Fortinet MR1 - Manual

25 1.3 Front-Panel Components The front panel of the switch consists of 48 1-Giga interfaces, 4 LED indicators, an RS-232 communication port, and two SFP (Mini-GBIC) Combo ports. 4 LEDs divided into two parts. 2 LED indicators on the upper display the status and power the switch. 2 LED indicators on...

26 1.6 Management Options The system may be managed out-of-band through the console port on the front panel or in-band using Telnet, a Web Browser, or SNMP. 1.7 Web-based Management Interface After you have successfully installed the switch, you can configure the switch, monitor the LED panel, and d...

28 2 Installation and Quick Startup 2.1 Package Contents Before you begin installing the switch, confirm that your package contains the following items: • One Fortinet FortiSwitch-100 Ethernet switch • Mounting kit: 2 mounting brackets and screws • Four rubber feet with adhesive backing • One AC pow...

29 2.2.2 Installing the Switch in a Rack You can install the switch in most standard 19-inch (48.3-cm) racks. Refer to the illustrations below. 1. Use the supplied screws to attach a mounting bracket to each side of the switch. 2. Align the holes in the mounting bracket with the holes in the rack. 3...

30 2.3 Quick Starting the Switch 1. Read the device Installation Guide for the connectivity procedure. In-band connectivity allows access to the FortiSwitch- 100 switch locally or from a remote workstation. The device must be configured with IP information (IP address, subnet mask, and default gatew...

31 show Interface status { < slot / port > | all } Displays the Ports slot/port Type - Indicates if the port is a special type of port Admin Mode - Selects the Port Control Administration State Physical Mode - Selects the desired port speed and duplex mode Physical Status - Indicates the port ...

32 confirmed password match a message will be displayed. The user password should not be more than eight characters in length. copy running-config startup-config [ filename ] This will save passwords and all other changes to the device. If you do not save the running config, all changes will be lost...

33 show ip interface Displays the Network Configurations IP Address - IP Address of the interface Default IP is 0.0.0.0 Subnet Mask - IP Subnet Mask for the interface Default is 0.0.0.0 Default Gateway - The default Gateway for this interface Default value is 0.0.0.0 Burned in MAC Address - The Burn...

35 copy running-config startup-config [filename] Enter yes when the prompt pops up that asks if you want to save the configurations made to the switch. reload Enter yes when the prompt pops up that asks if you want to reset the system. You can reset the switch or cold boot the switch; both work effe...

36 ---------- -------------------------------- -------------- ------- ----------- Total: 5 files. Note whether there is one file with the file type “Operation Code” or two (as in the example above). If there are two “Operation Code” files, you must first delete the oldest image file using the follow...

37 Note : When configuring a static IP address, you must also configure a default gateway. Use the following commands, substituting the appropriate default gateway address for the example: (FortiSwitch-100_238) (if-vlan 1)#exit (FortiSwitch-100_238) (Config)#ip default-gateway 172.18.20.1 (FortiSwit...

38 ---------- -------------------------------- -------------- ------- ----------- 2007/05/14 b4b-b-0.2.0514.biz Boot-Rom image Y 127648 2007/11/20 default.cfg Config File N 28701 2008/04/03 lb4w-r-1.04.0403.img Operation Code Y 8034434 2008/08/19 lb4w-r-1.08.0819.img Operation Code N 8039249 2008/05...

40 Figure 3-1: Console Setting Environment 2.6 Set Up your Switch Using Telnet Access Once you have set an IP address for your switch, you can use a Telnet program (in a VT-100 compatible terminal mode) to access and control the switch. Most of the screens are identical, whether accessed from the co...

41 3 Web-Based Management Interface 3.1 Overview The Fortinet FortiSwitch-100 Managed Switch provides a built-in browser interface that lets you configure and manage it remotely using a standard Web browser such as Microsoft Internet Explorer 5.0 or later or Netscape Navigator 6.0 or later. This int...

42 4. Type the default user name of admin and default of no password, or whatever password you have set up. Once you have entered your access point name, your Web browser automatically finds the FortiSwitch-100 Managed Switch and display the home page, as shown below. 3.3 Web-Based Management Menu F...

46 4 Command Line Interface Structure and Mode-based CLI The Command Line Interface (CLI) syntax, conventions, and terminology are described in this section. Each CLI command is illustrated using the structure outlined below. 4.1 CLI Command Format Commands are followed by values, parameters, or bot...

49 5 Switching Commands 5.1 System Information and Statistics commands 5.1.1 show arp This command displays connectivity between the switch and other devices. The Address Resolution Protocol (ARP) cache identifies the MAC addresses of the IP stations communicating with the switch. Syntax show arp De...

50 show calendar Default Setting None Command Mode Privileged Exec Display Message Current Time displays system time 5.1.3 show eventlog This command displays the event log, which contains error messages from the system. The event log is not cleared on a system reset. Syntax show eventlog [unit] uni...

51 5.1.4 show running-config This command is used to display/capture the current setting of different protocol packages supported on switch. This command displays/captures only commands with settings/configurations with values that differ from the default value. The output is displayed in script for...

52 Privileged Exec Display Message System Description: The text used to identify this switch. System Name: The name used to identify the switch. System Location: The text used to identify the location of the switch. May be up to 31 alpha-numeric characters. The factory default is blank. System Conta...

53 5.1.7 show loginsession This command displays current telnet and serial port connections to the switch. Syntax show loginsession Default Setting None Command Mode Privileged Exec Display Message ID: Login Session ID User Name: The name the user will use to login using the serial port or Telnet. A...

54 <slot/port> - is the desired interface number. all - This parameter displays information for all interfaces. Default Setting None Command Mode Privileged Exec Display Message Intf: The physical slot and physical port. Type: If not blank, this field indicates that this port is a special type...

59 Receive Packets Discarded: The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. A possible reason for discarding a packet could be to free up buffer space. Octets Transmitted: The tot...

60 Display Message Packets Received Without Error: The total number of packets (including broadcast packets and multicast packets) received by the processor. Broadcast Packets Received: The total number of packets received that were directed to the broadcast address. Note that this does not include ...

61 speed-duplex {10 | 100} {full-duplex | half-duplex} 100 - 100BASE-T 10 - 10BASE-T full-duplex - Full duplex half-duplex - Half duplex Default Setting None Command Mode Interface Config This command is used to set the speed and duplex mode for all interfaces. Syntax speed-duplex all {10 | 100} {fu...

62 negotiate no negotiate no - This command disables automatic negotiation on a port. Default Setting Enable Command Mode Interface Config This command enables automatic negotiation on all interfaces. The default value is enabled. Syntax negotiate all no negotiate all all - This command represents a...

63 no capabilities {{10 | 100 } {full-duplex | half-duplex}} | {1000 full-duplex } 10 - 10BASE-T 100 - 100BASE-T 1000 - 1000BASE-T full-duplex - Full duplex half-duplex - Half duplex no - This command removes the advertised capability with using parameter. Default Setting 10 half-duplex, 10 full-dup...

64 Note: This command only applies to full-duplex mode ports. Syntax storm-control flowcontrol no storm-control flowcontrol no - This command disables 802.3x flow control for the switch. Default Setting Disabled Command Mode Global Config This command enables 802.3x flow control for the specific int...

70 Syntax mac-address-table aging-time <10-1000000> no mac-address-table aging-time <10-1000000> <10-1000000> - aging-time (Range: 10-1000000) in seconds no - This command sets the forwarding database address aging timeout to 300 seconds. Default Setting 300 Command Mode Global Con...

71 5.2.3.2 show vlan id This command displays detailed information, including interface information, for a specific VLAN. Syntax show vlan {id <vlanid> | name <vlanname>} <vlanid> - VLAN ID (Range: 1 – 3965) <vlanname> - vlan name (up to 16 alphanumeric characters) Default Se...

73 Command Mode Privileged Exec Display Message Slot/port: Indicates by slot id and port number which port is controlled by the fields on this line. It is possible to set the parameters for all ports by using the selectors on the top line. Port VLAN ID: The VLAN ID that this port will assign to unta...

74 vlan <vlanid> [<name>] no vlan <vlanid> <vlanid> - VLAN ID (Range: 2 –3965). <name> - Configure an optional VLAN Name (a character string of 1 to 32 alphanumeric characters). no - This command deletes an existing VLAN. The ID is a valid VLAN identification number (ID...

75 5.2.3.8 vlan makestatic This command changes a dynamically created VLAN (one that is created by GVRP registration) to a static VLAN (one that is permanently configured and defined). The ID is a valid VLAN identification number. VLAN range is 2-3965. Syntax vlan makestatic <vlanid> <vlani...

77 interface VLAN ID for this port. With either option, VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q VLAN Specification. Default Setting Admit all Command Mode Global Config 5.2.3.11 switchport ingress-filtering This command enables ingress filtering. If ingress filtering is d...

78 no switchport ingress-filtering all all - All interfaces. no - This command disables ingress filtering for all ports. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are membe...

79 <vlanid> - VLAN ID (Range: 1 –3965). all - All interfaces. no - This command sets the VLAN ID for all interfaces to 1. Default Setting 1 Command Mode Global Config 5.2.3.13 switchport allowed vlan This command configures the degree of participation for a specific interface in a VLAN. The ID...

80 switchport allowed vlan {add {tagged | untagged} | remove} all <vlanid> <vlanid> - VLAN ID (Range: 1 –3965). all - All interfaces. add - The interface is always a member of this VLAN. This is equivalent to registration fixed. tagged - all frames transmitted for this VLAN will be tagge...

81 This command configures the tagging behavior for all interfaces in a VLAN to be enabled. If tagging is enabled, traffic is transmitted as tagged frames. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification number. Syntax switchport tagging all &...

82 This command configures the port priority assigned for untagged packets for all ports presently plugged into the device. Any subsequent per port configuration will override this configuration setting. Syntax switchport priority all <0-7> <0-7> - The range for the priority is 0-7. all ...

84 Default Setting None Command Mode Global Config This command adds the <protocol> to the protocol-based VLAN identified by <group-name>. A group may have more than one protocol associated with it. Each interface and protocol combination can only be associated with one group. If adding ...

85 Syntax switchport forbidden vlan {add | remove} <vlanid> no switchport forbidden <vlanid> - VLAN ID (Range: 1 –3965). add - VLAND ID to add. remove - VLAND ID to remove. no - Remove the list of forbidden VLANs. Default Setting None Command Mode Interface Config 5.2.4 GVRP and Bridge E...

86 5.2.4.2 show gvrp configuration This command displays Generic Attributes Registration Protocol (GARP) information for one or all interfaces. Syntax show gvrp configuration {<slot/port> | all} <slot/port> - An interface number. all - All interfaces. Default Setting None Command Mode Pr...

87 5.2.4.3 show gmrp configuration This command displays Generic Attributes Registration Protocol (GARP) information for one or All interfaces. Syntax show gmrp configuration {<slot/port> | all} <slot/port> - An interface number. all - All interfaces. Default Setting None Command Mode Pr...

89 5.2.4.6 bridge-ext gmrp This command enables GARP Multicast Registration Protocol (GMRP) on the system. The default value is disabled. Syntax bridge-ext gmrp no bridge-ext gmrp no - This command disables GARP Multicast Registration Protocol (GMRP) on the system. Default Setting Disabled Command M...

90 This command enables GVRP (GARP VLAN Registration Protocol) for all ports. Syntax switchport gvrp all no switchport gvrp all all - All interfaces. no - This command disables GVRP (GARP VLAN Registration Protocol) for all ports. If GVRP is disabled, Join Time, Leave Time, and Leave All Time have n...

91 Interface Config This command enables GMRP Multicast Registration Protocol on all interfaces. If an interface which has GMRP enabled is enabled for routing or is enlisted as a member of a port-channel (LAG), GMRP functionality will be disabled on that interface. GMRP functionality will subsequent...

95 Syntax garp timer leaveall all < 200-6000 > no garp timer leaveall all <200-6000> - leave time (Range: 200 – 6000) in centiseconds. all - All interfaces. no - This command sets how frequently Leave All PDUs are generated for all ports to 1000 centiseconds (10 seconds). Note: This comm...

98 Max Response Time This displays the amount of time the switch will wait after sending a query on an interface, participating in the VLAN, because it did not receive a report for a particular group on that interface. This value may be configured. Multicast Router Expiration Time If a query is not ...

99 Default Setting 260 seconds Command Mode Global Config, Interface Config ip igmp snooping interfacemode This command enables IGMP Snooping on a selected interface. If an interface which has IGMP Snooping enabled is enabled for routing or is enlisted as a member of a port-channel (LAG), IGMP Snoop...

100 all - All interfaces. no - This command disables IGMP Snooping on all interfaces. Default Setting Disabled Command Mode Global Config ip igmp snooping mcrtrexpiretime This command sets the Multicast Router Present Expiration time on the system. This is the amount of time in seconds that a switch...

101 <sec> - Max time (Range: 1 – 3599). no - This command sets the IGMP Maximum Response time on the system to 10 seconds. Default Setting 10 seconds Command Mode Global Config, Interface Config. ip igmp snooping immediate-leave This command enables or disables IGMP Snooping fast-leave admin m...

102 ip igmp snooping mrouter This command configures a selected interface as a multicast router interface. When configured as a multicast router interface, the interface is treated as a multicast router interface in all VLANs. Syntax ip igmp snooping mrouter interface no ip igmp snooping mrouter int...

103 Command Mode Interface Config. ip igmp snooping vlan static This command is used to add a port to a multicast group. Syntax ip igmp snooping vlan <vlanid> static <macaddr> interface <slot/port> <vlanid> - VLAN ID (Range: 1 – 3965). <macaddr> - Multicast group MAC ad...

104 Default Setting None Command Mode Vlan Database set igmp groupmembership-interval This command sets the IGMP Group Membership Interval on a particular VLAN. The Group Membership Interval time is the amount of time in seconds that a switch will wait for a report from a particular group on a parti...

105 Syntax set igmp maxresponse <1-3965> <1-3599> no set igmp maxresponse <1-3965> <1-3965> - VLAN ID (Range: 1 – 3965). no - This command sets the IGMP maximum response time on a particular VLAN to the default value. Default Setting 10 Command Mode Vlan Database set igmp mcr...

107 5.2.6 Port Channel 5.2.6.1 show port-channel This command displays the static capability of all port-channels (LAGs) on the device as well as a summary of individual port-channels. Syntax show port-channel Default Setting None Command Mode Privileged Exec Display Message For each port-channel th...

109 Command Usage 1. Max number of port-channels could be created by user are 6 and Max. Number of members for each port-channel are 8. 5.2.6.3 port-channel adminmode all This command sets every configured port-channel with the same administrative mode setting. Syntax port-channel adminmode all no p...

110 Default Setting Disabled Command Mode Interface Config 5.2.6.5 port-channel linktrap This command enables link trap notifications for the port-channel (LAG). The interface is a logical slot and port for a configured port-channel. The option all sets every configured port-channel with the same ad...

111 port-channel name {<logical slot/port> | all} <name> <logical slot/port> - Port-Channel Interface number. all - all Port-Channel interfaces. <name> - Configured Port-Channel name (up to 15 characters). Default Setting None Command Mode Global Config 5.2.6.7 adminmode This...

114 Syntax delete-channel-group <logical slot/port> all <logical slot/port> - Port-Channel Interface number. all - All members for specific Port-Channel. Default Setting None Command Mode Global Config 5.2.7 Storm Control 5.2.7.1 show storm-control This command is used to display broadca...

116 5.2.7.2 storm-control broadcast This command enables broadcast storm recovery mode on the selected interface. If the mode is enabled, broadcast storm recovery with high threshold is implemented. The threshold implementation follows a percentage pattern. If the broadcast traffic on any Ethernet p...

117 Disabled Command Mode GlobaI Config 5.2.7.3 storm-control multicast This command enables multicast storm recovery mode on the selected interface. Syntax storm-control multicast no storm-control multicast no - This command disables multicast storm recovery mode on the selected interface. Default ...

118 5.2.7.4 storm-control unicast This command enables unicast storm recovery mode on the selected interface. Syntax storm-control unicast no storm-control unicast no - This command disables unicast storm recovery mode on the selected interface. Default Setting None Command Mode Interface Config Thi...

119 5.2.7.5 switchport broadcast packet-rate This command will protect your network from broadcast storms by setting a threshold level for broadcast traffic on each port. Syntax switchport broadcast packet-rate {1 | 2 | 3 | 4} 1 - Threshold level represents 64 pps for 1G Port or 1042 pps for 10G por...

120 Level 4 Command Mode Global Config 5.2.7.6 switchport multicast packet-rate This command will protect your network from multicast storms by setting a threshold level for multicast traffic on each port. Syntax switchport multicast packet-rate {1 | 2 | 3 | 4} 1 - Threshold level represents 64 pps ...

121 all - This command represents all interfaces. Note: pps (packet per second) Default Setting Level 4 Command Mode Global Config 5.2.7.7 switchport unicast packet-rate This command will protect your network from unicast storms by setting a threshold level for unicast traffic on each port. Syntax s...

122 switchport unicast all packet-rate {1 | 2 | 3 | 4} 1 - Threshold level represents 64 pps for 1G Port or 1042 pps for 10G port. 2 - Threshold level represents 128 pps for 1G Port or 2084 pps for 10G port. 3 - Threshold level represents 256 pps for 1G Port or 3124 pps for 10G port. 4 - Threshold l...

123 5.2.8.2 queue cos-map This command is used to assign class of service (CoS) value to the CoS priority queue. Syntax queue cos-map <priority> <queue-id> no queue cos-map <queue-id> - The queue id of the CoS priority queue (Range: 0 - 7 ). <priority> - The CoS value that is...

124 Default Setting None Command Mode Privileged Exec Display Message Session ID: indicates the session ID. Admin Mode: indicates whether the Port Monitoring feature is enabled or disabled. The possible values are enabled and disabled. Probe Port: is the slot/port that is configured as the probe por...

125 Syntax no port-monitor Default Setting None Command Mode Global Config 5.2.9.3 port-monitor session mode This command configures the administration mode of port-monitoring function for a monitor session. Syntax port-monitor session <session-id> mode no port-monitor session <session-id&g...

126 Syntax show ip interface Default Setting None Command Mode Privileged Exec Display Message IP Address: The IP address of the interface. The factory default value is 0.0.0.0 Subnet Mask: The IP subnet mask for this interface. The factory default value is 0.0.0.0 Default Gateway: The default gatew...

129 Interface-Vlan Config Command Usage Once the IP address is set, the VLAN ID’s value will be assigned to management VLAN. 5.3.1.7 ip default-gateway This command sets the IP Address of the default gateway. Syntax ip default-gateway <gateway> no ip default-gateway < gateway > - IP addr...

130 <dhcp> - Obtains IP address from DHCP. <none> - Obtains IP address by setting configuration. Default Setting None Command Mode Interface-Vlan Config 5.3.1.9 ip filter This command is used to enable the IP filter function. Syntax ip filter no ip filter no – Disable ip filter. Default ...

131 Default Setting None Command Mode Global Config 5.3.1.10 ip ipv6 This command is used to enable the Ipv6 function on specific interface. Syntax ip ipv6 no ip ipv6 no - disable IPv6. Default Setting Enabled Command Mode Interface Config This command is used to enable the Ipv6 function on all inte...

132 Command Mode Global Config 5.3.2 Serial Interface Commands 5.3.2.1 show line console This command displays serial communication settings for the switch. Syntax show line console Default Setting None Command Mode Privileged Exec Display Message Serial Port Login Timeout (minutes): Specifies the t...

133 Syntax line console Default Setting None Command Mode Global Config 5.3.2.3 baudrate This command specifies the communication rate of the terminal interface. The supported rates are 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200. Syntax baudrate {1200 | 2400 | 4800 | 9600 | 19200 | 38400 | ...

135 <0-65535> - silent time (Range: 0 - 65535) in seconds. no - This command sets the maximum value to the default. Default Setting 0 Command Mode Line Config 5.3.3 Telnet Session Commands 5.3.3.1 telnet This command establishes a new outbound telnet connection to a remote host. Syntax telnet ...

136 Syntax show line vty Default Setting None Command Mode Privileged Exec Display Message Remote Connection Login Timeout (minutes): This object indicates the number of minutes a remote connection session is allowed to remain inactive before being logged off. A zero means there will be no timeout. ...

138 3 Command Mode Telnet Config 5.3.3.6 maxsessions This command specifies the maximum number of remote connection sessions that can be established. A value of 0 indicates that no remote connection can be established. The range is 0 to 5. Syntax maxsessions <0-5> no maxsessions <0-5> - ...

139 no - This command disables telnet sessions. If sessions are disabled, no new telnet sessions are established. Default Setting Enabled Command Mode Telnet Config 5.3.3.8 telnet sessions This command regulates new outbound telnet connections. If enabled, new outbound telnet sessions can be establi...

141 5.3.3.11 show telnet This command displays the current outbound telnet settings. Syntax show telnet Default Setting None Command Mode User Exec, Privileged Exec Display Message Outbound Telnet Login Timeout (in minutes) Indicates the number of minutes an outbound telnet session is allowed to rem...

142 Syntax show snmp Default Setting None Command Mode Privileged Exec Display Message SNMP Community Name: The community string to which this entry grants access. A valid entry is a case-sensitive alphanumeric string of up to 16 characters. Each row of this table must contain a unique community nam...

143 Authentication Flag: May be enabled or disabled. The factory default is enabled. Indicates whether authentication failure traps will be sent. Link Up/Down Flag: May be enabled or disabled. The factory default is enabled. Indicates whether link status traps will be sent. Multiple Users Flag: May ...

144 snmp-server location <loc> <loc> - range is from 1 to 31 alphanumeric characters. Default Setting None Command Mode Global Config 5.3.4.5 snmp-server contact This command sets the organization responsible for the network. The range for contact is from 1 to 31 alphanumeric characters....

147 <ro> - access mode is read-only. <rw> - access mode is read/write. Default Setting None Command Mode Global Config 5.3.4.7 snmp-server host This command sets a client IP address for an SNMP community. The address is the associated community SNMP packet sending address and is used alo...

151 5.3.5 SNMP Trap Commands 5.3.5.1 show snmptrap This command displays SNMP trap receivers. Trap messages are sent across a network to an SNMP Network Manager. These messages alert the manager to events occurring within the switch or on the network. Six trap receivers are simultaneously supported....

153 5.3.5.3 snmptrap <name> <ipaddr> This command adds an SNMP trap name. The maximum length of the name is 16 case-sensitive alphanumeric characters. Syntax snmptrap <name> <ipaddr> no snmptrap <name> <ipaddr> <name> - SNMP trap name (Range: up to 16 case-s...

154 Default Setting None Command Mode Global Config 5.3.5.5 snmptrap mode This command activates or deactivates an SNMP trap. Enabled trap receivers are active (able to receive traps). Disabled trap receivers are inactive (not able to receive traps). Syntax snmptrap mode <name> <ipaddr> ...

160 5.3.7.4 ip ssh maxsessions This command specifies the maximum number of SSH connection sessions that can be established. A value of 0 indicates that no ssh connection can be established. The range is 0 to 5. Syntax ip ssh maxsessions <0-5> no ip ssh maxsessions <0-5> - maximum number...

161 <1-160> - timeout interval in seconds. no - This command sets the SSH connection session timeout value, in minutes, to the default. Changing the timeout value for active sessions does not become effective until the session is reaccessed. Any keystroke will also activate the new timeout dur...

162 no ip dhcp client-identifier <text> - A text string. (Range: 1-15 characters). <hex> - The hexadecimal value (00:00:00:00:00:00). no - This command is used to restore to default value. Default Setting System Burned In MAC Address Command Mode Global Config 5.3.9 DHCP Relay Commands 5...

163 Server IP Address - IP address of the BOOTP/DHCP server or the IP address of the next BOOTP/DHCP Relay Agent. Circuit Id Option Mode - This is the Relay agent option which can be either enabled or disabled. When enabled Relay Agent options will be added to requests before they are forwarded to t...

164 Syntax bootpdhcprelay serverip <ipaddr> no bootpdhcprelay serverip <ipaddr> - A server IP address. no - This command is used to reset to the default value. Default Setting IP 0.0.0.0 Command Mode Global Config 5.4 Spanning Tree Commands This section provides detailed explanation of t...

165 None Command Mode Privileged Exec Display Message Bridge Priority: Configured value. Bridge Identifier: The MAC Address for the Bridge from which the Bridge Identifiers used by the Spanning Tree Algorithm and Protocol. Time Since Topology Change: In seconds. Topology Change Count: Number of time...

170 STP Mode: Indicate STP mode. Type: Currently not used. STP State: The forwarding state of the port in the specified spanning tree instance. Port Role: The role of the specified port within the spanning tree. 5.4.1.5 show spanning-tree summary This command displays spanning tree settings and para...

172 Syntax spanning-tree protocol-migration {<slot/port> | all} no spanning-tree protocol-migration {<slot/port> | all} <slot/port> - is the desired interface number. all - All interfaces. no - This command disables BPDU migration check on a given interface. The all option disables...

180 Interface Config 5.4.2.10 spanning-tree port mode This command sets the Administrative Switch Port State for this port to enabled. Syntax spanning-tree port mode no spanning-tree port mode no - This command sets the Administrative Switch Port State for this port to disabled. Default Setting Disa...

181 5.4.2.11 spanning-tree edgeport This command specifies that this port is an Edge Port within the common and internal spanning tree. This will allow this port to transition to Forwarding State without delay. Syntax spanning-tree edgeport no spanning-tree edgeport no - This command specifies that ...

183 Syntax show logging traplogs Default Setting None Command Mode Privileged Exec Display Message Number of Traps since last reset: The number of traps that have occurred since the last reset of this device. Trap Log Capacity: The maximum number of traps that could be stored in the switch. Log: The...

184 5.5.4 Configuration Commands 5.5.4.1 logging buffered This command enables logging to in-memory log where up to 128 logs are kept. Syntax logging buffered no logging buffered no - This command disables logging to in-memory log. Default Setting None Command Mode Privileged Exec This command enabl...

185 5.5.4.2 logging console This command enables logging to the console. Syntax logging console [<severitylevel> | <0-7>] no logging console [<severitylevel> | <0-7>] - The value is specified as either an integer from 0 to 7 or symbolically through one of the following keywor...

187 Privileged Exec 5.5.4.4 logging syslog This command enables syslog logging. Syntax logging syslog no logging syslog no - Disables syslog logging. Default Setting None Command Mode Privileged Exec This command sets the local port number of the LOG client for logging messages. . Syntax logging sys...

188 Command Mode Privileged Exec 5.5.4.5 clear logging buffered This command clears all in-memory log. Syntax clear logging buffered Default Setting None Command Mode Privileged Exec 5.6 Script Management Commands 5.6.1 script apply This command applies the commands in the configuration script to th...

190 Default Setting None Command Mode Privileged Exec 5.6.4 script show This command displays the content of a script file. Syntax script show <scriptname> <scriptname> - Name of the script file. Default Setting None Command Mode Privileged Exec 5.7 User Account Management Commands 5.7.1...

191 Syntax show users Default Setting None Command Mode Privileged Exec Display Message User Name: The name the user will use to login using the serial port, Telnet or Web. A new user may be added to the switch by entering a name in a blank entry. The user name may be up to eight characters, and is ...

192 no username <username> <username> - is a new user name (Range: up to 8 characters). no - This command removes a user name created before. Note: The admin user account cannot be deleted. nopassword - This command sets the password of an existing operator to blank. When a password is c...

193 Global Config 5.7.2.3 username snmpv3 encryption This command specifies the encryption protocol and key to be used for the specified login user. The valid encryption protocols are none or des . The des protocol requires a key , which can be specified on the command line. The key may be up to 16 ...

194 Syntax show users authentication Default Setting None Command Mode Privileged Exec Display Message User: This field lists every user that has an authentication login list assigned. System Login: This field displays the authentication login list assigned to the user for system login. 802.1x: This...

195 5.8.1.3 show authentication users This command displays information about the users assigned to the specified authentication login list. If the login is assigned to non-configured users, the user “default” will appear in the user column. Syntax show authentication users <listname> <list...

196 5.8.1.5 show dot1x detail This command is used to show a summary of the global dot1x configuration and the detailed dot1x configuration for a specified port. Syntax show dot1x detail <slot/port> <slot/port> - is the desired interface number. Default Setting None Command Mode Privileg...

197 5.8.1.6 show dot1x statistics This command is used to show a summary of the global dot1x configuration and the dot1x statistics for a specified port. Syntax show dot1x statistics <slot/port> <slot/port> - is the desired interface number. Default Setting None Command Mode Privileged E...

199 None Command Mode Privileged Exec Display Message User: Users configured locally to have access to the specified port. 5.8.1.9 show radius-servers This command is used to display items of the configured RADIUS servers. Syntax show radius-servers Default Setting None Command Mode Privileged Exec ...

200 Command Mode Privileged Exec Display Message Current Server IP Address: Indicates the configured server currently in use for authentication Number of configured servers: The configured IP address of the authentication server Number of retransmits: The configured value of the maximum number of ti...

201 Requests: The number of RADIUS Accounting-Request packets sent to this accounting server. This number does not include retransmissions. Retransmission: The number of RADIUS Accounting-Request packets retransmitted to this RADIUS accounting server. Responses: The number of RADIUS packets received...

202 Access Requests: The number of RADIUS Access-Request packets sent to this server. This number does not include retransmissions. Access Retransmission: The number of RADIUS Access-Request packets retransmitted to this RADIUS authentication server. Access Accepts: The number of RADIUS Access-Accep...

205 None Command Mode Privileged Exec Display Message MAC address Statically locked MAC address. This command displays the source MAC address of the last packet that was discarded on a locked port. Syntax show port-security violation <slot/port> Default Setting None Command Mode Privileged Exe...

206 The value of local indicates that the user’s locally stored ID and password are used for authentication. The value of radius indicates that the user’s ID and password will be authenticated using the RADIUS server. The value of reject indicates that the user is never authenticated. The value of t...

207 <listname> - an authentication login list. Default Setting None Command Mode Global Config 5.8.2.3 username login This command assigns the specified authentication login list to the specified user for system login. The < username> must be a configured < username> and the < l...

208 5.8.3 Dot1x Configuration Commands 5.8.3.1 dot1x initialize This command begins the initialization sequence on the specified port. This command is only valid if the control mode for the specified port is 'auto'. If the control mode is not 'auto' an error will be returned. Syntax dot1x initialize...

209 5.8.3.3 dot1x login This command assigns the specified authentication login list to the specified user for 802.1x port security. The <user> parameter must be a configured user and the <listname> parameter must be a configured authentication login list. Syntax dot1x login <user>...

210 Global Config 5.8.3.5 dot1x user This command adds the specified user to the list of users with access to the specified port or all ports. The <username> parameter must be a configured user. Syntax dot1x user <user> {<slot/port> | all} no dot1x user <user> {<slot/port&...

212 5.8.3.7 dot1x max-req This command sets the maximum number of times the authenticator state machine on this port will transmit an EAPOL EAP Request/Identity frame before timing out the supplicant. The <1-10> value must be in the range 1 - 10. Syntax dot1x max-req <1-10> no dot1x max-...

213 5.8.3.9 dot1x re-reauthenticate This command begins the re-authentication sequence on the specified port. This command is only valid if the control mode for the specified port is 'auto'. If the control mode is not 'auto' an error will be returned. Syntax dot1x re-authenticate <slot/port> &...

214 server-timeout: Sets the value, in seconds, of the timer used by the authenticator state machine on this port to timeout the authentication server. The supp-timeout must be a value in the range 1 - 65535. Syntax dot1x timeout {quiet-period | reauth-period | server-timeout | supp-timeout | tx-per...

216 Default Setting None Command Mode Global Config 5.8.4.3 radius-sever key This command is used to configure the shared secret between the RADIUS client and the RADIUS accounting / authentication server. Depending on whether the 'auth' or 'acct' token is used, the shared secret will be configured ...

217 no radius-server retransmit <retries> - the maximum number of times (Range: 1 - 15). no - This command sets the maximum number of times a request packet is re-transmitted, when no response is received from the RADIUS server, to the default value, that is, 10. Default Setting 10 Command Mod...

218 Syntax radius-server msgauth <ipaddr> <ipaddr> - is a IP address. Default Setting None Command Mode Global Config 5.8.4.7 radius-server primary This command is used to configure the primary RADIUS authentication server for this RADIUS client. The primary server is the one that is use...

219 5.8.5 TACACS Configuration Commands 5.8.5.1 tacacs This command is used to enable /disable the TACACS function. Syntax tacacs no tacacs no - This command is used to disable the TACACS function. Default Setting Disabled Command Mode Global Config 5.8.5.2 tacacs mode This command is used to enable...

220 5.8.5.3 tacacs server-ip This command is used to configure the TACACS server IP address. Syntax tacacs server-ip <1-3> <ipaddr> no tacacs server-ip <1-3> <ipaddr> - An IP address. <1-3> - The valid value of index is 1, 2, and 3. no - This command is used to remove t...

221 Command Mode Global Config 5.8.5.5 tacacs key This command is used to configure the TACACS server shared secret key. Syntax tacacs key <1-3> no tacacs key <1-3> Note that the length of the secret key is up to 32 characters. <1-3> - The valid value of index is 1, 2, and 3. no - ...

222 Default Setting 5 Command Mode Global Config 5.8.5.7 tacacs timeout This command is used to configure the TACACS request timeout of an instance. Syntax tacacs timeout <1-3> <1-255> no tacacs timeout <1-3> <1-255> - max timeout (Range: 1 to 255). <1-3> - The valid va...

225 5.8.6.5 port-security mac-address move This command converts dynamically locked MAC addresses to statically locked addresses. Syntax port-security mac-address move Default Setting None Command Mode Interface Config 5.9 CDP (Cisco Discovery Protocol) Commands 5.9.1 Show Commands 5.9.1.1 show cdp ...

226 show cdp Default Setting None Command Mode Privileged Exec Display Message CDP Admin Mode: CDP enable or disable CDP Holdtime (sec): The length of time a receiving device should hold the FortiSwitch-100 CDP information before discarding it CDP Transmit Interval (sec): A period of the FortiSwitch...

227 5.9.1.3 show cdp traffic This command displays the CDP traffic counters information. Syntax show cdp traffic Default Setting None Command Mode Privileged Exec Display Message Incoming packet number: Received legal CDP packets number from neighbors. Outgoing packet number: Transmitted CDP packets...

228 5.9.2.2 cdp run This command is used to enable CDP on a specified interface. Syntax cdp run no cdp run no - This command is used to disable CDP on a specified interface. Default Setting Enabled Command Mode Interface Config This command is used to enable CDP for all interfaces. Syntax cdp run al...

229 5.9.2.3 cdp timer This command is used to configure an interval time (seconds) of the sending CDP packet. Syntax cdp timer <5-254> no cdp timer <5-254> - interval time (Range: 5 – 254). no - This command is used to reset the interval time to the default value. Default Setting 60 Comm...

230 5.10 SNTP (Simple Network Time Protocol) Commands 5.10.1 Show Commands 5.10.1.1 show sntp This command displays the current time and configuration settings for the SNTP client, and indicates whether the local time has been properly updated. Syntax show sntp Default Setting None Command Mode Priv...

232 5.10.2 Configuration Commands 5.10.2.1 sntp broadcast client poll-interval This command will set the poll interval for SNTP broadcast clients in seconds as a power of two where <poll-interval> can be a value from 6 to 16. Syntax sntp broadcast client poll-interval <6-10> no sntp broa...

234 no sntp unicast client poll-interval <6-10> - Polling interval. It's 2^(value) seconds where value is 6 to 10. no - This command will reset the poll interval for SNTP unicast clients to its default value. Default Setting The default value is 6. Command Mode Global Config 5.10.2.5 sntp unic...

235 Syntax sntp unicast client poll-retry <poll-retry> no sntp unicast client poll-retry < poll-retry> - Polling retry in seconds. The range is 0 to 10. no - This command will reset the poll retry for SNTP unicast clients to its default value. Default Setting The default value is 1. Comm...

236 Command Mode Global Config 5.10.2.8 sntp clock timezone This command sets the time zone for the switch’s internal clock. Syntax sntp clock timezone <name> <0-12> <0-59> {before-utc | after-utc} <name> - Name of the time zone, usually an acronym. (Range: 1-15 characters) &...

238 Command Mode Privileged Exec 5.11.1.4 clear logging buffered This command is used to clear the message log maintained by the switch. The message log contains system trace information. Syntax clear logging buffered Default Setting None Command Mode Privileged Exec 5.11.1.5 clear config This comma...

242 5.11.1.13 clear igmp snooping This command clears the tables managed by the IGMP Snooping function and will attempt to delete these entries from the Multicast Forwarding Database. Syntax clear igmp snooping Default Setting None Command Mode Privileged Exec 5.11.1.14 clear port-channel This comma...

244 None Command Mode Privileged Exec 5.11.1.18 clear tacacs This command is used to clear TACACS configuration. Syntax clear tacacs Default Setting None Command Mode Privileged Exec 5.11.2 copy This command uploads and downloads to/from the switch. Local URLs can be specified using tftp or xmodem. ...

248 <filename> - name of the configuration or image file. boot-rom - bootrom. config - configuration file. opcode - run time operation code. Default Setting None Command Mode Privileged Exec Display Message Column Heading Description date The date that the file was created. file name The name ...

249 5.11.6 boot-system This command is used to specify the file or image used to start up the system. Syntax boot-system {boot-rom | config | opcode} <filename> <filename> - name of the configuration or image file. boot-rom - bootrom. config - configuration file. opcode - run time operat...

250 Privileged Exec Ping on changing parameter value Syntax ping <host> count <0-20000000> [size <32-512>] ping <host> size <32-512> [count <0-20000000>] <ipaddr> - an IP address. <0-20000000> - number of pings (Range: 0 - 20000000). Note that 0 means ...

251 <1-255> - The maximum time to live used in outgoing probe packets. Default Setting None Command Mode Privileged Exec 5.11.9 logging cli-command This command enables the CLI command Logging feature. The Command Logging component enables the switch to log all Command Line Interface (CLI) com...

254 5.11.15 quit This command is used to exit a CLI session. Syntax quit Default Setting None Command Mode Privileged Exec 5.12 Differentiated Service Command Note: This Switching Command function can only be used on the QoS software version. This chapter contains the CLI commands used for the QOS D...

255 Note that the type of class - all, any, or acl - has a bearing on the validity of match criteria specified when defining the class. A class type of 'any' processes its match rules in an ordered sequence; additional rules specified for such a class simply extend this list. A class type of ‘acl’ o...

256 Syntax Diffserv Command Mode Global Config 5.12.1.2 no diffserv This command sets the DiffServ operational mode to inactive. While disabled, the DiffServ configuration is retained and can be changed, but it is not activated. When enabled, Diffserv services are activated. Syntax no diffserv Comma...

258 <class-map-name> is the name of an existing DiffServ class. Note: The class name 'default' is reserved and is not allowed here. This command may be issued at any time; if the class is currently referenced by one or more policies or by any other class, this deletion attempt shall fail. Comm...

261 echo, ftp, ftpdata, http, smtp, snmp, telnet, tftp, www . Each of these translates into its equivalent port number, which is used as both the start and end of a port range. To specify the match condition using a numeric notation, one layer 4 port number is required. The port number is an integer...

262 5.12.2.10 match ip precedence This command adds to the specified class definition a match condition based on the value of the IP Precedence field in a packet, which is defined as the high-order three bits of the Service Type octet in the IP header (the low-order five bits are not checked). The p...

263 Note: In essence, this the “free form” version of the IP DSCP/Precedence/TOS match specification in that the user has complete control of specifying which bits of the IP Service Type field are checked. Default None Command Mode Class-Map Config 5.12.2.12 match protocol This command adds to the s...

264 <ipaddr> specifies an IP address. < ipmask> specifies an IP address bit mask; note that although it resembles a standard subnet mask, this bit mask need not be contiguous. Default None Command Mode Class-Map Config 5.12.2.14 match srcl4port This command adds to the specified class de...

265 5.12.3 Policy Commands The 'policy' command set is used in DiffServ to define: Traffic Conditioning Specify traffic conditioning actions (policing, marking, shaping) to apply to traffic classes Service Provisioning Specify bandwidth and queue depth management requirements of service levels (EF, ...

266 5.12.3.2 drop This command specifies that all packets for the associated traffic stream are to be dropped at ingress. Syntax drop Command Mode Policy-Class-Map Config 5.12.3.3 redirect This command specifies that all incoming packets for the associated traffic stream are redirected to a specific...

267 5.12.3.4 conform-color This command is used to enable color-aware traffic policing and define the conform-color class maps used. Used in conjunction with the police command where the fields for the conform level (for simple, single-rate, and two-rate policing) are specified. The <class-map-na...

268 Policy-Class-Map Config Policy Type In 5.12.3.6 class This command creates an instance of a class definition within the specified policy for the purpose of defining treatment of the traffic class through subsequent policy attribute statements. Syntax class <classname> < classname> is...

271 policy-map rename <policyname> <newpolicyname> <policyname> - Old Policy name. <newpolicyname> - New policy name. Command Mode Global Config Policy Type In 5.12.4 Service Commands The 'service' command set is used in DiffServ to define: Traffic Conditioning Assign a DiffS...

274 Precedence, IP TOS, Protocol Keyword, Reference Class, Source IP Address, Source Layer 4 Port, Source MAC Address, and VLAN. Values This field displays the values of the Match Criteria. Excluded This field indicates whether this Match Criteria is excluded. If the Class Name is not specified, thi...

276 Mark IP Precedence Denotes the mark/re-mark value used as the IP Precedence for traffic matching this class. This is not displayed if either mark DSCP or policing is in use for the class under this policy. Policing Style This field denotes the style of policing, if any, used simple. Committed Ra...

277 Syntax show diffserv service <slot/port> in < slot/port> specifies a valid slot number and port number for the system. The direction parameter indicates the interface direction of interest. Default Setting None Command Mode Privileged EXEC Display Message DiffServ Admin Mode The curr...

278 DiffServ Admin Mode The current setting of the DiffServ administrative mode. An attached policy is only active on an interface while DiffServ is in an enabled mode. The following information is repeated for interface and direction (only those interfaces configured with an attached policy are sho...

280 Privileged EXEC Display Message The following information is repeated for each interface and direction (only those interfaces configured with an attached policy are shown): Interface The slot number and port number of the interface (slot/port). Operational Status The current operational status o...

281 5.13 ACL Command 5.13.1 Show Commands 5.13.1.1 show mac access-lists This command displays a MAC access list and all of the rules that are defined for the ACL. The <name> parameter is used to identify a specific MAC ACL to display. Syntax show mac access-list <name> <name> ACL ...

283 Default Setting None Command Mode Privileged EXEC Display Message Current number of ACLs The number of user-configured rules defined for this ACL. Maximum number of ACLs The maximum number of ACL rules. ACL ID The identifier of this ACL. Rule This displays the number identifier for each rule tha...

284 ACL Type This displays ACL type is IP or MAC. ACL ID This displays the ACL ID. Sequence Number This indicates the order of this access list relative to other access lists already assigned to this interface and direction. A lower number indicates higher precedence order. 5.13.2 Configuration Comm...

287 5.13.2.5 access-list This command creates an Access Control List (ACL) that is identified by the parameter. Syntax access-list {( <1-99> {deny | permit} <srcip> <srcmask>) | ( {<100-199> {deny | permit} {evry | {{icmp | igmp | ip | tcp | udp | <number>} <srcip>...

290 Command Mode Privileged EXEC, User EXEC Display Message The following information is repeated for each user priority. IP Precedence The IP Precedence value. Traffic Class The traffic class internal queue identifier to which the IP Precedence value is mapped. 5.14.1.3 show queue trust This comman...

291 5.14.1.4 show queue cos-queue This command displays the class-of-service queue configuration for the specified interface. The slot/port parameter is optional and is only valid on platforms that support independent per-port class of service mappings. If specified, the class-of-service queue confi...

294 None Command Mode Global Config. 5.14.2.3 queue trust This command sets the class of service trust mode of an interface. The mode can be set to trust one of the Dot1p (802.1p), IP Precedence. Syntax queue trust {dot1p | ip-precedence | ip-dscp} no queue trust no - This command sets the interface...

296 Syntax queue cos-queue min-bandwidth all <bw-0> <bw-1> … <bw-6> no queue cos-queue min-bandwidth all <bw-0> <bw-1> … <bw-6>- Each Valid range is (0 to 100) in increments of 5 and the total sum is less than or equal to 100. no - This command restores the defaul...

299 6 Routing Commands VLAN Routing You can configure the FortiSwitch-100 software with some ports supporting VLANs and some supporting routing. You can also configure the software to allow traffic on a VLAN to be treated as if the VLAN were a router port. When a port is enabled for bridgin g (defau...

300 Figure 1. VLAN Routing Example Network Diagram Step 1: Create Two VLANs The following code sequence shows an example of creating two VLANs , and next specifies the VLAN ID assigned to untagged frames received on the ports. config vlan database vlan 10 vlan 20 exit config interface 0/1 switchport...

302 6.1 Address Resolution Protocol (ARP) Commands 6.1.1 Show Commands 6.1.1.1 show ip arp This command displays the Address Resolution Protocol (ARP) cache. Syntax show ip arp Default Setting None Command Mode Privileged Exec Display Message Age Time: Is the time it takes for an ARP entry to age ou...

303 show ip arp brief Default Setting None Command Mode Privileged Exec Display Message Age Time: Is the time it takes for an ARP entry to age out. This value was configured into the unit. Age time is measured in seconds. Response Time: Is the time it takes for an ARP request timeout. This value was...

304 6.1.2 Configuration Commands 6.1.2.1 arp This command creates an ARP entry. The value for <ipaddress> is the IP address of a device on a subnet attached to an existing routing interface. The value for <macaddress> is a unicast MAC address for that device. Syntax arp <ipaddr> &l...

307 6.1.2.8 arp timeout This command configures the ARP entry ageout time. Syntax arp timeout <15-21600> no arp timeout <15-21600> - Represents the IP ARP entry ageout time in seconds. The range is 15 to 21600 seconds. no - This command configures the default ageout time for IP ARP entry...

308 show ip brief Default Setting None Command Mode Privileged Exec, User Exec Display Message Default Time to Live: The computed TTL (Time to Live) of forwarding a packet from the local router to the final destination. Routing Mode: Show whether the routing mode is enabled or disabled. IP Forwardin...

310 Command Mode Privileged Exec Display Message Total Number of Routes: The total number of routes. for each next hop Network Address: Is an IP address identifying the network on the specified interface. Subnet Mask: Is a mask of the network and host portion of the IP address for the router interfa...

311 Syntax show ip route entry <networkaddress> <networkaddress> - Is a valid network address identifying the network on the specified interface. Default Setting None Command Mode Privileged Exec Display Message Network Address: Is a valid network address identifying the network on the s...

312 Static: This field displays the static route preference value. OSPF Intra: This field displays the OSPF intra route preference value. OSPF Inter: This field displays the OSPF inter route preference value. OSPF Ext T1: This field displays the OSPF Type-1 route preference value. OSPF Ext T2: This ...

314 Syntax ip route <networkaddr> <subnetmask> [ <nexthopip> [<1-255 >] ] no ip route <networkaddr> <subnetmask> [ { <nexthopip> | <1-255 > } ] <ipaddr> - A valid IP address . <subnetmask> - A valid subnet mask. <nexthopip> - IP addre...

317 The default value is ethernet. Command Mode Interface Config Restrictions Routed frames are always Ethernet encapsulated when a frame is routed to a VLAN. 6.3 Open Shortest Path First (OSPF) Commands 6.3.1 Show Commands 6.3.1.1 show ip ospf This command displays information relevant to the OSPF ...

319 Syntax show ip ospf database Default Setting None Command Mode Privileged Exec, User Exec Display Messages Router ID Is a 32 bit dotted decimal number representing the LSDB interface. Area ID Is the IP address identifying the router ID. LSA Type The types are: router, network, ipnet sum, asbr su...

320 Router Priority A number representing the OSPF Priority for the specified interface. This is a configured value. Retransmit Interval A number representing the OSPF Retransmit Interval for the specified interface. This is a configured value. Hello Interval A number representing the OSPF Hello Int...

322 <ipaddr> - IP address of the neighbor. <slot/port> - Interface number. Default Setting None Command Mode Privileged Exec, User Exec Display Messages Interface Is the interface number. Router Id Is a 4-digit dotted-decimal number identifying neighbor router. Options An integer value t...

323 Syntax show ip ospf neighbor brief {<slot/port> | all} Default Setting None Command Mode Privileged Exec, User Exec Display Messages Router ID A 4 digit dotted decimal number representing the neighbor interface. IP Address An IP address representing the neighbor interface. Neighbor Interfa...

325 Syntax show ip ospf virtual-link <areaid> <neighbor> <areaid> - Area ID. <neighbor> - Neighbor's router ID. Default Setting None Command Mode Privileged Exec, User Exec Display Messages Area ID The area id of the requested OSPF area. Neighbor Router ID The input neighbor ...

327 None Command Mode Router OSPF Config 6.3.2.3 ip ospf This command enables OSPF on a router interface. Syntax ip ospf no ip ospf <no> - This command disables OSPF on a router interface. Default Setting Disabled Command Mode Interface Config 6.3.2.4 1583compatibility This command enables OSP...

328 Router OSPF Config 6.3.2.5 area default-cost This command configures the monetary default cost for the stub area. Syntax area <areaid> default-cost <1-16777215> <areaid> - Area ID <1-16777215> - The default cost value. The range is 1 to 16777215. Default Setting None Comm...

329 6.3.2.7 area nssa default-info-originate This command configures the metric value and type for the default route advertised into the NSSA. Syntax area <areaid> nssa default-info-originate [<1-16777215>] [{comparable | non-comparable}] <areaid> - Area ID. <1-16777215> - Th...

331 6.3.2.11 area nssa translator-stab-intv This command configures the translator stability interval of the NSSA. The <stabilityinterval> is the period of time that an elected translator continues to perform its duties after it determines that its translator status has been deposed by another...

332 Router OSPF Config 6.3.2.13 area stub This command creates a stub area for the specified area ID. A stub area is characterized by the fact that AS External LSAs are not propagated into the area. Removing AS External LSAs and Summary LSAs can significantly reduce the link state database of router...

333 Disabled Command Mode Router OSPF Config 6.3.2.15 area virtual-link authentication This command configures the authentication type and key for the OSPF virtual interface identified by <areaid> and <neighborid>. Syntax area <areaid> virtual-link <neighborid> authentication...

336 The default value of hello interval is 1 second. Command Mode Router OSPF Config 6.3.2.20 default-information originate This command is used to control the advertisement of default routes. Syntax default-information originate [always] [metric <1-16777215>] [metric-type {1 | 2}] no default-...

337 <1-16777215> - The range of default metric is 1 to 16777215. <no> - This command configures the default advertisement of default routes. Default Setting None Command Mode Router OSPF Config 6.3.2.22 distance ospf This command sets the route preference value of OSPF in the router. Low...

339 6.3.2.25 external-lsdb-limit This command configures the external LSDB limit for OSPF. If the value is -1, then there is no limit. When the number of non-default AS-external-LSAs in a router's link-state database reaches the external LSDB limit, the router enters overflow state. The router never...

340 Default Setting None Command Mode Interface Config 6.3.2.27 ip ospf authentication This command sets the OSPF Authentication Type and Key for the specified interface. The value of <type> is either none, simple or encrypt. If the type is encrypt a <keyid> in the range of 0 and 255 mus...

341 Syntax ip ospf cost <1-65535> no ip ospf cost < 1-65535 > - The range of the cost is 1 to 65535. <no> - This command configures the default cost on an OSPF interface. Default Setting The default cost value is 10. Command Mode Interface Config 6.3.2.29 ip ospf dead-interval This...

342 6.3.2.30 ip ospf hello -interval This command sets the OSPF hello interval for the specified interface. Syntax ip ospf hello-interval <1-65535> no ip ospf hello-interval < 1-65535 > - Is a valid positive integer, which represents the length of time in seconds. The value for the lengt...

343 Interface Config 6.3.2.32 ip ospf retransmit-interval This command sets the OSPF retransmit Interval for the specified interface. The retransmit interval is specified in seconds. Syntax ip ospf retransmit-interval <0-3600> no ip ospf retransmit-interval < 0-3600 > - The value is the ...

345 6.3.2.35 router-id This command sets a 4-digit dotted-decimal number uniquely identifying the router ospf id. Syntax router-id <ipaddress> < ipaddress > - IP Address. Default Setting None. Command Mode Router OSPF Config 6.3.2.36 redistribute This command configures OSPF protocol to ...

346 6.3.2.37 maximum-paths This command sets the number of paths that OSPF can report for a given destination where <maxpaths> is platform dependent. Syntax maximum-paths <1-1> no maximum-paths < 1-1 > - The maximum number of paths that OSPF can report for a given destination. The ...

350 <text> - A text string which length is 1 to 15. <hex> - A hex string which format is XX:XX:XX:XX:XX:XX (X is 0-9, A-F). Default Setting The default value for client-identifier is a text string "fortinet". Command Mode Global Config 6.5 Domain Name Server Relay Commands 6.5.1 ...

351 show dns Default Setting None Command Mode Privileged Exec Display Message Domain Lookup Status: Enable or disable the IP Domain Naming System (DNS)-based host name-to-address translation function. Default Domain Name: The default domain name that will be used for querying the IP address of a ho...

352 6.5.2 Configuration Commands 6.5.2.1 ip hosts This command creates a static entry in the DNS table that maps a host name to an IP address. Syntax ip host <name> <ipaddr> no ip host <name> <name> - Host name. <ipaddr> - IP address of the host. <no> - Remove the...

355 <no> - This command disables the IP Domain Naming System (DNS)-based host name-to-address translation. Default Setting None Command Mode Privileged Exec 6.5.2.7 clear domain-list This command clears all entries in the domain name list table. Syntax clear domain-list Default Setting None Co...

357 6.6 Routing Information Protocol (RIP) Commands 6.6.1 Show Commands 6.6.1.1 show ip rip This command displays information relevant to the RIP router. Syntax show ip rip Default Setting None Command Mode Privileged Exec Display Message RIP Admin Mode: Select enable or disable from the pulldown me...

359 Syntax show ip rip interface brief Default Setting None Command Mode Privileged Exec Display Message Interfacet: Valid slot and port number separated by a forward slash. IP Address: The IP source address used by the specified RIP interface. Send Version: The RIP version(s) used when sending upda...

360 6.6.2.2 ip rip This command enables RIP on a router interface. Syntax Ip rip no ip rip no - This command disables RIP on a router interface. Default Setting Disabled Command Mode Interface Config 6.6.2.3 auto-summary This command enables the RIP auto-summarization mode. Syntax auto-summary no au...

364 0 Command Mode Router RIP Config 6.6.2.10 redistribute This command configures RIP protocol to redistribute routes from the specified source protocol/routers. There are five possible match options. When you submit the command redistribute ospf match <matchtype> the match-type or types spec...

365 The value for authentication key [key] must be 16 bytes or less. The [key] is composed of standard displayable, non-control keystrokes from a Standard 101/102-key keyboard. If the value of <type> is encrypt, a keyid in the range of 0 and 255 must be specified. Syntax ip rip authentication ...

366 Default Setting Both Command Mode Interface Config 6.6.2.13 ip rip send version This command configures the interface to allow RIP control packets of the specified version to be sent. The value for <mode> is one of: rip1 to broadcast RIP version 1 formatted packets, rip1c (RIP version 1 co...

367 show ip irdp {slot/port | all} <slot/port> - Show router discovery information for the specified interface. <all> - Show router discovery information for all interfaces. Default Setting None Command Mode Privileged Exec, User Exec Display Message Ad Mode Displays the advertise mode w...

368 6.7.3 ip irdp broadcast This command configures the address to be used to advertise the router for the interface. Syntax ip irdp broadcast no ip irdp broadcast broadcast - The address used is 255.255.255.255. no - The address used is 224.0.0.1. Default Setting The default address is 224.0.0.1 Co...

370 6.7.7 ip irdp preference This command configures the preferability of the address as a default router address, relative to other router addresses on the same subnet. Syntax ip irdp preference < -2147483648-2147483647> no ip irdp preference < -2147483648-2147483647> - The range is -21...

371 Logical Interface Indicates the logical slot/port associated with the VLAN routing interface. IP Address Displays the IP Address associated with this VLAN. Subnet Mask Indicates the subnet mask that is associated with this VLAN. . 6.8.2 vlan routing This command creates routing on a VLAN. Syntax...

373 <vrid> - Virtual router ID. Default Setting None Command Mode Privileged Exec, User Exec Display Message VRID Represents the router ID of the virtual router. Primary IP Address This field represents the configured IP Address for the Virtual router. VMAC address Represents the VMAC address ...

374 Authentication Failure Represents the total number of VRRP packets received that don't pass the authentication check. IP TTL errors Represents the total number of VRRP packets received by the virtual router with IP TTL (time to live) not equal to 255. Zero Priority Packets Received Represents th...

375 ip vrrp <1-255> no ip vrrp <1-255> <1-255> - The range of virtual router ID is 1 to 255. <no> - This command removes all VRRP configuration details of the virtual router configured on a specific interface. Default Setting None Command Mode Interface Config 6.9.2.2 ip vrrp...

380 7 IP Multicast Commands 7.1 Distance Vector Multicast Routing Protocol (DVMRP) Commands This section provides a detailed explanation of the DVMRP commands. The commands are divided into the following different groups: Show commands are used to display device settings, statistics and other inform...

383 Default Setting None Command Mode Privileged Exec User EXEC Display Message Group IP This field identifies the multicast Address that is pruned. Source IP This field displays the IP Address of the source that has pruned. Source Mask This field displays the network Mask for the prune source. It s...

384 7.1.2 Configuration Commands 7.1.2.1 ip dvmrp This command sets administrative mode of DVMRP in the router to active. IGMP must be enabled before DVMRP can be enabled. Syntax ip dvmrp no ip dvmrp no - This command sets administrative mode of DVMRP in the router to inactive. IGMP must be enabled ...

385 7.2 Internet Group Management Protocol (IGMP) Commands This section provides a detailed explanation of the IGMP commands. The commands are divided into the following different groups: Show commands are used to display device settings, statistics and other information. Configuration commands are ...

386 show ip igmp groups <slot/ports> [detail] <slot/port> - Valid slot and port number separated by a forward slash. [detail] - Display details of subscribed multicast groups. Default Setting None Command Mode Privileged Exec Display Message IP Address This displays the IP address of the...

387 Privileged Exec User EXEC Display Message Slot/Port Valid slot and port number separated by a forward slash. IGMP Admin Mode This field displays the administrative status of IGMP. This is a configured value. Interface Mode This field indicates whether IGMP is enabled or disabled on the interface...

388 IInterface Valid slot and port number separated by a forward slash. Interface IP This displays the IP address of the interface participating in the multicast group. State This displays whether the interface has IGMP in Querier mode or Non-Querier mode. Group Compatibility Mode The group compatib...

389 Wrong Version Queries This field indicates the number of queries received whose IGMP version does not match the IGMP version of the interface. Number of Joins This field displays the number of times a group membership has been added on this interface. Number of Groups This field indicates the cu...

391 no - This command resets the Maximum Response Time being inserted into Group-Specific Queries sent in response to Leave Group messages on the interface to the default value. Default Setting 1 second Command Mode Interface Config 7.2.2.5 ip igmp query-interval This command configures the query in...

392 no - This command resets the maximum response time interval for the specified interface, which is the maximum query response time advertised in IGMPv2 queries on this interface to the default value. The maximum response time interval is reset to the default time. Default Setting 100 Command Mode...

393 no - This command resets the number of Queries sent out on startup, separated by the Startup Query Interval on the interface to the default value. Default Setting 2 Command Mode Interface Config 7.2.2.9 ip igmp startup-query-interval This command sets the interval between General Queries sent by...

394 Syntax show ip mcast Default Setting None Command Mode Privileged Exec Display Message Admin Mode: This field displays the administrative status of multicast. This is a configured value. Protocol State: This field indicates the current state of the multicast protocol. Possible values are Operati...

398 This command displays all the static routes configured in the static mcast table if is specified or displays the static route associated with the particular <sourceipaddr>. Syntax show ip mcast mroute static [<sourceipaddr>] < sourceipaddr > - the IP Address of the multicast da...

400 show mtrace Default Setting None Command Mode Privileged Exec Display Message Hops Away From Destination: The ordering of intermediate routers between the source and the destination. Intermediate Router Address: The address of the intermediate router at the specified hop distance. Mcast Protocol...

401 Disbale Command Mode Global Config 7.3.2.2 ip multicast staticroute This command creates a static route which is used to perform RPF checking in multicast packet forwarding. The combination of the <sourceipaddr> and the <mask > fields specify the network IP address of the multicast p...

402 The source parameter is used to clear the routes in the mroute table entries containing the specified <sourceipaddr > or < sourceipaddr > [groupipaddr] pair. The source address is the source IP address of the multicast packet. The group address is the Group Destination IP address of ...

405 7.3.2.8 mtrace This command is used to find the multicast path from a source to a receiver (unicast router ID of the host running mtrace). A trace query is passed hop-by-hop along the reverse path from the receiver to the source, collecting hop addresses, packet counts, and routing error conditi...

406 no disable ip multicast mdebug mtrace no - This command is used to enable the processing capability of mtrace query on this router. If the mode is enabled, the mtrace queries received by the router are processed and forwarded appropriately by the router. If the mode is disabled, this router does...

407 7.4.1.2 show ip pimdm interface This command displays the interface information for PIM-DM on the specified interface. Syntax show ip pimdm interface <slot/port> < slot/port > - Interface number. Default Setting None Command Mode Privileged Exec Display Message Interface Mode: This f...

408 Privileged Exec Display Message Interface: Valid slot and port number separated by a forward slash. IP Address: This field indicates the IP Address that represents the PIM-DM interface. Nbr Count: This field displays the neighbor count for the PIM-DM interface. Hello Interval: This field indicat...

409 Syntax ip pimdm no ip pimdm no - This command disables the administrative mode of PIM-DM in the router. IGMP must be enabled before PIM-DM can be enabled. Default Setting Disabled Command Mode Global Config 7.4.2.2 ip pimdm mode This command sets administrative mode of PIM-DM on an interface to ...

410 Syntax ip pimdm query-interval <10 - 3600> no ip pimdm query-interval <10 - 3600> - This is time interval in seconds. no - This command resets the transmission frequency of hello messages between PIM enabled neighbors to the default value. Default Setting 30 Command Mode Interface Co...

412 < slot/port > - Interface number. Default Setting None Command Mode Privileged Exec Display Message Slot/Port: Valid slot and port number separated by a forward slash. IP Address: This field indicates the IP address of the specified interface. Subnet Mask: This field indicates the Subnet M...

413 Subnet Mask: This field indicates the Subnet Mask of this PIM-SM interface. Designated Router: This indicates the IP Address of the Designated Router for this interface. Neighbor Count: This field displays the number of neighbors on the PIM-SM interface. 7.5.1.5 show ip pimsm neighbor This comma...

414 < group-mask > - the multicast group address mask. candidate - this command display PIM-SM candidate-RP table information. all - this command display all group addresses. Default Setting None Command Mode Privileged Exec Display Message Group Address: This field specifies the IP multicast ...

415 Group Mask: This field displays the group mask for the group address. 7.5.1.8 show ip pimsm staticrp This command displays the static RP information for the PIM-SM router. Syntax show ip pimsm staticrp Default Setting None Command Mode Privileged Exec Display Message Address: This field displays...

416 Disbaled Command Mode Global Config 7.5.2.2 ip pimsm message-interval This command is used to configure the global join/prune interval for PIM-SM router. The join/prune interval is specified in seconds. This parameter can be configured to a value from 10 to 3600. Syntax ip pimsm message-interval...

417 no - This command is used to reset the Threshold rate for the RP router to switch to the shortest path to the default value. Default Setting 50 Command Mode Global Config 7.5.2.4 ip pimsm spt-threshold This command is used to configure the Threshold rate for the last-hop router to switch to the ...

418 ip pimsm staticrp <rp-address> <group-address> <group-mask> no ip pimsm staticrp <rp-address> <group-address> <group-mask> < rp-address > - the IP Address of the RP. < group-address > - the group address supported by the RP. < group-mask > - ...

419 7.5.2.7 ip pimsm query-interval This command configures the transmission frequency of hello messages in seconds between PIM enabled neighbors. This field has a range of 10 to 3600 seconds. Syntax ip pimsm query-interval <10 - 3600> no ip pimsm query-interval <10 - 3600> - This is tim...

420 7.5.2.9 ip pimsm cbsrhashmasklength This command is used to configure the CBSR hash mask length to be advertised in bootstrap messages for a particular PIM-SM interface. This hash mask length will be used in the hash algorithm for selecting the RP for a particular group. The valid range is 0 - 3...

423 8 Web-Based Management Interface 8.1 Overview Your Layer 3 Network Switch provides a built-in browser software interface that lets you configure and manage it remotely using a standard Web browser such as Microsoft Internet Explorer or Netscape Navigator. This software interface also allows for ...

424 8.2 Main Menu 8.2.1 System Menu 8.2.1.1 View ARP Cache The Address Resolution Protocol (ARP) dynamically maps physical (MAC) addresses to Internet (IP) addresses. This panel displays the current contents of the ARP cache. For each connection, the following information is displayed: z The physica...

425 8.2.1.2 Viewing Inventory Information Use this panel to display the switch's Vital Product Data, stored in non-volatile memory at the factory. Non-Configurable Data System Description - The product name of this switch. Machine Type - The machine type of this switch. Machine Model - The model wit...

426 Additional Packages - A list of the optional software packages installed on the switch, if any. Command Buttons Refresh - Updates the information on the page. 8.2.1.3 Configuring Management Session and Network Parameters Viewing System Description Page Configurable Data System Name - Enter the n...

429 Configuring Network Connectivity Page The network interface is the logical interface used for in-band connectivity with the switch via any of the switch's front panel ports. The configuration parameters associated with the switch's network interface do not affect the configuration of the front p...

430 Configuring Telnet Session Page Configurable Data Telnet Session Timeout (minutes) - Specify how many minutes of inactivity should occur on a telnet session before the session is logged off. You may enter any number from 1 to 160. The factory default is 5. Maximum Number of Telnet Sessions - Use...

432 Baud Rate (bps) - Select the default baud rate for the serial port connection from the pull-down menu. You may choose from 1200, 2400, 4800, 9600, 19200, 38400, 57600, and 115200 baud. The factory default is 9600 baud. Password Threshold - When the logon attempt threshold is reached on the conso...

434 Defining Authentication List Configuration Page You use this screen to configure login lists. A login list specifies the authentication method(s) you want used to validate switch or port access for the users associated with the list. The pre-configured users, admin and guest, are assigned to a p...

435 select a method that does not time out as the second method, the third method will not be tried. Note that this parameter will not appear when you first create a new login list. Method 3 - Use the dropdown menu to select the method, if any, that should appear third in the selected authentication...

436 Viewing Authentication List Summary Page Non-Configurable Data Authentication List - Identifies the authentication login list summarized in this row. Method List - The ordered list of methods configured for this login list. Login Users - The users you assigned to this login list on the User Logi...

437 the user's access to the switch from all CLI, web, and telnet sessions will be blocked until the authentication is complete. Refer to the discussion of maximum delay in the RADIUS configuration help. Configurable Data Authentication List - Select the authentication login list you want to assign ...

438 Viewing Forwarding Database Page Use this panel to display information about entries in the forwarding database. These entries are used by the transparent bridging function to determine how to forward a received frame. Configurable Data Filter - Specify the entries you want displayed. Learned : ...

439 8.2.1.5 Viewing Logs Viewing Buffered Log Configuration Page This log stores messages in memory based upon the settings for message component and severity. Configurable Data Admin Status - A log that is "Disabled" shall not log messages. A log that is "Enabled" shall log messages...

440 Viewing Buffered Log Page This help message applies to the format of all logged messages which are displayed for the buffered log, persistent log, or console log. Format of the messages <15>Aug 24 05:34:05 STK0 MSTP[2110]: mspt_api.c(318) 237 %% Interface 12 transitioned to root state on m...

441 Configuring Command Logger Page Configurable Data Admin Mode - Enable/Disable the operation of the CLI Command logging by selecting the corresponding pulldown field and clicking Submit. Command Buttons Submit - Update the switch with the values you entered. Configuring Console Log Page This allo...

442 Viewing Event Log Page Use this panel to display the event log, which is used to hold error messages for catastrophic events. After the event is logged and the updated log is saved in FLASH memory, the switch will be reset. The log can hold at least 2,000 entries (the actual number depends on th...

443 IP Address - This is the ip address of the host configured for syslog. Status -This specifies wether the host has been configured to be actively logging or not. Set the host to be active/out of service from the drop down menu. Port -This is the port on the host to which syslog messages are sent....

444 Messages Relayed - The count of syslog messages relayed. Messages Ignored - The count of syslog messages ignored. Command Buttons Submit - Update the switch with the values you entered. Refresh - Refetch the database and display it again starting with the first entry in the table. 8.2.1.6 Managi...

446 Viewing Switch Interface Configuration Page This screen displays the status for all ports in the box. Selection Criteria MST ID - Select the Multiple Spanning Tree instance ID from the list of all currently configured MST ID's to determine the values displayed for the Spanning Tree parameters. C...

449 Configuring Multiple Port Mirroring Function Page Configurable Data Session ID - A session ID or "All Sessions" option may be selected. By default the First Session is selected. Session Mode - Specifies the Session Mode for a selected session ID. By default Session Mode is enabled. Sourc...

451 Configuring SNMP Trap Receiver Configuration Page This menu will display an entry for every active Trap Receiver. Configurable Data SNMP Community Name - Enter the community string for the SNMP trap packet to be sent to the trap manager. This may be up to 16 characters and is case sensitive. SNM...

452 Viewing SNMP supported MIBs Page This is a list of all the MIBs supported by the switch. Non-configurable Data Name - The RFC number if applicable and the name of the MIB. Description - The RFC title or MIB description. Command Buttons Refresh - Update the data.

453 8.2.1.8 Viewing Statistics Viewing the whole Switch Detailed Statistics Page Non-Configurable Data ifIndex - This object indicates the ifIndex of the interface table entry associated with the Processor of this switch. Octets Received - The total number of octets of data received by the processor...

455 Command Buttons Clear Counters - Clear all the counters, resetting all switch summary and detailed statistics to default values. The discarded packets count cannot be cleared. Refresh - Refresh the data on the screen with the present state of the data in the switch. Viewing the whole Switch Summ...

456 Transmit Packet Errors - The number of outbound packets that could not be transmitted because of errors. Address Entries Currently in Use - The total number of Forwarding Database Address Table entries now active on the switch, including learned and static entries. VLAN Entries Currently in Use ...

461 Refresh - Refresh the data on the screen with the present state of the data in the switch.

463 Viewing Each Port Summary Statistics Page Selection Criteria Slot/Port - Selects the interface for which data is to be displayed or configured. Non-Configurable Data ifIndex - This object indicates the ifIndex of the interface table entry associated with this port on an adapter. Total Packets Re...

464 8.2.1.9 Managing System Utilities Saving All Configuration Changed Page Command Buttons Save - Click this button to have configuration changes you have made saved across a system reboot. All changes submitted since the previous save or system reboot will be retained by the switch. Resetting the ...

466 Start File Transfer - To initiate the download you need to check this box and then select the submit button. Non-Configurable Data The last row of the table is used to display information about the progress of the file transfer. The screen will refresh automatically until the file transfer compl...

467 Defining Configuration and Runtime Startup File Page Specify the file used to start up the system. Configurable Data Configuration File - Configuration files. Runtime File - Run-time operation codes. Command Buttons Submit - Send the updated screen to the switch and specify the file start-up. Re...

468 Copying Running Configuration to Flash Page Use this menu to copy a start-up configuration file from the running configuration file on switch. Configurable Data File Name - Enter the name you want to give the file being copied. You may enter up to 32 characters. The factory default is blank. Non...

469 Submit - This will initiate the ping. Managing CDP Function Defining CDP Configuration Page Use this menu to configure the parameters for CDP, which is used to discover a CISCO device on the LAN. Configurable Data Admin Mode - CDP administration mode which are Enable and Disable. Hold Time - the...

472 8.2.1.10 Defining Trap Manager Configuring Trap Flags Page Use this menu to specify which traps you want to enable. When the condition identified by an active trap is encountered by the switch a trap message will be sent to any enabled SNMP Trap Receivers, and a message will be written to the tr...

473 Viewing Trap Log Page This screen lists the entries in the trap log. The information can be retrieved as a file by using System Utilities, Upload File from Switch. Non-Configurable Data Number of Traps since last reset - The number of traps that have occurred since the switch were last reset. Tr...

474 8.2.1.11 Configuring SNTP Configuring SNTP Global Configuration Page Configurable Data Client Mode - Specifies the mode of operation of SNTP Client. An SNTP client may operate in one of the following modes. • Disable - SNTP is not operational. No SNTP requests are sent from the client nor are an...

475 Unicast Poll Retry - Specifies the number of times to retry a request to an SNTP server after the first time-out before attempting to use the next configured server when configured in unicast mode. Allowed range is (0 to 10). Default value is 1. Command Buttons Submit - Sends the updated configu...

476 • Server Kiss Of Death The SNTP server indicated that no further queries were to be sent to this server. This is indicated by a stratum field equal to 0 in a message received from a server. Server IP Address - Specifies the IP address of the server for the last received valid packet. If no messa...

477 Address - Specifies the address of the SNTP server. This is a text string of up to 64 characters containing the encoded unicast IP address or hostname of a SNTP server. Unicast SNTP requests will be sent to this address. If this address is a DNS hostname, then that hostname should be resolved in...

478 Address - Specifies all the existing Server Addresses. If no Server configuration exists, a message saying "No SNTP server exists" flashes on the screen. Last Update Time - Specifies the local date and time (UTC) that the response from this server was used to update the system clock. Las...

479 Hour - Hour in 24-hour format. (Range: 0 - 23). Minute - Minute. (Range: 0 - 59). Second - Second. (Range: 0 - 59). Command Buttons Submit - Send the updated screen to the switch. Changes take effect on the switch but these changes will not be retained across a power cycle unless a save is perfo...

480 Submit - Send the updated screen to the switch. Changes take effect on the switch but these changes will not be retained across a power cycle unless a save is performed. 8.2.1.12 Defining DHCP Client Configuring DHCP Restart Page This command issues a BOOTP or DHCP client request for any IP inte...

481 z Specific Text String z Specific Hexadecimal Value Text String - A text string. Hex Value - The hexadecimal value. Command Buttons Submit - Send the updated screen to the switch perform the setting DHCP client identifier. 8.2.2 Switching Menu 8.2.2.1 Managing Port-based VLAN Configuring Port-ba...

482 z Autodetect - Specifies that port may be dynamically registered in this VLAN via GVRP. The port will not participate in this VLAN unless it receives a GVRP request. This is equivalent to registration normal in the IEEE 802.1Q standard. Tagging - Select the tagging behavior for this port in this...

483 VLAN Name - The name of the VLAN. VLAN ID 1 is always named `Default`. VLAN Type - The VLAN type: Default ( VLAN ID = 1) -- always present Static -- a VLAN you have configured Dynamic -- a VLAN created by GVRP registration that you have not converted to static, and that GVRP may therefore remove...

484 Viewing VLAN Port Summary Page Non-Configurable Data Slot/Port - The interface. Port VLAN ID - The VLAN ID that this port will assign to untagged frames or priority tagged frames received on this port. Acceptable Frame Types - Specifies the types of frames that may be received on this port. The ...

485 Resetting VLAN Configuration Page Command Buttons Reset - If you select this button and confirm your selection on the next screen, all VLAN configuration parameters will be reset to their factory default values. Also, all VLANs, except for the default VLAN, will be deleted. The factory default v...

486 8.2.2.2 Managing Protocol-based VLAN Protocol-based VLAN Configuration Page You can use a protocol-based VLAN to define filtering criteria for untagged packets. By default, if you do not configure any port- (IEEE 802.1Q) or protocol-based VLANs, untagged packets will be assigned to VLAN 1. You c...

487 Slot/Port(s) - Select the interface(s) you want to be included in the group. Note that a given interface can only belong to one group for a given protocol. If you have already added interface 0.1 to a group for IP, you cannot add it to another group that also includes IP, although you could add ...

488 VLAN - The VLAN ID associated with the group. Slot/Port(s) - The interfaces associated with the group. Command Buttons Refresh - Update the screen with the latest information. 8.2.2.3 Defining GARP Viewing GARP Information Page This screen shows the GARP Status for the switch and for the individ...

489 1.5*LeaveAllTime. Permissible values are 200 to 6000 centiseconds (2 to 60 seconds). The factory default is 1000 centiseconds (10 seconds). Configuring the whole Switch GARP Configuration Page Note: It can take up to 10 seconds for GARP configuration changes to take effect. Configurable Data GVR...

490 Configuring each Port GARP Configuration Page Note: It can take up to 10 seconds for GARP configuration changes to take effect. Selection Criteria Slot/Port - Select the physical interface for which data is to be displayed or configured. It is possible to set the parameters for all ports by sele...

491 8.2.2.4 Managing IGMP Snooping Configuring IGMP Snooping Global Configuration Page Use this menu to configure the parameters for IGMP Snooping, which is used to build forwarding lists for multicast traffic. Note that only a user with Read/Write access privileges may change the data on this scree...

492 Defining IGMP Snooping Interface Configuration Page Configurable Data Slot/Port - The single select box lists all physical ,VLAN and LAG interfaces. Select the interface you want to configure. Admin Mode - Select the interface mode for the selected interface for IGMP Snooping for the switch from...

493 Multicast Router Present Expiration Time - Specify the amount of time you want the switch to wait to receive a query on an interface before removing it from the list of interfaces with multicast routers attached. Enter a value between 0 and 3600 seconds. The default is 0 seconds. A value of zero...

494 Configuring IGMP Snooping VLAN Page Configurable Data VLAN ID - Specifies list of VLAN IDs for which IGMP Snooping is enabled. VLAN ID - Appears when "New Entry" is selected in VLAN ID combo box. Specifies VLAN ID for which pre-configurable Snooping parameters are to be set. Admin Mode -...

495 Viewing Multicast Router Statistics Page Non-Configurable Data Slot/Port - The single select box lists all physical and LAG interfaces. Select the interface for which you want to display the statistics. Multicast Router - Specifies for the selected interface whether multicast router is enable or...

496 Viewing Multicast Router VLAN Statistics Page Selection Criteria Slot/Port - The select box lists all Slot/Ports. Select the interface for which you want to display the statistics. Non-Configurable Data VLAN ID - All Vlan Ids for which the Multicast Router Mode is Enabled Multicast Router - Mult...

499 Viewing L2 Multicast Router Port Information Page Use this panel to display information about entries in the L2Mcast Static/Dynamic router ports. These entries are used by the transparent bridging function to determine how to forward a received frame. Selection Criteria Static - Displays static ...

500 8.2.2.5 Managing Port-Channel Configuring Port-Channel Configuration Page Selection Criteria Port Channel Name – You can use this screen to reconfigure an existing Port Channel, or to create a new one. Use this pull down menu to select one of the existing Port Channels, or select 'Create' to add...

501 Refresh - Refresh the data on the screen with the present state of the data in the switch. Viewing Port-Channel Information Page Non-Configurable Data Port Channel - The Slot/Port identification of the Port Channel. Port Channel Name - The name of the Port Channel. Port Channel Type - The type o...

502 Active Ports - A listing of the ports that are actively participating members of this Port Channel, in Slot/Port notation. There can be a maximum of 8 ports assigned to a Port Channel. 8.2.2.6 Viewing Multicast Forwarding Database Viewing All of Multicast Forwarding Database Tables Page The Mult...

504 Description - The text description of this multicast table entry. Possible values are Management Configured, Network Configured, and Network Assisted. Slot/Port(s) - The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:). Command Buttons Refresh - Refresh the data ...

505 8.2.2.7 Managing Spanning Tree Configuring Switch Spanning Tree Configuration Page Configurable Data Spanning Tree Mode - Specifies whether spanning tree operation is enabled on the switch. Value is enabled or disabled Force Protocol Version - Specifies the Force Protocol Version parameter for t...

507 Configuring Spanning Tree MST Configuration Page Selection Criteria MST ID - Create a new MST which you wish to configure or configure already existing MSTs. Configurable Data MST ID - This is only visible when the select option of the MST ID select box is selected. The ID of the MST being creat...

508 Topology change - The value of the topology change parameter for the switch indicating if a topology change is in progress on any port assigned to the selected MST instance. It takes a value if True or False. Designated root - The bridge identifier of the root bridge. It is made up from the brid...

510 Configuring each Port MST Configuration Page Selection Criteria MST ID - Selects one MST instance from existing MST instances. Slot/Port - Selects one of the physical or LAG interfaces associated with VLANs associated with the selected MST instance. Configurable Data Port Priority - The priority...

513 Submit - Update the switch with the values on this screen. If you want the switch to retain the new values across a power cycle, you must perform a save. 8.2.2.9 Managing Port Security Configuring Port Security Administration Mode Page Configurable Data Allow Port Security - Used to enable or di...

516 Number of Dynamic MAC addresses learned - Displays the number of dynamically learned MAC addresses on a specific port. Viewing Port Security Violation Status Page Selection Criteria Slot/Port - Select the physical interface for which you want to display data. Non-configurable data Last Violation...

517 IP - Specifies all the existing static ARP along with an additional option "Create". When the user selects "Create" another text boxes " IP Address" and "MAC Address" appear where the user may enter IP address and MAC address to be configured. IP Address - Enter t...

519 8.2.3.2 Managing IP Interfaces Configuring IP Use this menu to configure routing parameters for the switch as opposed to an interface. Configurable Data Routing Mode - Select enable or disable from the pulldown menu. You must enable routing for the switch before you can route through any of the ...

520 Viewing IP Statistics The statistics reported on this panel are as specified in RFC 1213. Non-Configurable Data IpInReceives - The total number of input datagrams received from interfaces, including those received in error. IpInHdrErrors - The number of input datagrams discarded due to errors in...

524 Configuring IP Interfaces Selection Criteria Slot/Port - Select the interface for which data is to be displayed or configured. Configurable Data IP Address - Enter the IP address for the interface. Subnet Mask - Enter the subnet mask for the interface. This is also referred to as the subnet/netw...

525 8.2.3.3 Managing OSPF Configuring OSPF Configurable Data Router ID - The 32 bit integer in dotted decimal format that uniquely identifies the router within the autonomous system (AS). If you want to change the Router ID you must first disable OSPF. After you set the new Router ID, you must re-en...

527 Configuring Area Selection Criteria Area ID - Select the area to be configured. Configurable Data Import Summary LSAs - Select enable or disable from the pulldown menu. If you select enable summary LSAs will be imported into stub areas. Metric Value - Enter the metric value you want applied for ...

529 Delete Stub Area - Delete the stub area designation. The area will be returned to normal state. Create NSSA - Configure the area ads a NSSA Delete NSSA - Delete the DSSA. The area will e returned to normal state. Submit - Send the updated configuration to the switch. Configuration changes take e...

531 LSDB Type - Select the type of Link Advertisement associated with the specified area and address range. The default type is 'Network Summary'. Advertisement - Select enable or disable from the pulldown menu. If you selected enable the address range will be advertised outside the area via a Netwo...

533 Configuring OSPF Interface Selection Criteria Slot/Port - Select the interface for which data is to be displayed or configured. Configurable Data OSPF Admin Mode* - You may select enable or disable from the pulldown menu. The default value is 'disable.' You can configure OSPF parameters without ...

536 Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed. Viewing Neighbor Table Information This panel displays the OSPF neighbor table list. When a particular neighbo...

537 designated router. The Neighbor IP address is learned when Hello packets are received from the neighbor. For virtual links, the Neighbor IP address is learned during the routing table build process. Neighbor Interface Index - A Slot/Port identifying the neighbor interface index. Command Buttons ...

539 Viewing OSPF Link State Database Non-Configurable Data Router ID - The 32 bit integer in dotted decimal format that uniquely identifies the router within the autonomous system (AS). The Router ID is set on the IP Configuration page. If you want to change the Router ID you must first disable OSPF...

540 Checksum - The checksum is used to detect data corruption of an advertisement. This corruption can occur while an advertisement is being flooded, or while it is being held in a router's memory. This field is the checksum of the complete contents of the advertisement, except the LS age field. Opt...

542 network-LSA for the network node. The network- LSA will contain links to all routers (including the Designated Router itself) attached to the network. Backup Designated Router - This router is itself the Backup Designated Router on the attached network. It will be promoted to Designated Router i...

543 Viewing OSPF Virtual Link Summary Table Non-Configurable Data Area ID - The Area ID portion of the virtual link identification for which data is to be displayed. The Area ID and Neighbor Router ID together define a virtual link. Neighbor Router ID - The neighbor portion of the virtual link ident...

544 Configuring OSPF Route Redistribution This screen can be used to configure the OSPF Route Redistribution parameters. The allowable values for each fields are displayed next to the field. If any invalid values are entered, an alert message will be displayed with the list of all the valid values. ...

545 Viewing OSPF Route Redistribution Summary Information This screen displays the OSPF Route Redistribution Configurations. Non Configurable Data Source - The Source Route to be Redistributed by OSPF. Metric - The Metric of redistributed routes for the given Source Route. Display "Unconfigured&...

546 8.2.3.4 Managing BOOTP/DHCP Relay Agent Configuring BOOTP/DHCP Relay Agent Configurable Data Maximum Hop Count - Enter the maximum number of hops a client request can take before being discarded. Server IP Address - Enter either the IP address of the BOOTP/DHCP server or the IP address of the ne...

547 Viewing BOOTP/DHCP Relay Agent Status Non-Configurable Data Maximum Hop Count - The maximum number of Hops a client request can go without being discarded. Server IP Address - IP address of the BOOTP/DHCP server or the IP address of the next BOOTP/DHCP Relay Agent. Admin Mode - Administrative mo...

548 8.2.3.5 Managing DNS Relay Configuring DNS Relay The DNS protocol controls the Domain Name System (DNS), a distributed database with which you can map host names to IP addresses. When you configure DNS on your switch, you can substitute the host name for the IP address with all IP commands, such...

549 Configuring Domain Name You can use this panel to change the configuration parameters for the domain names that can be appended to incomplete host names (i.e., host names passed from a client that are not formatted with dotted notation). You can also use this screen to display the contents of th...

550 Configuring Name Server You can use this panel to change the configuration parameters for the domain name servers. You can also use this screen to display the contents of the table. Configurable Data Name Server - Specifies all the existing domain name servers along with an additional option ...

551 TTL - The time to live reported by the name server. Flag - The flag of the record. Command Buttons Refresh - Refresh the page with the latest DNS cache entries. Clear All - Clear all entries in the DNS cache. Configuring DNS Host You can use this screen to change the configuration parameters for...

552 8.2.3.6 Managing Routing Information Protocol (RIP) Configuring RIP Global Configuration Page Configurable Data RIP Admin Mode - Select enable or disable from the pulldown menu. If you select enable RIP will be enabled for the switch. The default is disabled. Split Horizon Mode - Select none, si...

553 Viewing Each Routing Interface’s RIP Configuration Page Non-Configurable Data Slot/Port - The slot and port for which the information is being displayed. IP Address - The IP Address of the router interface. Send Version - The RIP version to which RIP control packets sent from the interface confo...

554 Defining The Routing Interface’s RIP Configuration Page Selection Criteria Slot/Port - Select the interface for which data is to be configured. Configurable Data Send Version - Select the version of RIP control packets the interface should send from the pulldown menu. The value is one of the fol...

556 Configuring Route Redistribution Configuration This screen can be used to configure the RIP Route Redistribution parameters. The allowable values for each field are displayed next to the field. If any invalid values are entered, an alert message will be displayed with the list of all the valid v...

557 Viewing Route Redistribution Configuration This screen displays the RIP Route Redistribution Configurations. Non Configurable Data Source - The Source Route to be Redistributed by RIP. Metric - The Metric of redistributed routes for the given Source Route. Displays "Unconfigured" when no...

558 Command Buttons Refresh - Displays the latest RIP Route Redistribution Configuration data. 8.2.3.7 Managing Router Discovery Configuring Router Discovery Selection Criteria Slot/Port - Select the router interface for which data is to be configured. Configurable Data Advertise Mode - Select enabl...

559 Viewing Router Discovery Status Non-Configurable Data Slot/Port - The router interface for which data is displayed. Advertise Mode - The values are enable or disable. Enable denotes that Router Discovery is enabled on that interface. Advertise Address - The IP Address used to advertise the route...

560 8.2.3.8 Managing Route Table Viewing Router Route Table Non-Configurable Data Network Address - The IP route prefix for the destination. Subnet Mask - Also referred to as the subnet/network mask, this indicates the portion of the IP interface address that identifies the attached network. Protoco...

561 ƒ OSPF Type-1 ƒ OSPF Type-2 ƒ RIP ƒ BGP4 Next Hop Slot/Port - The outgoing router interface to use when forwarding traffic to the destination. Next Hop IP Address - The outgoing router IP address to use when forwarding traffic to the next router (if any) in the path towards the destination. The ...

562 ƒ OSPF Type-2 ƒ RIP ƒ BGP4 Next Hop Slot/Port - The outgoing router interface to use when forwarding traffic to the destination. Next Hop IP Address - The outgoing router IP address to use when forwarding traffic to the next router (if any) in the path towards the destination. The next router wi...

564 Preference - Specifies a preference value for the configured next hop. Command Buttons Add Route - Go to a separate page where a route can be created. Configuring Router Route Preference Use this panel to configure the default preference for each protocol (e.g. 60 for static routes, 170 for BGP)...

565 Local - This field displays the local route preference value. Command Buttons Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed. 8.2.3.9 Managing VLAN Routing Co...

566 Instructions for creating a VLAN ƒ Enter a new VLAN ID in the field labeled VLAN ID. ƒ Click on the Create button. The page will be updated to display the interface and MAC address assigned to this new VLAN. The IP address and Subnet Mask fields will be 0.0.0.0. ƒ Note the interface assigned to ...

567 8.2.3.10 Managing VRRP Configuring VRRP Configurable Data VRRP Admin Mode - This sets the administrative status of VRRP in the router to active or inactive. Select enable or disable from the pulldown menu. The default is disable. Command Buttons Submit - Send the updated configuration to the swi...

569 Viewing Virtual Router Status Non-Configurable Data VRID - Virtual Router Identifier. Slot/Port - Indicates the interface associate with the VRID. Priority - The priority value used by the VRRP router in the election for the master virtual router. Pre-empt Mode - ƒ Enable - if the Virtual Router...

570 Owner - Set to 'True' if the Virtual IP Address and the Interface IP Address are the same, otherwise set to 'False'. If this parameter is set to 'True', the Virtual Router is the owner of the Virtual IP Address, and will always win an election for master router when it is active. VMAC Address - ...

572 Refresh - Refresh the data on the screen with the present state of the data in the switch. 8.2.4 Security Menu 8.2.4.1 Managing Access Control (802.1x) Defining Access Control Page Configurable Data Administrative Mode - This selector lists the two options for administrative mode: enable and dis...

573 Command Buttons Submit - Sends the updated screen to the switch and causes the changes to take effect on the switch but these changes will not be retained across a power cycle unless a save is performed. Configuring each Port Access Control Configuration Page Selection Criteria Port - Selects th...

576 "Initialize" "Disconnected" "Connecting" "Authenticating" "Authenticated" "Aborting" "Held" "ForceAuthorized" "ForceUnauthorized". Backend State - This field displays the current state of the backend authentication state mac...

577 Viewing Access Control Summary Page Non-Configurable Data Port - Specifies the port whose settings are displayed in the current table row. Control Mode - This field indicates the configured control mode for the port. Possible values are: Force Unauthorized: The authenticator port access entity (...

578 Viewing each Port Access Control Statistics Page Selection Criteria Port - Selects the port to be displayed. When the selection is changed, a screen refresh will occur causing all fields to be updated for the newly selected port. All physical interfaces are valid. Non-Configurable Data EAPOL Fra...

579 Last EAPOL Frame Source - This displays the source MAC address carried in the most recently received EAPOL frame. EAP Response/Id Frames Received - This displays the number of EAP response/identity frames that have been received by this authenticator. EAP Response Frames Received - This displays...

580 Configurable Data Login - Selects the login to apply to the specified user. All configured logins are displayed. Command Buttons Submit - Sends the updated screen to the switch and causes the changes to take effect on the switch but these changes will not be retained across a power cycle unless ...

581 Port - Displays the port in Slot/Port format. Users - Displays the users that have access to the port. Command Buttons Refresh - Update the information on the page. 8.2.4.2 Managing RADIUS Configuring RADIUS Configuration Page Configurable Data Max Number of Retransmits - The value of the maximu...

582 sum of (retransmit times timeout) for all configured servers. If the RADIUS request was generated by a user login attempt, all user interfaces will be blocked until the RADIUS application returns a response. Timeout Duration (secs) - The timeout value, in seconds, for request retransmissions. Th...

583 Configuring RADIUS Server Configuration Page Selection Criteria RADIUS Server IP Address - Selects the RADIUS server to be configured. Select add to add a server. Configurable Data IP Address - The IP address of the server being added. Port - The UDP port used by this server. The valid range is ...

585 Defining RADIUS Accounting Server Configuration Page Selection Criteria Accounting Server IP Address - Selects the accounting server for which data is to be displayed or configured. If the add item is selected, a new accounting server can be configured. Configurable Data IP Address - The IP addr...

586 Viewing RADIUS Accounting Server Statistics Page Non-Configurable Statistics Accounting Server IP Address - Identifies the accounting server associated with the statistics. Round Trip Time (secs) - Displays the time interval, in hundredths of a second, between the most recent Accounting-Response...

587 Resetting All RADIUS Statistics Page Command Buttons Clear All RADIUS Statistics - This button will clear the accounting server, authentication server, and RADIUS statistics. 8.2.4.3 Defining TACACS Configuration Configuring TACACS Configuration Page Use this menu to configure the parameters for...

588 Authen. Port - The TCP port number of TACACS+. Server Time Out - Timeout value of TACACS+ packet transmit. Retry Count - Retry count after transmit timeout. Status - The TACACS+ server status which are "disable”, “master" and "slave". Share Secret - The key only transmit between ...

589 Command Buttons Submit - Send the updated screen to the switch. Changes take effect on the switch but these changes will not be retained across a power cycle unless a save is performed. 8.2.4.5 Defining Secure Http Configuration Secure HTTP Configuration Page Configurable Data Admin Mode - This ...

590 8.2.4.6 Defining Secure Shell Configuration Configuring Secure Shell Configuration Page Configurable Data Admin Mode - This select field is used to Enable or Disable the administrative mode of SSH. The currently configured value is shown when the web page is displayed. The default value is Disab...

591 8.2.5 QOS Menu 8.2.5.1 Managing Access Control Lists Configuring IP Access Control List Configuration Page An IP ACL consists of a set of rules which are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit/Deny) is taken and ...

592 Viewing IP Access Control List Summary Page Non-Configurable Data IP ACL ID - The IP ACL identifier. Rules - The number of rules currently configured for the IP ACL. Direction - The direction of packet traffic affected by the IP ACL. Direction can only be: ƒ Inbound Slot/Port(s) - The interfaces...

595 Configuring MAC Access Control List Configuration Page A MAC ACL consists of a set of rules which are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit/Deny) is taken and the additional rules are not checked for a match. On...

596 Viewing MAC Access Control List Summary Page Non-Configurable Data MAC ACL Name - MAC ACL identifier. Rules - The number of rules currently configured for the MAC ACL. Direction - The direction of packet traffic affected by the MAC ACL. Valid Directions ƒ Inbound Slot/Port - The interfaces to wh...

598 Command Buttons Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed. Delete - Remove the currently selected Rule from the selected ACL. These changes will not be r...

599 number. If the sequence number is not specified by the user, a sequence number that is one greater than the highest sequence number currently in use for this interface and direction will be used. Valid range is (1 to 4294967295). Non-Configurable Data Slot/Port - Displays selected interface. Dir...

600 on a per-class instance basis, and it is these attributes that are applied when a match occurs. The configuration process begins with defining one or more match criteria for a class. Then one or more classes are added to a policy. Policies are then added to interfaces. Packet processing begins b...

601 Class Selector - Along with an option to create a new class, this lists all the existing DiffServ class names, from which one can be selected. The content of this screen varies based on the selection of this field. If an existing class is selected then the screen will display the configured clas...

602 Class Type - Displays types of the configured classes as 'all', 'any', or 'acl'. Class types are platform dependent. Reference Class/ACL Number - Displays name of the configured class of type 'all' or 'any' referenced by the specified class of the same type. For the specified class type of 'acl'...

603 Viewing DiffServ Policy Summary Page Non-Configurable Data Policy Name - Displays name of the DiffServ policy. Policy Type - Displays type of the policy as 'In'. Member Classes - Displays name of each class instance within the policy. Configuring DiffServ Policy Class Definition Page Selection C...

604 Viewing DiffServ Policy Attribute Summary Page Non-Configurable Data Policy Name - Displays name of the specified DiffServ policy. Policy Type - Displays type of the specified policy as 'In’ or 'Out'. Class Name - Displays name of the DiffServ class to which this policy is attached. Attribute - ...

606 Viewing DiffServ Service Detailed Statistics Page This screen displays class-oriented statistical information for the policy, which is specified by the interface and direction. The 'Member Classes' drop down list is populated on the basis of the specified interface and direction and hence the at...

607 8.2.5.3 Configuring Diffserv Wizard Page Operation The DiffServ Wizard enables DiffServ on the switch by creating a traffic class, adding the traffic class to a policy, and then adding the policy to the ports selected on DiffServ Wizard page. The DiffServ Wizard will: Create a DiffServ Class and...

608 8.2.5.4 Managing Class of Service Managing Table Configuration Page Selection Criteria Slot/Port - Specifies all CoS configurable interfaces. The option "Global" represents the most recent global configuration settings. These may be overridden on a per-interface basis. Configurable Data ...

609 Non-IP Traffic Class - Displays traffic class (i.e. queue) to which all non-IP traffic is directed when in 'trust ip-precedence' or 'trust ip-dscp' mode. Valid Range is (0 to 6). 802.1p Priority - Displays the 802.1p priority to be mapped. IP Precedence Value - Displays IP Precedence value. Vali...

610 Slot/Port - Specifies all CoS configurable interfaces. The option "Global" represents the most recent global configuration settings. These may be overridden on a per-interface basis. Configurable Data Interface Shaping Rate - Specifies the maximum bandwidth allowed, typically used to sha...

611 Scheduler Type - Specifies the type of scheduling used for this queue. Scheduler Type can only be one of the following: ƒ strict ƒ weighted Default value is weighted. Queue Management Type - Queue depth management technique used for queues on this interface. This is only used if device supports ...

612 Minimum Bandwidth - Specifies the minimum guaranteed bandwidth allotted to this queue. The value 0 means no guaranteed minimum. Sum of individual Minimum Bandwidth values for all queues in the selected interface cannot exceed defined maximum (100). Scheduler Type - Specifies the type of scheduli...

613 Non-Configurable Data Version - The current value of the DVMRP version string. Total Number of Routes - The number of routes in the DVMRP routing table. Reachable Routes - The number of routes in the DVMRP routing table that have a non-infinite metric. Command Buttons Submit - Send the updated c...

614 Viewing DVMRP Configuration Summary Selection Criteria o Slot/Port - Select the interface for which data is to be displayed. You must configure at least one router interface before you can display data for a DVMRP interface. Otherwise you will see a message telling you that no router interfaces ...

616 Viewing DVMRP Next Hop Configuration Summary Non-Configurable Data Source IP - The IP address used with the source mask to identify the source network for this table entry. Source Mask - The network mask used with the source IP address. Next Hop Interface - The outgoing interface for this next h...

617 Viewing DVMRP Prune Summary Non-Configurable Data Group IP - The group address which has been pruned. Source IP - The address of the source or source network which has been pruned. Source Mask - The subnet mask to be combined with the source IP address to identify the source or source network wh...

618 Source Mask - The subnet mask to be combined with the source address to identify the sources for this entry. Upstream Neighbor - The address of the upstream neighbor (e.g., RPF neighbor) from which IP datagrams from these sources are received. Interface - The interface on which IP datagrams sent...

619 Configuring IGMP Interface Configuration Page Selection Criteria Slot/Port - Select the slot and port for which data is to be displayed or configured from the pulldown menu. Slot 0 is the base unit. You must have configured at least one router interface before configuring or displaying data for ...

620 Command Buttons Submit - Send the updated configuration to the router. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed. Viewing IGMP Configuration Summary Selection Criteria Slot/Port - Select the slot and port for...

622 Viewing IGMP Cache Information Selection Criteria Slot/Port - Select the Slot and port for which data is to be displayed. Slot 0 is the base unit. Multicast Group IP - Select the IP multicast group address for which data is to be displayed. If no group membership reports have been received on th...

623 Version 1 Host Timer - The time remaining until the local router will assume that there are no longer any IGMP version 1 members on the IP subnet attached to this interface. When an IGMPv1 membership report is received, this timer is reset to the group membership timer. While this timer is non-z...

624 Source Filter Mode - The source filter mode (Include/Exclude/NA) for the specified group on this interface. Source Hosts - This parameter shows source addresses which are members of this multicast address. Expiry Time - This parameter shows expiry time interval against each source address which ...

626 Source IP - Enter the IP address of the multicast packet source to be combined with the Group IP to fully identify a single route whose Mroute table entry you want to display or clear. You may leave this field blank. Group IP - Enter the destination group IP address whose multicast route(s) you ...

627 Configurable Data Source IP - Enter the IP Address that identifies the multicast packet source for the entry you are creating. Source Mask - Enter the subnet mask to be applied to the Source IP address. RPF Neighbor - Enter the IP address of the neighbor router on the path to the source. Metric ...

628 Configuring Multicast Admin Boundary Configuration Page The definition of an administratively scoped boundary is a mechanism is a way to stop the ingress and egress of multicast traffic for a given range of multicast addresses on a given routing interface. Selection Criteria Group IP - Select 'C...

629 Slot/Port - The router interface to which the administratively scoped address range is applied. Group IP - The multicast group address for the start of the range of addresses to be excluded. Group Mask - The mask that is applied to the multicast group address. The combination of the mask and the...

630 Non-Configurable Data Router Interface - The IP address of the router interface for which configuration information was requested. Neighboring router's IP Address - The IP address of the neighboring router. Metric - The routing metric for this router. TTL Threshold - The time-to-live threshold o...

631 Viewing Mstat Summary Page This screen is used to display the results of an mstat command. Non-Configurable Data This screen shows the path taken by multicast traffic between the specified IP addresses. Forward data flow is indicated by arrows pointing downward and the query path is indicated by...

632 Admin Mode - Select enable or disable from the pulldown menu. If you select enable the router will process and forward mtrace requests received from other routers, otherwise received mtrace requests will be discarded. This field is non-configurable for read-only users. Command Buttons Submit - S...

633 Viewing Mtrace Summary Page This screen displays the results of an mtrace command. The mtrace command is used to trace the path from source to a destination branch for a multicast distribution tree. Non-Configurable Data Number of hops away from destination - The number of hops away from the des...

634 Configuring Interface’s PIM-DM Configuration Page Selection Criteria Slot/Port - Select the Slot and port for which data is to be displayed or configured. Slot 0 is the base unit. You must have configured at least one router interface before configuring or displaying data for a PIM-DM interface,...

635 Protocol State - The operational state of the PIM-DM protocol on this interface. Hello Interval - The frequency at which PIM hello messages are transmitted on the selected interface. IP Address - The IP address of the selected interface. Neighbor Count - The number of PIM neighbors on the select...

636 Data Threshold Rate - Enter the minimum source data rate in K bits/second above which the last-hop router will switch to a source-specific shortest path tree. The valid values are from (0 to 2000 K bits/sec) . The default value is 50. Register Threshold Rate - Enter the minimum source data rate ...

638 Protocol State - The operational state of the PIM-SM protocol on this interface. IP Address - The IP address of the selected PIM interface. Net Mask - The network mask for the IP address of the selected PIM interface. Designated Router - The Designated Router on the selected PIM interface. For p...

639 Component Index - Unique number identifying the component index. Component BSR Address - Displays the IP address of the bootstrap router (BSR) for the local PIM region. Component BSR Expiry Time - Displays the minimum time remaining before the bootstrap router in the local domain will be declare...

640 Group Address - The group address transmitted in Candidate-RP-Advertisements. Group Mask - The group address mask transmitted in Candidate-RP-Advertisements to fully identify the scope of the group which the router will support if elected as a Rendezvous Point. Address - Displays the unicast add...