Extreme Networks EX-3524/EX-3548 Owner's manual

www.edge-core.com

EX-3524/EX-3548

Layer 2 Gigabit Ethernet PoE/PoE+ Switch

CLI Reference Guide

– 2 –

Zebra and the Zebra head graphic are registered trademarks of ZIH Corp. The Symbol logo is a

registered trademark of Symbol Technologies, Inc., a Zebra Technologies company.

– 3 –

How to Use This Guide

This guide includes detailed information on the switch software, including how to

operate and use the management functions of the switch. To deploy this switch

effectively and ensure trouble-free operation, you should first read the relevant

sections in this guide so that you are familiar with all of its software features.

Who Should

Read this Guide?

This guide is for network administrators who are responsible for operating and

maintaining network equipment. The guide assumes a basic working knowledge of

LANs (Local Area Networks), the Internet Protocol (IP), and Simple Network

Management Protocol (SNMP).

How this Guide

is Organized

This guide describes the switch’s command line interface (CLI). For more detailed

information on the switch’s key features refer to the System Reference Guide.

The guide includes these sections:

◆ Section I “Getting Started” — Includes information on initial configuration.

◆ Section II “Command Line Interface” — Includes all management options

available through the CLI.

◆ Section III “Appendices” — Includes information on troubleshooting switch

management access.

This guide focuses on switch software configuration through the CLI.

For information on how to manage the switch through the Web management

interface, see the following guide:

System Reference Guide

For information on how to install the switch, see the following guide:

Installation Guide

For all safety information and regulatory statements, see the following documents:

Quick Start Guide

Safety and Regulatory Information

How to Use This Guide

– 4 –

Conventions The following conventions are used throughout this guide to show information:

Note:

Emphasizes important information or calls your attention to related features

or instructions.

Caution:

Alerts you to a potential hazard that could cause loss of data, or damage

the system or equipment.

Warning:

Alerts you to a potential hazard that could cause personal injury.

Revision History This section summarizes the changes in each revision of this guide.

December 2014 Revision

This is the third version of this guide. This guide is valid for software release

v5.0.0.0-07D. This release includes a major change in the underlying software

platform. It contains the following changes:

◆ Updated data displayed by the commands "show access-list tcam-utilization"

on page 99, "show memory" on page 100, and "show process cpu" on page 100

◆ Updated syntax for "show running-config" on page 101.

◆ Added the command "show tech-support" on page 104.

◆ Updated display output for the command "show version" on page 106.

◆ Added the commands "show watchdog" on page 107 and "watchdog software"

on page 107.

◆ Updated syntax for the command "copy" on page 110.

◆ Updated syntax for the command "delete" on page 113.

◆ Added the command "upgrade opcode reload" on page 118

◆ Added the section "TFTP Configuration Commands" on page 118.

◆ Removed the “auto” option from the command "speed" on page 127.

◆ Added the command "terminal" on page 129.

◆ Updated display output for the command "show line" on page 130.

How to Use This Guide

– 5 –

◆ Updated syntax for the commands "logging host" on page 133 and "logging

sendmail host" on page 138.

◆ Added the section "NTP Commands" on page 145.

◆ Added the commands "clock summer-time (predefined)" on page 150 and

"clock summer-time (recurring)" on page 151.

◆ Removed the command “clock timezone-predefined” from the section "Manual

Configuration Commands" on page 149.

◆ Added the section "Adopt Device" on page 164.

◆ Updated syntax for the command "snmp-server enable traps" on page 176.

◆ Added the commands "snmp-server enable port-traps mac-notification" on

page 179 and "show snmp-server enable port-traps" on page 180.

◆ Added the section "Additional Trap Commands" on page 192.

◆ Updated description of “level” parameter for the command "enable password"

on page 204.

◆ Updated description of “access level” parameter for the command "username"

on page 205.

◆ Added the commands "privilege" on page 207 and "show privilege" on

page 207.

◆ Updated syntax for the command "tacacs-server host" on page 215.

◆ Added the commands "tacacs-server retransmit" on page 216 and "tacacs-

server timeout" on page 217.

◆ Added the commands "aaa accounting commands" on page 219 and

"accounting commands" on page 225.

◆ Updated syntax for the command "show accounting" on page 228.

◆ Added the command "dot1x max-reauth-req" on page 248.

◆ Added the section "PPPoE Intermediate Agent" on page 262.

◆ Added the command "mac-learning" on page 272.

◆ Added the command "show port security" on page 275.

◆ Updated syntax for the command "ip dhcp snooping information option" on

page 299.

How to Use This Guide

– 6 –

◆ Added the commands "ip dhcp snooping information option encode no-

subtype" on page 300, "ip dhcp snooping information option remote-id" on

page 301, "ip dhcp snooping limit rate" on page 303, and "ip dhcp snooping

information option circuit-id" on page 305.

◆ Updated display output for the command "show ip dhcp snooping" on

page 308.

◆ Added the section "DHCPv6 Snooping" on page 309.

◆ Updated syntax for the commands "ip source-guard binding" on page 319 and

"ip source-guard max-binding" on page 323.

◆ Added the command "clear ip source-guard binding blocked" on page 323.

◆ Added the command "ip source-guard mode" on page 324.

◆ Updated syntax for the command "show ip source-guard binding" on

page 325.

◆ Added the section "IPv6 Source Guard" on page 326.

◆ Added “allow-zeros” parameter to the command "ip arp inspection validate" on

page 335.

◆ Updated command in the section "Denial of Service Protection" on page 340.

◆ Updated command in the section "Port-based Traffic Segmentation" on

page 346.

◆ Removed “redirect-to” interface options from all permit and deny commands in

the chapter "Access Control Lists" on page 351.

◆ Removed “tos” parameter from the command "permit, deny (Extended IPv4

ACL)" on page 354.

◆ Added “counter” parameter to the commands "ip access-group" on page 356,

"ipv6 access-group" on page 362 and "mac access-group" on page 369.

◆ Updated syntax for the command "permit, deny(MAC ACL)" on page 365.

◆ Added “log” parameter to the command "permit, deny (ARPACL)" on page 371.

◆ Added the command "clear access-list hardware counters" on page 373, and

added “hardware counters” parameter to the command "show access-list" on

page 374.

◆ Removed the “symmetric” parameter from the command "capabilities" on

page 379.

How to Use This Guide

– 7 –

◆ Added the command "media-type" on page 382.

◆ Removed the command “giga-phy-mode” from the chapter "Interface

Commands" on page 377.

◆ Updated display output for the command "show interfaces status" on

page 388.

◆ Added the section "Transceiver Threshold Configuration" on page 390.

◆ Added the command "port-channel load-balance" on page 404, "lacp timeout"

on page 411, and "show port-channel load-balance" on page 415.

◆ Added the commands "power mainpower maximum allocation" on page 418

and "show power mainpower" on page 424.

◆ Removed the command “show power poe” from the chapter "Power over

Ethernet Commands" on page 417.

◆ Updated syntax for the command "port monitor" on page 425.

◆ Reduced the maximum number of mirror sessions from two to one for all

relevant local mirror and remote mirror commands in the chapter "Port

Mirroring Commands" on page 425.

◆ Addedthe chapter "Loopback Detection Commands" on page 453.

◆ Added the command "spanning-tree system-bpdu-flooding" on page 472.

◆ Updated syntax for the command "spanning-tree bpdu-guard" on page 478.

◆ Updated syntax for the command "spanning-tree loopback-detection action"

on page 482.

◆ Added the command "spanning-tree port-bpdu-flooding" on page 486.

◆ Added the command "spanning-tree tc-prop-stop" on page 488.

◆ Updated syntax for the command "show spanning-tree" on page 490.

◆ Added the command "switchport dot1q-tunnel service match cvid" on

page 518.

◆ Updated syntax and display output for the command "show dot1q-tunnel" on

page 520.

◆ Added the section "Configuring L2CP Tunneling" on page 521.

◆ Added the “priority” parameter to the command "protocol-vlan protocol-group

(Configuring Interfaces)" on page 527.

How to Use This Guide

– 8 –

◆ Added the “mask” parameter to the command "mac-vlan" on page 532.

◆ Added the “match-all” option to the command "class-map" on page 554.

◆ Updated syntax for the command "match" on page 556.

◆ Updated range for "Quality of Service Commands" on page 553.

◆ Added the command "ip igmp snooping priority" on page 574.

◆ Added the commands "clear ip igmp snooping groups dynamic" on page 588

and "clear ip igmp snooping statistics" on page 589.

◆ Updated syntax for the command "show ip igmp snooping" on page 589 and

"show ip igmp snooping group" on page 590.

◆ Added the commands "ip igmp authentication" on page 599, "ip igmp query-

drop" on page 603, "ip multicast-data-drop" on page 603, "show ip igmp

authentication" on page 604, "show ip igmp query-drop" on page 606, and

"show ip multicast-data-drop" on page 607.

◆ Added the sections "MLD Snooping" on page 608 and "MLD Filtering and

Throttling" on page 621.

◆ Replaced command set for "Multicast VLAN Registration for IPv4" on page 630.

◆ Added the section "Multicast VLAN Registration for IPv6" on page 654.

◆ Added the command "lldp dot3-tlv mac-phy" on page 684.

◆ Removed the command “ipv6 dhcp client rapid-commit vlan” from the section

"DHCP for IPv6" on page 716.

◆ Updated syntax for the command "ip address" on page 724.

◆ Added the command "traceroute6" on page 752.

◆ Added the command "ipv6 nd raguard" on page 757 and "show ipv6 nd

raguard" on page 759.

◆ Added the section "ND Snooping" on page 761.

◆ Added the command "ip sw-route" on page 772.

September 2014 Revision

This is the second version of this guide. This guide is valid for software release

v4.0.1.0-04R. It contains the following changes:

◆ Updated syntax description for the command "snmp-server user" on page 183.

How to Use This Guide

– 9 –

◆ Added the command "clear ip dhcp snooping binding" on page 307.

◆ Updated description for the command "spanning-tree bpdu-filter" on

page 477.

◆ Updated usage information for the command "spanning-tree port-priority" on

page 486.

◆ Updated syntax for the command "switchport trunk allowed vlan" on page 509.

◆ Updated syntax for the command "switchport trunk native vlan" on page 510.

◆ Added the commands "switchport trunk allowed vlan" on page 509 and

"switchport trunk native vlan" on page 510.

◆ Updated configuration procedure for protocol-based VLANs. See "Configuring

Protocol-based VLANs" on page 525.

◆ Updated command usage for "subnet-vlan" on page 530.

◆ Updated command usage for "mac-vlan" on page 532.

◆ Updated usage information for the command "voice vlan aging" on page 535.

◆ Updated usage information for the command "show voice vlan" on page 539.

◆ Added the command "show lldp neighbors" on page 696.

◆ Updated display text for the command “show cdp neighbors detail” on

page 703.

◆ Changed default setting for the command "ip dhcp client class-id" on page 714.

◆ Removed the command “show ip dhcp client-identifier” on page 542.

◆ Updated output display for the command "show ip interface" on page 727.

March 2014 Revision

This is the first version of this guide. This guide is valid for software release

v4.0.0.0-02R.

How to Use This Guide

– 10 –

– 11 –

Contents

How to Use This Guide 3

Contents 11

Figures 41

Tables 43

Section I Getting Started 49

1 Initial Switch Configuration 51

Connecting to the Switch 51

Configuration Options 51

Connecting to the Console Port 52

Logging Onto the Command Line Interface 53

Setting Passwords 53

Remote Connections 54

Configuring the Switch for Remote Management 55

Using the Network Interface 55

Setting an IP Address 55

Enabling SNMP Management Access 61

Managing System Files 63

Upgrading the Operation Code 64

Saving or Restoring Configuration Settings 65

Automatic Installation of Operation Code and Configuration Settings 66

Downloading Operation Code from a File Server 66

Specifying a DHCP Client Identifier 69

Downloading a Configuration File Referenced by a DHCP Server 69

Setting the System Clock 71

Setting the Time Manually 72

Configuring SNTP 72

Contents

– 12 –

Configuring NTP 73

Section II Command Line Interface 75

2 Using the Command Line Interface 77

Accessing the CLI 77

Console Connection 77

Telnet Connection 78

Entering Commands 79

Keywords and Arguments 79

Minimum Abbreviation 79

Command Completion 79

Getting Help on Commands 80

Partial Keyword Lookup 82

Negating the Effect of Commands 82

Using Command History 82

Understanding Command Modes 82

Exec Commands 83

Configuration Commands 83

Command Line Processing 85

CLI Command Groups 86

3 General Commands 89

prompt 89

reload (Global Configuration) 90

enable 91

quit 92

show history 92

configure 93

disable 94

reload (Privileged Exec) 94

show reload 95

end 95

exit 95

Contents

– 13 –

4 System Management Commands 97

Device Designation 97

hostname 98

System Status 98

show access-list tcam-utilization 99

show memory 100

show process cpu 100

show running-config 101

show startup-config 102

show system 103

show tech-support 104

show users 105

show version 106

show watchdog 107

watchdog software 107

Frame Size 107

jumbo frame 107

File Management 108

General Commands 109

boot system 109

copy 110

delete 113

dir 114

whichboot 115

Automatic Code Upgrade Commands 115

upgrade opcode auto 115

upgrade opcode path 117

upgrade opcode reload 118

show upgrade 118

TFTP Configuration Commands 118

ip tftp retry 118

ip tftp timeout 119

show ip tftp 119

Line 120

line 121

Contents

– 14 –

databits 121

exec-timeout 122

login 123

parity 124

password 124

password-thresh 125

silent-time 126

speed 127

stopbits 127

timeout login response 128

disconnect 129

terminal 129

show line 130

Event Logging 131

logging facility 131

logging history 132

logging host 133

logging on 133

logging trap 134

clear log 135

show log 135

show logging 136

SMTP Alerts 138

logging sendmail 138

logging sendmail host 138

logging sendmail level 139

logging sendmail destination-email 140

logging sendmail source-email 140

show logging sendmail 141

Time 141

SNTP Commands 142

sntp client 142

sntp poll 143

sntp server 144

show sntp 144

Contents

– 15 –

NTP Commands 145

ntp authenticate 145

ntp authentication-key 146

ntp client 147

ntp server 147

show ntp 148

Manual Configuration Commands 149

clock summer-time (date) 149

clock summer-time (predefined) 150

clock summer-time (recurring) 151

clock timezone 153

calendar set 153

show calendar 154

Time Range 155

time-range 155

absolute 156

periodic 157

show time-range 158

Switch Clustering 158

cluster 159

cluster commander 160

cluster ip-pool 161

cluster member 161

rcommand 162

show cluster 163

show cluster members 163

show cluster candidates 163

Adopt Device 164

controller hello-interval adjacency-hold-time 166

controller host ip address 166

adoptd upgrade 167

debug adoption 168

no adoption 168

show adoption debug 168

show adoption history 169

Contents

– 16 –

show adoption status 170

5 SNMP Commands 171

General SNMP Commands 173

snmp-server 173

snmp-server community 173

snmp-server contact 174

snmp-server location 175

show snmp 175

SNMP Target Host Commands 176

snmp-server enable traps 176

snmp-server host 177

snmp-server enable port-traps mac-notification 179

show snmp-server enable port-traps 180

SNMPv3 Commands 181

snmp-server engine-id 181

snmp-server group 182

snmp-server user 183

snmp-server view 185

show snmp engine-id 186

show snmp group 186

show snmp user 187

show snmp view 188

Notification Log Commands 189

nlm 189

snmp-server notify-filter 190

show nlm oper-status 191

show snmp notify-filter 191

Additional Trap Commands 192

memory 192

process cpu 192

6 Remote Monitoring Commands 195

rmon alarm 196

rmon event 197

rmon collection history 198

Contents

– 17 –

rmon collection rmon1 199

show rmon alarms 200

show rmon events 200

show rmon history 200

show rmon statistics 201

7 Authentication Commands 203

User Accounts and Privilege Levels 204

enable password 204

username 205

privilege 207

show privilege 207

Authentication Sequence 208

authentication enable 208

authentication login 209

RADIUS Client 210

radius-server acct-port 210

radius-server auth-port 211

radius-server host 211

radius-server key 212

radius-server retransmit 213

radius-server timeout 213

show radius-server 214

TACACS+ Client 214

tacacs-server host 215

tacacs-server key 215

tacacs-server port 216

tacacs-server retransmit 216

tacacs-server timeout 217

show tacacs-server 217

AAA 218

aaa accounting commands 219

aaa accounting dot1x 220

aaa accounting exec 220

aaa accounting update 221

Contents

– 18 –

aaa authorization commands 222

aaa authorization exec 223

aaa group server 224

server 224

accounting dot1x 225

accounting commands 225

accounting exec 226

authorization commands 227

authorization exec 227

show accounting 228

Web Server 229

ip http port 229

ip http server 230

ip http secure-port 230

ip http secure-server 231

Telnet Server 232

ip telnet max-sessions 233

ip telnet port 233

ip telnet server 234

show ip telnet 234

Secure Shell 234

ip ssh authentication-retries 237

ip ssh server 238

ip ssh server-key size 239

ip ssh timeout 239

delete public-key 240

ip ssh crypto host-key generate 240

ip ssh crypto zeroize 241

ip ssh save host-key 242

show ip ssh 242

show public-key 243

show ssh 244

802.1X Port Authentication 244

General Commands 245

dot1x default 245

Contents

– 19 –

dot1x eapol-pass-through 246

dot1x system-auth-control 247

Authenticator Commands 247

dot1x intrusion-action 247

dot1x max-reauth-req 248

dot1x max-req 248

dot1x operation-mode 249

dot1x port-control 250

dot1x re-authentication 250

dot1x timeout quiet-period 251

dot1x timeout re-authperiod 251

dot1x timeout supp-timeout 252

dot1x timeout tx-period 252

dot1x re-authenticate 253

Supplicant Commands 254

dot1x identity profile 254

dot1x max-start 254

dot1x pae supplicant 255

dot1x timeout auth-period 256

dot1x timeout held-period 256

dot1x timeout start-period 257

Information Display Commands 257

show dot1x 257

Management IP Filter 260

management 260

show management 261

PPPoE Intermediate Agent 262

pppoe intermediate-agent 263

pppoe intermediate-agent format-type 263

pppoe intermediate-agent port-enable 264

pppoe intermediate-agent port-format-type 265

pppoe intermediate-agent port-format-type remote-id-delimiter 266

pppoe intermediate-agent trust 266

pppoe intermediate-agent vendor-tag strip 267

clear pppoe intermediate-agent statistics 267

Contents

– 20 –

show pppoe intermediate-agent info 268

show pppoe intermediate-agent statistics 269

8 General Security Measures 271

Port Security 272

mac-learning 272

port security 273

show port security 275

Network Access (MAC Address Authentication) 277

network-access aging 278

network-access mac-filter 278

mac-authentication reauth-time 279

network-access dynamic-qos 280

network-access dynamic-vlan 281

network-access guest-vlan 282

network-access link-detection 282

network-access link-detection link-down 283

network-access link-detection link-up 283

network-access link-detection link-up-down 284

network-access max-mac-count 284

network-access mode mac-authentication 285

network-access port-mac-filter 286

mac-authentication intrusion-action 287

mac-authentication max-mac-count 287

clear network-access 288

show network-access 288

show network-access mac-address-table 289

show network-access mac-filter 290

Web Authentication 290

web-auth login-attempts 291

web-auth quiet-period 292

web-auth session-timeout 292

web-auth system-auth-control 293

web-auth 293

web-auth re-authenticate (Port) 294

Page is loading ...

Extreme Networks EX-3524/EX-3548, EX3524/EX3548 Owner's manual

Related papers

Other documents