pub-key-file, the administrator must FTP the file to the
switch.

ip ssh rsa-authentication (Config)

ces
Syntax

Enable RSA authentication for the SSHv2 server. ip ssh rsa-authentication enable To disable RSA authentication, use the no ip ssh rsa-authentication enable command.

Parameters

enable

Enter the keyword enable to enable RSA authentication for the SSHv2 server.

Defaults Command Modes Command History

RSA authentication is disabled by default CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced for S-Series Introduced for C-Series Introduced for E-Series

Usage Information

Enabling RSA authentication allows the user to login without being prompted for a password. In addition, the OpenSSH compatible SSHv2 RSA public key must be added to the list of authorized keys (ip ssh rsa-authentication my-authorized-keys device://filename command).
ip ssh rsa-authentication (EXEC) Add keys for RSA authentication.

Related Commands

1416

Security

ip ssh rsa-authentication (EXEC)

ces
Syntax

Add keys for the RSA authentication. ip ssh rsa-authentication {my-authorized-keys WORD} To delete the authorized keys, use the no ip ssh rsa-authentication {my-authorized-keys} command.

Parameters

my-authorized-keys WORD

Enter the keyword my-authorized-keys followed by the file name of the RSA authorized-keys.

Defaults Command Modes Command History

No default behavior or values EXEC

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced for S-Series Introduced for C-Series Introduced for E-Series

Usage Information

If you want to log in without being prompted for a password, log in through RSA authentication. To do that, you must first add the SSHv2 RSA public keys to the list of authorized keys. This command adds the specified RSA keys to the following file: flash://ADMIN_DIR/ssh/authorized-keys-username (where username is the user associated with this terminal).

Note: The no form of this command deletes the file flash://ADMIN_DIR/ssh/

authorized-keys-username
Related Commands

show ip ssh rsa-authentication ip ssh rsa-authentication (Config)

Display RSA authorized keys. Enable RSA authentication.

ip ssh server
ces
Syntax

Configure an SSH server. ip ssh server {enable | port port-number } [version {1 | 2}] To disable SSH server functions, enter no ip ssh server enable command.

Parameters

enable

Enter the key word enable to start the SSH server.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1417

show crypto

port port-number

(OPTIONAL) Enter the keyword port followed by the port number of the listening port of the SSH server. Range: 1 to 65535 Default: 22 (OPTIONAL) Enter the keyword version followed by the SSH version 1 or 2 to specify only SSHv1 or SSHv2.

[version {1 | 2}]

Defaults Command Modes Command History

Default listening port is 22 CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced for S-Series Expanded to include specifying SSHv1 or SSHv2; Introduced for C-Series Introduced for E-Series

Usage Information Example

This command enables the SSH server and begins listening on a port. If a port is not specified, listening is on SSH default port 22. Figure 484 ip ssh server port Command Example
Force10# conf Force10(conf)# ip ssh server port 45 Force10(conf)# ip ssh server enable Force10#

Related Commands

show ip ssh

Display the ssh information

show crypto
ces
Syntax Parameters

Display the public part of the SSH host-keys. show crypto key mypubkey {rsa | rsa1} Key mypubkey rsa rsa1
Enter the keyword key to display the host public key. Enter the keyword mypubkey to display the host public key. Enter the keyword rsa to display the host SSHv2 RSA public key. Enter the keyword rsa1 to display the host SSHv1 RSA public key.

Defaults Command Modes Command History

No default behavior or values EXEC

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced for S-Series Introduced for C-Series Introduced for E-Series

1418

Security

show ip ssh

Example

Figure 485 show crypto Command Examples

Force10#show crypto key mypubkey rsa ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAtzkZME/ e8V8smnXR22EJGQhCMkEOkuisa+OILVoMYU1ZKGfj0W5BPCSvF/ x5ifqYFFwUzJNOcsJK7vjSsnmMhChF2YSvXlvTJ6h971FJAQlOsgd0ycpocsF+DNLKfJnx7SAjhakFQMwG g/g78ZkDT3Ydr8KKjfSI4Bg/WS8B740= Force10#show crypto key mypubkey rsa1 1024 35 1310600154808733989532575153972496578500722064442949636740809356830889610203172266 7988956754966765265006379622189779927609278523638839223055081819166009928132616408 6643457746022192295189039929663345791173742247431553750501676929660273790601494434 050000015179864425629613385774919236081771341059533760063913083 Force10#

Usage Information Related Commands

This command is useful if the remote SSH client implements Strict Host Key Checking. You can copy the host key to your list of known hosts.
crypto key generate Generate SSH keys.

show ip ssh
ces
Syntax Command Modes

Display information about established SSH sessions. show ip ssh EXEC EXEC Privilege

Example

Figure 486 show ip ssh Command Example

Force10#show ip ssh SSH server : SSH server version : Password Authentication : Hostbased Authentication : RSA Authentication Vty Encryption 0 3DES 1 3DES 2 3DES Force10 enabled. v1 and v2. enabled. disabled. : disabled. Remote IP 172.16.1.162 172.16.1.162 172.16.1.162Force10#

Related Commands

ip ssh server show ip ssh client-pub-keys

Configure an SSH server. Display the client-public keys.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1419

show ip ssh client-pub-keys

ces
Syntax Defaults Command Modes Command History

Display the client public keys used in host-based authentication. show ip ssh client-pub-keys No default behavior or values EXEC
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced for S-Series Introduced for C-Series Introduced for E-Series

Example

Figure 487 show ip ssh client-pub-keys Command Example

Force10#show ip ssh client-pub-keys poclab4,123.12.1.123 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAox/ QQp8xYhzOxn07yh4VGPAoUfgKoieTHO9G4sNV+ui+DWEc3cgYAcU5Lai1MU2ODrzhCwyDNp05tKBU3tReG1 o8AxLi6+S4hyEMqHzkzBFNVqHzpQc+Rs4p2urzV0F4pRKnaXdHf3Lk4D460HZRhhVrxqeNxPDpEnWIMPJi0 ds= ashwani@poclab4 Force10#

Usage Information Related Commands

This command displays the contents of the file flash://ADMIN_DIRssh/knownhosts

ip ssh pub-key-file

Configure the file name for the host-based authentication

show ip ssh rsa-authentication

ces
Syntax Parameters

Display the authorized-keys for the RSA authentication. show ip ssh rsa-authentication {my-authorized-keys} my-authorized-keys
Display the RSA authorized keys.

Defaults Command Modes Command History

No default behavior or values EXEC

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Introduced for S-Series Introduced for C-Series Introduced for E-Series

1420

Security

ssh

Example

Figure 488 show ip ssh rsa-authentication Command Example

Force10#show ip ssh rsa-authentication my-authorized-keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAyB17l4gFp4r2DRHIvMc1VZd0Sg5GQxRV1y1X1JOMeO6Nd0WuYyzrQMM 4qJAoBwtneOXfLBcHF3V2hcMIqaZN+CRCnw/ zCMlnCf0+qVTd1oofsea5r09kS0xTp0CNfHXZ3NuGCq9Ov33m9+U9tMwhS8vy8AVxdH4x4km3c3t5Jvc= freedom@poclab4 Force10#

Usage Information Related Commands

This command displays the contents of the file flash:/ADMIN_DIR/ssh/ authorized-keys.username.

ip ssh rsa-authentication (Config) Configure the RSA authorized keys.

ssh
ces
Open an SSH connection specifying the hostname, username, port number and version of the SSH client. FTOS supports both inbound and outbound SSH sessions using IPv4 or IPv6 addressing. Inbound SSH supports accessing the system through the management interface as well as through a physical Layer 3 interface.
Syntax Parameters

ssh {hostname | ipv4 address | ipv6 address} [-l username | -p port-number | -v {1 | 2}] hostname vrf instance ipv4 address ipv6-address prefix-length
(OPTIONAL) Enter the IP address or the hostname of the remote device. (OPTIONAL) E-Series Only: Enter the keyword vrf following by the VRF Instance name to open a SSH connection to that instance. (OPTIONAL) Enter the IP address in dotted decimal format A.B.C.D. (OPTIONAL) Enter the IPv6 address in the x:x:x:x::x format followed by the prefix length in the /x format. Range: /0 to /128 Note: The :: notation specifies successive hexadecimal fields of zeros (OPTIONAL) Enter the keyword -l followed by the user name used in this SSH session. Default: The user name of the user associated with the terminal. (OPTIONAL) Enter the keyword -p followed by the port number. Range: 1 to 65536 Default: 22 (OPTIONAL) Enter the keyword -v followed by the SSH version 1 or 2. Default: The version from the protocol negotiation

-l username

-p port-number

-v {1 | 2}

Defaults Command Modes

As above. EXEC Privilege

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1421

clear counters ip trace-group

Command History

Version 7.9.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0

Introduced VRF Introduced for S-Series Added IPv6 support; Introduced for C-Series Introduced for E-Series

Example

Figure 489 ssh Command Example

Force10#ssh 123.12.1.123 -l ashwani -p 5005 -v 2

Trace List Commands

IP trace lists create an Access Control List (ACLs) to trace all traffic into the E-Series switch. This feature is useful for tracing Denial of Service (DOS) attacks.

Note: For other Access Control List commands, see the chapters Chapter 9, ACL VLAN Group and Chapter 8, Access Control Lists (ACL).
clear counters ip trace-group deny deny tcp deny udp ip trace-group ip trace-list permit permit tcp permit udp seq show config show ip accounting trace-lists

clear counters ip trace-group

e
Syntax Parameters

Erase all counters maintained for trace lists. clear counters ip trace-group [trace-list-name] trace-list-name EXEC Privilege
(OPTIONAL) Enter the name of a configured trace list.

Command Modes

1422

Security

deny

deny
e
Syntax

Configure a filter that drops IP packets meeting the filter criteria. deny {ip | ip-protocol-number} {source mask | any | host ip-address} {destination mask | any | host ip-address} [count [byte]] | log] [order number] To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no deny {ip | ip-protocol-number} {source mask | any | host ip-address} {destination mask | any | host ip-address} command. ip ip-protocol-number source mask any host ip-address destination count bytes log order number
Enter the keyword ip to configure a generic IP access list. The keyword ip specifies that the access list will deny all IP protocols. Enter a number from 0 to 255 to deny based on the protocol identified in the IP protocol header. Enter the IP address of the network or host from which the packets were sent. (OPTIONAL) Enter a network mask in /prefix format (/x). Enter the keyword any to specify that all routes are subject to the filter. Enter the keyword host followed by the IP address to specify a host IP address. Enter the IP address of the network or host to which the packets are sent. (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword bytes to count only bytes processed by the filter. (OPTIONAL) Enter the keyword log to have the information kept in a Trace-list log file. (OPTIONAL) Enter the keyword order followed by a number from 0 to 7 as the order number.

Parameters

Defaults Command Modes Related Commands

Not configured. TRACE LIST

deny tcp deny udp ip trace-group Assign a trace list filter to deny TCP packets. Assign a trace list filter to deny UDP packets. Create a trace list.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1423

deny tcp

deny tcp
e
Syntax

Configure a filter that drops TCP packets meeting the filter criteria. deny tcp {source address mask | any | host ip-address} [operator port [port]] {destination mask | any | host ip-address} [operator port [port]] [count [byte]] | log] [order number] To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no deny tcp {source mask | any | host ip-address} {destination mask | any | host ip-address} command. source mask any host ip-address operator
Enter the IP address of the network or host from which the packets were sent. (OPTIONAL) Enter a network mask in /prefix format (/x). Enter the keyword any to specify that all routes are subject to the filter. Enter the keyword host followed by the IP address to specify a host IP address. (OPTIONAL) Enter one of the following logical operand:

Parameters

eq = equal to neq = not equal to gt = greater than lt = less than range = inclusive range of ports (you must specify two ports for the port
command parameter.)

port port

destination count byte log order number

Defaults Command Modes

Not configured. TRACE LIST

1424

Security

deny udp

Related Commands

deny deny udp

Assign a trace list filter to deny IP traffic. Assign a trace list filter to deny UDP traffic.

deny udp
e
Syntax

Configure a filter to drop UDP packets meeting the filter criteria. deny udp {source mask | any | host ip-address} [operator port [port]] {destination mask | any | host ip-address} [operator port [port]] [count [byte]] | log] [order number] To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no deny udp {source mask | any | host ip-address} {destination mask | any | host ip-address} command. source mask any host ip-address operator
Enter the IP address of the network or host from which the packets were sent. (OPTIONAL) Enter a network mask in /prefix format (/x). Enter the keyword any to specify that all routes are subject to the filter. Enter the keyword host followed by the IP address to specify a host IP address. (OPTIONAL) Enter one of the following logical operand:

Parameters

eq = equal to neq = not equal to gt = greater than lt = less than range = inclusive range of ports

port port

(OPTIONAL) Enter the application layer port number. Enter two port numbers if using the range logical operand. Range: 0 to 65535 Enter the IP address of the network or host to which the packets are sent. (OPTIONAL) Enter a network mask in /prefix format (/x). (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count only bytes (OPTIONAL) Enter the keyword log to have the information kept in a Trace-list log file. (OPTIONAL) Enter the keyword order followed by a number from 0 to 7 as the order number.

destination mask count byte log order number

Defaults Command Modes

Not configured. TRACE LIST

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1425

ip trace-group

Related Commands

deny deny tcp

Assign a trace list filter to deny IP traffic. Assign a trace list filter to deny TCP traffic.

ip trace-group
e
Syntax

Assign a trace list globally to process all incoming packets to the switch. ip trace-group trace-list-name To delete an trace list configuration, use the no ip trace-group trace-list-name command.

Parameters

trace-list-name Not enabled. CONFIGURATION

Enter the name of a configured trace list.

Defaults Command Modes Usage Information

You can assign one Trace list to the chassis. If there are unresolved next-hops and a Trace-list is enabled, there is a possibility that the traffic hitting the CPU will not be rate-limited.

Related Commands

ip trace-list

Configure a trace list ACL.

ip trace-list
e
Syntax

Configure a trace list, based on IP addresses or protocols, to filter all traffic on the E-Series. ip trace-list trace-list-name To delete a trace list, use the no ip trace-list trace-list-name command.

Parameters

trace-list-name Not configured

Enter a string up to 16 characters long as the access list name.

Defaults Example

Figure 490 ip trace-list Command Example

Force10(conf)#ip trace-list suzanne Force10(config-trace-acl)#

Command Modes Usage Information

CONFIGURATION After you create a trace list, you must apply it to the E-Series using the ip trace-group command in the CONFIGURATION mode. Security

1426

permit

Related Commands

ip trace-group

View the current configuration.

permit
e
Syntax

Configure a filter to pass IP packets meeting the filter criteria. permit {ip | ip-protocol-number} {source mask | any | host ip-address} {destination mask | any | host ip-address} [count [byte]| log] To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no deny {ip | ip-protocol-number} {source mask | any | host ip-address} {destination mask | any | host ip-address} command. ip ip-protocol-number source mask any host ip-address destination count byte log
Enter the keyword ip to configure a generic IP access list. The keyword ip specifies that the access list will permit all IP protocols. Enter a number from 0 to 255 to permit based on the protocol identified in the IP protocol header. Enter the IP address of the network or host from which the packets were sent. (OPTIONAL) Enter a network mask in /prefix format (/x). Enter the keyword any to specify that all routes are subject to the filter. Enter the keyword host followed by the IP address to specify a host IP address. Enter the IP address of the network or host to which the packets are sent. (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count only bytes processed by the filter. (OPTIONAL) Enter the keyword log to have the information kept in a Trace-list log file.

Parameters

Defaults Command Modes Related Commands

Not configured. TRACE LIST ip trace-list permit tcp permit udp

Create a trace list. Assign a trace list filter to forward TCP packets. Assign a trace list filter to forward UDP packets.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1427

permit tcp

permit tcp
e
Syntax

Configure a filter to pass TCP packets meeting the filter criteria. permit tcp {source mask | any | host ip-address} [operator port [port]] {destination mask | any | host ip-address} [operator port [port]] [count [byte]] | log] [order number] To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no permit tcp {source mask | any | host ip-address} {destination mask | any | host ip-address} command. source mask any host ip-address operator
Enter the IP address of the network or host from which the packets were sent. (OPTIONAL) Enter a network mask in /prefix format (/x). Enter the keyword any to specify that all routes are subject to the filter. Enter the keyword host followed by the IP address to specify a host IP address. (OPTIONAL) Enter one of the following logical operand:

Parameters

eq = equal to neq = not equal to gt = greater than lt = less than range = inclusive range of ports (you must specify two port for the port
parameter.)

port port

destination count byte log order number

Defaults Command Modes

Not configured. TRACE LIST Security

1428

permit udp

Related Commands

ip trace-list permit permit udp

Create a trace list. Assign a trace list filter to forward IP packets. Assign a trace list filter to forward UDP packets.

permit udp
e
Syntax

Configure a filter to pass UDP packets meeting the filter criteria. permit udp {source mask | any | host ip-address} [operator port [port]] {destination mask | any | host ip-address} [operator port [port]] [count [byte]] | log] [order number] To remove this filter, you have two choices: Use the no seq sequence-number command syntax if you know the filters sequence number or Use the no permit udp {source mask | any | host ip-address} {destination mask | any | host ip-address} command. source mask any host ip-address operator
Enter the IP address of the network or host from which the packets were sent. (OPTIONAL) Enter a network mask in /prefix format (/x). Enter the keyword any to specify that all routes are subject to the filter. Enter the keyword host followed by the IP address to specify a host IP address. (OPTIONAL) Enter one of the following logical operand:

Parameters

eq = equal to neq = not equal to gt = greater than lt = less than range = inclusive range of ports (you must specify two ports for the port parameter.)

port port

(OPTIONAL) Enter the application layer port number. Enter two port numbers if using the range logical operand. Range: 0 to 65535 Enter the IP address of the network or host to which the packets are sent. (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count only bytes processed by the filter. (OPTIONAL) Enter the keyword log to have the information kept in a Trace-list log file. (OPTIONAL) Enter the keyword order followed by a number from 0 to 7 as the order number.

destination count byte log order number

Defaults

Not configured. Publication Date: July 20, 2011 1429

Command Line Reference for FTOS version 8.4.2.4

seq

Command Modes Related Commands

TRACE LIST ip trace-list permit permit tcp

Configure a trace list. Assign a trace list filter to forward IP packets. Assign a trace list filter to forward TCP packets.

seq
e
Syntax

Assign a sequence number to a deny or permit filter in a trace list while creating the filter. seq sequence-number {deny | permit} {ip-protocol-number | ip | tcp | udp} {source mask | any | host ip-address} {destination mask | any | host ip-address} [operator port [port]] [precedence precedence] [tos tos-value] [count [byte] | log] To delete a filter, use the no seq sequence-number command.

Parameters

sequence-number deny permit ip-protocol-number ip

Enter a number from 0 to 65535. Enter the keyword deny to configure a filter to drop packets meeting this condition. Enter the keyword permit to configure a filter to forward packets meeting this criteria. Enter a number from 0 to 255 to filter based on the protocol identified in the IP protocol header. Enter the keyword ip to configure a generic IP access list. The keyword ip specifies that the access list will permit all IP protocols. Enter the keyword tcp to configure a TCP access list filter. Enter the keyword udp to configure a UDP access list filter. Enter the IP address of the network or host from which the packets were sent. (OPTIONAL) Enter a network mask in /prefix format (/x). Enter the keyword any to specify that all routes are subject to the filter. Enter the keyword host followed by the IP address to specify a host IP address. (OPTIONAL) Enter one of the following logical operands:

tcp udp source mask any host ip-address operator

eq = equal to neq = not equal to gt = greater than lt = less than range = inclusive range of ports (you must specify two ports for the port parameter.)

1430

Security

show config

port port

destination precedence precedence tos tos-value count byte log

Enter the IP address of the network or host to which the packets are sent. Enter the keyword precedence followed by a number from 0 to 7 as the precedence value. Enter the keyword tos followed by a number from 0 to 15 as the TOS value. (OPTIONAL) Enter the keyword count to count packets processed by the filter. (OPTIONAL) Enter the keyword byte to count only bytes processed by the filter. (OPTIONAL) Enter the keyword log to have the information kept in a Trace-list log file.

Defaults Command Modes Command History

Not configured. TRACE LIST

Version 7.4.1.0 Deprecated established keywordnot supported on TeraScale line cards. Configure a filter to drop packets. Configure a filter to forward packets.

Related Commands

deny permit

show config
e
Syntax Command Modes

View the current IP trace list configuration. show config TRACE LIST

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1431

show ip accounting trace-lists

Example

Figure 491 show config Command Example in TRACE LIST Mode

Force10(config-trace-acl)#show config ! ip trace-list suzanne seq 5 deny tcp any any Force10(config-trace-acl)#

show ip accounting trace-lists

e
Syntax Parameters

View the trace lists created on the switch and the sequence of filters. show ip accounting trace-lists [trace-list-name [linecard number]] trace-list-name linecard number
(OPTIONAL) Enter the name of the trace list to be displayed. (OPTIONAL) Enter the keyword linecard followed by the line card number to view the Trace list information on that line card. C-Series and S-Series Range: 0-7on the C300 E-Series Range: 0 to 13 on a E1200, 0 to 6 on a E600, and 0 to 5 on a E300.

Command Modes

EXEC EXEC Privilege

Command History

Version 7.6.1.0 Version 7.5.1.0

Support added for S-Series Support added for C-Series

Example

Figure 492 show ip accounting trace-lists Command Example

Force10#show ip accounting trace-list suzanne Trace List suzanne seq 5 deny ip any any count (0x00 packets) seq 10 permit tcp 10.1.1.0 /24 any count bytes (0x00 bytes) Force10#

Secure DHCP Commands

clear ip dhcp snooping

ip dhcp snooping trust ip dhcp source-address-validation ip dhcp snooping vlan show ip dhcp snooping

clear ip dhcp snooping

cs
Syntax Command Modes Default Command History Related Commands

Clear the DHCP binding table. clear ip dhcp snooping binding EXEC Privilege None
Version 7.8.1.0 Introduced on C-Series and S-Series

show ip dhcp snooping

Display the contents of the DHCP binding table.

ip dhcp relay
cs
Syntax Parameters

Enable Option 82. ip dhcp relay information-option [trust-downstream] trust-downstream

Configure the system to trust Option 82 when it is received from the previous-hop router.

Command Modes Default Command History

CONFIGURATION Disabled
Version 7.8.1.0 Introduced on C-Series and S-Series

ip dhcp snooping
cs
Syntax Command Modes

Enable DHCP Snooping globally. [no] ip dhcp snooping CONFIGURATION Publication Date: July 20, 2011 1433

Command Line Reference for FTOS version 8.4.2.4

ip dhcp snooping database

Default Command History Usage Information

Disabled
Version 7.8.1.0 Introduced on C-Series and S-Series

Related Commands

ip dhcp snooping database

cs
Syntax Parameters

Delay writing the binding table for a specified time. ip dhcp snooping database write-delay minutes minutes CONFIGURATION None
Version 7.8.1.0 Introduced on C-Series and S-Series Range: 5-21600

Command Modes Default Command History

ip dhcp snooping binding

cs
Syntax

Create a static entry in the DHCP binding table. [no] ip dhcp snooping binding mac address vlan-id vlan-id ip ip-address interface type slot/port lease number mac address vlan-id vlan-id ip ip-address
Enter the keyword mac followed by the MAC address of the host to which the server is leasing the IP address. Enter the keyword vlan-id followed by the VLAN to which the host belongs. Range: 2-4094 Enter the keyword ip followed by the IP address that the server is leasing.

Parameters

1434

Security

ip dhcp snooping database renew

interface type

Enter the keyword interface followed by the type of interface to which the host is connected.

slot/port lease time

Enter the slot and port number of the interface. Enter the keyword lease followed by the amount of time the IP address will be leased. Range: 1-4294967295

Command Modes

EXEC EXEC Privilege

Default Command History Related Commands

None
Version 7.8.1.0 Introduced on C-Series and S-Series

show ip dhcp snooping

Display the contents of the DHCP binding table.

ip dhcp snooping database renew

cs
Syntax Command Modes

Renew the binding table. ip dhcp snooping database renew EXEC EXEC Privilege

Default Command History

None
Version 7.8.1.0 Introduced on C-Series and S-Series

ip dhcp snooping trust

cs
Syntax

Configure an interface as trusted. [no] ip dhcp snooping trust Publication Date: July 20, 2011 1435

Command Line Reference for FTOS version 8.4.2.4

ip dhcp source-address-validation

Command Modes Default Command History

INTERFACE Untrusted
Version 7.8.1.0 Introduced on C-Series and S-Series

ip dhcp source-address-validation
cs
Syntax Command Modes Default Command History

Enable IP Source Guard. [no] ip dhcp source-address-validation INTERFACE Disabled

Version 7.8.1.0 Introduced on C-Series and S-Series

ip dhcp snooping vlan

cs
Syntax Parameters

Enable DHCP Snooping on one or more VLANs. [no] ip dhcp snooping vlan name name CONFIGURATION Disabled
Version 7.8.1.0 Introduced on C-Series and S-Series Enter the name of a VLAN on which to enable DHCP Snooping.

Command Modes Default Command History Usage Information Related Commands

When enabled the system begins creating entries in the binding table for the specified VLAN(s). Note that learning only happens if there is a trusted port in the VLAN.
ip dhcp snooping trust

Configure an interface as trusted.

show ip dhcp snooping

cs
1436 Display the contents of the DHCP binding table. Security

show ip dhcp snooping show ip dhcp snooping binding EXEC EXEC Privilege
Default Command History Related Commands

Syntax Command Modes

None
Version 7.8.1.0 Introduced on C-Series and S-Series

clear ip dhcp snooping

Clear the contents of the DHCP binding table.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1437

show ip dhcp snooping

1438

Security

Chapter 52

Service Provider Bridging

Overview
Service Provider Bridging is composed of VLAN Stacking, Layer 2 Protocol Tunneling, and Provider Backbone Bridging as described in the FTOS Configuration Guide Service Provider Bridging chapter. This chapter includes CLI information for FTOS Layer 2 Protocol Tunneling (L2PT). L2PT enables protocols to tunnel through an 802.1q tunnel. L2PT is available in FTOS for the C-Series c, E-Series e, and S-Series s. L2PT is supported on E-Series ExaScale ex with FTOS 8.2.1.0. and later. Refer to Chapter 61, VLAN Stacking or Chapter 58, Spanning Tree Protocol (STP) and Chapter 20, GARP VLAN Registration (GVRP) for further information related to those features.

Commands
The L2PT commands are: debug protocol-tunnel protocol-tunnel protocol-tunnel destination-mac protocol-tunnel enable protocol-tunnel rate-limit show protocol-tunnel

Important Points to Remember

L2PT is enabled at the interface VLAN-Stack VLAN level. For details on Stackable VLAN (VLAN-Stacking) commands, see Chapter 61, VLAN Stacking. The default behavior is to disable protocol packet tunneling through the 802.1q tunnel. Rate-limiting is required to protect against BPDU attacks. A port channel (including through LACP) can be configured as a VLAN-Stack access or trunk port.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1439

debug protocol-tunnel

ARP packets work as expected across the tunnel. FEFD works the same as with Layer 2 links. Protocols that use Multicast MAC addresses (OSPF for example) work as expected and carry over to the other end of the VLAN-Stack VLAN.

debug protocol-tunnel
ces
Syntax

Enable debugging to ensure incoming packets are received and rewritten to a new MAC address. debug protocol-tunnel interface {in | out | both} [vlan vlan-id] [count value] To disable debugging, use the no debug protocol-tunnel interface {in | out | both} [vlan vlan-id] [count value] command.

Parameters

interface

Enter one of the following interfaces and slot/port information: For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/ port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

in | out | both vlan vlan-id count value

Enter the keyword in, out, or both to debug incoming interfaces, outgoing interfaces, or both incoming and outgoing interfaces. Enter the keyword vlan followed by the VLAN ID. Range: 1 to 4094 Enter the keyword count followed by the number of debug outputs. Range: 1 to 100

Defaults Command Modes Command History

Debug Disabled EXEC Privilege

Version 8.2.1.0 Version 7.4.1.0 Introduced on the C-Series, E-Sereies and E-Series ExaScale. Introduced

1440

Service Provider Bridging

protocol-tunnel

protocol-tunnel
ces
Syntax

Enable protocol tunneling per VLAN-Stack VLAN. protocol-tunnel stp To disable protocol tunneling, use the no protocol-tunnel stp command.

Parameters

stp

Enter the keyword stp to enable protocol tunneling on a spanning tree, including STP, MSTP, RSTP, and PVST.

Defaults Command Modes Command History

No default values or behavior CONF-IF-VLAN

Version 8.2.1.0 Version 7.4.1.0 Introduced on the C-Series, E-Sereies and E-Series ExaScale. Introduced

Example

Figure 493 Protocol-tunneling Command Example

Force10#conf Force10(conf)#interface vlan 2 Force10(conf-if-vl-2)#vlan-stack compatible Force10(conf-if-vl-2)#member Gi1/2-3 Force10(conf-if-vl-2)#protocol-tunnel stp Force10(conf-if-vl-2)#

Usage Information

Note: When VLAN-Stacking is enabled, no protocol packets are tunneled.

Related Commands

show protocol-tunnel

Display tunneling information for all VLANs

protocol-tunnel destination-mac
ces
Syntax Parameters

Overwrite the BPDU destination MAC address with a specific value. protocol-tunnel destination-mac xstp address stp
Change the default destination MAC address used for L2PT to another value.

Defaults Command Modes Command History

The default destination MAC is 01:01:e8:00:00:00. CONFIGURATION

Version 8.2.1.0 Version 7.4.1.0 Introduced on the C-Series and S-Series. Introduced

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1441

protocol-tunnel enable

Usage Information Related Commands

When VLAN-Stacking is enabled, no protocol packets are tunneled.

show protocol-tunnel

Display tunneling information for all VLANs

protocol-tunnel enable
ces
Syntax

Enable protocol tunneling globally on the system. protocol-tunnel enable To disable protocol tunneling, use the no protocol-tunnel enable command.

Defaults Command Modes Command History Usage Information

Disabled CONFIGURATION
Version 7.4.1.0 Introduced

FTOS must have the default CAM profile with the default microcode before you enable L2PT.

protocol-tunnel rate-limit
ces
Syntax

Enable traffic rate limiting per box. protocol-tunnel rate-limit rate To reset the rate limit to the default, use the no protocol-tunnel rate-limit rate command.

Parameters

rate

Enter the rate in frames per second. Range: 75 to 3000 Default: 75

Defaults Command Modes Command History

75 Frames per second CONFIGURATION

Version 8.2.1.0 Version 7.4.1.0 Introduced on the C-Series, E-Series Terascale, and E-Series ExaScale. Maximum rate limit on E-Series reduced from 4000 to 3000. Introduced

1442

Service Provider Bridging

show protocol-tunnel

Example

Figure 494 protocol-tunnel rate-limit Command Example

Force10# Force10#conf Force10(conf)#protocol-tunnel rate-limit 1000 Force10(conf)#

Related Commands

show protocol-tunnel show running-config

Display tunneling information for all VLANs Display the current configuration.

show protocol-tunnel
ces
Syntax Parameters

Display protocol tunnel information for all or a specified VLAN-Stack VLAN. show protocol-tunnel [vlan vlan-id] vlan vlan-id
(OPTIONAL) Enter the keyword vlan followed by the VLAN ID to display information for the one VLAN. Range: 1 to 4094

Defaults Command Modes Command History

No default values or behavior EXEC

Version 8.2.1.0 Version 7.4.1.0 Introduced on the C-Series, E-Sereies and E-Series ExaScale. Introduced

Example

Figure 495 show protocol-tunnel Command Example

Force10#show protocol-tunnel System Rate-Limit: 1000 Frames/second Interface Vlan Protocol(s) Gi1/2 2 STP, PVST Gi1/3 3 STP, PVST Po35 4 STP, PVST Force10#

Example

Figure 496 show protocol-tunnel command example for a specific VLAN

Force10#show protocol-tunnel vlan 2 System Rate-Limit: 1000 Frames/second Interface Vlan Protocol(s) Gi1/2 2 STP, PVST Force10#

Related Commands

show running-config

Display the current configuration.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1443

show protocol-tunnel

1444

Service Provider Bridging

Chapter 53

sFlow

Overview
sFlow commands are supported on these platforms:

c e s.

FTOS sFlow monitoring system includes an sFlow Agent and an sFlow Collector. The sFlow Agent combines the flow samples and interface counters into sFlow datagrams and forwards them to the sFlow Collector. The sFlow Collector analyses the sFlow Datagrams received from the different devices and produces a network-wide view of traffic flows.

Important Points to Remember

Force10 Networks recommends that the sFlow Collector be connected to the Force10 chassis through a line card port rather than the RPM Management Ethernet port. FTOS exports all sFlow packets to the sFlow Collector. A small sampling rate can equate to a large number of exported packets. A backoff mechanism will automatically be applied to reduce this amount. Some sampled packets may be dropped when the exported packet rate is high and the backoff mechanism is about to or is starting to take effect. The dropEvent counter, in the sFlow packet, will always be zero. sFlow sampling is done on a per-port basis. Community list and local preference fields are not filled up in the extended gateway element in the sFlow datagram. The 802.1P source priority field is not filled up in the extended switch element in the sFlow datagram. Only Destination and Destination Peer AS numbers are packed in the dst-as-path field in the extended gateway element. If the packet being sampled is redirected using PBR (Policy-Based Routing), the sFlow datagram may contain incorrect extended gateway/router information. sFlow does not support packing extended information for IPv6 packets. Only the first 128 bytes of the IPv6 packet is shipped in the datagram. The source VLAN field in the extended switch element will not be packed in case of a routed packet. The destination VLAN field in the extended switch element will not be packed in case of a multicast packet. The maximum number of packets that can be sampled and processed per second is:

7500 packets when no extended information packing is enabled

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1445

7500 packets when only extended-switch information packing is enabled (see sflow extended-switch enable) 1600 packets when extended-router and/or extended-gateway information packing is enabled (see Figure and sflow extended-gateway enable)

Commands
The sFlow commands are: sflow collector sflow enable (Global) sflow enable (Interface) sflow extended-gateway enable sflow extended-router enable sflow extended-switch enable sflow polling-interval (Global) sflow polling-interval (Interface) sflow sample-rate (Global) sflow sample-rate (Interface) show sflow show sflow linecard

1446

sFlow

sflow collector

sflow collector
ces
Syntax

Configure a collector device to which sFlow datagrams are forwarded. sflow collector {ipv4-address | ipv6-address} agent-addr {ipv4-address | ipv6-address} [number [max-datagram-size number]] | [max-datagram-size number] sflow collector ipv4-address | ipv6-address agent-addr ipv4-address | ipv6-address number
Enter the IPv4 (A.B.C.D) or IPv6 address (X:X:X:X::X) of the sFlow collector device. Enter the IPv4 (A.B.C.D) or IPv6 address (X:X:X:X::X) of the sFlow agent in the router. (OPTIONAL) Enter the UDP port number (User Datagram Protocol). Range: 0 to 65535 Default: 6343 (OPTIONAL) Enter the keyword max-datagram-size followed by the size number in bytes. Range: 400 to 1500 Default: 1400

Parameters

max-datagram-size number

Defaults Command Modes Command History

Not configured CONFIGURATION

Version 8.4.2.3 Version 8.4.1.1 Version 8.2.1.0 Version 8.1.1.0 Version 7.7.1.0 Version 7.6.1.0 Version 6.5.1.0 Version 6.2.1.1 Support for IPv6 sFlow collectors and agents was added on the E-series TeraScale, C-Series, and S-Series. Support for IPv6 sFlow collectors and agents was added on the E-series ExaScale. Introduces on S-Series Stacking Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Expanded the no form of the command to mirror the syntax used to configure Introduced on E-Series

Usage Information

You can configure up to two sFlow collectors (IPv4 or IPv6). If two collectors are configured, traffic samples are sent to both. The sFlow agent address is carried in a field in SFlow packets and is used by the collector to identify the sFlow agent. IPv6 sFlow collectors and agents are supported on E-Series (ExaScale and TeraScale), C-Series, and S-Series routers. To delete a configured collector, enter the no sflow collector {ipv4-address | ipv6-address} agent-addr {ipv4-address | ipv6-address} [number [max-datagram-size number]] | [max-datagram-size number] command.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1447

sflow enable (Global)

As part of the sFlow-MIB, if the SNMP request originates from a configured collector, FTOS will return the corresponding configured agent IP in MIB requests. FTOS checks to ensure that two entries are not configured for the same collector IP with a different agent IP. Should that happen, FTOS generates the following error:
%Error: Different agent-addr attempted for an existing collector

sflow enable (Global)

ces
Syntax

Enable sFlow globally. sflow enable To disable sFlow, use the no sflow enable command.

Defaults Command Modes Command History

sFlow is disabled by default CONFIGURATION

Version 8.2.1.0 Version 8.1.1.0 Version 7.7.1.0 Version 7.6.1.0 Version 6.2.1.1 Introduces on S-Series Stacking Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information Related Commands

sFlow is disabled by default. In addition to this command, sFlow needs to be enable on individual interfaces where sFlow sampling is desired.
sflow enable (Interface) Enable sFlow on Interfaces.

sflow enable (Interface)

ces
Syntax

Enable sFlow on Interfaces. sflow enable To disable sFlow, use the no sflow enable command.

Defaults Command Modes Command History

sFlow is disabled by default on all interfaces INTERFACE

Version 8.2.1.0 Version 8.1.1.0 Version 7.7.1.0 Introduces on S-Series Stacking Introduced on E-Series ExaScale Introduced on S-Series

1448

sFlow

sflow extended-gateway enable

Version 7.6.1.0 Version 6.2.1.1 Usage Information

Introduced on C-Series Introduced on E-Series

When sFlow is enable on an interface, flow sampling is done on any traffic going out of the interface.

Note: Once a physical port is a member of a LAG, it will inherit the sFlow
configuration from the LAG port.
Related Commands

sflow enable (Global)

Turn sFlow on globally

sflow extended-gateway enable

e
Syntax

Enable packing information on an extended gateway. sflow extended-gateway [extended-router] [extended-switch] enable To disable packing information, use the no sflow extended-gateway [extended-router] [extended-switch] enable command.

Parameters

extended-router extended-switch enable

Enter the keyword extended-router to collect extended router information. Enter the keyword extended-switch to collect extended switch information. Enter the keyword enable to enable global extended information.

Defaults Command Modes Command History

Disabled CONFIGURATION
Version 8.1.1.0 Version 7.4.1.0 Introduced on E-Series ExaScale Introduced on E-Series

Usage Information

The show sflow command displays the configured global extended information. FTOS 7.8.1.0 and later enhances the sFlow implementation for real time traffic analysis on the E-Series to provide extended gateway information in cases where the destination IP addresses are learned by different routing protocols, and for cases where the destination is reachable over ECMP.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1449

sflow extended-router enable

Example

Figure 497 show sflow Command Output

Force10#show sflow sFlow services are enabled Global default sampling rate: 64 Global default counter polling interval: 1000 Global extended information enabled: gateway, router, switch 1 collectors configured Collector IP addr: 20.20.20.2, Agent IP addr: 10.11.201.7, UDP port: 6343 1732336 UDP packets exported 0 UDP packets dropped 12510225 sFlow samples collected 0 sFlow samples dropped due to sub-sampling Force10#

Related Commands

show sflow

Display the sFlow configuration

sflow extended-router enable

e
Syntax

Enable packing information on a router and switch. sflow extended-router [extended-switch] enable To disable packing information, use the no sflow extended-router [extended-switch] enable command.

Parameters

extended-switch enable

Enter the keyword extended-switch to collect extended switch information. Enter the keyword enable to enable global extended information.

Defaults Command Modes Command History

Disabled CONFIGURATION
Version 8.1.1.0 Version 7.4.1.0 Introduced on E-Series ExaScale Introduced on E-Series

Usage Information

FTOS 7.8.1.0 and later enhances the sFlow implementation for real time traffic analysis on the E-Series to provide extended gateway information in cases where the destination IP addresses are learned by different routing protocols, and for cases where the destination is reachable over ECMP.
sflow extended-gateway enable sflow extended-switch enable show sflow Enable packing information on an extended gateway Enable packing information on a switch. Display the sFlow configuration

Related Commands

1450

sFlow

sflow extended-switch enable

ces
Syntax

Enable packing information on a switch only. sflow extended-switch enable To disable packing information, use the no sflow extended-switch [enable] command.

Parameters

enable Disabled CONFIGURATION

Version 8.2.1.0 Version 8.1.1.0 Version 7.7.1.0 Version 7.6.1.0 Version 7.4.1.0

Enter the keyword enable to enable global extended information.

Defaults Command Modes Command History

Introduces on S-Series Stacking Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

FTOS 7.8.1.0 and later enhances the sFlow implementation for real time traffic analysis on the E-Series to provide extended gateway information in cases where the destination IP addresses are learned by different routing protocols, and for cases where the destination is reachable over ECMP.
sflow extended-gateway enable sflow extended-router enable show sflow Enable packing information on an extended gateway. Enable packing information on a router. Display the sFlow configuration

Related Commands

sflow polling-interval (Global)

ces
Syntax

Set the sFlow polling interval at a global level. sflow polling-interval interval value To return to the default, use the no sflow polling-interval interval command.

Parameters

interval value

Enter the interval value in seconds. Range: 15 to 86400 seconds Default: 20 seconds

Defaults Command Modes Command History

20 seconds CONFIGURATION
Version 8.2.1.0 Version 8.1.1.0 Introduces on S-Series Stacking Introduced on E-Series ExaScale

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1451

sflow polling-interval (Interface)

Version 7.7.1.0 Version 7.6.1.0 Version 6.2.1.1 Usage Information

Introduced on S-Series Introduced on C-Series Introduced on E-Series

The polling interval for an interface is the maximum number of seconds between successive samples of counters to be sent to the collector. This command changes the global default counter polling (20 seconds) interval. You can configure an interface to use a different polling interval.
sflow polling-interval (Interface) Set the polling interval for an interface

Related Commands

sflow polling-interval (Interface)

ces
Syntax

Set the sFlow polling interval at an interface (overrides the global-level setting.) sflow polling-interval interval value To return to the default, use the no sflow polling-interval interval command.

Parameters

interval value

Enter the interval value in seconds. Range: 15 to 86400 seconds Default: The global counter polling interval

Defaults Command Modes Command History

The same value as the current global default counter polling interval INTERFACE
Version 8.2.1.0 Version 8.1.1.0 Version 7.7.1.0 Version 7.6.1.0 Version 6.2.1.1 Introduces on S-Series Stacking Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information Related Commands

This command sets the counter polling interval for an interface.

sflow polling-interval (Global)

Globally set the polling interval

1452

sFlow

sflow sample-rate (Global)

ces
Syntax

Change the global default sampling rate. sflow sample-rate value To return to the default sampling rate, enter the no sflow sample-rate.

Parameters

value

Enter the sampling rate value. Range: C-Series and S-Series: 256 to 8388608 packets E-Series TeraScale and ExaScale: 2 to 8388608 Enter values in powers of 2 only, for example 4096, 8192, 16384 etc. Default: 32768 packets

Defaults Command Modes Command History

32768 CONFIGURATION
Version 8.2.1.0 Version 8.1.1.0 Version 7.7.1.0 Version 7.6.1.0 Version 6.2.1.1 Introduces on S-Series Stacking Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

Sample-rate is the average number of packets skipped before the sample is taken. This command changes the global default sampling rate. You can configure an interface to use a different sampling rate than the global sampling rate. If the value entered is not a correct power of 2, the command generates an error message with the previous and next power of 2 value. Select one of these two packet numbers and re-enter the command.
sflow sample-rate (Interface) Change the Interface sampling rate.

Related Commands

sflow sample-rate (Interface)

ces
Syntax

Change the Interface default sampling rate. sflow sample-rate value To return to the default sampling rate, enter the no sflow sample-rate.

Parameters

value

Enter the sampling rate value. Range: C-Series and S-Series: 256 to 8388608 packets E-Series TeraScale and ExaScale: 2 to 8388608 packets Enter values in powers of 2 only, for example 4096, 8192, 16384 etc. Default: 32768 packets

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1453

show sflow

Defaults Command Modes Command History

The Global default sampling CONFIGURATION

Usage Information

This command changes the sampling rate for an Interface. By default, the sampling rate of an interface is set to the same value as the current global default sampling rate. If the value entered is not a correct power of 2, the command generates an error message with the previous and next power-of-2 value. Select one of these two number and re-enter the command.
sflow sample-rate (Global) Change the sampling rate globally.

Related Commands

show sflow
ces
Syntax Parameters

Display the current sFlow configuration show sflow [interface] interface

(OPTIONAL) Enter the following keywords and slot/port or number information: For an 100/1000 Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Loopback interface, enter the keyword loopback followed by a number from 0 to 16383. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.2.1.0 Version 8.1.1.0 Version 7.7.1.0 Version 7.6.1.0 Version 6.2.1.1

Introduces on S-Series Stacking Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

1454

sFlow

show sflow linecard

Example

Figure 498 show sflow Command Example

Force10#show sflow sFlow services are enabled Global default sampling rate: 32768 Global default counter polling interval: 20 1 collectors configured Collector IP addr: 133.33.33.53, Agent IP addr: 133.33.33.116, UDP port: 6343 0 UDP packets exported 0 UDP packets dropped 165 sFlow samples collected 0 sFlow samples dropped due to sub-sampling This count is always zero (0) Linecard 1 Port set 0 H/W sampling rate 8192 Gi 1/16: configured rate 8192, actual rate 8192, sub-sampling rate 1 Gi 1/17: configured rate 16384, actual rate 16384, sub-sampling rate 2 Linecard 3 Port set 1 H/W sampling rate 16384 Gi 3/40: configured rate 16384, actual rate 16384, sub-sampling rate 1 Force10#

Usage Information

The dropEvent counter (sFlow samples dropped due to sub-sampling) shown in the figure above will always display a value of zero.

show sflow linecard

ces
Syntax Parameters

Display the sFlow information on a line card. show sflow linecard {slot number} slot number
(OPTIONAL) Enter a slot number to view information on the line card in that slot. Range: 0 to 13 on a E1200, 0 to 6 on a E600/E600i, and 0 to 5 on a E300.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.2.1.0 Version 8.1.1.0 Version 7.7.1.0 Version 7.6.1.0 Version 6.2.1.1

Introduces on S-Series Stacking Introduced on E-Series ExaScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

Example

Figure 499 show sflow linecard Command Example

Force10#show sflow linecard 1 Linecard 1 Samples rcvd from h/w Samples dropped for sub-sampling Total UDP packets exported UDP packets exported via RPM UDP packets dropped Force10#

:165 :0 :0 :77 :

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1455

show sflow linecard

1456

sFlow

Chapter 54
Overview

SNMP and Syslog

This chapter contains commands to configure and monitor SNMP v1/v2/v3 and Syslog. Both features are supported on the C-Series, E-Series, and S-Series platforms, as indicated by the following symbols under each of the command headings: c e s The chapter contains the following sections: SNMP Commands Syslog Commands

SNMP Commands
The SNMP commands available in FTOS are: show snmp show snmp engineID show snmp group show snmp user snmp ifmib ifalias long snmp-server community snmp-server contact snmp-server enable traps snmp-server engineID snmp-server group snmp-server host snmp-server location snmp-server packetsize snmp-server trap-source snmp-server user snmp-server view snmp trap link-status

The Simple Network Management Protocol (SNMP) is used to communicate management information between the network management stations and the agents in the network elements. FTOS supports SNMP versions 1, 2c, and 3, supporting both read-only and read-write modes. FTOS sends SNMP traps, which are messages informing an SNMP management system about the network. FTOS supports up to 16 SNMP trap receivers.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1457

show snmp

Important Points to Remember

Typically, 5-second timeout and 3-second retry values on an SNMP server are sufficient for both LAN and WAN applications. If you experience a timeout with these values, the recommended best practice on Force10 switches (to accommodate their high port density) is to increase the timeout and retry values on your SNMP server to the following: SNMP Timeoutgreater than 3 seconds SNMP Retry countgreater than 2 seconds If you want to query an E-Series switch using SNMP v1/v2/v3 with an IPv6 address, configure the IPv6 address on a non-management port on the switch. If you want to send SNMP v1/v2/v3 traps from an E-Series using an IPv6 address, use a non-management port. SNMP v3 informs are not currently supported with IPv6 addresses. If you are using ACLs in SNMP v3 configuration, group ACL overrides user ACL if the user is part of that group. SNMP operations are not supported on a VLAN.

show snmp
ces
Syntax Command Modes

Display the status of SNMP network elements. show snmp EXEC EXEC Privilege

Command History

Version 7.6.1.0 Version 7.5.1.0

Support added for S-Series Support added for C-Series

E-Series legacy command

1458

SNMP and Syslog

show snmp engineID

Example

Figure 500 show snmp Command Example

Force10#show snmp 32685 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 96988 Number of requested variables 0 Number of altered variables 31681 Get-request PDUs 968 Get-next PDUs 0 Set-request PDUs 61727 SNMP packets output 0 Too big errors (Maximum packet size 1500) 9 No such name errors 0 Bad values errors 0 General errors 32649 Response PDUs 29078 Trap PDUs Force10#

Related Commands

snmp-server community

Enable SNMP and set community string.

show snmp engineID

ces
Syntax Command Modes

Display the identification of the local SNMP engine and all remote engines that are configured on the router. show snmp engineID EXEC EXEC Privilege

Command History

Version 7.6.1.0 Version 7.5.1.0

Support added for S-Series Support added for C-Series E-Series legacy command

Example

Figure 501 show snmp engineID Command

Force10#show snmp engineID Local SNMP engineID: 0000178B02000001E80214A8 Remote Engine ID IP-addr 80001F88043132333435 172.31.1.3 80001F88043938373635 172.31.1.3 Force10#

Port 5009 5008

Related Commands

snmp-server engineID

Configure local and remote SNMP engines on the router

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1459

show snmp group

ces
Syntax Command Modes

Display the group name, security model, status, and storage type of each group. show snmp group EXEC EXEC Privilege

Command History

Version 7.6.1.0 Version 7.5.1.0

Support added for S-Series Support added for C-Series E-Series legacy command

Usage Information

The following example displays a group named ngroup. The ngroup has a security model of version 3 (v3) with authentication (auth), the read and notify name is nview with no write view name specified, and finally the row status is active. Figure 502 show snmp group Command Example
Force10#show snmp group groupname: ngroup readview : nview notifyview: nview row status: active Force10# security model: v3 auth writeview: no write view specified

Example

Related Commands

snmp-server group

Configure an SNMP server group

1460

SNMP and Syslog

show snmp user

ces
Syntax Command Modes

Display the information configured on each SNMP user name. show snmp user EXEC EXEC Privilege

Example

Figure 503 show snmp user Command Example

Force10#show snmp user User name: v1v2creadu Engine ID: 0000178B02000001E80214A8 storage-type: nonvolatile active Authentication Protocol: None Privacy Protocol: None Force10#

Command History

Version 7.6.1.0 Version 7.5.1.0

Support added for S-Series Support added for C-Series E-Series legacy command

snmp ifmib ifalias long

ces
Syntax Defaults Command Modes Command History

Display the entire description string through the Interface MIB, which would be truncated otherwise to 63 characters. snmp ifmib ifalias long Interface description truncated beyond 63 characters CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 unknown Introduced for S-Series Introduced for C-Series Introduced for E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1461

snmp-server community

Example

Figure 504 snmp ifmib ifalias long Command Example

!------command run on host connected to switch: --------------! > snmpwalk -c public 10.10.10.130 .1.3.6.1.2.1.31 | grep -i alias | more IF-MIB::ifAlias.134530304 = STRING: This is a port connected to Router2. This is a port connected to IF-MIB::ifAlias.134792448 = STRING: !------command run on Force10 switch: --------------! Force10#snmp ifmib ifalias long !------command run on server connected to switch: --------------! > snmpwalk -c public 10.10.10.130 .1.3.6.1.2.1.31 | grep -i alias | more IF-MIB::ifAlias.134530304 = STRING: This is a port connected to Router2. This is a port connected to Router2. This is a port connected to Router2. This is a port connected to Router2. This is a port connected to Router2. IF-MIB::ifAlias.134792448 = STRING:

snmp-server community
ces
Syntax

Configure a new community string access for SNMPv1, v2, and v3. snmp-server community community-name {ro | rw} [ipv6 ipv6-access-list-name [ipv6 ipv6-access-list-name | access-list-name | security-name name] | security-name name [ipv6 ipv6-access-list-name | access-list-name | security-name name] | access-list-name [ipv6 ipv6-access-list-name | access-list-name | security-name name]]] To remove access to a community, use the no snmp-server community community-string {ro | rw} [security-name name [access-list-name | ipv6 access-list-name | access-list-name ipv6 access-list-name]] command.

Parameters

community-name ro rw ipv6 access-list-name security-name name access-list-name

Enter a text string (up to 20 characters long) to act as a password for SNMP. Enter the keyword ro to specify read-only permission. Enter the keyword rw to specify read-write permission. (Optional) Enter the keyword ipv6 followed by a an IPv6 ACL name (a string up to 16 characters long). (Optional) Enter the keyword security-name followed by the security name as defined by the community MIB. (Optional) Enter a standard IPv4 access list name (a string up to 16 characters long).

Defaults Command Modes Command History

No default behavior or values CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 pre-Ver. 6.2.1.1 Support added for S-Series Support added for C-Series Introduced on E-Series

1462

SNMP and Syslog

snmp-server community The example below configures a community named public that is mapped to the security named guestuser with Read Only (ro) permissions. Figure 505 snmp-server community Command Example
Force10#config Force10(conf)# snmp-server community public ro Force10(conf)# snmp-server community guest ro security-name guestuser Force10(conf)#

Usage Information Example

The security-name parameter maps the community string to an SNMPv3 user/security name as defined by the community MIB. If a community string is configured without a security-name (for example, snmp-server community public ro), the community is mapped to a default security-name/group: v1v2creadu / v1v2creadg maps to a community with ro permissions v1v2cwriteu/ v1v2cwriteg maps to a community with rw permissions

This command is indexed by the community-name parameter. If the snmp-server community command is not configured, you cannot query SNMP data. Only Standard IPv4 ACL and IPv6 ACL is supported in the optional access-list-name.. The command options ipv6, security-name, and access-list-name are recursive. In other words, each option can, in turn, accept any of the three options as a sub-option, and each of those sub-options can accept any of the three sub-options as a sub-option, and so forth. The following example demonstrates the creation of a standard IPv4 ACL called snmp-ro-acl and then assigning it to the SNMP community guest:
Example

Figure 506 snmp-server community Command Example

Force10(conf)# ip access-list standard snmp-ro-acl Force10(config-std-nacl)#seq 5 permit host 10.10.10.224 Force10(config-std-nacl)#seq 10 deny any count ! Force10(conf)#snmp-server community guest ro snmp-ro-acl Force10(conf)#

Note: For IPv6 ACLs, only IPv6 and UDP types are valid for SNMP; TCP, ICMP rules
are not valid for SNMP. In IPv6 ACLs port rules are not valids for SNMP.
Related Commands

ip access-list standard ipv6 access-list show running-config snmp

Name (or select) a standard access list to filter based on IP address. Configure an access list based on IPv6 addresses or protocols. Display the current SNMP configuration and defaults.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1463

snmp-server contact

snmp-server contact
ces
Syntax

Configure contact information for troubleshooting this SNMP node. snmp-server contact text To delete the SNMP server contact information, use the no snmp-server contact command.

Parameters

text

Enter an alphanumeric text string, up to 55 characters long.

Defaults Command Modes Command History

No default values or behavior CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 Support added for S-Series Support added for C-Series E-Series legacy command

1464

SNMP and Syslog

snmp-server enable traps

ces
Syntax

Enable and configure SNMP traps. snmp-server enable traps [notification-type] [notification-option] To disable traps, use the no snmp-server enable traps [notification-type] [notification-option] command.

Parameters

notification-type

Enter the type of notification from the list below:

bgpNotification of changes in BGP process envmonFor Force10 Networks, device notifications when an
environmental threshold is exceeded snmpNotification of RFC 1157 traps. stp Notification of state change in Spanning Tree protocol (RFC 1493) vrrpNotification of state change in a VRRP group xstpNotification of state change in MSTP (802.1s), RSTP (802.1w), and PVST+

notification-option

For the envmon notification-type, enter one of the following optional parameters: fan supply temperature

For the snmp notification-type, enter one of the following optional parameters: Defaults Command Modes Command History authentication coldstart linkdown linkup

Not enabled. CONFIGURATION

Version 8.4.1.0 Version 7.6.1.0 Version 7.5.1.0 Support was added for VRRP traps. Support added for S-Series; Added support for STP and xSTP traps. Support added for C-Series

E-Series legacy command Usage Information

FTOS supports up to 16 SNMP trap receivers. If this command is not configured, no traps controlled by this command are sent. If you do not specify a notification-type and notification-option, all traps are enabled.

Related Commands

snmp-server community

Enable SNMP and set the community string.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1465

snmp-server engineID

snmp-server engineID
ces
Syntax

Configure name for both the local and remote SNMP engines on the router. snmp-server engineID [local engineID] [remote ip-address udp-port port-number engineID] To return to the default, use the no snmp-server engineID [local engineID] [remote ip-address udp-port port-number engineID] command

Parameters

local engineID

Enter the keyword local followed by the engine ID number that identifies the copy of the SNMP on the local device. Format (as specified in RFC 3411): 12 octets. The first 4 octets are set to the private enterprise number. The remaining 8 octets are the MAC address of the chassis.

remote ip-address udp-port port-number engineID

Enter the keyword remote followed by the IP address that identifies the copy of the SNMP on the remote device. Enter the keyword udp-port followed by the UDP (User Datagram Protocol) port number on the remote device. Range: 0 to 65535 Default: 162

Defaults Command Modes Command History

As above CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 Support added for S-Series Support added for C-Series

E-Series legacy command Usage Information

Changing the value of the SNMP Engine ID has important side effects. A user's password (entered on the command line) is converted to an MD5 (Message Digest Algorithm) or SHA (Secure Hash Algorithm) security digest. This digest is based on both the password and the local Engine ID. The command line password is then destroyed, as required by RFC 2274. Because of this deletion, if the local value of the Engine ID changes, the security digests of SNMPv3 users will be invalid, and the users will have to be reconfigured. For the remote Engine ID, the host IP and UDP port are the indexes to the command that are matched to either overwrite or remove the configuration.

Related Commands

show snmp engineID show running-config snmp

Display SNMP engine and all remote engines that are configured on the router Display the SNMP running configuration

1466

SNMP and Syslog

snmp-server group

snmp-server group
ces
Syntax

Configure a new SNMP group or a table that maps SNMP users to SNMP views. snmp-server group [group_name {1 | 2c | 3 {auth | noauth | priv}}] [read name] [write name] [notify name] [access-list-name | ipv6 access-list-name | access-list-name ipv6 access-list-name]] To remove a specified group, use the no snmp-server group [group_name {v1 | v2c | v3 {auth | noauth | priv}}] [read name] [write name] [notify name] [access-list-name | ipv6 access-list-name | access-list-name ipv6 access-list-name]] command.

Parameters

group_name

Enter a text string (up to 20 characters long) as the name of the group. Defaults: The following groups are created for mapping to read/write community/security-names. v1v2creadg maps to a community/security-name with ro permissions 1v2cwriteg maps to a community/security-name rw permissions

1 | 2c | 3

(OPTIONAL) Enter the security model version number (1, 2c, or 3).

1 is the least secure version 3 is the most secure of the security modes. 2c allows transmission of informs and counter 64, which allows
for integers twice the width of what is normally allowed.

Default: 1

auth noauth priv read name

(OPTIONAL) Enter the keyword auth to specify authentication of a packet without encryption. (OPTIONAL) Enter the keyword noauth to specify no authentication of a packet. (OPTIONAL) Enter the keyword priv to specify both authentication and then scrambling of the packet. (OPTIONAL) Enter the keyword read followed by a name (a string of up to 20 characters long) as the read view name. Default: GlobalView is set by default and is assumed to be every object belonging to the Internet (1.3.6.1) OID space. (OPTIONAL) Enter the keyword write followed by a name (a string of up to 20 characters long) as the write view name. (OPTIONAL) Enter the keyword notify followed by a name (a string of up to 20 characters long) as the notify view name. (Optional) Enter the standard IPv4 access list name (a string up to 16 characters long). (Optional) Enter the keyword ipv6 followed by the IPv6 access list name (a string up to 16 characters long) (Optional) Enter both an IPv4 and IPv6 access list name.

write name notify name access-list-name ipv6 access-list-name access-list-name ipv6 access-list-name
Defaults Command Modes

As defined above CONFIGURATION

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1467

snmp-server host

Command History

Version 7.6.1.0 Version 7.5.1.0

Support added for S-Series Support added for C-Series

E-Series legacy command Usage Information

The following example specifies the group named harig as a version 3 user requiring both authentication and encryption and read access limited to the read named rview.

Note: For IPv6 ACLs, only IPv6 and UDP types are valid for SNMP; TCP, ICMP rules
are not valid for SNMP. In IPv6 ACLs port rules are not valids for SNMP.
Example

Figure 507 snmp-server group Command Example

Force10#conf Force10(conf)# snmp-server group harig 3 priv read rview Force10#

Note: The number of configurable groups is limited to 16 groups.

Related Commands

show snmp group show running-config snmp

Display the group name, security model, view status, and storage type of each group. Display the SNMP running configuration

snmp-server host
ces
Syntax

Parameters

ip-address ipv6-address

Enter the keyword host followed by the IP address of the host (configurable hosts is limited to 16). Enter the keyword host followed by the IPv6 address of the host in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zero (OPTIONAL) Enter the keyword traps to send trap notifications to the specified host. Default: traps (OPTIONAL) Enter the keyword informs to send inform notifications to the specified host. Default: traps

traps

informs

1468

SNMP and Syslog

snmp-server host

version 1 | 2c | 3

(OPTIONAL) Enter the keyword version to specify the security model followed by the security model version number 1, 2c, or 3. Version 1 is the least secure version version 3 is the most secure of the security modes. Version 2c allows transmission of informs and counter 64, which allows for integers twice the width of what is normally allowed.

Default: Version 1

auth noauth priv community-string

Note: For version 1 and version 2c security models, this string

represents the name of the SNMP community. The string can be set using this command, however it is recommended that you set the community string using the snmp-server community command before executing this command. For version 3 security model, this string is the USM user security name. udp-port port-number
(OPTIONAL) Enter the keywords udp-port followed by the port number of the remote host to use. Range: 0 to 65535. Default: 162 (OPTIONAL) Enter one of the following keywords for the type of trap to be sent to the host: bgp - BGP state change envmon - Environment monitor trap snmp - SNMP notification (RFC 1157) stp - Spanning Tree protocol notification (RFC 1493) vrrp - State change in a VRRP group xstp - State change in MSTP (802.1s), RSTP (802.1w), and PVST+ Default: All trap types are sent to host. Defaults Command Modes Command History

notification-type

As shown CONFIGURATION
Version 8.4.1.0 Version 7.6.1.0 Version 7.5.1.0 Support was added for VRRP traps. Support added for S-Series; Added support for STP and xSTP notification types. Support added for C-Series

E-Series legacy command Usage Information

In order to configure the router to send SNMP notifications, you must enter at least one snmp-server host command. If you enter the command with no keywords, all trap types are enabled for the host. If you do not enter an snmp-server host command, no notifications are sent.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1469

snmp-server location In order to enable multiple hosts, you must issue a separate snmp-server host command for each host. You can specify multiple notification types in the command for each host. When multiple snmp-server host commands are given for the same host and type of notification (trap or inform), each succeeding command overwrites the previous command. Only the last snmp-server host command will be in effect. For example, if you enter an snmp-server host inform command for a host and then enter another snmp-server host inform command for the same host, the second command will replace the first. The snmp-server host command is used in conjunction with the snmp-server enable command. Use the snmp-server enable command to specify which SNMP notifications are sent globally. For a host to receive most notifications, at least one snmp-server enable command and the snmp-server host command for that host must be enabled.

Note: For v1 / v2c trap configuration, if the community-string is not defined using the
snmp-server community command prior to using this command, the default form of the snmp-server community command will automatically be configured, with the community-name the same as specified in the snmp-server host command. Configuring Informs To send an inform, follow the step below. 1. 2. 3. 4. 5.
Related Commands

Configure a remote engine ID. Configure a remote user. Configure a group for this user with access rights. Enable traps. Configure a host to receive informs.
Enable SNMP traps. Configure a new community SNMPv1 or SNMPv2c

snmp-server enable traps snmp-server community

snmp-server location
ces
Syntax

Configure the location of the SNMP server. snmp-server location text To delete the SNMP location, enter no snmp-server location.

Parameters

text Not configured.

Enter an alpha-numeric text string, up to 55 characters long.

Defaults Command Modes Command History

CONFIGURATION
Version 7.6.1.0 Support added for S-Series

1470

SNMP and Syslog

snmp-server packetsize

Version 7.5.1.0

Support added for C-Series

E-Series legacy command

snmp-server packetsize
ces
Syntax Parameters

Set the largest SNMP packet size permitted when the SNMP server is receiving a request or generating a reply, use the snmp-server packetsize global configuration command. snmp-server packetsize byte-count byte-count
Enter one of the following values 8, 16, 24 or 32. Packet sizes are 8000 bytes, 16000 bytes, 32000 bytes, and 64000 bytes.

Defaults Command Modes Command History

8 CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 Support added for S-Series Support added for C-Series

E-Series legacy command

snmp-server trap-source
ces
Syntax

Configure a specific interface as the source for SNMP traffic. snmp-server trap-source interface To disable sending traps out a specific interface, enter no snmp trap-source.

Parameter

interface

Defaults Command Modes

The IP address assigned to the management interface is the default. CONFIGURATION

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1471

snmp-server user

Command History

Version 7.6.1.0 Version 7.5.1.0

Support added for S-Series Support added for C-Series

E-Series legacy command Usage Information Related Commands

For this snmp-server trap-source command to be enabled, you must configure an IP address on the interface and enable the interface configured as an SNMP trap source.
snmp-server community Set the community string.

snmp-server user
ces
Syntax

Configure a new user to an SNMP group. snmp-server user name {group_name remote ip-address udp-port port-number} [1 | 2c | 3 ] [encrypted] [auth {md5 | sha} auth-password ] [priv des56 priv password] [access-list-name | ipv6 access-list-name | access-list-name ipv6 access-list-name] To remove a user from the SNMP group, use the no snmp-server user name {group_name remote ip-address udp-port port-number} [1 | 2c | 3 ] [encrypted] [auth {md5 | sha} auth-password ] [priv des56 priv password] [access-list-name | ipv6 access-list-name | access-list-name ipv6 access-list-name] command.

Parameters

name group_name

Enter the name of the user (not to exceed 20 characters), on the host, that connects to the agent. Enter a text string (up to 20 characters long) as the name of the group. Defaults: The following groups are created for mapping to read/write community/security-names. v1v2creadu maps to a community with ro permissions 1v2cwriteu maps to a community rw permissions

remote ip-address udp-port port-number

1 | 2c | 3

1 is the least secure version 3 is the most secure of the security modes. 2c allows transmission of informs and counter 64, which allows for
integers twice the width of what is normally allowed.

Default: 1

encrypted

(OPTIONAL) Enter the keyword encrypted to specify the password appear in encrypted format (a series of digits, masking the true characters of the string). (OPTIONAL) Enter the keyword auth to specify authentication of a packet without encryption.

auth

1472

SNMP and Syslog

snmp-server user

md5 | sha

(OPTIONAL) Enter the keyword md5 or sha to designate the authentication level.

md5 Message Digest Algorithm sha Secure Hash Algorithm auth-password

(OPTIONAL) Enter a text string (up to 20 characters long) password that will enable the agent to receive packets from the host. Minimum: 8 characters long (OPTIONAL) Enter the keyword priv des56 to initiate a privacy authentication level setting using the CBC-DES privacy authentication algorithm (des56). (OPTIONAL) Enter a text string (up to 20 characters long) password that will enables the host to encrypt the contents of the message it sends to the agent. Minimum: 8 characters long (Optional) Enter the standard IPv4 access list name (a string up to 16 characters long). (Optional) Enter the keyword ipv6 followed by the IPv6 access list name (a string up to 16 characters long) (Optional) Enter both an IPv4 and IPv6 access list name.

priv des56

priv password

access-list-name ipv6 access-list-name access-list-name ipv6 access-list-name

Defaults Command Modes Command History

As above CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 Support added for S-Series Support added for C-Series

E-Series legacy command Usage Information

Note: For IPv6 ACLs, only IPv6 and UDP types are valid for SNMP; TCP, ICMP rules
are not valid for SNMP. In IPv6 ACLs port rules are not valids for SNMP.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1473

snmp-server view

No default values exist for authentication or privacy algorithms and no default password exist. If you forget a password, you cannot recover it; the user must be reconfigured. You can specify either a plain-text password or an encrypted cypher-text password. In either case, the password will be stored in the configuration in an encrypted form and displayed as encrypted in the show running-config command. If you have an encrypted password, you can specify the encrypted string instead of the plain-text password. The following command is an example of how to specify the command with an encrypted string:
Examples

Figure 508 snmp-server user Command Example

Force10# snmp-server user privuser v3group v3 encrypted auth md5 9fc53d9d908118b2804fe80e3ba8763d priv des56 d0452401a8c3ce42804fe80e3ba8763d

The following command is an example of how to enter a plain-text password as the string authpasswd for user authuser of group v3group.
Force10#conf Force10(conf)# snmp-server user authuser v3group v3 auth md5 authpasswd

The following command configures a remote user named n3user with a v3 security model and a security level of authNOPriv.
Force10#conf Force10(conf)# snmp-server user n3user ngroup remote 172.31.1.3 udp-port 5009 3 auth md5 authpasswd

Note: The number of configurable users is limited to 16.

Related Commands

show snmp user

Display the information configured on each SNMP user name.

snmp-server view
ces
Syntax

Configure an SNMPv3 view. snmp-server view view-name oid-tree {included | excluded} To remove an SNMPv3 view, use the no snmp-server view view-name oid-tree {included | excluded} command.

Parameters

view-name oid-tree included excluded

Enter the name of the view (not to exceed 20 characters). Enter the OID sub tree for the view (not to exceed 20 characters). (OPTIONAL) Enter the keyword included to include the MIB family in the view. (OPTIONAL) Enter the keyword excluded to exclude the MIB family in the view.

1474

SNMP and Syslog

snmp trap link-status

Defaults Command Modes Command History

No default behavior or values CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 Support added for S-Series Support added for C-Series

E-Series legacy command Usage Information

The oid-tree variable is a full sub-tree starting from 1.3.6 and can not specify the name of a sub-tree or a MIB. The following example configures a view named rview that allows access to all objects under 1.3.6.1: Figure 509 snmp-server view Command Example
Force10# conf Force10#(conf) snmp-server view rview 1.3.6.1 included

Example

Related Commands

show running-config snmp

Display the SNMP running configuration

snmp trap link-status

ces
Syntax

Enable the interface to send SNMP link traps, which indicate whether the interface is up or down. snmp trap link-status To disable sending link trap messages, enter no snmp trap link-status.

Defaults Command Modes Command History

Enabled. INTERFACE
Version 7.6.1.0 Version 7.5.1.0 Support added for S-Series Support added for C-Series

E-Series legacy command Usage Information

If the interface is expected to flap during normal usage, you could disable this command.

Syslog Commands
The following commands allow you to configure logging functions on all Force10 switches: clear logging default logging buffered default logging console

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1475

clear logging

default logging monitor default logging trap logging logging buffered logging console logging facility logging history logging history size logging monitor logging on logging source-interface logging synchronous logging trap show logging show logging driverlog stack-unit (S-Series) terminal monitor

clear logging
ces
Syntax Defaults Command Modes Command History

Clear the messages in the logging buffer. clear logging None. EXEC Privilege
Version 7.6.1.0 Version 7.5.1.0 Support added for S-Series Support added for C-Series

E-Series legacy command Related Commands show logging Display logging settings and system messages in the internal buffer.

default logging buffered

ces
Syntax Defaults Command Modes

Return to the default setting for messages logged to the internal buffer. default logging buffered size = 40960; level = 7 or debugging CONFIGURATION

1476

SNMP and Syslog

default logging console

Command History

Version 7.6.1.0 Version 7.5.1.0

Support added for S-Series Support added for C-Series

E-Series legacy command Related Commands logging buffered Set the logging buffered parameters.

default logging console

ces
Syntax Defaults Command Modes Command History

Return the default settings for messages logged to the console. default logging console level = 7 or debugging CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 Support added for S-Series Support added for C-Series

E-Series legacy command Related Commands logging console Set the logging console parameters.

default logging monitor

ces
Syntax Defaults Command Modes Command History

Return to the default settings for messages logged to the terminal. default logging monitor level = 7 or debugging CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 Support added for S-Series Support added for C-Series

E-Series legacy command Related Commands logging monitor terminal monitor Set the logging monitor parameters. Send system messages to the terminal/monitor.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1477

default logging trap

ces
Syntax Defaults Command Modes Command History

Return to the default settings for logging messages to the Syslog servers. default logging trap level = 6 or informational CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 Support added for S-Series Support added for C-Series

E-Series legacy command Related Commands logging trap Limit messages logged to the Syslog servers based on severity.

logging
ces
Syntax

Configure an IP address or host name of a Syslog server where logging messages will be sent. Multiple logging servers of both IPv4 and/or IPv6 can be configured. logging {ipv4-address | ipv6-address | hostname} To disable logging, enter no logging.

Parameters

ipv4-address | ipv6-addres hostname

Enter an IPv4 address (A.B.C.D) or IPv6 address (X:X:X:X::X) address. Enter the name of a host already configured and recognized by the switch.

Defaults Command Modes Command History

Disabled CONFIGURATION
Version 8.4.1.0 Version 7.6.1.0 Version 7.5.1.0 Added support for IPv6. Support added for S-Series Support added for C-Series

E-Series legacy command Related Commands logging on logging trap Enables the logging asynchronously to logging buffer, console, Syslog server, and terminal lines. Enables logging to the Syslog server based on severity.

1478

SNMP and Syslog

logging buffered

logging buffered
ces
Syntax

Enable logging and specify which messages are logged to an internal buffer. By default, all messages are logged to the internal buffer. logging buffered [level] [size] To return to the default values, enter default logging buffered. To disable logging stored to an internal buffer, enter no logging buffered.

Parameters

level

(OPTIONAL) Indicate a value from 0 to 7 or enter one of the following equivalent words: emergencies, alerts, critical, errors, warnings, notifications, informational, or debugging. Default: 7 or debugging. (OPTIONAL) Indicate the size, in bytes, of the logging buffer. The number of messages buffered depends on the size of each message. Range: 40960 to 524288. Default: 40960 bytes.

size

Defaults Command Modes Command History

level = 7; size = 40960 bytes CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 Support added for S-Series Support added for C-Series

E-Series legacy command Usage Information Related Commands

When you decrease the buffer size, all messages stored in the buffer are lost. Increasing the buffer size does not affect messages stored in the buffer.
clear logging default logging buffered show logging Clear the logging buffer. Returns the logging buffered parameters to the default setting. Display the logging setting and system messages in the internal buffer.

logging console
ces
Syntax

Specify which messages are logged to the console. logging console [level] To return to the default values, enter default logging console. To disable logging to the console, enter no logging console.

Parameters

level

(OPTIONAL) Indicate a value from 0 to 7 or enter one of the following parameters: emergencies, alerts, critical, errors, warnings, notifications, informational, or debugging. Default: 7 or debugging.

Defaults

7 or debugging

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1479

logging facility

Command Modes Command History

CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 Support added for S-Series Support added for C-Series

E-Series legacy command Related Commands clear logging default logging console show logging Clear logging buffer. Returns the logging console parameters to the default setting. Display logging settings and system messages in the internal buffer.

logging facility
ces
Syntax

Configure the Syslog facility, used for error messages sent to Syslog servers. logging facility [facility-type] To return to the default values, enter no logging facility.

Parameters

facility-type

(OPTIONAL) Enter one of the following parameters. auth (authorization system) cron (Cron/at facility) deamon (system deamons) kern (kernel) local0 (local use) local1 (local use) local2 (local use) local3 (local use) local4 (local use) local5 (local use) local6 (local use) local7 (local use) lpr (line printer system) mail (mail system) news (USENET news) sys9 (system use) sys10 (system use) sys11 (system use) sys12 (system use) sys13 (system use) sys14 (system use) syslog (Syslog process) user (user process) uucp (Unix to Unix copy process) The default is local7.

Defaults

local7

1480

SNMP and Syslog

logging history

Command Modes Command History

CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 Support added for S-Series Support added for C-Series

E-Series legacy command Related Commands logging logging on Enable logging to a Syslog server. Enables logging.

logging history
ces
Syntax

Specify which messages are logged to the history table of the switch and the SNMP network management station (if configured). logging history level To return to the default values, enter no logging history.

Parameters

level

Indicate a value from 0 to 7 or enter one of the following equivalent words: emergencies, alerts, critical, errors, warnings, notifications, informational, or debugging. The default is 4.

Defaults Command Modes Command History

4 or warnings CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 Support added for S-Series Support added for C-Series

E-Series legacy command Usage Information Related Commands

When you configure the snmp-server trap-source command, the system messages logged to the history table are also sent to the SNMP network management station.
show logging history Display information logged to the history buffer.

logging history size

ces
Syntax

Specify the number of messages stored in the FTOS logging history table. logging history size size To return to the default values, enter no logging history size.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1481

logging monitor

Parameters

size

Indicate a value as the number of messages to be stored. Range: 0 to 500. Default: 1 message.

Defaults Command Modes Command History

1 message CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 Support added for S-Series Support added for C-Series

E-Series legacy command Usage Information Related Commands

When the number of messages reaches the limit you set with the logging history size command, older messages are deleted as newer ones are added to the table.
show logging history Display information logged to the history buffer.

logging monitor
ces
Syntax

Specify which messages are logged to Telnet applications. logging monitor [level] To disable logging to terminal connections, enter no logging monitor.

Parameters

level

Indicate a value from 0 to 7 or enter one of the following parameters: emergencies, alerts, critical, errors, warnings, notifications, informational, or debugging. The default is 7 or debugging.

Defaults Command Modes Command History

7 or debugging CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 Support added for S-Series Support added for C-Series

E-Series legacy command Related Commands default logging monitor Returns the logging monitor parameters to the default setting.

1482

SNMP and Syslog

logging on

logging on
ces
Syntax

Specify that debug or error messages are asynchronously logged to multiple destinations, such as logging buffer, Syslog server, or terminal lines. logging on To disable logging to logging buffer, Syslog server and terminal lines, enter no logging on.

Defaults Command Modes Command History

Enabled CONFIGURATION
Version 7.6.1.0 Version 7.5.1.0 Support added for S-Series Support added for C-Series

E-Series legacy command Usage Information Related Commands

When you enter no logging on, messages are logged only to the console.

logging logging buffered logging console logging monitor

Enable logging to Syslog server. Set the logging buffered parameters. Set the logging console parameters. Set the logging parameters for the terminal connections.

logging source-interface
ces
Syntax

Specify that the IP address of an interface is the source IP address of Syslog packets sent to the Syslog server. logging source-interface interface To disable this command and return to the default setting, enter no logging source-interface.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1483

logging synchronous

Parameters

interface

Enter the following keywords and slot/port or number information: For an 100/1000 Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For Loopback interfaces, enter the keyword loopback followed by a number from zero (0) to 16383. For the management interface on the RPM, enter the keyword ManagementEthernet followed by the slot/port information. The slot range is 0-1 and the port range is 0. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a Ten Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For VLAN interface, enter the keyword vlan followed by a number from 1 to 4094.

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 Support added for S-Series Support added for C-Series

E-Series legacy command Usage Information

Syslog messages contain the IP address of the interface used to egress the router. By configuring the logging source-interface command, the Syslog packets contain the IP address of the interface configured.
logging Enable the logging to another device.

Related Commands

logging synchronous
ces
Syntax

Synchronize unsolicited messages and FTOS output. logging synchronous [level level | all] [limit number-of-buffers] To disable message synchronization, use the no logging synchronous [level level | all] [limit number-of-buffers] command.

1484

SNMP and Syslog

logging trap

Parameters

all level level

Enter the keyword all to ensure that all levels are printed asynchronously. Enter the keyword level followed by a number as the severity level. A high number indicates a low severity level and visa versa. Range: 0 to 7. Default: 2 Enter the keyword all to turn off all Enter the keyword limit followed by the number of buffers to be queued for the terminal after which new messages are dropped Range: 20 to 300 Default: 20

all limit number-of-buffers

Defaults

Disabled. If enabled without level or number-of-buffers options specified, level = 2 and number-of-buffers = 20 are the defaults. LINE
Version 7.6.1.0 Version 7.5.1.0 Support added for S-Series Support added for C-Series

Command Modes Command History

E-Series legacy command Usage Information

When logging synchronous is enabled, unsolicited messages appear between software prompts and outputs. Only the messages with a severity at or below the set level are sent to the console. If the message queue limit is reached on a terminal line and messages are discarded, a system message appears on that terminal line. Messages may continue to appear on other terminal lines.

Related Commands

logging on

Enables logging.

logging trap
ces
Syntax

Specify which messages are logged to the Syslog server based the message severity. logging trap [level] To return to the default values, enter default logging trap. To disable logging, enter no logging trap.

Parameters

level

Indicate a value from 0 to 7 or enter one of the following parameters: emergencies, alerts, critical, errors, warnings, notifications, informational, or debugging. The default is 6.

Defaults Command Modes

6 or informational CONFIGURATION Publication Date: July 20, 2011 1485

Command Line Reference for FTOS version 8.4.2.4

show logging

Command History

Version 7.6.1.0 Version 7.5.1.0

Support added for S-Series Support added for C-Series

E-Series legacy command Related Commands logging logging on Enable the logging to another device. Enables logging.

show logging
ces
Syntax Parameters

Display the logging settings and system messages logged to the internal buffer of the switch. show logging [number | history [reverse][number] | reverse [number] | summary] number history reverse summary
(OPTIONAL) Enter the number of message to be displayed on the output. Range: 1 to 65535 (OPTIONAL) Enter the keyword history to view only information in the Syslog history table. (OPTIONAL) Enter the keyword reverse to view the Syslog messages in FIFO (first in, first out) order. (OPTIONAL) Enter the keyword summary to view a table showing the number of messages per type and per slot. Slots *7* and *8* represent RPMs.

Command Modes

EXEC EXEC Privilege

1486

SNMP and Syslog

show logging driverlog stack-unit (S-Series)

Command History

Version 7.6.1.0 Version 7.5.1.0

Support added for S-Series Support added for C-Series

E-Series legacy command

Figure 510 show logging Command Example (Partial)

Force10#show logging Syslog logging: enabled Console logging: level debugging Monitor logging: level debugging Buffer logging: level debugging, 5604 Messages Logged, Size (524288 bytes) Trap logging: level informational Oct 8 09:25:37: %RPM1:RP1 %BGP-5-ADJCHANGE: Connection with neighbor 223.80.255.254 closed. Hold time expired Oct 8 09:25:38: %RPM1:RP1 %BGP-5-ADJCHANGE: Neighbor 192.200.13.2 Up Oct 8 09:25:38: %RPM1:RP1 %BGP-5-ADJCHANGE: Neighbor 192.1.1.13 Up Oct 8 09:25:38: %RPM1:RP1 %BGP-5-ADJCHANGE: Neighbor 1.1.14.2 Up Oct 8 09:25:38: %RPM1:RP1 %BGP-5-ADJCHANGE: Neighbor 192.1.1.14 Up Oct 8 09:25:38: %RPM1:RP1 %BGP-5-ADJCHANGE: Neighbor 1.1.11.2 Up Oct 8 09:25:38: %RPM1:RP1 %BGP-5-ADJCHANGE: Neighbor 192.1.1.5 Up Oct 8 09:25:38: %RPM1:RP1 %BGP-5-ADJCHANGE: Neighbor 192.4.1.3 Up Oct 8 09:25:38: %RPM1:RP1 %BGP-5-ADJCHANGE: Neighbor 192.1.1.4 Up Oct 8 09:25:38: %RPM1:RP1 %BGP-5-ADJCHANGE: Neighbor 192.1.1.6 Up Oct 8 09:25:38: %RPM1:RP1 %BGP-5-ADJCHANGE: Neighbor 192.1.1.12 Up Oct 8 09:25:38: %RPM1:RP1 %BGP-5-ADJCHANGE: Neighbor 192.1.1.15 Up Oct 8 09:25:38: %RPM1:RP1 %BGP-5-ADJCHANGE: Neighbor 192.1.1.3 Up Oct 8 09:25:38: %RPM1:RP1 %BGP-5-ADJCHANGE: Neighbor 192.200.12.2 Up Oct 8 09:25:38: %RPM1:RP1 %BGP-5-ADJCHANGE: Neighbor 1.1.10.2 Up Oct 8 09:25:38: %RPM1:RP1 %BGP-5-ADJCHANGE: Session closed by neighbor 1.1.10.2 (Hold time expired) Oct 8 09:25:38: %RPM1:RP1 %BGP-5-ADJCHANGE: Neighbor 192.200.14.7 Up Oct 8 09:26:25: %RPM1:RP1 %BGP-5-ADJCHANGE: Connection with neighbor 1.1.11.2 closed. Neighbor recycled Oct 8 09:26:25: %RPM1:RP1 %BGP-5-ADJCHANGE: Connection with neighbor 1.1.14.2 closed. Neighbor recycled --More--

Figure 511 show logging history Command Example

Force10#show logging history Syslog History Table: 1 maximum table entries, saving level Warnings or higher SNMP notifications not Enabled %RPM:0:0 %CHMGR-2-LINECARDDOWN - Line card 3 down - IPC timeout Force10#

show logging driverlog stack-unit (S-Series)

s
Syntax Parameters

Display the driver log for the specified stack member. show logging driverlog stack-unit unit# stack-unit unit#
Enter the keyword stack-unit followed by the stack member ID of the switch for which you want to display the driver log. Range: 0 to 1

Defaults

No default values or behavior

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1487

terminal monitor

Command Modes

EXEC EXEC Privilege

Command History Usage Information

Version 7.6.1.0

Introduced for S-Series

This command displays internal software driver information, which may be useful during troubleshooting switch initialization errors, such as a downed Port-Pipe.

terminal monitor
ces
Syntax

Configure the FTOS to display messages on the monitor/terminal. terminal monitor To return to default settings, enter terminal no monitor.

Defaults Command Modes

Disabled. EXEC EXEC Privilege

Command History

Version 7.6.1.0 Version 7.5.1.0

Support added for S-Series Support added for C-Series

E-Series legacy command Related Commands logging monitor Set the logging parameters on the monitor/terminal.

1488

SNMP and Syslog

Chapter 55

SONET

Overview
FTOS supports RFC 2558 Definitions of Managed Objects for the SONET/SDH Interface and RFC 2615 PPP-over-SONET/SDH only on the E-Series platform, as indicated by this character under each command heading in this chapter: e

Commands
This chapter contains the commands to configure Packet Over SONET/SDH (POS/SDH) interfaces and features, including Point-to-Point Protocol (PPP) encapsulation. ais-shut alarm-report clock source debug ppp delay triggers down-when-looped encap flag framing interface sonet keepalive loopback ppp authentication ppp chap hostname ppp chap password ppp chap rem-hostname ppp chap rem-password ppp next-hop ppp pap hostname ppp pap password ppp pap rem-hostname ppp pap rem-password scramble-atm

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1489

ais-shut

show controllers show interfaces sonet-port-recover detection-interval speed

ais-shut
e
Syntax

Enable an alarm indication signal (AIS) when the SONET interface is shutdown. ais-shut To disable the AIS, enter no ais-shut.

Defaults Command Modes

Disabled. INTERFACE

alarm-report
e
Syntax

Specify which POS/SDH alarms to report to the remote SNMP server. alarm-report { lais | lrdi | pais | plop | prdi | sd-ber | sf-ber | slof | slos} To disable an alarm, use the no alarm-report {lais | lrdi | pais | plop | prdi | sd-ber | sf-ber | slof | slos} command.

Parameters

lais lrdi pais plop prdi sd-ber sf-ber slof slos

Enter the keyword lais to report line alarm indication signal. Enter the keyword lrdi to report line remote defect indicator. Enter the keyword pais to report path alarm indication signal. Enter the keyword plop to report path loss of pointer. Enter the keyword prdi to report the path remote defect indication. Enter the keyword sd-ber to report signal degradation BER errors. Enter the keyword sf-ber to report signal failure BER errors. Enter the keyword slof to report section loss of frame. Enter the keyword slos to report section loss of signal.

Defaults Command Modes Usage Information

Disabledno alarm reporting for all alarms INTERFACE Alarm reporting is available with this command. SNMP traps are available; however, syslogs are not generated. To display active alarms and defects, use the show controllers command. The table below defines the alarms that can be enabled by this command. If enabled for reporting, the alarms will generate reports on a trap receiver. SONET

1490

clock source

Table 145 Alarm Definitions Alarm

lais lrdi pais plop prdi sd-ber

Description
Line Alarm Indication Signal Line Remote Defect Indication Path Alarm Indication Signal Path loss of Pointer Path Remote Defect Indication LBIP BER in excess of Signal Degradation threshold. The default

SD alarm value is 10^-6, this value can not be changed.

LBIP BER in excess of Signal Failure threshold. The default SF alarm value is 10^-3, this value can not be changed. Section Loss of Frame Section Loss of Signal

sf-ber slof slos

Related Commands

show controllers

Display alarms and defects

clock source
e
Syntax

Configure the clock source for each POS/SDH interface. clock source {internal | line} To return to the default setting, enter no clock source.

Parameters

internal line

Enter the keyword internal to use the internal clock from the interface. Enter the keyword line to use the recovered clock from the interface. This is the default.

Defaults Command Modes

line INTERFACE

debug ppp
e
Display traffic and information in a Point-to-Point Protocol (PPP) network. Command Line Reference for FTOS version 8.4.2.4 Publication Date: July 20, 2011 1491

delay triggers debug ppp [authentication | error | negotiation | packet] interface sonet slot/port To disable debugging, enter no debug ppp.
Parameters

Syntax

authentication

(OPTIONAL) Enter the keyword authentication to display PPP authentication exchanges (Challenge Authentication Protocol (CHAP) packet exchanges and Password Authentication Protocol (PAP) exchanges) and traffic. (OPTIONAL) Enter the keyword error to display PPP error statistics and protocol errors. (OPTIONAL) Enter the keyword negotiation to display PPP settings negotiated at startup. (OPTIONAL) Enter the keyword packet to display low-level packet dumps. Enter the keywords interface sonet followed by the slot and port information.

error negotiation packet interface sonet slot/port

Command Modes Usage Information

EXEC Privilege If you enter debug ppp without parameters, all parameters are enabled.

delay triggers
e
Syntax

Delay triggering the line or path alarms with a 100ms delay. delay triggers {line [lrdi | sd-ber | sf-ber] | path [pais | prdi] } To disable delay trigger (the default), enter no delay triggers {line [lrdi | sd-ber | sf-ber] | path [pais | prdi] } command.

Parameters

line lrdi sd-ber sf-ber path pais prdi

Enter the keyword line to delay the specified line alarm. (OPTIONAL) Enter the keyword lrdi to specify line remote defect indicator. (OPTIONAL) Enter the keyword sd-ber to specify signal degradation BER errors. (OPTIONAL) Enter the keyword sf-ber to specify signal failure BER errors. Enter the keyword path to delay the specified path alarm. (OPTIONAL) Enter the keyword pais to specify path alarm indication signal. (OPTIONAL) Enter the keyword prdi to specify the path remote defect indication.

Defaults Command Modes

Disabled INTERFACE

1492

SONET

down-when-looped

Command History Usage Information

Version 7.4.2.0

Added path option

By default, certain alarms (LOS, LOF, LAIS, PLOP) bring the line protocol down immediately. Use this command, with the line option, to delay that trigger event by 100ms. By default, path alarms (AIS, RDI, LOP) do not cause (or trigger) the interface line protocol to go down. This command, with the path option, can be used to trigger this action with a delay of 100ms.

down-when-looped
e
Syntax

Set the interface to send a system message when it detects a loopback condition and goes down. down-when-looped To disable notification, enter no down-when-looped.

Defaults Command Modes

Enabled INTERFACE

encap
e
Syntax

Configure encapsulation for a PPP interface. encap ppp To remove encapsulation, enter no encap.

Parameters

ppp

Enter the keyword ppp for Point-to-Point Protocol encapsulation.

Defaults Command Modes Usage Information

Not configured. INTERFACE When you enter the no encap command, you administratively shutdown the interface and configuration information (such as IP address) is deleted from the interface. A SONET interface without encapsulation is always operationally down. When you enable encapsulation on the interface, PPP negotiation begins after you enable the interface (no shutdown command). You can enable authentication and other related commands once negotiation is completed.

Note: Encapsulation must be configured before the interface is enabled for traffic.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1493

flag

flag
e
Syntax

Set the overhead bytes in the frame header to ensure interoperability between different vendor equipment. flag {c2 | j0 } value To return to the default value, use no flag {c2 | j0 } command.

Parameters

c2 value

Enter the keyword c2 followed by value to set the path signal byte. Range: 0x00 to 0xFF hexadecimal (0-255 decimal) Default: 0xCF in hexidecimal (207 in decimal) Enter the keyword j0 to set the section trace byte. Range: 0x00 to 0xFF hexadecimal (0-255 decimal) Default: 0xCC (204 in decimal)

j0 value

Defaults Command Modes Usage Information

as above INTERFACE You enter the flag C2 and J0 values in decimal, but the FTOS displays the values in hexidecimal in the show controllers sonet command output.

framing
e
Syntax

Set the type of framing used on a POS/SDH interface. framing {sdh | sonet} To return to the default, enter no framing.

Parameters

sdh sonet

Enter the keyword sdh to specify Synchronous Digital Hierarchy (SDH) framing. Default: Sonet Enter the keyword sonet to specify SONET framing. Default: Sonet

Defaults Command Modes Usage Information

sonet INTERFACE Framing should be changed only when the interfaces are shutdown.

hardware monitor mac action-on-error port-shutdown

e
1494 Shut down and bring back up the port (flap). SONET

interface sonet hardware monitor mac action-on-error port-shutdown Not configured CONFIGURATION
Version 7.7.1.0 Introduced command

Syntax Defaults Command Modes Command History

interface sonet
e
Syntax Parameters

Enter the INTERFACE mode to configure a POS/SDH interface. interface sonet slot/port slot/port Not configured CONFIGURATION Figure 512 interface sonet Command Example
Force10(conf)#interface sonet 8/2 Force10(conf-if-so-8/2)#

Enter the slot/port information.

Defaults Command Modes Example

Usage Information Related Commands

You cannot delete POS/SDH interfaces. By default, POS/SDH interfaces are disabled (shutdown). Use the encap command to enable encapsulation on the interface.
encap Configure PPP encapsulation.

keepalive
e
Syntax

Send SONET keepalive packets periodically to keep an interface alive when it is not transmitting data. keepalive [seconds] To stop sending SONET keepalive packets, enter no keepalive.

Parameters

seconds

(OPTIONAL) For POS/SDH interfaces with encapsulation enabled, enter the number of seconds between keepalive packets. Range: 0 to 32767 Default: 10 seconds

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1495

loopback

Defaults Command Modes Usage Information

Enabled. INTERFACE When you configure keepalive, the system sends a self-addressed packet out of the configured interface to verify that the far end of a WAN link is up. When you configure no keepalive, the system does not send keepalive packets and so the local end of a WAN link remains up even if the remote end is down.

loopback
e
Syntax

Troubleshoot a POS/SDH interface by looping back traffic through the interface or the line. loopback {internal | line} To delete a loopback setting, use the no loopback {internal | line} command.

Parameters

internal line

Enter the keyword internal to test the physical interface by sending incoming traffic back through the interface. Enter the keyword line to test connectivity to the network by sending incoming traffic back to the network.

Defaults Command Modes Usage Information Related Commands

Not configured. INTERFACE Use the show config command in the INTERFACE mode to determine if the loopback command was configured.
show config

Display the interface configuration.

ppp authentication
e
Syntax

Enable Challenge-Handshake Authentication Protocol (CHAP) and/or Password Authentication Protocol (PAP) authentication on the interface. ppp authentication {chap | chap pap | pap | pap chap} To remove all PPP authentication, enter no ppp authenticate.

Parameters

chap chap pap

Enter the keyword chap to enable CHAP authentication only. Enter the keywords chap pap to enable CHAP on one side and PAP on the other.

1496

SONET

ppp chap hostname

pap pap chap

Enter the keyword pap to enable PAP authentication only. Enter the keywords pap chap to enable PAP on one side and CHAP on the other side.

Defaults Command Modes Usage Information

Not configured. INTERFACE Once you configure this command, the remote device must prove its identity before the FTOS sends traffic. The two authentication types differ slightly: With CHAP authentication, the E-Series sends a challenge to the remote device, which must encrypt the response with a shared value and return it to the E-Series with a username. The E-Series checks the local database for a match on the shared value and username. With PAP authentication, the remote device must send a username/password set which the FTOS checks against the local database. PAP passwords are sent as clear text and could be intercepted and used.

After you enable PPP authentication, you must configure remote hostnames and passwords to initiate authentication on the E-Series.
Related Commands ppp chap hostname ppp chap password ppp chap rem-hostname ppp chap rem-password ppp pap hostname ppp pap password ppp pap rem-hostname ppp pap rem-password Configure a hostname for CHAP authentication. Configure a password for CHAP authentication. Configure a remote hostname for CHAP authentication. Configure a remote password for CHAP authentication. Configure a hostname for PAP authentication. Configure a password for PAP authentication. Configure a remote hostname for PAP authentication. Configure a remote password for PAP authentication.

ppp chap hostname

e
Syntax

Configure a hostname to be used in the CHAP authentication process ppp chap hostname name To remove the CHAP hostname, enter no ppp chap hostname.

Parameters

name Not configured. INTERFACE

Enter a character string up to 32 characters long.

Defaults Command Modes

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1497

ppp chap password

Usage Information

For peers to successfully negotiate authentication on both sides of the link, you must configure a hostname, password, remote hostname and remote password for CHAP authentication.
ppp authentication ppp chap password ppp chap rem-hostname ppp chap rem-password Enable CHAP or PAP or both authentication. Configure a password for CHAP authentication. Configure a remote hostname for CHAP authentication. Configure a remote password for CHAP authentication.

Related Commands

ppp chap password

e
Syntax

Configure a password to be used in the CHAP authentication process ppp chap password password To remove the CHAP password, enter no ppp chap password.

Parameters

password Not configured. INTERFACE

Enter a character string up to 32 characters long.

Defaults Command Modes Usage Information

For peers to successfully negotiate authentication on both sides of the link, you must configure a hostname, password, remote hostname and remote password for CHAP authentication.
ppp authentication ppp chap hostname ppp chap rem-hostname ppp chap rem-password Enable CHAP or PAP or both authentication. Configure a hostname for CHAP authentication. Configure a remote hostname for CHAP authentication. Configure a remote password for CHAP authentication.

Related Commands

ppp chap rem-hostname

e
Syntax

Configure a remote hostname to be used in the CHAP authentication process. ppp chap rem-hostname name To remove the remote hostname, enter no ppp chap rem-hostname.

Parameters

name Not configured.

Enter a character string up to 32 characters long.

Defaults

1498

SONET

ppp chap rem-password

Command Modes Usage Information

INTERFACE For peers to successfully negotiate authentication on both sides of the link, you must configure a hostname, password, remote hostname and remote password for CHAP authentication.
ppp authentication ppp chap rem-password ppp chap hostname ppp chap password Enable CHAP or PAP or both authentication. Configure a remote password for CHAP authentication. Configure a hostname for CHAP authentication. Configure a password for CHAP authentication.

Related Commands

ppp chap rem-password

e
Syntax

Configure a remote password for CHAP authentication. ppp chap rem-password password To remove a password, enter no ppp chap rem-password.

Parameters

password Not configure. INTERFACE

Enter a character string up to 32 characters long.

Defaults Command Modes Usage Information Related Commands

For peers to successfully negotiate authentication, you must configure a hostname, password, remote hostname and remote password for CHAP authentication.
ppp authentication ppp chap rem-hostname ppp chap hostname ppp chap password Enable CHAP or PAP or both authentication. Configure a remote host name for CHAP authentication. Configure a hostname for CHAP authentication. Configure a password for CHAP authentication.

ppp next-hop
e
Syntax

Assign an IP address as the next hop for this interface. ppp next-hop ip-address To delete a next hop address, enter no ppp next-hop.

Parameters

ip-address Not configured.

Enter an IP address in dotted decimal format (A.B.C.D).

Defaults

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1499

ppp pap hostname

Command Modes Usage Information

INTERFACE This IP address must match the peers IP address or the link is not established. A peer will configure this IP address.

ppp pap hostname

e
Syntax

Configure a host name for PAP authentication. ppp pap hostname name To delete a host name, enter no ppp pap hostname.

Parameters

name Not configured. INTERFACE

Enter a character string up to 32 characters long.

Defaults Command Modes Usage Information Related Commands

For peers to successfully negotiate authentication, you must configure a hostname, password, remote hostname and remote password for PAP authentication.
ppp authentication ppp pap password ppp pap rem-hostname ppp pap rem-password Enable CHAP or PAP or both authentication. Configure a password for PAP authentication. Configure a remote hostname for PAP authentication. Configure a remote password for PAP authentication.

ppp pap password

e
Syntax

Configure a password for PAP authentication. ppp pap password password To delete a password, enter no ppp pap password.

Parameters

password Not configured. INTERFACE

Enter a character string up to 32 characters long.

Defaults Command Modes Usage Information

For peers to successfully negotiate authentication, you must configure a hostname, password, remote hostname and remote password for PAP authentication.

1500

SONET

ppp pap rem-hostname

Related Commands

ppp authentication ppp pap hostname ppp pap rem-hostname ppp pap rem-password

Enable CHAP or PAP or both authentication. Configure a host name for PAP authentication. Configure a remote hostname for PAP authentication. Configure a remote password for PAP authentication.

ppp pap rem-hostname

e
Syntax

Configure a remote PAP hostname. ppp pap rem-hostname hostname To delete a remote PAP host name, enter no ppp pap rem-hostname.

Parameters

hostname Not configured. INTERFACE

Enter a character string up to 32 characters long.

Defaults Command Modes Usage Information Related Commands

For peers to successfully negotiate authentication, you must configure a hostname, password, remote hostname and remote password for PAP authentication.
ppp authentication ppp pap rem-password ppp pap hostname ppp pap password Enable CHAP or PAP or both authentication. Configure remote password for PAP authentication. Configure a hostname for PAP authentication. Configure a password for PAP authentication.

ppp pap rem-password

e
Syntax

Configure a remote PAP password. ppp pap rem-password password To delete a remote PAP password, enter no ppp pap rem-password.

Parameters

password Not configured. INTERFACE

Enter a character string up to 32 characters long.

Defaults Command Modes Usage Information

For peers to successfully negotiate authentication, you must configure a hostname, password, remote hostname and remote password for PAP authentication.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1501

scramble-atm

Related Commands

ppp authentication ppp pap rem-hostname ppp pap hostname ppp pap password

Enable CHAP or PAP or both authentication. Configure a remote hostname for PAP authentication. Configure a hostname for PAP authentication. Configure a password for PAP authentication.

scramble-atm
e
Syntax

Enable POS/SDH payload scrambling on the interface. scramble-atm To disable scrambling, enter no scramble-atm.

Defaults Command Modes Usage Information

Disabled INTERFACE You must either enable payload scrambling or disable scambling on both ends of the link.

show controllers
e
Syntax Parameters

Display troubleshooting information, such as the clock source, SONET alarms and error rates, and registers values. show controllers interface interface
Enter the one of the following interface keywords and slot/port information: For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Command Modes

EXEC EXEC Privilege

Command History

Version 7.4.2.0

Added support for Ten Gigabit Ethernet

1502

SONET

show controllers

Example

Figure 513 show controllers sonet Command Example

Force10#show controllers sonet Interface is SONET 1/2 SECTION LOF = 0 LINE AIS = 0 PATH AIS = 0 LOS = 0 RDI = 0 RDI = 0 LOP = 0 FEBE = 0 FEBE = 0 BIP(B1) = 0

BIP(B2) = 0 BIP(B3) = 0

Active Defects: NONE Active Alarms: NONE

Enabled Alarms are listed here (default is none)

SLOS SLOF B1-TCA LAIS LRDI B2-TCA PAIS PRDI PLOP B3-TCA SD SF

Alarm reporting enabled for:

Framing is SDH, AIS-shut is enabled Scramble-ATM is enabled, Down-when-looped is enabled Loopback is disabled, Clock source is internal, Speed is Oc48 CRC is 32-bits, Flag C2 is 0x16, Flag J0 is 0xcc, Flag S1S0 is 0x2 Force10#

Example

Figure 514 show controllers tengigabitethernet Command Example

Force10#show controllers te 4/1 Interface is TenGigabitEthernet 4/1 SECTION LOF = 0 LINE AIS = 0 PATH AIS = 0 LOS = 0 RDI = 1 RDI = 0 LRDI LRDI SLOS SLOF B1-TCA LAIS LRDI B2-TCA PAIS PRDI PLOP B3-TCA SD SF LOP = 0 FEBE = 7633 FEBE = 8554 BIP(B1) = 13

BIP(B2) = 19264 BIP(B3) = 15685

Active Defects: Active Alarms:

Alarm reporting enabled for:

Framing is SONET, AIS-shut is enabled Scramble-ATM is enabled, Down-when-looped is enabled Loopback is disabled, Clock source is line, Speed is Oc192 CRC is 32-bits, Flag C2 is 0x1a, Flag J0 is 0xcc, Flag S1S0 is 0x0 Force10#

Table 146 Lines in show controllers interface Command Example Line

interface is ... SECTION LOF

Description
Displays the interface type and the slot and port number information. Displays the section loss of frame (LOF) error. This error is detected when a severely error framing (SEF) defect on the incoming interface signal persist for 3 milliseconds

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1503

show controllers

Table 146 Lines in show controllers interface Command Example (continued) Line
LOS

Description
Displays the loss of signal (LOS) error. This error is detected when an all-zeros pattern on the incoming interface signal lasts 19 plus or minus 3 microseconds or longer. This defect might also be reported if the received signal level drops below the specified threshold. Displays the bit interleaved parity error for the B1 byte. For B1, the report is calculated by comparing the BIP-8 code with the BIP-8 code extracted from the B1 byte of the following frame. Differences indicate section-level errors. Displays the alarm indication signal. This signal is sent by the section terminating equipment (STE) to alert the downstream line terminating equipment (LTE) that a LOS or LOF defect has been detected on the incoming interface section. Path alarm indication signal is sent by the LTE to alert the downstream path terminating equipment (PTE) that it has detected a defect on its incoming line signal. Displays remote defect indication. This indication is reported by the downstream LTE when it detects LOF, LOS, or AIS conditions. Displays the bit interleaved parity error for the B2 byte. For B2, the report is calculated by comparing the BIP-8/24 code with the BIP-8 code extracted from the B2 byte of the following frame.Differences indicate line-level errors. Displays the alarm indication signal. This signal is sent by the section terminating equipment (STE) to alert the downstream line terminating equipment (LTE) that a LOS or LOF defect has been detected on the incoming SONET section. Path alarm indication signal is sent by the LTE to alert the downstream path terminating equipment (PTE) that it has detected a defect on its incoming line signal. Displays remote defect indication. This indication is reported by the downstream LTE when it detects LOF, LOS, or AIS conditions. Displays the bit interleaved parity error for the B3 byte. For B3, the bit interleaved parity error report is calculated by comparing the BIP-8 code with the BIP-8 code extracted from the B3 byte of the following frame. Differences indicate path-level errors. Lists the current interface defects. List the current interface alarms as enforced the interface Alarm Hierarchy. List the alarms enabled. Enabled alarms generate trap reports.

BIP(B1)

LINE AIS

RDI

BIP(B2)

PATH AIS

RDI

BIP(B3)

Active Defects: Active Alarms Alarm reporting enabled for:

1504

SONET

show interfaces

show interfaces
e
Syntax Parameters

Display detailed information on the Sonet or 10-Gigabit Ethernet interfaces. show interfaces interface interface
Enter the one of the following interface keywords and slot/port information: For a SONET interface, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Command Modes

EXEC EXEC Privilege

Example

Figure 515 show interfaces sonet with PPP Encapsulation Command Example (EtherScale)
Force10>show interfaces sonet 2/0 SONET 2/0 is up, line protocol is up Hardware is SONET, address is 00:01:e8:00:03:ff Encapsulation PPP, Framing is SONET, AIS-shut is enabled Scramble-ATM is enabled, Down-when-looped is enabled Loopback is disabled, Clock source is internal, Speed is Oc48 CRC is 32-bits, Flag C2 is 0x16, Flag J0 is 0xcc, Flag S1S0 is 0x0 Keepalive Set (10 Sec) LCP State: OPENED IPCP State: OPENED Internet address is 6.1.5.2/30 MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 2488 Mbit ARP type: ARPA, ARP timeout 04:00:00 Last clearing of "show interfaces" counters 17:08:10 Queueing strategy: fifo 91425052815 packets input, 6188485730919 bytes Input 91425040617 IP Packets, 0 Vlans 0 MPLS Received 0 input symbol errors, 0 runts, 0 giants, 0 throttles 0 CRC, 0 IP Checksum, 0 overrun, 0 discarded 55176128354 packets output, 3677188351652 bytes, 474 underruns Output 173858 Multicasts, 0 Broadcasts, 55175954550 Unicasts 55176116090 IP Packets, 0 Vlans, 0 MPLS 0 throttles, 474 discarded Rate info (interval 299 minutes): Input 1604.04Mbits/sec, 2583270 packets/sec Output 1169.30Mbits/sec, 1913510 packets/sec Time since last interface status change: 17:10:40 Force10>

Table 147 Fields in the show interfaces sonet with PPP Encapsulation Field
Sonet 2/0... Hardware is... Encapsulation is ...

Description
Displays the interfaces type, slot/port and physical and line protocol status. Displays the interfaces hardware information and its assigned MAC address. Displays the encapsulation method, the framing, and if the ais-shut command is enabled.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1505

show interfaces

Table 147 Fields in the show interfaces sonet with PPP Encapsulation (continued) Field
Scramble-ATM is enabled Loopback is ...

Description
States whether the scramble-atm and the down-when-looped commands are enabled. States whether the loopback, clock source, and speed, and flag commands are configured. This information is displayed over 2 lines. Displays the number of seconds between keepalive messages. States if LCP was successfully negotiated. States if IPCP was successfully negotiated. States whether an IP address is assigned to the interface. If one is, that address is displayed. Displays the PPP peers IP address. Displays link and IP MTU. Displays interfaces line speed. Displays the ARP type and the ARP timeout value for the interface. Displays the time when the show interfaces counters where cleared. States the packet queuing strategy. FIFO means first in first out. Displays the number of packets and bytes into the interface. Displays the number of packets with IP headers, VLAN tagged headers and MPLS headers. The number of packets may not add correctly because a VLAN tagged IP packet counts as both a VLAN packet and an IP packet. Displays the size of packets and the number of those packets entering that interface. This information is displayed over 2 lines. Any PPP packet less than 64 bytes in length will be padded out to 64 bytes upon reception. This padding will be counted by the ingress byte counter. Displays the type and number of error or other specific packets received. This information is displayed over 3 lines. Displays the type and number of packets sent out the interface. This information is displayed over 2 lines. Displays the time since the last change in the configuration of this interface.

Keepalive Set LCP State: IPCP State: Internet address... Peer address MTU 1554... LineSpeed ARP type:... Last clearing... Queuing strategy.. 0 packets... Input 0 IP packets...

0 64-byte...

Received 0...

Output 0... Time since...

Related Commands

show interfaces switchport show ip interface

Displays Layer 2 information about the interfaces. Displays Layer 3 information about the interfaces.

1506

SONET

sonet-port-recover detection-interval

sonet-port-recover detection-interval
e
Syntax Parameters

Recovery interval to automatically clear a condition that could cause a SONET port to hang, and stop sending and receiving data. sonet-port-recover detection-interval interval interval 60 seconds INTERFACE 15 sys-hidden
Version 7.7.1.0 Introduced

Interval for SONET port recovery (in seconds(15-600)

Defaults Command Modes Privilege Level Command History Usage Information

When enabled, FTOS continuously polls status registers on SONET line cards. A port hang is declared when backpressure is detected on the port, and the port is brought down and then back up to clear the condition. To keep a port in shutdown use the hardware monitor mac action-on-error port-shutdown command.

speed
e
Syntax

Set the speed of the SONET interface. speed {155 | 622 | 2488} To return to the default value, enter no speed.

Parameters

155 622 2488

Enter 155 to set the interface as OC3. Enter 622 to set the interface as OC12. Enter 2488 to set the interface as OC48.

Defaults Command Modes Command History

2488 INTERFACE
Version 7.4.1.0 Added support for 2488 (OC48)

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1507

speed

1508

SONET

Chapter 56 S-Series Stacking Commands

Overview
All commands in this chapter are specific to the S-Series platform, as indicated by the s character that appears below each command heading. The commands are always available and operational, whether or not the S-Series has a stacking module inserted. You can use the commands to pre-configure a switch, so that the configuration settings are invoked when the switch is attached to other S-Series units. For details on using the S-Series stacking feature, see the chapter Stacking S-Series Switches in the FTOS Configuration Guide.

Note: S-Series Stacking is not supported on the S60 system

Commands
The commands in this chapter are used for managing the stacking of S-Series systems: redundancy disable-auto-reboot redundancy force-failover stack-unit reset stack-unit show redundancy show system stack-ports stack-unit priority stack-unit provision stack-unit renumber upgrade system stack-unit (S-Series stack member)

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1509

redundancy disable-auto-reboot

redundancy disable-auto-reboot
s
Syntax

Prevent the S-Series stack management unit and standby unit from rebooting if they fails. redundancy disable-auto-reboot [stack-unit | all] To return to the default, enter no redundancy disable-auto-reboot stack-unit.

Defaults Command Modes Command History

Disabled (the failed switch is automatically rebooted). CONFIGURATION

Version 8.3.1.0 Version 7.7.1.0 Added the all option Introduced on S-Series

Usage Information

Enabling this command keeps the failed switch in the failed state. It will not reboot until it is manually rebooted. When enabled, it is not displayed in the running-config. When disabled, it is displayed in the running-config.
show redundancy Display the current redundancy status.

Related Commands

redundancy force-failover stack-unit

s
Syntax Defaults Command Modes

Force the backup unit in the stack to become the management unit. redundancy force-failover stack-unit Not enabled EXEC Privilege

reset stack-unit
s
Syntax Parameters

Reset any designated stack member except the management unit (master unit). reset stack-unit 0-7 hard 0-7 hard
Enter the stack member unit identifier of the stack member to reset. Reset the stack unit if the unit is in a problem state.

Default Command Modes Command History

none CONFIGURATION
Version 8.3.1.0 Version 7.8.1.0 Version 7.7.1.0 Added hard reset option. Augmented to run on the standby unit in order to reset the standby unit directly. Introduced on S-Series

1510

S-Series Stacking Commands

show redundancy

Usage Information

Resetting the management unit is not allowed, and an error message will be displayed if you try to do so. Resetting is a soft reboot, including flushing the forwarding tables. Starting with FTOS 7.8.1.0, you can run this command directly on the stack standby unit (standby master) to reset the standby. You cannot reset any other unit from the standby unit.

Example

Figure 516 Using the reset stack-unit Command on the Stack Standby Unit
Force10#show system brief

Stack MAC : 00:01:e8:51:4e:f8 -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Member online S50N S50N 4.7.7.117 52 1 Member online S50N S50N 4.7.7.117 52 2 Member online S50N S50N 4.7.7.117 52 3 Member online S50N S50N 4.7.7.117 52 4 Standby online S50N S50N 4.7.7.117 52 5 Member online S50N S50N 4.7.7.117 52 6 Mgmt online S50N S50N 4.7.7.117 52 7 Member online S50N S50N 4.7.7.117 52 Force10(standby)#reset ? <<Standby management unit stack-unit Unit number Force10(standby)#reset stack-unit ? <0-7> Unit number id Force10(standby)#reset stack-unit 6 % Error: Reset of master unit is not allowed. <<Resetting master not allowed Force10(standby)#reset stack-unit 0 % Error: Reset of stack units from standby is not allowed.<<no reset of other member Force10(standby)# Force10(standby)#reset stack-unit 4 <<Resetting standby unit success! 00:02:50: %STKUNIT4-S:CP %CHMGR-5-STACKUNIT_RESET: Stack unit 4 being reset 00:02:50: %STKUNIT4-S:CP %CHMGR-2-STACKUNIT_DOWN: Stack unit 4 down - reset 00:02:50: %STKUNIT4-S:CP %IFMGR-1-DEL_PORT: Removed port: Gi 4/1-48 Force10(standby)#rebooting U-Boot 1.1.4 (Mar 6 2008 - 00:00:04)

Related Commands

reload upgrade (S-Series management unit)

Reboot FTOS. Reset the designated S-Series stack member.

show redundancy
s
Syntax Command Modes

Display the current redundancy configuration (status of automatic reboot configuration on stack management unit). show redundancy EXEC EXEC Privilege

Command History

Version 7.7.1.0

Introduced on S-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1511

show system stack-ports

Example

Figure 517 show redundancy Command Output

Force110#show redundancy Force10#show redundancy -- SSeries Redundancy Configuration ------------------------------------------------Auto reboot : Enabled -- Stack-unit Status ------------------------------------------------Mgmt ID: 0 Stack-unit ID: 0 Stack-unit Redundancy Role: Primary Stack-unit State: Active Stack-unit SW Version: 7.7.1.0 Link to Peer: Up -- PEER Stack-unit Status ------------------------------------------------Stack-unit State: Standby Peer stack-unit ID: 1 Stack-unit SW Version: 7.7.1.0 -- Stack-unit Redundancy Configuration ------------------------------------------------Primary Stack-unit: mgmt-id 0 Auto Data Sync: Full Failover Type: Hot Failover Auto reboot Stack-unit: Enabled Auto failover limit: 3 times in 60 minutes -- Stack-unit Failover Record ------------------------------------------------Failover Count: 0 Last failover timestamp: None Last failover Reason: None Last failover type: None -- Last Data Block Sync Record: ------------------------------------------------Line Card Config: succeeded Mar 07 1996 Start-up Config: succeeded Mar 07 1996 Runtime Event Log: succeeded Mar 07 1996 Running Config: succeeded Mar 07 1996 ACL Mgr: succeeded Mar 07 1996

00:27:39 00:27:39 00:27:39 00:27:39 00:27:39

Related Commands

redundancy disable-auto-reboot

Prevent the system from auto-rebooting if it fails.

show system stack-ports

s
Syntax Parameters

Display information about the stacking ports on all switches in the S-Series stack. show system stack-ports [status | topology] status topology
(OPTIONAL) Enter the keyword status to display the command output without the Connection field. (OPTIONAL) Enter the keyword topology to limit the table to just the Interface and Connection fields.

1512

S-Series Stacking Commands

show system stack-ports

Defaults Command Modes

No default behavior EXEC EXEC Privilege

Command History

Version 7.7.1.0

Introduced on S-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1513

show system stack-ports

Example

Figure 518 show system stack-ports Command Example

Force10# show system stack-ports Topology: Ring Interface Link Speed Admin Link (Gb/s) Status Status ---------------------------------------------------------------------------0/49 1/49 12 up up 0/50 12 up down 0/51 2/49 24 up up 1/49 0/49 12 up up 1/50 2/51 12 up up 2/49 0/51 24 up up 2/51 1/50 12 up up 2/52 12 up down Force10# Connection

Example

Figure 519 show system stack-ports status Command Example

Force10# show system stack-ports status Topology: Ring Interface Link Speed Admin Link (Gb/s) Status Status ------------------------------------------------0/49 12 up up 0/50 12 up down 0/51 24 up up 1/49 12 up up 1/50 12 up up 2/49 24 up up 2/51 12 up up 2/52 12 up down Force10#

Example

Figure 520 show system stack-ports topology Command Example

Force10# show system stack-ports topology Topology: Ring Interface Connection

---------------------0/49 1/49 0/50 0/51 2/49 1/49 0/49 1/50 2/51 2/49 0/51 2/51 1/50 2/52 Force10#

Table 148 show interfaces description Command Example Fields Field Topology Interface Admin Status Description Lists the topology of stack ports connected: Ring, Daisy chain, or Standalone The unit/port ID of the connected stack port on this unit The only currently listed status is Up.

Link Speed Link Speed of the stack port (12 or 24) in Gb/s

Connection The stack port ID to which this units stack port is connected

1514

S-Series Stacking Commands

stack-unit priority

Related Commands

reset stack-unit show hardware stack-unit show system (S-Series) upgrade (S-Series management unit)

Reset the designated S-Series stack member. Display the data plane or management plane input and output statistics of the designated component of the designated stack member. Display the current status of all stack members or a specific member. Upgrade the bootflash image or system image of the S-Series management unit.

stack-unit priority
s
Syntax Parameters

Configure the ability of an S-Series switch to become the management unit of a stack. stack-unit 0-7 priority 1-14 0-7 1-14
Enter the stack member unit identifier, from 0 to 7, of the switch on which you want to set the management priority. This preference parameter allows you to specify the management priority of one backup switch over another, with 0 the lowest priority and 14 the highest. The switch with the highest priority value will be chosen to become the management unit if the active management unit fails or on the next reload.

Defaults Command Modes Command History Related Commands

1 CONFIGURATION
Version 7.7.1.0 Introduced on S-Series

reload show system (S-Series)

Reboot FTOS. Display the current status of all stack members or a specific member.

stack-unit provision
s
Syntax Parameters

Pre-configure a logical stacking ID of a switch that will join the stack. This is an optional command that is executed on the management unit. stack-unit 0-7 provision {S25N|S25P|S25V|S50N|S50V} 0-7 S25N|S25P|S25V| |S50N|S50V
Enter a stack member identifier, from 0 to 7, of the switch that you want to add to the stack. Enter the S-Series model identifier of the switch to be added as a stack member. This identifier is also referred to as the provision type.

Defaults

When this value is not set, a switch joining the stack is given the next available sequential stack member identifier.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1515

stack-unit renumber

Command Modes Command History Related Commands

CONFIGURATION
Version 7.7.1.0 Introduced on S-Series

reload show system (S-Series)

Reboot FTOS. Display the current status of all stack members or a specific member.

stack-unit renumber
s
Syntax Parameters

Change the stack member ID of any stack member or a stand-alone S-Series. stack-unit 0-7 renumber 0-7 0-7
The first instance of this value is the stack member unit identifier, from 0 to 7, of the switch that you want add to the stack. The second instance of this value is the desired new unit identifier number.

Defaults Command Modes Command History Usage Information

none EXEC Privilege

Version 7.7.1.0 Introduced on S-Series

You can renumber any switch, including the management unit or a stand-alone unit. You cannot renumber a unit to a number of an active member in the stack. When executing this command on the master, the stack reloads. When the members are renumbered, only that specific unit will reset and come up with the new unit number.

Example

Figure 521 stack-unit renumber Command Example

S50V_7.7#stack-unit 0 renumber 2 Renumbering master unit will reload the stack. Proceed to renumber [confirm yes/ no]:

Related Commands

reload reset stack-unit show system (S-Series)

Reboot FTOS. Reset the designated S-Series stack member. Display the current status of all stack members or a specific member.

1516

S-Series Stacking Commands

upgrade system stack-unit (S-Series stack member)

s
Syntax Parameters

Copy the boot image or FTOS from the management unit to one or more stack members. upgrade {boot | system} stack-unit {all | 0-7} boot system all 0-7
Enter this keyword to copy the boot image from the management unit to the designated stack members. Enter this keyword to copy the FTOS image from the management unit to the designated stack members. Enter this keyword to copy the designated image to all stack members. Enter the unit ID of the stack member to which to copy the designated image.

Defaults Command Modes Command History Usage Information Related Commands

No configuration or default values EXEC

Version 7.7.1.0 Introduced on S-Series

You must reload FTOS after using the upgrade command.

reload reset stack-unit show system (S-Series) show version upgrade (S-Series management unit)

Reboot FTOS. Reset the designated S-Series stack member. Display the current status of all stack members or a specific member. Display the current FTOS version information on the system. Upgrade the bootflash image or system image of the S-Series management unit.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1517

upgrade system stack-unit (S-Series stack member)

1518

S-Series Stacking Commands

Chapter 57
Overview

Storm Control

The FTOS Storm Control feature allows users to limit or suppress traffic during a traffic storm (Broadcast/Unknown Unicast Rate Limiting, or Multicast on the C-Series and S-Series). Support for particular Force10 platforms (C-Series, E-Series, or S-Series) is indicated by the characters that appear below each command heading: C-Series: c E-Series: e S-Series: s

Commands
The Storm Control commands are: show storm-control broadcast show storm-control multicast show storm-control unknown-unicast storm-control broadcast (Configuration) storm-control broadcast (Interface) storm-control multicast (Configuration) storm-control multicast (Interface) storm-control unknown-unicast (Configuration) storm-control unknown-unicast (Interface)

Important Points to Remember

Interface commands can only be applied on physical interfaces (VLANs and LAG interfaces are not supported). An INTERFACE-level command only support storm control configuration on ingress. An INTERFACE-level command overrides any CONFIGURATION-level ingress command for that physical interface, if both are configured. The CONFIGURATION-level storm control commands can be applied at ingress or egress and are supported on all physical interfaces.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1519

show storm-control broadcast

When storm control is applied on an interface, the percentage of storm control applied is calculated based on the advertised rate of the line card. It is not based on the speed setting for the line card. Do not apply per-VLAN QoS on an interface that has storm control enabled (either on an interface or globally). When broadcast storm control is enabled on an interface or globally on ingress, and DSCP marking for a DSCP value 1 is configured for the data traffic, the traffic will go to queue 1 instead of queue 0. Similarly, if unicast storm control is enabled on an interface or globally on ingress, and DSCP marking for a DSCP value 2 is configured for the data traffic, the traffic will go to queue 2 instead of queue 0.

Note: Bi-directional traffic (unknown unicast and broadcast), along with egress storm
control, causes the configured traffic rates to be split between the involved ports. The percentage of traffic that each port receives after the split is not predictable. These ports can be in the same/different port pipes, or the same/different line cards.

show storm-control broadcast

ces
Syntax Parameters

Display the storm control broadcast configuration. show storm-control broadcast [interface] interface
(OPTIONAL) Enter one of the following interfaces to display the interface specific storm control configuration. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a SONET interface, enter the keyword sonet followed by the slot/port information. Fast Ethernet is not supported.

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History

Version 7.6.1.0 Version 7.5.1.0 Version 6.5.1.0

Introduced on S-Series Introduced on C-Series Introduced on E-Series

1520

Storm Control

show storm-control multicast

Example

Figure 522 show storm-control broadcast Command Example (E-Series)

Force10#show storm-control broadcast gigabitethernet 11/11 Broadcast storm control configuration Interface Direction Percentage Wred Profile -------------------------------------------------------------Gi 11/11 Ingress 5.6 Gi 11/11 Force10# Egress 5.6 -

Example

Figure 523 show storm-control broadcast Command Example (C-Series)

Force10#show storm-control broadcast gigabitethernet 3/24 Broadcast storm control configuration Interface Direction Packets/Second ----------------------------------------------Gi 3/24 Ingress 1000 Force10#

show storm-control multicast

cs
Syntax Parameters

Display the storm control multicast configuration. show storm-control multicast [interface] interface
(OPTIONAL) Enter one of the following interfaces to display the interface specific storm control configuration. For Fast Ethernet, enter the keyword Fastethernet followed by the slot/poort information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History

Version 7.6.1.0

Introduced on C-Series and S-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1521

show storm-control unknown-unicast

Example

Figure 524 show storm-control multicast Command Example

Force10#show storm-control multicast gigabitethernet 1/0 Multicast storm control configuration Interface Direction Packets/Second ----------------------------------------------Gi 1/0 Ingress 5 Force10#

show storm-control unknown-unicast

ces
Syntax Parameters

Display the storm control unknown-unicast configuration show storm-control unknown-unicast [interface ] interface
(OPTIONAL) Enter one of the following interfaces to display the interface specific storm control configuration. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a SONET interface, enter the keyword sonet followed by the slot/port information. Fast Ethernet is not supported.

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History

Version 7.6.1.0 Version 7.5.10 Version 6.5.1.0

Introduced on S-Series Introduced on C-Series Introduced on E-Series

1522

Storm Control

storm-control broadcast (Configuration)

Example E-Series

Figure 525 show storm-control unknown-unicast Command Example (E-Series)

Force10#show storm-control unknown-unicast gigabitethernet 11/1 Unknown-unicast storm control configuration Interface Direction Percentage Wred Profile -------------------------------------------------------------Gi 11/1 Ingress 5.9 Gi 11/1 Force10# Egress 5.7 w8

Example C-Series

Figure 526 show storm-control unknown-unicast Command Example (C-Series)

Force10#Force10#show storm-control unknown-unicast gigabitethernet 3/0 Unknown-unicast storm control configuration Interface Direction Packets/Second ----------------------------------------------Gi 3/0 Ingress 1000 Force10#

storm-control broadcast (Configuration)

ces
Syntax

Configure the percentage of broadcast traffic allowed in or out of the network. storm-control broadcast [percentage decimal_value in | out] | [wred-profile name]] [packets_per_second in] To disable broadcast rate-limiting, use the storm-control broadcast [percentage decimal_value in | out] | [wred-profile name]] [packets_per_second in] command.

Parameters

percentage decimal_value in | out

E-Series Only: Enter the percentage of broadcast traffic allowed in or out of the network. Optionally, you can designate a decimal value percentage, for example, 55.5%. Percentage: 0 to 100 0 % blocks all related traffic 100% allows all traffic into the interface Decimal Range: .1 to .9 E-Series Only: (Optionally) Enter the keyword wred-profile followed by the profile name to designate a wred-profile. C-Series and S-Series Only: Enter the packets per second of broadcast traffic allowed into the network. Range: 0 to 33554431

wred-profile name packets_per_second in

Defaults Command Modes

No default behavior or values CONFIGURATION (conf)

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1523

storm-control broadcast (Interface)

Command History

Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 Version 6.5.1.0

Introduced on S-Series Introduced on C-Series E-Series Only: Added percentage decimal value option Introduced on E-Series

Usage Information

Broadcast storm control is valid on Layer 2/Layer 3 interfaces only. Layer 2 broadcast traffic is treated as unknown-unicast traffic.

storm-control broadcast (Interface)

ces
Syntax

Configure the percentage of broadcast traffic allowed on an interface (ingress only). storm-control broadcast [percentage decimal_value in] |[wred-profile name]] [packets_per_second in] To disable broadcast storm control on the interface, use the no storm-control broadcast [percentage {decimal_value} in] |[wred-profile name]] [packets_per_second in] command.

Parameters

percentage decimal_value in

E-Series Only: Enter the percentage of broadcast traffic allowed in to the network. Optionally, you can designate a decimal value percentage, for example, 55.5%. Percentage: 0 to 100 0 % blocks all related traffic 100% allows all traffic into the interface Decimal Range: .1 to .9 E-Series Only: (Optionally) Enter the keyword wred-profile followed by the profile name to designate a wred-profile. C-Series and S-Series Only: Enter the packets per second of broadcast traffic allowed into the network. Range: 0 to 33554431

wred-profile name packets_per_second in

Defaults Command Modes Command History

No default behavior or values INTERFACE (conf-if-interface-slot/port)

Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 Version 6.5.1.0 Introduced on S-Series Introduced on C-Series E-Series Only: Added percentage decimal value option Introduced on E-Series

1524

Storm Control

storm-control multicast (Configuration)

cs
Syntax

Configure the packets per second (pps) of multicast traffic allowed in to the C-Series and S-Series networks only. storm-control multicast packets_per_second in To disable storm-control for multicast traffic into the network, use the no storm-control multicast packets_per_second in command.

Parameters

packets_per_second in

C-Series and S-Series Only: Enter the packets per second of multicast traffic allowed into the network followed by the keyword in. Range: 0 to 33554431

Defaults Command Modes Command History Usage Information

No default behavior or values CONFIGURATION (conf)

Version 7.6.1.0 Introduced on C-Series and S-Series only

Broadcast traffic (all 0xFs) should be counted against broadcast storm control meter, not against the multicast storm control meter. It is possible, however, that some multicast control traffic may get dropped when storm control thresholds are exceeded.

storm-control multicast (Interface)

cs
Syntax

Configure the percentage of multicast traffic allowed on an C-Series or S-Series interface (ingress only) network only. storm-control multicast packets_per_second in To disable multicast storm control on the interface, use the no storm-control multicast packets_per_second in command.

Parameters

packets_per_second in

C-Series and S-Series Only: Enter the packets per second of broadcast traffic allowed into the network. Range: 0 to 33554431

Defaults Command Modes Command History

No default behavior or values INTERFACE (conf-if-interface-slot/port)

Version 7.6.1.0 Introduced on C-Series and S-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1525

storm-control unknown-unicast (Configuration)

ces
Syntax

Configure the percentage of unknown-unicast traffic allowed in or out of the network. storm-control unknown-unicast [percentage decimal_value [in | out]] | [wred-profile name]] [packets_per_second in] To disable storm control for unknown-unicast traffic, use the no storm-control unknown-unicast [percentage decimal_value [in | out] | [wred-profile name]] [packets_per_second in] command.

Parameters

percentage decimal_value [in | out]

wred-profile name packets_per_second in

Defaults Command Modes Command History

No default behavior or values CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 Version 6.5.1.0 Introduced on S-Series Introduced on C-Series E-Series Only: Added percentage decimal value option Introduced on E-Series

Usage Information

Unknown Unicast Strom-Control is valid for Layer 2 and Layer 2/Layer 3 interfaces.

storm-control unknown-unicast (Interface)

ces
Syntax

Configure percentage of unknown-unicast traffic allowed on an interface (ingress only). storm-control unknown-unicast [percentage decimal_value in] | [wred-profile name]] [packets_per_second in] To disable unknown-unicast storm control on the interface, use the no storm-control unknown-unicast [percentage decimal_value in] | [wred-profile name]] [packets_per_second in] command.

1526

Storm Control

storm-control unknown-unicast (Interface)

Parameters

percentage decimal_value in

wred-profile name packets_per_second in

Defaults Command Modes Command History

No default behavior or values INTERFACE (conf-if-interface-slot/port)

Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 Version 6.5.1.0 Introduced on S-Series Introduced on C-Series E-Series Only: Added percentage decimal value option Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1527

storm-control unknown-unicast (Interface)

1528

Storm Control

Chapter 58 Spanning Tree Protocol (STP)

Overview
The commands in this chapter configure and monitor the IEEE 802.1d Spanning Tree protocol (STP) and are supported on all three Force10 switch/routing platforms, as indicated by the c , e, and s characters under the command headings:

Commands
bridge-priority debug spanning-tree description disable forward-delay hello-time max-age protocol spanning-tree show config show spanning-tree 0 spanning-tree 0

bridge-priority
ces
Syntax

Set the bridge priority of the switch in an IEEE 802.1D Spanning Tree. bridge-priority {priority-value | primary | secondary} To return to the default value, enter no bridge-priority.

Parameters

priority-value

Enter a number as the bridge priority value. Range: 0 to 65535. Default: 32768.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1529

debug spanning-tree

primary secondary priority-value = 32768

Enter the keyword primary to designate the bridge as the root bridge. Enter the keyword secondary to designate the bridge as a secondary root bridge.

Defaults Command Modes Command History

SPANNING TREE (The prompt is config-stp.)

Version 7.7.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

debug spanning-tree
ces
Syntax

Enable debugging of Spanning Tree Protocol and view information on the protocol. debug spanning-tree {stp-id [all | bpdu | config | events | exceptions | general | root] | protocol} To disable debugging, enter no debug spanning-tree.

Parameters

stp-id protocol all bpdu config events general root

Enter zero (0). The switch supports one Spanning Tree group with a group ID of 0. Enter the keyword for the type of STP to debug, either mstp, pvst, or rstp. (OPTIONAL) Enter the keyword all to debug all spanning tree operations. (OPTIONAL) Enter the keyword bpdu to debug Bridge Protocol Data Units. (OPTIONAL) Enter the keyword config to debug configuration information. (OPTIONAL) Enter the keyword events to debug STP events. (OPTIONAL) Enter the keyword general to debug general STP operations. (OPTIONAL) Enter the keyword root to debug STP root transactions.

Command Modes Command History

EXEC Privilege
Version 7.7.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information Related Commands

When you enable debug spanning-tree bpdu for multiple interfaces, the software only sends information on BPDUs for the last interface specified.
protocol spanning-tree Enter SPANNING TREE mode on the switch.

1530

Spanning Tree Protocol (STP)

description

description
ces
Syntax

Enter a description of the Spanning Tree description {description} To remove the description from the Spanning Tree, use the no description {description} command.

Parameters

description

Enter a description to identify the Spanning Tree (80 characters maximum).

Defaults Command Modes Command History Related Commands

No default behavior or values SPANNING TREE (The prompt is config-stp.)

pre-7.7.1.0 Introduced

protocol spanning-tree

Enter SPANNING TREE mode on the switch.

disable
ces
Syntax

Disable Spanning Tree Protocol globally on the switch. disable To enable Spanning Tree Protocol, enter no disable.

Defaults Command Modes Command History

Enabled (that is, Spanning Tree Protocol is disabled.) SPANNING TREE

Version 7.7.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series Enter SPANNING TREE mode.

Related Commands

protocol spanning-tree

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1531

forward-delay

forward-delay
ces
Syntax

The amount of time the interface waits in the Listening State and the Learning State before transitioning to the Forwarding State. forward-delay seconds To return to the default setting, enter no forward-delay.

Parameters

seconds

Enter the number of seconds the FTOS waits before transitioning STP to the forwarding state. Range: 4 to 30 Default: 15 seconds.

Defaults Command Modes Command History

15 seconds SPANNING TREE

Version 7.7.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series Change the wait time before STP refreshes protocol configuration information. Change the time interval between BPDUs.

Related Commands

max-age hello-time

hello-time
ces
Syntax

Set the time interval between generation of Spanning Tree Bridge Protocol Data Units (BPDUs). hello-time seconds To return to the default value, enter no hello-time.

Parameters

seconds

Enter a number as the time interval between transmission of BPDUs. Range: 1 to 10. Default: 2 seconds.

Defaults Command Modes Command History

2 seconds SPANNING TREE

Version 7.7.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

1532

Spanning Tree Protocol (STP)

max-age

Related Commands

forward-delay max-age

Change the wait time before STP transitions to the Forwarding state. Change the wait time before STP refreshes protocol configuration information.

max-age
ces
Syntax

Set the time interval for the Spanning Tree bridge to maintain configuration information before refreshing that information. max-age seconds To return to the default values, enter no max-age.

Parameters

seconds

Enter a number of seconds the FTOS waits before refreshing configuration information. Range: 6 to 40 Default: 20 seconds.

Defaults Command Modes Command History

20 seconds SPANNING TREE

Version 7.7.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series Change the wait time before STP transitions to the Forwarding state. Change the time interval between BPDUs.

Related Commands

forward-delay hello-time

protocol spanning-tree
ces
Syntax

Enter the SPANNING TREE mode to enable and configure the Spanning Tree group. protocol spanning-tree stp-id To disable the Spanning Tree group, enter no protocol spanning-tree stp-id command.

Parameters

stp-id Not configured. CONFIGURATION

Enter zero (0). FTOS supports one Spanning Tree group, group 0.

Defaults Command Modes

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1533

show config

Command History

Version 7.7.1.0 Version 7.5.1.0 pre-Version 6.2.1.1

Introduced on S-Series Introduced on C-Series Introduced on E-Series

Example

Figure 527 protocol spanning-tree Command Example

Force10(conf)#protocol spanning-tree 0 Force10(config-stp)#

Usage Information Related Commands

STP is not enabled when you enter the SPANNING TREE mode. To enable STP globally on the switch, enter no disable from the SPANNING TREE mode.
disable Disable Spanning Tree group 0. To enable Spanning Tree group 0, enter no disable.

show config
ces
Syntax Command Modes Command History

Display the current configuration for the mode. Only non-default values are displayed. show config SPANNING TREE
Version 7.7.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

Example

Figure 528 show config Command for the SPANNING TREE Mode
Force10(config-stp)#show config protocol spanning-tree 0 no disable Force10(config-stp)#

1534

Spanning Tree Protocol (STP)

show spanning-tree 0

show spanning-tree 0
ces
Syntax Parameters

Display the Spanning Tree group configuration and status of interfaces in the Spanning Tree group. show spanning-tree 0 [active | brief | guard | interface interface | root | summary] 0 active brief guard interface interface
Enter 0 (zero) to display information about that specific Spanning Tree group. (OPTIONAL) Enter the keyword active to display only active interfaces in Spanning Tree group 0. (OPTIONAL) Enter the keyword brief to display a synopsis of the Spanning Tree group configuration information. (OPTIONAL) Enter the keyword guard to display the type of guard enabled on an STP interface and the current port state. (OPTIONAL) Enter the keyword interface and the type slot/port of the interface you want displayed. Type slot/port options are the following: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a SONET interface, enter the keyword sonet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

root summary

(OPTIONAL) Enter the keyword root to display configuration information on the Spanning Tree group root. (OPTIONAL) Enter the keyword summary to only the number of ports in the Spanning Tree group and their state.

Command Modes Usage Information Command History

EXEC Privilege You must enable Spanning Tree group 0 prior to using this command.

Version 8.5.1.0 Version 8.4.2.1 Version 7.7.1.0 Version 7.5.1.0 pre-Version 6.2.1.1

Support for the optional guard keyword was added on the E-Series ExaScale. Support for the optional guard keyword was added on the C-Series, S-Series, and E-Series TeraScale. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1535

show spanning-tree 0

Example

Figure 529 show spanning-tree 0 Command Example

Force10#show spann 0 Executing IEEE compatible Spanning Tree Protocol Bridge Identifier has priority 32768, Address 0001.e800.0a56 Configured hello time 2, max age 20, forward delay 15 We are the root of the spanning tree Current root has priority 32768 address 0001.e800.0a56 Topology change flag set, detected flag set Number of topology changes 1 last change occurred 0:00:05 ago from GigabitEthernet 1/3 Timers: hold 1, topology change 35 hello 2, max age 20, forward_delay 15 Times: hello 1, topology change 1, notification 0, aging 2 Port 26 (GigabitEthernet 1/1) is Forwarding Port path cost 4, Port priority 8, Port Identifier 8.26 Designated root has priority 32768, address 0001.e800.0a56 Designated bridge has priority 32768, address 0001.e800.0a56 Designated port id is 8.26, designated path cost 0 Timers: message age 0, forward_delay 0, hold 0 Number of transitions to forwarding state 1 BPDU: sent:18, received 0 The port is not in the portfast mode Port 27 (GigabitEthernet 1/2) is Forwarding Port path cost 4, Port priority 8, Port Identifier 8.27 Designated root has priority 32768, address 0001.e800.0a56 Designated bridge has priority 32768, address 0001.e800.0a56 Designated port id is 8.27, designated path cost 0 Timers: message age 0, forward_delay 0, hold 0 Number of transitions to forwarding state 1 BPDU: sent:18, received 0 The port is not in the portfast mode Port 28 (GigabitEthernet 1/3) is Forwarding Port path cost 4, Port priority 8, Port Identifier 8.28 Designated root has priority 32768, address 0001.e800.0a56 Designated bridge has priority 32768, address 0001.e800.0a56 Designated port id is 8.28, designated path cost 0 Timers: message age 0, forward_delay 0, hold 0 Number of transitions to forwarding state 1 BPDU: sent:31, received 0 The port is not in the portfast mode Force10#

Table 149 show spanning-tree 0 Command Information Field

Bridge Identifier.. Configured hello... We are... Current root... Topology flag.. Number of ...

Description
Lists the bridge priority and the MAC address for this STP bridge. Displays the settings for hello time, max age, and forward delay. States whether this bridge is the root bridge for the STG. Lists the bridge priority and MAC address for the root bridge. States whether the topology flag and the detected flag were set. Displays the number of topology changes, the time of the last topology change, and on what interface the topology change occurred. Lists the values for the following bridge timers: hold time, topology change, hello time, max age, and forward delay.

Timers

1536

Spanning Tree Protocol (STP)

show spanning-tree 0

Table 149 show spanning-tree 0 Command Information Field

Times

Description
List the number of seconds since the last: hello time topology change notification aging

Port 1... Port path... Designated root... Designated port...

Displays the Interface type slot/port information and the status of the interface (Disabled or Enabled). Displays the path cost, priority, and identifier for the interface. Displays the priority and MAC address of the root bridge of the STG that the interface belongs. Displays the designated port ID

Figure 530 show spanning-tree 0 brief Command Example

Force10#show span 0 brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768 Address 0001.e800.0a56 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 0001.e800.0a56 Configured hello time 2, max age 20, forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID -------------- ------ ---- ---- --- --------------------Gi 1/1 8.26 8 4 FWD 0 32768 0001.e800.0a56 Gi 1/2 8.27 8 4 FWD 0 32768 0001.e800.0a56 Gi 1/3 8.28 8 4 FWD 0 32768 0001.e800.0a56 Force10#

PortID -----8.26 8.27 8.28

Figure 531 show spanning-tree 0 guard Command Example

Force10#show spanning-tree 0 guard Interface Name Instance Sts --------- ---------------Gi 0/1 0 INCON(Root) Gi 0/2 0 LIS Gi 0/3 0 EDS (Shut)

Guard type ---------Rootguard Loopguard Bpduguard

Table 150 show spanning-tree 0 guard Command Example Information Field

Interface Name Instance Sts Guard Type

Description
STP interface STP 0 instance Port state: root-inconsistent (INCON Root), forwarding (FWD), listening (LIS), blocking (BLK), or shut down (EDS Shut) Type of STP guard configured (Root, Loop, or BPDU guard)

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1537

spanning-tree 0

spanning-tree 0
ces
Syntax

Assigns a Layer 2 interface to STP instance 0 and configures a port cost or port priority, or enables loop guard, root guard, or the Portfast feature on the interface. spanning-tree stp-id {cost cost | {loopguard | rootguard} | portfast [bpduguard [shutdown-on-violation]] | priority priority} stp-id cost cost
Enter the STP instance ID. Range: 0 Enter the keyword cost followed by a number as the cost. Range: 1 to 65535 Defaults: 100 Mb/s Ethernet interface = 19 1-Gigabit Ethernet interface = 4 10-Gigabit Ethernet interface = 2 Port Channel interface with 100 Mb/s Ethernet = 18 Port Channel interface with 1-Gigabit Ethernet = 3 Port Channel interface with 10-Gigabit Ethernet = 1 Enter the keyword loopguard to enable STP loop guard on a port or port-channel interface. Enter the keyword rootguard to enable STP root guard on a port or port-channel interface. Enter the keyword portfast to enable Portfast to move the interface into forwarding mode immediately after the root fails. Enter the optional keyword bpduguard to disable the port when it receives a BPDU. Enter the optional keyword shutdown-on-violation to hardware disable an interface when a BPDU is received and the port is disabled. Enter keyword priority followed by a number as the priority. Range: zero (0) to 15. Default: 8

Parameters

loopguard rootguard portfast [bpduguard [shutdown-onviolation]] priority priority

Defaults Command Modes Command History

cost = depends on the interface type; priority = 8 INTERFACE

Version 8.5.1.0 Version 8.4.2.1 Version 8.2.1.0 Version 7.7.1.0 Version 7.5.1.0 Version 6.2.1.1 Introduced the loopguard and rootguard options on the E-Series ExaScale. Introduced the loopguard and rootguard options on the E-Series TeraScale, C-Series, and S-Series. Introduced shutdown-on-violation option. Introduced on S-Series. Introduced on C-Series. Introduced.

1538

Spanning Tree Protocol (STP)

spanning-tree 0

Usage Information

If you enable portfast bpduguard on an interface and the interface receives a BPDU, the software disables the interface and sends a message stating that fact. The port is in ERR_DISABLE mode, yet appears in the show interface commands as enabled. If shutdown-on-violation is not enabled, BPDUs will still be sent to the RPM CPU. STP loop guard and root guard are supported on a port or port-channel enabled in any Spanning Tree mode: Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), Multiple Spanning Tree Protocol (MSTP), and Per-VLAN Spanning Tree Plus (PVST+). Root guard is supported on any STP-enabled port or port-channel except when used as a stacking port. When enabled on a port, root guard applies to all VLANs configured on the port. STP root guard and loop guard cannot be enabled at the same time on a port. For example, if you configure loop guard on a port on which root guard is already configured, the following error message is displayed:
% Error: RootGuard is configured. Cannot configure LoopGuard.

Do not enable Portfast BPDU guard and loop guard at the same time on a port. Enabling both features may result in a port that remains in a blocking state and prevents traffic from flowing through it. For example, when Portfast BPDU guard and loop guard are both configured: If a BPDU is received from a remote device, BPDU guard places the port in an err-disabled blocking state and no traffic is forwarded on the port. If no BPDU is received from a remote device, loop guard places the port in a loop-inconsistent blocking state and no traffic is forwarded on the port.

To display the type of STP guard (Portfast BPDU, root, or loop guard) enabled on a port, enter the show spanning-tree 0 command.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1539

spanning-tree 0

1540

Spanning Tree Protocol (STP)

Chapter 59

Time and Network Time Protocol (NTP)

Overview
The commands in this chapter configure time values on the system, either using FTOS, or the hardware, or using the Network Time Protocol (NTP). With NTP, the switch can act only as a client to an NTP clock host. For details, see the Network Time Protocol section of the Management chapter in the FTOS Configuration Guide. The commands in this chapter are generally supported on the C-Series, E-Series, and S-Series, with some exceptions, as noted in the Command History fields and by these symbols under the command headings: c e s

Commands
calendar set clock read-calendar clock set clock summer-time date clock summer-time recurring clock timezone clock update-calendar debug ntp ntp authenticate ntp authentication-key ntp broadcast client ntp disable ntp multicast client ntp server ntp source ntp trusted-key ntp update-calendar show calendar show clock show ntp associations

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1541

calendar set

show ntp status

calendar set
ces
Syntax Parameters

Set the time and date for the switch hardware clock. calendar set time month day year time month
Enter the time in hours:minutes:seconds. For the hour variable, use the 24-hour format, for example, 17:15:00 is 5:15 pm. Enter the name of one of the 12 months in English. You can enter the name of a day to change the order of the display to time day month year.

day

Enter the number of the day. Range: 1 to 31. You can enter the name of a month to change the order of the display to time day month year.

year

Enter a four-digit number as the year. Range: 1993 to 2035.

Command Modes Command History

EXEC Privilege
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Support added for S-Series Support added for C-Series Introduced for E-Series

Example

Figure 532 calendar set Command Example

Force10#calendar set 08:55:00 june 18 2006 Force10#

Usage Information

You can change the order of the month and day parameters to enter the time and date as time day month year. In the switch, the hardware clock is separate from the software and is called the calendar. This hardware clock runs continuously. After the hardware clock (the calendar) is set, the FTOS automatically updates the software clock after system bootup.You cannot delete the hardware clock (calendar). To manually update the software with the hardware clock, use the command clock read-calendar.

Related Commands

clock read-calendar clock set clock update-calendar show clock

Set the software clock based on the hardware clock. Set the software clock. Set the hardware clock based on the software clock. Display clock settings.

1542

Time and Network Time Protocol (NTP)

clock read-calendar

clock read-calendar
ces
Syntax Defaults Command Modes Command History

Set the software clock on the switch from the information set in hardware clock (calendar). clock read-calendar Not configured. EXEC Privilege
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Support added for S-Series Support added for C-Series Introduced for E-Series

Usage Information

In the switch, the hardware clock is separate from the software and is called the calendar. This hardware clock runs continuously. After the hardware clock (the calendar) is set, the FTOS automatically updates the software clock after system bootup. You cannot delete this command (that is, there is not a no version of this command).

clock set
ces
Syntax Parameters

Set the software clock in the switch. clock set time month day year time month
Enter the time in hours:minutes:seconds. For the hour variable, use the 24-hour format, example, 17:15:00 is 5:15 pm. Enter the name of one of the 12 months, in English. You can enter the number of a day and change the order of the display to time day month year.

day

Enter the number of the day. Range: 1 to 31. You can enter the name of a month to change the order of the display to time month day year.

year

Enter a four-digit number as the year. Range: 1993 to 2035.

Defaults Command Modes Command History

Not configured EXEC Privilege

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Support added for S-Series Support added for C-Series Introduced for E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1543

clock summer-time date

Example

Figure 533 clock set Command Example

Force10#clock set 16:20:00 19 may 2001 Force10#

Usage Information

You can change the order of the month and day parameters to enter the time and date as time day month year. You cannot delete the software clock. The software clock runs only when the software is up. The clock restarts, based on the hardware clock, when the switch reboots. Force10 Networks recommends that you use an outside time source, such as NTP, to ensure accurate time on the switch.

Related Commands

ntp update-calendar

Set the switch using the NTP settings.

clock summer-time date

ces
Syntax

Set a date (and time zone) on which to convert the switch to daylight savings time on a one-time basis. clock summer-time time-zone date start-month start-day start-year start-time end-month end-day end-year end-time [offset] To delete a daylight savings time zone configuration, enter no clock summer-time.

Parameters

time-zone start-month

Enter the three-letter name for the time zone. This name is displayed in the show clock output. Enter the name of one of the 12 months in English. You can enter the name of a day to change the order of the display to time day month year.

start-day

Enter the number of the day. Range: 1 to 31. You can enter the name of a month to change the order of the display to time day month year.

start-year start-time end-day

Enter a four-digit number as the year. Range: 1993 to 2035. Enter the time in hours:minutes. For the hour variable, use the 24-hour format, example, 17:15 is 5:15 pm. Enter the number of the day. Range: 1 to 31. You can enter the name of a month to change the order of the display to time day month year.

end-month

Enter the name of one of the 12 months in English. You can enter the name of a day to change the order of the display to time day month year.

1544

Time and Network Time Protocol (NTP)

clock summer-time recurring

end-time end-year offset

Enter the time in hours:minutes. For the hour variable, use the 24-hour format, example, 17:15 is 5:15 pm. Enter a four-digit number as the year. Range: 1993 to 2035. (OPTIONAL) Enter the number of minutes to add during the summer-time period. Range: 1 to1440. Default: 60 minutes

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Support added for S-Series Support added for C-Series Introduced for E-Series Set the hardware clock. Set a date (and time zone) on which to convert the switch to daylight savings time each year. Display the current clock settings.

Related Commands

calendar set clock summer-time recurring show clock

clock summer-time recurring

ces
Syntax

Set the software clock to convert to daylight savings time on a specific day each year. clock summer-time time-zone recurring [start-week start-day start-month start-time end-week end-day end-month end-time [offset]] To delete a daylight savings time zone configuration, enter no clock summer-time.

Parameters

time-zone

Enter the three-letter name for the time zone. This name is displayed in the show clock output. You can enter up to eight characters. (OPTIONAL) Enter one of the following as the week that daylight savings begins and then enter values for start-day through end-time:

start-week

week-number: Enter a number from 1-4 as the number of the week in the
month to start daylight savings time. first: Enter this keyword to start daylight savings time in the first week of the month. last: Enter this keyword to start daylight savings time in the last week of the month.

start-day

Enter the name of the day that you want daylight saving time to begin. Use English three letter abbreviations, for example, Sun, Sat, Mon, etc. Range: Sun Sat Enter the name of one of the 12 months in English. Enter the time in hours:minutes. For the hour variable, use the 24-hour format, example, 17:15 is 5:15 pm.

start-month start-time

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1545

clock timezone

end-week

Enter the one of the following as the week that daylight savings ends:

week-number: enter a number from 1-4 as the number of the week to end
daylight savings time.

first: enter the keyword first to end daylight savings time in the first week of
the month. last: enter the keyword last to end daylight savings time in the last week of the month.

end-day

Enter the weekday name that you want daylight saving time to end. Enter the weekdays using the three letter abbreviations, for example Sun, Sat, Mon etc. Range: Sun to Sat Enter the name of one of the 12 months in English. Enter the time in hours:minutes:seconds. For the hour variable, use the 24-hour format, example, 17:15:00 is 5:15 pm. (OPTIONAL) Enter the number of minutes to add during the summer-time period. Range: 1 to 1440. Default: 60 minutes.

end-month end-time offset

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 pre-Version 6.1.1.0 Support added for S-Series Support added for C-Series Updated the start-day and end-day options to allow for using the three-letter abbreviation of the weekday name. Introduced for E-Series Set the hardware clock. Set a date (and time zone) on which to convert the switch to daylight savings time on a one-time basis. Display the current clock settings.

Related Commands

calendar set clock summer-time date show clock

clock timezone
ces
Syntax

Configure a timezone for the switch. clock timezone timezone-name offset To delete a timezone configuration, enter no clock timezone.

Parameters

timezone-name offset

Enter the name of the timezone. You cannot use spaces. Enter one of the following: a number from 1 to 23 as the number of hours in addition to UTC for the timezone. a minus sign (-) followed by a number from 1 to 23 as the number of hours

1546

Time and Network Time Protocol (NTP)

clock update-calendar

Default Command Modes Command History

Not configured. CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Support added for S-Series Support added for C-Series Introduced for E-Series

Usage Information

Coordinated Universal Time (UTC) is the time standard based on the International Atomic Time standard, commonly known as Greenwich Mean time. When determining system time, you must include the differentiator between UTC and your local timezone. For example, San Jose, CA is the Pacific Timezone with a UTC offset of -8.

clock update-calendar
ces
Syntax Defaults Command Modes Command History

Set the switch hardware clock based on the software clock. clock update-calendar Not configured. EXEC Privilege
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Support added for S-Series Support added for C-Series Introduced for E-Series

Usage Information

Use this command only if you are sure that the hardware clock is inaccurate and the software clock is correct. You cannot delete this command (that is, there is not a no form of this command).
calendar set Set the hardware clock.

Related Commands

debug ntp
ces
Syntax

Display Network Time Protocol (NTP) transactions and protocol messages for troubleshooting. debug ntp {adjust | all | authentication | events | loopfilter | packets | select | sync} To disable debugging of NTP transactions, use the no debug ntp {adjust | all | authentication | events | loopfilter | packets | select | sync} command.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1547

ntp authenticate

Parameters

adjust all authentication events loopfilter packets select sync

Enter the keyword adjust to display information on NTP clock adjustments. Enter the keyword all to display information on all NTP transactions. Enter the keyword authentication to display information on NTP authentication transactions. Enter the keyword events to display information on NTP events. Enter the keyword loopfilter to display information on NTP local clock frequency. Enter the keyword packets to display information on NTP packets. Enter the keyword select to display information on the NTP clock selection. Enter the keyword sync to display information on the NTP clock synchronization.

Command Modes Command History

EXEC Privilege
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Support added for S-Series Support added for C-Series Introduced for E-Series

ntp authenticate
ces
Syntax

Enable authentication of NTP traffic between the switch and the NTP time serving hosts. ntp authenticate To disable NTP authentication, enter no ntp authentication.

Defaults Command Modes Command History

Not enabled. CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Support added for S-Series Support added for C-Series Introduced for E-Series

Usage Information Related Commands

You also must configure an authentication key for NTP traffic using the ntp authentication-key command.
ntp authentication-key ntp trusted-key Configure authentication key for NTP traffic. Configure a key to authenticate

1548

Time and Network Time Protocol (NTP)

ntp authentication-key

ntp authentication-key
ces
Syntax Parameters

Specify a key for authenticating the NTP server. ntp authentication-key number md5 [0 | 7] key number
Specify a number for the authentication key. Range: 1 to 4294967295. This number must be the same as the number parameter configured in the ntp trusted-key command. Specify that the authentication key will be encrypted using MD5 encryption algorithm. Specify that authentication key will be entered in an unencrypted format (default). Specify that the authentication key will be entered in DES encrypted format. Enter the authentication key in the previously specified format.

md5 0 7 key
Defaults

NTP authentication is not configured by default. If you do not specify the option [0 | 7], 0 is selected by default. CONFIGURATION
Version 8.2.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Added options [0 | 7] for entering authentication key. Support added for S-Series Support added for C-Series Introduced for E-Series

Command Modes Command History

Usage Information

After configuring the ntp authentication-key command, configure the ntp trusted-key command to complete NTP authentication. FTOS versions 8.2.1.0 and later use an encryption algorithm to store the authentication key that is different from previous FTOS versions; beginning in version 8.2.1.0, FTOS uses DES encryption to store the key in the startup-config when you enter the command ntp authentication-key. Therefore, if your system boots with a startup-configuration from an FTOS versions prior to 8.2.1.0 in which you have configured ntp authentication-key, the system cannot correctly decrypt the key, and cannot authenticate NTP packets. In this case you must re-enter this command and save the running-config to the startup-config.

Related Commands

ntp authenticate ntp trusted-key

Enables NTP authentication. Configure a trusted key.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1549

ntp broadcast client

ces
Syntax

Set up the interface to receive NTP broadcasts from an NTP server. ntp broadcast client To disable broadcast, enter no ntp broadcast client.

Defaults Command Modes Command History

Disabled INTERFACE
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Support added for S-Series Support added for C-Series Introduced for E-Series

ntp disable
ces
Syntax

Prevent an interface from receiving NTP packets. ntp disable To re-enable NTP on an interface, enter no ntp disable.

Default Command Modes Command History

Disabled (that is, if an NTP host is configured, all interfaces receive NTP packets) INTERFACE
Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Support added for S-Series Support added for C-Series Introduced for E-Series

ntp multicast client

e
Syntax

Configure the switch to receive NTP information from the network via multicast. ntp multicast client [multicast-address] To disable multicast reception, use the no ntp multicast client [multicast-address] command.

Parameters

multicast-address

(OPTIONAL) Enter a multicast address. Enter either an IPv4 address in dotted decimal format or an IPv6 address in X:X:X:X::X format. If you do not enter a multicast address, the address 224.0.1.1 is configured if the interface address is IPv4 or ff05::101 is configured if the interface address is IPv6.

1550

Time and Network Time Protocol (NTP)

ntp server

Defaults Command Modes Command History

Not configured. INTERFACE

Version 8.4.1.0 pre-Version 6.1.1.0 Added support for IPv6 multicast addresses. Introduced for E-Series

ntp server
ces
Syntax

Configure an NTP time-serving host. ntp server {hostname | ipv4-address | ipv6-address} [key keyid] [prefer] [version number] ipv4-address | ipv6-address hostaname key keyid prefer version number
Enter an IPv4 address (A.B.C.D) or IPv6 address (X:X:X:X::X). Enter the hostname of the server. (OPTIONAL) Enter the keyword key and a number as the NTP peer key. Range: 1 to 4294967295 (OPTIONAL) Enter the keyword prefer to indicate that this peer has priority over other servers. (OPTIONAL) Enter the keyword version and a number to correspond to the NTP version used on the server. Range: 1 to 3

Parameters

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 8.4.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Added IPv6 support. Support added for S-Series Support added for C-Series Introduced for E-Series

Usage Information

You can configure multiple time serving hosts (up to 250). From these time serving hosts, the FTOS will choose one NTP host with which to synchronize. Use the show ntp associations to determine which server was selected. Since a large number of polls to NTP hosts can impact network performance, Force10 Networks recommends that you limit the number of hosts configured.

Related Commands

show ntp associations

Displays NTP servers configured and their status.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1551

ntp source

ntp source
ces
Syntax

Specify an interfaces IP address to be included in the NTP packets. ntp source interface To delete the configuration, enter no ntp source.

Parameters

interface

Enter the following keywords and slot/port or number information: For an 100/1000 Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For Loopback interfaces, enter the keyword loopback followed by a number from zero (0) to 16383. For a Port Channel interface, enter the keyword lag followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1to 255 for TeraScale For SONET interface types, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For VLAN interface, enter the keyword vlan followed by a number from 1 to 4094.

Defaults Command Modes Command History

Not configured. CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Support added for S-Series Support added for C-Series Introduced for E-Series

ntp trusted-key
ces
Syntax

Set a key to authenticate the system to which NTP will synchronize. ntp trusted-key number To delete the key, use the no ntp trusted-key number command.

Parameters

number

Enter a number as the trusted key ID. Range: 1 to 4294967295.

Defaults Command Modes

Not configured. CONFIGURATION

1552

Time and Network Time Protocol (NTP)

ntp update-calendar

Command History

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0

Support added for S-Series Support added for C-Series Introduced for E-Series

Usage Information

The number parameter in the ntp trusted-key command must be the same number as the number parameter in the ntp authentication-key command. If you change the ntp authentication-key command, you must also change the ntp trusted-key command.
ntp authentication-key ntp authenticate Set an authentication key for NTP. Enable the NTP authentication parameters you set.

Related Commands

ntp update-calendar
ces
Syntax

Configure the FTOS to update the calendar (the hardware clock) with the NTP-derived time. ntp update-calendar [minutes] To return to default setting, enter no ntp update-calendar.

Parameters

minutes

(OPTIONAL) Enter the number of minutes between updates from NTP to the hardware clock. Range: 1 to 1440. Default: 60 minutes.

Defaults Command Modes Command History

Not enabled. CONFIGURATION

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0 Support added for S-Series Support added for C-Series Introduced for E-Series

show calendar
ces
Syntax Command Modes

Display the current date and time based on the switch hardware clock. show calendar EXEC EXEC Privilege

Command History

Version 7.6.1.0

Support added for S-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1553

show clock

Version 7.5.1.0 pre-Version 6.1.1.0 Example

Support added for C-Series Introduced for E-Series

Figure 534 show calendar Command Example

Force10#show calendar 16:33:30 UTC Tue Jun 26 2001 Force10#

Related Commands

show clock

Display the time and date from the switch software clock.

show clock
ces
Syntax Parameters

Display the current clock settings. show clock [detail] detail

(OPTIONAL) Enter the keyword detail to view the source information of the clock.

Command Modes

EXEC EXEC Privilege

Command History

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0

Support added for S-Series Support added for C-Series Introduced for E-Series

Example

Figure 535 show clock Command Example

Force10#show clock 11:05:56.949 UTC Thu Oct 25 2001 Force10#

Example

Figure 536 show clock detail Command Example

Force10#show clock detail 12:18:10.691 UTC Wed Jan 7 2009 Time source is RTC hardware Summer time starts 02:00:00 UTC Sun Mar 8 2009 Summer time ends 02:00:00 ABC Sun Nov 1 2009 Force10#

Related Commands

clock summer-time recurring show calendar

Display the time and date from the switch hardware clock. Display the time and date from the switch hardware clock.

1554

Time and Network Time Protocol (NTP)

show ntp associations

ces
Syntax Command Modes

Display the NTP master and peers. show ntp associations EXEC EXEC Privilege

Command History

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0

Support added for S-Series Support added for C-Series Introduced for E-Series

Example

Figure 537 show ntp associations Command Example

Force10#show ntp associations remote ref clock st when poll reach delay offset disp ========================================================================== 10.10.120.5 0.0.0.0 16 - 256 0 0.00 0.000 16000.0 *172.16.1.33 127.127.1.0 11 6 16 377 -0.08 -1499.9 104.16 172.31.1.33 0.0.0.0 16 - 256 0 0.00 0.000 16000.0 192.200.0.2 0.0.0.0 16 - 256 0 0.00 0.000 16000.0 * master (synced), # master (unsynced), + selected, - candidate Force10#

Table 151 show ntp associations Command Fields Field

(none)

Description
One or more of the following symbols could be displayed: * means synchronized to this peer # means almost synchronized to this peer + means the peer was selected for possible synchronization - means the peer is a candidate for selection ~ means the peer is statically configured

remote ref clock st when poll reach delay offset disp Related Commands

Displays the remote IP address of the NTP peer. Displays the IP address of the remote peers reference clock. Displays the peers stratum, that is, the number of hops away from the external time source. A 16 in this column means the NTP peer cannot reach the time source. Displays the last time the switch received an NTP packet. Displays the polling interval (in seconds). Displays the reachability to the peer (in octal bitstream). Displays the time interval or delay for a packet to complete a round-trip to the NTP time source (in milliseconds). Displays the relative time of the NTP peers clock to the switch clock (in milliseconds). Displays the dispersion. Display current NTP status.

show ntp status

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1555

show ntp status

ces
Syntax Command Modes

Display the current NTP status. show ntp status EXEC EXEC Privilege

Command History

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.1.1.0

Support added for S-Series Support added for C-Series Introduced for E-Series

Example

Figure 538 show ntp status Command Example

Force10#sh ntp status Clock is synchronized, stratum 2, reference is 100.10.10.10 frequency is -32.000 ppm, stability is 15.156 ppm, precision is 4294967290 reference time is BC242FD5.C7C5C000 (10:15:49.780 UTC Mon Jan 10 2000) clock offset is clock offset msec, root delay is 0.01656 sec root dispersion is 0.39694 sec, peer dispersion is peer dispersion msec peer mode is client Force10#

Table 152 show ntp status Command Example Information Field

Clock is ...

Description
States whether or not the switch clock is synchronized, which NTP stratum the system is assigned and the IP address of the NTP peer. Displays the frequency (in ppm), stability (in ppm) and precision (in Hertz) of the clock in this system. Displays the reference time stamp. Displays the system offset to the synchronized peer and the time delay on the path to the NTP root clock. Displays the root and path dispersion. State what NTP mode the switch is. This should be client mode.

frequency is ... reference time is ... clock offset is ...

root dispersion is ... peer mode is ...

Related Commands

show ntp associations

Display information on NTP master and peer configurations.

1556

Time and Network Time Protocol (NTP)

Chapter 60 Uplink Failure Detection (UFD)

Overview
Uplink Failure Detection (UFD) provides detection of the loss of upstream connectivity and, if used with NIC teaming, automatic recovery from a failed link. Uplink Failure Detection is supported on platform:

s (S50 only).

Commands
clear ufd-disable debug uplink-state-group description downstream downstream auto-recover downstream disable links enable show running-config uplink-state-group show uplink-state-group uplink-state-group upstream

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1557

clear ufd-disable

clear ufd-disable
s S50 only
Syntax Parameters

Re-enable one or more downstream interfaces on the switch/router that are in a UFD-disabled error state so that an interface can send and receive traffic. clear ufd-disable {interface interface | uplink-state-group group-id} inteface interface Specifies one or more downstream interfaces. For interface, enter one of the following interface types: Fast Ethernet: fastethernet {slot/port | slot/port-range} 1-Gigabit Ethernet: gigabitethernet {slot/port |slot/port-range} 10-Gigabit Ethernet: tengigabitethernet {slot/port |slot/ port-range} Port channel: port-channel {1-512 | port-channel-range} Where port-range and port-channel-range specify a range of ports separated by a dash (-) and/or individual ports/port channels in any order; for example:
gigabitethernet 1/1-2,5,9,11-12 port-channel 1-3,5

A comma is required to separate each port and port-range entry. uplink-state-group group-id
Defaults

Re-enables all UFD-disabled downstream interfaces in the group. Valid group-id values are 1 to 16.

A downstream interface in an uplink-state group that has been disabled by UFD is disabled and in a UFD-disabled error state. CONFIGURATION
Version 8.4.2.3 Introduced on the S-Series S50.

Command Modes Command History Related Commands

downstream uplink-state-group

Assign a port or port-channel to the uplink-state group as a downstream interface. Create an uplink-state group and enabling the tracking of upstream links.

1558

Uplink Failure Detection (UFD)

debug uplink-state-group

debug uplink-state-group
s S50 only
Syntax Parameters

Enable debug messages for events related to a specified uplink-state group or all groups. debug uplink-state-group [group-id] group-id Enables debugging on the specified uplink-state group. Valid group-id values are 1 to 16.

Defaults Command Modes Command History Usage Information Related Commands

None EXEC Privilege

Version 8.4.2.3 Introduced on the S-Series S50.

To turn off debugging event messages, enter the no debug uplink-state-group [group-id] command.
clear ufd-disable

Re-enable downstream interfaces that are in a UFD-disabled error state.

description
s S50 only
Syntax Parameters

Enter a text description of an uplink-state group. description text text

Text description of the uplink-state group. Maximum length: 80 alphanumeric characters.

Defaults Command Modes Command History Related Commands

None UPLINK-STATE-GROUP
Version 8.4.2.3 Introduced on the S-Series S50.

uplink-state-group

Create an uplink-state group and enabling the tracking of upstream links.

Example

Figure 539 description Command Example

Force10(conf-uplink-state-group-16)# description test Force10(conf-uplink-state-group-16)#

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1559

downstream

downstream
s S50 only
Syntax Parameters

Assign a port or port-channel to the uplink-state group as a downstream interface. downstream interface interface Enter one of the following interface types: Fast Ethernet: fastethernet {slot/port | slot/port-range} 1-Gigabit Ethernet: gigabitethernet {slot/port | slot/port-range} 10-Gigabit Ethernet: tengigabitethernet {slot/port |slot/port-range} Port channel: port-channel {1-512 | port-channel-range} Where port-range and port-channel-range specify a range of ports separated by a dash (-) and/or individual ports/port channels in any order; for example:
gigabitethernet 1/1-2,5,9,11-12 port-channel 1-3,5

A comma is required to separate each port and port-range entry.

Defaults Command Modes Command History Usage Information

None UPLINK-STATE-GROUP
Version 8.4.2.3 Introduced on the S-Series S50.

You can assign physical port or port-channel interfaces to an uplink-state group. You can assign an interface to only one uplink-state group. Each interface assigned to an uplink-state group must be configured as either an upstream or downstream interface, but not both. You can assign individual member ports of a port channel to the group. An uplink-state group can contain either the member ports of a port channel or the port channel itself, but not both. To delete an uplink-state group, enter the no downstream interface command.

Related Commands

upstream uplink-state-group

Assign a port or port-channel to the uplink-state group as an upstream interface. Create an uplink-state group and enabling the tracking of upstream links.

1560

Uplink Failure Detection (UFD)

downstream auto-recover

downstream auto-recover
s S50 only
Syntax

Enable auto-recovery so that UFD-disabled downstream ports in an uplink-state group automatically come up when a disabled upstream port in the group comes back up. downstream auto-recover The auto-recovery of UFD-disabled downstream ports is enabled. UPLINK-STATE-GROUP
Version 8.4.2.3 Introduced on the S-Series S50.

Defaults Command Modes Command History Usage Information Related Commands

To disable auto-recovery on downstream links, enter the no downstream auto-recover command.

downstream uplink-state-group

Assign a port or port-channel to the uplink-state group as a downstream interface. Create an uplink-state group and enabling the tracking of upstream links.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1561

downstream disable links

s S50 only
Syntax Parameters

Configure the number of downstream links in the uplink-state group that will be disabled if one upstream link in an uplink-state group goes down. downstream disable links {number |all} number all Enter the number of downstream links to be brought down by UFD. Range: 1 to 1024. Brings down all downstream links in the group.

Defaults Command Modes Command History Usage Information

No downstream links are disabled when an upstream link in an uplink-state group goes down. UPLINK-STATE-GROUP
Version 8.4.2.3 Introduced on the S-Series S50.

A user-configurable number of downstream interfaces in an uplink-state group are put into a link-down state with an UFD-Disabled error message when one upstream interface in an uplink-state group goes down. If all upstream interfaces in an uplink-state group go down, all downstream interfaces in the same uplink-state group are put into a link-down state. To revert to the default setting, enter the no downstream disable links command.

Related Commands

downstream uplink-state-group

Assign a port or port-channel to the uplink-state group as a downstream interface. Create an uplink-state group and enabling the tracking of upstream links.

1562

Uplink Failure Detection (UFD)

enable

enable
s S50 only
Syntax Parameters

Re-enable upstream-link tracking for an uplink-state group after it has been disabled. enable group-id Enables debugging on the specified uplink-state group. Valid group-id values are 1 to 16.

Defaults Command Modes Command History Usage Information Related Commands

Upstream-link tracking is automatically enabled in an uplink-state group. UPLINK-STATE-GROUP

Version 8.4.2.3 Introduced on the S-Series S50.

To disable upstream-link tracking without deleting the uplink-state group, enter the no enable command.
uplink-state-group

Create an uplink-state group and enabling the tracking of upstream links.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1563

show running-config uplink-state-group

s S50 only
Syntax Parameters

Display the current configuration of one or more uplink-state groups. show running-config uplink-state-group [group-id] group-id
Displays the current configuration of all uplink-state groups or a specified group. Valid group-id values are 1 to 16.

Defaults Command Modes

None EXEC EXEC Privilege

Command History Example

Version 8.4.2.3

Introduced on the S-Series S50.

Figure 540 show running-config uplink-state-group Command Example

Force10#show running-config uplink-state-group ! no enable uplink state track 1 downstream GigabitEthernet 0/2,4,6,11-19 upstream TengigabitEthernet 0/48, 52 upstream PortChannel 1 ! uplink state track 2 downstream GigabitEthernet 0/1,3,5,7-10 upstream TengigabitEthernet 0/56,60

Related Commands

show uplink-state-group uplink-state-group

Display status information on a specified uplink-state group or all groups. Create an uplink-state group and enabling the tracking of upstream links.

show uplink-state-group
s S50 only
Syntax Parameters

Display status information on a specified uplink-state group or all groups. show uplink-state-group [group-id] [detail] group-id detail Displays status information on a specified uplink-state group or all groups. Valid group-id values are 1 to 16. Displays additional status information on the upstream and downstream interfaces in each group

Defaults

None

1564

Uplink Failure Detection (UFD)

show uplink-state-group

Command Modes

EXEC EXEC Privilege

Command History Example

Version 8.4.2.3

Introduced on the S-Series S50.

Figure 541 show uplink-state-group Command Examples

Force10# show uplink-state-group Uplink Uplink Uplink Uplink Uplink Uplink State State State State State State Group: Group: Group: Group: Group: Group: 1 3 5 6 7 16 Status: Status: Status: Status: Status: Status: Enabled, Up Enabled, Up Enabled, Down Enabled, Up Enabled, Up Disabled, Up

Force10# show uplink-state-group 16 Uplink State Group: 16 Status: Disabled, Up Force10#show uplink-state-group detail (Up): Interface up (Dwn): Interface down Uplink State Group : 1 Upstream Interfaces : Downstream Interfaces :

(Dis): Interface disabled

Status: Enabled, Up

Uplink State Group : 3 Status: Enabled, Up Upstream Interfaces : Gi 0/46(Up) Gi 0/47(Up) Downstream Interfaces : Te 13/0(Up) Te 13/1(Up) Te 13/3(Up) Te 13/5(Up) Te 13/6(Up) Uplink State Group : 5 Status: Enabled, Down Upstream Interfaces : Gi 0/0(Dwn) Gi 0/3(Dwn) Gi 0/5(Dwn) Downstream Interfaces : Te 13/2(Dis) Te 13/4(Dis) Te 13/11(Dis) Te 13/12(Dis) Te 13/13(Dis) Te 13/14(Dis) Te 13/15(Dis) Uplink State Group : 6 Upstream Interfaces : Downstream Interfaces : Uplink State Group : 7 Upstream Interfaces : Downstream Interfaces : Status: Enabled, Up

Status: Enabled, Up

Uplink State Group : 16 Status: Disabled, Up Upstream Interfaces : Gi 0/41(Dwn) Po 8(Dwn) Downstream Interfaces : Gi 0/40(Dwn)

Related Commands

show running-config uplink-state-group uplink-state-group

Display the current configuration of one or more uplink-state groups. Create an uplink-state group and enabling the tracking of upstream links.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1565

uplink-state-group

uplink-state-group
s S50 only
Syntax Parameters

Create an uplink-state group and enabling the tracking of upstream links on a switch/router. uplink-state-group group-id group-id None CONFIGURATION
Version 8.4.2.3 Introduced on the S-Series S50. Enter the ID number of an uplink-state group. Range: 1-16.

Defaults Command Modes Command History Usage Information

After you enter the command, you enter uplink-state-group configuration mode to assign upstream and downstream interfaces to the group. An uplink-state group is considered to be operationally up if at least one upstream interface in the group is in the link-up state. An uplink-state group is considered to be operationally down if no upstream interfaces in the group are in the link-up state. No uplink-state tracking is performed when a group is disabled or in an operationally down state. To delete an uplink-state group, enter the no uplink-state-group group-id command. To disable upstream-link tracking without deleting the uplink-state group, enter the no enable command in uplink-state-group configuration mode.

Related Commands

show running-config uplink-state-group show uplink-state-group

Display the current configuration of one or more uplink-state groups. Display status information on a specified uplink-state group or all groups.

Example

Figure 542 uplink-state-group Command Example

Force10(conf)#uplink-state-group 16 Force10(conf)# 02:23:17: %RPM0-P:CP %IFMGR-5-ASTATE_UP: Changed uplink state group Admin state to up: Group 16

1566

Uplink Failure Detection (UFD)

upstream

upstream
s S50 only
Syntax Parameters

Assign a port or port-channel to the uplink-state group as an upstream interface. upstream interface interface Enter one of the following interface types: Fast Ethernet: fastethernet {slot/port | slot/port-range} 1-Gigabit Ethernet: gigabitethernet {slot/port | slot/port-range} 10-Gigabit Ethernet: tengigabitethernet {slot/port |slot/port-range} Port channel: port-channel {1-512 | port-channel-range} Where port-range and port-channel-range specify a range of ports separated by a dash (-) and/or individual ports/port channels in any order; for example:
gigabitethernet 1/1-2,5,9,11-12 port-channel 1-3,5

A comma is required to separate each port and port-range entry.

Defaults Command Modes Command History Usage Information

None UPLINK-STATE-GROUP
Version 8.4.2.3 Introduced on the S-Series S50.

Related Commands

downstream uplink-state-group

Assign a port or port-channel to the uplink-state group as a downstream interface. Create an uplink-state group and enabling the tracking of upstream links.

Example

Figure 543 upstream Command Example

Force10(conf-uplink-state-group-16)# upstream gigabitethernet 1/10-15 Force10(conf-uplink-state-group-16)#

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1567

upstream

1568

Uplink Failure Detection (UFD)

Chapter 61
Overview

VLAN Stacking

With the VLAN-Stacking feature (also called Stackable VLANs and QinQ), available on all Force10 platforms (C-Series c, E-Series e, and S-Series s) that are supported by this version of FTOS, you can stack VLANs into one tunnel and switch them through the network transparently. VLAN Stacking is supported on E-Series ExaScale ex with FTOS 8.2.1.0. and later.

Commands
The commands included are: dei enable dei honor dei mark member show interface dei-honor show interface dei-mark vlan-stack access vlan-stack compatible vlan-stack dot1p-mapping vlan-stack protocol-type vlan-stack trunk

For information on basic VLAN commands, see Virtual LAN (VLAN) Commands in the chapter Layer 2.

Important Points to Remember

If Spanning Tree Protocol (STP) is not enabled across the Stackable VLAN network, STP BPDUs from the customers networks are tunneled across the Stackable VLAN network. If STP is enabled across the Stackable VLAN network, STP BPDUs from the customers networks are consumed and not tunneled across the Stackable VLAN network unless protocol tunneling is enabled. Note: For details on protocol tunneling on the E-Series, see Chapter 52, Service Provider Bridging. Publication Date: July 20, 2011 1569

Command Line Reference for FTOS version 8.4.2.4

dei enable

Layer 3 protocols are not supported on a Stackable VLAN network. Assigning an IP address to a Stackable VLAN is supported when all the members are only Stackable VLAN trunk ports. IP addresses on a Stackable VLAN-enabled VLAN is not supported if the VLAN contains Stackable VLAN access ports. This facility is provided for SNMP management over a Stackable VLAN enabled VLAN containing only Stackable VLAN trunk interfaces. Layer 3 routing protocols on such a VLAN are not supported. It is recommended that you do not use the same MAC address, on different customer VLANs, on the same Stackable VLAN. Interfaces configured using Stackable VLAN access or Stackable VLAN trunk commands will not switch traffic for the default VLAN. These interfaces will switch traffic only when they are added to a non-default VLAN. Starting with FTOS 7.8.1 for C-Series and S-Series (FTOS 7.7.1 for E-Series, 8.2.1.0 for E-Series ExaScale), a vlan-stack trunk port is also allowed to be configured as a tagged port and as an untagged port for single-tagged VLANs. When the vlan-stack trunk port is also a member of an untagged vlan, the port should be in hybrid mode. See portmode hybrid.

dei enable
cs
Syntax Defaults Command Mode Command History

Make packets eligible for dropping based on their DEI value. dei enable Packets are colored green; no packets are dropped. CONFIGURATION
Version 8.3.1.0 Introduced on C-Series and S-Series.

dei honor
cs
Syntax Parameters

Honor the incoming DEI value by mapping it to an FTOS drop precedence. You may enter the command once for 0 and once for 1. dei honor {0 | 1} {green | red | yellow} 0|1 green | red | yellow Enter the bit value you want to map to a color.
Choose a color:

Green: High priority packets that are the least preferred to be dropped. Yellow: Lower priority packets that are treated as best-effort. Red: Lowest priority packets that are always dropped (regardless of congestion status).

Defaults

Disabled; Packets with an unmapped DEI value are colored green.

1570

VLAN Stacking

dei mark

Command Mode Command History Usage Information Related Commands

INTERFACE
Version 8.3.1.0 Introduced on C-Series and S-Series.

You must first enable DEI for this configuration to take effect.

dei enable

dei mark
cs
Syntax Parameters

Set the DEI value on egress according to the color currently assigned to the packet. dei mark {green | yellow} {0 | 1} 0|1 green | yellow Enter the bit value you want to map to a color.
Choose a color:

Green: High priority packets that are the least preferred to be dropped. Yellow: Lower priority packets that are treated as best-effort.

Defaults Command Mode Command History Usage Information Related Commands

All the packets on egress will be marked with DEI 0. INTERFACE

Version 8.3.1.0 Introduced on C-Series and S-Series.

You must first enable DEI for this configuration to take effect.

dei enable

member
ces
Syntax

Assign a Stackable VLAN access or trunk port to a VLAN. The VLAN must contain the vlan-stack compatible command in its configuration. member interface To remove an interface from a Stackable VLAN, use the no member interface command.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1571

show interface dei-honor

Parameters

interface

Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Defaults Command Mode Command History

Not configured. CONF-IF-VLAN

Version 8.2.1.0 Version 7.6.1.0 Introduced on the E-Series ExaScale Support added for C-Series and S-Series

E-Series original Command Usage Information Related Commands

You must enable the Stackable VLAN (using the vlan-stack compatible command) on the VLAN prior to adding a member to the VLAN.
vlan-stack compatible Enable Stackable VLAN on a VLAN.

show interface dei-honor

cs
Syntax Parameters

Display the dei honor configuration. show interface dei-honor [interface slot/port | linecard number port-set number] interface slot/port linecard number port-set number Enter the interface type followed by the line card slot and port number.
Enter linecard followed by the line card slot number, then enter port-set followed by the port-pipe number.

Command Mode Command History Example

EXEC Privilege
Version 8.3.1.0 Introduced on C-Series and S-Series.

Force10#show interface dei-honor Default Drop precedence: Green Interface CFI/DEI Drop precedence ------------------------------------------------------------Gi 0/1 0 Green Gi 0/1 1 Yellow Gi 8/9 1 Red Gi 8/40 0 Yellow

1572

VLAN Stacking

show interface dei-mark

Related Commands

dei honor

show interface dei-mark

cs
Syntax Parameters

Display the dei mark configuration. show interface dei-mark [interface slot/port | linecard number port-set number] interface slot/port linecard number port-set number Enter the interface type followed by the line card slot and port number.
Enter linecard followed by the line card slot number, then enter port-set followed by the port-pipe number.

Command Mode Command History Example

EXEC Privilege
Version 8.3.1.0 Introduced on C-Series and S-Series.

Force10#show interface dei-mark Default CFI/DEI Marking: 0 Interface Drop precedence CFI/DEI -----------------------------------------------Gi 0/1 Green 0 Gi 0/1 Yellow 1 Gi 8/9 Yellow 0 Gi 8/40 Yellow 0

Related Commands

dei mark

vlan-stack access
ces
Syntax

Specify a Layer 2 port or port channel as an access port to the Stackable VLAN network. vlan-stack access To remove access port designation, enter no vlan-stack access.

Defaults Command Modes Command History

Not configured. INTERFACE

Version 8.2.1.0 Version 7.6.1.0 Introduced on the E-Series ExaScale Support added for C-Series and S-Series

E-Series original Command

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1573

vlan-stack compatible Prior to enabling this command, you must enter the switchport command to place the interface in Layer 2 mode. To remove the access port designation, the port must be removed (using the no member interface command) from all Stackable VLAN enabled VLANs.

Usage Information

vlan-stack compatible
ces
Syntax

Enable the Stackable VLAN feature on a VLAN. vlan-stack compatible To disable the Stackable VLAN feature on a VLAN, enter no vlan-stack compatible.

Defaults Command Modes Command History

Not configured. CONF-IF-VLAN

Version 8.2.1.0 Version 7.6.1.0 Introduced on the E-Series ExaScale Support added for C-Series and S-Series

E-Series original Command Usage Information

You must remove the members prior to disabling the Stackable VLAN feature. To view the Stackable VLANs, use the show vlan command in the EXEC Privilege mode. Stackable VLANs contain members, designated by the M in the Q column of the command output.

1574

VLAN Stacking

vlan-stack dot1p-mapping

Figure 544 show vlan Command Example with Stackable VLANs

Force10#show vlan Codes: * - Default VLAN, G - GVRP VLANs * NUM 1 2 3 4 5 Force10# Status Inactive Active Active Active Active Q Ports M M M M M M M M M M M Gi 13/13 Gi 13/0-2 Po1(Gi 13/14-15) Gi 13/18 Gi 13/3 Po1(Gi 13/14-15) Gi 13/18 Gi 13/4 Po1(Gi 13/14-15) Gi 13/18 Gi 13/5

vlan-stack dot1p-mapping
cs
Map C-Tag dot1p values to a S-Tag dot1p value. C-Tag values may be separated by commas, and dashed ranges are permitted. Dynamic Mode CoS overrides any Layer 2 QoS configuration in case of conflicts.
vlan-stack dot1p-mapping c-tag-dot1p values sp-tag-dot1p value

Syntax Parameters

c-tag-dot1p value

Enter the keyword followed by the customer dot1p value that will be mapped to a service provider do1p value. Range: 0-7 Enter the keyword followed by the service provider dot1p value. Range: 0-7

sp-tag-dot1p value

Defaults Command Modes Command History

None INTERFACE
Version 8.3.1.0 Introduced on C-Series and S-Series.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1575

vlan-stack protocol-type

vlan-stack protocol-type
ces
Syntax Parameters

Define the Stackable VLAN Tag Protocol Identifier (TPID) for the outer VLAN tag (also called the VMAN tag). If you do not configure this command, FTOS assigns the value 0x9100. vlan-stack protocol-type number number
Enter the hexadecimal number as the Stackable VLAN tag. On the E-Series: FTOS accepts the Most Significant Byte (MSB) and then appends zeros for the Least Significant Byte (LSB). On the C-Series and S-Series: You may specify both bytes of the 2-byte S-Tag TPID. E-Series Range: 0-FF C-Series and S-Series Range: 0-FFFF Default: 9100

Defaults Command Modes Command History

0x9100 CONFIGURATION
Version 8.2.1.0 Version 8.2.1.0 Version 7.6.1.0 Introduced on the E-Series ExaScale. C-Series and S-Series accept both bytes of the 2-byte S-Tag TPID. Introduced on the E-Series ExaScale Support added for C-Series and S-Series

E-Series original Command Usage Information

See the FTOS Configuration Guide for specific interoperability limitations regarding the S-Tag TPID. On E-Series TeraScale, the two characters you enter in the CLI for number become the MSB, as shown in Table 153. Table 153 Configuring a TPID on the E-Series TeraScale number
1 10 More than two characters. Resulting TPID 0x0100 0x1000 Configuration rejected.

On E-Series ExaScale, C-Series, and S-Series, four characters you enter in the CLI for number are interpreted as follows: Table 154 Configuring a TPID on the E-Series TeraScale number
1 10 81 8100 Resulting TPID 0x0001 0x0010 0x0081 0x8100

1576

VLAN Stacking

vlan-stack trunk

Related Commands

portmode hybrid vlan-stack trunk

Set a port (physical ports only) to accept both tagged and untagged frames. A port configured this way is identified as a hybrid port in report displays. Specify a Layer 2 port or port channel as a trunk port to the Stackable VLAN network.

vlan-stack trunk
ces
Syntax

Specify a Layer 2 port or port channel as a trunk port to the Stackable VLAN network. vlan-stack trunk To remove a trunk port designation from the selected interface, enter no vlan-stack trunk.

Defaults Command Modes Command History

Not configured. INTERFACE

Version 8.2.1.0 Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0 Introduced on the E-Series ExaScale Functionality augmented for C-Series and S-Series to enable multi-purpose use of the port. See Usage Information, below. Functionality augmented for E-Series to enable multi-purpose use of the port. See Usage Information, below. Introduced for C-Series and S-Series

E-Series original Command Usage Information

Prior to using this command, you must execute the switchport command to place the interface in Layer 2 mode. To remove the trunk port designation, the port must first be removed (using the no member interface command) from all Stackable VLAN-enabled VLANs. Starting with FTOS 7.7.1.0 for E-Series, the VLAN-Stack trunk port can transparently tunnel, in a service provider environment, customer-originated xSTP control protocol PDUs. See Chapter 52, Service Provider Bridging. Starting with FTOS 7.8.1.0 for C-Series and S-Series (FTOS 7.7.1 for E-Series), a VLAN-Stack trunk port is also allowed to be configured as a tagged port and as an untagged port for single-tagged VLANs. When the VLAN-Stack trunk port is also a member of an untagged VLAN, the port should be in hybrid mode. See portmode hybrid. In Example 1 below .a VLAN-Stack trunk port is configured and then also made part of a single-tagged VLAN. In Example 2 below, the Tag Protocol Identifier (TPID) is set to 8848. The Gi 3/10 port is configured to act as a VLAN-Stack access port, while the TenGi 8/0 port will act as a VLAN-Stack trunk port, switching Stackable VLAN traffic for VLAN 10, while also switching untagged traffic for VLAN 30 and tagged traffic for VLAN 40. (To allow VLAN 30 traffic, the native VLAN feature is required, by executing the portmode hybrid command. See portmode hybrid in Interfaces.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1577

vlan-stack trunk

Example 1

Figure 545 Adding a Stackable VLAN Trunk Port to a Tagged VLAN

Force10(conf-if-gi-0/42)#switchport Force10(conf-if-gi-0/42)#vlan-stack trunk Force10(conf-if-gi-0/42)#show config ! interface GigabitEthernet 0/42 no ip address switchport vlan-stack trunk no shutdown Force10(conf-if-gi-0/42)#interface vlan 100 Force10(conf-if-vl-100)#vlan-stack compatible Force10(conf-if-vl-100-stack)#member gigabitethernet 0/42 Force10(conf-if-vl-100-stack)#show config ! interface Vlan 100 no ip address vlan-stack compatible member GigabitEthernet 0/42 shutdown Force10(conf-if-vl-100-stack)#interface vlan 20 Force10(conf-if-vl-20)#tagged gigabitethernet 0/42 Force10(conf-if-vl-20)#show config ! interface Vlan 20 no ip address tagged GigabitEthernet 0/42 shutdown Force10(conf-if-vl-20)#do show vlan Codes: Q: U x G * * - Default VLAN, G - GVRP VLANs Untagged, T - Tagged Dot1x untagged, X - Dot1x tagged GVRP tagged, M - Vlan-stack Q Ports T Gi 0/42 M Gi 0/42

NUM Status Description 1 Inactive 20 Active 100 Active Force10(conf-if-vl-20)#

Example 2

Figure 546 Adding a Stackable VLAN Trunk Port to Tagged and Untagged VLANs
Force10(config)#vlan-stack protocol-type 88A8 Force10(config)#interface gigabitethernet 3/10 Force10(conf-if-gi-3/10)#no shutdown Force10(conf-if-gi-3/10)#switchport Force10(conf-if-gi-3/10)#vlan-stack access Force10(conf-if-gi-3/10)#exit Force10(config)#interface tenGigabitethernet 8/0 Force10(conf-if-te-10/0)#no shutdown Force10(conf-if-te-10/0)#portmode hybrid Force10(conf-if-te-10/0)#switchport Force10(conf-if-te-10/0)#vlan-stack trunk Force10(conf-if-te-10/0)#exit Force10(config)#interface vlan 10 Force10(conf-if-vlan)#vlan-stack compatible Force10(conf-if-vlan)#member Gi 7/0, Gi 3/10, TenGi 8/0 Force10(conf-if-vlan)#exit Force10(config)#interface vlan 30 Force10(conf-if-vlan)#untagged TenGi 8/0 Force10(conf-if-vlan)#exit Force10(config)# Force10(config)#interface vlan 40 Force10(conf-if-vlan)#tagged TenGi 8/0 Force10(conf-if-vlan)#exit Force10(config)#

1578

VLAN Stacking

Chapter 62

Virtual Routing and Forwarding (VRF)

Overview
Virtual Routing and Forwarding (VRF) allows multiple instances of a routing table to co-exist on the same router at the same time. Virtual Routing and Forwarding (VRF) is supported on the E-Series TeraScale and ExaScale platforms. This is noted in the Command History fields and by the symbol under the command headings: e

Commands
cam-profile (E-Series Exascale only) cam-profile ipv4-vrf (E-Series Terascale only) cam-profile ipv4-v6-vrf (E-Series Terascale only) ip vrf ip vrf forwarding ip vrf-vlan-block show ip vrf show run vrf start-vlan-id

cam-profile
ex
Syntax Parameters

(E-Series Exascale only) Set the VRF CAM size. The default CAM size is 40M which supports both IPv4 and IPv6. You can also configure 10M CAM which supports only IPv4. cam-profile name [10M-CAM] name
10M-CAM Enter the name for the VRF CAM profile. Maximum: 16 characters. Set the CAM size to 10M.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1579

cam-profile

Command Modes Command History Example

CONFIGURATION
Version 8.2.1.0 Introduced on the E-Series Exascale.

Force10(conf)#cam-profile test Force10(conf-cam-prof-test)#microcode vrf Force10(conf-cam-prof-test)#enable CAM profile 'abc' is currently enabled. Do you want to disable it and continue? [yes/no]: y Updating the cam-profile will need a chassis reboot. System configuration has been modified. Save? [yes/no]: y Nov 3 21:57:27: %RPM0-P:CP %FILEMGR-5-FILESAVED: Copied running-config to startup-config in flash by default Synchronizing data to peer RPM !!!!! Proceed with reload [confirm yes/no]: y Reload the system after setting the CAM Profile. Force10# show cam-profile -- Chassis CAM Profile -CamSize : : Profile Name : Microcode Name : L2FIB : Learn : L2ACL : System Flow : Qos : Frrp : L2pt : IPv4FIB : IPv4ACL : IPv4Flow : Mcast Fib/Acl : Pbr : Qos : System Flow : EgL2ACL : EgIpv4ACL : Mpls : IPv6FIB : IPv6ACL : IPv6Flow : Mcast Fib/Acl : Pbr : Qos : System Flow : EgIpv6ACL : GenEgACL : IPv4FHOP : IPv6FHOP : IPv4/IPv6NHOP : 40-Meg Current Settings test VRF 15K entries 1K entries 5K entries 102 entries 500 entries 102 entries 266 entries 256K entries 16K entries 24K entries 9K entries 1K entries 10K entries 4K entries 2K entries 4K entries 60K entries 12K entries 6K entries 6K entries 3K entries 0K entries 1K entries 2K entries 1K entries 0.5K entries 4K entries 4K entries 12K entries

Usage Information Related Commands

After you set the CAM size on an Exascale platform, you must select and enable VRF microcode, and reload the system to activate the CAM profile (see the example above).
cam-profile ipv4-v6-vrf

Set the VRF CAM profile for IPv4 and IPv6 on the E-Series Terascale.

1580

Virtual Routing and Forwarding (VRF)

cam-profile ipv4-vrf

cam-profile ipv4-vrf
et
Syntax Command Modes Command History Example
Force10(conf)#cam-profile ipv4-vrf microcode ipv4-vrf Force10(conf)#do reload Must reload the system after setting the CAM Profile. -- Chassis CAM Profile -CamSize Profile Name L2FIB L2ACL IPv4FIB IPv4ACL IPv4Flow EgL2ACL EgIPv4ACL Reserved IPv6FIB IPv6ACL IPv6Flow EgIPv6ACL MicroCode Name : : : : : : : : : : : : : : : : 18-Meg Current Settings ipv4-vrf 32K entries 3K entries 160K entries 2K entries 12K entries 1K entries 12K entries 2K entries 0 entries 0 entries 0 entries 0 entries Ipv4-Vrf : : : : : : : : : : : : : : : Next Boot ipv4-vrf 32K entries 3K entries 160K entries 2K entries 12K entries 1K entries 12K entries 2K entries 0 entries 0 entries 0 entries 0 entries Ipv4-Vrf

(E-Series Terascale only) Set the VRF CAM profile for IPv4 only. cam-profile ipv4-vrf microcode ipv4-vrf CONFIGURATION
Version 8.2.1.0 Introduced on the E-Series Terascale.

-- Line card 1 - per Port Pipe -CamSize : 18-Meg : Current Settings Profile Name : ipv4-vrf L2FIB : 32K entries L2ACL : 3K entries IPv4FIB : 160K entries IPv4ACL : 2K entries IPv4Flow : 12K entries EgL2ACL : 1K entries EgIPv4ACL : 12K entries Reserved : 2K entries IPv6FIB : 0 entries IPv6ACL : 0 entries IPv6Flow : 0 entries EgIPv6ACL : 0 entries MicroCode Name : Ipv4-Vrf Force10(conf)#

: : : : : : : : : : : : : : :

Next Boot ipv4-vrf 32K entries 3K entries 160K entries 2K entries 12K entries 1K entries 12K entries 2K entries 0 entries 0 entries 0 entries 0 entries Ipv4-Vrf

Usage Information

Reload the system after entering this command to activate the CAM profile. Do not use this command in EXEC Privilege mode.

Related Commands

cam-profile ipv4-v6-vrf

Set the VRF CAM profile for IPv4 and IPv6 on the E-Series Terascale.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1581

cam-profile ipv4-v6-vrf

cam-profile ipv4-v6-vrf
et
Syntax Command Modes Command History Example
Force10(conf)#cam-profile ipv4-v6-vrf microcode ipv4-v6-vrf Force10(conf)#do reload Must reload the system after setting the CAM Profile Force10(conf)#do show cam-profile -- Chassis CAM Profile -CamSize Profile Name L2FIB L2ACL IPv4FIB IPv4ACL IPv4Flow EgL2ACL EgIPv4ACL Reserved IPv6FIB IPv6ACL IPv6Flow EgIPv6ACL MicroCode Name : : : : : : : : : : : : : : : : 18-Meg Current Settings ipv4-v6-vrf 32K entries 3K entries 64K entries 1K entries 12K entries 1K entries 11K entries 2K entries 18K entries 4K entries 3K entries 1K entries Ipv4-V6-Vrf : : : : : : : : : : : : : : : Next Boot ipv4-v6-vrf 32K entries 3K entries 64K entries 1K entries 12K entries 1K entries 11K entries 2K entries 18K entries 4K entries 3K entries 1K entries Ipv4-V6-Vrf

(E-Series Terascale only) Set the VRF CAM profile for IPv4 and IPv6. cam-profile ipv4-v6-vrf microcode ipv4-v6-vrf CONFIGURATION
Version 8.2.1.0 Introduced on the E-Series Terascale.

-- Line card 1 - per Port Pipe -CamSize : 18-Meg : Current Settings Profile Name : ipv4-v6-vrf L2FIB : 32K entries L2ACL : 3K entries IPv4FIB : 64K entries IPv4ACL : 1K entries IPv4Flow : 12K entries EgL2ACL : 1K entries EgIPv4ACL : 11K entries Reserved : 2K entries IPv6FIB : 18K entries IPv6ACL : 4K entries IPv6Flow : 3K entries EgIPv6ACL : 1K entries MicroCode Name : Ipv4-V6-Vrf Force10(conf)#

: : : : : : : : : : : : : : :

Next Boot ipv4-v6-vrf 32K entries 3K entries 64K entries 1K entries 12K entries 1K entries 11K entries 2K entries 18K entries 4K entries 3K entries 1K entries Ipv4-V6-Vrf

Usage Information Related Commands

Reload the systems after entering this command to activate the CAM profile.

cam-profile ipv4-vrf

Set the VRF CAM profile for IPv4 only.

1582

Virtual Routing and Forwarding (VRF)

cam-profile ipv4-vrf

cam-profile ipv4-vrf
e
Syntax Command Modes Command History Example
Force10(conf)#cam-profile ipv4-vrf microcode ipv4-vrf Force10(conf)#do reload Must reload the system after setting the CAM Profile. -- Chassis CAM Profile -CamSize Profile Name L2FIB L2ACL IPv4FIB IPv4ACL IPv4Flow EgL2ACL EgIPv4ACL Reserved IPv6FIB IPv6ACL IPv6Flow EgIPv6ACL MicroCode Name : : : : : : : : : : : : : : : : 18-Meg Current Settings ipv4-vrf 32K entries 3K entries 160K entries 2K entries 12K entries 1K entries 12K entries 2K entries 0 entries 0 entries 0 entries 0 entries Ipv4-Vrf : : : : : : : : : : : : : : : Next Boot ipv4-vrf 32K entries 3K entries 160K entries 2K entries 12K entries 1K entries 12K entries 2K entries 0 entries 0 entries 0 entries 0 entries Ipv4-Vrf

(E-Series Exascale only) Set the VRF CAM profile for IPv4 only. cam-profile ipv4-vrf microcode ipv4-vrf CONFIGURATION
Version 8.2.1.0 Introduced on the E-Series

: : : : : : : : : : : : : : :

Next Boot ipv4-vrf 32K entries 3K entries 160K entries 2K entries 12K entries 1K entries 12K entries 2K entries 0 entries 0 entries 0 entries 0 entries Ipv4-Vrf

Usage Information

Reload the system after entering this command to activate this CAM profile. Do not use this command in EXEC Privilege mode.

Related Commands

cam-profile ipv4-v6-vrf

Set the VRF CAM Profile for IPv4 and IPv6.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1583

ip vrf

ip vrf
e
Create a non-default VRF instance by specifying the VRF name and ID.

Note: Starting in FTOS 8.4.2.1, when VRF microcode is loaded on an E-Series ExaScale or TeraScale router, the ip vrf {default-vlan | vrf-name} command is deprecated, and is replaced by the ip vrf vrf-name vrf-id command.
Syntax

ip vrf vrf-name vrf-id To remove a VRF, enter no ip vrf vrf-name.

Parameters

vrf-name vrf-id

Enter the name of the VRF instance. Maximum: 32 characters. Enter the VRF ID number. VRF ID range: 1 to 14 and 0 (default VRF)

Command Modes Command History

CONFIGURATION
Version 8.4.2.1 Version 8.2.1.0 The ip vrf {default-vlan | vrf-name} is deprecated and replaced by the ip vrf vrf-name vrf-id command. Introduced on the E-Series

Example
Force10(conf)#ip vrf East Force10(conf-vr-East)#exit ! Force10(conf)#ip vrf default-vrf Force10(conf-vr-default-vrf)# Named VRF Instance East Default VRF Instance You must enter the name default-vrf to implement it.

Usage Information

VRF is enabled by default. The default VRF 0 is automatically configured when a router with VRF loaded in CAM boots up. FTOS supports up to 15 VRF instances on an E-Series router: 1 to 14 and the default VRF 0.

1584

Virtual Routing and Forwarding (VRF)

ip vrf forwarding

ip vrf forwarding
e
Syntax Parameters

Assign this interface to the VLAN specified. ip vrf forwarding vrf-name vrf-name
Enter the name of the VRF instance to which this interface will belong. If no name is entered, default-vrf is assigned.

Command Modes Command History Usage Information

INTERFACE
Version 8.2.1.0 Introduced on the E-Series

There must be no prior Layer 3 configuration on the interface when configuring VRF. VRF must be enabled prior to implementing this command. Starting in release 8.4.1.0, you can configure an IP subnet or address on a physical or VLAN interface that overlaps the same IP subnet or address configured on another interface only if the interfaces are assigned to different VRFs. If two interfaces are assigned to the same VRF, you cannot configure overlapping IP subnets or the same IP address on them.

Example
Force10(conf-if-gi-1/1)#int gi 1/10 Force10(conf-if-gi-1/10)#show config ! No configuration on interface GigabitEthernet 1/10 this interface no ip address shutdown Force10(conf-if-gi-1/10)# Force10(conf-if-gi-1/10)#ip vrf ? Force10(conf-if-gi-1/10)#ip vrf forwarding East Force10(conf-if-gi-1/10)#show config ! interface GigabitEthernet 1/10 ip vrf forwarding East no ip address shutdown Force10(conf-if-gi-1/10)#

Related Commands

ip vrf ip vrf-vlan-block start-vlan-id

Set the name of the VRF instance the VRF, or specify the default-vrf.

Configure the total number of VLANs that can be configured per VRF. Set the starting VLAN ID for a VRF instance.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1585

ip vrf-vlan-block

ip vrf-vlan-block
e
Configure the total number of VLANs that can be configured per VRF. Note: Starting in FTOS 8.4.2.1, when VRF microcode is loaded on an E-Series ExaScale or TeraScale router, the ip vrf-vlan-block number command is deprecated.
Syntax

ip vrf-vlan-block number To remove the VLAN block configuration, enter no vrf-vlan-block.

Parameters

number

Total number of VLANs allotted for VRF instances. Expressed in power of 2 (2, 4, 8, 16, 32, 64, 128, 256, 512, 1024, 2048, 4096)

Command Modes Command History

CONFIGURATION
Version 8.4.2.1 Version 8.2.1.0 The ip vrf-vlan-block number command is deprecated. Introduced on the E-Series

Example
Force10#conf Force10(conf)#ip vrf-vlan-block 1024 Force10(conf)# Enter the number as a power of 2.

Usage Information

The total block number of VLANs applies to every configured VRF process. You cannot set different blocks for different VRF processes. All VLAN member ports must be removed from the VLAN before the VLAN is deleted from a VRF instance.

Related Commands

start-vlan-id

Set the starting VLAN ID for a VRF instance.

1586

Virtual Routing and Forwarding (VRF)

show ip vrf

show ip vrf
e
Syntax Parameters

Display the interfaces assigned to VRF instances. show ip vrf [vrf-name] vrf-name
Enter the name of a non-default VRF instance. To display information on all VRF instances (including the default VRF 0), do not enter a value.

Command Modes Command History Example

EXEC
Version 8.2.1.0 Introduced on the E-Series

Force10#show ip vrf VRF-Name

VRF-ID Interfaces

default-vrf 0 So 0/0 So 0/1 So 0/2 So 0/3 Gi 1/0 Gi 1/1 Gi 1/2 Gi 1/3 Gi 1/4 Gi 1/6 Gi 1/7 Gi 1/8 Gi 1/9 Gi 1/11 Gi 1/12 Gi 1/13 Gi 1/14 Gi 1/15 Gi 1/16 Gi 1/17 Gi 1/18 Gi 1/19 Gi 1/20 Gi 1/21 Gi 1/22 Gi 1/23 Gi 1/24 Gi 1/25 Gi 1/26 Gi 1/27 Gi 1/28 Gi 1/29 Gi 1/30 Gi 1/31 Gi 1/32 Gi 1/33 Gi 1/34 Gi 1/ 35 Gi 1/36 Gi 1/37 Gi 1/38 Gi 1/39 Gi 1/40 Gi 1/41 Gi 1/42 Gi 1/43 Gi 1/44 Gi 1/45 Gi 1/46 Gi 1/47 Ma 0/0 Ma 1/0 Nu 0 Vl 1 Vl 100 Vl 111 Vl 112 East 1 Gi 1/10 North 2 Gi 1/5 West 3

show run vrf

e
Syntax Parameters

View information about the current running VRF instances. show run vrf [vrf-name] vrf-name
Enter the name of the VRF instance you want to view. <CR> displays information on the default-vrf.

Command Modes Command History Example

EXEC
Version 8.2.1.0 Introduced on the E-Series

Force10#show run vrf ! ip vrf default-vrf start-vlan-id 32 ! ip vrf East start-vlan-id 1 ! ip vrf North ! ip vrf West start-vlan-id 96 Force10#

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1587

start-vlan-id

start-vlan-id
e
Set the starting VLAN ID for a VRF instance. Note: Starting in FTOS 8.4.2.1, when VRF microcode is loaded on an E-Series ExaScale or TeraScale router, the start vlan-id vlan-start-id command is deprecated.
Syntax Parameters

start-vlan-id vlan-start-id vlan-start-id

The starting VLAN ID number for this VRF instance. The system takes this number and adds up the number of VLANs assigned in ip-vrf-vlan-block to set the start and end range for the VRF VLANs.

Command Modes Command History

CONFIGURATION-VRF
Version 8.4.2.1 Version 8.2.1.0 The start vrf-vlan-id vlan-start-id command is deprecated. Introduced on the E-Series

Example
Force10(conf)#ip vrf default-vrf Force10(conf-vr-default-vrf)#start-vlan-id 32 Force10(conf-vr-default-vrf)# ! Force10(conf-vr-default-vrf)#ip vrf East Force10(conf-vr-East)#start-vlan-id 1 Force10(conf-vr-East)#ip vrf West ! Force10(conf-vr-West)#start-vlan-id 96 Force10(conf-vr-West)#

Usage Information

If a given VLAN is not in the range of any VRF, no VRF command can be configured for that VLAN. All VLAN member ports must be removed from the VLAN before the VLAN is deleted from a VRF instance. This also applies when moving a VLAN from one VRF to another: delete all member ports, then delete the VLAN prior to adding it to another VRF.

Related Commands

ip vrf forwarding ip vrf-vlan-block show run vrf

Assign this interface to the VLAN specified. Configure the total number of VLANs that can be configured per VRF. View information about the current running VRF instances.

1588

Virtual Routing and Forwarding (VRF)

Chapter 63

Virtual Router Redundancy Protocol (VRRP)

Virtual Router Redundancy Protocol (VRRP) is available on platforms: c e s IPv6 VRRP (VRRP version 3) is available on platforms: c e s

Overview
This chapter has the following sections: IPv4 VRRP Commands on page 1589 IPv6 VRRP Commands on page 1604

IPv4 VRRP Commands

The IPv4 VRRP commands are: advertise-interval authentication-type clear counters vrrp debug vrrp description disable hold-time preempt priority show config show vrrp track virtual-address vrrp-group

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1589

advertise-interval

advertise-interval
ces
Syntax Parameters

Set the time interval between VRRP advertisements. advertise-interval time time
Enter a number of in seconds for IPv4 or centiseconds for IPv6. Range: 1 to 255, in increments of 25 for IPv6. IPv4 Default: 1 second. IPv6 Default: 100 centiseconds

Defaults Command Modes Command History

1 second for IPv4 and 100 centiseconds for IPv6 INTERFACE-VRRP

Version 8.3.2.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Introduced for IPv6 on E-Series TeraScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

Force10 Networks recommends that you keep the default setting for this command. If you do change the time interval between VRRP advertisements on one router, you must change it on all routers.

authentication-type
ces
Syntax Parameters

Enable authentication of VRRP data exchanges. authentication-type simple [encryption-type] password simple encryption-type
Enter the keyword simple to specify simple authentication. (OPTIONAL) Enter one of the following numbers: 0 (zero) for an unencrypted (clear text) password 7 (seven) for hidden text password.

password

Enter a character string up to 8 characters long as a password. If you do not enter an encryption-type, the password is stored as clear text.

Defaults Command Modes Command History

Not configured. VRRP

Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Introduced on S-Series Introduced on C-Series Introduced on E-Series

1590

Virtual Router Redundancy Protocol (VRRP)

clear counters vrrp

Usage Information

The password is displayed in the show config output if the encryption-type is unencrypted or clear text. If you choose to encrypt the password, the show config displays an encrypted text string.

clear counters vrrp

ces
Syntax Parameters

Clear the counters recorded for IPv4 VRRP operations. clear counters vrrp [vrid | vrf instance ] vrid vrf instance
(OPTIONAL) Enter the number of the VRRP group ID. Range: 1 to 255 (OPTIONAL) E-Series only: Enter the name of a VRF instance (32 characters maximum) to clear the counters of all VRRP groups in the specified VRF.

Command Modes Command History

EXEC Privilege
Version 8.4.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Support was added for VRRP groups in non-default VRF instances. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1591

debug vrrp

debug vrrp
ce
Syntax Parameters

Allows you to enable debugging of IPv4 VRRP. debug vrrp interface [vrid] {all | packets | state | timer} interface
Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN interface, enter the keyword vlan followed by the VLAN ID. The VLAN ID range is from 1 to 4094.

vrid all bfd packets state timer

Command Modes Command History

(OPTIONAL) Enter a number from 1 to 255 as the VRRP group ID. Enter the keyword all to enable debugging of all VRRP groups. Enter the keyword bfd to enable debugging of all VFFP BFD interactions Enter the keyword packets to enable debugging of VRRP control packets. Enter the keyword state to enable debugging of VRRP state changes. Enter the keyword timer to enable debugging of the VRRP timer.

EXEC Privilege
Version 7.5.1.0 pre-Version 6.2.1.1 Introduced on C-Series Introduced on E-Series

Usage Information

If no options are specified, debug is active on all interfaces and all VRRP groups.

1592

Virtual Router Redundancy Protocol (VRRP)

description

description
ces
Syntax Parameters

Configure a short text string describing the VRRP group. description text text Not enabled. VRRP
Version 8.3.2.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Introduced for IPv6 on E-Series TeraScale Introduced on S-Series Introduced on C-Series Introduced on E-Series Enter a text string up to 80 characters long.

Defaults Command Modes Command History

disable
ces
Syntax Defaults

Disable a VRRP group. disable C and S-Series default: VRRP is enabled. E-Series default: VRRP is disabled.

Command Modes Command History

VRRP
Version 8.3.2.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Introduced for IPv6 on E-Series TeraScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information Related Commands

To enable VRRP traffic, assign an IP address to the VRRP group using the virtual-address command and enter no disable.
virtual-address Specify the IP address of the Virtual Router.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1593

hold-time

hold-time
ces
Syntax Parameters

Specify a delay (in seconds) before a switch becomes the MASTER virtual router. By delaying the initialization of the VRRP MASTER, the new switch can stabilize its routing tables. hold-time time time
Enter a number of seconds for IPv4 or centiseconds for IPv6. Range: 0 to 65535, in multiples of 25 for IPv6 Default: 0

Defaults Command Modes Command History

zero (0) seconds VRRP

Version 8.3.2.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Introduced for IPv6 on E-Series TeraScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information Related Commands

If a switch is a MASTER and you change the hold timer, you must disable and re-enable VRRP for the new hold timer value to take effect.
disable Disable a VRRP group.

preempt
ces
Syntax Defaults Command Modes Command History

Permit a BACKUP router with a higher priority value to preempt or become the MASTER router. preempt Enabled (that is, a BACKUP router can preempt the MASTER router). VRRP
Version 8.3.2.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Introduced for IPv6 on E-Series TeraScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

1594

Virtual Router Redundancy Protocol (VRRP)

priority

priority
ces
Syntax Parameters

Specify a VRRP priority value for the VRRP group. This value is used by the VRRP protocol during the MASTER election process. priority priority priority
Enter a number as the priority. Enter 255 only if the routers virtual address is the same as the interfaces primary IP address (that is, the router is the OWNER). Range: 1 to 255. Default: 100.

Defaults Command Modes Command History

100 VRRP
Version 8.3.2.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Introduced for IPv6 on E-Series TeraScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

To guarantee that a VRRP group becomes MASTER, configure the VRRP groups virtual address with same IP address as the interfaces primary IP address and change the priority of the VRRP group to 255. If you set the priority to 255 and the virtual-address is not equal to the interfaces primary IP address, an error message appears.

show config
ces
Syntax Parameters

View the non-default VRRP configuration. show config [verbose] verbose

(OPTIONAL) Enter the keyword verbose to view all VRRP group configuration information, including defaults.

Command Modes Command History

VRRP
Version 8.3.2.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Introduced for IPv6 on E-Series TeraScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1595

show vrrp Figure 547 Command Example: show config

Force10(conf-if-vrid-4)#show config vrrp-group 4 virtual-address 119.192.182.124

Example

show vrrp
ces
Syntax Parameters

Display information on the IPv4 and IPv6 VRRP groups that are active. If no VRRP groups are active, the FTOS returns the message: No Active VRRP group. show vrrp [ipv6] [vrid] [vrf instance | interface] [brief] ipv6 vrid vrf instance
(OPTIONAL) Enter the keyword ipv6 to display information on IPv6 VRRP groups. (OPTIONAL) Enter a Virtual Router identifier to display information on only the specified VRRP group. Range: 1 to 255. (OPTIONAL) Enter the keyword vrf and the name of a VRF instance to display information only on VRRP groups in the specified VRF. If no VRF instance is entered, information on VRRP groups in all VRFs is displayed. (OPTIONAL) Enter any of the following keywords and slot/port or number: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series and S-Series Range: 1-128 E-Series Range: 1 to 32 for EtherScale, 1 to 255 for TeraScale and 1 to 512 for ExaScale. For SONET interfaces, enter the keyword sonet followed by the slot/port. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port. For a VLAN interface, enter the keyword vlan followed by the VLAN ID. The VLAN ID range is from 1 to 4094.

interface

brief

(OPTIONAL) E-Series only: Enter the keyword brief to display summary information on VRRP groups.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.4.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1

Support was added for displaying the VRRP groups in a non-default VRF instance. Introduced on S-Series Introduced on C-Series Introduced on E-Series

1596

Virtual Router Redundancy Protocol (VRRP)

show vrrp

Example

Figure 548 Command Example: show vrrp brief

Force10> show vrrp brief Interface Grp Pri Pre State Master addr Virtual addr(s) Description --------------------------------------------------------------------------------------------Gi 10/37 1 100 Y Master 200.200.200.200 200.200.200.201 Gi 10/37 2 100 Y Master 200.200.200.200 200.200.200.202 200.200.200.203 Gi 10/37 3 100 Y Master 1.1.1.1 1.1.1.2 Gi 10/37 4 100 Y Master 200.200.200.200 200.200.200.206 200.200.200.207 Gi 10/37 254 254 Y Master 200.200.200.200 200.200.200.204 200.200.200.205

Table 155 Command Example Description: show vrrp brief Item

Interface Grp Pri

Description
Lists the interface type, slot and port on which the VRRP group is configured. Displays the VRRP group ID. Displays the priority value assigned to the interface. If the track command is configured to track that interface and the interface is disabled, the cost is subtracted from the priority value assigned to the interface. States whether preempt is enabled on the interface. Y = Preempt is enabled. N = Preempt is not enabled.

Pre

State

Displays the operational state of the interface by using one of the following: NA/IF (the interface is not available). MASTER (the interface associated with the MASTER router). BACKUP (the interface associated with the BACKUP router).

Master addr Virtual addr(s)

Displays the IP address of the MASTER router. Displays the virtual IP addresses of the VRRP routers associated with the interface.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1597

show vrrp Figure 549 Command Example: show vrrp

Force10>show vrrp -----------------GigabitEthernet 12/3, VRID: 1, Net: 10.1.1.253 VRF: 0 default-vrf State: Master, Priority: 105, Master: 10.1.1.253 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Adv sent: 1862, Gratuitous ARP sent: 0 Virtual MAC address: 00:00:5e:00:01:01 Virtual IP address: 10.1.1.252 Authentication: (none) Tracking states for 1 interfaces: Up GigabitEthernet 12/17 priority-cost 10 -----------------GigabitEthernet 12/4, VRID: 2, Net: 10.1.2.253 VRF: 0 default-vrf State: Master, Priority: 110, Master: 10.1.2.253 (local) Hold Down: 10 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Adv sent: 1862, Gratuitous ARP sent: 0 Virtual MAC address: 00:00:5e:00:01:02 Virtual IP address: 10.1.2.252 Authentication: (none) Tracking states for 2 interfaces: Up GigabitEthernet 2/1 priority-cost 10 Up GigabitEthernet 12/17 priority-cost 10 -----------------GigabitEthernet 7/30, IPv6 VRID: 3, Version: 3, Net: fe80::201:e8ff:fe01:95cc VRF: 0 default-vrf State: Master, Priority: 100, Master: fe80::201:e8ff:fe01:95cc (local) Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec Accept Mode: FALSE, Master AdvInt: 100 centisec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 310 Virtual MAC address: 00:00:5e:00:02:01 Virtual IP address: 2007::1 fe80::1 Tracking states for 2 resource Ids: 2 - Up IPv6 route, 2040::/64, priority-cost 20, 00:02:11 3 - Up IPv6 route, 2050::/64, priority-cost 30, 00:02:11

1598

Virtual Router Redundancy Protocol (VRRP)

show vrrp

Table 156 Command Example Description: show vrrp Line Beginning with
GigabitEthernet ...

Description
Displays the Interface, the VRRP group ID, and the network address. If the interface is no sending VRRP packets, 0.0.0.0 appears as the network address.

VRF State: master...

VRF instance to which the interface (on which the VRRP group is configured) belongs Displays the interfaces state: Na/If (not available), master (MASTER virtual router) backup (BACKUP virtual router) the interfaces priority and the IP address of the MASTER.

Hold Down:...

This line displays additional VRRP configuration information:

Hold Down displays the hold down timer interval in seconds. Preempt displays TRUE if preempt is configured and FALSE if preempt
is not configured.

AdvInt displays the Advertise Interval in seconds. Adv rcvd displays the number of VRRP advertisements received on the
interface.

Adv rcvd:...

This line displays counters for the following:

Adv sent displays the number of VRRP advertisements sent on the

interface.

Gratuitous ARP sent displays the number of gratuitous ARPs sent.

Virtual MAC address Virtual IP address Authentication:... Tracking states...

Displays the virtual MAC address of the VRRP group. Displays the virtual IP address of the VRRP router to which the interface is connected. States whether authentication is configured for the VRRP group. If it is, the authentication type and the password are listed. Displays information on the tracked interfaces or objects configured for a VRRP group (track command), including: UP or DOWN state of the tracked interface or object (Up or Dn ) Interface type and slot/port or object number, description, and time since the last change in the state of the tracked object Cost to be subtracted from the VRRP group priority if the state of the tracked interface/object goes DOWN

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1599

track

track
ces
Monitor an interface or a configured object and, optionally, reconfigure the cost value subtracted from the VRRP group priority if the tracked interface or object goes down. You can assign up to 12 tracked interfaces and up to 20 tracked objects per virtual group. track {interface | object-id} [priority-cost cost] interface
Enter one of the following values: For a 1-Gigabit Ethernet interface, enter gigabitethernet slot-number/ port-number. For a Loopback interface, enter loopback number, where valid loopback interface numbers are from 0 to 16383. For a Port Channel interface, enter port-channel number, where valid port-channel numbers are: C-Series and S-Series: 1 to 128 E-Series: 1 to 32 for EtherScale; 1 to 255 for TeraScale; 1 to 512 for ExaScale. For SONET interfaces, enter sonet slot-number/port-number. For a 10-Gigabit Ethernet interface, enter tengigabitethernet slot-number/ port-number For a VLAN interface, enter vlan id-number, where valid VLAN IDs are from 1 to 4094.

Syntax Parameters

object-id

Enter the ID number of an object (for example, IPv4/IPv6 route or Layer 2/Layer 3 interface) configured with one of the track object-id commands. Range: 1 to 65535. (OPTIONAL) Enter a number as the cost amount to be subtracted from the VRRP priority value. Range: 1 to 254. Default: 10.

cost

Defaults Command Modes Command History

cost = 10 VRRP
Version 8.4.1.0 Version 8.3.2.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 Support for the object-id variable was added. Introduced for IPv6 on E-Series TeraScale Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

The sum of the costs of all tracked interfaces and objects cannot equal or exceed the priority of the VRRP group. If the VRRP group is configured as the Owner router (priority 255), tracking for the group is disabled, irrespective of the state of tracked interfaces and objects. The priority of the owner group always remains as 255 and does not change. If the specified interface or object goes down or is disabled, the cost value is subtracted from the priority value. As a result, a new MASTER election may occur if the resulting priority value is lower than the priority value in the BACKUP virtual routers.

1600

Virtual Router Redundancy Protocol (VRRP)

virtual-address

virtual-address
ces
Configure up to 12 IP addresses of virtual routers in the VRRP group. You must set at least one virtual address for the VRRP group to start sending VRRP packets. For IPv4 addresses multiple addresses can be entered in the same command line. For IPv6 addresses, each address must be entered separately. virtual-address address1 [...address12] address1
Enter an IPv4 address or IPv6 address for the virtual router. The IP address must be on the same subnet as the interfaces primary IP address. For IPv4 addresses only: Enter up 11 additional IP addresses of virtual routers in dotted decimal format. Separate the IP addresses with a space. The IP addresses must be on the same subnet as the interfaces primary IP address.

Syntax Parameters

... address12

Defaults Command Modes Command History

Not configured. VRRP

Version 8.3.2.0 Version 7.6.1.0 Version 7.5.1.0 Version 7.4.1.0 pre-Version 6.2.1.1 Introduced for IPv6 on E-Series TeraScale Introduced on S-Series Introduced on C-Series Introduced support for telnetting to the VRRP group IP address assigned using this command Introduced on E-Series

Usage Information

The VRRP group only becomes active and sends VRRP packets when a virtual IP address is configured. When you delete the virtual address, the VRRP group stops sending VRRP packets. A system message appears after you enter or delete the virtual-address command. To guarantee that a VRRP group becomes MASTER, configure the VRRP groups virtual address with the same IP address as the interfaces primary IP address. The priority of the VRRP group is then automatically set to 255 and the interface becomes the MASTER/ OWNER router of the VRRP group. You can also configure a priority for the group even if the group is owned. The configured priority is saved but only applied as the run-time priority when the last virtual address is removed from the group. You can ping the virtual addresses configured in all VRRP groups.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1601

vrrp-group

vrrp-group
ces
Syntax Parameters

Assign an interface to a VRRP group. vrrp-group vrid vrid

Enter the virtual-router ID number of the VRRP group. VRID range (C-Series and S-Series): 1-255. VRID range (E-Series): 1-255 when VRF microcode is not loaded and 1-15 when VRF microcode is loaded.

Defaults Command Modes Command History

Not configured. INTERFACE

Version 8.4.2.1 Version 8.4.1.0 Version 7.6.1.0 Version 7.5.1.0 pre-Version 6.2.1.1 When VRF microcode is loaded in CAM, the range of valid VRID values on the E-Series changed to 1-15. Support was added for configuring a VRRP group on an interface in a non-default VRF instance. Introduced on S-Series Introduced on C-Series Introduced on E-Series

Usage Information

The VRRP group only becomes active and sends VRRP packets when a virtual IP address is configured. When you delete the virtual address, the VRRP group stops sending VRRP packets. Starting in release 8.4.1.0, you can configure a VRRP group on an interface in a non-default VRF instance. E-Series ExaScale only: You can configure up to 16 VRRP groups per VLAN and up to 511 groups on all VLANs. E-Series ExaScale and TeraScale only: Starting in release 8.4.2.1, you can configure up to 255 VRRP groups per interface if VRF microcode is not loaded, and up to 15 groups if VRF microcode is loaded. E-Series ExaScale and TeraScale only: Starting in release 8.4.2.1, the VRID used by the VRRP protocol changes according to whether VRF microcode is loaded or not: When VRF microcode is not loaded in CAM, the VRID for a VRRP group is the same as the VRID number configured with the vrrp-group or vrrp-ipv6-group command. When VRF microcode is loaded in CAM, the VRID for a VRRP group is equal to 16 times the vrrp-group or vrrp-ipv6-group vrid number plus the ip vrf vrf-id number. For example, if VRF microcode is loaded and VRRP group 10 is configured in VRF 2, the VRID used for the VRRP group is (16 x 10) + 2, or 162. This VRID value is used in the lowest byte of the virtual MAC address of the VRRP group and is also used for VRF routing.

1602

Virtual Router Redundancy Protocol (VRRP)

vrrp-group

Figure 550 shows how the actual VRID used by a VRRP group is displayed: Below the command line - when VRF microcode is loaded and you enter the vrrp-group or vrrp-ipv6-group command in VRRP-group configuration mode. In show vrrp command output. Important: You must configure the same VRID on neighboring routers (Force10 or non-Force10) in the same VRRP group in order for all routers to interoperate. Figure 550 VRID used when VRF microcode is loaded
Force10(conf)#ip vrf orange 2 Force10(conf)#interface GigabitEthernet 3/0 Force10(conf-if-gi-3/0)#ip vrf forwarding orange Force10(conf-if-gi-3/0)#ip address 1.1.1.1/24 Force10(conf-if-gi-3/0)#vrrp-group 10 % Info: The VRID used by the VRRP group 10 in VRF 2 is 162. Force10(conf-if-gi-3/0-vrid-162)#virtual-ip 1.1.1.10 Force10(conf-if-gi-3/0-vrid-162)#exit When VRF microcode is loaded, the Force10(conf-if-gi-3/0)#no shutdown Force10#show vrrp -----------------GigabitEthernet 3/0, IPv4 Vrrp-group: 10, VRID: 162, Version: 2, Net: 1.1.1.1 VRF: 2 orange State: Master, Priority: 120, Master: 1.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 76, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:a2 Virtual IP address: 1.1.1.10 Authentication: (none)

the VRID used for the VRRP group is different from the VRID configured with the vrrp-group command.

Related Commands

virtual-address

Assign up to 12 virtual IP addresses per VRRP group.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1603

clear counters vrrp ipv6

IPv6 VRRP Commands

The IPv6 VRRP commands are: clear counters vrrp ipv6 debug vrrp ipv6 show vrrp ipv6 vrrp-ipv6-group

The following commands apply to IPv4 and IPv6: advertise-interval description disable hold-time preempt priority show config track virtual-address

clear counters vrrp ipv6

ecs
Syntax Parameters

Clear the counters recorded for IPv6 VRRP groups. clear counters vrrp ipv6 [vrid | vrf instance ] vrid vrf instance
(OPTIONAL) Enter the number of an IPv6 VRRP group. Range: 1 to 255 (OPTIONAL) E-Series only: Enter the name of a VRF instance (32 characters maximum) to clear the counters of all IPv6 VRRP groups in the specified VRF.

Command Modes Command History

EXEC Privilege
Version 8.4.1.0 Version 8.3.2.0 Introduced on E-Series ExaScale, C-Series, and S-Series. Support was added for IPv6 VRRP groups in non-default VRF instances. Introduced on E-Series TeraScale

1604

Virtual Router Redundancy Protocol (VRRP)

debug vrrp ipv6

ecs
Syntax Parameters

Allows you to enable debugging of VRRP. debug vrrp ipv6 interface [vrid] {all | packets | state | timer} interface
Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: E-Series Range: 1 to 255 for TeraScale For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN interface, enter the keyword vlan followed by the VLAN ID. The VLAN ID range is from 1 to 4094.

vrid all bfd database packets state timer

Command Modes Command History

(OPTIONAL) Enter a number from 1 to 255 as the VRRP group ID. Enter the keyword all to enable debugging of all VRRP groups. Enter the keyword bfd to enable debugging of all VFFP BFD interactions Enter the keyword database to display changes related to group, prefix, and interface entries in the VRRP table. Enter the keyword packets to enable debugging of VRRP control packets. Enter the keyword state to enable debugging of VRRP state changes. Enter the keyword timer to enable debugging of the VRRP timer.

EXEC Privilege
Version 8.4.1.0 Version 8.3.2.0 Introduced on E-Series ExaScale, C-Series, and S-Series. Introduced on E-Series TeraScale

Usage Information

If no options are specified, debug is active on all interfaces and all VRRP groups.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1605

show vrrp ipv6

ecs
Syntax Parameters

View the IPv6 VRRP groups that are active. If no VRRP groups are active, the FTOS returns No Active VRRP group. show vrrp ipv6 [vrid] [interface] [brief] vrid
(OPTIONAL) Enter the Virtual Router Identifier for the VRRP group to view only that group. Range: 1 to 255. (OPTIONAL) Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a Port Channel interface, enter the keyword port-channel followed by a number: E-Series Range: 1 to 255 for TeraScale For SONET interfaces, enter the keyword sonet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. For a VLAN interface, enter the keyword vlan followed by the VLAN ID. The VLAN ID range is from 1 to 4094.

interface

brief

(OPTIONAL) Enter the keyword brief to view a table of information on the VRRP groups on the E-Series.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.3.2.0

Introduced

Figure 551 Command Example: show vrrp ipv6

Force10#show vrrp ipv6 -----------------GigabitEthernet 5/6, IPv6 VRID: 255, Version: 3, Net: fe80::201:e8ff:fe7a:6bb9 VRF: 0 default-vrf State: Master, Priority: 101, Master: fe80::201:e8ff:fe7a:6bb9 (local) Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec Accept Mode: FALSE, Master AdvInt: 100 centisec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 64 Virtual MAC address: 00:00:5e:00:02:ff Virtual IP address: 1::255 fe80::255

1606

Virtual Router Redundancy Protocol (VRRP)

show vrrp ipv6

Table 157 Command Example Description: show vrrp ipv6 Line Beginning with
GigabitEthernet ...

Description
Displays the Interface, the VRRP group ID, and the network address. If the interface is no sending VRRP packets, 0.0.0.0 appears as the network address.

VRF State: master...

Hold Down:...

This line displays additional VRRP configuration information:

Hold Down displays the hold down timer interval in seconds. Preempt displays TRUE if preempt is configured and FALSE if preempt
is not configured.

AdvInt displays the Advertise Interval in seconds. Adv rcvd displays the number of VRRP advertisements received on the
interface.

Adv rcvd:...

This line displays counters for the following:

Adv sent displays the number of VRRP advertisements sent on the

interface.

Bad pkts rcvd displays the number of invalid packets received on

the interface.

Virtual MAC address Virtual IP address Tracking states...

Displays the virtual MAC address of the VRRP group. Displays the virtual IP address of the VRRP router to which the interface is connected. Displays information on the tracked interfaces or objects configured for a VRRP group (track command), including: UP or DOWN state of the tracked interface or object (Up or Dn ) Interface type and slot/port or object number, description, and time since the last change in the state of the tracked object Cost to be subtracted from the VRRP group priority if the state of the tracked interface/object goes DOWN

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1607

vrrp-ipv6-group

vrrp-ipv6-group
ecs
Syntax Parameters

Assign an interface to a VRRP group. vrrp-ipv6-group vrid vrid

Enter the virtual-router ID number of the VRRP group. VRID range (C-Series and S-Series): 1-255. VRID range (E-Series): 1-255 when VRF microcode is not loaded and 1-15 when VRF microcode is loaded.

Defaults Command Modes Command History

Not configured. INTERFACE

Version 8.4.2.1 Version 8.4.1.0 Version 8.3.2.0 The range of valid VRID values on the E-Series when VRF microcode is loaded in CAM changed to 1-15. Introduced on E-Series ExaScale, C-Series, and S-Series. Introduced on E-Series TeraScale

Usage Information

The VRRP group only becomes active and sends VRRP packets when a link-local virtual IP address is configured. When you delete the virtual address, the VRRP group stops sending VRRP packets. E-Series ExaScale and TeraScale only: Starting in release 8.4.2.1, you can configure up to 255 VRRP groups per interface if VRF microcode is not loaded, and up to 15 groups if VRF microcode is loaded. E-Series ExaScale and TeraScale only: Starting in release 8.4.2.1, the VRID used by the VRRP protocol changes according to whether VRF microcode is loaded or not: When VRF microcode is not loaded in CAM, the VRID for a VRRP group is the same as the VRID number configured with the vrrp-group or vrrp-ipv6-group command. When VRF microcode is loaded in CAM, the VRID for a VRRP group is equal to 16 times the vrrp-group or vrrp-ipv6-group vrid number plus the ip vrf vrf-id number. For example, if VRF microcode is loaded and VRRP group 10 is configured in VRF 2, the VRID used for the VRRP group is (16 x 10) + 2, or 162. This VRID value is used in the lowest byte of the virtual MAC address of the VRRP group and is also used for VRF routing. Important: You must configure the same VRID on neighboring routers (Force10 or non-Force10) in the same VRRP group in order for all routers to interoperate.

Related Commands

virtual-address

Assign up to 12 virtual IP addresses per VRRP group.

1608

Virtual Router Redundancy Protocol (VRRP)

Chapter 64

C-Series Diagnostics and Debugging

Overview
This chapter contains the following sections: Inter-process Communication Commands RPM Management Port Commands Data Path Debugging Commands Interface Troubleshooting Commands Advanced ASIC Debugging Commands ACL and System-Flow Debug Commands Interface Management Debug Commands Layer 2 Debug Command Trace Logging Commands Offline Diagnostic Commands PoE Hardware Status Commands Buffer Tuning Commands

Inter-process Communication Commands

The following are Inter-Process Communication (IPC) commands. IPC commands display receive and transmit frame counters for the party-bus switch and CPU interfaces. These interfaces are the interfaces over which FTOS task-to-task control messages are exchanged. clear hardware cpu party-bus clear hardware rpm mac counters hardware monitor linecard hardware monitor mac hardware watchdog show hardware cpu party-bus show hardware rpm mac

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1609

clear hardware cpu party-bus

c
Syntax Parameters

Clear the receive, transmit, and error counters for the party-bus port on the CPU of the specified linecard or RPM. clear hardware {linecard | rpm} number cpu party-bus statistics linecard rpm number
Enter the keyword linecard to clear counters on a line card. Enter the keyword rpm to clear counters on an RPM. Enter a number after the following keywords: After the keyword rpm: Range: 0-1 After the keyword linecard: Range: 0-7 for the C300

Defaults Command Mode

None. EXEC EXEC Privilege

Command History Usage Information

Version7.5.1.0

Introduction

Warning: Commands in this chapter with this Warning symbol should be used only
when you are working directly with Force10 TAC (Technical Assistance Center) while troubleshooting a problem. To contact Force10 TAC for assistance:
E-mail Direct Support: [email protected] Web: www.force10networks.com/support/ Telephone support: US and Canada customers: 866-965-5800 International customers: 408-965-5800

clear hardware rpm mac counters

Clear receive and transmit Ethernet statistics for all ports on the party-bus switch of the specified RPM.
Syntax Parameters

clear hardware rpm number mac counters number

Enter the RPM slot number. Range: 0-1

Defaults

None.

1610

C-Series Diagnostics and Debugging

hardware monitor linecard

Command Mode

EXEC EXEC Privilege

Command History Usage Information

Version 7.5.10

Introduction

Warning: Use this command only when you are working directly with a technical
support representative to troubleshoot a problem. Do not use this command unless a technical support representative instructs you to do so.

hardware monitor linecard

e
Syntax

Configure the system to take an action upon a line card hardware error. hardware monitor linecard asic {btm [action-on-error {card-problem | card-reset | card-shutdown}] | fpc [action-on-error | parity-correction]} action-on-error btm fpc card-problem card-reset card-shutdown parity-correction
Enter the keyword action-on-error to further specify actions that should be taken in the event of a hardware error. Enter the keyword btm to configure the system to take an action upon a Buffer Traffic Manager hardware error. Enter the keyword fpc to configure the system to take an action upon a Flexible Packet Classifier hardware error. Enter the keyword card-problem to place a line card in a card-problem state upon a hardware error. Enter the keyword card-reset to reset a line card upon a hardware error. Enter the keyword card-shutdown to shutdown a line card upon a hardware error. Enter the keyword parity-correction to enable automatic parity corrections for SRAM. The line card must be reloaded before the feature becomes operational.

Parameters

Defaults Command Mode Command History

None CONFIGURATION
Version 8.2.1.0 Introduced

hardware monitor mac

e
Configure the system to shut down all ports on a line card upon a MAC hardware error.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1611

hardware watchdog hardware monitor mac action-on-error port-shutdown None CONFIGURATION

Version 8.2.1.0 Introduced

Syntax Defaults Command Mode Command History

hardware watchdog
c
Syntax Defaults Command Mode Command History Usage Information

Set the watchdog timer to trigger a reboot and restart the system. hardware watchdog Enabled CONFIGURATION
Version 7.7.1.0 Introduced

This command enables a hardware watchdog mechanism that automatically reboots an FTOS switch/router with a single unresponsive RPM. This is a last resort mechanism intended to prevent a manual power cycle.

show hardware cpu party-bus

c
Syntax Parameters

View advanced debugging counters for the party-bus port on the CPU of the specified line card or RPM. show hardware {linecard | rpm} number cpu party-bus statistics linecard rpm number
Enter the keyword linecard to view debugging counters for a line card. Enter the keyword rpm to view cpu debugging counters for an RPM. Enter a number after the following keywords: After the keyword rpm: Range: 0-1 After the keyword linecard: Range: 0-7 for the C300

Defaults

None.

1612

C-Series Diagnostics and Debugging

show hardware rpm mac

Command Mode

EXEC EXEC Privilege

Command History Example

Version 7.5.1.0

Introduction

Figure 552 show hardware linecard Command Example

Force10#show hardware linecard 1 cpu party-bus statistic ACTIVE EMAC DEVICE:2 STATISTICS Num of Pkts. Tx Requested = 2788452, Number of Pkts Transmitted = 2788452 Num of Pkts. Received = 139662, Number of Pkts Given to MUX = 139662 Transmit Errors due to no Data = 0 Transmit Errors due to exceed num of Desc = 0 Transmit Block Count (Stall Count) = 0 Recv Pkts Dropped due to Bad Pkts Rx = 0 Recv Pkts Dropped due to more than one Buf = 0 Recv Pkts Dropped due to out of Mem = 0 Recv Pkts Dropped due to out of CBlk = 0 Recv Pkts Dropped due to out of MBlk = 0 ALTERNATIVE EMAC DEVICE:3 STATISTICS Num of Pkts. Tx Requested = 0, Number of Pkts Transmitted = 0 Num of Pkts. Received = 0, Number of Pkts Given to MUX = 0 Transmit Errors due to no Data = 0 Transmit Errors due to exceed num of Desc = 0 Transmit Block Count (Stall Count) = 0 Recv Pkts Dropped due to Bad Pkts Rx = 0 Recv Pkts Dropped due to more than one Buf = 0 Recv Pkts Dropped due to out of Mem = 0 Recv Pkts Dropped due to out of CBlk = 0 Recv Pkts Dropped due to out of MBlk = 0 value = 0 = 0x0

Usage Information

Related Commands

clear hardware cpu party-bus

Clear the receive, transmit, and error counters and for the party-bus port on the CPU of the specified RPM.

show hardware rpm mac

c
Syntax

View receive and transmit counters for the party-bus switch in the IPC subsystem. show hardware rpm number mac {counters | port-statistics {linecard number | rpm number}} counters port-statistics linecard
Enter the keyword counters to view high-level receive and transmit counters. Enter the keyword port-statistics to view detailed Ethernet statistics for the specified port on the party-bus switch. Enter the keyword linecard to view information about a particular line card.

Parameters

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1613

show hardware rpm mac

rpm number

Enter the keyword rpm to view information about a particular RPM. Enter a number after the following keywords: After the keyword rpm: Range: 0-1 After the keyword linecard: Range: 0-7 for the C300

Defaults Command Mode

None EXEC EXEC Privilege

Command History Example

Version 7.5.1.0

Introduction

Figure 553 show hardware rpm mac counters Command Example

Force10#show hardware rpm 0 mac counters Received and Transmitted Packets without Errors SLOT ID# Rx Counter TxCounter RSM SLOTS: 0 1 17 1 0 0 LCM SLOTS: 0 0 0 1 17 1 2 0 0 3 0 0 4 0 0 5 0 0 6 0 0

Table 158 show hardware rpm mac counters Output Description

Slot ID # RX Frames Port number on the party-bus control switch. Number of packets received by the party-bus switch from the processor in the specified slot.

Note: Verify the counters are incrementing.

TX Frames Number of packets sent by the party-bus switch to the processor in the specified slot.

Note: Verify the counters are incrementing.

1614

C-Series Diagnostics and Debugging

show hardware rpm cpu management

Figure 554 show hardware rpm mac port-statistics Command Example

Force10#show hardware rpm 0 mac port-statistics linecard 1 IPC Switch Port Number :7 snmpIfInOctets : 2471340 snmpIfInUcastPkts : 2410 snmpIfOutOctets : 16046 snmpIfOutUcastPkts : 99 snmpDot1dTpPortInFrames : 2410 snmpDot1dTpPortOutFrames : 99 snmpEtherStatsPkts128to255Octets : 491 snmpEtherStatsPkts512to1023Octets : 640 snmpEtherStatsPkts1024to1518Octets : 1378 snmpEtherStatsOctets : 2487386 snmpEtherStatsPkts : 2509 snmpEtherStatsTXNoErrors : 99 snmpEtherStatsRXNoErrors : 2410 snmpIfHCInOctets : 2471340 snmpIfHCInUcastPkts : 2410 snmpIfHCOutOctets : 16046 snmpIfHCOutUcastPkts : 99

Usage Information

Related Commands

clear hardware rpm mac counters

Clear the receive, transmit, and error counters and for the party-bus port on the CPU of the specified RPM.

RPM Management Port Commands

show hardware rpm cpu management

c
Syntax Parameters

View standard Ethernet receive and transmit counters as well as auto-negotiation debugging information for the external management interface. show hardware rpm number cpu management statistics number
Enter the RPM slot number. Range: 0-1

Defaults Command Mode

None. EXEC EXEC Privilege

Command History

Version 7.5.1.0

Introduction

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1615

show hardware rpm cpu management

Example

Figure 555 show hardware rpm Command Example

Force10#show hardware rpm 0 cpu management statistics Port #0 MIB Counters GoodFramesReceived BadFramesReceived BroadcastFramesReceived MulticastFramesReceived GoodOctetsReceived GoodFramesSent BroadcastFramesSent MulticastFramesSent GoodOctetsSent = = = = = = = = = 4214683 2 275828 3787188 0x0000303000000000 9539 0 0 128 0 0 0 0 260 0 0 0 0 0 0 0 0 0 0 2 0

FC Control Counters UnrecogMacControlReceived = GoodFCFramesReceived = BadFCFramesReceived = FCFramesSent = RX Errors BadOctetsReceived = UndersizeFramesReceived = FragmentsReceived = OversizeFramesReceived = JabbersReceived = MacReceiveErrors = BadCrcReceived = Rx Discarded packets counter= Rx Overrun packets counter = TX Errors TxMacErrors TxExcessiveCollisions TxCollisions TxLateCollisions 10 BASE-T half-duplex Auto-negotiation is complete = = = =

The PHY Port power is normal ethGiga #0 port Status: 0x2444 = 0x00000402 Link=UP, Speed=10, Duplex=HALF, RxFlowControl=DISABLE, padLen=136 RxCoal = 0 usec, TxCoal = 0 usec MacAddr (0x3bc75e54) = 00:01:e8:2e:2f:20 RX Queue #0: base=0x42000000, free=1024 TX Queue #0: base=0x42008020, free=2048 MANAGEMENT PHY REGISTER VALUES 0x00: 0x1000 0x01: 0x796D 0x04: 0x0021 0x05: 0x41E1 0x08: 0x0000 0x09: 0x0000 0x0C: 0x0000 0x0D: 0x0000 0x10: 0x0000 0x11: 0x0100 0x14: 0x0000 0x15: 0x0101 0x18: 0x0400 0x19: 0x8114 0x1C: 0x38A3 0x1D: 0x06CD MII Control Register SpeedSelection: 10Mbps --More--

0x02: 0x06: 0x0A: 0x0E: 0x12: 0x16: 0x1A: 0x1E:

0x0143 0x0065 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000

0x03: 0x07: 0x0B: 0x0F: 0x13: 0x17: 0x1B: 0x1F:

0xBCB1 0x2001 0x0000 0x3000 0x0000 0x0F04 0xFFFF 0x0000

Usage Information

1616

C-Series Diagnostics and Debugging

show hardware drops

Data Path Debugging Commands

Data path refers to external data and control packets that are sent to an RPM or line card, or processed by FP and forwarded through the system. show hardware drops show hardware cpu data-plane

show hardware drops

c
Syntax

View internal packet-drop counters on a line card or RPM. show hardware {linecard number | rpm number} drops [unit number] [port number] linecard rpm unit
Enter the keyword linecard to view information about a line card. Enter the keyword rpm to view information about an RPM. (OPTIONAL) Enter the keyword unit to view information about a unit. Range: 0-3 (OPTIONAL) Enter the keyword port to view information about a port. Range: 1-8 Enter a number after the following keywords: After the keyword linecard: Range: 0-7 for the C300 After the keyword rpm: Range: 0-1 After the keyword unit, enter the number of CSF or FP ASIC. After the keyword port, enter the port number.

Parameters

port

number

Defaults Command Mode

None. EXEC EXEC Privilege

Command History

Version 7.5.1.0

Introduction

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1617

show hardware drops

Example

Figure 556 show hardware drops Command Example

Force10#show hardware rpm 0 drops UNIT No: 0 Total Total Total Total Total Ingress Drops IngMac Drops Mmu Drops EgMac Drops Egress Drops :0 :0 :0 :0 :0

UNIT No: 1 Total Total Total Total Total Ingress Drops IngMac Drops Mmu Drops EgMac Drops Egress Drops :0 :0 :0 :0 :0

UNIT No: 2 Total Total Total Total Total Ingress Drops IngMac Drops Mmu Drops EgMac Drops Egress Drops :0 :0 :0 :0 :0

UNIT No: 3 Total Total Total Total Total Ingress Drops IngMac Drops Mmu Drops EgMac Drops Egress Drops :0 :0 :0 :0 :0

The figure below shows the command to display dropped packers per unit, in other words, dropped packets for a particular FP or CSF ASIC. Figure 557 show hardware drops unit Command Example
Force10#show hardware rpm 0 drops unit 0 Port# Drops 1 2 3 4 5 6 7 8 :Ingress Drops 0 0 0 0 0 0 0 0 :IngMac Drops 0 0 0 0 0 0 0 0 :Total Mmu Drops :EgMac Drops 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 :Egress 0 0 0 0 0 0 0 0

The figure below shows the command to display dropped packets for a particular port on a unit.

1618

C-Series Diagnostics and Debugging

show hardware cpu data-plane

Figure 558 show hardware drops unit port Command Example

Force10#show hardware rpm 0 drops unit 0 port 1 --- Ingress Drops --Unknown HiGig HDR :0 Unknown HiGig OPCODE :0 Unknown HiGig HDR Format :0 RX EgressBlockMask :0 Rx LinkBlockCntr :0 Rx SrcModBlockCntr :0 IBP CBP FullDrops :0 Rx AgedCounter :0 --- Ingress MAC Drops --IngressMacDrops :0 --- MMU Drops --HOL DROPS on COS0 :0 HOL DROPS on COS1 :0 HOL DROPS on COS2 :0 HOL DROPS on COS3 :0 HOL DROPS on COS4 :0 HOL DROPS on COS5 :0 HOL DROPS on COS6 :0 HOL DROPS on COS7 :0 --- Egress MAC counters --egressMACDrops :0 --- Egress Drops --Tx AgedCounter :0 Tx ErrCounter :0 Tx MacUnderFlow :0

Usage Information

show hardware cpu data-plane

c
Syntax Parameters

View the driver statistics on the CPU of the specified line card or RPM. show hardware {linecard | rpm} number cpu data-plane statistics linecard rpm number
Enter the keyword linecard to view cpu data plane statistics for a line card. Enter the keyword rpm to view cpu data plane statistics for an RPM. Enter a number after the following keywords: After the keyword rpm: Range: 0-1 After the keyword linecard: Range: 0-7 for the C300

Defaults Command Mode

None EXEC EXEC Privilege

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1619

show hardware cpu data-plane

Command History Example 1

Version 7.5.1.0

Introduction

Figure 559 show hardware linecard Command Example

Force10#show hardware linecard 1 cpu data-plane statistics -----SOCEND driver statistics for device 4----rxHandle :0 noBuff :0 noMblk :0 noClblk :0 recvd :0 dropped :0 recvToMux :0 txInt :0 transmitted :0 txRequested :0 noTxDesc :0 txError :0 txWrongIntf :0 txNotInit :0 txReqTooLarge :0 txInternalError :0 rxError :0 Socend Driver Pool Statistics for device 4 ----------------------------------------poolMBlkGetCnt = 0 poolMClGetCnt = 0 poolClBlkGetCnt = 0 poolClusterGetCnt = 0 poolMBlkFreeCnt = 0 poolMBlkClFreeCnt = 0 poolClBlkFreeCnt = 0 poolClFreeCnt = 0 poolClPoolIdGetCnt = 1 -----------------------------------------

Example 2

Figure 560 show hardware rpm Command Example

Force10#show hardware rpm 0 cpu data-plane statistics -----SOCEND driver statistics for device 2----rxHandle :0 noBuff :0 noMblk :0 noClblk :0 recvd :0 dropped :0 recvToMux :0 txInt :0 transmitted :0 txRequested :0 noTxDesc :0

Usage Information

Interface Troubleshooting Commands

This command provides additional information related to standard show interface commands.

1620

C-Series Diagnostics and Debugging

show hardware interface phy

See also in Chapter 23, Interfaces: show interfaces phy show interfaces transceiver

show hardware interface phy

c
Syntax Parameters

View MAC- and PHY-related registers and link status information, including the transmitted and received auto-negotiation control words. show hardware interface interface phy [registers] phy registers interface
Enter the keyowd phy to display sent and received auto-negotiation and Layer 1 link status information. (OPTIONAL) Use the registers keyword to display a dump of the PHY registers in hexadecimal. Enter the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

Defaults Command Mode

None. EXEC EXEC Privilege

Command History

Version 7.5.1.0

Introduction

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1621

show hardware interface phy

Example

Figure 561 show hardware interface Command Example

Force10#show hardware interface gig 1/0 phy MII Control Register SpeedSelection: 1000Mbps AutoNeg: ON Loopback: False PowerDown: Flase Isolate: Flase DuplexMode: Full MII Status Register : AutoNegComplete: False RemoteFault: False LinkStatus: False JabberDetect: False PHY Identifier Register : PHY Identifier Register : Auto-Negotiation Advertisement Register 100MegFullDplx: True 100MegHalfDplx: True 10MegFullDplx: True 10MegHalfDplx: True Asym Pause: False Sym Pause: True Auto-Negotiation Link Partenr Register : 100MegFullDplx: False 100MegHalfDplx: False 10MegFullDplx: False 10MegHalfDplx: False Asym Pause: False Sym Pause: False 1000Base-T Control Register: Master/Slave Mode: Auto 1000MegFullDplx: True 1000MegHalfDplx: True 1000Base-T Status Register Master/Slave Fault: No Master/Slave: Slave Local RX OK: False Remote RX OK: False Link Partner 1000MegFullDplx: False Link Partner 1000MegHalfDplx: False Idle Error Count: 0 1000Base-T/100Base-TX/10Base-T IEEE Extnd Status Register 1000Base-T/100Base-TX/10Base-T PHY Extnd Control Register Automatic MDI Crossover Mode: Enable 1000Base-T/100Base-TX/10Base-T PHY Extnd Status Register Automatic MDI Crossover State: Crossover

Table 159 show hardware rpm number mac Output Description

Mode Control Mode Status Indicates whether auto-negotiation is enabled and the selected speed and duplex. Displays auto-negotiation fault information. The AutoNegComplete shows True and the LinkStatus field says OK when the interface completes auto-negotiation successfully. Displays the control words advertised by the local interface during negotiation. The duplex can be full-duplex or half-duplex. The "AsymPause" and "SymPause" describes the types of flow control supported by the local interface. Displays the control words advertised by the remote interface during negotiation. The duplex can be full-duplex or half-duplex. The "AsymPause" and "SymPause" fields describe the types of flow control supported by the remote interface.

AutoNegotation Advertise

AutoNegotiation Remote Partner's Ability

1622

C-Series Diagnostics and Debugging

show hardware interface phy

Table 159 show hardware rpm number mac Output Description

AutoNegotiation Expansion Parallel detection refers to a handshaking scheme in which the link partners continuously transmit an "idle" data packet using the Fast Ethernet MLT-3 waveform. Equipment that does not support auto-negotiation must be configured to exactly match the mode of operation as the link partner, or else no link can be established. 1000Base-T Control 1000Base-T requires auto-negotiation. The IEEE Ethernet standard does not support setting the speed to 1000 Mbps with the speed command without auto-negotiation. C-Series line cards support both full-duplex and half-duplex 1000BaseT. Indicates whether Automatic MDI crossover mode is enabled or disabled Indicates whether Automatic MDI crossover state is crossover or normal.

Automatic MDI Crossover Control Automatic MDI Crossover State

Usage Information

Use the show hardware interface interface phy command when you are troubleshooting a link issue, such as when the show interfaces interface command is reporting an auto-negotiation mismatch (there is an "Auto-neg Error" string in the output, as shown below. Figure 562 Auto-negotiation Mismatch Example
Force10#show interfaces gigabit 0/3 GigabitEthernet 0/3 is up, line protocol is down Hardware is Force10Eth, address is 00:01:e8:07:16:b3 Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed auto, Mode full duplex, Auto-neg Error ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 04:39:17 [output omitted]

The no auto-negotiation command disables auto-negotiation on an interface. Force10 recommends keeping auto-negotiation enabled. If the remote interface is not configured for auto-negotiation, the Force10 interface can detect the speed at which the remote device is operating by the type of electrical signal that is arriving. If the local and remote interfaces are configured differently for auto-negotiationfor example, one side is configured for auto-negotiation and the other side is configured for a particular speedthe link does no not come up. Both sides of the link must be configured for auto-negotiation (recommended) or esle the same speed. 1000Base-T requires auto-negotiation. The IEEE Ethernet standard does not support setting the speed manually to 1000 Mbps.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1623

clear hardware unit

Advanced ASIC Debugging Commands

clear hardware unit show cpu-interface-stats show hardware unit show revision

clear hardware unit

c
Syntax Parameters

Clear debugging information on the internal Gigabit Ethernet interfaces on the CSF and FP ASICs. clear hardware {linecard number | rpm number} unit number counters linecard rpm number
Enter the keyword linecard to clear information about a line card. Enter the keyword rpm to clear information about an RPM. Enter a number: After the keyword linecard: Range: 0-7 for the C3000 After the keyword rpm: Range: 0-1 After the unit keyword: For a line card: Range: 0 - 3 For an RPM: Range 0 - 4

Defaults Command Mode

None. EXEC EXEC Privilege

Command History Usage Information

Version 7.5.1.0

Introduction

1624

C-Series Diagnostics and Debugging

show cpu-interface-stats

show cpu-interface-stats
c
The command provides an immediate snapshot of the health of the internal RPM and line card CPU. Generally this command is used in concert with Force10 Networks Technical Support engineers. show cpu-interface-stats {cp | lp | rp1 | rp2} cp lp
Defaults Command Modes Enter the keyword cp to display the CP's interface statistics. Enter the keyword lp to display the LP's interface statistics

Syntax Parameters

No default behavior or values EXEC EXEC Privilege

Command History Example

Version 7.6.1.0

Introduced on C-Series

Figure 563 show cpu-interface-stats lp Command Example (Partial)

Force10#show cpu-interface-stats lp 1 -- Dataplane PP1 interface statistics -Link state : Up Recv Interrupts/Polls: 0 Recv Packets : 9807 Transmit ... -- Dataplane PP0 interface statistics -Link state : Up Recv Interrupts/Polls: 0 Recv Packets : 9807 Transmit Recv Desc Error : 0 Transmit ... -- Partybus RPM0 interface statistics -Link state : Up Recv Interrupts/Polls: 0 Recv Packets : 171611 Transmit ... -- Partybus RPM1 interface statistics -Link state : Up Recv Interrupts/Polls: 0 Recv Packets : 0 Transmit Recv Desc Error : 0 Transmit Recv Out of Mem : 0 Transmit Recv Upper Layer Full: 0 Transmit Recv Other Error : 0 Transmit Recv Restarts : 0 Recv Restarts Fatal : 0 Force10#

Packets

9808

Packets : Desc Error :

9807 0

Packets

329859

Packets : Desc Error : Out of Mem : Pause Pkts : Other Error:

0 0 0 0 0

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1625

show cpu-interface-stats

Example

Figure 564 show cpu-interface-stats cp Command Example (Partial)

Force10#show cpu-interface-stats cp -- Partybus ethernet statistics -Link state : Down Recv Interrupts/Polls: 438532 Recv Packets : 440125 Transmit Packets : 290784 ... -- Dataplane ethernet statistics -Link state : Down Recv Interrupts/Polls: 9875 Recv Packets : 9875 Transmit Packets : 9841 ... -- OOB ethernet statistics -Link state : Up Recv Interrupts/Polls: 15439 Recv Packets : 19298 Transmit Packets : 11 ... -- Partybus switch statistics -Dropped cells : 0 Dropped packets: 0 LC0 : Ingress: 0 Egress: 1780 LC1 : Ingress: 331581 Egress: 176297 ... CP : Ingress: 292114 Egress: 440141 RP1 : Ingress: 61250 Egress: 66663 RP2 : Ingress: 54346 Egress: 59750 IRC : Ingress: 0 Egress: 1780 -- Partybus ethernet rate statistics -- 0: Peak rate at Thu Dec 6 18:20:32 2007 Total rate (bps) : 1634400 Total Size (bytes): 4086 Total Arp (bytes): 0 From 127.10.10.23:0 2128 bytes From 127.10.10.23:9093 1500 bytes From 127.10.10.12:4233 368 bytes - 1: Peak rate at Thu Dec 6 18:16:40 2007 Total rate (bps) : 1634400 Total Size (bytes): 4086 Total Arp (bytes): 0 From 127.10.10.23:0 2128 bytes From 127.10.10.23:9093 1500 bytes From 127.10.10.12:4233 368 bytes - 2: Peak rate at Thu Dec 6 18:20:43 2007 Total rate (bps) : 1634400 Total Size (bytes): 4086 Total Arp (bytes): 0 From 127.10.10.23:0 2128 bytes From 127.10.10.23:9093 1500 bytes From 127.10.10.11:4229 368 bytes -- IRC Statistics -irc phy: DOWN -- Helios Statistics -ACL Fpga Cp dataplane packets:9875 denied:0 dropped:0 ACL Fpga Rp1 dataplane packets:39125 denied:0 dropped:0 ACL Fpga Rp2 dataplane packets:274 denied:0 dropped:0 ACL Fpga Mgmt packets:19441 denied:0 dropped:0Force10# Force10#

1626

C-Series Diagnostics and Debugging

show hardware unit

c
Syntax

View advanced debugging information on the internal Gigabit Ethernet interfaces on the CSF and FP ASICs. show hardware {linecard number | rpm number} unit number {counters | details | port-stats | register} linecard rpm number
Enter the keyword linecard to view information about a line card. Enter the keyword rpm to view information about an RPM. Enter a number after the following keywords: After the keyword linecard: Range: 0-7 for the C300 After the keyword rpm: Range: 0-1 After the keyword unit, enter the number of CSF or FP ASIC.

Parameters

Defaults Command Mode

None EXEC EXEC Privilege

Command History Usage Information

Version 7.5.1.0

Introduction

show revision
c
Syntax Defaults Command Modes Command History

Displays the currently loaded FPGA images. show revision No default behavior or value EXEC Privilege
Version 7.5.1.0 Introduced

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1627

clear hardware system-flow

Example

Figure 565 show revision Command Example

Force10#show revision -- RPM 0 -C300 RPM FPGA : 3.8 Required FPGA version : 3.8 -- Secondary RPM -C300 RPM FPGA : 3.8 Required FPGA version : 3.8 -- Line card 3 -48 Port 1G LCM FPGA : 2.6 Required FPGA version : 2.6 -- Line card 7 -48 Port 1G LCM FPGA : 2.6 Required FPGA version : 2.6 Force10#

ACL and System-Flow Debug Commands

clear hardware system-flow show hardware acl show hardware layer3 qos linecard port-set show hardware system-flow layer2 linecard port-set

clear hardware system-flow

c
Syntax Parameters

Clear system-flow entry counters. clear hardware system-flow layer2 linecard number port-set number counters number
Enter a number after the following keywords: After the keyword linecard: Range: 0-7 for the C300 After the keyword port-set, enter the Port-Pipe/FB ID.

Defaults Command Mode

None. EXEC EXEC Privilege

Command History

Version 4.2.1.0

Introduction

1628

C-Series Diagnostics and Debugging

show hardware acl

Usage Information

Related Commands

show hardware system-flow layer2 linecard port-set

View system-flow entries.

show hardware acl

c
Syntax Parameters

View Layer 2 or Layer 3 access control list entries. show hardware {layer2 | layer 3} acl linecard number port-set number layer2 layer3
Enter the keyword layer2 to view Layer 2 access control list entries for the specified line card. Enter the keyword layer3 to view Layer 3 access control list entries for the Forwarding Processor of the specified line card. Enter a number after the following keywords: After the keyword linecard: Range: 0-7 for the C300; 03 for the C150 After the keyword port-set, enter the Port-Pipe/FB ID.

number

Defaults Command Mode

None EXEC EXEC Privilege

Command History Usage Information

Version 4.2.1.0

Introduction

show hardware layer3 qos linecard port-set

c
Syntax

View Layer 3 QoS messages. show hardware layer3 qos linecard port-set

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1629

show hardware system-flow layer2 linecard port-set

Parameters

number

Enter a number after the following keywords: After the keyword linecard: Range: 0-7 for the C300 After the keyword port-set, enter the Port-Pipe/FB ID.

Defaults Command Mode

None. EXEC EXEC Privilege

Command History Usage Information

Version 7.5.1.0

Introduction

show hardware system-flow layer2 linecard port-set

c
Syntax Parameters

View system-flow entries. show hardware system-flow layer2 linecard number port-set number [counters] number
Enter a number after the following keywords: After the keyword linecard: Range: 0-7 for the C300 After the keyword port-set, enter the Port-Pipe/FB ID.

counters

Enter the keyword counters to view counters of system-flow entries.

Defaults Command Mode

None. EXEC EXEC Privilege

Command History Usage Information

Version 4.2.1.0

Introduction

Related Commands

clear hardware system-flow

Clear system-flow entry counters.

1630

C-Series Diagnostics and Debugging

debug ifm trace-flags

Interface Management Debug Commands

These commands display advanced debugging information related to the Interface Manager (IFM) process. debug ifm trace-flags show software ifm

debug ifm trace-flags

c
Syntax

Turn on IFM internal trace-flags. debug ifm trace-flags trace-flag Disable this command using the no debug ifm trace-flags command.

Parameters

trace-flag None. EXEC EXEC Privilege

Enter a hexadecimal number representing the trace-flag.

Defaults Command Mode

Command History Usage Information

Version 4.2.1.0

Introduction

Turning on a trace flag does not result in an output to the console/terminal. It prints trace information to the trace buffer, which is viewed using the show trace history command.

show software ifm

c
Syntax

View interface management information. show software ifm {clients [summary] | ifagt number | ifcb interface | linecard number | trace-flags} clients summary
(OPTIONAL) Enter the keyword clients to view information on IFM clients. (OPTIONAL) Enter the keyword summary to view show brief information of IFM clients.

Parameters

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1631

show software ifm

ifagt ifcb linecard trace-flags interface

Enter the keyword ifagt to view software pipe and IPC statistics for IFAGT. Enter the keyword ifcb to view information about the Interface Control Block. Enter the keyword linecard view interface managment information for line cards.

Enter the keyword trace-flags to view interface managment information for internal trace flags.
Enter one of the following keywords and slot/port or number information: For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/port information. For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For Loopback interfaces, enter the keyword loopback followed by a number from 0 to 16383. For the management interface on the RPM, enter the keyword ManagementEthernet followed by the slot/port information. The slot range is 0-1 and the port range is 0. For the Null interface, enter the keywords null 0. For a Port Channel interface, enter the keyword port-channel followed by a number: C-Series Range: 1-128 For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.

number

Enter the linecard slot number. Range: 0-7 for the C300

Defaults Command Mode

None. EXEC EXEC Privilege

Command History Usage Information

Version 4.2.1.0

Introduction

1632

C-Series Diagnostics and Debugging

show software macagent

Layer 2 Debug Command

show software macagent

c
Syntax

This command displays tables and advanced debugging information related to the MAC Agent process. show software macagent {configs | mac-addr-table {dump | count} | port interface interface | port-channel number | stg number | vlan number} line-card number configs mac-addr-table dump count port interface stg vlan interface
The keyword configs shows the initial configurations of the MAC Agent. The keyword mac-addr-table shows the number of MAC addresses in the MAC Agent software. The keyword dump shows the MAC addresses present in the software. The keyword count shows the number of MAC addresses present in the software. The keywords port interface show Layer 2 information for a port on a particular line card. The keyword stg shows the state of each port in a particular Spanning Tree Group on a line card. The keyword vlan shows Layer 2 information in the MAC Agent for a VLAN on a particular line card. Enter one of the following keywords and slot/port or number information: For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. After the keyword linecard: Range: 0-7 for the C300; 0-3 for the C150 After the port-channel keyword, enter the port-channel number. Range: 1-128 After the keyword stg, enter the Spanning Tree Group number. After the keyword vlan: Range: 1 - 4095 for the C300

Parameters

number

Enter a number after the following keywords:

Defaults Command Mode

None. EXEC EXEC Privilege

Command History Usage Information

Version 4.2.1.0

Introduction

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1633

debug cpu-traffic-stats

Trace Logging Commands

Trace logging is a critical debugging tool most often used by the Force10 Networks Technical Assistance Center (TAC) to isolate and resolve both software and hardware issues. debug cpu-traffic-stats show command-history show console lp show cpu-traffic-stats show hardware linecard fpga show hardware rpm fpga

debug cpu-traffic-stats
c
Syntax

Enable the collection of CPU traffic statistics. debug cpu-traffic-stats [linecard {all | number}] To disable debugging, execute the no debug cpu-traffic-stats command.

Parameters

linecard all number

(OPTIONAL) Enter the keyword linecard to view CPU traffic statistics for a particular line card. Enter the keyword all to specify all line cards. Enter a line card number Range: 0-7 for the C300

Defaults Command Modes Command History Usage Information

Disabled EXEC Privilege

Version 4.2.1.0 Introduced

This command can be used to turn on CPU traffic statistics collection either on a specific linecard or on all linecards. The statistics currently collected are: Numbers of packets trapped due to Egress MTU violation Numbers of packets trapped due to TTL 1 or IP Options Numbers of packets trapped due to TTL 0

Note: Use show cpu-traffic-stats to view traffic statistics.

1634

C-Series Diagnostics and Debugging

show command-history

This command enables (and disables) the collection of CPU traffic statistics from the time this command is executed, not from system boot). However, excessive traffic received by a CPU will automatically turn on the collection of CPU traffic statics. The message is an indication that collection of CPU traffic is automatically turned on:
Excessive traffic is received by CPU and traffic will be rate controlled.

show command-history
c
Syntax Parameters Defaults Command Mode

View a buffered time-stamped log of all commands entered by all users. show command-history None None EXEC EXEC Privilege

Command History Usage Information

Version 4.2.1.0

Introduction

show console lp
c
Syntax Parameters

View the buffered console log for a line card. show console lp number lp number
Enter the keyword lp to view buffered console messages for a line card processor. Enter a line card number. Range: 0-7 for the C300; 0-3 for the C150

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1635

show cpu-traffic-stats

Defaults Command Mode

None EXEC EXEC Privilege

Command History Usage Information

Version 7.5.1.0

Introduction

This log displays initialization messages while the line card is going through the steps to reach check-in status.

show cpu-traffic-stats
c
Syntax Parameters

View traffic statistics for a line card CPU. show cpu-traffic-stats [linecard {all | number}] linecard all number
(OPTIONAL) Enter the keyword linecard to view CPU traffic statistics for a particular line card. Enter the keyword all to specify all line cards. Enter a line card number Range: 0-7 for the C300; 0-3 for the C150

Defaults Command Mode

None. EXEC EXEC Privilege

Command History Example

Version 7.5.1.0

Introduction

Figure 566 show cpu-traffic-stats linecard Command Example

Force10#show cpu-traffic-stats linecard all Stats for Line card 2, Port pipe 0, Port 0 ---------------------------------------------Numbers of packets trapped due to Egress MTU violation Numbers of packets trapped due to TTL 1 or IP Options Numbers of packets trapped due to TTL 0

: 1 : 0 : 0

Usage Information

The statistics are displayed only if at least one of the counters is non-zero for any linecard, Port-Pipe, or port combination.

1636

C-Series Diagnostics and Debugging

show hardware linecard fpga

c
Syntax Parameters

Display internal information about the line card FPGA. show hardware linecard slot fpga {errorlog | registers | stats} slot errorlog registers stats
Enter the line card slot number. Range: 0 to 7 (OPTIONAL) Enter the keyword errorlog to dump the FPGA Error Log. (OPTIONAL) Enter the keyword registers to dump the FPGA Registers. (OPTIONAL) Enter the keyword stats to dump the FPGA Interrupt Statistics.

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History Usage Information

Version 7.5.1.0

Introduced

show hardware rpm fpga

c
Syntax

Display internal RPM FPGA information. show hardware rpm slot fpga {errorlog | linecard {slot registers } | registers | stats | standby-rpm registers} rpm slot errorlog linecard slot registers
Enter the keyword rpm followed by the RPM slot number. Range: 0 or 1 (OPTIONAL) Enter the keyword errorlog to dump the FPGA Error Log. Enter the keyword linecard followed by the line card slot number and the keyword registers to dump the line cards FPGA registers. Range: 0-7 for the C300; 0-3 for the C150 (OPTIONAL) Enter the keyword registers to dump the FPGA Registers.

Parameters

registers

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1637

show hardware rpm fpga

stats standby-rpm register

(OPTIONAL) Enter the keyword stats to dump the FPGA Interrupt Statistics. (OPTIONAL) Enter the keywords standby-rpm register to display the stand-by RPMs registers.

Defaults Command Modes Command History

No default behavior or values EXEC

Version 7.6.1.0 Version 7.5.1.0 Added support for Stand-by RPM Registers Introduced

Usage Information

1638

C-Series Diagnostics and Debugging

show hardware rpm fpga

Example

Figure 567 show hardware rpm fpga registers (C-Series Command Example)
Force10>show hardware rpm 0 fpga registers *************************************************** Local Memory Dump 0x0000: 00010401 0x0020: 00000000 0x0040: 00000104 0x0060: 00000104 0x0080: 00000002 0x00a0: 0000008b 0x00c0: 00000000 0x00e0: 00000000 0x0100: 00000000 0x0120: 00000008 0x0140: 00000008 0x0160: 00000008 0x0180: 00000000 0x01a0: 00000000 0x01c0: 00000000 0x01e0: 00000000 0x0200: 00000000 0x0220: 00000000 0x0240: 00000000 0x0260: 00000000 Force10> 5a5a1234 00000000 00000104 00000104 0000003f 00000000 00000000 00000000 000000ff 00000008 00000008 00000008 00010000 00010000 00010000 00010000 00000000 00000000 00000000 00000000 01200b11 00010000 00000104 00000104 0000ff01 00000000 00000000 00000000 00000003 00000008 00000008 00000008 00000000 00000000 00000000 00000000 000001cc 00000000 00000000 00000000 00000111 00000001 00000104 00000104 0000008a 00000000 00000000 00000000 00000003 00000008 00000008 00000008 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000011 00fffffe 00000104 00000104 00000000 00000000 00000000 00000000 00000008 00000008 00000008 00000008 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 0000000f 00000104 00000104 00000104 0000008b 00000000 00000000 00000000 00000008 00000008 00000008 00000008 00010000 00010000 00010000 00010000 00000000 00000000 00000000 00000000 000003ff 00000104 00000104 00000104 00000089 00000000 00000000 00000000 00000008 00000008 00000008 00000008 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000104 00000104 00000104 0000008b 00000000 00000000 00000000 00000008 00000008 00000008 00000008 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

Example

Figure 568 show hardware rpm fpga stats (C-Series Command Example)
orce10#show hardware rpm 1 fpga stats DUMPING FPGA INTERRUPT STATISTICS FAN Interrupts received - 0 PSU Interrupts received - 0 Card Presence Interrupts received - 0 I2C[0] Interrupts received - 0 I2C[0] Interrupts handled - 0 I2C[1] Interrupts received - 337 I2C[1] Interrupts handled - 337 I2C[2] Interrupts received - 0 I2C[2] Interrupts handled - 0 I2C[3] Interrupts received - 1209 ... I2C[7] Interrupts handled - 0 HDLC[0] Interrupts received - 0 HDLC[0] Interrupts handled - 0 HDLC[1] Interrupts received - 0 HDLC[1] Interrupts handled - 0 HDLC[2] Interrupts received - 0 HDLC[2] Interrupts handled - 0 ... HDLC[6] Interrupts handled - 0 SPI Interrupts received - 0 SMI Write Interrupts received - 0 LM 80 Interrupts received - 0 LCLK Interrupts received - 0 Mastership change Interrupts received - 1 Over temperature Interrupts received - 0 Low temperature Interrupts received - 0 XFP[0] Interrupts received - 0 XFP[1] Interrupts received - 0 XFP[2] Interrupts received - 0 XFP[3] Interrupts received - 0 XFP[4] Interrupts received - 0 XFP[5] Interrupts received - 0 XFP[6] Interrupts received - 0 XFP[7] Interrupts received - 0 POE[0] Interrupts received - 0 POE[1] Interrupts received - 0 POE[2] Interrupts received - 0 POE[3] Interrupts received - 0 PCI Reset Interrupts received - 0 Spurious interrupts received - 0 Force10>

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1639

diag linecard

Offline Diagnostic Commands

The commands in this section are: diag linecard offline online show diag The offline diagnostics test suite is useful for isolating faults and debugging hardware. The tests results are written to a file in flash memory and can be displayed on screen. Detailed statistics for all tests are collected. These statistics include: last execution time first and last test pass time first and last test failure time total run count total failure count consecutive failure count error code

diag linecard
c
Syntax Parameters

Run offline diagnostics on a line card. diag linecard number {alllevels | level0 | level1 | level2} alllevels level0 leve1
Enter the keyword alllevels to run th complet diagnostics test suite. Enter the keyword level0 to check the device inventory and verify the existence of the devices (e.g., device ID test). Enter the keyword level1 to verify that the devices are accessible via the designated paths (e.g., line integrity tests) and test the internal parts (e.g., registers) of the devices. Enter the keyword level2 to perform on-board loopback tests on various data paths (e.g., data Port-Pipe and Ethernet). Enter a number: Range: 0-7 for the C300; 0-3 for the C150

level2 number

Defaults Command Mode

None. EXEC EXEC Privilege

Command History

Version 7.5.1.0

Introduction

1640

C-Series Diagnostics and Debugging

offline

Usage Information

Warning: Do not use this command when a line card is in a booting state.

offline
c
Syntax Parameters

Place a line card or SFM in an offline state. offline {linecard number | sfm standby} linecard sfm standby number
Enter the keyword linecard to place the linecard in an offline state. Enter the keywords sfm standby to place the RPM in an offline state. After the keyword linecard: Range: 0-7 for the C300

Defaults Command Mode

None. EXEC EXEC Privilege

Command History Usage Information

Version 7.5.1.0

Introduction

Warning: Do not use this command when a line card is in a booting state.

online
c
Syntax Parameters

Place a linecard or RPM in an online state. online {linecard number | sfm standby} linecard sfm standby number
Enter the keyword linecard to place the linecard in an online state. Enter the keywords sfm standby to place the RPM in an online state. After the keyword linecard: Range: 0-7 for the C300; 0-3 for the C150

Defaults

None

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1641

show diag

Command Mode

EXEC EXEC Privilege

Command History Usage Information

Version 7.5.1.0

Introduction

Warning: Do not use this command when a line card is in a booting state.

show diag
c
Syntax Parameters

View diagnostics information. show diag {information | linecard number | summary | detail} information linecard number summary detail
Enter the keyword information to view diagnostics processes by line card. Enter the keyword linecard for diagnostics information for a particular line card. Enter a line card number. Range: 0-7 for the C300 Enter the keyword summary brief diagnostics information. Enter the keyword detail for detailed diagnostics information.

Defaults Command Mode

None. EXEC EXEC Privilege

Command History Usage Information

Version 7.5.1.0

Introduction

Warning: Do not use this command when a line card is in a booting state.

PoE Hardware Status Commands

Inspect C-Series line card internals with regard to Power over Ethernet (PoE).

1642

C-Series Diagnostics and Debugging

show hardware linecard poe-status

cs
Syntax Parameters

Display the status of the four C-Series PoE controllers and the entire registers associated with each controller. show hardware linecard number poe-status linecard number
Enter the keywrod linecard followed by the line card slot number.

Defaults Command Modes Command History

No default behavior or values EXEC

Version 7.7.1.0 Version 7.5.1.0 Introduced on S-Series Introduced on C-Series

Example

Figure 569 show hardware linecard (C-Series Command Example)

Force10#show hardware linecard 7 poe-status HW Status for POE Controller 0 The HW Status is ---------------The Internal address is - 0x0000 The I2C address is - 0x003c Is Master - Yes The I2C Mode is - I2C The mode is configured properly The address is configured properly The Controller and I2C is configured properly Force10#

Usage Information

If the command is executed on a non-POE line card, the following error message is generated:

Force10#sh hardware linecard 6 poe-status % Error: POE is not supported for this card.
Related Commands show power supply Display the power supply status.

Buffer Tuning Commands

The buffer tuning commands are: buffer (Buffer Profile) buffer (Configuration) buffer-profile (Configuration) buffer-profile (Interface) show buffer-profile

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1643

buffer (Buffer Profile)

show buffer-profile interface

Warning: Altering the buffer allocations is a sensitive operation. Do not use any buffer tuning commands
without first contacting the Force10 Technical Assistance Center.

buffer (Buffer Profile)

cs
Syntax

Allocate an amount of dedicated buffer space, dynamic buffer space, or packet pointers to queues 0 to 3. buffer [dedicated | dynamic | packet-pointers] queue0 number queue1 number queue2 number queue3 number dedicated dynamic packet-pointers queue0 number
Enter this keyword to configure the amount of dedicated buffer space per queue. Enter this keyword to configure the amount of dynamic buffer space per Field Processor. Enter this keyword to configure the number of packet pointers per queue. Enter this keyword to allocate an amount of buffer space or packet pointers to Queue 0. Dedicated Buffer Range: 0-2013 Dynamic Buffer Range: FP: 0-2013 CSF: 0-131200 (in multiples of 80) Packet Pointer Range: 0-2047

Parameters

queue1 number

Enter this keyword to allocate an amount of buffer space or packet pointers to Queue 1. Dedicated Buffer Range: 0-2013 Dynamic Buffer Range: FP: 0-2013 CSF: 0-131200 (in multiples of 80) Packet Pointer Range: 0-2047

1644

C-Series Diagnostics and Debugging

buffer (Configuration)

queue2 number

Enter this keyword to allocate an amount of buffer space or packet pointers to Queue 2. Dedicated Buffer Range: 0-2013 Dynamic Buffer Range: FP: 0-2013 CSF: 0-131200 (in multiples of 80) Packet Pointer Range: 0-2047

queue3 number

Enter this keyword to allocate an amount of buffer space or packet pointers to Queue 3. Dedicated Buffer Range: 0-2013 Dynamic Buffer Range: FP: 0-2013 CSF: 0-131200 (in multiples of 80) Packet Pointer Range: 0-2047

Defaults Command Mode Command History

None BUFFER PROFILE

Version 7.7.1.0 Version 7.6.1.0

Introduced on S-Series Introduced on C-Series Create a buffer profile that can be applied to an interface.

Related Commands

buffer-profile (Configuration)

buffer (Configuration)
cs
Syntax Parameters

Apply a buffer profile to all Field or Switch Fabric processors in a port-pipe. buffer [csf | fp-uplink] linecard slot port-set port-pipe buffer-policy buffer-profile csf fp-uplink linecard slot port-set port-pipe buffer-policy buffer-profile
Enter this keyword to apply a buffer profile to all Switch Fabric processors in a port-pipe. Enter this keyword to apply a buffer profile to all Field Processors in a a port-pipe. Enter the keyword linecard followed by the line card slot number. Enter the keyword port-set followed by the port-pipe number. Range: 0-3 on C-Series, 0-1 on S-Series Enter the keyword buffer-policy followed by the name of a buffer profile you created.

Defaults Command Mode

None BUFFER PROFILE

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1645

buffer-profile (Configuration)

Command History

Version 7.7.1.0 Version 7.6.1.0

Introduced on S-Series Introduced on C-Series

Usage Information

If you attempt to apply a buffer profile to a non-existent port-pipe, FTOS displays the following message. However, the configuration still appears in the running-config.
%DIFFSERV-2-DSA_BUFF_CARVING_INVALID_PORT_SET: Invalid FP port-set 2 for linecard 2. Valid range of port-set is <0-1>

Related Commands

buffer-profile (Configuration)

Create a buffer profile that can be applied to an interface.

buffer-profile (Configuration)
cs
Syntax Parameters

Create a buffer profile that can be applied to an interface. buffer-profile {{fp | csf} profile-name | global {1Q|4Q} fp csf profile-name global 1Q 4Q
Enter this keyword to create a buffer profile for the Field Processor. Enter this keyword to create a buffer profile for the Switch Fabric Processor. Create a name for the buffer profile. Apply one of two pre-defined buffer profiles to all of the port-pipes in the system. Enter this keyword to choose a pre-defined bufffer profile for single queue (i.e non-QoS) applications. Enter this keyword to choose a pre-defined bufffer profile for four queue (i.e QoS) applications.

Defaults Command Mode Command History

global 4Q CONFIGURATION
H

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

Added global keyword. Introduced on S-Series Introduced on C-Series

Usage Information

When you remove a buffer-profile using the command no buffer-profile [fp | csf] from CONFIGURATION mode, the buffer-profile name still appears in the output of show buffer-profile [detail | summary]. After a line card reset, the buffer profile correctly returns to the default values, but the profile name remains. Remove it from the show buffer-profile [detail | summary] command output by entering no buffer [fp-uplink | csf] linecard port-set buffer-policy from CONFIGURATION mode and no buffer-policy from INTERFACE mode.

1646

C-Series Diagnostics and Debugging

buffer-profile (Interface)

Related Commands

buffer (Buffer Profile) reload

Allocate an amount of dedicated buffer space, dynamic buffer space, or packet pointers to queues 0 to 3. Reboot the system.

Usage Information

The buffer-profile global command fails if you have already applied a custom buffer-profile on an interface. Similarly, when buffer-profile global is configured, you cannot not apply buffer-profile on any interface. If the default buffer-profile (4Q) is active, FTOS displays an error message instructing you to remove the default configuration using the command no buffer-profile global. You must reload the system for the global buffer-profile to take effect.

Note: When you removed a buffer-profile using the command no buffer-profile [fp | csf] from CONFIGURATION mode, the buffer-profile name still appears in the output of show buffer-profile [detail | summary]. After a line card reset, the buffer profile correctly returns to the default values, but the profile name remains. Remove it from the output using the command no buffer [fp |csf] linecard port-set buffer-policy from CONFIGURATION mode.

buffer-profile (Interface)
cs
Syntax Parameters

Apply a buffer profile to an interface. buffer-profile profile-name profile-name None INTERFACE

Enter the name of the buffer profile you want to apply to the interface.

Defaults Command Mode Command History

Version 7.7.1.0 Version 7.6.1.0

Introduced on S-Series Introduced on C-Series

Usage Information

When you move to a different chassis a line card that has a buffer profile applied at interface level on the fp-uplink, the line card retains the buffer profile. To return the line card to the default buffer profile, remove the current profile using the command no buffer-profile fp-uplink linecard from INTERFACE mode, and then reload the chassis.
buffer-profile (Configuration)

Related Commands

Create a buffer profile that can be applied to an interface.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1647

show buffer-profile

show buffer-profile
cs
Syntax Parameters

Display the buffer profile that is applied to an interface. show buffer-profile {detail | summary} {csf | fp-uplink} detail summary csf fp-uplink
Display the buffer allocations of the applied buffer profiles. Display the buffer-profiles that are applied to line card port-pipes in the system. Display the Switch Fabric Processor buffer profiles that you have applied to line card port-pipes in the system. Display the Field Processor buffer profiles that you have applied to line card port-pipes in the system.

Defaults Command Mode Command History

None INTERFACE
Version 7.7.1.0 Version 7.6.1.0 Introduced on S-Series Introduced on C-Series

Example

Figure 570 show buffer-profile Command Example

Force10#show buffer-profile summary fp-uplink Linecard Port-set Buffer-profile 0 0 test1 4 0 test2 Force10#

Related Commands

buffer-profile (Configuration)

Create a buffer profile that can be applied to an interface.

show buffer-profile interface

cs
Syntax Parameters

Display the buffer profile that is applied to an interface. show buffer-profile {detail | summary} interface interface slot/port detail summary interface interface slot/port
Display the buffer allocations of a buffer profile. Display the Field Processors and Switch Fabric Processors that are applied to line card port-pipes in the system. Enter the keyword interface followed by the interface type, either gigabitethernet or tengigabitethernet. Enter the slot and port number of the interface.

Defaults

None

1648

C-Series Diagnostics and Debugging

show buffer-profile interface

Command Mode Command History

INTERFACE
H

Version 7.7.1.0 Version 7.6.1.0

Introduced on S-Series Introduced on C-Series

Example

Figure 571 show buffer-profile interface Command Example

Force10#show buffer-profile detail csf linecard 4 port-set 0 Linecard 4 Port-set 0 Buffer-profile test Queue# Dedicated Buffer Buffer Packets (Bytes) 0 36960 718 1 18560 358 2 18560 358 3 18560 358 4 9600 64 5 9600 64 6 9600 64 7 9600 63 Force10#

Related Commands

buffer-profile (Configuration)

Create a buffer profile that can be applied to an interface.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1649

show buffer-profile interface

1650

C-Series Diagnostics and Debugging

Chapter 65

E-Series ExaScale Debugging and Diagnostics

Overview
This document is for E-Series ExaScale E1200i and the E600i only and support begins with FTOS versions 8.1.1.0 and 8.1.1.2 respectively as denoted by the platform symbol ex. FTOS supports an extensive suite of protocol-specific debug commands for packet- and event-level debugging. These commands are described throughout this document. In addition, FTOS supports commands for diagnosing suspected hardware issues. This chapter contains the following sections: Diagnostics and Monitoring Commands Offline Diagnostic Commands (not supported in FTOS version 8.1.1.0) Hardware Commands

Diagnostics and Monitoring Commands

The diagnostics and monitoring commands are: dataplane-diag disable loopback dataplane-diag disable dfo-reporting dataplane-diag disable dfo-reporting diag sfm ip control-plane egress-filter-traffic logging coredump kernel disable logging coredump kernel disable logging coredump kernel server logging coredump linecard power-off/on sfm reset sfm show command-history show console show diag sfm

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1651

dataplane-diag disable loopback

show processes ipc show processes ipc flow-control show revision show tech-support

In addition to these debug commands, FTOS supports diagnostics, monitoring, and fault isolation commands to assist in gathering information.

Important Points to Remember

Unless otherwise noted, these commands are available on TeraScale systems only. The trace-log file captures failure information on most failure events. The RPM-SFM runtime loopback testfailure initiates an SFM walk. The system automatically places each SFM (in sequential order) in an offline state, runs the loopback test, and then places the SFM back in an active state. This continues until the system determines a working SFM combination. If no working combination is found, the system restores to the pre-walking SFM state If the line card runtime loopback test fails, the system does not launch an SFM walk.

Note: SFM walking assumes a chassis with the maximum number of SFMs in an
active state.

dataplane-diag disable loopback

ex
Syntax

Disable the runtime loopback test on the primary RPM and line cards. dataplane-diag disable loopback To re-enable, use the no dataplane-diag disable loopback command.

Defaults Command Modes Command History

Enabled CONFIGURATION
Version 8.1.1.2 Version 8.1.1.0 Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i Display the loopback test results

Related Commands

show diag sfm

1652

E-Series ExaScale Debugging and Diagnostics

dataplane-diag disable dfo-reporting

Usage Information

The runtime dataplane loopback test, by default, runs in the background. Every 10 seconds, the primary RPM and each line card sends packets through the SFMs and back again (loopback) to monitor the overall health status of the dataplane at a system level. This command disables that automatic runtime loopback test. Execute the show diag sfm command to view the diagnostics results.

Note: Only the Primary RPM can perform runtime dataplane loopback test.

Example

Figure 572 show diag sfm command Example

Force10#show diag sfm Switch Fabric Module Loopback Test: enabled SFM Walk-Through in Loopback Test: enabled SFM Bring-Down in Loopback Test: enabled Switch Fabric Module Loopback State: on -- Route Processor Modules -Slot Test Status Last Result Time Stamp -----------------------------------------------------0 off none 1 on pass Feb 16 2007 15:50:26 -- Line cards -Slot Test Status Last Result Time Stamp -----------------------------------------------------0 off none 1 off none 2 on pass Feb 16 2007 15:50:26 3 off none 4 on pass Feb 16 2007 15:50:26 5 off none 6 off none Force10#

dataplane-diag disable dfo-reporting

ex
Syntax

Disable the per-channel DFO (deskew FIFO overflow) reporting via event logging. dataplane-diag disable dfo-reporting To re-enable, use the no dataplane-diag disable dfo-reporting command.

Defaults Command Modes Command History

Enabled CONFIGURATION
Version 8.1.1.2 Version 8.1.1.0 Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

Usage Information

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1653

diag sfm

When a DFO error is detected, no automatic action is initiated by the system. The message issued is similar to:

%RPM1-P:CP %CHMGR-2-SFM_PCDFO: PCDFO error detected for SFM4

This command disables the per-channel DFO reporting.
Related Commands diag sfm show diag sfm Initiate a manual dataplane loopback test. Display the loopback test results

Note: This command is not supported on the E600i chassis.

diag sfm
ex
Syntax Parameters

Execute a manual dataplane loopback test. diag sfm all-loopback all-loopback

(OPTIONAL) Enter the keyword all-loopback to execute a dataplane loopback test from the RPMs and all line cards.

Defaults Command Modes Command History

No default behavior or value EXEC

Version 8.1.1.2 Version 8.1.1.0 Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

Usage Information

If the RPM-SFM or line card-SFM loopback test detects an SFM failure, an attempt is made to isolate a single faulty SFM by automatically walking the SFMs. For this failure case, error messages similar to the runtime loopback test error are generated. If the test passes when the switch fabric is down and there are at least (max-1) SFMs in the chassis, then the system will bring the switch fabric back up automatically. Like the runtime loopback test, the manual loopback test failure will not bring the switch fabric down.

Note: Line card-SFM loopback test failure, during the manual test, will trigger an SFM
walk.
Related Commands

reset sfm

Reset the SFM and bring it back online.

1654

E-Series ExaScale Debugging and Diagnostics

ip control-plane egress-filter-traffic

ip control-plane egress-filter-traffic
ex
Syntax

Apply Layer 3 egress ACLs to the CPU generated traffic. ip control-plane egress-filter-traffic To disable, use the no ip control-plane egress-filter-traffic command.

Defaults Command Modes Command History

Disabled CONFIGURATION
Version 8.1.1.2 Version 8.1.1.0 Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

Usage Information

CPU ACLs are useful for troubleshooting packet flow that has bypassed the hardware-based distributed forwarding path and is traveling directly to the RPM CPU. This command is useful in debugging the CPU originated control traffic. You can use the egress ACL with count option to verify if the control traffic sent by the CPU made it to the linecard egress or not. Using permit rules with the count option, you can track, on a per-flow basis, whether CPU-generated packets were transmitted successfully. In addition, you can block certain CPU-generated and soft-forwarded traffic. This feature also allows you to configure an extended ACL that matches ICMP packets using the count option, apply the ACL to an egress physical interface, and then ping through that interface to the remote device.

Note: Only Layer 3 traffic goes through the ACLi.e. BPDUs will not be captured.

logging coredump kernel disable

ex
Syntax

Disable kernel core-dump logging to the CORE_DUMP_DIR on the flash. [no] logging coredump kernel disable To re-enable kernel core-dump logging (return to the default), use the no logging coredump kernel disable command.

Defaults Command Modes Command History

Enabled (core-dump logging is enabled) CONFIGURATION

Version 8.1.1.2 Version 8.1.1.0 Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

Usage Information

By default, the kernel core-dump is enable and stored in the flash directory:

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1655

logging coredump kernel server Storage Directory Name: flash:CORE_DUMP_DIR Kernel core-dump naming convention is: f10rpProcessorID.kcore.gz For example: F10rp1.kcore.gz Application core-dump naming convention is: rpProcessorID _ApplicationName_timestamp.core.gz For example: rp1_ospf_060307172608.core.gz Multiple core-dumps Application core-dumps are timestamp embedded and are not overwritten by default. Manually delete the older core-dumps to allow more space on the flash. Kernel core-dumps are overwritten whenever there is a new core-dump.

Should a crash occur, the large crash kernel file may take more than ten minutes to upload and may require more space on the flash than is available. The HA module is aware of a core-dump in process and will wait until the upload is complete before rebooting the RPM.

Note: Application core-dumps are also automatically uploaded to flash. If there is not
enough available space for the kernel core-dump on the flash, the kernel upload will terminate.
Related Commands

logging coredump linecard logging coredump kernel server

Enable core-dump logging on line cards Save core-dump logging files to an alternate server

logging coredump kernel server

ex
Syntax

Designate the logging core-dump files to be saved to a remote server rather than flash. logging coredump kernel server To save the logging core-dump files to flash (the default), use the no logging coredump kernel server command.

Defaults Command Modes Command History

Saved on flash CONFIGURATION

Version 8.1.1.2 Version 8.1.1.0 Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i Enable core-dump logging on line cards Disable kernel core-dump logging

Related Commands

logging coredump linecard logging coredump kernel disable

1656

E-Series ExaScale Debugging and Diagnostics

logging coredump linecard

ex
Syntax

Enable line card core-dump logging on a specific line card or on all line cards. logging coredump linecard {slot_number [port-shutdown | no-port-shutdown] | all} To disable line card coredump logging, use the no logging coredump linecard [slot_number | all ] command.

Parameters

linecard slot number

Enter the keyword linecard followed by the slot number to enable core-dump logging line card details. Range: 0 to 13 on the E1200; 0 on 6 for E600/E600i, and 0 to 5 on the E300. Enter the keyword port-shutdown to configure the system to shutdown the physical interfaces during a software exception and the subsequent core dump. Enter the keyword no-port-shutdown to configure the system so that the physical interfaces remain up during a software exception and the subsequent core dump. This is an undo feature for the port-shutdown option. Enter the keyword linecard all to enable core-dump logging details on all line cards.

port-shutdown

no-port-shutdown

linecard all

Defaults Command Modes Command History

Disabled (core-dump logging is off) CONFIGURATION

Version 8.1.1.2 Version 8.1.1.0 Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

Usage Information

The line card core-dump is stored on flash in a directory: Storage Directory Name: flash:CORE_DUMP_DIR Line Card core-dump naming convention is: f10lpSlot_Number.core.gz For example: f10lp6.core.gz Multiple core-dumps If multiple line cards crash, the core-dump files will upload simultaneously. However, a second core-dump from the same line card slot will overwrite the first core-dump. During a line card core-dump, the line card interface remains up while the core-dump is being written to the directory. Use the port-shutdown option to shutdown the physical interfaces during the core dump, allowing for a failover to a backup system.
logging coredump kernel server logging coredump kernel disable Save core-dump logging files to an alternate server. Disable kernel core-dump logging.

Related Commands

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1657

power-off/on sfm

power-off/on sfm
ex
Syntax Parameters

Power on or off a specified SFM. power-{off | on} sfm slot-number

power-off power-on sfm slot-number Enter the keyword power-off to power off the SFM. Enter the keyword power-on to power on the SFM Enter the keyword sfm followed by the slot number of the SFM to power on/off. Range: 0 to 7

Defaults Command Modes Command History

No default values or behavior EXEC

Version 8.1.1.2 Version 8.1.1.0 Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

Usage Information

This command is used for diagnostic purposes to isolate and identify a failed SFM when troubleshooting issues related to the chassis dataplane.

Note: Execute this command only during an offline diagnostics; this command may
bring down the switch fabric. When there are a full set of SFMs online, powering down one SFM will reduce the total bandwidth supported by the chassis, and may affect data flow. A warning message is issued at the command line that requires user confirmation to proceed with the command.
Example

Figure 573 power-off sfm command with data traffic warning message
Force10#power-off sfm 0 SFM0 is active. Powering it off it might impact the data traffic. Proceed with power-off [confirm yes/no]:yes Feb 15 23:52:53: %RPM1-P:CP %CHMGR-2-MINOR_SFM: Minor alarm: only eight working SFM Force10#

Since this command is for diagnostic purposes, you can power off more than one SFM causing a switch fabric module to go down. A warning message is issued at the command line and requires user confirmation to proceed with the command.
Example

Figure 574 power-off sfm command with switch fabric down warning message
Force10#power-off sfm 1 WARNING!! SFM1 is active. Powering it off it will cause Switch Fabric to go down!! Proceed with power-off [confirm yes/no]:yes Feb 16 00:03:19: %RPM1-P:CP %TSM-6-SFM_SWITCHFAB_STATE: Switch Fabric: DOWN Feb 16 00:03:20: %RPM1-P:CP %CHMGR-0-MAJOR_SFM: Major alarm: Switch fabric down Force10#

Once the SFM is powered off, the SFM status indicates that the SFM has been powered off by the user. Use the show sfm all command to display the status.

1658

E-Series ExaScale Debugging and Diagnostics

show command-history

Example

Figure 575 show sfm all command Example

Force10#show sfm all Switch Fabric State: Switch Mode: SFM down (Not enough working SFMs)

-- Switch Fabric Modules -Slot Status --------------------------------------------------------------------------0 power off (SFM powered off by user) 1 power off (SFM powered off by user) 2 power off (SFM powered off by user) 3 active 4 active 5 active Force10#

Related Commands

show sfm

Display the current SFM status.

show command-history
ex
Syntax Parameters

Display the trace command history log. show command-history line number line number
(OPTIONAL) Enter the number of the most recent command history lines (commands). For example, if you want to view the most recent ten command, enter the number 10.

Defaults Command Modes Command History

No default behaviors or values EXEC

Version 8.1.1.2 Version 8.1.1.0 Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1659

show console

Example

Figure 576 show command-history

orce10#show command-history 15 [1/15 14:59:27]: CMD-(CLI):[enable]by default from console [1/15 15:9:15]: CMD-(CLI):[show linecard all]by default from console [1/15 15:9:28]: CMD-(CLI):[interface gigabitethernet 12/0]by default from console [1/15 15:11:51]: CMD-(CLI):[show startup-config]by default from console [1/15 15:24:24]: CMD-(TEL46):[enable]by admin from vty0 (peer RPM) [1/15 15:24:39]: CMD-(TEL46):[show version]by admin from vty0 (peer RPM) [1/15 15:25:23]: CMD-(TEL46):[show interfaces managementethernet 1]by admin from vty0 (peer RPM) [1/15 15:25:45]: CMD-(CLI):[configure]by default from console - Repeated 1 time. [1/15 15:25:56]: CMD-(CLI):[username mari password ******]by default from console [1/15 15:26:33]: CMD-(CLI):[configure]by default from console - Repeated 1 time. [1/15 15:26:47]: CMD-(CLI):[ip ssh server enable]by default from console [1/15 15:26:59]: CMD-(SSH47):[enable]by mari from vty0 (10.11.9.207) [1/15 15:27:8]: CMD-(SSH47):[show command-history 15]by mari from vty0 (10.11.9.207) Force10#

Usage Information

The command history output includes:

[username name passwored *******] when the command is executed via telnet

[by default from console] when the command is executed via console [by admin from vty0 (peer RPM)] with brackets, when the command is executed to primary rpm via standby rpm using telnet-peer-rpm command.

Each command contains up to 50 characters in the display output. FTOS compares the first 50 characters of each command and if the characters are the same (i.e. the same command was issued), then the display output indicates the duplicate entry with Repeated X times . All commands executed by all users, except password related commands, are captured in the trace command history log. Each command has a date and time stamp. The trace-log file has a separate 3000 line buffer to hold command history on a FIFO basis. When the buffer is full, the contents wraps (i.e. the first line is automatically deleted to make room for the last command line).This file can be analyzed by the Force10 Technical Assistance Center (TAC) to assist in troubleshooting.

Note: No password information is saved to the trace command history log.

show console
ex
Syntax Parameters

Display, onto the console, background resets, calls, initialization etc. of the designated line card. show console lp slot-number lp slot-number
(OPTIONAL) Enter the keyword lp and the slot number to view information on the line-card processor in that slot. Range: 0 to 13 on a E1200, 0 to 6 on a E600/E600i, and 0 to 5 on a E300.

1660

E-Series ExaScale Debugging and Diagnostics

reset sfm

Defaults Command Modes Command History

No default behavior or values EXEC Privilege

Version 8.1.1.2 Version 8.1.1.0 Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

Example

Figure 577 show console lp 0 command Example

Force10#show console lp MINI FIFO CONTROL = MINI FIFO RPM POINTER = MINI FIFO CPU POINTER = Default case. type = 5 frrpaProcessIfmNotif(): frrpaProcessIfmNotif(): frrpaProcessIfmNotif(): frrpaProcessIfmNotif(): frrpaProcessIfmNotif(): frrpaProcessIfmNotif(): frrpaProcessIfmNotif(): frrpaProcessIfmNotif(): frrpaProcessIfmNotif(): frrpaProcessIfmNotif(): frrpaProcessIfmNotif(): frrpaProcessIfmNotif(): Force10# 0 0x0a 0x000 0xb0b Default Default Default Default Default Default Default Default Default Default Default Default case. case. case. case. case. case. case. case. case. case. case. case. type type type type type type type type type type type type = = = = = = = = = = = = 69 69 70 5 5 5 5 5 11 5 5 11

reset sfm
ex
Syntax Parameters

Reset a specific SFM module (power-off and then power-on). reset sfm slot-number slot-number
Enter the slot number of the SFM to reset. Range: 0 to 7

Defaults Command Modes Command History Usage Information

No default values or behavior EXEC

Version 8.1.1.0 Introduced on E-Series ExaScale

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1661

show diag sfm

Example

Figure 578 reset sfm error message

Force10#reset sfm 0 SFM0 is active. Resetting it might temporarily impact data traffic. Proceed with reset [confirm yes/no]:yes Feb 16 00:39:30: %RPM1-P:CP %TSM-5-SFM_DISCOVERY: Found SFM 0 Force10#

This command does not permit resetting any SFM when the system has (max-1) SFM and switch fabric is up).
Example

Figure 579 reset sfm Command Example

Force10#Force10#reset sfm 1 % Error: SFM1 is active. Resetting it will impact data traffic. Force10#

Note: Resetting an SFM in a power-off state is not permitted. Use the command
power-on sfm to bring the SFM back to a power-on state.
Related Commands

power-off/on sfm

Power on/off an SFM

show diag sfm

ex
Syntax Defaults Command Modes Command History

Display the results and status of the last chassis runtime/onetime loopback test. show diag sfm No default values or behavior EXEC
Version 8.1.1.2 Version 8.1.1.0 Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

1662

E-Series ExaScale Debugging and Diagnostics

show processes ipc

Example

Figure 580 show diag sfm command Example

Force10#show diag sfm Switch Fabric Module Loopback Test: SFM Walk-Through in Loopback Test: SFM Bring-Down in Loopback Test: Switch Fabric Module Loopback State: enabled enabled enabled on

-- Route Processor Modules -Slot Test Status Last Result Time Stamp -----------------------------------------------------0 on pass Mar 26 2007 12:41:56 1 off none -- Line cards -Slot Test Status Last Result Time Stamp -----------------------------------------------------0 off none 1 off none 2 on pass Mar 26 2007 12:41:56 3 off none 4 off none 5 off none 6 off none 7 off none 8 off none 9 off none 10 off none 11 on pass Mar 26 2007 12:41:56 12 off none 13 off none Force10#

show processes ipc

ex
Syntax Parameters

Display IPC messaging used internally between FTOS processes. show processes ipc [recv-stats | send-stats] [cp | rp1 | rp2 | lp linecard-number]
recv-stats send-stats cp rp1 rp2 lp linecard-number (OPTIONAL) Enter the keyword recv-stat to display the receiver-side details of the IPC messages. (OPTIONAL) Enter the keyword send-stats to display the sender-side details of the IPC messages. (OPTIONAL) Enter the keyword cp to view the Control Processors swpq statistics. (OPTIONAL) Enter the keyword rp1 to view the Control Processors swpq statistics on Route Processor 1. (OPTIONAL) Enter the keyword rp2 to view the Control Processors swpq statistics on Route Processor 2. (OPTIONAL) Enter the keyword lp followed by the line card number to view the Control Processors swpq statistics on the specified line card.

Defaults Command Modes

No default values or behavior EXEC

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1663

show processes ipc flow-control

EXEC Privilege
Command History Version 8.1.1.2 Version 8.1.1.0 Example Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

Figure 581 show processes ipc recv-stats Command Example

Force10#show processes ipc recv-stats lp 0 IPC Receive Statistics on LP 0 Memory Used by Recv DB on this processor: 6825992 bytes SeqNo - Last successfull Guaranteed IPC Pkt Seq No delivered from source to destination HiWtmk - Highest socket watermark reached for destination M-SkSize - Max socket size of destination NonG-Rcvd - No of non-guaranteed IPC pkts received Pri-Dr - Priority drops done for non-guaranteed pkts due to socket almost-full condition SkFull-Dr - Any IPC packet dropped because of socket full condition Source-> TME: 0 -> TME: 3 -> IPC: 0 -> IPC: 3 -> CLI: 0 -> Force10# Destination TME: 3 LCMGR: 0 IPC: 3 TME: 3 SYSADMTSK: 3 SeqNo HiWtmk(%) 0 0 0 0 37557 0 16215 0 11483 0 M-SkSize 41600 41600 41600 41600 41600 NonG-Rcvd 1 1 6376 0 0 Pri-Dr 0 0 0 0 0 SkFull-Dr 0 0 0 0 0

Example

Figure 582 show processes ipc send-stats Command Example

Force10#show processes ipc send-stats IPC Send Statistics on CP Memory Used by Send DB on this processor: 2303000 bytes SeqNo - Last sent guaranteed IPC pkt sequence no from this source to destination Success - No of successfull guaranteed IPC packets sent from source to destination 1st-R - No of first retry attempts 2nd-R - No of second retry attempts Fails - No of guaranteed IPC pkts that could not be transmitted RTT(ms) - Avg. Round Trip time for guaranteed IPC packets in millisecs NonG-S - No of non-guaranteed IPC pkts succesfully sent. This does not include those sent by SWP NonG-F - No of non-guaranteed IPC pkt transmission failures SWP-S - No of non-guaranteed SWP IPC pkts succesfully sent SWP-F - No of non-guaranteed SWP IPC pkt transmission failures Source-> TME: 0 -> Force10# Destination TME: 1 SeqNo 15868 Success 1 1st-R 0 2nd-R 0 Fails 0 RTT(ms) NonG-S 1 0 NonG-F 0 SWP-S 0 SWP-F 0

Usage Information

These commands should be used only when you are working directly with Force10 TAC (Technical Assistance Center) while troubleshooting a problem.

show processes ipc flow-control

ex
Syntax

Display the Single Window Protocol Queue (swpq) statistics. show processes ipc flow-control [cp | rp1 | rp2 | lp linecard-number]

1664

E-Series ExaScale Debugging and Diagnostics

show processes ipc flow-control

Parameters

cp rp1 rp2 lp linecard-number

(OPTIONAL) Enter the keyword cp to view the Control Processors swpq statistics. (OPTIONAL) Enter the keyword rp1 to view the Control Processors swpq statistics on Route Processor 1. (OPTIONAL) Enter the keyword rp2 to view the Control Processors swpq statistics on Route Processor 2. (OPTIONAL) Enter the keyword lp followed by the line card number to view the Control Processors swpq statistics on the specified line card.

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

Example

Figure 583 show processes ipc flow-control rp Command Example

Example

Figure 584 show processes ipc flow-control lp Command Example

. Table 160 show processes ipc flow-control Display Definitions Field

TxProcess RxProcess Cur Len

Description
Sender Process Receiver Process The number of messages, in the sender process, waiting to be sent to the receiver process

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1665

show revision

Table 160 show processes ipc flow-control Display Definitions Field

High Mark Time Out Retries Msg Sent Ack Rcvd Aval Retrans

Description
The maximum number of accumulated messages (over the life of the queue), in the sender process, waiting to be sent out to the receiver process The time period the sender process waits for acknowledgement from the receiver process before attempting to resend the queued messages The number of successive attempts (retries) the sender process will make to send the messages to the receiver process The accumulated number of messages sent between the sender and receiver processes from the time the queue was created. The number of acknowledgements received from the receiver process The current number of attempts, for retransmission, available in the event an acknowledgement is not received. This value decrements on every retry and may fall below the initial value, of "Max Retrans" to zero, in case the receiver is not responding. This count is reset dynamically to Max Retrans value in case the queue starts to function after experiencing some acknowledgement loss The max number of retransmission attempts configured for a sender - receiver pair

Max Retrans

Usage Information

The Single Window Protocol (SWP) provides flow-control-based reliable communication between the sending and receiving software tasks.

Important Points to Remember

A sending task enqueues messages into the SWP queue3 for a receiving task and waits for an acknowledgement. If no response is received within a period of time, the SWP time-out mechanism re-submits the message at the head of the FIFO queue. After retrying several times, the following time-out message is generated:

SWP-2-NOMORETIMEOUT
In the display, a retry (Retries) value of zero indicates that the SWP mechanism reached the maximum number of retransmissions without an acknowledgement.

show revision
ex
Syntax Defaults Command Modes Command History

Display revision numbers of all line card, RPM, and SFM components. show revision No default behavior or value EXEC Privilege
Version 8.1.1.2 Version 8.1.1.0 Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

1666

E-Series ExaScale Debugging and Diagnostics

show tech-support

Example

Figure 585 show revision command Example (partial)

Force10#show revision -- RPM 0 panda bedrock helio tabby willow -: : : : : ASIC - 0x72632000 0x34 0x13 0x7 0x13

-- Line card 0 -lc pic 0 : 1.0 lc pic 1 : 1.0 marvel serdes : 0x0 aquarius : 0x15 galle : 0x11 lynx : 0x7 mini : 0x22 pandora : 0xd -- Line card 1 -lc pic 0 : 1.1 lc pic 1 : 1.1 marvel serdes : 0xcd4 aquarius : 0x15 galle : 0x11 lynx : 0x7 mini : 0x25 pandora : 0x9 -- SFM 0 -simba : 0x1 faith : 0xc -- SFM 1 -simba : 0x1 faith : 0xc -- SFM 2 -simba : 0x1 faith : 0xc -- SFM 3 -simba : 0x1 faith : 0xc -- SFM 4 -simba : 0x1 faith : 0xc

show tech-support
ex
Syntax Parameters

Display the necessary information for the Force10 Networks Technical Assistance Center to assist and perform troubleshooting. show tech-support [page] page
(OPTIONAL) Enter the keyword page to view 24 lines of text at a time. Press the SPACE BAR to view the next 24 lines. Press the ENTER key to view the next line of text.

Command Modes

EXEC Privilege

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1667

show tech-support

Command History

Version 8.1.1.2 Version 8.1.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

Usage Information

The display output is an accumulation of the same information that is displayed when you execute one of the following show commands: show show show show show show show show show show show show show show show show show show cam-profile cam-ipv4flow chassis clock environment file-system interface inventory ip management-route ip protocols ip route summary processes cpu processes memory redundancy rpm running-conf sfm version

Without the page option, the command output is continuous, use CNTL-z to interrupt the command output.

1668

E-Series ExaScale Debugging and Diagnostics

show tech-support

Example

Figure 586 partial output of the show tech-support Command Example

Force10#show tech-support ----------------------------------- show version ------------------------------Force10 Networks Real Time Operating System Software System image file is "flash://FTOS-EF-6.5.4.1.bin" Chassis Type: E600 Control Processor: IBM PowerPC 750FX (Rev D2.2) with 536870912 bytes of memory. Route Processor 1: IBM PowerPC 750FX (Rev D2.2) with 1073741824 bytes of memory. Route Processor 2: IBM PowerPC 750FX (Rev D2.2) with 1073741824 bytes of memory. 128K bytes of non-volatile configuration memory. 1 Route Processor Module 9 Switch Fabric Module 1 48-port GE line card with SFP optics (EF) 1 4-port 10GE LAN/WAN PHY line card with XFP optics (EF) 1 48-port 10/100/1000Base-T line card with RJ-45 interfaces (EF) 1 FastEthernet/IEEE 802.3 interface(s) 96 GigabitEthernet/IEEE 802.3 interface(s) 4 Ten GigabitEthernet/IEEE 802.3 interface(s) ------------------------------------ show clock ------------------------------18:23:19.799 UTC Fri Mar 16 2007 ----------------------------------- show HA information ----------------------- RPM Status ------------------------------------------------RPM Slot ID: 0 RPM Redundancy Role: Primary RPM State: Active RPM SW Version: 7.4.1.1 Link to Peer: Down Peer RPM: not present -- RPM Redundancy Configuration ------------------------------------------------Primary RPM: rpm0 Auto Data Sync: Full Failover Type: Hot Failover Auto reboot RPM: Disabled Auto failover limit: 3 times in 60 minutes -- RPM Failover Record ------------------------------------------------Failover Count: 0 Last failover timestamp: None Last failover Reason: None ----------------------------------- show running-config -----------------------Current Configuration ... ! Version 6.5.4.1 ! boot system rpm0 primary flash://FTOS-EF-6.5.4.1.bin boot system rpm0 secondary flash://FTOS-EF-6.5.4.1.bin boot system rpm0 default flash://FTOS-EF-6.5.4.1.bin ! redundancy auto-failover-limit count 3 period 60 redundancy auto-synchronize full redundancy disable-auto-reboot rpm redundancy primary rpm0 ! hostname E600-TAC-3 ! cam-ipv4flow multicast-fib 9 pbr 1 qos 8 system-flow 5 trace-list 1 ! ...

Related Commands

show version show linecard

Display the FTOS version. Display the line card(s) status.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1669

diag linecard

show environment (C-Series and E-Series) show processes memory (C-Series and E-Series)

Display system component status. Display memory usage based on running processes.

Offline Diagnostic Commands

Offline diagnostics are not supported in FTOS version 8.1.1.0.
The offline diagnostics test suite is useful for isolating faults and debugging hardware. The tests results are written to a file in flash memory and can be displayed on screen. Detailed statistics for all tests are collected. These statistics include: last execution time first test pass time and last test pass time first test failure time and last test failure time total run count total failure count consecutive failure count error code

The offline diagnostics commands are: diag linecard offline online show diag

diag linecard
Not supported in FTOS version 8.1.1.0 ex
Syntax

Run offline diagnostics on a line card(s). diag linecard number {alllevels | level0 | level1 | level2} | {terminate} To terminate the offline diagnostics, use the diag linecard number terminate command.

Parameters

number
alllevels level0

1670

E-Series ExaScale Debugging and Diagnostics

offline

level1

Enter the keyword Level1 to verify that the devices are accessible via the designated paths (line integrity tests) and test the internal registers of the devices. Enter the keyword level2 to perform on-board loopback tests on various data paths (data Port-Pipe and Ethernet). Enter the keyword terminate to stop the offline diagnostics tests.

level2 terminate Defaults Command Modes

All Levels (alllevels) EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

offline
Not supported in FTOS version 8.1.1.0 ex
Syntax Parameters

Place a line card in an offline state. offline {linecard number }

linecard number Enter the keyword linecard followed by the line card slot number. Range: 0 to 13 on a E1200, 0 to 6 on a E600, and 0 to 5 on a E300.

Defaults Command Mode

No default behavior or values EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

online
Not supported in FTOS version 8.1.1.0 ex
Syntax

Place a line card in an online state. online {linecard number | rpm number}

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1671

show diag

Parameters

linecard number

Enter the keyword linecard followed by the line card slot number. Range: 0 to 13 on a E1200, 0 to 6 on a E600, and 0 to 5 on a E300.

Defaults Command Mode

No default behavior or values EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

show diag
Not supported in FTOS version 8.1.1.0 ex
Syntax Parameters

Display current diagnostics information. show diag {information} [linecard number [detail | periodic | summary]]
information linecard number Enter the keyword information to view current diagnostics information in the system. (OPTIONAL) Enter the keyword linecard followed by the line card slot number. Range: 0 to 13 on a E1200, 0 to 6 on a E600, and 0 to 5 on a E300. (OPTIONAL) Enter the keyword detail to view detailed diagnostics information. (OPTIONAL) Enter the keyword periodic to display diagnostics results periodically. (OPTIONAL) Enter the keyword summary to view a summary of the diagnostics information.

detail periodic summary

Defaults Command Mode

summary EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

1672

E-Series ExaScale Debugging and Diagnostics

clear hardware btm

Hardware Commands
These commands display information from a hardware sub-component or ASIC. Warning: These commands should be used only when you are working directly with Force10 TAC (Technical Assistance Center) while troubleshooting a problem. Do not use these command without the assistance of a Force10 TAC representative. To contact Force10 TAC for assistance:
E-mail Direct Support: [email protected] Web: www.force10networks.com/support/ Telephone support: US and Canada customers: 866-965-5800 International customers: 408-965-5800

The commands are: clear hardware btm clear hardware rpm mac counters hardware monitor linecard hardware monitor mac hardware watchdog show control-traffic show control-traffic ingress | egress show control-traffic linecard show control-traffic rpm-switch show cpu-interface-stats show hardware btm show hardware fpc forward show hardware fpc lookup detail show hardware rpm mac counters show interfaces link-status show interfaces phy show interfaces transceiver show ipc-traffic show ipc-traffic ingress | egress show ipc-traffic linecard show ipc-traffic rpm-switch show logging driverlog

clear hardware btm

ex
Syntax

Clear the Buffer Traffic Manager (BTM) error counters and status registers. clear hardware {rpm | linecard} number port-set pipe-number btm {egress | ingress | all} {errors | status}

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1673

clear hardware rpm mac counters

Parameters

rpm linecard number

Enter the keyword rpm to clear BTM error counters or status registers on the RPM. Enter the keyword linecard followed by the line card slot number to clear BTM error counters or status registers on the specified line card. Range: 0 to 13 on a E1200, 0 to 6 on a E600/E600i, and 0 to 5 on an E300 Enter the keyword port-set followed by the number of the line card or RPMs Port-Pipe. Range: 0 to 1 (OPTIONAL) Enter the keywords egress errors or egress status to clear egress BTM error counters or ingress BTM status registers. (OPTIONAL) Enter the keywords ingress errors or ingress status to clear ingress BTM error counters or ingress BTM status registers. (OPTIONAL) Enter the keywords all errors or all status to clear both egress and ingress BTM error counters and status registers.

port-set pipe-number

egress errors | status

ingress errors | status

all errors | status

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

Example
Force10#clear hardware linecard 2 port-set 0 btm ingress errors Force10#clear hardware rpm 1 port-set 0 btm ingress errors Force10#clear hardware rpm 0 port-set 0 btm ingress errors % Error: RPM 0 is not active. Force10#

Related Commands

show hardware btm

Display the BTM counters

clear hardware rpm mac counters

ex
Syntax Parameters

Clear the MAC counters for the party-bus control switch on the IPC subsystem of the RPM. clear hardware rpm slot-number mac counters slot-number
Enter the RPM slot number. Range: 0 -1

Defaults

No default behavior or values

1674

E-Series ExaScale Debugging and Diagnostics

hardware monitor linecard

Command Mode

EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

hardware monitor linecard

ex
Syntax

Configure the system to take an action upon a line card hardware error. hardware monitor linecard asic {btm | fpc} action-on-error {card-problem | card-reset | card-shutdown} btm fpc card-problem card-reset card-shutdown
Enter the keyword btm to configure the system to take an action upon a Buffer Traffic Manager hardware error. Enter the keyword fpc to configure the system to take an action upon a Flexible Packet Classifier hardware error. Enter the keyword card-problem to place a line card in a card-problem state upon a hardware error. Enter the keyword card-reset to reset a line card upon a hardware error. Enter the keyword card-shutdown to shutdown a line card upon a hardware error.

Parameters

Defaults Command Mode Command History

None CONFIGURATION
Version 8.1.1.2 Version 8.1.1.0 Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

hardware monitor mac

ex
Syntax Defaults Command Mode

Configure the system to shut down all ports on a line card upon a MAC hardware error. hardware monitor mac action-on-error port-shutdown None CONFIGURATION

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1675

hardware watchdog

Command History

Version 8.1.1.2 Version 8.1.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

hardware watchdog
ex
Syntax Defaults Command Mode Command History

Set the watchdog timer to trigger a reboot and restart the system. hardware watchdog Disabled CONFIGURATION
Version 8.1.1.2 Version 8.1.1.0 Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

show control-traffic
ex
Syntax Parameters

Show information related to CP, RP1 or RP2, and ACL-FPGA related control traffic. show control-traffic rpm [0-1] {cp | rp1 | rp2 | acl-fpga} {counters | statistics}
cp rp1 rp2 acl-fpga Enter the keyword cp to view IPC information on the CPs counters or statisticsh. Enter the keyword rp1 to display the RP1's control counters or statistics Enter the keyword rp2 to display the RP2s controlcounters or statistics. Enter the keyword acl-fpga to display the counters for packets transmitted through acl-fpga.

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

1676

E-Series ExaScale Debugging and Diagnostics

show control-traffic ingress | egress

ex
Syntax Parameters

Display information related to packet drops and counters for ingress or egress IPC traffic. show control-traffic rpm [0-1] {ingress| egress} {counters | drops }
ingress egress counters drops Enter the keyword ingress to view control information on the ingress (LC-to-RPM) path. Enter the keyword egress to view control information on the egress (RPM-to-LC) path. (OPTIONAL) Enter the keyword counters to display the control counters. (OPTIONAL) Enter the keyword drops to display control drop-related error counters.

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

show control-traffic linecard

ex
Syntax Parameters

Display information relating to packet counts for the selected linecards control traffic. show control-traffic rpm [0-1] linecard # {lc-switch counters | lc-port counters} linecard counters lc-switch lc-port
Enter the keyword linecard <0-to display the RPM Switchs control related information. (OPTIONAL) Enter the keyword counters to display the control counters. (OPTIONAL) Enter the keyword lc-switch to display the counter information for the LC-Switch. (OPTIONAL) Enter the keyword lc-port to display information for the LC-port.

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1677

show control-traffic rpm-switch

ex
Syntax

Display information relating to packet counts for the RPM Switchscontrol traffic. show control-traffic rpm [0-1] rpm-switch {counters | configuration | qos-counters | qos-configuration | cp-port | rp1-port | rp2-port | lc-switch # | Peer-RPM} {counters | configuration | qos-counters | qos-configuration} rpm-switch counters drops configuration qos-counters qos-cofiguration cp-port rp1-port rp2-port lc-switch peer-rpm
Enter the keyword rpm-switch to display the RPM Switchs control related information. (OPTIONAL) Enter the keyword counters to display the control counters. (OPTIONAL) Enter the keyword drops to display control drop-related error counters. (OPTIONAL) Enter the keyword configuration to display the RP-Switch related control configuration. (OPTIONAL) Enter the keyword qos-counters to display the RP-Switch qos-counters.. (OPTIONAL) Enter the keyword qos-configuration to display the RP-Switch qos-configuration. (OPTIONAL) Enter the keyword cp-port to display the RP-Switch information for the CP port. (OPTIONAL) Enter the keyword rp1-port to display the RP-Switch information for the RP1 port. (OPTIONAL) Enter the keyword rp2-port to display the RP-Switch information for the CRP2 port. (OPTIONAL) Enter the keyword lc-switch to display the counter information for the LC-Switch. (OPTIONAL) Enter the keyword peer-rpm to display information for the peer RPM.

Parameters

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

show cpu-interface-stats
ex
The command provides an immediate snapshot of the health of the internal RPM and line card CPU. Generally this command is used in concert with Force10 Networks Technical Support engineers. show cpu-interface-stats {cp | lp | rp1 | rp2} E-Series ExaScale Debugging and Diagnostics

Syntax

1678

show cpu-interface-stats

Parameters

cp lp rp1 rp2

Enter the keyword cp to display the CP's interface statistics. Enter the keyword lp to display the LP's interface statistics Enter the keyword rp1 to display the RP1's interface statistics Enter the keyword rp2 to display the RP2s interface statistics.

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

Example

Figure 587 show cpu-interface-stats lp Command Example

Force10#show cpu-interface-stats lp 1 -- Dataplane PP1 interface statistics -Link state : Up Recv Interrupts/Polls: 0 Recv Packets : 9807 Transmit Recv Desc Error : 0 Transmit Recv Out of Mem : 0 Transmit Recv Upper Layer Full: 0 Transmit Recv Other Error : 0 Transmit Recv Restarts : 0 Recv Restarts Fatal : 0 -- Dataplane PP0 interface statistics -Link state : Up Recv Interrupts/Polls: 0 Recv Packets : 9807 Transmit Recv Desc Error : 0 Transmit Recv Out of Mem : 0 Transmit Recv Upper Layer Full: 0 Transmit Recv Other Error : 0 Transmit Recv Restarts : 0 Recv Restarts Fatal : 0 -- Partybus RPM0 interface statistics -Link state : Up Recv Interrupts/Polls: 0 Recv Packets : 171611 Transmit Recv Desc Error : 0 Transmit Recv Out of Mem : 0 Transmit Recv Upper Layer Full: 0 Transmit Recv Other Error : 0 Transmit Recv Restarts : 0 Recv Restarts Fatal : 0 -- Partybus RPM1 interface statistics -Link state : Up Recv Interrupts/Polls: 0 Recv Packets : 0 Transmit Recv Desc Error : 0 Transmit Recv Out of Mem : 0 Transmit Recv Upper Layer Full: 0 Transmit Recv Other Error : 0 Transmit Recv Restarts : 0 Recv Restarts Fatal : 0 Force10#

Packets : Desc Error : Out of Mem : Pause Pkts : Other Error:

9808 0 0 0 0

Packets : Desc Error : Out of Mem : Pause Pkts : Other Error:

9807 0 0 0 0

Packets : Desc Error : Out of Mem : Pause Pkts : Other Error:

329859 0 0 0 0

Packets : Desc Error : Out of Mem : Pause Pkts : Other Error:

0 0 0 0 0

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1679

show hardware btm

Example

Figure 588 show cpu-interface-stats cp command Example (Partial)

show hardware btm

ex
Syntax

Display the Buffer Traffic Manager (BTM) error counters, status registers, or packet queue. show hardware {rpm | linecard} number port-set pipe-number btm {egress | ingress | all} {errors | status | queues} {register starting-value [number_of_registers]}

1680

E-Series ExaScale Debugging and Diagnostics

show hardware btm

Parameters

rpm linecard number

Enter the keyword rpm to display RPM error counters, status registers, or packet queue from the BTM. Enter the keyword linecard followed by the line card slot number to display BTM error counters, status registers, or packet queue on the specified line card. Range: 0 to 13 on a E1200, 0 to 6 on a E600/E600i, and 0 to 5 on an E300 Enter the keyword port-set followed by the number of the line cards Port-Pipe. Range: 0 to 1 (OPTIONAL) Enter the keywords egress errors, egress status, or egress queues to view egress BTM error counters, status registers, or packet queue. (OPTIONAL) Enter the keywords ingress errors, ingress status, or ingress queues to view ingress BTM error counters, status registers, or packet queue. (OPTIONAL) Enter the keywords all errors, all status, or all queues to view all BTM error counters, status registers, or packet queue Enter the keyword register followed by the starting value of the register to read from. Range: 0 to 16777212 Optionally, enter the number of registers to read from. If no value is specified, only one line is displayed. Range: 1 to 512

port-set pipe-number

[number_of_registers]

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

Example
Force10#show hardware linecard 1 port-set 2 btm all errors Output for portpipe 0 Ingress PC_SPI4_BADPORT_CNTR [0x000230] = 16777216 PC_SPI4_EOP_ABORT_CNTR [0x000234] = 33554432 PC_SPI4_MISS_SOP_CNTR [0x00238] = 50331648 Output for portpipe 0 Egress FC_BAD_CRC_ERR_CNTR [0x000250] = 150994944 Force10#

Related Commands

clear hardware btm

Clear the btm counters

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1681

show hardware fpc forward

ex
Syntax

Display receive and transmit counters, error counters and status registers for the forwarding functional area of the FPC (flexible packet classification engine). show hardware linecard number port-set pipe-number fpc forward {counters | drops | spi {err-counters | spichannel# counters} | status}
linecard number port-set pipe-number Enter the keyword linecard followed by the line card slot number. Range: 0 to 13 on E1200, 0 to 6 on E600/E600i, and 0 to 5 on E300 Enter the keyword port-set followed by the number of the line cards Port-Pipe. Range: 0 to 1 (OPTIONAL) Enter the keyword counters to display the FPC receive and transmit packet, byte counters, and error counters. (OPTIONAL) Enter the keyword drops to display FPC drop-related error counters. (OPTIONAL) Enter the keywords spi err-counters to display the FPC System Packet Interface (SPI) receive and transmit packet, byte counters, error counters, and key status registers on the ingress and egress paths. (OPTIONAL) Enter the keywords spi spichannel# counters to display the FPC System Packet Interface level 4 (SPI4) counters. (OPTIONAL) Enter the keywords status to display FPC status registers.

Parameters

counters drops spi err-counters

spi spichannel# counters status

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

1682

E-Series ExaScale Debugging and Diagnostics

show hardware fpc forward

Example

Figure 589 show hardware fpc forward drops Command Example

Force10#show hardware linecard 4 port-set 0 fpc forward drops SPI 0 ICMP Drops : 0x0 ACL Drops : 0x0 IBC_DROP : 0 EBC_DROP : 0 IFA_DROP_CNT : 0 EFA_DROP_CNT : 0 CMB_IC_DROP : 0 CMB_LG_DROP : 0 CMB_SF_DROP : 0 CMB_IPM_DROP : 0 CMB_OPM_DROP : 0 SPI 1 ICMP Drops : 0x0 ACL Drops : 0x0 IBC_DROP : 0 EBC_DROP : 0 IFA_DROP_CNT : 0 EFA_DROP_CNT : 0 CMB_IC_DROP : 0 CMB_LG_DROP : 0 CMB_SF_DROP : 0 CMB_IPM_DROP : 0 CMB_OPM_DROP : 0 Force10#

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1683

show hardware fpc forward

Example

Figure 590 show hardware fpc forward counters Command Example

Force10#show hardware linecard 4 port-set 0 fpc forward counters Portpipe 0 Ingress Counters SPI 0 SPI4_ABORT : 0 MAC_2_T2_DIP2 : 0 MAC_2_T2_DIP4 : 0 SPI4_LOSS_CNT : 0 MAC_2_T2_RX_PKT_COUNTER_CRC : 0 MAC_2_T2_RX_PKT_COUNTER_LO : 0 MAC_2_T2_RX_PKT_COUNTER_HI : 0 IBC_DROP : 0 IFA_TX_PKT_LO : 0 IFA_TX_PKT_HI : 0 Egress Counters SPI 0 SPI4_ABORT : 0 C2_TO_T2_DIP2 : 0 C2_TO_T2_DIP4 : 0 SPI4_LOSS_CNT1 : 0 C2_TO_T2_RX_PKT_COUNTER_CRC : 0 C2_TO_T2_RX_PKT_COUNTER_LO : 0 C2_TO_T2_RX_PKT_COUNTER_HI : 0 EBC_DROP : 0 EFA_TX_PKT_LO : 0 EFA_TX_PKT_HI : 0 EGRESS_DROP_COUNT : 0 CMB_IC_DROP : 0 CMB_LG_DROP : 0 CMB_SF_DROP : 0 CMB_IPM_DROP : 0 CMB_OPM_DROP : 0 Portpipe 0 Ingress Counters SPI4_ABORT MAC_2_T2_DIP2 MAC_2_T2_DIP4 SPI4_LOSS_CNT MAC_2_T2_RX_PKT_COUNTER_CRC MAC_2_T2_RX_PKT_COUNTER_LO MAC_2_T2_RX_PKT_COUNTER_HI IBC_DROP IFA_TX_PKT_LO IFA_TX_PKT_HI Egress Counters SPI4_ABORT C2_TO_T2_DIP2 C2_TO_T2_DIP4 SPI4_LOSS_CNT1 C2_TO_T2_RX_PKT_COUNTER_CRC C2_TO_T2_RX_PKT_COUNTER_LO C2_TO_T2_RX_PKT_COUNTER_HI EBC_DROP EFA_TX_PKT_LO EFA_TX_PKT_HI EGRESS_DROP_COUNT CMB_IC_DROP : 0 CMB_LG_DROP : 0 CMB_SF_DROP : 0 CMB_IPM_DROP : 0 CMB_OPM_DROP : 0 Force10#

SPI 1 : 0 : 0 : 0 : 0 : 0 : 0 : 0 : 0 : 0 : 0 SPI 1 : 0 : 0 : 0 : 0 : 0 : 0 : 0 : 0 : 0 : 0 : 0

Related Commands

show hardware fpc lookup detail

Display fpc lookup information.

1684

E-Series ExaScale Debugging and Diagnostics

show hardware fpc lookup detail

ex
Syntax Parameters

Display diagnostic and debug information related to the lookup functional area of the Flexible Packet Classification (FPC). show hardware linecard number port-set pipe-number fpc lookup detail
linecard number Enter the keyword linecard followed by the line card slot number. Range: 0 to 13 on a E1200, 0 to 6 on a E600/E600i, and 0 to 5 on an E300 Enter the keyword port-set followed by the number of the line cards Port-Pipe. Range: 0 to 1

port-set pipe-number

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1685

show hardware fpc lookup detail

Example
Force10#show hardware linecard 0 port-set 0 fpc lookup detailed Summary of Error Registers ------- -- ----- --------0 Counters Enabled : Cyclone 1.5 ChassisMap Cyclone 1.5 MixedMode T2L party Status partyType ---------: 0x00000000 : 0x00000000 : No Errors ErrorCount ----------

Summary of Last 16 CamSearches ========================================================= I CamKey P T R P E N n a a P o g W d r b I r r r e i l D t e I x t e I s n y T d s d y e p x 21554 50697065.5f302045.72726f72.2026204d.61736b20 0x52656769 0x73746572 0x2044756d 1879719229 1027423549 1027423549 Summary of Last 16 CamHits ========================================== I Hit0/ Hit1/ S R P E N n Index0 Index1 r P o g W d c I r r r e H D t e I x C I s n o d s d d e e x 0 0/0x00000 0/0x00000 0x00 0x00 00 0 00 1 0/0x00000 0/0x00000 0x00 0x00 00 0 00 2 0/0x00000 0/0x00000 0x00 0x00 00 0 00 3 0/0x00000 0/0x00000 0x00 0x00 00 0 00 4 0/0x00000 0/0x00000 0x00 0x00 00 0 00 5 0/0x00000 0/0x00000 0x00 0x00 00 0 00 6 0/0x00000 0/0x00000 0x00 0x00 00 0 00 7 0/0x00000 0/0x00000 0x00 0x00 00 0 00 8 0/0x00000 0/0x00000 0x00 0x00 00 0 00 9 0/0x00000 0/0x00000 0x00 0x00 00 0 00 10 0/0x00000 0/0x00000 0x00 0x00 00 0 00 11 0/0x00000 0/0x00000 0x00 0x00 00 0 00 12 0/0x00000 0/0x00000 0x00 0x00 00 0 00 13 0/0x00000 0/0x00000 0x00 0x00 00 0 00 Force10#

1686

E-Series ExaScale Debugging and Diagnostics

show hardware rpm mac counters

Example

Figure 591 show hardware rpm command Examples

Force10#show hardware rpm 0 cp data-plane counters Input statistics 31262 Bytes, 319 Frames, 31262 Total Bytes, 319 Total Frames, 0 Broadcasts, 0 Multicasts, 0 CRC, 0 Oversize, 0 Fragments, 0 Jabber, 0 64-byte Frames, 638 127-byte Frames, 0 255-byte Frames, 0 511-byte Frames, 0 1023-byte Frames, 0 Max Frames, 0 Error, 0 Dropped, 0 Undersized Output statistics 31262 Bytes, 319 Frames, 357822480 Total Bytes, 0 Collisions, 0 Late collisions, 0 Broadcasts, 0 Multicasts Force10#show hardware rpm 0 cp data-plane statistics Input statistics 640 Interrupts, 0 Ticks, 0 DMA Errors, 0 Stopped, 0 Cleanup, 0 Throttle Drops, 0 Status Error, 0 Too Large, 0 Buff Err0, 320 Receive Interrupts, 320 Readied for Protocols, 0 Jumbo, 0 Jumbo Error, 0 Ignored, 0 Jumbo Missing first, 0 Jumbo Dup First, 0 Jumbo Mget Failed, 0 Jumbo ClGet Failed, 0 No Mem, 0 Overflow fix count, 0 Mget Failed, 0 ClGet Failed Output statistics 0 Pause, 0 Watchdog, 0 Late Collision, 0 Underrun, 0 Retransmit Limit, 0 Out Frames, 0 No Mem, 0 Phy Syncs Force10#

Related Commands

show hardware fpc forward

Display information related to FPC forward.

show hardware rpm mac counters

ex
Syntax Parameters

Display receive- and transmit-counters for the party-bus control switch on the IPC subsystem of the RPM. show hardware rpm slot-number mac counters [port port-number] slot-number port port-number
Enter the RPM slot number 0 or 1. (OPTIONAL) Enter the keyword port followed by the port number of the pairty-bus control switch. Range: 0 to 24

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1687

show interfaces link-status

Command History

Version 8.1.1.2 Version 8.1.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

Example

Figure 592 show hardware rpm mac counters Command Example

Force10#show hardware rpm 0 mac counters PORT# RX Frames TX Frames -------------------------------------0 [LC0 ] 0 5 1 [LC1 ] 25171 2119 2 [LC2 ] 13967 2108 3 [LC3 ] 13964 2108 4 [LC4 ] 0 5 5 [LC5 ] 25134 2108 6 [LC6 ] 0 5 7 [LC7 ] 0 5 8 [LC8 ] 0 5 9 [LC9 ] 0 5 10 [LC10 ] 0 5 11 [LC11 ] 0 5 12 [LC12 ] 0 5 13 [LC13 ] 0 5 20 [LOC-CP ] 23232 101339 21 [LOC-RP1] 5248 1097 22 [LOC-RP2] 5250 1104 23 [UNUSED ] 0 0 24 [REM-RPM] 12617 12630 Force10#

Table 161 show hardware rpm mac counters Command Example Information
Slot ID # RX Frames TX Frames Port number on the party-bus control switch. Number of packets received by the party-bus switch from the processor in the specified slot. Number of packets sent by the party-bus switch to the processor in the specified slot.

show interfaces link-status

ex
Syntax Parameters

Displays 10-Gigabit Ethernet link fault signaling and port status information. show interfaces tenGigabitEthernet slot/port link-status tenGigabitEthernet
Enter the keyword tenGigabitEthernet followed by the slot/port information.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

1688

E-Series ExaScale Debugging and Diagnostics

show interfaces phy

Example

Figure 593 show interfaces tengigabitethernet Command Example

Force10#show interfaces tengigabitethernet 4/0 link-status Port Status Loss of Signal : FALSE (XFP has power) RX Signal Lock Error : TRUE (Lock detected) PCS Link State : Down Link Faults Remote : None (No Fault) Local : Fault (Fault present) Idle Error : False (Not received) Illegal Symbol : False (Not received) Error Symbol : False (Not received) Force10#

Table 162 Lines in show interfaces tengigabitethernet Command Example Line

Loss of Signal

Description
Indicates if the interface has detected the required number of digital bit transitions (from 1 to 0 and 0 to 1) on the incoming signal. A 10 GE link must detect a certain number of such transitions for proper synchronization. Indicates a loss of timing condition. The receive clock must be recovered from the incoming data stream to allow the receiving physical layer to synchronize with the incoming electrical pulses. Display the state of the PCS (Physical Coding sub-layer). The state is either up or down. Indicates if the remote device has detected a fault, is inhibiting transmission of frames, and may be continuously transmitting idle messages. Indicates if a local fault is detected that may inhibit transmission of frames, and may be continuously transmitting remote fault signals. Indicates the detections of a non-idle symbol during an idle period. Indicates the detections of an illegal symbol, other than an error symbol, while receiving data frames. Indicates the detections of an error symbol while receiving data frames.

Rx Signal Lock Error

PCS Link State Link Fault Remote.

Link Fault Local. Link Fault Idle Error Link Fault Illegal Symbol Link Fault Error Symbol.

show interfaces phy

ex
Syntax Parameters

Display auto-negotiation and link partner information. show interfaces gigabitethernet slot/port phy
gigabitethernet Enter the keyword gigabitethernet followed by the slot/port information.

Command Modes

EXEC EXEC Privilege

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1689

show interfaces phy

Command History

Version 8.1.1.2 Version 8.1.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

Example

Figure 594 show interfaces gigabitethernet phy Command Example (Partial)

Table 163 Lines in show interfaces gigabitethernet Command Example Line

Mode Control Mode Status

Description
Indicates if auto negotiation is enabled. If so, indicates the selected speed and duplex. Displays auto negotiation fault information. When the interface completes auto negotiation successfully, the autoNegComplete field and the linkstatus field read True. Displays the control words advertised by the local interface during negotiation. Duplex is either half or full. Asym- and Sym Pause is the types of flow control supported by the local interface. Displays the control words advertised by the remote interface during negotiation. Duplex is either half or full. Asym- and Sym Pause is the types of flow control supported by the remote interface ParallelDetectionFault is the handshaking scheme in which the link partner continuously transmit an idle data packet using the Fast Ethernet MLT-3 waveform. Equipment that does not support auto-negotiation must be configured to exactly match the mode of operation as the link partner or else no link can be established. 1000Base-T requires auto-negotiation. The IEEE Ethernet standard does not support setting a speed to 1000 Mbps with the speed command without auto-negotiation. E-Series line cards support both full-duplex and half-duplex 1000BaseT.

AutoNegotiation Advertise

AutoNegotiation Remote Partners Ability AutoNegotiation Expansion

1000Base-T Control

1690

E-Series ExaScale Debugging and Diagnostics

show interfaces transceiver

Table 163 Lines in show interfaces gigabitethernet Command Example Line

Phy Specific Control

Description
Values are: 0 - Manual MDI 1 - Manual MDIX 2 - N/A 3 - Auto MDI/MDIX Displays PHY-specific status information. Cable length represents a rough estimate in meters: 0 - < 50 meters 1 - 50 - 80 meters 2 - 80 - 110 meters 3 - 110 - 140 meters 4 - 140 meters. Link Status: Up or Down Speed: Auto 1000MB 100MB 10MB

Phy Specific Status

show interfaces transceiver

ex
Syntax Parameters

Display the physical status and operational status of an installed transceiver. The output also displays the transceivers serial number. show interfaces gigabitethernet slot/port transceiver gigabitethernet
Enter the keyword gigabitethernet followed by the slot/port information.

Command Modes

EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1691

show ipc-traffic

Example

Figure 595 show interfaces gigabitethernet transceiver Command Example

Force10#show interfaces gigabitethernet 1/0 transceiver SFP is present. SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP SFP 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Serial Base ID fields Id = 0x03 Ext Id = 0x04 Connector = 0x07 Transciever Code = 0x00 0x00 0x00 0x01 0x20 0x40 0x0c 0x05 Encoding = 0x01 BR Nominal = 0x15 Length(9um) Km = 0x00 Length(9um) 100m = 0x00 Length(50um) 10m = 0x1e Length(62.5um) 10m = 0x0f Length(Copper) 10m = 0x00 Vendor Name = FINISAR CORP. Vendor OUI = 0x00 0x90 0x65 Vendor PN = FTRJ8519P1BNL Vendor Rev = A Laser Wavelength = 850 nm CheckCodeBase = 0x66 Serial Extended ID fields Options= 0x00 0x12 BR max= 0 BR min= 0 Vendor SN= P5N1ACE Datecode = 040528 CheckCodeExt = 0x5b

Force10#

show ipc-traffic
ex
Syntax Parameters

Show information related to CP, RP1 or RP2 related IPC traffic. show IPc-traffic rpm [0-1] {cp | rp1 | rp2 } {counters | statistics}
cp rp1 rp2 Enter the keyword cp to view IPC information on the CPs counters or statisticsh. Enter the keyword rp1 to display the RP1's IPC counters or statistics Enter the keyword rp2 to display the RP2s IPC counters or statistics.

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

1692

E-Series ExaScale Debugging and Diagnostics

show ipc-traffic ingress | egress

ex
Syntax Parameters

Display information related to packet drops and counters for ingress or egress IPC traffic. show ipc-traffic rpm [0-1] {ingress| egress} {counters | drops}
ingress egress counters drops Enter the keyword ingress to view IPC information on the ingress (LC-to-RPM) path. Enter the keyword egress to view IPC information on the egress (RPM-to-LC) path. (OPTIONAL) Enter the keyword counters to display the IPC counters. (OPTIONAL) Enter the keyword drops to display IPC drop-related error counters.

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

show ipc-traffic linecard

ex
Syntax Parameters

Display information relating to packet counts for the selected linecards IPC traffic. show ipc-traffic rpm [0-1] linecard # {lc-cpu counters | lc-switch counters} linecard counters lc-cpu lc-switch
Enter the keyword linecard <0-to display the RPM Switchs IPC related information. (OPTIONAL) Enter the keyword counters to display the IPC counters. (OPTIONAL) Enter the keyword lc-port to display information for the LC-CPU. (OPTIONAL) Enter the keyword lc-switch to display the counter information for the LC-Switch.

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1693

show ipc-traffic rpm-switch

ex
Syntax

Display information relating to packet counts for the RPM Switchs IPC traffic. show ipc-traffic rpm [0-1] rpm-switch {counters | configuration | qos-counters | qos-configuration | cp-port | rp1-port | rp2-port | lc-switch # | Peer-RPM} {counters | configuration | qos-counters | qos-configuration} rpm-switch counters drops configuration qos-counters qos-cofiguration cp-port rp1-port rp2-port lc-switch peer-rpm
Enter the keyword rpm-switch to display the RPM Switchs IPC related information. (OPTIONAL) Enter the keyword counters to display the IPC counters. (OPTIONAL) Enter the keyword drops to display IPC drop-related error counters. (OPTIONAL) Enter the keyword configuration to display the RP-Switch related IPC configuration. (OPTIONAL) Enter the keyword qos-counters to display the RP-Switch qos-counters.. (OPTIONAL) Enter the keyword qos-configuration to display the RP-Switch qos-configuration. (OPTIONAL) Enter the keyword cp-port to display the RP-Switch information for the CP port. (OPTIONAL) Enter the keyword rp1-port to display the RP-Switch information for the RP1 port. (OPTIONAL) Enter the keyword rp2-port to display the RP-Switch information for the CRP2 port. (OPTIONAL) Enter the keyword lc-switch to display the counter information for the LC-Switch. (OPTIONAL) Enter the keyword peer-rpm to display information for the peer RPM.

Parameters

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

show logging driverlog

ex
Syntax

Display the driver log for the RPM CP processor or for the line card CPU in the specified slot. show logging driverlog [linecard number]

1694

E-Series ExaScale Debugging and Diagnostics

show logging driverlog

Parameters

linecard number

(OPTIONAL) Enter the keyword linecard followed by the line card slot number to display the driver log for the specified line card. Range: 0 to 13 on a E1200, 0 to 6 on a E600/E600i, and 0 to 5 on an E300

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History

Version 8.1.1.2 Version 8.1.1.0

Introduced on E-Series ExaScale E600i Introduced on E-Series ExaScale E1200i

Usage Information

This command displays internal software driver information which may be useful during troubleshooting line card initialization errors, such as downed Port-Pipe.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1695

show logging driverlog

1696

E-Series ExaScale Debugging and Diagnostics

Chapter 66

E-Series Debugging and Diagnostics

Overview
FTOS supports an extensive suite of protocol-specific debug commands for packet- and event-level debugging. These commands are described throughout this document. In addition, FTOS supports commands for diagnosing suspected hardware issues. This chapter contains the following sections: Diagnostics and Monitoring Commands Offline Diagnostic Commands Hardware Commands

Diagnostics and Monitoring Commands

The diagnostics and monitoring commands are: dataplane-diag disable loopback dataplane-diag disable sfm-bringdown dataplane-diag disable sfm-walk dataplane-diag disable dfo-reporting diag linecard diag sfm ip control-plane egress-filter-traffic ipv6 control-plane egress-filter-traffic logging coredump kernel disable logging coredump kernel server logging coredump linecard power-off/on sfm reset linecard reset sfm show command-history show console show diag sfm Publication Date: July 20, 2011 1697

Command Line Reference for FTOS version 8.4.2.4

dataplane-diag disable loopback

show processes ipc show processes ipc show processes ipc flow-control show revision show tech-support

In addition to these debug commands, FTOS supports diagnostics, monitoring, and fault isolation commands to assist in gathering information.

Important Points to Remember

Note: SFM walking assumes a chassis with the maximum number of SFMs in an
active state.

dataplane-diag disable loopback

e
Syntax

Disable the runtime loopback test on the primary RPM and line cards. dataplane-diag disable loopback To re-enable, use the no dataplane-diag disable loopback command.

Defaults Command Modes Command History Related Commands

Enabled CONFIGURATION
Version 6.5.4.0 Introduced

show diag sfm dataplane-diag disable sfm-bringdown dataplane-diag disable sfm-walk

Display the loopback test results Disable the automatic SFM bringdown Diable the automatic SFM walk

1698

E-Series Debugging and Diagnostics

dataplane-diag disable sfm-bringdown

Usage Information

Note: Only the Primary RPM can perform runtime dataplane loopback test.

Example

Figure 596 show diag sfm Command Example

dataplane-diag disable sfm-bringdown

e
Syntax

Disable the automatic bring down of the single faulty SFM identifed by the SFM walk during the RPM-SFM runtime loopback test. dataplane-diag disable sfm-bringdown To re-enable the automatic SFM bring down, use the no dataplane-diag disable sfm-bringdown command.

Defaults Command Modes Command History

Enabled CONFIGURATION
Version 6.5.4.0 Introduced

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1699

dataplane-diag disable sfm-walk

Usage Information

If a full set of SFMs are online during the runtime loopback test and a failure occurs, an automatic SFM walk is launched in an attempt to determine if the failure is due to a single faulty SFM. If confimed, the single faulty SFM is identified and disabled by default. This command disables the automatic bring down of that suspect SFM.
dataplane-diag disable loopback dataplane-diag disable sfm-walk show diag sfm Disable the runtime dataplane loopback test Diable the automatic SFM walk Display the loopback test results

Related Commands

dataplane-diag disable sfm-walk

e
Syntax

Disable the automatic SFM walk that is launched after an RPM-SFM runtime loopback test failure. dataplane-diag disable sfm-walk To re-enable the automatic SFM walk, use the no dataplane-diag disable sfm-walk command.

Defaults Command Modes Command History Usage Information

Enabled CONFIGURATION
Version 6.5.4.0 Introduced

If a full set of SFMs are online during the runtime loopback test and a failure occurs, an automatic SFM walk is launched in an attempt to determine if the failure is due to a faulty SFM. This command disables the automatic SFM walk.
dataplane-diag disable loopback dataplane-diag disable sfm-bringdown show diag sfm Disable the runtime dataplane loopback test Disable the automatic SFM bringdown. Display the loopback test results

Related Commands

dataplane-diag disable dfo-reporting

e
Syntax

Disable the per-channel DFO (deskew FIFO overflow) reporting via event logging. dataplane-diag disable dfo-reporting To re-enable, use the no dataplane-diag disable dfo-reporting command.

Defaults Command Modes

Enabled CONFIGURATION

1700

E-Series Debugging and Diagnostics

diag linecard

Command History Usage Information

Version 6.5.4.0

Introduced

The per-channel DFO error reporting via event logging is enabled by default on TeraScale chassis. The error reporting issues a warning when a temporary dataplane glitch occurs or when a persistent malfunction is detected. When a DFO error is detected, no automatic action is initiated by the system. The message issued is similar to:

%RPM1-P:CP %CHMGR-2-SFM_PCDFO: PCDFO error detected for SFM4

This command disables the per-channel DFO reporting.
Related Commands diag sfm show diag sfm Initiate a manual dataplane loopback test. Display the loopback test results

Note: This command is not supported on the E600i chassis.

diag linecard
e
Syntax Parameters

Defaults Command Modes Command History Related Commands

Level 0-2 EXEC Privilege

Version 6.5.4.0 Introduced

reset linecard

Reset the linecard and bring it back online.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1701

diag sfm

diag sfm
e
Syntax Parameters

Execute a manual dataplane loopback test. diag sfm [all-loopback | rpm-loopback] all-loopback rpm-loopback
(OPTIONAL) Enter the keyword all-loopback to execute a dataplane loopback test from the RPMs and all line cards. (OPTIONAL) Enter the keyword rpm-loopback to execute a dataplane loopback test on the RPMs only.

Defaults Command Modes Command History Usage Information

No default behavior or value EXEC Privilege

Version 6.5.4.0 Introduced

Note: Line card-SFM loopback test failure, during the manual test, will trigger an SFM
walk.

Related Commands

reset sfm

Reset the SFM and bring it back online.

ip control-plane egress-filter-traffic
e
Syntax

Apply Layer 3 egress ACLs to the CPU generated traffic. ip control-plane egress-filter-traffic To disable, use the no ip control-plane egress-filter-traffic command.

Defaults Command Modes Command History

Disabled CONFIGURATION
Version 7.6.1.0 Introduced on the E-Series only

1702

E-Series Debugging and Diagnostics

ipv6 control-plane egress-filter-traffic

Usage Information

Note: Only Layer 3 traffic goes through the ACLi.e. BPDUs will not be captured.

ipv6 control-plane egress-filter-traffic

e
Syntax

Apply Layer 3 egress ACLs to the CPU generated traffic. ipv6 control-plane egress-filter-traffic To disable, use the no ipv6 control-plane egress-filter-traffic command.

Defaults Command Modes Command History Usage Information

Disabled CONFIGURATION
Version 7.6.1.0 Introduced on E-Series

Note: Only Layer 3 traffic goes through the ACLi.e. BPDUs will not be captured.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1703

logging coredump kernel disable

e
Syntax

Defaults Command Modes Command History Usage Information

Enabled (core-dump logging is enabled) CONFIGURATION

Version 6.5.4.0 Introduced

By default, the kernel core-dump is enable and stored in the flash directory: Storage Directory Name: flash:CORE_DUMP_DIR Kernel core-dump naming convention is: f10rpProcessorID.kcore.gz For example: F10rp1.kcore.gz Application core-dump naming convention is: rpProcessorID _ApplicationName_timestamp.core.gz For example: rp1_ospf_060307172608.core.gz Multiple core-dumps Application core-dumps are timestamp embedded and are not overwritten by default. Manually delete the older core-dumps to allow more space on the flash. Kernel core-dumps are overwritten whenever there is a new core-dump.

Note: Application core-dumps are also automatically uploaded to flash. If there is not
enough available space for the kernel core-dump on the flash, the kernel upload will terminate.
Related Commands

logging coredump linecard logging coredump kernel server

Enable core-dump logging on line cards Save core-dump logging files to an alternate server

logging coredump kernel server

e
Syntax

1704

E-Series Debugging and Diagnostics

logging coredump linecard

Defaults Command Modes Command History Related Commands

Saved on flash CONFIGURATION

Version 6.5.4.0 Introduced

logging coredump linecard logging coredump kernel disable

Enable core-dump logging on line cards Disable kernel core-dump logging

logging coredump linecard

e
Syntax

Parameters

linecard slot number

port-shutdown

no-port-shutdown

linecard all

Defaults Command Modes Command History

Disabled (core-dump logging is off) CONFIGURATION

Version 7.6.1.0 Version 6.5.4.0 Introduced the port-shutdown and no-port-shutdown variables Introduced

Usage Information

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1705

power on/off linecard

If multiple line cards crash, the core-dump files will upload simultaneously. However, a second core-dump from the same line card slot will overwrite the first core-dump. During a line card core-dump, the line card interface remains up while the core-dump is being written to the directory. Use the port-shutdown option to shutdown the physical interfaces during the core dump, allowing for a failover to a backup system.
Related Commands logging coredump kernel server logging coredump kernel disable Save core-dump logging files to an alternate server. Disable kernel core-dump logging.

power on/off linecard

e
Syntax Parameters

Power on or off a specified linecard. power-{off | on} linecard slot-number power-off power-on sfm slot-number
Enter the keyword power-off to power off the SFM. Enter the keyword power-on to power on the SFM Enter the keyword linecard followed by the slot number of the SFM to power on/off. Range: 0 to 6

Defaults Command Modes Command History Related Commands

No default values or behavior EXEC Privilege

Version 6.5.4.0 Introduced

show linecard

Display the current linecard status.

power-off/on sfm
e
Syntax Parameters

Power on or off a specified SFM. power-{off | on} sfm slot-number power-off power-on sfm slot-number
Enter the keyword power-off to power off the SFM. Enter the keyword power-on to power on the SFM Enter the keyword sfm followed by the slot number of the SFM to power on/off. Range: 0 to 7

Defaults

No default values or behavior

1706

E-Series Debugging and Diagnostics

power-off/on sfm

Command Modes Command History Usage Information

EXEC
Version 6.5.4.0 Introduced

This command is used for diagnostic purposes to isolate and identify a failed SFM when troubleshooting issues related to the chassis dataplane.

Figure 597 power-off sfm Command Example with Data Traffic Warning Message
Force10#power-off sfm 0 SFM0 is active. Powering it off it might impact the data traffic. Proceed with power-off [confirm yes/no]:yes Feb 15 23:52:53: %RPM1-P:CP %CHMGR-2-MINOR_SFM: Minor alarm: only eight working SFM Force10#

Figure 598 power-off sfm Command Example with Switch Fabric Down Warning Message
Force10#power-off sfm 1 WARNING!! SFM1 is active. Powering it off it will cause Switch Fabric to go down!! Proceed with power-off [confirm yes/no]:yes Feb 16 00:03:19: %RPM1-P:CP %TSM-6-SFM_SWITCHFAB_STATE: Switch Fabric: DOWN Feb 16 00:03:20: %RPM1-P:CP %CHMGR-0-MAJOR_SFM: Major alarm: Switch fabric down Force10#

Once the SFM is powered off, the SFM status indicates that the SFM has been powered off by the user. Use the show sfm all command to display the status (Figure 599).
Example

Figure 599 show sfm all Command Example

Force10#show sfm all Switch Fabric State: Switch Mode: SFM down (Not enough working SFMs)

Related Commands

show sfm

Display the current SFM status.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1707

show command-history

show command-history
e
Syntax Parameters

Defaults Command Modes Command History Example

No default behaviors or values EXEC

Version 7.4.1.0 Introduced

Figure 600 show command-history Command Example

Usage Information

The command history output includes:

[username name passwored *******] when the command is executed via telnet

1708

E-Series Debugging and Diagnostics

show console

All commands executed by all users, except password related commands, are captured in the trace command history log. Each command has a date and time stamp (see Figure 600). The trace-log file has a separate 3000 line buffer to hold command history on a FIFO basis. When the buffer is full, the contents wraps (i.e. the first line is automatically deleted to make room for the last command line).This file can be analyzed by the Force10 Technical Assistance Center (TAC) to assist in troubleshooting.

Note: No password information is saved to the trace command history log.

show console
e
Syntax Parameters

Defaults Command Modes Command History

No default behavior or values EXEC Privilege

Version 7.5.1.0 Introduced

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1709

reset linecard

Example

Figure 601 show console lp 0 command Example

reset linecard
e
Syntax Parameters

Reset a specific linecard module (power-off and then power-on). reset linecard slot-number slot-number
Enter the slot number of the SFM to reset. Range: 0 to 6

Defaults Command Modes Command History Related Commands

No default values or behavior EXEC Privilege

Version 6.5.4.0 Introduced

power on/off linecard

Power on/off a linecard

reset sfm
e
Syntax Parameters

Reset a specific SFM module (power-off and then power-on). reset sfm slot-number slot-number
Enter the slot number of the SFM to reset. Range: 0 to 7

Defaults Command Modes

No default values or behavior EXEC Privilege

1710

E-Series Debugging and Diagnostics

show diag sfm

Command History Usage Information

Version 6.5.4.0

Introduced

When an error is detected on an SFM module, this command is a manual recovery mechanism. Since this command can be used with live traffic running, the switch fabric will not go down if the switch fabric is in an UP state. When there is a full set of SFMs online in the chassis, resetting one SFM will reduce the total bandwidth supported by the chassis and may affect data flow. A warning message is issued at the command line and requires user confirmation to proceed (Figure 602). Figure 602 reset sfm Command Example with Warning Message
Force10#reset sfm 0 SFM0 is active. Resetting it might temporarily impact data traffic. Proceed with reset [confirm yes/no]:yes Feb 16 00:39:30: %RPM1-P:CP %TSM-5-SFM_DISCOVERY: Found SFM 0 Force10#

Example

This command does not permit resetting any SFM when the system has (max-1) SFM and switch fabric is up (Figure 603).
Example

Figure 603 reset sfm error message

Force10#Force10#reset sfm 1 % Error: SFM1 is active. Resetting it will impact data traffic. Force10#

Note: Resetting an SFM in a power-off state is not permitted. Use the command
power-on sfm to bring the SFM back to a power-on state.
Related Commands

power-off/on sfm

Power on/off an SFM

show diag sfm

e
Syntax Defaults Command Modes Command History

Display the results and status of the last chassis runtime/onetime loopback test. show diag sfm No default values or behavior EXEC
Version 6.5.4.0 Introduced

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1711

show processes ipc

Example

Figure 604 show diag sfm command Example

Force10#show diag sfm Switch Fabric Module Loopback Test: SFM Walk-Through in Loopback Test: SFM Bring-Down in Loopback Test: Switch Fabric Module Loopback State: enabled enabled enabled on

show processes ipc

e
Syntax Parameters

Display IPC messaging used internally between FTOS processes. show processes ipc [recv-stats | send-stats] [cp | rp1 | rp2 | lp linecard-number] recv-stats send-stats cp rp1 rp2 lp linecard-number
(OPTIONAL) Enter the keyword recv-stat to display the receiver-side details of the IPC messages. (OPTIONAL) Enter the keyword send-stats to display the sender-side details of the IPC messages. (OPTIONAL) Enter the keyword cp to view the Control Processors swpq statistics. (OPTIONAL) Enter the keyword rp1 to view the Control Processors swpq statistics on Route Processor 1. (OPTIONAL) Enter the keyword rp2 to view the Control Processors swpq statistics on Route Processor 2. (OPTIONAL) Enter the keyword lp followed by the line card number to view the Control Processors swpq statistics on the specified line card.

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

1712

E-Series Debugging and Diagnostics

show processes ipc flow-control

Command History Example

Version 7.5.1.0

Introduced

Figure 605 show processes ipc recv-stats Command Example

Example

Figure 606 show processes ipc send-stats Command Example

Usage Information

These commands should be used only when you are working directly with Force10 TAC (Technical Assistance Center) while troubleshooting a problem.

show processes ipc flow-control

e
Syntax Parameters

Display the Single Window Protocol Queue (swpq) statistics. show processes ipc flow-control [cp | rp1 | rp2 | lp linecard-number] cp rp1
(OPTIONAL) Enter the keyword cp to view the Control Processors swpq statistics. (OPTIONAL) Enter the keyword rp1 to view the Control Processors swpq statistics on Route Processor 1.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1713

show processes ipc flow-control

rp2 lp linecard-number

(OPTIONAL) Enter the keyword rp2 to view the Control Processors swpq statistics on Route Processor 2. (OPTIONAL) Enter the keyword lp followed by the line card number to view the Control Processors swpq statistics on the specified line card.

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History Example

Version 7.5.1.0

Introduced

Figure 607 show processes ipc flow-control rp Command Example

Example

Figure 608 show processes ipc flow-control lp Command Example

Table 164 defines the fields displayed in Figure 608. Table 164 show processes ipc flow-control Display Definitions Field
TxProcess RxProcess Cur Len High Mark Time Out

Description
Sender Process Receiver Process The number of messages, in the sender process, waiting to be sent to the receiver process The maximum number of accumulated messages (over the life of the queue), in the sender process, waiting to be sent out to the receiver process The time period the sender process waits for acknowledgement from the receiver process before attempting to resend the queued messages

1714

E-Series Debugging and Diagnostics

show revision

Table 164 show processes ipc flow-control Display Definitions Field

Retries Msg Sent Ack Rcvd Aval Retrans

Description
The number of successive attempts (retries) the sender process will make to send the messages to the receiver process The accumulated number of messages sent between the sender and receiver processes from the time the queue was created. The number of acknowledgements received from the receiver process The current number of attempts, for retransmission, available in the event an acknowledgement is not received. This value decrements on every retry and may fall below the initial value, of "Max Retrans" to zero, in case the receiver is not responding. This count is reset dynamically to Max Retrans value in case the queue starts to function after experiencing some acknowledgement loss The max number of retransmission attempts configured for a sender - receiver pair

Max Retrans

Usage Information

The Single Window Protocol (SWP) provides flow-control-based reliable communication between the sending and receiving software tasks.

Important Points to Remember

SWP-2-NOMORETIMEOUT
In the display output in Figure 608, a retry (Retries) value of zero indicates that the SWP mechanism reached the maximum number of retransmissions without an acknowledgement.

show revision
e
Syntax Defaults Command Modes Command History

Display revision numbers of all line card, RPM, and SFM components. show revision No default behavior or value EXEC Privilege
Version 7.5.1.0 Introduced

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1715

show tech-support

Example

Figure 609 show revision Command Example (Partial)

Force10#show revision -- RPM 0 panda bedrock helio tabby willow -: : : : : ASIC - 0x72632000 0x34 0x13 0x7 0x13

show tech-support
e
Syntax Parameters

Display a collection of data from other show commands, the information necessary for Force10 Networks technical support to perform troubleshooting. show tech-support [linecard | page] {display | except | find | grep | no-more | save} (linecard <0-6> page
(OPTIONAL) Enter the keyword linecard followed by the linecard number to view information relating to a specific linecard. (OPTIONAL) Enter the keyword page to view 24 lines of text at a time. Press the SPACE BAR to view the next 24 lines. Press the ENTER key to view the next line of text

1716

E-Series Debugging and Diagnostics

show tech-support

display, except, find, grep, no-more save:

When using the pipe command ( | ), enter one of these keywords to filter command output. Refer to CLI Basics in the FTOS Command Reference Guide for details on filtering commands Enter the save keyword (following the pipe) to save the command output. flash: Save to local flash drive (flash://filename (max 20 chars) ) slot0: Save to local file system (slot0://filename (max 20 chars) )

Command Modes Command History

EXEC Privilege
Version 7.8.1.0 Version 7.5.1.0 Version 6.5.4.0 Added save option Introduced on C-Series Show clock included in display

Usage Information

Without the page option, the command output is continuous, use CNTL-z to interrupt the command output.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1717

show tech-support

Example

Figure 610 show tech-support (E-Series Command Example) Partial Output

Related Commands

show version show linecard

Display the FTOS version. Display the line card(s) status.

1718

E-Series Debugging and Diagnostics

diag linecard

show environment (C-Series and E-Series) show processes memory (C-Series and E-Series)

Display system component status. Display memory usage based on running processes.

Offline Diagnostic Commands

The offline diagnostics test suite is useful for isolating faults and debugging hardware. The tests results are written to a file in flash memory and can be displayed on screen. Detailed statistics for all tests are collected. These statistics include: last execution time first test pass time and last test pass time first test failure time and last test failure time total run count total failure count consecutive failure count error code

The offline diagnostics commands are: diag linecard offline online show diag

diag linecard
e
Syntax

Parameters

number alllevels level0 level1

Enter the line card slot number. Range: 0 to 13 on a E1200, 0 to 6 on a E600, and 0 to 5 on a E300. Enter the keyword alllevels to run the complete offline diagnostic test. Enter the keyword level0 to check the device inventory and verify the existence of the devices. Enter the keyword Level1 to verify that the devices are accessible via the designated paths (line integrity tests) and test the internal registers of the devices.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1719

offline

level2 terminate
Defaults Command Modes

Enter the keyword level2 to perform on-board loopback tests on various data paths (data Port-Pipe and Ethernet). Enter the keyword terminate to stop the offline diagnostics tests.

All Levels (alllevels) EXEC EXEC Privilege

Command History

Version 6.5.4.0

Introduced

offline
e
Syntax Parameters

Place a line card in an offline state. offline {linecard number } linecard number
Enter the keyword linecard followed by the line card slot number. Range: 0 to 13 on a E1200, 0 to 6 on a E600, and 0 to 5 on a E300.

Defaults Command Mode

No default behavior or values EXEC EXEC Privilege

Command History

Version 6.5.4.0

Introduced

online
e
Syntax Parameters

Place a line card in an online state. online {linecard number | rpm number} linecard number
Enter the keyword linecard followed by the line card slot number. Range: 0 to 13 on a E1200, 0 to 6 on a E600, and 0 to 5 on a E300.

Defaults Command Mode

No default behavior or values EXEC EXEC Privilege

1720

E-Series Debugging and Diagnostics

show diag

Command History

Version 6.5.4.0

Introduced

show diag
e
Syntax Parameters

Display current diagnostics information. show diag {information} [linecard number [detail | periodic | summary]] information linecard number
Enter the keyword information to view current diagnostics information in the system. (OPTIONAL) Enter the keyword linecard followed by the line card slot number. Range: 0 to 13 on a E1200, 0 to 6 on a E600, and 0 to 5 on a E300. (OPTIONAL) Enter the keyword detail to view detailed diagnostics information. (OPTIONAL) Enter the keyword periodic to display diagnostics results periodically. (OPTIONAL) Enter the keyword summary to view a summary of the diagnostics information.

detail periodic summary summary EXEC EXEC Privilege

Command History
H

Defaults Command Mode

Version 6.5.4.0

Introduced

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1721

clear hardware btm

The commands in this section are: clear hardware btm clear hardware rpm mac counters hardware monitor linecard hardware monitor mac hardware watchdog show cpu-interface-stats show hardware btm show hardware fpc forward show hardware fpc lookup detail show hardware rpm cp show hardware rpm mac counters show hardware rpm rp1/rp2 show interfaces link-status show logging driverlog show running-config hardware-monitor

See also in Chapter 23, Interfaces: show interfaces phy show interfaces transceiver

clear hardware btm

e
Syntax

Clear the Buffer Traffic Manager (BTM) error counters and status registers. clear hardware {rpm | linecard} number port-set pipe-number btm {egress | ingress | all} {errors | status} rpm linecard number
Enter the keyword rpm to clear BTM error counters or status registers on the RPM. Enter the keyword linecard followed by the line card slot number to clear BTM error counters or status registers on the specified line card. Range: 0 to 13 on a E1200, 0 to 6 on a E600/E600i, and 0 to 5 on an E300 Enter the keyword port-set followed by the number of the line card or RPMs Port-Pipe. Range: 0 to 1 (OPTIONAL) Enter the keywords egress errors or egress status to clear egress BTM error counters or ingress BTM status registers. (OPTIONAL) Enter the keywords ingress errors or ingress status to clear ingress BTM error counters or ingress BTM status registers. (OPTIONAL) Enter the keywords all errors or all status to clear both egress and ingress BTM error counters and status registers.

Parameters

port-set pipe-number

egress errors | status

ingress errors | status

all errors | status

1722

E-Series Debugging and Diagnostics

clear hardware rpm mac counters

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History Example

Version 6.5.4.0

Introduced

Figure 611 clear hardware linecard Command Example

Force10#clear hardware linecard 2 port-set 0 btm ingress errors Force10#clear hardware rpm 1 port-set 0 btm ingress errors Force10#clear hardware rpm 0 port-set 0 btm ingress errors % Error: RPM 0 is not active. Force10#

Related Commands

show hardware btm

Display the BTM counters

clear hardware rpm mac counters

e
Syntax Parameters

Clear the MAC counters for the party-bus control switch on the IPC subsystem of the RPM. clear hardware rpm slot-number mac counters slot-number
Enter the RPM slot number. Range: 0 -1

Defaults Command Mode

No default behavior or values EXEC EXEC Privilege

Command History

Version 6.5.4.0

Introduced

hardware monitor linecard

e
Syntax

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1723

hardware monitor mac

Parameters

action-on-error btm fpc card-problem card-reset card-shutdown parity-correction

Enter the keyword action-on-error to further specify actions that should be taken in the event of a hardware error. Enter the keyword btm to configure the system to take an action upon a Buffer Traffic Manager hardware error. Enter the keyword fpc to configure the system to take an action upon a Flexible Packet Classifier hardware error. Enter the keyword card-problem to place a line card in a card-problem state upon a hardware error. Enter the keyword card-reset to reset a line card upon a hardware error. Enter the keyword card-shutdown to shutdown a line card upon a hardware error. Enter the keyword parity-correction to enable automatic parity corrections for SRAM. The line card must be reloaded before the feature becomes operational.

Defaults Command Mode Command History

None CONFIGURATION
Version 7.7.1.0 Introduced

hardware monitor mac

e
Syntax Defaults Command Mode Command History

Configure the system to shut down all ports on a line card upon a MAC hardware error. hardware monitor mac action-on-error port-shutdown None CONFIGURATION
Version 7.7.1.0 Introduced

hardware watchdog
e
Syntax Defaults Command Mode

Set the watchdog timer to trigger a reboot and restart the system. hardware watchdog Enabled CONFIGURATION

1724

E-Series Debugging and Diagnostics

show cpu-interface-stats

Command History Usage Information

Version 7.7.1.0

Introduced

show cpu-interface-stats
e
The command provides an immediate snapshot of the health of the internal RPM and line card CPU. Generally this command is used in concert with Force10 Networks Technical Support engineers. show cpu-interface-stats {cp | lp | rp1 | rp2} cp lp rp1 rp2
Defaults Command Modes Enter the keyword cp to display the CP's interface statistics. Enter the keyword lp to display the LP's interface statistics Enter the keyword rp1 to display the RP1's interface statistics Enter the keyword rp2 to display the RP2s interface statistics.

Syntax Parameters

No default behavior or values EXEC EXEC Privilege

Command History

Version 7.6.1.0

Introduced on E-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1725

show cpu-interface-stats

Example

Figure 612 show cpu-interface-stats lp Command Example

Packets : Desc Error : Out of Mem : Pause Pkts : Other Error:

9808 0 0 0 0

Packets : Desc Error : Out of Mem : Pause Pkts : Other Error:

9807 0 0 0 0

Packets : Desc Error : Out of Mem : Pause Pkts : Other Error:

329859 0 0 0 0

Packets : Desc Error : Out of Mem : Pause Pkts : Other Error:

0 0 0 0 0

1726

E-Series Debugging and Diagnostics

show hardware btm

Example

Figure 613 show cpu-interface-stats cp command Example (Partial)

show hardware btm

e
Syntax

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1727

show hardware btm

Parameters

rpm linecard number

port-set pipe-number

[number_of_registers]

Defaults Command Modes

No default behavior or values EXEC EXEC Privilege

Command History Example

Version 6.5.4.0

Introduced

Figure 614 show hardware linecard (E-Series) Command Example

Force10#show hardware linecard 1 port-set 2 btm all errors Output for portpipe 0 Ingress PC_SPI4_BADPORT_CNTR [0x000230] = 16777216 PC_SPI4_EOP_ABORT_CNTR [0x000234] = 33554432 PC_SPI4_MISS_SOP_CNTR [0x00238] = 50331648 Output for portpipe 0 Egress FC_BAD_CRC_ERR_CNTR [0x000250] = 150994944 Force10#

Related Commands

clear hardware btm

Clear the btm counters

1728

E-Series Debugging and Diagnostics

show hardware fpc forward

e
Syntax

Display receive and transmit counters, error counters and status registers for the forwarding functional area of the FPC (flexible packet classification engine). show hardware linecard number port-set pipe-number fpc forward {counters | drops | spi {err-counters | spichannel# counters} | status} linecard number port-set pipe-number
Enter the keyword linecard followed by the line card slot number. Range: 0 to 13 on E1200, 0 to 6 on E600/E600i, and 0 to 5 on E300 Enter the keyword port-set followed by the number of the line cards Port-Pipe. Range: 0 to 1 (OPTIONAL) Enter the keyword counters to display the FPC receive and transmit packet, byte counters, and error counters. (OPTIONAL) Enter the keyword drops to display FPC drop-related error counters. (OPTIONAL) Enter the keywords spi err-counters to display the FPC System Packet Interface (SPI) receive and transmit packet, byte counters, error counters, and key status registers on the ingress and egress paths. (OPTIONAL) Enter the keywords spi spichannel# counters to display the FPC System Packet Interface level 4 (SPI4) counters. (OPTIONAL) Enter the keywords status to display FPC status registers.

Parameters

counters drops spi err-counters

spi spichannel# counters status

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History

Version 6.5.4.0

Introduced

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1729

show hardware fpc forward

Example

Figure 615 show hardware fpc forward drops Command Example

1730

E-Series Debugging and Diagnostics

show hardware fpc forward

Example

Figure 616 show hardware fpc forward counters Command Example

SPI 1 : 0 : 0 : 0 : 0 : 0 : 0 : 0 : 0 : 0 : 0 SPI 1 : 0 : 0 : 0 : 0 : 0 : 0 : 0 : 0 : 0 : 0 : 0

Related Commands

show hardware fpc lookup detail

Display fpc lookup information.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1731

show hardware fpc lookup detail

e
Syntax Parameters

Display diagnostic and debug information related to the lookup functional area of the Flexible Packet Classification (FPC). show hardware linecard number port-set pipe-number fpc lookup detail linecard number
Enter the keyword linecard followed by the line card slot number. Range: 0 to 13 on a E1200, 0 to 6 on a E600/E600i, and 0 to 5 on an E300 Enter the keyword port-set followed by the number of the line cards Port-Pipe. Range: 0 to 1

port-set pipe-number

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History

Version 6.5.4.0

Introduced

1732

E-Series Debugging and Diagnostics

show hardware rpm cp

Example

Figure 617 show hardware linecard Command Example

Force10#show hardware linecard 0 port-set 0 fpc lookup detailed Summary of Error Registers ------- -- ----- --------0 Counters Enabled : Cyclone 1.5 ChassisMap Cyclone 1.5 MixedMode T2L party Status partyType ---------: 0x00000000 : 0x00000000 : No Errors ErrorCount ----------

Related Commands

show hardware fpc forward

Display information related to FPC forward.

show hardware rpm cp

e
Syntax

Display advanced debugging information for the RPM processors. show hardware rpm slot-number cp {data-plane | management-port} | party-bus} {counters | statistics}

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1733

show hardware rpm cp

Parameters

slot-number data-plane

Enter the RPM slot number 0 or 1. (OPTIONAL) Enter the keywords data-plane to display information about the dataplane interface on the control processor of the specified RPM. (OPTIONAL) Enter the keywords management-port to display information about the managment-port interface of the conrol processor on the specified RPM. (OPTIONAL) Enter the keywords party-bus to display control processor information on the party-bus of the specified RPM. (OPTIONAL) Enter the keyword counters to display the standard Ethernet counters. (OPTIONAL) Enter the keyword statistics to display driver-related counters

management-port

party-bus counters statistics

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History

Version 6.5.4.0

Introduced

1734

E-Series Debugging and Diagnostics

show hardware rpm mac counters

Example

Figure 618 show hardware rpm Command Examples

show hardware rpm mac counters

e
Syntax Parameters

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History

Version 6.5.4.0

Introduced

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1735

show hardware rpm rp1/rp2

Example

Figure 619 show hardware rpm mac counters Command Example

Table 165 defines the fields displayed in Figure 619. Table 165 show hardware rpm mac counters Command Example Information
Slot ID # RX Frames TX Frames Port number on the party-bus control switch. Number of packets received by the party-bus switch from the processor in the specified slot. Number of packets sent by the party-bus switch to the processor in the specified slot.

show hardware rpm rp1/rp2

e
Syntax

Display advanced debugging information for the RPM processors. show hardware rpm slot-number {rp1 | rp2} {data-plane | party-bus} {counters | statistics} slot-number rp1 | rp2 data-plane party-bus counters statistics
Enter the RPM slot number 0 or 1. Enter either the keyword rp1 or rp2 to designate which route processor debug information to display. (OPTIONAL) Enter the keywords data-plane to display control processor information on the dataplane of the specified RPM. (OPTIONAL) Enter the keywords party-bus to display control processor information on the party-bus of the specified RPM. (OPTIONAL) Enter the keyword counters to display the standard Ethernet counters. (OPTIONAL) Enter the keyword statistics to display driver-related counters

Parameters

Defaults

No default values or behavior

1736

E-Series Debugging and Diagnostics

show interfaces link-status

Command Modes

EXEC EXEC Privilege

Usage Information

If the "dropped cell" field is non-zero, look for a pattern such as burstiness when the counters increment. It is normal to see a small number of continuous cell drops. Burstiness may indicate congestion on the internal switch at a particular point in time.
Version 6.5.4.0 Introduced

Command History

show interfaces link-status

e
Syntax Parameters

Command Modes

EXEC EXEC Privilege

Command History Example

Version 6.5.4.0

Introduced

Figure 620 show interfaces tengigabitethernet Command Example

Table 166 defines the information displayed in Figure 620. Table 166 Lines in show interfaces tengigabitethernet Command Example Line
Loss of Signal

Rx Signal Lock Error

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1737

show logging driverlog

Table 166 Lines in show interfaces tengigabitethernet Command Example Line

PCS Link State Link Fault Remote.

Description
Display the state of the PCS (Physical Coding sub-layer). The state is either up or down. Indicates if the remote device has detected a fault, is inhibiting transmission of frames, and may be continuously transmitting idle messages. Indicates if a local fault is detected that may inhibit transmission of frames, and may be continuously transmitting remote fault signals. Indicates the detections of a non-idle symbol during an idle period. Indicates the detections of an illegal symbol, other than an error symbol, while receiving data frames. Indicates the detections of an error symbol while receiving data frames.

Link Fault Local. Link Fault Idle Error Link Fault Illegal Symbol Link Fault Error Symbol.

show logging driverlog

e
Syntax Parameters

Display the driver log for the RPM CP processor or for the line card CPU in the specified slot. show logging driverlog [linecard number] linecard number
(OPTIONAL) Enter the keyword linecard followed by the line card slot number to display the driver log for the specified line card. Range: 0 to 13 on a E1200, 0 to 6 on a E600/E600i, and 0 to 5 on an E300

Defaults Command Modes

No default values or behavior EXEC EXEC Privilege

Command History Usage Information

Version 6.5.4.0

Introduced

This command displays internal software driver information which may be useful during troubleshooting line card initialization errors, such as downed Port-Pipe.

show running-config hardware-monitor

e
Syntax Defaults

Display the hardware-monitor action-on-error settings. show running-config hardware-monitor No default values or behavior

1738

E-Series Debugging and Diagnostics

show running-config hardware-monitor

Command Modes Command History Example

EXEC Privilege
Version 7.8.1.0 Introduced

Figure 621 show running-config hardware-monitor Command Example

Force10#show running-config hardware-monitor ! hardware monitor mac action-on-error port-shutdown hardware monitor linecard asic BTM action-on-error card-reset hardware monitor linecard asic FPC action-on-error card-problem Force10#

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1739

show running-config hardware-monitor

1740

E-Series Debugging and Diagnostics

Chapter 67

S-Series Debugging and Diagnostics

This chapter contains three sections: Offline Diagnostic Commands Buffer Tuning Commands Hardware Commands

Offline Diagnostic Commands

The offline diagnostics test suite is useful for isolating faults and debugging hardware. While tests are running, FTOS results are saved as a text file(TestReport-SU-X.txt) in the flash directory. This show file command is available only on master and standby.

Important Points to Remember

Offline diagnostics can only be run when the unit is offline. You can only run offline diagnostics on a unit to which you are connected via console. In other words, you cannot run diagnostics on a unit to which you are connected via a stacking link. Diagnostic results are printed to the screen. FTOS does not write them to memory. Diagnostics only test connectivity, not the entire data path.

The offline diagnostics commands are: diag stack-unit offline stack-unit online stack-unit

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1741

diag stack-unit

diag stack-unit
s
Syntax Parameters

Run offline diagnostics on a stack unit. diag stack-unit number [alllevels | level0 | level1 | level2] verbose testname number alllevels level0
Enter the stack-unit number. Range: 0 to 7 Enter the keyword alllevels to run the complete set of offline diagnostic tests. Enter the keyword level0 to run Level 0 diagnostics. Level 0 diagnostics check for the presence of various components and perform essential path verifications. In addition, they verify the identification registers of the components on the board. Enter the keyword Level1 to run Level 1 diagnostics. Level 1 diagnostics is a smaller set of diagnostic tests with support for automatic partitioning. They perform status/self test for all the components on the board and test their registers for appropriate values. In addition, they perform extensive tests on memory devices (e.g., SDRAM, flash, NVRAM, EEPROM, and CPLD) wherever possible. There are no tests on 10G links. At this level, stack ports are shut down automatically. Enter the keyword level2 to run Level 2 diagnostics. Level 2 diagnostics is a full set of diagnostic tests with no support for automatic partitioning. Level 2 diagnostics are used primarily for on-board loopback tests and more extensive component diagnostics. Various components on the board are put into loop back mode, and test packets are transmitted through those components. These diagnostics also perform snake tests using VLAN configurations. You must physically remove the unit from the stack to test 10G links. Enter the keyword verbose to run the diagnostic in verbose mode. Verbose mode gives more information in the output than standard mode. Enter the keyword level2 to run a specific test case. Enclose the test case name in double quotes ( ). For example: diag stack-unit 1 level1 testname first

level1

level2

verbose testname

Defaults Command Modes Command History

None EXEC Privilege

Version 8.3.1.0 Version 7.7.1.0 Introduced the verbose option. Introduced on S-Series

offline stack-unit
s
Syntax Parameters

Place a stack unit in the offline state. offline stack-unit number number
Enter the stack unit number. Range: 0 to 7

Defaults

None

1742

S-Series Debugging and Diagnostics

online stack-unit

Command Mode Command History

EXEC Privilege
H

Version 8.2.1.0 Version 7.7.1.0

Added warning message to off-line diagnostic Introduced on S-Series View S-Series system component status (for example, temperature, voltage).

Related Commands Usage Information

show environment (S-Series)

You cannot enter this command on a Master or Standby unit. The system reboots when the off-line diagnostics complete. This is an automatic process. A warning message appears when the offline stack-unit command is implemented.
Warning - Diagnostic execution will cause stack-unit to reboot after completion of diags. Proceed with Offline-Diags [confirm yes/no]:y

online stack-unit
s
Syntax Parameters

Place a stack unit in the online state. online stack-unit number number
Enter the stack unit number. Range: 0 to 7

Defaults Command Mode Command History Related Commands

None EXEC Privilege

Version 7.7.1.0

Introduced on S-Series

show environment (S-Series)

View S-Series system component status (for example, temperature, voltage).

Buffer Tuning Commands

The buffer tuning commands are: buffer (Buffer Profile) buffer (Configuration) buffer-profile (Configuration) buffer-profile (Interface) show buffer-profile

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1743

buffer (Buffer Profile)

show buffer-profile interface

Warning: Altering the buffer allocations is a sensitive operation. Do not use any buffer tuning commands
without first contacting the Force10 Technical Assistance Center.

buffer (Buffer Profile)

cs
Syntax

Allocate an amount of dedicated buffer space, dynamic buffer space, or packet pointers to queues 0 to 3. buffer [dedicated | dynamic | packets-pointers] queue0 number queue1 number queue2 number queue3 number dedicated dynamic packets-pointers queue0 number
Enter this keyword to configure the amount of dedicated buffer space per queue. Enter this keyword to configure the amount of dynamic buffer space per Field Processor. Enter this keyword to configure the number of packet pointers per queue. Enter this keyword to allocate an amount of buffer space or packet pointers to Queue 0. Dedicated Buffer Range: 0-2013 Dynamic Buffer Range: FP: 0-2013 CSF: 0-131200 (in multiples of 80) Packet Pointer Range: 0-2047

Parameters

queue1 number

1744

S-Series Debugging and Diagnostics

buffer (Configuration)

queue2 number

queue3 number

Defaults Command Mode Command History

None BUFFER PROFILE

Version 7.7.1.0 Version 7.6.1.0

Introduced on S-Series Introduced on C-Series Create a buffer profile that can be applied to an interface.

Related Commands

buffer-profile (Configuration)

buffer (Configuration)
cs
Apply a buffer profile to all Field or Switch Fabric processors in a port-pipe. buffer [csf | fp-uplink] linecard slot port-set port-pipe buffer-policy buffer-profile
Parameters

csf fp-uplink linecard slot port-set port-pipe buffer-policy buffer-profile None

Enter this keyword to apply a buffer profile to all Switch Fabric processors in a port-pipe. Enter this keyword to apply a buffer profile to all Field Processors in a a port-pipe. Enter the keyword linecard followed by the line card slot number. Enter the keyword port-set followed by the port-pipe number. Range: 0-3 on C-Series, 0-1 on S-Series Enter the keyword buffer-policy followed by the name of a buffer profile you created.

Command Mode

BUFFER PROFILE

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1745

buffer-profile (Configuration)

Usage Information

If you attempt to apply a buffer profile to a non-existent port-pipe, FTOS displays the following message. However, the configuration still appears in the running-config. %DIFFSERV-2-DSA_BUFF_CARVING_INVALID_PORT_SET: Invalid FP port-set 2 for linecard 2. Valid range of port-set is <0-1>

Usage Information

Command History

Version 7.7.1.0 Version 7.6.1.0

Introduced on S-Series Introduced on C-Series Create a buffer profile that can be applied to an interface.

Related Commands

buffer-profile (Configuration)

buffer-profile (Configuration)
cs
Syntax Parameters

Defaults Command Mode Command History

global 4Q CONFIGURATION
H

Version 7.8.1.0 Version 7.7.1.0 Version 7.6.1.0

Added global keyword. Introduced on S-Series Introduced on C-Series

1746

S-Series Debugging and Diagnostics

buffer-profile (Interface)

Related Commands

buffer (Buffer Profile)

Allocate an amount of dedicated buffer space, dynamic buffer space, or packet pointers to queues 0 to 3.

Usage Information

buffer-profile (Interface)
cs
Syntax Parameters

Apply a buffer profile to an interface. buffer-profile profile-name profile-name None INTERFACE

Enter the name of the buffer profile you want to apply to the interface.

Defaults Command Mode Command History

Version 7.7.1.0 Version 7.6.1.0

Introduced on S-Series Introduced on C-Series

Related Commands

buffer-profile (Configuration)

Create a buffer profile that can be applied to an interface.

show buffer-profile
cs
Syntax Parameters

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1747

show buffer-profile interface

Defaults Command Mode Command History

None INTERFACE
Version 7.7.1.0 Version 7.6.1.0 Introduced on S-Series Introduced on C-Series

Example

Figure 622 show buffer-profile Command Example

Force10#show buffer-profile summary fp-uplink Linecard Port-set Buffer-profile 0 0 test1 4 0 test2 Force10#

Related Commands

buffer-profile (Configuration)

Create a buffer profile that can be applied to an interface.

show buffer-profile interface

cs
Syntax Parameters

Defaults Command Mode Command History

None INTERFACE
H

Version 7.7.1.0 Version 7.6.1.0

Introduced on S-Series Introduced on C-Series

1748

S-Series Debugging and Diagnostics

clear hardware stack-unit

Example

Figure 623 show buffer-profile interface Command Example

Related Commands

buffer-profile (Configuration)

Create a buffer profile that can be applied to an interface.

Hardware Commands
These commands display information from a hardware sub-component or ASIC. The commands are: clear hardware system-flow clear hardware system-flow hardware watchdog show hardware layer2 acl show hardware layer3 show hardware stack-unit show hardware system-flow

clear hardware stack-unit

s
Syntax

Clear statistics from selected hardware components. clear hardware stack-unit 07 {counters | unit 01 counters | cpu data-plane statistics | cpu party-bus statistics | stack-port 052} stack-unit 0-7
Enter the keyword stack-unit followed by 0 to 7 to select a

Parameters

particular stack member and then enter one of the following command options to clear a specific collection of data. counters
Enter the keyword counters to clear the counters on the selected stack member.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1749

clear hardware system-flow

unit 01 counters

Enter the keyword unit along with a port-pipe number, from 0 to 1, followed by the keyword counters to clear the counters on the selected port-pipe. Note: S25 models (S25N, S25P, S25V, etc.) have only port-pipe 0. Enter the keywords cpu data-plane statistics to clear the data plane statistics. Enter the keywords cpu party-bus statistics to clear the management statistics. Enter the keyword stack-port followed by the port number of the stacking port to clear the statistics of the particular stacking port. Range: 0 to 52

cpu data-plane statistics cpu party-bus statistics stack-port 052

Note: You can identify stack port numbers by physical inspection of the rear modules. The numbering is the same as for the 10G ports. You can also inspect the output of the show system stack-ports command.
Defaults Command Modes Command History Related Commands

No default behavior or values EXEC Privilege

Version 7.8.1.0 Introduced on S-Series

show hardware stack-unit

Display the data plane or management plane input and output statistics of the designated component of the designated stack member.

clear hardware system-flow

s
Syntax Parameters

Clear system-flow statistics from selected hardware components. clear hardware system-flow layer2 stack-unit 0-7 port-set 0-1 counters stack-unit 0-7
Enter the keyword stack-unit followed by 0 to 7 to select a

particular stack member and then enter one of the following command options to clear a specific collection of data. port-set 01 counters
Enter the keyword port-set along with a port-pipe number, from 0 to 1, followed by the keyword counters to clear the system-flow counters on the selected port-pipe. Note: S25 models (S25N, S25P, S25V, etc.) have only port-pipe 0.

Defaults Command Modes Command History

No default behavior or values EXEC Privilege

Version 7.8.1.0 Introduced on S-Series

1750

S-Series Debugging and Diagnostics

hardware watchdog

Related Commands

show hardware stack-unit

Display the data plane or management plane input and output statistics of the designated component of the designated stack member.

hardware watchdog
s
Syntax Defaults Command Mode Command History Usage Information

Set the watchdog timer to trigger a reboot and restart the system. hardware watchdog Enabled CONFIGURATION
Version 7.8.1.0 Introduced

This command enables a hardware watchdog mechanism that automatically reboots an FTOS switch/router with a single unresponsive unit. This is a last resort mechanism intended to prevent a manual power cycle.

show hardware layer2 acl

s
Syntax Parameters

Display Layer 2 ACL data for the selected stack member and stack member port-pipe. show hardware layer2 acl stack-unit 0-7 port-set 0-1 stack-unit 0-7 port-set 0-1
Enter the keyword stack-unit followed by 0 to 7 to select a stack ID. Enter the keyword port-set with a port-pipe number 0 or 1. The S25 models of the S-Series have only port-pipe 0.

Defaults Command Modes Command History

No default behavior EXEC Privilege

Version 7.8.1.0 Introduced on S-Series

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1751

show hardware layer3

s
Syntax Parameters

Display Layer 3 ACL or QoS data for the selected stack member and stack member port-pipe. show hardware layer3 {acl | qos} stack-unit 0-7 port-set 0-1 acl | qos stack-unit 0-7 port-set 0-1 Enter either the keyword acl or the keyword qos to select between ACL or QoS data.
Enter the keyword stack-unit followed by a numeral from 0 to 7 to select a stack ID. Enter the keyword port-set with a port-pipe number 0 or 1. The S25 models of the S-Series have only port-pipe 0.

Defaults Command Modes Command History

No default behavior EXEC Privilege

Version 7.8.1.0 Introduced on S-Series

show hardware stack-unit

s
Syntax

Display the data plane or management plane input and output statistics of the designated component of the designated stack member. show hardware stack-unit 0-7 {cpu data-plane statistics [stack-port 0-52] | cpu party-bus statistics | drops [unit 0-1 [port 0-27]] | stack-port 0-52 | unit 0-1 {counters | details | port-stats [detail] | register}} stack-unit 0-7 {command-option}
Enter the keyword stack-unit followed by 0 to 7 to select a

Parameters

particular stack member and then enter one of the following command options to display a collection of data based on the option entered.
Enter the keywords cpu data-plane statistics, optionally followed by the keywords stack port and its number 0 to 52 to display the data plane statistics, which shows the Higig port raw input/output counter statistics to which the stacking module is connected. Enter the keywords cpu party-bus statistics, to display the Management plane input/output counter statistics of the pseudo party bus interface.

cpu data-plane statistics

cpu party-bus statistics drops [unit 0-1 [port 0-27]]

Enter the drops keyword to display internal drops on the selected stack member. Optionally, use the unit keyword with 0 or 1 to select port-pipe 0 or 1, and then use port 0-27 to select a port on that port-pipe.

1752

S-Series Debugging and Diagnostics

show hardware stack-unit

stack-port 0-52

Enter this keyword and a stacking port number to select a stacking port for which to display statistics. Identify the stack port number as you would to identify a 10G port that was in the same place in one of the rear modules. Note: You can identify stack port numbers by physical inspection of the rear modules. The numbering is the same as for the 10G ports. You can also inspect the output of the show system stack-ports command. Enter the unit keyword followed by 0 or 1 for port-pipe 0 or 1, and then enter one of the following keywords to troubleshoot errors on the selected port-pipe and to give status on why a port is not coming up to register level: counters, details, port-stats [detail], or register

unit 0-1 {counters | details | port-stats [detail] | register}

Defaults Command Modes

No default behavior EXEC EXEC Privilege

Command History

Version 7.8.1.0

Modified: stack-port keyword range expanded from 49-52 to 0-52; output modified for the cpu data-plane statistics option; the following options were added: drops [unit 0-1 [port 0-27]] ; unit 0-1 {counters | details | port-stats [detail] | register} Introduced on S-Series

Version 7.7.1.0

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1753

show hardware stack-unit

Example 1

Figure 624 show hardware stack-unit cpu data-plane statistics Command Example
Force10#show hardware stack-unit 0 cpu data-plane statistics stack-port 49 Input Statistics: 1856 packets, 338262 bytes 141 64-byte pkts, 1248 over 64-byte pkts, 11 over 127-byte pkts 222 over 255-byte pkts, 236 over 511-byte pkts, 0 over 1023-byte pkts 919 Multicasts, 430 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics: 325 packets, 27629 bytes, 0 underruns 9 64-byte pkts, 310 over 64-byte pkts, 1 over 127-byte pkts 1 over 255-byte pkts, 2 over 511-byte pkts, 2 over 1023-byte pkts 0 Multicasts, 3 Broadcasts, 322 Unicasts 0 throttles, 0 discarded, 0 collisions Rate info (interval 299 seconds): Input 00.00 Mbits/sec Output 00.00 Mbits/sec Force10#

Example 2

Figure 625 show hardware stack-unit cpu party-bus statistics Command Example
Force10#show hardware stack-unit 0 cpu party-bus statistics Input Statistics: 8189 packets, 8076608 bytes 0 dropped, 0 errors Output Statistics: 366 packets, 133100 bytes 0 errors Force10#

Example 3

Figure 626 show hardware stack-unit drops Command Example

Force10#show hardware stack-unit 0 drops unit 1 port 27 --- Ingress Drops --Ingress Drops : 0 IBP CBP Full Drops : 0 PortSTPnotFwd Drops : 0 IPv4 L3 Discards : 0 Policy Discards : 0 Packets dropped by FP : 0 (L2+L3) Drops : 0 Port bitmap zero Drops : 0 Rx VLAN Drops : 0 --- Ingress MAC counters--Ingress FCSDrops : 0 Ingress MTUExceeds : 0 --- MMU Drops --HOL DROPS : 0 TxPurge CellErr : 0 Aged Drops : 0 --- Egress MAC counters--Egress FCS Drops : 0 --- Egress FORWARD PROCESSOR Drops --IPv4 L3UC Aged & Drops : 0 TTL Threshold Drops : 0 INVALID VLAN CNTR Drops : 0 L2MC Drops : 0 PKT Drops of ANY Conditions : 0 Hg MacUnderflow : 0 TX Err PKT Counter : 0 25 Force10#

1754

S-Series Debugging and Diagnostics

show hardware stack-unit

Example 4

Figure 627 show hardware stack-unit port-stats Command Example

Force10#show hardware stack-unit 0 unit 0 port-stats ena/ speed/ link auto STP port link duplex scan neg? state pause discrd ge0 down SW Yes Block Untag ge1 !ena SW Yes Block Tag ge2 !ena SW Yes Block Tag ge3 !ena SW Yes Block Tag ge4 !ena SW Yes Forward Tag ge5 !ena SW Yes Forward Tag ge6 !ena SW Yes Forward Tag ge7 !ena SW Yes Forward Tag ge8 !ena SW Yes Forward Tag ge9 !ena SW Yes Forward Tag ge10 !ena SW Yes Forward Tag ge11 !ena SW Yes Forward Tag ge12 !ena SW Yes Forward Tag ge13 !ena SW Yes Forward Tag ge14 !ena SW Yes Forward Tag ge15 !ena SW Yes Forward Tag ge16 !ena SW Yes Forward Tag ge17 !ena SW Yes Forward Tag ge18 !ena SW Yes Forward Tag ge19 !ena SW Yes Forward Tag ge20 !ena SW Yes Forward Tag ge21 !ena SW Yes Forward Tag ge22 !ena SW Yes Forward Tag ge23 !ena SW Yes Forward Tag hg0 up 12G FD SW No Forward None hg1 up 12G FD SW No Forward None hg2 down 10G FD SW No Forward None hg3 down 10G FD SW No Forward None 0 Force10# lrn ops FA FA FA FA F F F F F F F F F F F F F F F F F F F F F F F F inter face SGMII SGMII SGMII SGMII SGMII SGMII SGMII SGMII SGMII SGMII SGMII SGMII SGMII SGMII SGMII SGMII SGMII SGMII SGMII SGMII SGMII SGMII SGMII SGMII XGMII XGMII XGMII XGMII max frame 1554 1554 1554 1554 1554 1554 1554 1554 1554 1554 9252 9252 1554 1554 1554 1554 1554 1554 1554 1554 1554 1554 1554 1554 16360 16360 16360 16360 loop back

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1755

show hardware stack-unit

Example 5

Figure 628 show hardware stack-unit unit 1 register Command Example

Force10#show hardware stack-unit 0 unit 1 register 0x0068003c AGINGCTRMEMDEBUG.mmu0 = 0x00000000 0x0068003d AGINGEXPMEMDEBUG.mmu0 = 0x00000000 0x00680017 ASFCONFIG.mmu0 = 0x0000000e 0x0060004c ASFPORTSPEED.ge0 = 0x00000000 0x0060104c ASFPORTSPEED.ge1 = 0x00000000 0x0060204c ASFPORTSPEED.ge2 = 0x00000000 0x0060304c ASFPORTSPEED.ge3 = 0x00000000 0x0060404c ASFPORTSPEED.ge4 = 0x00000000 0x0060504c ASFPORTSPEED.ge5 = 0x00000000 0x0060604c ASFPORTSPEED.ge6 = 0x00000000 0x0060704c ASFPORTSPEED.ge7 = 0x00000000 0x0060804c ASFPORTSPEED.ge8 = 0x00000000 0x0060904c ASFPORTSPEED.ge9 = 0x00000000 0x0060a04c ASFPORTSPEED.ge10 = 0x00000000 0x0060b04c ASFPORTSPEED.ge11 = 0x00000000 0x0060c04c ASFPORTSPEED.ge12 = 0x00000000 0x0060d04c ASFPORTSPEED.ge13 = 0x00000000 0x0060e04c ASFPORTSPEED.ge14 = 0x00000000 0x0060f04c ASFPORTSPEED.ge15 = 0x00000000 0x0061004c ASFPORTSPEED.ge16 = 0x00000000 0x0061104c ASFPORTSPEED.ge17 = 0x00000000 0x0061204c ASFPORTSPEED.ge18 = 0x00000000 0x0061304c ASFPORTSPEED.ge19 = 0x00000000 0x0061404c ASFPORTSPEED.ge20 = 0x00000000 0x0061504c ASFPORTSPEED.ge21 = 0x00000000 0x0061604c ASFPORTSPEED.ge22 = 0x00000000 0x0061704c ASFPORTSPEED.ge23 = 0x00000005 0x0061804c ASFPORTSPEED.hg0 = 0x00000007 0x0061904c ASFPORTSPEED.hg1 = 0x00000007 0x0061a04c ASFPORTSPEED.hg2 = 0x00000000 0x0061b04c ASFPORTSPEED.hg3 = 0x00000000 0x0061c04c ASFPORTSPEED.cpu0 = 0x00000000 0x00780000 AUX_ARB_CONTROL.ipipe0 = 0x0000001c 0x0e700102 BCAST_BLOCK_MASK.ge0 = 0x00000000 0x0e701102 BCAST_BLOCK_MASK.ge1 = 0x00000000 0x0e702102 BCAST_BLOCK_MASK.ge2 = 0x00000000 0x0e703102 BCAST_BLOCK_MASK.ge3 = 0x00000000 0x0e704102 BCAST_BLOCK_MASK.ge4 = 0x00000000 0x0e705102 BCAST_BLOCK_MASK.ge5 = 0x00000000 0x0e706102 BCAST_BLOCK_MASK.ge6 = 0x00000000 0x0e707102 BCAST_BLOCK_MASK.ge7 = 0x00000000 0x0e708102 BCAST_BLOCK_MASK.ge8 = 0x00000000 0x0e709102 BCAST_BLOCK_MASK.ge9 = 0x00000000 0x0e70a102 BCAST_BLOCK_MASK.ge10 = 0x00000000 0x0e70b102 BCAST_BLOCK_MASK.ge11 = 0x00000000 0x0e70c102 BCAST_BLOCK_MASK.ge12 = 0x00000000 0x0e70d102 BCAST_BLOCK_MASK.ge13 = 0x00000000 0x0e70e102 BCAST_BLOCK_MASK.ge14 = 0x00000000 0x0e70f102 BCAST_BLOCK_MASK.ge15 = 0x00000000 0x0e710102 BCAST_BLOCK_MASK.ge16 = 0x00000000 0x0e711102 BCAST_BLOCK_MASK.ge17 = 0x00000000 0x0e712102 BCAST_BLOCK_MASK.ge18 = 0x00000000 0x0e713102 BCAST_BLOCK_MASK.ge19 = 0x00000000 0x0e714102 BCAST_BLOCK_MASK.ge20 = 0x00000000 0x0e715102 BCAST_BLOCK_MASK.ge21 = 0x00000000 0x0e716102 BCAST_BLOCK_MASK.ge22 = 0x00000000 0x0e717102 BCAST_BLOCK_MASK.ge23 = 0x00000000 0x0e718102 BCAST_BLOCK_MASK.hg0 = 0x00000000 0x0e719102 BCAST_BLOCK_MASK.hg1 = 0x00000000 0x0e71a102 BCAST_BLOCK_MASK.hg2 = 0x00000000 0x0e71b102 BCAST_BLOCK_MASK.hg3 = 0x00000000 0x0e71c102 BCAST_BLOCK_MASK.cpu0 = 0x00000000 0x0b700001 BCAST_STORM_CONTROL.ge0 = 0x00000000 0x0b701001 BCAST_STORM_CONTROL.ge1 = 0x00000000 0x0b702001 BCAST_STORM_CONTROL.ge2 = 0x00000000 0x0b703001 BCAST_STORM_CONTROL.ge3 = 0x00000000 0x0b704001 BCAST_STORM_CONTROL.ge4 = 0x00000000 0x0b705001 BCAST_STORM_CONTROL.ge5 = 0x00000000 0x0b706001 BCAST_STORM_CONTROL.ge6 = 0x00000000 0x0b707001 BCAST_STORM_CONTROL.ge7 = 0x00000000 0x0b708001 BCAST_STORM_CONTROL.ge8 = 0x00000000 0x0b709001 BCAST_STORM_CONTROL.ge9 = 0x00000000 0x0b70a001 BCAST_STORM_CONTROL.ge10 = 0x00000000 !------------------ output truncated ---------------!

1756

S-Series Debugging and Diagnostics

show hardware stack-unit

Example 4

Figure 629 show hardware stack-unit unit 1 details Command Example

Force10# show hardware stack-unit 0 unit 1 details ****************************************************** The total no of FP & CSF Devices in the Card is 2 The total no of FP Devices in the Card is 2 The total no of CSF Devices in the Card is 0 The number of ports in device 0 is - 24 The number of Hg ports in devices 0 is - 4 The CPU Port of the device is 28 The number of ports in device 1 is - 24 The number of Hg ports in devices 1 is - 4 The CPU Port of the device is 28 The staring unit no the SWF in the device is 0 ****************************************************** The Current Link Status Is Front End Link Status 0x000000000000400000000000 Front End Port Present Status 0x000000000000000000000000 Back Plane Link Status 0x00000000 ****************************************************** Link Status of all the ports in the Device - 1 The linkStatus of Front End Port 0 is FALSE The linkStatus of Front End Port 1 is FALSE The linkStatus of Front End Port 2 is FALSE The linkStatus of Front End Port 3 is FALSE The linkStatus of Front End Port 4 is FALSE The linkStatus of Front End Port 5 is FALSE The linkStatus of Front End Port 6 is FALSE The linkStatus of Front End Port 7 is FALSE The linkStatus of Front End Port 8 is FALSE The linkStatus of Front End Port 9 is FALSE The linkStatus of Front End Port 10 is FALSE The linkStatus of Front End Port 11 is FALSE The linkStatus of Front End Port 12 is FALSE The linkStatus of Front End Port 13 is FALSE The linkStatus of Front End Port 14 is FALSE The linkStatus of Front End Port 15 is FALSE The linkStatus of Front End Port 16 is FALSE The linkStatus of Front End Port 17 is FALSE The linkStatus of Front End Port 18 is FALSE The linkStatus of Front End Port 19 is FALSE The linkStatus of Front End Port 20 is FALSE The linkStatus of Front End Port 21 is FALSE The linkStatus of Front End Port 22 is FALSE The linkStatus of Front End Port 23 is TRUE The linkStatus of Hg Port 24 is TRUE The linkStatus of Hg Port 25 is TRUE The linkStatus of Hg Port 26 is FALSE The linkStatus of Hg Port 27 is FALSE !------------------ output truncated ---------------!

Related Commands

clear hardware system-flow show interfaces stack-unit show processes cpu (S-Series) show system stack-ports show system (S-Series)

Clear statistics from selected hardware components. Display information on all interfaces on a specific S-Series stack member. Display CPU usage information based on processes running in an S-Series.

Display information about the stacking ports on all switches in the S-Series stack. Display the current status of all stack members or a specific member.

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1757

show hardware system-flow

s
Syntax Parameters

Display Layer 3 ACL or QoS data for the selected stack member and stack member port-pipe. show hardware system-flow layer2 stack-unit 0-7 port-set 0-1 [counters] acl | qos For the selected stack member and stack member port-pipe, display which system flow entry the packet hits and what queue the packet takes as it dumps the raw system flow tables.
Enter the keyword stack-unit followed by 0 to 7 to select a stack member ID. Enter the keyword port-set with a port-pipe number 0 or 1. The S25 models of the S-Series have only port-pipe 0. (OPTIONAL) Enter the keyword counters to display hit counters for the selected ACL or QoS option.

stack-unit 0-7 port-set 0-1 [counters]

Defaults Command Modes Command History Example 1

No default behavior EXEC Privilege

Version 7.8.1.0 Introduced on S-Series

Figure 630 show hardware system-flow layer2 counters Command Example

Force10#show hardware system-flow layer2 stack-unit 0 port-set 0 counters --------------------------------------------------------------------------EntryId Description #HITS --------------------------------------------------------------------------2048 STP BPDU Redirects 0 2047 LLDP BPDU Redirects 0 2045 LACP traffic Redirects 0 2044 GVRP traffic Redirects 0 2043 ARP Reply Redirects 0 2042 802.1x frames Redirects 0 2041 VRRP frames Redirects 0 2040 GRAT ARP 0 2039 DROP Cases 0 2038 OSPF1 STUB 0 2037 OSPF2 STUB 0 2036 VRRP STUB 0 2035 L2_DST_HIT+BC MAC+VLAN 4095 0 2034 L2_DST_HIT+BC MAC 0 2033 Catch all 0 384 OSPF[224.0.0.5] Packets 0 383 OSPF[224.0.0.6] Packets 0 382 VRRP Packets 0 380 BCast L2_DST_HIT on VLAN 4095 0 379 BCAST L2_DST_HIT Packets 0 4 Unknown L2MC Packets 0 3 L2DLF Packets 0 2 L2UCAST Packets 0 1 L2BCASTPackets 0 25 Force10#

1758

S-Series Debugging and Diagnostics

show hardware system-flow

Example 2

Figure 631 show hardware system-flow layer2 (non-counters) Command Example

Force10#show hardware system-flow layer2 stack-unit 0 port-set 0 ############## FP Entry for redirecting STP BPDU to CPU Port ################ EID 2048: gid=1, slice=15, slice_idx=0x00, prio=0x800, flags=0x82, Installed tcam: color_indep=0, higig=0, higig_mask=0, KEY=0x00000000 00000000 00000000 0180c200 00000000 00000000 00000000 , FPF4=0x00 MASK=0x00000000 00000000 00000000 ffffffff ffff0000 00000000 00000000 , 0x00 action={act=Drop, param0=0(0x00), param1=0(0x00)}, action={act=CosQCpuNew, param0=7(0x07), param1=0(0x00)}, action={act=CopyToCpu, param0=0(0x00), param1=0(0x00)}, action={act=UpdateCounter, param0=1(0x01), param1=0(0x00)}, meter=NULL, counter={idx=0, mode=0x01, entries=1} ################ FP Entry for redirecting LLDP BPDU to RSM ################ EID 2047: gid=1, slice=15, slice_idx=0x01, prio=0x7ff, flags=0x82, Installed tcam: color_indep=0, higig=0, higig_mask=0, KEY=0x00000000 00000000 00000000 0180c200 000e0000 00000000 00000000 , FPF4=0x00 MASK=0x00000000 00000000 00000000 ffffffff ffff0000 00000000 00000000 , 0x00 action={act=Drop, param0=0(0x00), param1=0(0x00)}, action={act=CosQCpuNew, param0=7(0x07), param1=0(0x00)}, action={act=CopyToCpu, param0=0(0x00), param1=0(0x00)}, action={act=UpdateCounter, param0=1(0x01), param1=0(0x00)}, meter=NULL, counter={idx=1, mode=0x01, entries=1} ############## FP Entry for redirecting LACP traffic to CPU Port ############ EID 2045: gid=1, slice=15, slice_idx=0x02, prio=0x7fd, flags=0x82, Installed tcam: color_indep=0, higig=0, higig_mask=0, KEY=0x00000000 00000000 00000000 0180c200 00020000 00000000 00000000 , FPF4=0x00 MASK=0x00000000 00000000 00000000 ffffffff ffff0000 00000000 00000000 , 0x00 action={act=Drop, param0=0(0x00), param1=0(0x00)}, action={act=CosQCpuNew, param0=7(0x07), param1=0(0x00)}, action={act=CopyToCpu, param0=0(0x00), param1=0(0x00)}, action={act=UpdateCounter, param0=1(0x01), param1=0(0x00)}, meter=NULL, counter={idx=2, mode=0x01, entries=1} ################# FP Entry for redirecting GVRP traffic to RSM ########### EID 2044: gid=1, slice=15, slice_idx=0x03, prio=0x7fc, flags=0x82, Installed tcam: color_indep=0, higig=0, higig_mask=0, KEY=0x00000000 00000000 00000000 0180c200 00210000 00000000 00000000 , FPF4=0x00 MASK=0x00000000 00000000 00000000 ffffffff ffff0000 00000000 00000000 , 0x00 action={act=Drop, param0=0(0x00), param1=0(0x00)}, action={act=CosQCpuNew, param0=7(0x07), param1=0(0x00)}, action={act=CopyToCpu, param0=0(0x00), param1=0(0x00)}, action={act=UpdateCounter, param0=1(0x01), param1=0(0x00)}, meter=NULL, counter={idx=3, mode=0x01, entries=1} ################# FP Entry for redirecting ARP Replies to RSM ############# EID 2043: gid=1, slice=15, slice_idx=0x04, prio=0x7fb, flags=0x82, Installed tcam: color_indep=0, higig=0, higig_mask=0, KEY=0x00000000 00000000 00000000 00000000 00000000 00000806 00001600 , FPF4=0x00 MASK=0x00000000 00000000 00000000 00000000 00000000 0000ffff 00001600 , 0x00 action={act=Drop, param0=0(0x00), param1=0(0x00)}, action={act=CosQCpuNew, param0=6(0x06), param1=0(0x00)}, action={act=CopyToCpu, param0=0(0x00), param1=0(0x00)}, action={act=UpdateCounter, param0=1(0x01), param1=0(0x00)}, !--------- output truncated -----------------!

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1759

show hardware system-flow

1760

S-Series Debugging and Diagnostics

Appendix A

ICMP Message Types

This chapter lists and describes the possible ICMP Message Type resulting from a ping. The first three columns list the possible symbol or type/code. For example, you would receive a ! or 03 as an echo reply from your ping. Table 167 ICMP Messages and their definitions Symbol Type
! U 0 3 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 C 4 5 0 1 2 3 8 0 0 3

Code

Description
Timeout (no reply) echo reply destination unreachable: network unreachable host unreachable protocol unreachable port unreachable fragmentation needed but dont fragment bit set source route failed destination network unknown destination host unknown source host isolated (obsolete) destination network administratively prohibited destination host administratively prohibited network unreachable for TOS host unreachable for TOS communication administratively prohibited by filtering host precedence violation precedence cutoff in effect source quench redirect redirect for network redirect for host redirect for type-of-service and network redirect for type-of-service and host echo request

Query

Error

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1761

Table 167 ICMP Messages and their definitions Symbol Type

9 10 & 11 0 1 12 1 2 13 14 15 16 17 18 0 0 0 0 0 0

Code
0 0

Description
router advertisement router solicitation time exceeded: time-to-live equals 0 during transit time-to-live equals 0 during reassembly parameter problem: IP header bad (catchall error) required option missing timestamp request timestamp reply information request (obsolete) information reply (obsolete) address mask request address mask reply

Query

Error

1762

Appendix B

SNMP Traps

This chapter lists the traps sent by FTOS. Each trap is listed by the fields Message ID, Trap Type, and Trap Option, and the next is the message(s) associated with the trap. Table 168 SNMP Traps and Error Messages Message ID
COLD_START

Trap Type
SNMP

Trap Option
COLDSTART

%SNMP-5-SNMP_COLD_START: SNMP COLD_START trap sent. WARM_START SNMP WARMSTART

COPY_CONFIG_COMPLETE SNMP Copy Config Command Completed LINK_DOWN

SNMP

NONE

SNMP

LINKDOWN

%IFA-1-PORT_LINKDN: changed interface state to down:%d LINK_UP SNMP LINKUP

%IFA-1-PORT_LINKUP: changed interface state to up:%d AUTHENTICATION_FAIL SNMP AUTH

%SNMP-3-SNMP_AUTH_FAIL: SNMP Authentication failed.Request with invalid community string. EGP_NEIGHBOR_LOSS SNMP NONE

OSTATE_DOWN

SNMP

LINKDOWN

%IFM-1-OSTATE_DN: changed interface state to down:%s %IFM-5-CSTATE_DN:Changed interface Physical state to down: %s OSTATE_UP SNMP LINKUP

%IFM-1-OSTATE_UP: changed interface state to up:%s %IFM-5-CSTATE_UP: Changed interface Physical state to up: %s RMON_RISING_THRESHOLD SNMP NONE

%RPM0-P:CP %SNMP-4-RMON_RISING_THRESHOLD: RMON rising threshold alarm from SNMP OID <oid> RMON_FALLING_THRESHOLD SNMP NONE

%RPM0-P:CP %SNMP-4-RMON_FALLING_THRESHOLD: RMON falling threshold alarm from SNMP OID <oid> RMON_HC_RISHING_THRESHOLD SNMP NONE

%RPM0-P:CP %SNMP-4-RMON_HC_RISING_THRESHOLD: RMON high-capacity rising threshold alarm from SNMP OID <oid> RMON_HC_FALLING_THRESHOLD SNMP NONE

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1763

Table 168 SNMP Traps and Error Messages (continued) Message ID Trap Type Trap Option

%RPM0-P:CP %SNMP-4-RMON_HC_FALLING_THRESHOLD: RMON high-capacity falling threshold alarm from SNMP OID <oid> RESV N/A CHM_CARD_DOWN ENVMON NONE NONE NONE

%CHMGR-1-CARD_SHUTDOWN: %sLine card %d down - %s %CHMGR-2-CARD_DOWN: %sLine card %d down - %s CHM_CARD_UP ENVMON NONE

%CHMGR-5-LINECARDUP: %sLine card %d is up CHM_CARD_MISMATCH ENVMON NONE

%CHMGR-3-CARD_MISMATCH: Mismatch: line card %d is type %s - type %s required. CHM_CARD_PROBLEM ENVMON NONE

CHM_ALARM_CUTOFF

ENVMON

NONE

CHM_SFM_UP

ENVMON

NONE

CHM_SFM_DOWN

ENVMON

NONE

CHM_RPM_UP

ENVMON

NONE

%RAM-6-RPM_STATE: RPM1 is in Active State %RAM-6-RPM_STATE: RPM0 is in Standby State CHM_RPM_DOWN ENVMON NONE

%CHMGR-2-RPM_DOWN: RPM 0 down - hard reset %CHMGR-2-RPM_DOWN: RPM 0 down - card removed CHM_RPM_PRIMARY ENVMON NONE

%RAM-5-COLD_FAILOVER: RPM Failover Completed %RAM-5-HOT_FAILOVER: RPM Failover Completed %RAM-5-FAST_FAILOVER: RPM Failover Completed CHM_SFM_ADD %TSM-5-SFM_DISCOVERY: Found SFM 1 CHM_SFM_REMOVE %TSM-5-SFM_REMOVE: Removed SFM 1 CHM_MAJ_SFM_DOWN ENVMON NONE ENVMON NONE ENVMON NONE

%CHMGR-0-MAJOR_SFM: Major alarm: Switch fabric down CHM_MAJ_SFM_DOWN_CLR ENVMON NONE

%CHMGR-5-MAJOR_SFM_CLR: Major alarm cleared: Switch fabric up CHM_MIN_SFM_DOWN ENVMON NONE

%CHMGR-2-MINOR_SFM: MInor alarm: No working standby SFM

1764

Table 168 SNMP Traps and Error Messages (continued) Message ID

CHM_MIN_SFM_DOWN_CLR

Trap Type
ENVMON

Trap Option
NONE

%CHMGR-5-MINOR_SFM_CLR: Minor alarm cleared: Working standby SFM present CHM_PWRSRC_DOWN ENVMON SUPPLY

%CHMGR-2-PEM_PRBLM: Major alarm: problem with power entry module %s CHM_PWRSRC_CLR ENVMON SUPPLY

%CHMGR-5-PEM_OK: Major alarm cleared: power entry module %s is good CHM_MAJ_ALARM_PS ENVMON SUPPLY

%CHMGR-0-MAJOR_PS: Major alarm: insufficient power %s CHM_MAJ_ALARM_PS_CLR ENVMON SUPPLY

%CHMGR-5-MAJOR_PS_CLR: major alarm cleared: sufficient power CHM_MIN_ALARM_PS ENVMON SUPPLY

%CHMGR-1-MINOR_PS: Minor alarm: power supply non-redundant CHM_MIN_ALARM_PS_CLR ENVMON SUPPLY

%CHMGR-5-MINOR_PS_CLR: Minor alarm cleared: power supply redundant CHM_MIN_ALRM_TEMP ENVMON TEMP

%CHMGR-2-MINOR_TEMP: Minor alarm: chassis temperature CHM_MIN_ALRM_TEMP_CLR ENVMON TEMP

%CHMRG-5-MINOR_TEMP_CLR: Minor alarm cleared: chassis temperature normal (%s %d temperature is within threshold of %dC) CHM_MAJ_ALRM_TEMP ENVMON TEMP

%CHMGR-2-MAJOR_TEMP: Major alarm: chassis temperature high (%s temperature reaches or exceeds threshold of %dC) CHM_MAJ_ALRM_TEMP_CLR ENVMON TEMP

%CHMGR-2-MAJOR_TEMP_CLR: Major alarm cleared: chassis temperature lower (%s %d temperature is within threshold of %dC) CHM_FANTRAY_BAD ENVMON FAN

For E1200: %CHMGR-2-FAN_TRAY_BAD: Major alarm: fantray %d is missing or down %CHMGR-2-ALL_FAN_BAD: Major alarm: all fans in fan tray %d are down. For E600 and E300: %CHMGR-2-FANTRAYBAD: Major alarm: fan tray is missing %CHMGR-2-FANSBAD: Major alarm: most or all fans in fan tray are down CHM_FANTRAY_BAD_CLR ENVMON FAN

For the E1200: %CHMGR-5-FAN_TRAY_OK: Major alarm cleared: fan tray %d present For the E600 and E300: %CHMGR-5-FANTRAYOK: Major alarm cleared: fan tray present CHM_MIN_FANBAD ENVMON FAN

For the E1200: %CHMGR-2-FAN_BAD: Minor alarm: some fans in fan tray %d are down For the E600 and E300: %CHMGR- 2-1FANBAD: Minor alarm: fan in fan tray is down CHM_MIN_FANBAD_CLR ENVMON FAN

For E1200: %CHMGR-2-FAN_OK: Minor alarm cleared: all fans in fan tray %d are good For E600 and E300: %CHMGR-5-FANOK: Minor alarm cleared: all fans in fan tray are good TME_TASK_SUSPEND ENVMON NONE

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1765

Table 168 SNMP Traps and Error Messages (continued) Message ID

TME_TASK_TERM

Trap Type
ENVMON

Trap Option
NONE

%TME-2-TASK SUSPENDED: SUSPENDED - svce:%d - inst:%d - task:%s

%TME-2-ABNORMAL_TASK_TERMINATION: CRASH - task:%s %s CHM_CPU_THRESHOLD ENVMON NONE

%CHMGR-5-CPU_THRESHOLD: Cpu %s usage above threshold. Cpu5SecUsage (%d) CHM_CPU_THRESHOLD_CLR ENVMON NONE

%CHMGR-5-CPU_THRESHOLD_CLR: Cpu %s usage drops below threshold. Cpu5SecUsage (%d) CHM_MEM_THRESHOLD ENVMON NONE

%CHMGR-5-MEM_THRESHOLD: Memory %s usage above threshold. MemUsage (%d) CHM_MEM_THRESHOLD_CLR ENVMON NONE

%CHMGR-5-MEM_THRESHOLD_CLR: Memory %s usage drops below threshold. MemUsage (%d) MACMGR_STN_MOVE ENVMON NONE

%MACMGR-5-DETECT_STN_MOVE: Station Move threshold exceeded for Mac %s in vlan %d VRRP_BADAUTH PROTO NONE

%RPM1-P:RP2 %VRRP-3-VRRP_BAD_AUTH: vrid-1 on Gi 11/12 rcvd pkt with authentication type mismatch. %RPM1-P:RP2 %VRRP-3-VRRP_BAD_AUTH: vrid-1 on Gi 11/12 rcvd pkt with authentication failure. VRRP_GO_MASTER PROTO NONE

%VRRP-6-VRRP_MASTER: vrid-%d on %s entering MASTER BGP4_ESTABLISHED PROTO NONE

%TRAP-5-PEER_ESTABLISHED: Neighbor %a, state %s BGP4_BACKW_XSITION PROTO NONE

%TRAP-5-BACKWARD_STATE_TRANS: Neighbor %a, state %s

1766

Index
Symbols
(IFM (interface management)

137

Numerics
cam-profile template 441 802.3x pause frames 604

A
aaa accounting suppress 1375 aaa authentication login 1382 ABR 1075, 1076 Access Control Lists (ACLs) 199 access control lists. See ACL. access-class (common IP ACL) 202 access-group 1383 ACCESS-LIST Mode 9 ACL 8, 9 deny 734 deny tcp 737 deny udp 739 description 269 Important Points to Remember 731 ipv6 access-group 741 permit 743 permit tcp 744 permit udp 747 remark 749 seq 752 show ipv6 accounting access-list 755 ACL VLAN Group acl-vlan-group 295 description 296 lp access-group 296 member vlan 297 show acl-vlan-grou 297 show acl-vlan-group detail 299 show config 300 show running config acl-vlan-group 300 ACL, IP trace lists 1422 acl-vlan-group command 295 action-list command 519 address family ipv4 multicast (MBGP) 400 address family ipv6 unicast (BGP IPv6) 851 Address Resolution Protocol, See ARP. address-family

bgp 320, 783 adjacency-check (ISIS_IPv6) 879 admin-email 519 Administrators email address 519, 521 advertise 879 advertise (ISIS) 879 advertise med guest-voice 977 advertise-interval 1590, 1604 AFI/SAFI 346 aggregate-address 321, 784 aggregate-address (BGP IPv6) 784, 851 aggregate-address (BGP) 321 aggregate-address (MBGP) 401 ais-shut 1490 alarm-report 1490 ANSI/TIA-1057 976 archive 470 archive backup 470 archive config 471 Area Border Router. See ABR. area default-cost 1075 area default-cost (OSPF) 1075 area nssa 1076 area nssa (OSPF) 1076 area range 1076 area range (OSPF) 1076 area stub 1077 area stub (OSPF) 1077 area virtual-link 1078 area virtual-link (OSPF) 1078 area-password 879 area-password (ISIS) 880 arp 674 arp timeout 676 AS 318, 781 AS (Autonomous System) 1073 ASBR 1111 asymmetric flow control 605 audience xv authentication-type 1590 authentication-type simple 1590 auto-cost 1079 auto-cost (OSPF) 1079 auto-negotiation 622 Autonomous System. See AS. auto-summary 1330

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1767

B
bandwidth-percentage 1278 bandwidth-percentage (policy QoS) 1278, 1279 base VLAN 1241 BFD 303 bfd all-neighbors 306 bfd disable 304 bfd enable 304 bfd interval 305 bfd neighbor 307 bfd protocol-liveness 307 BGP 318, 781 bgp four-octet-as-support 330, 792 passive peering 363, 824 soft reconfiguration 798, 799 bgp always-compare-med 322, 785 bgp always-compare-med (BGP IPv6) 785 bgp asnotation 322 bgp bestpath as-path ignore 323, 785 bgp bestpath as-path ignore (BGP IPv6) 785 bgp bestpath med confed 324, 786 bgp bestpath med confed (BGP IPv6) 786 bgp bestpath med missing-as-best 324 bgp bestpath med missing-as-best (BGP IPv6) 786 bgp bestpath router-id-ignore 325 bgp client-to-client reflection 325, 787 bgp client-to-client reflection (BGP IPv6) 787 bgp cluster-id 325, 336, 787, 797 bgp cluster-id (BGP IPv6) 787 bgp confederation identifier 326, 788 bgp confederation identifier (BGP IPv6) 788 bgp confederation peers 327, 789 bgp confederation peers (BGP IPv6) 789 bgp dampening 328, 402, 789, 852 bgp dampening (BGP IPv6) 789, 852 bgp dampening (MBGP) 402 bgp default local-preference 329, 790 bgp default local-preference (BGP IPv6) 790 bgp enforce-first-as 329, 791 bgp fast-external-fallover 330, 792 bgp fast-external-fallover (BGP IPv6) 792 bgp graceful-restart 331, 793 bgp graceful-restart (BGP IPv6) 793 bgp log-neighbor-changes 332, 793 bgp log-neighbor-changes (BGP IPv6) 793 bgp non-deterministic-med 332, 794 bgp non-deterministic-med (BGP IPv6) 794 bgp recursive-bgp-next-hop 333, 794 bgp regex-eval-optz-disable 333, 795 bgp router-id 335, 796 bgp router-id (BGP IPv6) 796 bgp soft-reconfig-backup 335, 402, 796 boot change 52, 54

boot change command 52 boot messages 53 boot messages command 53 boot selection 54 boot selection command 54 boot zero command 54 boot, interrupting 51 BOOT_ADMIN mode (was BOOT_USER) BOOT_USER mode 51 BPDU 1012, 1264, 1365, 1532 break sequence 51 Bridge Protocol Data Units, See BPDU. Bridge Protocol Data Units. See BPDU. bridge-priority 1529 bridge-priority (RSTP) 1362 Broadcast/Unknown Unicast Rate Limiting bsr 1204 BTM 1673, 1722 buffer 1644, 1645, 1744, 1745 Buffer Traffic Manager (BTM) 1673, 1722 buffer-profile 1646, 1647, 1746, 1747 Bulk Configuration see interface range 611 Bulk Configuration Macro see interface range macro 613

1519

C
calendar set 1542 call-home 520 call-home service 517 CAM (Content Addressable Memory) 949 cam ipv4flow command 463 cam l2acl command 466 CAM Profiling Important Points to Remember 440, 450 cam-ipv4flow command 463 cam-l2acl command 466 cam-optimization 452 cam-profile ipv4-vrf 1579, 1581, 1583 cam-profile microcode command 452 capture bgp-pdu max-buffer-size 336 capture bgp-pdu max-buffer-size (BGP IPv6) capture bgp-pdu neighbor 336 capture bgp-pdu neighbor (BGP IPv6) 797 card type 89 card-type 88 case-number command 521 channel-member 657 class-map (policy QoS) 1279 clear arp-cache 677 clear bfd counters 308 clear command history 73 clear config 881

797

1768

clear config (ISIS) 881 clear counters 596 clear counters ip access-group (common IP ACL) 203 clear counters ip trace-group 1422 clear counters mac access-group 248 clear counters vrrp 1591, 1604 clear dampening 598 clear frrp 508 clear gvrp statistics interface 557 clear hardware btm 1673, 1722 clear hardware cpu party-bus 1610 clear hardware rpm mac counters 1610, 1674, 1723 clear hardware stack-unit 1749 clear hardware system-flow 1628, 1750 clear hardware unit 1624 clear host 678 clear host (DNS) 678 clear ip bgp 337, 404, 802 clear ip bgp (BGP IPv6) 799, 800 clear ip bgp * (asterisk) 336, 797 clear ip bgp * (BGP IPv6) 798 clear ip bgp as-number 799 clear ip bgp dampening 338 clear ip bgp dampening ipv4 multicast (MBGP) 403 clear ip bgp dampening ipv6 unicast 853 clear ip bgp flap-statistics 338, 403, 854 clear ip bgp ipv4 multicast 853 clear ip bgp ipv4 multicast flap-statistics network (MBGP) 403 clear ip bgp ipv4 multicast soft 404 clear ip bgp ipv6 dampening 801 clear ip bgp ipv6 flap-statistics 801 clear ip bgp ipv6 unicast (BGP IPv6) 853 clear ip bgp ipv6 unicast dampening 801 clear ip bgp ipv6 unicast flap-statistics 801, 854 clear ip bgp ipv6 unicast soft 802 clear ip bgp ipv6-address 799 clear ip bgp peer-group 338, 405, 800, 854 clear ip bgp peer-group (BGP IPv6) 800 clear ip bgp soft 337 clear ip fib linecard 678 clear ip igmp groups 578 clear ip mroute 1028, 1038 clear ip ospf 1080 clear ip ospf statistics 1080 clear ip pim rp-mapping 1176 clear ip pim tib 1176, 1177 clear ip prefix-list 262 clear ip rip 1330 clear ip route 679 clear ipv6 neighbor 1046 clear ipv6 ospf process 1140 clear isis 881 clear lacp port 926 Command Line Reference for FTOS version 8.4.2.4

clear logging 1476 clear mac-address-table dynamic 934 clear qos statistics (policy QoS) 1280 clear queue statistics egress (QoS) 1317 clear queue statistics ingress (QoS) 1317 clear tcp statistics 679 clear ufd-disable 1558 CLI case sensitivity 4 partial keywords 4 CLI Modes AS-PATH ACL 10 CONFIGURATION 7 EXEC 7 EXEC Privilege 7 INTERFACE 7 IP ACCESS LIST 9 IP COMMUNITY LIST 10 LINE 8 MAC ACCESS LIST 8 MULTIPLE SPANNING TREE 11 PREFIX-LIST 9 REDIRECT-LIST 10 ROUTE-MAP 9 ROUTER BGP 12 ROUTER ISIS 12 ROUTER OSPF 12 ROUTER RIP 12 SPANNING TREE 10, 11 TRACE-LIST 8 cli-command (FTSA command) 523 cli-debug (FTSA command) 523 cli-show (FTSA command) 524 clns host 881 clns host (ISIS) 882 clock read-calendar 1543 clock set 1543 clock source 1491 clock summer-time date 1544 clock summer-time recurring 1545 clock timezone 1546 clock update-calendar 1547 Command Modes 7 command modes 2 community port 1242 community VLAN 1241 conf confirm 472 conf replace 472 conf terminal 473 CONFIGURATION (conf-callhome) mode 520 CONFIGURATION mode 7 configuration mode exclusive 473 Configuration Rollback archive 470 1769

Publication Date: July 20, 2011

archive backup 470 archive config 471 conf confirm 472 conf replace 472 conf terminal 473 configuration mode exclusive 473 maximum (number) 475 show archive 475 show run diff 477 time-period 478 configuration, multiple users 2 contact-address 525, 527 contact-name 525, 526 contact-notes 526 Content Addressable Memory (CAM) 949 contiguous subnet masks 206 continue (Route Map) 268 control break sequence 51 copy (Streamline Upgrade) 22 copy running-config startup-config duplicate Core Dump Files naming conventions 1656, 1704 Core-Dump 28 CPU Traffic Statistics 74, 103, 1634 crypto key generate 1410 CX4-cable-length command 598

D
dampen (FTSA command) 527 dampening 600 dataplane-diag disable dfo-reporting 1653, 1700 dataplane-diag disable loopback 1652, 1698 dataplane-diag disable sfm-bringdown 1699 dataplane-diag disable sfm-walk 1700 debug arp 680 debug bfd 308 debug callhome 528 debug cpu-traffic-stats 1634 debug fefd 501 debug frrp 509 debug gvrp 557 debug ifm trace-flags 1631 debug ip bgp 339, 341, 342, 405, 805 debug ip bgp (BGP IPv6) 803 debug ip bgp (ipv6) 803 debug ip bgp dampening 340 debug ip bgp events 341, 804 debug ip bgp events (BGP IPv6) 804 debug ip bgp events (ipv6) 804 debug ip bgp ipv4 multicast dampening (MBGP) 405 debug ip bgp ipv6 dampening 804 debug ip bgp ipv6 unicast dampening 804, 854 debug ip bgp ipv6 unicast updates 855

debug ip bgp keepalives 341, 806 debug ip bgp keepalives (BGP IPv6) 806 debug ip bgp modify 342, 806 debug ip bgp notifications (BGP IPv6) 806 debug ip bgp peer-group updates (MBGP) 406 debug ip bgp soft-reconfiguration 342 debug ip bgp updates 343, 406, 807, 855 debug ip bgp updates (BGP IPv6) 807 debug ip dhcp 681 debug ip icmp 682 debug ip igmp 579 debug ip ospf 1081 debug ip packet 683 debug ip pim 1178, 1203 debug ip rip 1331 debug ip ssh 1411 debug ip udp-helper 669 debug ipv6 ospf packet 1141 debug isis 882 debug isis adj-packets 882 debug isis local-updates 883, 884 debug isis snp-packets 883, 884 debug isis spf-triggers 884 debug isis update-packets 884 debug lacp 926 debug ntp 1547 debug ppp 1491 debug protocol-tunnel 1440 debug radius 1393 debug spanning-tree 1530 debug spanning-tree mstp 1010 debug spanning-tree rstp 1363 debug tacacs+ 1398 debug track (Object Tracking) 1054 debug uplink-state-group 1559, 1563 debug vrrp 1592, 1605 default logging buffered 1476, 1479 default logging console 1477 default logging monitor 1477 default logging trap 1478, 1485 Default VLAN 957 default vlan-id 957 default-action 528 default-gateway 55 default-gateway command 55 default-information originate 1083 BGP 344 IS-IS 885 OSPF 1083 RIP 1332 default-information originate (ISIS) 885 default-information originate (OSPF IPv6) 1142 default-information originate (RIP) 1332 default-metric

1770

BGP 344, 808 OSPF 1084 RIP 1332 default-metric (BGP IPv6) 808 default-metric (BGP) 344 default-metric (OSPF) 1084 default-metric (RIP) 1332 default-test 529 define interface range macro 613 delay (Object Tracking) 1055 delay triggers line 1492 delete BOOT_USER mode 56 EXEC privilege mode 24 delete command 56 Denial of Service 1422 deny 1423 AS-Path Access list 287 extended IP ACL 214 IP ACL (standard) 206 standard IP ACL 206 Trace list 1423 deny (AS-Path) 287 deny (BGP) 429 deny (Extended MAC ACL) 256 deny (IP Community List) 290 deny (IP prefix ACL) 262 deny (standard MAC ACL) 251 deny arp (extended IP ACL) 216 deny ether-type 218 deny ether-type (extended IP ACLs) deny icmp (extended IP ACLs) 219 deny regex (BGP) 429 deny tcp 1424 IP ACL 222 Trace list 1424 deny tcp (extended IP ACLs) 222 deny udp 1425 IP ACL 225 Trace list 1425 deny udp (extended IP ACLs) 225 description 1164, 1282, 1559 ACL 200 INTERFACE 601 VRRP 1593, 1606 description (ACL) 200 description (BGP) 430 description (FRRP) 509 description (interface) 601 description (Object Tracking) 1056 description (OSPF) 1084 description (Route Map) 269 description (VLAN) 956, 1084 description (VRRP) 1593

description command (ACL VLAN) 296 description, spanning-tree 344, 529, 808,

886, 1011,

1228, 1252, 1333, 1364, 1531 DHCP 689, 690 UDP ports 689 DHCP broadcast messages 689 DHCP server 689 diag linecard 1640, 1670, 1701, 1719 diag sfm 1654, 1702 diag stack-unit 1742
dir BOOT_USER mode 56 EXEC privilege mode 24 dir command 56 disable Spanning Tree Protocol 886,

1011, 1252, 1364,

1531 VRRP 1593 disable (FRRP) 510 disable (GVRP) 558 disable (MSTP) 1011 disable (PVST+) 1252 disable (RSTP) 1364 disable (STP) 1531 disable (VRRP) 1593
disable-on-sfm-failure INTERFACE 602 disable-on-sfm-failure (interface) 602 discontiguous subnet masks 206 display parameter 6 distance IS-IS 886 OSPF 1085 RIP 1333 distance (ISIS) 886 distance (OSPF) 1085 distance (RIP) 1333 distance bgp 344, 345, 529, 809 distance bgp (BGP IPv6) 809 distance bgp (IPv6) 856 distance bgp (MBGP) 407 distance ospf 1086 distribute-list (ISIS) 887, 888 distribute-list (OSPF) 1086, 1087 distribute-list (RIP) 1334, 1335 distribute-list in IS-IS 887 OSPF 1086 RIP 1334 distribute-list out IS-IS 888 OSPF 1087 RIP 1335 distribute-list redistributed-override (ISIS) Publication Date: July 20, 2011

218

889
1771

Command Line Reference for FTOS version 8.4.2.4

distribute-list redistributed-override in 889 IS-IS 889 DNS commands 686, 687, 692, 768 do 75 Document conventions xv domain-name 530 domain-password 889 domain-password (ISIS) 889 DOS 1422 dot1p-priority 1268 dot1p-priority (QoS) 1268 dot1x auth-fail-vlan 184, 1402 dot1x auth-server radius 185, 1403 dot1x guest-vlan 185, 186, 188, 1403 dot1x max-eap-req 187, 1404 dot1x port-control 188, 1405 dot1x quiet-period 189, 1405 dot1x reauthentication 189, 1406 dot1x reauth-max 190, 1406 dot1x server-timeout 191, 1407 dot1x supplicant-timeout 192, 1407 dot1x tx-period 192, 1407 download alt-boot-image 25 downstream 1560 downstream auto-recover 1561 downstream disable links 1562 down-when-looped 1493 duplex 602, 603 duplex (Management) 602 duplex flow control 604 dynamic LAG 657

end 77 except parameter 6 EXEC mode 7 exec-banner 79 exec-timeout 79 exit 80 extended MAC ACL 257 external flash, number of files supported

F
Far-End Failure Detection (FEFD) 501 fast-convergence OSPF 1088 fast-convergence (OSPF) 1088 fefd 502 fefd disable 503 fefd interval 504 fefd mode 502 fefd reset 504 fefd-global 503 fefd-global interval 504 File naming convention application core-dump 1656, 1704 files, number supported on external flash 21 find parameter 6 flood-2328 (OSPF) 1089 flow (cam-profile template) 442 flow control values 606 flow control, asymmetric 605 flow control, duplex 604 flow-based enable 1229 flowcontrol 604 Force10 Service Agent (FTSA) 517 format 57 format (C-Series and E-Series) 26 format command 57 format flash (S-Series) 27 forward-delay 1532 forward-delay (MSTP) 1012 forward-delay (RSTP) 1365 forward-delay (STP) 1532 Forwarding Information Base (FIB) entries 710, 711 framing 1494 frequency 532 ftp-server enable 80 ftp-server topdir 81 ftp-server username 82 FTSA (Call Home), start 520 FTSA commands 532 action-list 519 admin-email 519 call-home 520 case-number 521

E
ECMP 495, 498 egress ACLs 203 email addresses FTSA Administrator 519, 521 FTSA recipient, [email protected] email encryption keys 544 email messages from the switch 517 enable 57, 76, 530 enable (CAM-profile template) 442 enable command 57 enable inverse mask OSPF 1088 enable inverse mask (OSPF) 1088 Enable password 7 enable password 1384, 1385 enable restricted 1385 enable-all 531 encap 1493 encrypt 532 encryption keys, email 544

540

1772

debug callhome 528 domain-name 530 enable 530 enable-all 531 frequency 532 keyadd 533 recipient 540 server 542 show configuration 543 show debugging 543 show keys 544 smtp server-address 545

GVRP 11 GVRP (GARP VLAN Registration Protocol) gvrp enable 560 gvrp registration 560

555

H
HA commands 565 hardware monitor mac 1612, 1675, 1724 hardware monitor mac action-on-error port-shutdown 1494 hardware watchdog 1612, 1676, 1724, 1751 Hash Message Authentication Code (HMAC) 880 hash-algorithm ecmp (C-Series and S-Series) 498 hello padding (ISIS) 893 hello-time 1532 hello-time (MSTP) 1012 hello-time (RSTP) 1365 hello-time (STP) 1532 hitless 565 hitless dynamic LACP states 925 hitless protocol 565 hitless upgrade 569 HMAC (Hash Message Authentication Code) 880 hold-time 1594 hold-time (VRRP) 1594 hostname 82 hostname dynamic 893 hostname dynamic (ISIS) 893

G
GARP (Generic Attribute Registration Protocol) 555 garp timers 559 GARP VLAN Registration Protocol. See GVRP. GID (GARP Information Declaration) 556 GIP (GARP Information Propagation) 556 graceful-restart OSPF 1090, 1091, 1143, 1144, 1150 graceful-restart grace-period OSPF 1090 OSPFv3 1143 graceful-restart grace-period (OSPF) 1090 graceful-restart grace-period (OSPFv3) 1143 graceful-restart helper-reject OSPF 1090 graceful-restart helper-reject (OSPF) 1090 graceful-restart ietf IS-IS 890 graceful-restart interval IS-IS 890 graceful-restart mode OSPF 1091 OSPFv3 1144 graceful-restart mode (OSPF) 1091 graceful-restart mode (OSPFv3) 1144 graceful-restart restart-wait IS-IS 892 graceful-restart role OSPF 1091 graceful-restart role (OSPF) 1091 graceful-restart t1 IS-IS 891 graceful-restart t2 IS-IS 891 graceful-restart t3 IS-IS 892 grep command option 6 grep parameter 6 group (LAG sharing) 659 group (LAG) 659

I
ICMP 696 IEEE 802.1d 1251 IETF Draft draft-ietf-bfd-base-03 303 IETF RFCs 1058 1329 2328 1074 2453 1329 2966 880 IGMP Snooping 589 Important Things to Remember Querier 589 Important Things to Remember Snooping 589 IGMP Snooping Commands 589 ignore enable-password 57, 58 ignore enable-password command 57 ignore startup-config command 58 ignore-case sub-option 6 ignore-lsp-errors 894 ignore-lsp-errors (ISIS) 894 IGP (Interior Gateway Protocol) 1073 ingress ACLs 203 interface 607 Publication Date: July 20, 2011

for for

IGMP IGMP

Command Line Reference for FTOS version 8.4.2.4

1773

interface command 607 interface (FRRP) 510 interface loopback 608 interface management (IFM) 137 interface management ethernet ip address 58, 59, 60 interface management ethernet ip address command 58, 59, 60 interface management ethernet mac-address command 59 interface management ethernet port command 60 interface management port config 60 interface management port config command 60 interface ManagementEthernet 609 interface null 610 interface port-channel 659 interface range 611 interface range macro 614 interface rate-interval 626 interface sonet 1495 interface suppress threshold (dampening) 600 Interface vlan 615 interface vlan 615 Interior Gateway Protocol (IGP) 1073 Internet Control Message Protocol. See ICMP. Inter-packet gap 616 ip access-group 296 ip access-group (common IP ACL) 203 ip access-list extended 227 ip access-list extended (extended IP ACLs) 227 ip access-list standard 208 ip address 685 ip as-path access-list 287 ip community-list 291 ip control-plane egress-filter-traffic 1655, 1702 ip default-network 687 ip directed-broadcast 686 ip domain-list 686 ip domain-lookup 687 ip domain-name 688 IP DSCP bit 1299 ip extcommunity-list (BGP) 430 ip fib download-igp-only 688 ip ftp password 83 ip ftp source-interface 84 ip ftp username 84 ip helper-address 689 ip helper-address hop-count disable 690 ip host 690, 768 ip igmp access-group 579 ip igmp immediate-leave 580 ip igmp last-member-query-interval 581 ip igmp querier-timeout 581 ip igmp query-interval 582 ip igmp query-max-resp-time 583 1774

ip igmp static-group 584 ip local-proxy-arp command 1242 ip max-frag-count 691 ip mroute 1029 ip mtu 691 ip multicast-lag-hashing 1030 ip multicast-limit 1031 ip multicast-routing 1030, 1039 ip name-server 692, 768 ip ospf auth-change-wait-time 1092 OSPF 1092 ip ospf authentication-key 1092 ip ospf cost 1093 ip ospf dead-interval 1093 ip ospf hello-interval 1094 ip ospf message-digest-key 1094 ip ospf mtu-ignore 1095 ip ospf network 1095 ip ospf priority 1096 ip ospf retransmit-interval 1097 ip ospf transmit-delay 1097 ip pim dr-priority 1180, 1205 ip pim query-interval 1183, 1206 ip pim rp-address 1184 ip poison-reverse 1336 ip poison-reverse (RIP) 1336 ip prefix-list 263 ip proxy-arp 693 ip radius source-interface 1393 ip redirect-group 1164 ip redirect-list 1165 description 1164 ip redirects 694 ip rip receive version 1336 ip rip send version 1337 ip route 694 ip route bfd 310 ip router isis 894 ip scp topdir 1411 ip source-route 696 ip split-horizon 1337 ip split-horizon (RIP) 1337 ip ssh authentication-retries 1412 ip ssh connection-rate-limit 1412 ip ssh hostbased-authentication enable 1413 ip ssh key-size 1413 ip ssh password-authentication enable 1414 ip ssh pub-key-file 1414 ip ssh rhostsfile 1415 ip ssh rsa-authentication 1417 ip ssh rsa-authentication enable 1416 ip ssh server 1417 ip ssh server enable 1417 ip tacacs source-interface 1398

ip telnet server enable 85 ip telnet source-interface 86 ip tftp source-interface 87 IP trace lists 1422 ip trace-group 1426 ip trace-list 1426 ip udp-broadcast-address 670 ip udp-helper udp-port 670 ip unreachables 696 ip vlan-flooding 697 ipg 617 ipg 8 616 ip-redirect-list 1165 IPv6 clear ipv6 fib 766 IPv6 ACLs 732 cam-acl 450, 451, 732 clear counters ipv6 access-group 733 deny icmp 735 deny tcp 737 deny udp 739 ipv6 access-group 741 ipv6 access-list 742 permit 743 permit icmp 743 permit tcp 744 permit udp 747 remark 749 resequence access-list 750 resequence prefix-list ipv6 751 seq 752 show cam-acl 754 show config 755 show ipv6 accounting access-list 755 show running-config acl 757 ipv6 control-plane egress-filter-traffic 1703 ipv6 nd managed-config-flag 1047 ipv6 nd max-ra-interval 1047 ipv6 nd other-config-flag 1048 ipv6 nd prefix 1048 ipv6 nd ra-lifetime 1049 ipv6 nd reachable-time 1050 ipv6 nd suppress-ra 1050 ipv6 neighbor 1050 ipv6 ospf 1145 ipv6 ospf cost 1148 ipv6 ospf dead-interval 1149 ipv6 ospf graceful-restart helper-reject OSPFv3 1150 ipv6 ospf graceful-restart helper-reject (OSPFv3) ipv6 ospf hello-interval 1151 ipv6 ospf priority 1151 IPv6 PIM debugging, set 1203 IPv6 PIM Router-Query messages, set frequency

IPv6 PIM sparse mode, enable 1209 IPv6 Route Map match ipv6 address 759 match ipv6 next-hop prefix-list 759 match ipv6 route-source prefix-list 760 route-map 761 set ipv6 next-hop 761 show config 762 show route-map 763 ipv6 router isis (ISIS_IPv6) 895 ipv6 router ospf 1152 IS-IS isis hello padding 898 isis bfd all-neighbors 311 isis circuit-type 895 IS-IS commands 877 isis csnp 896 isis csnp-interval 896 isis hello padding 898 isis hello-interval 897 isis hello-multiplier 897 isis ipv6 metric 898 isis metric 898, 899 isis network point-to-point 900 isis password 900 isis priority 901 isolated port 1242 isolated VLAN 1241 is-type 901 is-type (ISIS) 901

K
keepalive 617, 1495 kernel core-dump 1656, 1704 keyadd 533

L
L2PT (Layer 2 Protocol Tunneling) 1439 LACP clear lacp counters 926 debug lacp 926 lacp port-priority 928 port-channel mode 929 port-channel-protocol lacp 929 show lacp 930 lacp system-priority 928 LAG channel-member 657 group 659 interface port-channel 659 minimum-links 661 port-channel failover-group 661 show interfaces port-channel 662 1775

1150

1206

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

show port-channel-flow 665 LAG failover group 661 LAG failover-group 663 LAG fate-sharing group 663 LAG supergroup 659 LAGs 925 Layer 2 Protocol Tunneling (L2PT) 1439 layer-2 (cam-profile template) 443 layer-3 (cam-profile template) 443, 445 lfs enable 618 line 87 linecard 88 Link Aggregation Control Protocol (LACP) 925 link debounce interface 618 Link Layer Detection Protocol (LLDP) 967 Link State Advertisements. See LSA. link-state protocol 1073 LLDP 967 LLDP-MED (Media Endpoint Discovery) 976 load-balance 697, 699 log-adjacency-changes 902, 1098 log-adjacency-changes (ISIS) 902 logging 1478 logging buffered 1479 logging console 1479 logging coredump kernel disable 1655, 1704 logging coredump kernel server 1656, 1704 logging coredump linecard 1657, 1705 logging facility 1480 logging history 1481 logging history size 1481 logging monitor 1482 logging on 1483 logging source-interface 1483 logging synchronous 1484 logging trap 1485 login authentication 1386 log-messages 534 log-only 535 loopback 1496 lp pim bsr-border 1178 LSA 1077, 1097 lsp-gen-interval 902 lsp-gen-interval (ISIS) 902 lsp-mtu 903 lsp-mtu (ISIS) 903 lsp-refresh-interval 903 lsp-refresh-interval (ISIS) 903

M
mac access-group 248 mac access-list extended (Extended MAC ACL) 257 mac access-list standard (standard MAC ACL) 252

mac accounting destination 935 MAC ACL, extended 257 MAC address station-move trap 938 mac cam fib-partition 940 mac learning limit (dynamic or no-station-move) 941 mac learning-limit 941 mac learning-limit learn-limit-violation 943 mac learning-limit reset 944 mac learning-limit station-move-violation 944 mac-address-table aging-time 936 mac-address-table static 937 mac-address-table station-move 938 mac-address-table station-move refresh-arp 939 mac-address-table station-move threshold 938, 939 Management interface 609, 776 management route 700 Management static route 700 management unit, S-Series 1511 master unit, S-Series 1510 match (FTSA command) 536 match as-path (Route Map) 270 match community (Route Map) 270 match extcommunity (BGP) 431 match interface (Route Map) 271 match ip access-group 1281 match ip access-group (policy QoS) 1281 match ip address (Route Map) 272 match ip dscp 1282 match ip dscp (policy QoS) 1282 match ip next-hop (Route Map) 272 match ip precedence 1284 match ip precedence (policy QoS) 1284 match ip route-source (Route Map) 273 match mac access-group (policy QoS) 1285 match mac dot1p (policy QoS) 1285, 1286 match metric (Route Map) 274 match origin (Route Map) 274 match route-type (Route Map) 275 match tag (Route Map) 275 max-age 1533 max-age (MSTP) 1013 max-age (RSTP) 1366 max-age (STP) 1533 max-area-addresses 904 max-area-addresses (ISIS) 904 max-hops (MSTP) 1014 maximum (number) 475 maximum-paths 1098 BGP 345, 809 IS-IS 905, 906 OSPF 1098 RIP 1338 maximum-paths (BGP IPv6) 809 maximum-paths (BGP) 345

1776

maximum-paths (ISIS) 905 maximum-paths (RIP) 1338 max-lsp-lifetime 905 max-lsp-lifetime (ISIS) 905 MBGP Commands 399, 850 Media Endpoint Discovery 976 member 1571 member (Stackable VLAN) 1571 member vlan command 297 member-vlan (FRRP) 512 message-format (FTSA command) 536 metric-style 906 metric-style (ISIS) 906 mib-binding 1098 microcode (cam-profile template) 444 minimum-links 661 mode (FRRP) 512 mode remote-port-mirroring 1230 modes, command 2 module power-off 89 monitor interface 619 monitor session 1231 motd-banner 90 MSDP 997 msti (MSTP) 1014 MSTP 1009 debug spanning-tree mstp 1010 mtrace 1033 mtu 621 Multicast Source Discovery Protocol see MSDP 997 MULTIPLE SPANNING TREE 11 Multiple Spanning Tree Protocol 1009 see MSTP 1009 Multiprotocol BGP (MBGP) 399 multi-topology (ISIS) 906

N
name (MSTP) 1015 name (VLAN) 959 Naming conventions Core dump files 1656, 1704 NDP 1045 negotiation auto 622 neighbor 1338 neighbor (RIP) 1338 neighbor activate (BGP IPv6) 810, 857 neighbor activate (BGP) 346 neighbor activate (MBGP) 408 neighbor advertisement-interval (BGP IPv6) 811, 857 neighbor advertisement-interval (BGP) 347, 353 neighbor advertisement-interval (MBGP) 409 neighbor advertisement-start(BGP) 347

neighbor allowas-in 348, 811 neighbor allowas-in (BGP) 348, 811 neighbor default-originate 348, 812 neighbor default-originate (BGP IPv6) 812, 858 neighbor default-originate (BGP) 348 neighbor default-originate (MBGP) 409 neighbor description 349, 812 neighbor description (BGP IPv6) 812 neighbor description (BGP) 349 Neighbor Discovery Protocol 1045 neighbor distribute-list 349, 813 neighbor distribute-list (BGP IPv6) 813, 859 neighbor distribute-list (BGP) 349 neighbor distribute-list (MBGP) 410 neighbor ebgp-multihop 350, 814 neighbor ebgp-multihop (BGP IPv6) 814 neighbor ebgp-multihop (BGP) 350 neighbor fall-over (BGP) 351 neighbor filter-list 351, 815 neighbor filter-list (BGP IPv6) 815 neighbor filter-list (BGP) 351 neighbor filter-list aspath (BGP IPv6) 859 neighbor filter-list aspath (MBGP) 411 neighbor graceful-restart 352 neighbor graceful-restart (BGP) 352 neighbor local-as 353 neighbor maximum-prefix 353, 816 neighbor maximum-prefix (BGP IPv6) 816, 860 neighbor maximum-prefix (BGP) 353 neighbor maximum-prefix (MBGP) 411 neighbor next-hop-self 354, 817 neighbor next-hop-self (BGP IPv6) 817, 861 neighbor next-hop-self (BGP) 354 neighbor next-hop-self (MBGP) 412 neighbor password 355 neighbor password (BGP) 355 neighbor peer-group 356, 357, 818, 819 neighbor peer-group (BGP IPv6) 818 neighbor peer-group (BGP) 356, 357 neighbor peer-group (creating group) (BGP IPv6) 819 neighbor peer-group passive (BGP IPv6) 819 neighbor peer-group passive (BGP) 357 neighbor remote-as 358, 820 neighbor remote-as (BGP IPv6) 820 neighbor remote-as (BGP) 358 neighbor remove-private-as 359, 820 neighbor remove-private-as (BGP IPv6) 820, 861 neighbor remove-private-as (BGP) 359 neighbor remove-private-as (MBGP) 413 neighbor route-map 360, 821 neighbor route-map (BGP IPv6) 821 neighbor route-map (BGP) 360 neighbor route-map (MBGP) 413 neighbor route-reflector-client (BGP IPv6) 822, 862 Publication Date: July 20, 2011 1777

Command Line Reference for FTOS version 8.4.2.4

neighbor route-reflector-client (BGP) 360 neighbor route-reflector-client (MBGP) 414 neighbor send-community 361, 822 neighbor send-community (BGP IPv6) 823 neighbor send-community (BGP) 361 neighbor shutdown 361, 823 neighbor shutdown (BGP IPv6) 823 neighbor shutdown (BGP) 361 neighbor soft-reconfiguration inbound (BGP)

ntp update-calendar

1553

O
Object tracking overview 1053 offline 1641, 1671, 1720 Offline Diagnostics 1670, 1719 offline stack-unit 1742 offset-list 1339 offset-list (RIP) 1339 online 1641, 1671, 1720 online stack-unit 1743 OSPF clear ipv6 ospf process 1140 clear ospfv3 process 1140 ipv6 ospf area 1145 ipv6 router ospf 1152 link-state 1073 show ipv6 ospf database 1158 show ipv6 ospf neighbor 1161 output-delay 1340 output-delay (RIP) 1340

362, 414,

824
neighbor subnet 824 neighbor subnet (BGP IPv6) 824 neighbor subnet (BGP) 363 neighbor timers 363, 825 neighbor timers (BGP IPv6) 825 neighbor timers (BGP) 363 neighbor update-source 364, 826 neighbor update-source (BGP) 364 neighbor update-source loopback (BGP IPv6) neighbor weight 365, 827 neighbor weight (BGP IPv6) 827 neighbor weight (BGP) 365 net 907 network BGP 366, 415, 827, 863 RIP 1339 network (BGP IPv6) 827, 863 network (BGP) 366 network (MBGP) 415 network (OSPF) 1099 network (RIP) 1339 network area OSPF 1099 network backdoor 366, 828 network backdoor (BGP IPv6) 828 network backdoor (BGP) 366 Network Time Protocol (NTP) 1541 Network Time Protocol. See NTP. NIC Teaming 939 no-more 6 no-more parameter 6 non-contiguous subnet masks 206 Not So Stubby Area. See NSSA. NSSA 1076 NTP 1547 NTP (Network Time Protocol) 1541 ntp authenticate 1548 ntp authentication-key 1549 ntp broadcast client 1550 ntp disable 1550 ntp multicast client 1550 ntp server 1551 ntp source 1552 ntp trusted-key 1552 1778

826

P
Packet Over SONET/SDH (POS/SDH) 1489 passive-interface IS-IS 907 OSPF 1100 RIP 1341 passive-interface (ISIS) 907 passive-interface (OSPF IPv6) 1152 passive-interface (OSPF) 1100 passive-interface (RIP) 1341 password 1387 password, Enable 7 pause frames 604 PBR 1163 PBR (Policy-Based Routing) 1445 permit 1427 IP ACL (extended) 228 Trace list 1427 permit (AS-Path) 288 permit (BGP) 432 permit (extended IP ACLs) 228 permit (Extended MAC ACL) 258 permit (IP Community List) 292 permit (IP prefix ACL) 264 permit (redirect list) 1166 permit (standard MAC ACL) 253 permit arp 230 permit arp (extended IP ACLs) 230 permit ether-type 232 permit ether-type (extended IP ACLs) 232

permit icmp (extended IP ACLs) 233 permit regex (BGP) 432 permit tcp 1428 IP ACL 235 Trace list 1428 permit tcp (extended IP ACLs) 235 permit udp 1429 IP ACL 238 Trace list 1429 permit udp (extended IP ACLs) 238 per-port QoS 1268 PGP keys 544 PIM Sparse-Mode 1175 PIM-SM 997 ping 90 PoE (Power over Ethernet) chapter 1219 Point-to-Point Protocol (PPP) encapsulation policy (FTSA command) 538 policy-action-list (FTSA command) 538 policy-aggregate (policy QoS) 1287 Policy-Based QoS 1277 Policy-based Routing (PBR) 1163 Policy-map description 1282 policy-map-input 1288 policy-map-input (policy QoS) 1288 policy-map-output (policy QoS) 1289 policy-test-list 538, 539 policy-test-list (FTSA command) 539 Port Channel-Specific Commands 657 Port Mirroring Important Points to Remember 1228 port types (private VLAN) 1242 port-based QoS 1268 port-channel failover-group 661 port-channel mode 929 port-channel supergroup 659 port-channel-protocol lacp 929 port-channels 925 Port-Channel-Specific Commands 657 portmode hybrid command 624 power budget 1219 power inline 1220, 1221 power inline priority 1220, 1221 Power over Ethernet (PoE) chapter 1219 power-{off | on} sfm 1658, 1706 power-off 93 power-on 94 ppp authentication 1496 ppp chap hostname 1497 ppp chap password 1498 ppp chap rem-hostname 1498 ppp chap rem-password 1499

1489

PPP encapsulation 1489 ppp next-hop 1499 ppp pap hostname 1500 ppp pap password 1500 ppp pap rem-hostname 1501 ppp pap rem-password 1501 preemphasis, CX4 cable length 598 preempt 1594 preempt (VRRP) 1594 PREFIX-LIST Mode 9, 10 primary port 664 primary VLAN 1241 priority 1595 priority (VRRP) 1595 private VLANs (PVLANs) 702 private-vlan mapping secondary-vlan command 1244 private-vlan mode command 1243 privilege exec 1379, 1380 privilege level (CONFIGURATION mode) 1379 privilege level (LINE mode) 1380 pr-number (FTSA command) 539 promiscuous port 1242 PROTOCOL Per-VLAN SPANNING TREE Mode 11 SPANNING TREE Mode 10 protocol frrp (FRRP) 513 protocol gvrp 561 PROTOCOL GVRP Mode 11 PROTOCOL MULTIPLE SPANNING TREE Mode 11 protocol route 700 protocol spanning-tree 1533 protocol spanning-tree mstp 1016 protocol spanning-tree pvst (PVST+) 1254 protocol spanning-tree rstp 1367 protocol, hitless 565 protocol-tunnel enable 1442 protocol-tunnel rate-limit 1442 protocol-tunnel stp 1441 provision type 1515 PVST+ (Per-VLAN Spanning Tree plus) 1251

Q
QinQ 1569 QoS clear qos statistics 1280 Per Port 1268 Policy-Based 1277 rate-limit 1294 threshold 1313 QoS, per-port 1268 QoS, port-based 1268 qos-policy-input 1290 qos-policy-input (policy QoS)

1290
1779

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

qos-policy-output 1291 queue egress multicast linecard (policy QoS) 1292 queue ingress multicast (policy QoS) 1291, 1293 Queue Level Debugging 1316 clear queue statistics ingress 1317 show queue statistics egress 1318 Queuing Statistics 1316

R
radius-server deadtime 1394 radius-server host 1394 radius-server key 1396 radius-server retransmit 1396 radius-server timeout 1397 RAPID SPANNING TREE Mode 11 rate limit 1269 rate limit (QoS) 1269 rate police (QoS) 1270 rate shape (QoS) 1272 rate-interval 626 rate-limit 1294 rate-police 1295 rate-shape (policy QoS) 1295 recipient 540 redirect 1167 redirect list, create 1163 redistribute BGP 367, 416, 829, 864 IS-IS 908 OSPF 1101 RIP 1342 redistribute (BGP IPv6) 829, 864 redistribute (BGP) 367 redistribute (ISIS) 908 redistribute (MBGP) 416 redistribute (OSPF IPv6) 1153 redistribute (OSPF) 1101 redistribute bgp 1102 redistribute bgp (ISIS) 909 redistribute bgp (OSPF) 1102 redistribute isis OSPF 1103 RIP 1342 redistribute isis (BGP) 368 redistribute isis (OSPF) 1103 redistribute ospf BGP 417 IS-IS 910 isis 368 RIP 1343 redistribute ospf (BGP IPv6) 830 redistribute ospf (BGP) 369 redistribute ospf (ISIS) 910

redistribute ospf (MBGP) 417 redundancy auto-failover-limit 567 redundancy disable-auto-reboot 568, 1510 redundancy disable-auto-reboot rpm 1510 redundancy force-failover 568, 1510 redundancy force-failover rpm 568 redundancy force-failover sfm 568 redundancy force-failover stack-unit command 1510 redundancy primary rpm 569 redundancy protocol lacp 570 redundancy protocol xstp 570 redundancy reset-counter 570 redundancy synchronize 572 reload 61, 94 reload command 61 remark 200, 749 Remote Network Monitoring (RMON) 1349 rename 61 rename command 61 resequence access-list 210 resequence access-list (extended IP ACLs) 240 resequence prefix-list ipv4 211 resequence prefix-list ipv4 (extended IP ACLs) 241 reset 95, 96 reset linecard 1710 reset sfm 1661, 1710 reset stack-unit 1510 resetting S-Series member unit 1511 restore factory-defaults command 61 revision (MSTP) 1017 RFC 1858 399 RFC 3069 1241 RFC 4360 428 RFC-2328 1089 RFCs. See IETF RFCs RIP 1329 version 1 1329 version 2 1329 RMON 1349 rmon alarm 1350 rmon collection history 1351 rmon collection statistics 1352 rmon event 1352 rmon hc-alarm 1353 Route Map match ip address 759 match ipv6 next-hop 759 match ipv6 route-source 760 route-map 761 set ipv6 next-hop 761 show config 762 route-map 276 ROUTE-MAP Mode 9 router bgp 321, 784

1780

router bgp (BGP IPv6) 831 router bgp (BGP) 370 Router Information Protocol. See RIP. router isis 912 ROUTER ISIS Mode 12 router ospf 1105 router rip 1344 ROUTER RIP Mode 12 router-id 1104 router-id (OSPF IPv6) 1154 router-id (OSPF) 1104 routing policies, apply 1163 run-cpu (FTSA command) 540 running config defined 22

S
sample-rate (FTSA command) 541 schedule (FTSA command) 522 scramble-atm 1502 scramble-atm (SONET) 1502 searching show commands 6 display 6 except 6 find 6 grep 6 secondary VLAN 1241 secure copy 21 Secure Copy (SCP) 22 Security aaa accounting 1374 aaa accounting suppress 1375 aaa authorization 1377 show accounting 1376 see Neighbor Discovery Protocol 1045 see Storm-Control 1519 seq 1430 IP ACL (extended) 245 Redirect list 1168 standard IP ACL 212 Trace list 1430 seq (extended IP ACLs) 242, 243, 245 seq (Extended MAC ACL) 260 seq (IP prefix ACL) 264 seq (redirect list) 1168 seq (standard MAC ACL) 254 seq arp 242 seq ether-type 243 server (FTSA command) 542 service password-encryption 1389 service timestamps 97 service-class dynamic dot1p 1272 service-class dynamic dot1p (QoS) 1272, 1274 service-policy input 1296

service-policy output 1297 service-queue 1298 set (policy QoS) 1299 set as-path prepend (Route Map) 277 set automatic-tag (Route Map) 278 set comm-list (Route Map) 278 set community (Route Map) 279 set extcommunity rt (BGP) 433 set extcommunity soo (BGP) 434 set level (Route Map) 280 set local-preference (Route Map) 281 set metric (Route Map) 281 set metric-type (Route Map) 282 set next-hop (Route Map) 282 set origin (Route Map) 283 set tag (Route Map) 284 set weight (Route Map) 284 set-overload-bit 912 set-overload-bit (ISIS) 912 sFlow 1446 sflow collector 1447 sFlow commands 1445 sflow enable (globally) 1448 sflow enable (Interface) 1448 sflow extended-gateway enable 1449 sflow extended-router 1450 sflow extended-switch enable 1451 sflow polling-interval (Global) 1451 sflow polling-interval (Interface) 1452 sflow sample-rate (Global) 1453 sflow sample-rate (Interface) 1453 SFM 93, 94 shortest path first (SPF) 1136 show acl-vlan-group command 297 show acl-vlan-group detail command 299 show alarms 98 show archive 475 show arp 701 show bfd counters 312 show bfd neighbors 313 show boot selection 62 show boot selection command 62 show bootflash 63 show bootflash command 63 show bootvar BOOT_USER mode 63 show bootvar command 63 show cam layer2-qos (policy QoS) 1299 show cam layer3-qos (policy QoS) 1301 show cam mac linecard 945 show cam mac stack-unit 949 show cam maccheck linecard 946 show cam pbr 1170 show cam-acl 454 Publication Date: July 20, 2011 1781

Command Line Reference for FTOS version 8.4.2.4

show cam-ipv4flow command 464 show cam-l2acl command 467 show cam-usage command 457 show capture bgp-pdu neighbor 370 show capture bgp-pdu neighbor (BGP IPv6) 832 show chassis 99 show command-history 100, 1635, 1659, 1708 show config 755, 1431 Access list 201 BGP 371, 832 Interface 627 IS-IS 913 OSPF 1106 RIP 1344 Spanning Tree 662, 959, 1367, 1534 Trace list 1431 VRRP 1595 show config (ACL) 201 show config (AS-Path) 289 show config (BGP IPv6) 832 show config (BGP) 371 show config (from INTERFACE RANGE mode) 627 show config (GVRP) 561 show config (interface configuration) 627 show config (IP Community List) 293 show config (IP prefix ACL) 265 show config (ISIS) 913 show config (LAG) 662 show config (MSTP) 1017 show config (OSPF) 1106 show config (port monitor) 1232 show config (Route Map) 285 show config (RSTP) 1367 show config (STP) 1534 show config (VLAN) 959 show config (VRRP) 1595 show config command (ACL VLAN group) 300 show configuration (FTSA command) 543 show console lp 1635, 1660, 1709 show controllers (SONET) 1502 show controllers sonet 1502 show control-traffic 1676, 1692 show control-traffic egress 1677 show control-traffic linecard 1677 show control-traffic rpm-switch 1678 show cpu-interface-stats 1625, 1676, 1678, 1692,

1725
show cpu-traffic-stats 1636 show crypto 1418 show debugging 104, 135 show debugging (FTSA command) 543 show default-gateway 64 show default-gateway command 64 show diag 1642, 1672, 1721 1782

show diag sfm 1662, 1711 show dot1x cos-mapping interface 193 show dot1x interface 195, 1408 show environment 105, 107 show frrp 513 show garp timers 561 show gvrp 562 show gvrp statistics 563 show hardware acl 1629 show hardware btm 1680, 1727 show hardware cpu data-plane 1619 show hardware cpu party-bus 1612 show hardware drops 1617 show hardware interface phy 1621 show hardware layer2 1751 show hardware layer2 acl 1752 show hardware layer3 1752 show hardware layer3 qos linecard port-set 1629 show hardware linecard fpc forward 1682, 1729 show hardware linecard fpc lookup detail 1685, 1732 show hardware linecard fpga 1637 show hardware linecard poe-status 1643 show hardware rpm cp 1733 show hardware rpm cpu management 1615 show hardware rpm fpga 1637 show hardware rpm mac 1613 show hardware rpm mac counters 1687, 1735 show hardware rpm rp1/rp2 1736 show hardware stack-unit 1752 show hardware system-flow 1758 show hardware system-flow layer2 linecard 1630 show hardware unit 1627 show hosts 705 show interface management ethernet 65 show interface rate 1274 show interfaces 628, 643 show interfaces configured 635 show interfaces dampening 636 show interfaces debounce 637 show interfaces description 637 show interfaces gigabitethernet transceiver 646, 1691 show interfaces linecard 637, 639 show interfaces management ethernet command 65 show interfaces port-channel 662 show interfaces private-vlan command 1245 show interfaces rate (QoS) 1274 show interfaces sonet 1505 show interfaces stack-unit 642 show interfaces switchport 644 show interfaces tenGigabitEthernet link-status 1688,

1737
show ip accounting access-list (common IP ACL) show ip accounting access-lists 1432 show ip accounting trace-lists 1432

205

show ip as-path-access-lists 289 show ip bgp 372, 422, 865 show ip bgp cluster-list 374, 418, 833, 866 show ip bgp cluster-list (BGP IPv6) 833 show ip bgp community 375, 380, 418, 836, 867 show ip bgp community-list 376, 419, 868 show ip bgp dampened-paths 377, 420, 868 show ip bgp detail 378, 835 show ip bgp extcommunity-list 380 show ip bgp filter-list 380, 420, 869 show ip bgp flap-statistics 382, 420, 837, 869 show ip bgp inconsistent-as 383, 421, 871 show ip bgp ipv4 extcommunity-list 435 show ip bgp ipv4 multicast 422 show ip bgp ipv4 multicast (MBGP) 422 show ip bgp ipv4 multicast cluster-list (MBGP) 418 show ip bgp ipv4 multicast community (MBGP) 418 show ip bgp ipv4 multicast community-list (MBGP) 419 show ip bgp ipv4 multicast dampened-paths (MBGP) 420 show ip bgp ipv4 multicast filter-list (MBGP) 420 show ip bgp ipv4 multicast flap-statistics (MBGP) 420 show ip bgp ipv4 multicast inconsistent-as (MBGP) 421 show ip bgp ipv4 multicast peer-group (MBGP) 426 show ip bgp ipv4 multicast summary (MBGP) 426 show ip bgp ipv6 370, 832 show ip bgp ipv6 unicast 833, 865 show ip bgp ipv6 unicast cluster-list 866 show ip bgp ipv6 unicast community 834, 867 show ip bgp ipv6 unicast community-list 834, 868 show ip bgp ipv6 unicast dampened-paths 835, 868 show ip bgp ipv6 unicast detail 868 show ip bgp ipv6 unicast extcommunity-list 836 show ip bgp ipv6 unicast filter-list 836, 869 show ip bgp ipv6 unicast flap-statistics 837, 869 show ip bgp ipv6 unicast inconsistent-as 838, 871 show ip bgp ipv6 unicast neighbors 839, 871 show ip bgp ipv6 unicast peer-group 843, 874 show ip bgp ipv6 unicast summary 845, 874 show ip bgp neighbor 385, 423, 839, 871 show ip bgp neighbors 385, 423 show ip bgp next-hop 389, 845 show ip bgp next-hops 389, 843 show ip bgp paths 390, 426, 846, 874 show ip bgp paths as-path 391, 847 show ip bgp paths community 392, 436, 847 show ip bgp paths extcommunity 436, 847 show ip bgp peer-group 393, 426, 843, 874 show ip bgp regexp 395 show ip bgp regexp (BGP IPv6) 848 show ip bgp summary 396, 426, 874 show ip bgp summary (BGP IPv6) 844 show ip bgpipv6 unicast community-list 834 Command Line Reference for FTOS version 8.4.2.4

show ip cam 706, 708 show ip cam linecard 706 show ip cam stack-unit 708 show ip community-lists 294 show ip extcommunity-list 437 show ip fib linecard 710, 711, 774 show ip fib stack-unit 711 show ip flow 712 show ip flow interface 712 show ip igmp groups 585 show ip igmp interface 587 show ip interface 713 show ip management-route 716 show ip mroute 1035 show ip ospf 1106 show ip ospf asbr 1108 show ip ospf database 1109 show ip ospf database asbr-summary 1111 show ip ospf database database-summary 1123 show ip ospf database external 1113 show ip ospf database network 1115 show ip ospf database nssa-external 1117 show ip ospf database opaque-area 1117 show ip ospf database opaque-as 1119 show ip ospf database opaque-link 1120 show ip ospf database router 1121 show ip ospf database summary 1123 show ip ospf interface 1125 show ip ospf neighbor 1127 show ip ospf routes 1128 show ip ospf statistics global 1129 show ip ospf virtual-links 1133 show ip pim interface 1191, 1194, 1210 show ip pim neighbor 1192, 1195, 1211 show ip pim rp mapping 1193, 1212 show ip pim tib 1196, 1198, 1199, 1213 show ip prefix-list detail 266 show ip protocols 717 show ip redirect-list 1171 show ip rip database 1345 show ip route 718 show ip route list 721 show ip route summary 722 show ip ssh 1419 show ip ssh client-pub-keys 1420 show ip ssh rsa-authentication 1420 show ip traffic 723 show ip udp-helper 671 show ipc-traffic 1677, 1678, 1693, 1694 show ipc-traffic egress 1693 show ipc-traffic ingress 1693 show ipc-traffic linecard 1693 show ipc-traffic rpm-switch 1694 show ipv6 accounting access-list 755 1783

Publication Date: July 20, 2011

show ipv6 cam stack-unit 774 show ipv6 fib stack-unit 775 show ipv6 neighbors 1051 show ipv6 ospf 1160 show ipv6 ospf neighbor 1161 show isis database 913 show isis hostname 916, 917 show isis interface 917 show isis neighbors 918 show isis protocol 920 show isis traffic 920 show keys (FTSA command) 544 show lacp 930 show linecard 34, 112 show logging 1486 show logging driverlog 1694, 1738 show logging driverlog stack-unit (S-Series) 1487 show mac accounting access-list 249 show mac accounting destination 953 show mac cam 954 show mac learning-limit 955 show mac-address-table 950 show mac-address-table aging-time 952 show memory 117, 118 show monitor session 1233 show ntp associations 1555 show ntp status 1556 show port-channel-flow 665 show port-channel-flow command 666 show power detail 1222 show power inline 1223 show power supply 1223 show privilege 1389 show processes cpu 119, 121 show processes ipc 1663, 1712 show processes ipc flow-control 1664, 1713 show processes memory 129, 133 show processes switch-utilization 135 show protocol-termination-table linecard 725 show protocol-tunnel 1443 show qos class-map 1302 show qos policy-map 1303 show qos policy-map-input 1304 show qos policy-map-output 1305 show qos qos-policy-input 1306 show qos qos-policy-output 1306 show qos statistics 1307 show qos wred-profile 1310 show queue statistics egress (QoS) 1318 show queue statistics ingress (QoS) 1322 show range 651 show redundancy 568, 1510, 1511 show revision 1627, 1666, 1715 show rmon 1354 1784

show rmon alarms 1354 show route-map 285, 763 show route-map (Route Map) 285 show rpm 135 show run diff 477 show running config acl-vlan-group command 300 show running-config acl 757 show running-config extcommunity-list 398, 437, 1346 show running-config hardware-monitor 1738 show running-config monitor session 1234 show running-config track (Object Tracking) 1057,

1201
show running-config uplink-state-group 1564 show sflow 1454 show sfm 39 show snmp 1458, 1459, 1460, 1461 show software ifm 137, 1631 show software macagent 1633 show spanning-tree 0 1535 show spanning-tree 0 (STP) 1535 show spanning-tree mst configuration 1018 show spanning-tree msti 1019 show spanning-tree pvst 1255 show spanning-tree rstp (RSTP) 1368 show system 139 show system brief (S-Series) 139 show system stack-ports 1512 show system stack-unit (S-Series) 139 show tcp statisitics 727 show tcp statistics 727 show tdr 668 show tech-support 19, 20, 27, 33, 34, 53, 54,

55, 57, 58, 59, 60, 61, 62, 64, 65, 156, 1667, 1716 show tech-support (S-Series) 145 show track (Object Tracking) 1058 show track ipv6 route (Object Tracking) 1067 show uplink-state-group 1564 show users 1390 show version 41 show vlan 960 show vlan command 960 show vlan private-vlan command 1246 show vlan private-vlan mapping command 1248 show vrrp 1596, 1606 show-ipc traffic 1692 shutdown 652 Single Window Protocol (SWP) 1666, 1715 Single Window Protocol Queue (SWPQ) 126 Site-of-Origin (soo) 429 SMTP (Simple Mail Transfer Protocol) server 521, 545 smtp server-address 545 smtp server-address (FTSA command) 545
SNMP number of traps supported

1457

versions supported 1457 snmp ifmib ifalias long 1461 snmp trap link-status 1475 snmp-server community 1462 snmp-server contact 1464 snmp-server enable traps 1465 snmp-server host 1468 snmp-server location 1470, 1471 snmp-server trap-source 1471 soo (Site-of-Origin) 429 source (port monitoring) 1235 source (remote port mirroring) 1236 source remote vlan 1238 Spanning Tree Protocol BPDU guard 1539 interface cost 1538 portfast 1539 spanning-tree 1538 spanning-tree (MSTP) 1022 spanning-tree 0 1538 spanning-tree msti 1023 spanning-tree mstp 1024 spanning-tree pvst 1258 spanning-tree rstp (RSTP) 1370 speed 653, 654, 1507 100/1000 Base-T Ethernet interfaces 653 Management interface 654 SPF (Shortest Path First) 1081 spf-interval 922 spf-interval (ISIS) 922 S-Series master unit 1510 S-Series member unit, resetting 1511 S-Series model identifier 1515 S-Series stacking 1509 S-Series-only commands buffer 1644, 1645, 1744, 1745 buffer-profile 1646, 1647, 1746, 1747 diag stack-unit 1742 offline stack-unit 1742 online stack-unit 1743 redundancy disable-auto-reboot rpm 1510 reset stack-unit 1510 show environment 107 show hardware stack-unit 1752 show hardware system-flow 1758 show inventory 111 show memory 118 show processes cpu 121 show redundancy 1511 show system stack-ports 1512 stack-unit priority 1515 stack-unit provision 1515 stack-unit renumber 1516 upgrade system stack-unit 1517 Command Line Reference for FTOS version 8.4.2.4

SSH ssh-peer-rpm 148 ssh 1421 stack member identifier 1515 stack standby unit 1511 Stackable VLAN feature 1569 Stackable VLANs (VLAN-Stacking) 1439 stacking, S-Series 1509 stack-unit priority 1515 stack-unit provision 1515 stack-unit renumber 1516 standby master 1511 Start FTSA (Call Home) 520 static LAG commands 925 static route 700 Storm-Control 1519 Important Points to Remember 1519 STP PVST+ 1251 Streamline Upgrade 22 strict-priority queue (QoS) 1276 subnet masks 206 summary-address 1135 summary-address (OSPF) 1135 suppress threshold (dampening), interface 600 switchport 655 switchport backup interface 655 switchport mode private-vlan command 1249 SWP (Single Window Protocol) 1666, 1715 SWPQ (Single Window Protocol Queue) 126

T
TAB key 52 tacacs-server host 1399 tacacs-server key 1400 tagged 963, 1239 tagged command 963 tagged destination (remote port mirroring) 1239 tc-flush-standard 1372 tc-flush-standard (MSTP) 1025 tc-flush-standard (PVST+) 1261 TDR Important Points to Remember 667 TDR (Time Domain Reflectometer) 667 tdr-cable-test 667 Telnet number of Telnet sessions supported 88 telnet 149 terminal length 151 terminal monitor 1488 test cam-profile (cam-profile template) 447 test cam-usage 460, 757 test-condition command (comparing FTSA

Publication Date: July 20, 2011

1785

samples) 546 test-limit (FTSA command) 551 test-list (FTSA command) 552 TFTP server, copy running-config to 22 threshold 1313 threshold metric (Object Tracking) 1060 Time Domain Reflectometer (TDR) 667 Important Points to Remember 667 timeout login response 1391 time-period 478 timer (FRRP) 514 timers basic 1347 timers bgp 399, 849 timers bgp (BGP IPv6) 849 timers spf 1136 timers spf (OSPF) 1136 TOS 1112, 1114, 1116, 1118, 1122, 1124 traceroute 152 track 1600, 1608 track (Object Tracking) 1061 track (VRRP) 1600 track interface ip route metric threshold 1062 track interface ip route reachability (Object Tracking) 1063 track interface ip routing (Object Tracking) 1064 track interface ipv6 route metric threshold (Object Tracking) 1070 track interface ipv6 route reachability (Object Tracking) 1071 track interface ipv6 routing (Object Tracking) 1069 track interface line-protocol (Object Tracking) 1065 track ip command 964 track resolution ip route (Object Tracking) 1066 track resolution ipv6 route (Object Tracking) 1072 tracking. See Object tracking. trap, MAC address station-move 938 tree information base (tib) 1202 Troubleshooting 1761, 1763, 1767 trunk port 1242 trust diffserv 1314 trust ipv6-diffserv 780 Type of Service. See TOS.

upstream 1567 username 1391

V
version 1348 Virtual LANs. See VLANs. virtual-address 1601 virtual-address (VRRP) 1601 VLAN description 956, 1084 vlan bridge-priority (PVST+) 1262 vlan forward-delay (PVST+) 1263 vlan hello-time (PVST+) 1264 vlan max-age (PVST+) 1265 VLAN types (private VLAN) 1241 VLANs ACL support 615 definition 956 IP features not supported 956 vlan-stack access 1573 vlan-stack compatible 1574 vlan-stack protocol-type 1576 vlan-stack trunk 1577 VLAN-Stack VLANs Important Points to Remember 1569 VLAN-Stacking 1569 VLAN-Stacking (Stackable VLANs) 1439 VMAN tag 1576 VRF cam-profile 1579 cam-profile ipv4-v6-vrf 1582 cam-profile ipv4-vrf 1581, 1583 ip vrf 1584 ip vrf forwarding 1585 ip vrf-vlan-block 1586 show ip vrf 1587 start-vlan-id 1588 vrrp bfd neighbor interval 314 vrrp-group 1602, 1608

W
wanport command 656 warm upgrade 569 Weighted Fair Queuing (WFQ) 1292 Weighted Random Early Detection (WRED) WFQ 1292 WRED 1288 wred 1315 WRED (Weighted Random Early Detection) wred-profile 1316 write 156

U
undebug all 154 untagged 965, 1240 untagged command 965 untagged destination (remote port mirroring) upgrade fpga-image 48 upgrade sfm-fpga 46 upgrade system stack-unit 1517 uplink-state-group 1566

1288

1240

1299

1786

X
XML

terminal xml

151

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1787

1788

Command Index
A
aaa accounting 1374 aaa accounting suppress 1375 aaa authorization 1377, 1378 Access list access-class 202, 1383 clear counters ip access-group 203 ip access-group 203 show config 201, 285 show ip accounting access-list 205 Access list (extended) deny 214 deny tcp 222, 1424 deny udp 225 ip access-list extended 227 permit 228, 1427 permit arp 230 permit tcp 235 permit udp 238, 1429 seq 245 Access list (standard) deny 206 ip access-list standard 208 permit 208 seq 212 access-class 202 Access-list (extended) deny arp 216 deny ether-type 218 permit ether-type 232 seq arp 242 seq ether-type 243 ACL description 200 acl-vlan-group 295 action-list 519 address family ipv4 multicast (MBGP) 400 address family ipv6 unicast (BGP IPv6) 851 adjacency-check 879 admin-email 519 advertise dot1-tlv 968 advertise dot3-tlv 969 advertise management -tlv 969 advertise med guest-voice-signaling 978 advertise med location-identification 978 advertise med power-via-mdi 979 advertise med softphone-voice 980 advertise med streaming-video 980 advertise med video-conferencing 981 advertise med video-signaling 982 advertise med voice 982 advertise med voice-signaling 983 aggregate-address (BGP) 320, 321, 783 Alarms audible cut-off 68 clear alarms 72 show alarms 98 area authentication (OSPF IPv6) 1138 area encryption (OSPF IPv6) 1139 ARP arp 674 arp timeout 676 clear arp-cache 677 debug arp 680 show arp 701 AS-PATH Access list deny 287 ip as-path access-list 287 permit 288 show config 289 show ip as-path-access-list 289

B
bandwidth-percentage 1278 banner exec 68 banner login 69 banner motd 71 bfd all-neighbors (OSPF) 306 bfd enable (Configuration) 304 bfd enable (Interface) 304 bfd interval 305 bfd neighbor 307 bfd protocol-liveness 307 BGP aggregate-address 320, 321, 401, 783, bgp always-compare-med 322, 785 bgp asnotation 322 bgp bestpath as-path ignore 323, 785 bgp bestpath med confed 324, 786 bgp client-to-client reflection 325, 787 bgp cluster-id 325, 787 bgp confederation identifier 326 Publication Date: July 20, 2011

784, 851

Command Line Reference for FTOS version 8.4.2.4

1789

bgp confederation peers 327, 789 bgp dampening 328, 402, 789, 852 bgp default local-preference 329, 790 bgp fast-external-fallover 330, 792 bgp graceful-restart 331, 793 bgp log-neighbor-changes 332, 793 bgp non-deterministic-med 332, 794 bgp router-id 335, 796 bgp soft-reconfig-backup 335, 796 capture bgp-pdu max-buffer-size 336, 797 capture bgp-pdu neighbor (ipv4) 336 capture bgp-pdu neighbor (ipv6) 797 clear ip bgp dampening 338 clear ip bgp flap-statistics 338, 403, 854 clear ip bgp ipv4 multicast soft 404 clear ip bgp ipv6 dampening 801 clear ip bgp ipv6 flap-statistics 801 clear ip bgp ipv6 unicast soft 802 clear ip bgp peer-group 338, 800 clear ip bgp soft 337 debug ip bgp 339, 803 debug ip bgp dampening 340 debug ip bgp events 341 debug ip bgp events (ipv6) 804 debug ip bgp ipv4 multicast soft-reconfiguration

405
debug ip bgp ipv6 dampening 804 debug ip bgp ipv6 unicast soft-reconfiguration 805 debug ip bgp keepalives 341, 806 debug ip bgp notifications 342, 806 debug ip bgp soft-reconfiguration 342 debug ip bgp updates 343, 406, 407, 807, 855 default-metric 344, 808 description 344, 808 distance bgp 345, 809 maximum-paths 345, 809 neighbor activate 346, 810 neighbor advertisement-interval 347, 811 neighbor allowas-in 348, 811 neighbor default-originate 348, 812 neighbor description 349, 812 neighbor distribute-list 349, 410, 813, 859 neighbor ebgp-multihop 350, 814 neighbor filter-list 351, 815 neighbor graceful-restart 352 neighbor local-as 353 neighbor maximum-prefix 353, 816 neighbor next-hop self 354, 817 neighbor password 355 neighbor peer-group assigning peers 356, 818 creating group 357, 819 neighbor remote-as 358, 820 neighbor remove-private-as 359, 820 1790

neighbor route-map 360, 413, 821, 862 neighbor route-reflector-client 360, 822 neighbor send-community 361, 822 neighbor shutdown 361, 823 neighbor subnet 363 neighbor timers 363, 825 neighbor update-source 364, 826 neighbor weight 365, 827 network 366, 827, 863 network backdoor 366, 828 redistribute 367, 416, 829, 864 redistribute isis 830 redistribute ospf 368, 369, 417, 830 router bgp 370, 831 show capture bgp-pdu neighbor (ipv4) 370 show config 371, 832 show ip bgp 372, 398 show ip bgp cluster-list 374, 418 show ip bgp community 375, 418, 867 show ip bgp community-list 376, 419, 868 show ip bgp dampened-paths 377, 420, 835, 868 show ip bgp extcommunity-list 380, 836 show ip bgp filter-list 420, 869 show ip bgp flap-statistics 382, 420, 869 show ip bgp inconsistent-as 383, 421, 838, 871 show ip bgp ipv4 multicast neighbors 423 show ip bgp ipv6 832, 833 show ip bgp ipv6 unicast cluster-list 833 show ip bgp ipv6 unicast community 834 show ip bgp ipv6 unicast community-list 834 show ip bgp ipv6 unicast detail 868 show ip bgp ipv6 unicast filter-list 836 show ip bgp ipv6 unicast flap-statistics 837 show ip bgp ipv6 unicast neighbors 839 show ip bgp ipv6 unicast summary 844 show ip bgp neighbor 871 show ip bgp neighbors 385 show ip bgp next-hops 389, 845 show ip bgp paths 390, 846 show ip bgp paths as-path 391, 847 show ip bgp paths community 392, 436, 437, 847 show ip bgp peer-group 393, 426, 843, 874 show ip bgp regexp 395, 848 show ip bgp summary 396, 426, 874 timers bgp 849 bgp bestpath med missing-as-best 324 bgp four-octet-as-support 330, 792 bgp regex-eval-optz-disable 333, 795 bgp soft-reconfig backup 335 bgp soft-reconfig-backup 402 boot change 52 boot config 16 boot host 17 boot messages 53 Command Index

boot network 18 boot selection 54 boot system 19 boot system gateway 19 boot zero 54 BOOT_USER 51 boot change 52 boot messages 53 boot selection 54 default-gateway 55 delete 56 dir 56 enable 57 format 57 ignore enable-password 57 ignore startup-config 58 interface management ethernet ip address 58 interface management ethernet mac-address 59 interface management ethernet port 60 interface management port config 60 reload 61 rename 61 show boot selection 62 show bootflash 63 show bootvar 63 show default-gateway 64 show interfaces management ethernet 65 bridge-priority (RSTP) 1362 bridge-priority (STP) 1529 buffer 1644, 1744

C
calendar set 1542 call-home 520 cam l2acl 466 cam-acl 450, 451, 732 cam-audit linecard 72 cam-ipv4flow (EtherScale) 463 cam-l2acl 466 cam-optimization 452 cam-profile default microcode 453 cam-profile eg-default microcode 453 cam-profile ipv4-320k microcode 453 cam-profile ipv4-egacl-16k microcode 453 cam-profile ipv4-v6-vrf 1582 cam-profile ipv6-extacl microcode 453 cam-profile l2-ipv4-inacl microcode 453 cam-profile microcode (Config mode) 452 cam-profile unified-default microcode 453 capture bgp-pdu max-buffer-size 336, 797 capture bgp-pdu neighbor (ipv4) 336 capture bgp-pdu neighbor (ipv6) 797

case-number 521 cd 20 change bootflash-image 20 channel-member 657 class-map 1279 clear alarms 72 clear arp-cache 677 clear bfd counters 308 clear counters ip access-group 203 clear counters ipv6 access-group 733 clear counters mac access-group 248 clear dampening 598 clear frrp 508 clear gvrp statistics interface 557 clear hardware btm 1673, 1722 clear hardware cpu party-bus 1610 clear hardware rpm mac counters 1610, 1674, clear hardware stack-unit 1749 clear hardware system-flow 1628, 1750 clear hardware unit 1624 clear host (DNS) 678 clear ip bgp 403, 853 clear ip bgp * (asterisk) 798 clear ip bgp as-number 799 clear ip bgp ipv4 multicast 853 clear ip bgp ipv6-address 799 clear ip bgp soft 337 clear ip fib linecard 678 clear ip mroute 1028 clear ip mroute snooping 1028 clear ip ospf statistics 1080 clear ip prefix-list 262 clear ip route 679 clear ipv6 fib 766 clear ipv6 ospf process 1140 clear ipv6 route 766 clear lacp counters 926 clear line 73 clear lldp counters 970 clear lldp neighbors 970 clear logging 1476 clear mac-address-table dynamic 934 clear qos statistics 1280 clear queue statistics ingress (QoS) 1317 clear tcp statistics 679 clear ufd-disable 1558 cli-command 523 cli-debug 523 cli-show (FTSA) 524 clock read-calendar 1543 clock set 1543 clock summer-time date 1544 clock summer-time recurring 1545 clock timezone 1546 Publication Date: July 20, 2011

1723

Command Line Reference for FTOS version 8.4.2.4

1791

clock update-calendar 1547 Community Access list deny 290 ip community-list 291 permit 292 show config 293 show ip community-lists 294 configure 73 contact-address 525, 527 contact-name 525, 526 contact-notes 526 continue (Route Map) 268 copy 21 copy (Streamline Upgrade) 22 copy flash 21, 44, 49 copy ftp

21, 44, 49
copy rpm0flash

21
copy rpm0slot0

21
copy rpm1 21 copy rpm1flash 21 copy run start 27 copy running-config 21 copy running-config ftp

22
copy running-config startup-config duplicate 23 copy running-config tftp

22
copy scp 21 copy slot0 21 copy startup-config 21 copy tftp 21, 44, 49 copy usbflash 21 crypto key generate 1410 cx4-cable-length 598

D
dampen 527 dampening 600 dataplane-diag disable dfo-reporting 1653, 1700 dataplane-diag disable loopback 1652, 1698 dataplane-diag disable sfm-bringdown 1699 dataplane-diag disable sfm-walk 1700 Debug debug arp 680 debug ftpserver 75 debug ip bgp 339 debug ip bgp (ipv6) 803 debug ip bgp dampening 340 debug ip bgp events 341

debug ip bgp events (ipv6) 804 debug ip bgp ipv4 soft-reconfiguration 405 debug ip bgp ipv6 dampening 804 debug ip bgp ipv6 unicast soft-reconfiguration 805 debug ip bgp keepalives 341, 806 debug ip bgp notifications 342, 806 debug ip bgp soft-reconfiguration 342 debug ip bgp updates 343, 406, 407, 807, 855 debug ip icmp 682 debug ip igmp 579 debug ip msdp 998 debug ip ospf 1081 debug ip packet 683 debug ip pim 1178 debug ip rip 1331 debug ipv6 pim 1203 debug isis 882 debug isis adj-packets 882 debug isis local-updates 883 debug isis snp-packets 883 debug isis spf-triggers 884 debug isis update-packets 884 debug multiple spanning-tree 1010 debug ntp 1547 debug radius 1393 debug spanning-tree 1530 debug vrrp 1592, 1605 show debugging 104 undebug all 154 debug bfd 308 debug callhome 528 debug cpu-traffic-stats 74, 1634 debug fefd 501 debug frrp 509 debug gvrp 557 debug ifm trace-flags 1631 debug ip bgp ipv4 multicast dampening (MBGP) 405 debug ip bgp peer-group updates (MBGP) 406 debug ip bgp updates (MBGP) 407 debug ip dhcp 681 debug ip ssh 1411 debug ip udp-helper 669 debug ipv6 pim 1203 debug lldp interface 971 debug protocol-tunnel 1440 debug spanning-tree rstp 1363 debug uplink-state-group 1559, 1563 default logging buffered 1476 default logging console 1477 default logging monitor 1477 default logging trap 1478 default-action 528 default-gateway 55 default-information originate (OSPF IPv6) 1142 Command Index

1792

default-metric (BGP) 344 default-test 529 delete 24, 56 deny 734 Community Access list 290 IP ACL (extended) 214 MAC ACL (extended) 256 MAC ACL (standard) 251 Prefix List 262 standard IP ACL 206 deny (AS-Path) 287 deny (BGP) 429 deny (Extended IP ACL) 214 deny arp 216 deny arp (Extended IP ACL) 216 deny ether-type (Extended IP ACL) 218 deny icmp (Extended IP ACL) 219 deny regex (BGP) 429 deny tcp 737 deny tcp (Extended IP ACL) 222 deny udp 739 deny udp (Extended IP ACL) 225 description (ACL VLAN) 296 description (ACL) 200 description (BGP) 344, 430, 808 description (FRRP) 509 description (FTSA) 529 description (IS-IS) 886 description (MSTP) 1011 description (PVST) 1252 description (RIP) 1333 description (Route Map) 269 description (RSTP) 1364 description (STP) 1531 description (VLAN) 956, 1084 diag linecard 1640, 1670, 1701, 1719 diag sfm 1654, 1702 diag stack-unit 1742 dir 24, 56 disable 75 disable (FRRP) 510 disable (GVRP) 558 disable (LLDP) 971 disable (MSTP) 1011 disable (PVST+) 1252 disable (RSTP) 1364 disable (STP) 1531 DNS clear host 678 ip domain-list 686 ip domain-lookup 687 ip domain-name 688 domain-name 530 dot1x auth-fail-vlan 184, 1402 Command Line Reference for FTOS version 8.4.2.4

dot1x auth-server 185, 1403 dot1x guest-vlan 185, 186, 1403 dot1x max-eap-req 187, 1404 dot1x port-control 188, 1405 dot1x quiet-period 189, 1405 dot1x reauthentication 189, 1406 dot1x reauth-max 190, 1406 dot1x server-timeout 191, 1407 dot1x supplicant-timeout 192, 1407 dot1x tx-period 192, 1407 download alt-boot-image 25 download alt-full-image 25 downstream 1560, 1562 downstream auto-recover 1561 duplex (10/100 Interfaces) 603 duplex (Management) 602

E
enable 57, 76, 530 enable xfp-power-updates enable-all 531 encrypt 532 end 77 epoch 78 exec-banner 79 exec-timeout 79 exit 80

F
failover group, LAG 659 fate-sharing group, LAG 659 FEFD 501 debug fefd 501 fefd 502 fefd disable 503 fefd interval 504 fefd mode 502 fefd reset 504 fefd-global 503 fefd-global interval 504 show fefd 505 fefd 502 fefd mode 502 flow-based enable 1229 flowcontrol 604 format 57 format (C-Series and E-Series) format flash (S-Series) 27 forward-delay (MSTP) 1012 forward-delay (RSTP) 1365 forward-delay (STP) 1532 Publication Date: July 20, 2011

1793

frequency 532 FTP debug ftpserver 75 ftp-server enable 80 ftp-server topdir 81 ftp-server username 82 ip ftp password 83 ip ftp source-interface 84 ip ftp username 84 FTSA description 529

G
garp timers 559 gvrp enable 560 gvrp registration 560

H
hardware monitor mac 1611, 1675, 1724 hardware watchdog 1612, 1676, 1724, 1751 hash-algorithm ecmp (C-Series and S-Series) 498 hello (LLDP) 972 hello-time (MSTP) 1012 hello-time (RSTP) 1365 hello-time (STP) 1532 hostname 82

I
IGMP clear ip igmp groups 578 debug ip igmp 579 igmp snooping fast-leave 590 ip igmp immediate-leave 580 ip igmp last-member-query-interval 581 ip igmp querier-timeout 581 ip igmp query-interval 582 ip igmp query-ma-resp-time 583 ip igmp static-group 584 show ip igmp groups 585 show ip igmp interface 587 IGMP Snooping igmp snooping flood 591 igmp snooping last-member-query-interval 591 igmp snooping querier 593 ip igmp snooping enable 590 ip igmp snooping mroute 592 show ip igmp snooping mrouter 593 ignore enable-password 57 Interface

clear counters 596 description 601 disable-on-sfm-failure 602 dot1p-priority 1268 interface 607 interface loopback 608 interface ManagementEthernet 609 interface null 610 interface port-channel 659 interface sonet 1495 interface vlan 615 ip unreachables 696 ipg 616 negotiation auto 622 show config 627 show interfaces 628, 640, 646, 1689, 1691, 1737 show interfaces linecard 639 show interfaces switchport 644 show ipv6 interfaces ManagementEthernet 776 shutdown 652 switchport 655 interface (FRRP) 510 interface management ethernet ip address 58 interface management ethernet mac-address 59 interface management ethernet port 60 interface management port config 60 interface range 611 interface range macro (define) 613 interface range macro name 614 interface vlan 615 ip access-group 203, 296 ip access-list extended (Extended IP ACL) 227 ip access-list standard 208 ip address 685 ip as-path access-list 287 ip community-list 291 ip control-plane egress-filter-traffic 1655, 1702 ip directed-broadcast 686 ip extcommunity-list (BGP) 430 ip fib download-igp-only 688 ip helper-address 689 ip helper-address hop-count disable 690 ip host 690, 768 ip igmp snooping enable 590 ip igmp snooping fast-leave 590 ip igmp snooping flood 591 ip igmp snooping last-member-query-interval 591 ip igmp snooping mrouter 592 ip igmp snooping querier 593 ip local-proxy-arp 1242 ip max-frag-count 691 ip mroute 1029 ip multicast-lag-hashing 1030 ip multicast-limit 1031 Command Index

1794

ip multicast-routing 1030, 1031, 1039 ip name-server 692, 768 ip pim bsr-border 1178 ip prefix-list 263 ip proxy-arp 693 ip radius source-interface 1393 ip redirects 694 ip route 694 ip route bfd 310 ip source-route 696 ip ssh authentication-retries 1412 ip ssh connection-rate-limit 1412 ip ssh hostbased-authentication enable 1413 ip ssh key-size 1413 ip ssh password-authentication 1414 ip ssh pub-key-file 1414 ip ssh rhostsfile 1415 ip ssh rsa-authentication (Config) 1416 ip ssh rsa-authentication (EXEC) 1417 ip ssh server 1417 ip udp-broadcast-address 670 ip udp-helper udp-port 670 ip vrf 1584 ip vrf forwarding 1587, 1588 ip vrf-vlan-block 1586 ipv6 access-list 742 ipv6 control-plane egress-filter-traffic 1703 ipv6 ospf area 1145 ipv6 ospf authentication 1146 ipv6 ospf cost 1148 ipv6 ospf dead-interval 1149 ipv6 ospf encryption 1147 ipv6 ospf hello-interval 1151 ipv6 ospf priority 1151 IPv6 PIM debug ipv6 pim 1203 ipv6 pim dr-priority 1205 ipv6 pim query-interval 1206 ipv6 pim sparse-mode 1209 show ipv6 pim bsr-router 1210 show ipv6 pim interface 1210 show ipv6 pim neighbor 1211 show ipv6 pim rp 1212 show ipv6 pim tib 1213 ipv6 pim dr-priority 1205 ipv6 pim query-interval 1206 ipv6 pim sparse-mode 1209 ipv6 route 770 ipv6 router isis (ISIS_IPv6) 895 ipv6 router ospf 1152, 1158 IS-IS advertise 879 area-password 880

clear config 881 clear isis 881 clns host 881 debug isis 882 debug isis adj-packets 882 debug isis local-updates 883 debug isis snp-packets 883 debug isis spf-triggers 884 debug isis update-packets 884 default-information originate 885 description 886 distance 886 distribute-list in 887 distribute-list out 888 domain-password 889 hello padding 893 hostname dynamic 893 ignore-lsp-errors 894 ip router isis 894 isis circuit-type 895 isis csnp-interval 896 isis hello-interval 897 isis hello-multiplier 897 isis metric 899 isis network point-to-point 900 isis password 900 isis priority 901 is-type 901 log-adjacency-changes 902 lsp-gen-interval 902 lsp-mtu 903 lsp-refresh-interval 903 max-area-addresses 904 maximum-paths 905 max-lsp-lifetime 905 metric-style 906 multi-topology 906 net 907 passive-interface 907 redistribute 908 redistribute ospf 910 router isis 912 set-overload-bit 912 show config 913 show isis database 913 show isis hostname 917 show isis interface 917 show isis neighbors 918 show isis protocol 920 spf-interval 922 isis bfd all-neighbors 311 isis hello padding 898

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1795

K
keepalive 617, 1495 keyadd 533 keyword (comparison to a value) 548 keyword message-text 549

L
lacp port-priority 928 lacp system-priority 928 LAG channel-member 657 interface port-channel 659 minimum-links 661 port-channel failover-group 661 show config 662 show interfaces port-channel 662 show port-channel-flow 665 LAG fate-sharing group 659 lfs enable 618 line 87 line aux 87 line console 87 line vty 88 linecard 88 link debounce 618 load-balance 699 Logging clear logging 1476 default logging buffered 1476 default logging console 1477 default logging monitor 1477 default logging trap 1478 logging 1478 logging buffered 1479 logging console 1479 logging facility 1480 logging history 1481 logging history size 1481 logging monitor 1482 logging on 1483 logging source-interface 1483 logging synchronous 1484 logging trap 1485 no logging on 1483 show logging 1486 logging 1478 logging buffered 1479 logging console 1479 logging coredump kernel disable 1655, 1704 logging coredump kernel server 1656, 1704 logging coredump linecard 1657, 1705

logging facility 1480 logging history 1481 logging history size 1481 logging kernel-coredump 28 logging kernel-coredump server logging monitor 1482 logging on 1483 logging source-interface 1483 logging synchronous 1484 logging trap 1485 log-messages 534 log-only 535

M
MAC Access list clear counters mac access-group 248 mac access-group 248 show mac accounting access-list 204, 249 MAC Access list (extended) deny 256 mac-access-list extended 257 permit 258 seq 260 MAC Access list (standard) deny 251 mac-access-list standard 252 permit 253 seq 254 mac access-group 248 mac access-list extended 257 mac access-list standard 252 mac accounting destination 935 mac cam fib-partition 940 mac learning-limit 941 mac learning-limit learn-limit-violation 943 mac learning-limit reset 944 mac learning-limit station-move-violation 944 mac learning-limit sticky 941 mac-address-table aging-time 936 mac-address-table static 937 mac-address-table station-move refresh-arp 939 mac-address-table station-move threshold 938, 939 match 536 match as-path (Route Map) 270 match community (Route Map) 270 match extcommunity (BGP) 431 match interface (Route Map) 271 match ip access-group 1281 match ip address (Route Map) 272 match ip dscp 1282 match ip next-hop (Route Map) 272 match ip precedence 1284

1796

Command Index

match ip route-source (Route Map) 273 match ipv6 address 759 match ipv6 next-hop 759 match ipv6 route-source 760 match mac access-group (policy QoS) 1285 match mac dot1p (policy QoS) 1285 match metric (Route Map) 274 match origin (Route Map) 274 match route-type (Route Map) 275 match tag (Route Map) 275 max-age (MSTP) 1013 max-age (RSTP) 1366 max-age (STP) 1533 max-hops (MSTP) 1014 MBGP Commands 399, 850 member (Stackable VLAN) 1571 member vlan 297 member-vlan (FRRP) 512 message-format 536 minimum-links 661 mode (FRRP) 512 mode (LLDP) 972 mode remote-port-mirroring 1230 monitor 619 Monitor Session description 1228 monitor session 1231 motd-banner 90 MSDP clear ip msdp peer 998 clear ip msdp sa-cache 998 debug ip msdp 998 ip msdp default-peer 999 ip msdp log-adjacency-changes 1000 ip msdp mesh-group 1000 ip msdp originator-id 1001, 1003 ip msdp peer 1002 ip msdp shutdown 1004 ip multicast-msdp 1005 show ip msdp 1005 msti (MSTP) 1014 MSTP debug spanning-tree mstp 1010 disable 1011 forward-delay 1012 hello-time 1012 max-age 1013 max-hops 1014 msti 1014 name 1015 protocol spanning-tree mstp 1016 revision 1017 show config 1017 show spanning-tree mst configuration 1018 Command Line Reference for FTOS version 8.4.2.4

show spanning-tree msti 1019 spanning-tree 1022 spanning-tree msti 1023 spanning-tree mstp 1024 mtrace 1033 mtu 621 Multiple Spanning Tree Protocol see MSTP 1009 multiplier (LLDP) 973

N
name (MSTP) 1015 name (VLAN) 959 neighbor 861 neighbor activate (BGP IPv6) 857 neighbor activate (MBGP) 408 neighbor advertisement-interval (BGP IPv6) 857 neighbor advertisement-interval (MBGP) 409 neighbor default-originate (BGP IPv6) 858 neighbor default-originate (MBGP) 409 neighbor filter-list aspath (BGP IPv6) 859 neighbor filter-list aspath (MBGP) 411 neighbor maximum-prefix (BGP IPv6) 860 neighbor maximum-prefix (MBGP) 411 neighbor next-hop-self (BGP IPv6) 861 neighbor next-hop-self (MBGP) 412 neighbor peer-group passive (BGP) 357 neighbor remove-private-as (BGP IPv6) 861 neighbor remove-private-as (MBGP) 413 neighbor route-map (BGP IPv6) 862 neighbor route-reflector-client (BGP IPv6) 862 neighbor route-reflector-client (BGP) 360 neighbor soft-reconfiguration inbound 362, 414, 824 network (BGP IPv6) 863 network (MBGP) 415 NTP debug ntp 1547 ntp authenticate 1548 ntp authentication-key 1549 ntp broadcast client 1550 ntp disable 1550 ntp multicast client 1550 ntp server 1551 ntp source 1552 ntp trusted-key 1552 ntp update-calendar 1553 show ntp associations 1555 show ntp status 1556

O
Object Tracking Publication Date: July 20, 2011 1797

debug track 1054 delay 1055 description 1056 show running-config track 1057 show track 1058 show track ipv6 route 1067 threshold metric 1060 track 1061 track interface ip route metric threshold 1062 track interface ip route reachability 1063 track interface ip routing 1064 track interface ipv6 route metric threshold 1070 track interface ipv6 route reachability 1071 track interface ipv6 routing 1069 track interface line-protocol 1065 track resolution ip route 1066 track resolution ipv6 route 1072 offline 1641, 1671, 1720 offline stack-unit 1742 online 1641, 1671, 1720 online stack-unit 1743 OSPF area default-cost 1075 area nssa 1076 area range 1076 area stub 1077 area virtual-link 1078 auto-cost 1079 clear ip ospf 1080 debug ip ospf 1081 default-information originate 1083 default-metric 1084 distance 1085 distance ospf 1086 distribute-list in 1086 distribute-list out 1087 enable inverse mask 1088 fast-convergence 1088 graceful-restart grace-period 1090, 1143 graceful-restart helper-reject 1090, 1150 graceful-restart mode 1091, 1144 graceful-restart role 1091 ip ospf auth-change-wait-time 1092 ip ospf authentication-key 1092 ip ospf cost 1093 ip ospf dead-interval 1093 ip ospf hello-interval 1094 ip ospf message-digest-key 1094 ip ospf mtu-ignore 1095 ip ospf network 1095 ip ospf priority 1096 ip ospf retransmit-interval 1097 ip ospf transmit-delay 1097 log-adjacency-changes 1098 1798

maximum-paths 1098 mib-binding 1098 network area 1099 passive-interface 1100 redistribute 1101 redistribute isis 1103 router ospf 1105 show config 1106 show ip ospf 1106 show ip ospf database 1109 show ip ospf database asbr-summary 1111 show ip ospf database database-summary 1123 show ip ospf database external 1113 show ip ospf database network 1115 show ip ospf database nssa-external 1117 show ip ospf database opaque-area 1117 show ip ospf database opaque-as 1119 show ip ospf database opaque-link 1119, 1120 show ip ospf database router 1121 show ip ospf interface 1125 show ip ospf neighbor 1127 show ip ospf virtual-links 1133 summary-address 1135 timers spf 1136

P
passive-interface (OSPF IPv6) 1152 permit 743 AS-Path Access list 288 Community Access list 292 IP ACL (standard) 208 MAC ACL (extended) 258 MAC ACL (standard) 253 Prefix list 264 standard IP ACL 208 permit (BGP) 432 permit (Extended IP ACL) 228 permit arp (Extended IP ACL) 230 permit ether-type (Extended IP ACL) 232 permit icmp (Extended IP ACL) 233 permit regex (BGP) 432 permit tcp 744 permit tcp (Extended IP ACL) 235 permit udp 747 permit udp (Extended IP ACL) 238 PIM-DM ip pim dense-mode 1174 PIM-SM clear ip pim rp-mapping 1176 clear ip pim snooping tib 1177 clear ip pim tib 1176 debug ip pim 1178

Command Index

ip pim dr-priority 1180, 1182 ip pim query-interval 1183 ip pim rp-address 1184, 1207 ip pim snooping 1186 ip pim sparse-mode 1187 ip pim sparse-mode sg-expiry-timer 1187 no ip pim snooping dr-flood 1189 show ip pim bsr-router 1190 show ip pim interface 1191 show ip pim neighbor 1192 show ip pim rp 1193 show ip pim snooping interface 1194 show ip pim snooping neighbor 1195 show ip pim summary 1198 show ip pim tib 1196, 1199 show running-config pim 1201 ping 90 policy (FTSA) 538 Policy based Routing ip redirect-group 1164 ip redirect-list 1165 redirect 1167 seq 1168 policy-action-list 538 policy-aggregate 1287 policy-map-input 1288 policy-map-output 1289 policy-test-list 539 Port Channel channel-member 657 interface port-channel 659 minimum-links 661 minimum-links command 661 show interfaces port-channel 662 port-channel failover-group 661 port-channel mode 929 port-channel-protocol lacp 929 portmode hybrid 624 port-shutdown 1494 power budget 1219 power inline 1220 power inline priority 1221 power-{off | on} sfm 1658, 1706 power-off 93 power-on 94 power-reset cycle 95 Prefix list clear ip prefix-list 262 deny 262 ip prefix-list 263 permit 264 seq 264 show config 265 show ip prefix-list detail 266 Command Line Reference for FTOS version 8.4.2.4

show ip prefix-list summary 266 private-vlan mapping secondary-vlan private-vlan mode 1243 pr-number 539 protocol frrp (FRRP) 513 protocol gvrp 561 protocol lldp (Configuration) 973 protocol lldp (Interface) 974 protocol spanning-tree (STP) 1533 protocol spanning-tree mstp 1016 protocol spanning-tree pvst 1254 protocol spanning-tree rstp 1367 protocol-tunnel enable 1442 protocol-tunnel rate-limit 1442 protocol-tunnel stp 1441 PVST description 1252 pwd 29

1244

Q
QoS bandwidth-percentage 1278 class-map 1279 match ip access-group 1281 match ip dscp 1282 match ip precedence 1284 policy-aggregate 1287 policy-map-input 1288 policy-map-output 1289 qos-policy-output 1291 rate limit 1269 rate shape 1272 rate-police 1295 rate-shape 1295 service-class dynamic dot1p 1272 service-policy input 1296 service-policy output 1297 service-queue 1298 show interfaces rate 1274 show qos class-map 1302 show qos policy-map 1303 show qos policy-map-input 1304 show qos policy-map-output 1305 show qos qos-policy-input 1306 show qos qos-policy-output 1306 show qos statistics 1307 strict-priority queue 1276 threshold 1313 trust diffserv 1314 wred 1315 wred-profile 1316 qos 1291

Publication Date: July 20, 2011

1799

qos-policy-input 1290 qos-policy-output 1291 queue backplane 1291 queue backplane ignore-backpressure 1291 queue egress multicast linecard (policy QoS) 1292 queue ingress multicast (policy QoS) 1293

R
RADIUS debug radius 1393 ip radius source-interface 1393 radius-server deadtime 1394 radius-server host 1394 radius-server key 1396 radius-server retransmit 1396 radius-server timeout 1397 rate limit (QoS) 1269 rate police (QoS) 1270 rate shape (QoS) 1272 rate-interval 626 rate-police 1295 recipient 540 redistribute (BGP IPv6) 864 redistribute (BGP) 367 redistribute (MBGP) 416 redistribute (OSPF IPv6) 1153 redistribute bgp 1102 redistribute isis (BGP) 368 redistribute ospf BGP 369, 831 redistribute ospf (BGP) 369 redistribute ospf (MBGP) 417 Redundancy redundancy primary 569 redundancy protocol 570 show redundancy 574, 1511 redundancy auto-failover-limit 567 redundancy disable-auto-reboot 568, 1510 redundancy force-failover 568 redundancy force-failover rpm 568 redundancy force-failover stack-unit 1510 redundancy primary rpm 569 redundancy protocol lacp 570 redundancy protocol xstp 570 redundancy reset-counter 570 redundancy sfm standby 570 redundancy synchronize 572 reload 61, 94 remark 200 rename 29, 61 resequence access-list 210 resequence access-list (Extended IP ACL) 240

resequence prefix-list ipv4 211 resequence prefix-list ipv4 (Extended IP ACL) reset 95 reset hard 95 reset linecard 95 reset rpm 95 reset sfm 95, 1661, 1710 reset sfm standby 95 reset stack-unit 1510 restore factory-defaults 61 revision (MSTP) 1017 RIP auto-summary 1330 clear ip rip 1330 debug ip rip 1331 default-information originate 1332 default-metric 1332 description 1333 distance 1333 distribute-list in 1334 distribute-list out 1335 ip poison-reverse 1336 ip rip receive version 1336 ip rip send version 1337 ip split-horizon 1337 maximum-paths 1338 neighbor 1338 network 1339 offset-list 1339 output-delay 1340 passive-interface 1341 redistribute 1342 redistribute isis 1342 redistribute ospf 1343 router rip 1344 show config 1344 show ip rip database 1345 show running-config rip 1346 timers basic 1347 version 1348 rmon alarm 1350 rmon collection history 1351 rmon collection statistic 1352 rmon collection statistics 1352 RMON Commands 1349 rmon event 1352 rmon hc-alarm 1353 Route map match as-path 270 match community 270 match interface 271 match ip address 272 match ip next-hop 272 match ip route-source 273

241

1800

Command Index

match metric 274 match origin 274 match route-type 275 match tag 275 route-map 276 set as-path 277 set automatic-tag 278 set comm-list delete 278 set community 279 set level 280 set local-preference 281 set metric 281 set metric-type 282 set next-hop 282 set origin 283 set tag 284 set weight 284 show route-map 285 route-map 761 route-map (Route Map) 276 router bgp (BGP) 370 router-id 1104 router-id (OSPF IPv6) 1154 RSTP bridge-priority 1362 debug spanning-tree rstp 1363 disable 1364 forward-delay 1365 hello-time 1365 max-age 1366 protocol spanning-tree rstp 1367 show config 1367 show spanning-tree rstp 1368 spanning-tree rstp 1370 run-cpu 540

S
sample-rate 541 schedule 522 SCP ip scp topdir 1411 scramble-atm (SONET) 1502 Security aaa authentication login 1382 enable password 1384 enable restricted 1385 login authentication 1386 password 1387 privilege level 1379, 1380 service password-encryption 1389 show privilege 1389 show users 1390

timeout login response 1391 username 1391 send 96 seq 752 IP ACL (standard) 212 MAC Access list (extended) 260 MAC ACL (standard) 254 Prefix list 264 seq (Extended IP ACL) 245 seq arp (Extended IP ACL) 242 seq ether-type (Extended IP ACL) 243 server 542 service power-off 89 service timestamps 97 service-policy-input 1296, 1308, 1309, 1310 service-policy-output 1297 service-queue 1298 set (policy QoS) 1299 set as-path (Route Map) 277 set automatic-tag (Route Map) 278 set comm-list delete (Route Map) 278 set community (Route Map) 279 set extcommunity rt (BGP) 433 set extcommunity soo (BGP) 434 set ipv6 next-hop 761 set level (Route Map) 280 set local-preference (Route Map) 281 set metric (Route Map) 281 set metric-type (Route Map) 282 set next-hop (Route Map) 282 set origin (Route Map) 283 set tag (Route Map) 284 set weight (Route Map) 284 sflow collector 1447 sflow enable (Global) 1448 sflow enable (Interface) 1448 sflow extended-gateway enable 1449 sflow extended-router 1450 sflow extended-switch enable 1451 sflow polling-interval (Global) 1451 sflow polling-interval (Interface) 1452 sflow sample-rate (Global) 1453 sflow sample-rate (Interface) 1453 show accounting 1376 show acl-vlan-group 297 show acl-vlan-group detail 299 show bfd counters 312 show bfd neighbors 313, 314 show boot selection 62 show bootflash 63 show bootvar 31, 63 show calendar 1553 show cam ipv4flow 464 show cam layer2-qos (policy QoS) 1299 Publication Date: July 20, 2011 1801

Command Line Reference for FTOS version 8.4.2.4

show cam layer3-qos (policy QoS) 1301 show cam mac linecard (count) 945 show cam mac linecard (dynamic or static) 947 show cam mac stack-unit 949 show cam maccheck linecard 946 show cam-acl 454, 754 show cam-ipv4flow 1668, 1717 show cam-l2acl 467 show cam-profile 445, 455, 1668, 1717 show cam-usage 457 show capture bgp-pdu neighbor (ipv4) 370 show chassis 99, 1668, 1717 show clock 1554, 1668, 1717 show command-history 1635, 1659, 1708 show config 476, 755, 762 AS-PATH ACL 289 Community-list 293 Prefix list 265 show config (ACL VLAN group) 300 show config (ACL) 201 show config (from INTERFACE RANGE mode) 627 show config (GVRP) 561 show config (LAG) 662 show config (MSTP) 1017 show config (port monitor) 1232 show config (Route Map) 285 show config (RSTP) 1367 show config (STP) 959, 1534 show config (VLAN) 959 show configuration 543 show console lp 102, 1635, 1660, 1709 show controllers (SONET) 1502 show control-traffic 1676 show control-traffic ingress 1677 show cpu-interface-stats 1625, 1677, 1678, 1692,

1693, 1725
show cpu-traffic-stats 103, 1636 show crypto 1418 show crypto ipsec policy 1154, 1156 show crypto ipsec sa ipv6 1156 show debugging 543 show default-gateway 64 show diag 1642, 1672, 1721 show diag sfm 1662, 1711 show dot1x cos-mapping interface 193 show dot1x interface 195, 1408 show environment 105, 107, 1668, 1717 show fefd 505 show file 32 show file-system 1668, 1717 show file-systems 33 show frrp 513 show garp timers 561 show gvrp 562 1802

show gvrp statistics 563 show hardware acl 1629 show hardware btm 1680, 1727 show hardware cpu data-plane 1619 show hardware cpu party-bus 1612 show hardware drops 1617 show hardware interface phy 1621 show hardware layer2 acl 1751 show hardware layer3 1752 show hardware layer3 qos linecard port-set 1629 show hardware linecard fpc forward 1682, 1729 show hardware linecard fpc lookup detail 1685, 1732 show hardware linecard fpga 1637 show hardware linecard poe-status 1643 show hardware rpm cp 1733 show hardware rpm cpu management 1615 show hardware rpm fpga 1637 show hardware rpm mac 1613 show hardware rpm mac counters 1687, 1735 show hardware rpm rp1/rp2 1736 show hardware stack-unit 1752 show hardware system-flow 1758 show hardware system-flow layer2 linecard 1630 show hardware unit 1627 show hosts 705 show interface 1668, 1717 show interfaces 628 show interfaces configured 635 show interfaces dampening 636 show interfaces debounce 637 show interfaces description 637 show interfaces gigabitethernet phy 640, 1689 show interfaces gigabitethernet transceiver 646, 1691 show interfaces link-status 1688 show interfaces management ethernet 65 show interfaces police (QoS) 1276 show interfaces port-channel 662 show interfaces private-vlan 1245 show interfaces rate 1274 show interfaces stack-unit 642 show interfaces status 643 show interfaces tenGigabitEthernet link-status 1737 show inventory 109, 1668, 1717 show inventory (S-Series) 111 show ip accounting access-list 205 show ip as-path-access-lists 289 show ip bgp 372 show ip bgp ipv4 extcommunity-list 435 show ip bgp ipv4 multicast 422, 865 show ip bgp ipv6 unicast dampened-paths 835 show ip bgp ipv6 unicast detail 868 show ip bgp regexp 395 show ip cam linecard 706 show ip cam stack-unit 708 Command Index

show ip community-lists 294 show ip extcommunity-list 437 show ip fib linecard 710 show ip fib stack-unit 711 show ip flow 712 show ip interface 713 show ip management-route 716, 1668, 1717 show ip mroute 578, 579, 580, 581, 582, 583,

584,

585, 587, 1029, 1033, 1035, 1037, 1039 show ip ospf asbr 1108 show ip prefix-list detail 266 show ip prefix-list summary 266 show ip protocols 717, 1668, 1717 show ip route 718 show ip route list 721 show ip route summary 722, 1668, 1717 show ip ssh client-pub-keys 1420 show ip ssh rsa-authentication 1420 show ip traffic 723 show ip udp-helper 671 show ip vrf 1587 show ipv6 fib linecard 774, 775 show ipv6 interface 776 show ipv6 ospf database 1158 show ipv6 ospf neighbor 1161 show ipv6 pim bsr-router 1210 show ipv6 pim interface 1210 show ipv6 pim neighbor 1211 show ipv6 pim rp 1212 show ipv6 pim tib 1213 show isis traffic 920 show keys 544 show lacp 930 show linecard 34, 112 show linecard boot-information 115 show lldp neighbors 974 show lldp statistics 975 show logging 1486 show logging driverlog 1694, 1738 show mac accounting access-list 204, 249 show mac accounting destination 953 show mac cam 954 show mac learning-limit 955 show mac-address-table 950 show mac-address-table aging-time 952 show memory 117 show memory (S-Series) 118 show monitor session 1233 show os-version 35 show port-channel-flow 665 show power detail 1222 show power inline 1223 show power supply 1223 show processes cpu 119, 1668, 1717
Command Line Reference for FTOS version 8.4.2.4

show processes cpu (S-Series) 121 show processes ipc 1663, 1712 show processes ipc flow-control 126, 1664, 1713 show processes memory 129, 133, 1668, 1717 show processes switch-utilization 135 show protocol-tunnel 1443 show qos class-map 1302 show qos policy-map 1303 show qos policy-map-input 780, 1304 show qos policy-map-output 1305 show qos qos-policy-input 1306 show qos qos-policy-output 1306 show qos statistics 1307 show qos wred-profile 1310 show queue statistics egress (QoS) 1318 show queue statistics ingress (QoS) 1322 show range 651 show redundancy 1511, 1668, 1717 show revision 1627, 1666, 1715 show rmon 1354 show rmon alarms 1354 show rmon events 1355 show rmon hc-alarm 1356 show rmon history 1357 show rmon log 1358 show rmon statistics 1359 show route-map 763 show route-map (Route Map) 285 show rpm 135, 1668, 1717 show running config acl-vlan-group 300 show running-conf 1668, 1717 show running-config 36 show running-config bgp 398 show running-config extcommunity-list 437 show running-config hardware-monitor 1738 show running-config lldp 975 show running-config monitor session 1234 show running-config uplink-state-group 1564 show sflow 1454 show sflow linecard 1455 show sfm 39, 1668, 1717 show snmp 1458 show snmp engineID 1459 show snmp group 1460 show snmp user 1461 show software ifm 137, 1631 show software macagent 1633 show spanning-tree 0 (STP) 1535 show spanning-tree mst configuration 1018 show spanning-tree msti 1019 show spanning-tree pvst 1255 show spanning-tree rstp 1368 show startup-config 40 show storm-control broadcast 1520, 1521 1803

Publication Date: July 20, 2011

show storm-control unknown-unicast 1522 show switch links 139 show system (S-Series) 139 show system stack-ports 1512 show tcp statistics 727 show tdr 668 show tech-support 19, 20, 27, 33, 34, 53, 54, 55, 57,

58, 59, 60, 61, 62, 64, 65, 142, 156, 1667, 1716 show tech-support stack-unit 145 show uplink-state-group 1564 show version 41, 1668, 1717 show vlan 960 show vlan private-vlan 1246 show vlan private-vlan mapping 1248 shutdown (port, LAG, VLAN) 652 smtp 545
SNMP show snmp 1458, 1460 show snmp user 1461 snmp trap link-status 1475 snmp-server community 1462 snmp-server contact 1464 snmp-server enable traps 1465 snmp-server host 1468 snmp-server location 1470, 1471 snmp-server trap-source 1471 snmp ifmib ifalias long 1461 snmp-server engineID 1466 snmp-server group 1467 snmp-server user 1472 snmp-server view 1474 SONET ais-shut 1490 alarm-report 1490 clock source 1491 debug ppp 1491 delay triggers 1492 down-when-looped 1493 encap 1493 flag 1494 framing 1494 hardware monitor 1494 interface sonet 1495 loopback 1496 ppp authentication 1496 ppp chap hostname 1497 ppp chap password 1498 ppp chap rem-hostname 1498 ppp chap rem-password 1499 ppp next-hop 1499 ppp pap hostname 1500 ppp pap password 1500 ppp pap rem-hostname 1501 ppp pap rem-password 1501 1804

scramble-atm 1502 show controllers 1502 show interfaces sonet 1505 speed 1507 source (port monitoring) 1235 source (remote port mirroring) 1236 source remote vlan (remote port mirroring) 1238 Spanning Tree bridge-priority 1529 debug spanning-tree 1530 description 1011, 1364, 1531 disable 1252, 1531 forward-delay 1532 hello-time 1532 max-age 1533 protocol spanning-tree 1533 show config 959, 1534 show spanning-tree 0 1535 spanning-tree 1538 spanning-tree (MSTP) 1022 spanning-tree 0 (STP) 1538 spanning-tree msti 1023 spanning-tree mstp 1024 spanning-tree pvst 1258 spanning-tree rstp 1370 speed 10/100/1000 Base-T Ethernet Interfaces 653 Management interface 654 S-Series-only commands redundancy disable-auto-reboot 1510 reset stack-unit 1510 show hardware layer2 acl 1751 show hardware layer3 1752 show hardware stack-unit 1752 show hardware system-flow 1758 show redundancy 1511 show system stack-ports 1512 stack-unit priority 1515 stack-unit provision 1515 stack-unit renumber 1516 upgrade system stack-unit 1517 SSH show ip ssh 1419 ssh 1421 ssh-peer-rpm 148 stack-unit priority 1515 stack-unit provision 1515 stack-unit renumber 1516 startup-config 58 start-vlan-id 1588 storm-control broadcast 1523, 1524, 1525 storm-control unknown-unicast 1526 strict-priority queue 1276 switchport 655 Command Index

switchport backup interface 655 switchport mode private-vlan 1249

T
TACACS ip tacacs source-interface 1398 tagged destination 1239 tc-flush-standard 1261, 1372 tc-flush-standard (MSTP) 1025 tdr-cable-test 667 Telnet ip telnet server enable 85 ip telnet source-interface 86 telnet 149 telnet-peer-rpm 150 terminal length 151 terminal monitor 1488 terminal xml 151 test cam-usage 460, 757 test-condition (comparing FTSA samples) 546 test-limit 551 test-list (FTSA) 552 TFTP ip tftp source-interface 87 threshold 1313 Time Domain Reflectometer show tdr 668 tdr-cable-test 667 timer (FRRP) 514 Trace list clear counters ip trace-group 1422 deny 1423 deny udp 1425 ip trace-group 1426 ip trace-list 1426 permit tcp 1428 seq 1430 show config 1431 show ip accounting trace-lists 1432 traceroute 152 track ip 964 trust diffserv 1314

upgrade booted 44 upgrade bootflash-image 42, 44 upgrade bootselector-image 42, 44 upgrade fpga-image 48 upgrade ftp 45 upgrade linecard 43, 44 upgrade rpm 43, 44 upgrade scp 45 upgrade sfm-fpga 46 upgrade system 45 upgrade system stack-unit (S-Series stack member)

1517
upgrade system-image 42, upgrade tftp 45 uplink-state-group 1566 upload trace-log 154 upstream 1559, 1567

V
virtual-ip 155 VLAN default vlan-id 957 description 956, 1084 interface vlan 615 show vlan 960 tagged 963 untagged 965, 1240 vrrp-group 1602, 1608 vlan bridge-priority (PVST+) 1262 vlan forward-delay 1263 vlan hello-time (PVST+) 1264 vlan max-age (PVST+) 1265 vlan-stack access 1573 vlan-stack compatible 1574 vlan-stack protocol-type 1576 vlan-stack trunk 1577 VRRP advertise-interval 1590 authentication-type 1590 clear vrrp counters 1591, 1604 debug vrrp 1592, 1605 description 1593 disable 1593 hold-time 1594 preempt 1594 priority 1595 show config 1595 show vrrp 1596, 1606 track 1600 virtual-address 1601

U
undebug all 154 untagged destination 1240 upgrade 42, 43 upgrade (S-Series management unit) 45 upgrade all 43, 44 upgrade boot 45

Command Line Reference for FTOS version 8.4.2.4

Publication Date: July 20, 2011

1805

W
wanport 656 wred 1298, 1315

wred-profile 1316 write 156 write memory 27

1806

Command Index

FTOS Configuration Guide
No ratings yet
FTOS Configuration Guide
1,220 pages
Manual Datacom DM 4250 PDF
100% (1)
Manual Datacom DM 4250 PDF
713 pages
HPE - A00059864en - Us - Onyx For HPE StoreFabric M-Series Ethernet Switch User Manual
No ratings yet
HPE - A00059864en - Us - Onyx For HPE StoreFabric M-Series Ethernet Switch User Manual
1,666 pages
OcNOS-SP VXLAN Guide PDF
No ratings yet
OcNOS-SP VXLAN Guide PDF
462 pages
HP ProCurve - Management and Configuration Guide W.14.03
100% (1)
HP ProCurve - Management and Configuration Guide W.14.03
618 pages
OcNOS-SP Config Guide
No ratings yet
OcNOS-SP Config Guide
4,190 pages
Ocnos DC Layer 3 Guide
No ratings yet
Ocnos DC Layer 3 Guide
1,744 pages
Arista ConfigGuide
No ratings yet
Arista ConfigGuide
564 pages
Arista EOS ConfigGuide
100% (1)
Arista EOS ConfigGuide
934 pages
Ome P 40 Users Guide en Us
No ratings yet
Ome P 40 Users Guide en Us
226 pages
Advanced Traffic Management Guide
100% (1)
Advanced Traffic Management Guide
460 pages
ConfigGuide Arista
No ratings yet
ConfigGuide Arista
742 pages
EOS-4 17 0F-Manual
No ratings yet
EOS-4 17 0F-Manual
2,368 pages
Arista ConfigGuide
No ratings yet
Arista ConfigGuide
2,242 pages
S55 CLI 8.3.5.2 30-Nov-2011
No ratings yet
S55 CLI 8.3.5.2 30-Nov-2011
1,116 pages
Force10-S25v-S50v-N - Reference Guide4 - En-Us PDF
No ratings yet
Force10-S25v-S50v-N - Reference Guide4 - En-Us PDF
1,686 pages
All-Products Esuprt Ser Stor Net Esuprt Force10 Force10-S4820 Reference Guide2 En-Us
No ratings yet
All-Products Esuprt Ser Stor Net Esuprt Force10 Force10-S4820 Reference Guide2 En-Us
1,114 pages
Scg-Ie4010 5000
No ratings yet
Scg-Ie4010 5000
1,160 pages
User Manual RSPE32
No ratings yet
User Manual RSPE32
975 pages
Force10-S25p - Reference Guide - En-Us PDF
No ratings yet
Force10-S25p - Reference Guide - En-Us PDF
1,262 pages
TCS CLI 8.4.2.7 Oct-01-2012
No ratings yet
TCS CLI 8.4.2.7 Oct-01-2012
1,640 pages
ManualCollection BRS HiOS-2S-09600 en
No ratings yet
ManualCollection BRS HiOS-2S-09600 en
825 pages
M4300 Series and M4300-96X Fully Managed Switches: CLI Command Reference Manual
No ratings yet
M4300 Series and M4300-96X Fully Managed Switches: CLI Command Reference Manual
1,147 pages
Config Guide
No ratings yet
Config Guide
1,708 pages
Ocnos DC Vxlan Guide
No ratings yet
Ocnos DC Vxlan Guide
592 pages
Poweredge-M1000e User's Guide12 En-Us
No ratings yet
Poweredge-M1000e User's Guide12 En-Us
737 pages
57 ManualCollection - GRS103 - HiOS-2S-09100 - en
No ratings yet
57 ManualCollection - GRS103 - HiOS-2S-09100 - en
643 pages
FTOS Configuration Guide For The S55 System FTOS 8.3.5.5
No ratings yet
FTOS Configuration Guide For The S55 System FTOS 8.3.5.5
780 pages
Arista EOS ConfigGuide PDF
No ratings yet
Arista EOS ConfigGuide PDF
934 pages
Powerconnect-5324 Reference Guide En-Us
No ratings yet
Powerconnect-5324 Reference Guide En-Us
388 pages
Ocnos DC Multicast Guide
No ratings yet
Ocnos DC Multicast Guide
326 pages
Force10-S60 Reference Guide3 En-Us
No ratings yet
Force10-S60 Reference Guide3 En-Us
830 pages
MRX UserManual
No ratings yet
MRX UserManual
254 pages
Ocnos DC Qos Guide
No ratings yet
Ocnos DC Qos Guide
259 pages
Dell Powerconnect 5548 Users Guide
No ratings yet
Dell Powerconnect 5548 Users Guide
728 pages
DD VE 3.1 Best Practices VMware v1.2.02
100% (1)
DD VE 3.1 Best Practices VMware v1.2.02
21 pages
OcNOS-SP Timing-Sync Guide
No ratings yet
OcNOS-SP Timing-Sync Guide
166 pages
Bti7800 Cli Ref Guide
No ratings yet
Bti7800 Cli Ref Guide
298 pages
700 - 7000 Managed Industrial Ethernet Switches Software Manual
No ratings yet
700 - 7000 Managed Industrial Ethernet Switches Software Manual
153 pages
Wc5022-5024 User Guide En-Global
No ratings yet
Wc5022-5024 User Guide En-Global
360 pages
Westermo MG 6623-3210 BRD-MRD
No ratings yet
Westermo MG 6623-3210 BRD-MRD
278 pages
Freenas Documentation: Release 9.10-Stable
No ratings yet
Freenas Documentation: Release 9.10-Stable
296 pages
Teldat Dm704-I Configuration Monitoring
No ratings yet
Teldat Dm704-I Configuration Monitoring
187 pages
XOS 9.5.4.0 Xos Configuration Guide
No ratings yet
XOS 9.5.4.0 Xos Configuration Guide
306 pages
Big-Ip Advanced Routing™: Integrated Management Interface Command Line Interface Reference Guide
No ratings yet
Big-Ip Advanced Routing™: Integrated Management Interface Command Line Interface Reference Guide
162 pages
Configuration and Monitoring Teldat-Dm70 PDF
No ratings yet
Configuration and Monitoring Teldat-Dm70 PDF
180 pages
Power Connect M6220 User Guide
No ratings yet
Power Connect M6220 User Guide
799 pages
Tsunami8100 SoftwareMgmtGuide-V4.2 SWV2.4.3
No ratings yet
Tsunami8100 SoftwareMgmtGuide-V4.2 SWV2.4.3
250 pages
Netgear GS752TXS User Manual
No ratings yet
Netgear GS752TXS User Manual
318 pages
SOLIDserver Hardening Guide-8.2
No ratings yet
SOLIDserver Hardening Guide-8.2
82 pages
Techsheet Os10 5 3 0 Os9 Pub en Us
No ratings yet
Techsheet Os10 5 3 0 Os9 Pub en Us
66 pages
BASA 200 Brocade Associate SAN Administrator: Lab Guide
No ratings yet
BASA 200 Brocade Associate SAN Administrator: Lab Guide
152 pages
AP9635 User Guide EN
No ratings yet
AP9635 User Guide EN
105 pages
Tsunami A2MP-81XX-CPE - ReferenceManualv2.2 - SWv2.3.5
No ratings yet
Tsunami A2MP-81XX-CPE - ReferenceManualv2.2 - SWv2.3.5
88 pages
ProSafe Plus Utility 3 0 UM 23sept10
No ratings yet
ProSafe Plus Utility 3 0 UM 23sept10
38 pages
User'S Guide: Inrow RD 100-Series Inrow RD 200-Series
No ratings yet
User'S Guide: Inrow RD 100-Series Inrow RD 200-Series
76 pages
User Manual Teac WAP-AX100
No ratings yet
User Manual Teac WAP-AX100
43 pages
User Guide: Managed Switch LGS5XX
No ratings yet
User Guide: Managed Switch LGS5XX
100 pages
Smartfabric Os10 5 3 Sourcebook
No ratings yet
Smartfabric Os10 5 3 Sourcebook
28 pages
Tenor DX Voip Multipath/Gateway Switch: Product Guide
No ratings yet
Tenor DX Voip Multipath/Gateway Switch: Product Guide
102 pages
GLBA White Paper
No ratings yet
GLBA White Paper
18 pages
Aerohive Primer PDF
No ratings yet
Aerohive Primer PDF
2 pages
SOLIDserver Release Notes-8.2
No ratings yet
SOLIDserver Release Notes-8.2
5 pages
Embedded Gateway
No ratings yet
Embedded Gateway
27 pages
Installed Products
No ratings yet
Installed Products
4 pages
Alternatives For Securing Virtual Networks
No ratings yet
Alternatives For Securing Virtual Networks
7 pages
VH2402S Configuration Guide
No ratings yet
VH2402S Configuration Guide
116 pages
S60 Config 8.3.3.7 30-Nov-2011
No ratings yet
S60 Config 8.3.3.7 30-Nov-2011
868 pages
Getting Started
No ratings yet
Getting Started
3 pages
Cloudera QuickStart
No ratings yet
Cloudera QuickStart
1 page
Tenor DX Voip Multipath/Gateway Switch: Product Guide
No ratings yet
Tenor DX Voip Multipath/Gateway Switch: Product Guide
102 pages
Controller-Less Wi-Fi: Less Hardware, More Value
No ratings yet
Controller-Less Wi-Fi: Less Hardware, More Value
8 pages
Hiveap 300 Series: Product Specifications Sheet Warranty and Support Information
No ratings yet
Hiveap 300 Series: Product Specifications Sheet Warranty and Support Information
4 pages
Hive Manager
No ratings yet
Hive Manager
2 pages
Force10 Networks' Traverse and Traverseedge Family of Multiservice Transport Platforms
No ratings yet
Force10 Networks' Traverse and Traverseedge Family of Multiservice Transport Platforms
2 pages
Quizlet PDF
No ratings yet
Quizlet PDF
3 pages
ChatGPT for Business: Strategies for Success
From Everand
ChatGPT for Business: Strategies for Success
Matthew C. Smith
1/5 (1)
Securing ChatGPT: Best Practices for Protecting Sensitive Data in AI Language Models
From Everand
Securing ChatGPT: Best Practices for Protecting Sensitive Data in AI Language Models
Matthew C. Smith
No ratings yet
Gray Hat Hacking the Ethical Hacker's
From Everand
Gray Hat Hacking the Ethical Hacker's
Çağatay Şanlı
5/5 (1)