DGS-6600_Series_CLI_ReferenceGuide_v3.00.pdf
- DGS-6600_Series_CLI_ReferenceGuide_v 3.00.pdf

D-Link DGS-6608-SK User Manual

Displayed below is the user manual for DGS-6608-SK by D-Link which is a product in the Network Equipment Chassis category. This manual has pages.

CLI Reference Guide

Product Model : DGS-6600 Series

Layer 3 Chassis Ethernet Managed Switch

Release 3.00

iii

DGS-6600 Series Switch CLI Reference Guide

Software Release 3.00.029

Date: January 30, 2013

Without our written permission this document may not be excerpted, reproduced, transmitted, or

otherwise in all or part by any party by any means.

Preface

Version Description

This manual’s command descriptions are based on the software release 3.00.029. The

commands listed here are the subset of commands that are supported by the DGS-6600

series switches.

Note: Other Ethernet L2/L3 Chassis-Based Switch series Hardware using similar software

may support a different subset of commands although generally the majority of the supported

commands and options will be similar.

Audience

This reference manual is intended for network administrators and other IT networking

professionals responsible for managing the DGS-6600 by using the D-LINK Command Line

Reference (CLI). The CLI is the primary management interface to the D-LINK DGS-6600

which will be generally referred to as the “switch” within this manual. This manual is written in

a way that assumes that you already have the experience and knowledge of Ethernet and

modern networking principles for Local Area Networks.

Document Organization

Other Documentation

The documents below are a further source of information in regards to configuring and troubleshooting the

switch. All the documents are available for download from D-Links web site www.d-link.com.

• DGS-6600 Series Quick Installation Guide

• DGS-6600 Series Hardware Installation Guide

Preface Describes how to use the CLI reference manual.

Feature Table of

Contents

A command list of the DGS-6604 commands grouped by their features and

linked to the command descriptions.

Command Listings A complete list of available commands arranged in alphabetical order.

Acronyms A glossary of acronyms used throughout the reference manual.

Conventions

Notes, Notices, and Cautions

Below are examples of the 3 types of indicators used in this manual. When administering your switch

using the information in this document, you should pay special attention to these indicators. Each

example below provides an explanatory remark regarding each type of indicator.

Convention Description

boldface font Commands, command options and keywords are printed in boldface. Key words

in the command line, are to be entered exactly as they are displayed.

UPPERCASE ITALICS

font

Parameters or values that must be specified are printed in UPPERCASE

ITALICS. Parameters in the command line, are to be replaced with the actual

values that are desired to be used with the command.

[ ] Square brackets enclose an optional value or set of optional arguments.

{ a|b|c} Braces enclose alternative keywords separated by vertical bars. Generally, one

of the keywords in the separated list can be chosen.

[ a | b | c ] Optional values or arguments are enclosed in square brackets and separated by

vertical bars. Generally, one of the vales or arguments in the separated list can

be chosen.

blue color screen Blue color screen fonts: are used it presents an example of a screen

console display including example entries of CLI command input with the

corresponding output.

NOTE: A NOTE indicates important information that helps you make better use of your

device

NOTICE: A NOTICE indicates either potential damage to hardware or loss of data and tells

you how to avoid the problem

CAUTION: A CAUTION indicates a potential for property damage, personal injury, or death.

Command Descriptions:

The information pertaining to each command in this reference guide is presented using a number of

template fields. The fields are:

• Description - This is a short and concise statement describing the commands functionality.

• Syntax - The precise form to use when entering and issuing the command. The form conventions

are described in the table shown under the section “Conventions” on page v of this guide.

• Syntax Description - A table where each row describes the optional or required arguments, and

their use, that can be issued with the command.

• Default - If the command sets a configuration value or administrative state of the switch then any

default settings (i.e. without issuing the command) of the configuration is shown here.

• Command Mode - The mode in which the command can be issued. The modes are either User

EXEC, Privileged EXEC, Global Configuration or a specific configuration mode. These modes are

described in the section titled “Command Modes” on page vi below.

•Command Usage - If necessary, a detailed description of the command and its various utilization

scenarios is given here.

• Example(s) - Each command is accompanied by a practical example of the command being

issued in a suitable scenario.

Command Modes

There are several command modes available in the command-line interface (CLI). The set of commands

available to the user depends on both the mode the user is currently in and their privilege level. For each

case, the user can see all the commands that are available in a particular command mode by entering a

question mark (?) at the system prompt.

The command-line interface has four privilege levels:

•Basic User- Privilege Level 1. This user account level has the lowest priority of the user accounts

and is allowed to configure the terminal control settings. The purpose of this type of user account

level is for basic system checking. This user account can only show limited information that is not

related to security. The most important limitation of this account is that there is no way of changing

the access right level.

•Advanced User- Privilege Level 2. This user account level is very similar to a basic user except

that an advanced user can enter privileged EXEC mode.

•Power User- Privilege Level 12. This user account level is used to grant system configuration

rights for users who need to change or monitor system configuration, except for security related

information such as user accounts and SNMP account settings, etc.

•Administrator- Privilege Level 15. This administrator user account level can monitor all system

information and change any of the system configuration settings expressed in this configuration

guide.

The command-line interface has a number of command modes. There are three basic command modes:

vii

• User EXEC mode

• Privileged EXEC mode

•Global Configuration mode

All other sub-configuration modes can be accessed via global configuration mode.

When a user logs in to the Switch, the privilege level of the user determines the command mode the user

will enter after initially logging in. The user will either log into user EXEC mode or privileged EXEC mode.

Users with a basic user and advanced user level will log into the Switch in user EXEC mode. Users with

power user and administrator level accounts will log into the Switch in privileged EXEC mode. Therefore,

user EXEC mode can operate at either basic user level or advanced user level, and privileged EXEC

mode can operate at either power user level or administrator level. The user can only enter global

configuration mode from privileged EXEC mode. Therefore, global configuration mode can be accessed

by users who have power user or administrator level user accounts. As for sub-configuration modes, a

subset of those can only be accessed by users who have the highest secure administrator level

privileges.

In user EXEC mode at advanced user level, the user is allowed to enter privileged EXEC mode by

entering the enable password. In privileged EXEC mode, the user is allowed to exit to the user EXEC

mode at advanced user level by entering the disable command. The enable password and disable

commands are functions that can be used to switch between user EXEC mode and privileged EXEC

mode.

The following state diagram describes the main command modes and how to enter each one:

User EXEC mode

Basic user

User EXEC mode

Advanced user

Privileged EXEC mode

Power user

Privileged EXEC mode

Administrator

Global configuration mode

Administrator

Interface configuration mode

Administrator VLAN configuration mode

Administrator

Mgmt-if configuration mode

Administrator

Disable

Administrator

Enable

Power User

Disable

Power User

Basic User Advanced UserPower User

config

Enable

Administrator

mgmt-if

vlan

interface

config

viii

The following table briefly lists the available command modes. Only the basic command modes and some

of the sub-configuration modes are enumerated. The basic command modes and basic sub-configuration

modes are further described in the following chapters. Descriptions for the rest of the sub-configuration

modes are not provided in this section. For more information on the additional sub-configuration modes,

the user should refer to the chapters relating to these functions.

The available command modes and privilege levels are described below:

Note: Not all configuration modes are listed in the above figure. For example, in

global configuration mode, enter “router ospf” to enter OSPF router configuration

mode

Command Mode & Privilege Level Purpose

User EXEC mode at Basic User level For checking basic system settings, allowing users to

change the local terminal session settings, and verifying

basic network connectivity. Checking security related

settings is not allowed at this command mode and

privilege level.

User EXEC mode at Advanced User level This level has almost the same access rights as user

EXEC mode at basic user level, except that a user in this

mode and at this level can enter privileged EXEC mode

by entering the enable command.

Privileged EXEC mode at Power User level For changing both local and global terminal settings,

monitoring, and performing certain system

administration tasks. The system administration tasks

that can be performed at this level includes the clearing

of system configuration settings, except for any security

related information, such as user accounts, SNMP

account settings etc.

Privileged EXEC mode at Administrator

level

This level is identical to privileged EXEC mode at power

user level, except that a user at the administrator level

can monitor and clear security related settings.

Global Configuration Mode at Power User

level

For applying global settings, except for security related

settings, on the entire Switch. In addition to applying

global settings on the entire Switch, the user can access

other sub-configuration modes from global configuration

mode.

Global Configuration Mode at Administrator

level

For applying global settings on the entire Switch. In

addition to applying global settings on the entire Switch,

the user can access other sub-configuration modes from

global configuration mode.

Interface Configuration Mode at Power

User level

For applying interface related settings.

User EXEC Mode at Basic User Level

This command mode is mainly designed for checking basic system settings, allowing users to change the

local terminal session settings and carry out basic network connectivity verification. One limitation of this

command mode is that it cannot be used to display information related to security. The most significant

limitation of this command mode is that there is no way of changing the access right level of the logged in

user.

This command mode can be entered by logging in as a basic user.

User EXEC Mode at Advanced User Level

User EXEC mode at advanced user level has the same purpose as user EXEC mode at basic user level,

except that user EXEC mode at advanced user level is allowed to use the enable command to enter

privileged EXEC mode.

This command mode can be entered by logging in as an advanced user or by using the disable

command in privileged EXEC mode.

In the following example, the user is currently logged in as an advanced user in privileged EXEC mode

and uses the disable command to return to user EXEC mode at advanced user level:

Privileged EXEC Mode at Power User Level

Users logged into the Switch in privileged EXEC mode at this level can change both local and global

terminal settings, monitor, and perform system administration tasks like clearing configuration settings

(except for security related information such as user accounts, SNMP account settings etc.)

There are two methods that a user can use to enter privileged EXEC mode at power user level. The first

method is to login to the Switch with a user account that has a privilege level of 12. The other method is to

use the enable privilege LEVEL command in user EXEC mode.

In the following example, the user enters privileged EXEC mode at power user level by logging in with a

user account called “power-user” that has a privilege level of 12:

VLAN Interface Configuration Mode For applying VLAN interface related settings.

VLAN Configuration Mode For applying settings to a VLAN.

IP Access-List Configuration Mode For specifying filtering criteria for an IP access list.

DGS-6600:15#disable

DGS-6600:2>

Command Mode & Privilege Level Purpose

In the following example, the user enters the enable privilege LEVEL command in user EXEC mode to

enter privileged EXEC mode at Power User level:

Privileged EXEC Mode at Administrator Level

This command mode has a privilege level of 15. Users logged in with this command mode can monitor all

system information and change any system configuration settings mentioned in this Configuration Guide.

There are two methods that a user can use to enter privileged EXEC mode at administrator level. The first

method is to login to the Switch with a user account that has a privilege level of 15. The second method

requires a user to login to the Switch in as a user with an advanced user or power user level and and use

the enable privilege LEVEL command.

In this command mode, the user can return to user EXEC mode at an advanced user level by entering the

disable command.

In the following example, the user is currently logged in as an administrator in privileged EXEC mode and

uses the disable command to return to user EXEC mode at an advanced user level:

User Access Verification

Username: power-user

Password:

DGS-6600 Chassis-based High-Speed Switch

Command Line Interface

Firmware: 3.00.029

DGS-6600:12#

DGS-6600:2>enable privilege 12

DGS-6600:12#

DGS-6600:15#disable

DGS-6600:2>

In the following example, the user enters the enable privilege LEVEL command in privileged EXEC

mode at power user level to enter privileged EXEC mode at an administrator level:

Global Configuration Mode

The primary purpose of global configuration mode is to apply global settings on the entire Switch. Global

configuration mode can be accessed at both power user and administrator level. However, security

related settings are not accessible at power user level. In addition to applying global settings on the entire

Switch, the user can also access other sub-configuration modes.

In order to access global configuration mode, the user must be logged in as an administrator or power

user and use the configure terminal command in privileged EXEC mode.

In the following example, the user is logged in as an Administrator in privileged EXEC mode and uses the

configure terminal command to access global configuration mode:

The exit command is used to exit global configuration mode and return to privileged EXEC mode.

The procedures to enter the different sub-configuration modes can be found in the related chapters in this

Configuration Guide. The command modes are used to configure the individual functions.

Interface Configuration Mode

Interface configuration mode is used to configure the parameters for an interface or a range of interfaces.

An interface can be a physical port, VLAN, or other virtual interface. Thus, interface configuration mode is

distinguished further according to the type of interface. The command prompt for each type of interface is

slightly different.

VLAN Interface Configuration Mode

VLAN interface configuration mode is one of the available interface modes and is used to configure the

parameters of a VLAN interface.

To access VLAN interface configuration mode, use the following command in global configuration mode:

DGS-6600:12#enable privilege 15

DGS-6600:15#

DGS-6600:15#configure terminal

DGS-6600:15(config)#

Command Explanation

DGS-6600:15(config)#interface

vlanVLAN-ID

Enters VLAN interface configuration mode.

DGS-6604 m

CLI Reference Guide 1

Command Listing by Feature

802.1x dot1x auth-mode — 189

dot1x auth-protocol — 190

dot1x control-direction — 191

dot1x default — 192

dot1x forward-pdu — 193

dot1x guest-vlan (interface configuration) — 194

dot1x initialize — 196

dot1x max-req — 197

dot1x pae — 198

dot1x port-control — 199

dot1x re-authenticate — 200

dot1x re-authentication — 201

dot1x system-auth-control — 202

dot1x timeout — 203

dot1x user — 204

show dot1x — 663

show dot1x user — 667

show dot1x vlan — 668

AAA aaa authentication — 30

aaa authorization — 32

aaa group server — 33

server — 608

show aaa — 638

show aaa group server — 641

DGS-6604 m

CLI Reference Guide 2

Access

Control Lists

ip access-group — 247

ip access-list — 249

ipv6 access-list — 361

mac access-group — 452

mac access-list — 453

periodic — 536

permit | deny (ip access-list) — 537

permit | deny (ipv6 access list) — 540

permit | deny (mac access-list) — 542

resequence access-list — 593

show access-group — 642

show access-list — 643

show time-range — 919

time-range — 1021

Access

Management

banner login — 61

command prompt — 133

configure terminal — 135

disable — 179

enable — 206

enable password — 207

end — 210

exit — 228

help — 238

ip http server — 287

ip http service-port — 288

ip telnet server — 354

ip telnet service-port — 355

DGS-6604 m

CLI Reference Guide 3

ip trusted-host — 356

logout — 443

password encryption — 529

show enable password — 669

show history — 681

show ip trusted-host — 787

show username — 923

show user-session — 924

telnet — 1008

terminal length — 1013

terminal timeout — 1014

terminal width — 1015

username — 1034

Basic IPv4 arp — 56

arp timeout — 57

clear arp-cache — 99

ip address — 253

show arp — 644

show ip interface — 731

Basic IPv6 clear ipv6 neighbors — 115

default ipv6 nd prefix — 163

ipv6 address — 362

ipv6 enable — 372

ipv6 hop-limit — 373

ipv6 nd managed-config-flag — 374

DGS-6604 m

CLI Reference Guide 4

ipv6 nd other-config-flag — 375

ipv6 nd prefix — 376

ipv6 nd ra-interval — 377

ipv6 nd ra-lifetime — 378

ipv6 nd reachable-time — 379

ipv6 nd retrans-timer — 380

ipv6 nd suppress-ra — 381

ipv6 neighbor — 382

show ip dhcp pool — 701

show ipv6 interface brief — 796

show ipv6 neighbors — 797

Basic Switch show environment — 670

show system — 914

show unit — 921

show version — 925

BGP address-family ipv4 — 40

aggregate-address — 41

bgp always-compare-med — 71

bgp asnotation dot — 72

bgp bestpath as-path ignore — 74

bgp bestpath compare-routerid — 76

bgp default ipv4-unicast — 77

bgp default local-preference — 78

bgp deterministic-med — 79

bgp enforce-first-as — 80

bgp log-neighbor-changes — 83

DGS-6604 m

CLI Reference Guide 5

bgp router-id — 84

clear ip bgp — 104

clear ip bgp peer-group — 106

default-information originate — 165

ip community-list — 261

ip dhcp snooping verify MAC-address — 282

match as-path — 463

match community — 464

neighbor advertisement-interval — 503

neighbor description — 504

neighbor filter-list — 505

neighbor peer-group (create group) — 506

neighbor peer-group (add group member) — 508

neighbor remote-as — 509

neighbor route-map — 510

neighbor send-community — 511

neighbor shutdown — 512

neighbor timers — 513

neighbor update-source — 514

neighbor weight — 515

network (BGP) — 520

redistribute — 582

router bgp — 599

set as-path — 616

set community — 617

set origin — 630

set weight — 631

DGS-6604 m

CLI Reference Guide 6

show ip arp inspection — 685

show ip bgp — 689

show ip bgp community-list — 691

show ip bgp filter-list — 693

show ip bgp neighbors — 694

show ip community-list — 697

switchport voice-vlan state — 1003

timers bgp — 1020

Chassis reboot — 581

show system high-availability — 918

system high-availability — 1005

Digital

Diagnostic

Monitoring

(DDM)

ddm bias-current — 150

ddm log — 152

ddm rx-power — 153

ddm shutdown — 155

ddm state — 156

ddm temperature — 157

ddm voltage — 161

ddm tx-power — 159

show ddm — 657

show ddm configuration — 658

show ddm status — 660

DHCP Client

(IPv6)

clear ipv6 dhcp client — 114

ipv6 address — 363

ipv6 dhcp client information refresh minimum — 367

ipv6 dhcp client pd — 368

DGS-6604 m

CLI Reference Guide 7

show ipv6 dhcp — 789

show ipv6 general-prefix — 793

DHCP Relay

(IPv4)

ip dhcp relay — 266

ip dhcp relay address — 267

ip dhcp relay hops — 268

ip dhcp relay information check — 269

ip dhcp relay information option — 270

ip dhcp relay information policy — 272

ip dhcp relay information trust-all — 273

ip dhcp relay information trusted — 274

show ip dhcp relay — 704

show ip dhcp relay information trusted-sources — 705

DHCP Relay

(IPv6)

ipv6 dhcp relay destination — 370

show ipv6 dhcp relay interface — 792

DHCP Server

(IPv4)

accept dhcp client-identifier — 34

accept dhcp relay-agent — 35

based-on client-id — 63

based-on c-vid — 64

based-on interface-ip-address — 65

based-on mac-address — 66

based-on relay-ip-address — 67

based-on s-vid — 68

based-on user-class — 69

based-on vendor-class — 70

bootfile — 91

clear ip dhcp binding — 108

DGS-6604 m

CLI Reference Guide 8

clear ip dhcp conflict — 110

clear ip dhcp server statistics — 112

default-router — 174

dns-server — 182

domain-name — 183

ip address-list — 255

ip dhcp ping packets — 263

ip dhcp ping timeout — 264

ip dhcp pool — 265

lease — 416

netbios node-type — 516

netbios scope-id — 517

netbios wins-server — 518

next-server — 522

service dhcp — 610

show ip dhcp binding — 698

show ip dhcp conflict — 700

show ip dhcp pool — 701

show ip dhcp server — 707

show ip dhcp server statistics — 708

subnet-mask — 996

DHCP Server

Screening/

Client Filtering

ip dhcp screening — 275

ip dhcp screening ports — 276

ip dhcp screening suppress-duration — 277

ip dhcp screening trap-log — 278

show ip dhcp screening — 706

DGS-6604 m

CLI Reference Guide 9

DHCP

Snooping

ip dhcp snooping — 279

ip dhcp snooping information option — 280

ip dhcp snooping trust — 281

ip dhcp snooping verify MAC-address — 282

ip dhcp snooping vlan — 283

show ip dhcp snooping — 710

show ip dhcp snooping binding — 711

show ip dhcp snooping database — 714

DoS

Prevention

clear dos_prevention counter — 101

dos_prevention action — 184

dos_prevention type — 185

show dos_prevention — 661

DVMRP ip dvmrp — 285

ip dvmrp metric — 286

show ip dhcp snooping binding — 711

show ip dvmrp neighbor — 716

show ip dvmrp prune — 719

show ip dvmrp route — 720

Dynamic ARP

Inspection

ip arp inspection trust — 256

ip arp inspection validate — 257

ip arp inspection vlan — 259

ERPS erpi enable — 211

erps — 224

erps domain — 225

erpi protected-vlan — 212

erpi raps-vlan — 214

DGS-6604 m

CLI Reference Guide 10

erpi ring-mel — 215

erpi ring-port — 216

erpi rpl — 218

erpi tc-propagation — 219

erpi timer — 220

erpi type — 222

show erps domain — 673

show erps erpi — 675

Errdisable errdisable recovery — 226

show errdisable recovery — 677

File System delete — 175

dir — 178

GVRP clear gvrp statistics interface — 103

gvrp (Global) — 231

gvrp (Interface) — 232

gvrp advertise (Interface) — 233

gvrp advertise (VLAN) — 234

gvrp dynamic-vlan-creation — 235

gvrp forbidden — 236

gvrp timer — 237

show gvrp configuration — 678

show gvrp statistics — 680

High

Availability

bgp graceful-restart — 81

ip multicast graceful-restart — 309

ospf graceful-restart — 523

ospf restart helper — 524

DGS-6604 m

CLI Reference Guide 11

redundancy force-switchover — 591

rip graceful-restart — 595

show redundancy — 892

IGMP ip igmp access-group — 289

ip igmp last-member-query-interval — 291

ip igmp query-interval — 292

ip igmp query-max-response-time — 293

ip igmp robustness-variable — 294

ip igmp version — 303

show ip igmp group — 721

show ip igmp interface — 724

IGMP

Snooping

ip igmp snooping — 295

ip igmp snooping querier — 300

ip igmp snooping static-group — 301

show ip igmp snooping — 725

show ip igmp snooping group — 727

show ip igmp snooping mrouter — 730

Interface clear counters — 100

description — 176

encapsulation dot1q — 208

interface — 243

interface range — 245

show interface — 682

show interface status err-disabled — 684

IP Utility ping — 544

traceroute — 1022

DGS-6604 m

CLI Reference Guide 12

IP Multicast ip mroute — 305

ip multicast-routing — 310

show ip mroute — 734

show ip mroute forwarding-cache — 736

IPv6 Protocol

Independent

ipv6 route — 394

ipv6 unicast-routing long-prefix — 402

ipv6 unicast-routing long-prefix log — 404

show ipv6 protocols — 807

show ipv6 route — 811

show ipv6 route summary — 814

show ipv6 unicast-routing long-prefix status — 815

IP Source

Guard

ip verify source vlan dhcp-snooping — 358

ip source binding — 350

show ip source binding — 784

show ip verify source — 788

IPv6 Tunnel interface tunnel — 246

ipv6 nd suppress-ra — 381

tunnel destination — 1031

tunnel mode — 1032

tunnel source — 1033

Jumbo Frame ip mtu — 307

max-rcv-frame-size — 469

mtu — 497

L2 FDB clear mac address-table — 121

mac address-table aging destination-hit — 454

mac address-table aging-time — 455

DGS-6604 m

CLI Reference Guide 13

mac address-table static — 456

multicast filtering-mode — 499

show mac address-table — 841

show mac address-table aging destination-hit — 843

show mac address-table aging-time — 844

show multicast filtering-mode — 875

LACP channel-group — 92

lacp port-priority — 413

lacp system-priority — 414

port-channel load-balance — 564

show channel-group — 647

LLDP/LLDP-

MED

clear lldp statistics — 119

clear lldp neighbors — 118

lldp dot1-tlv-select — 417

lldp dot3-tlv-select — 420

lldp fast-count — 422

lldp hold-multiplier — 423

lldp management-address — 424

lldp med-tlv-select — 426

lldp receive — 428

lldp reinit — 429

lldp run — 430

lldp tlv-select — 431

lldp transmit — 433

lldp tx-delay — 434

lldp tx-interval — 435

DGS-6604 m

CLI Reference Guide 14

show lldp — 816

show lldp interface — 818

show lldp local interface — 820

show lldp management-address — 825

show lldp neighbor interface — 827

show lldp statistics — 833

show lldp statistics interface — 834

Loopback

Detection

loopback-detection (global) — 445

loopback-detection (interface) — 446

loopback-detection mode — 448

loopback-detection interval-time — 449

show loopback-detection — 838

Loopback

Interface

description (loopback interface) — 177

interface loopback — 244

ip address (loopback interface) — 251

shutdown (loopback interface) — 946

show interface status err-disabled — 684

Management

Port

default-gateway (management port) — 164

ip address (management port) — 252

ip mtu (management port) — 308

ipv6 address (management port) — 365

ipv6 default-gateway (management port) — 366

mgmt-if — 472

show mgmt-if — 849

shutdown (Management Port) — 947

Mirror monitor session — 473

DGS-6604 m

CLI Reference Guide 15

monitor session destination remote vlan — 475

monitor session source remote vlan — 479

remote-span — 592

show monitor session — 850

MPLS backoff maximum — 60

class-map (mpls) — 98

keepalive_holdtime — 405

label-retention-mode — 412

ldp router-id — 415

loop-detection — 444

lsp trigger — 450

lsp-control-mode — 451

lsp trigger — 450

match (mpls) — 462

max-hop-count — 467

md5 authentication — 470

mpls ip (global configuration) — 480

mpls ip (interface configuration) — 481

mpls label protocol ldp (global configuration) — 482

mpls label protocol ldp (interface configuration) — 483

mpls ldp distribution-mode — 484

mpls ldp hello-holdtime — 485

mpls ldp hello-interval — 486

mpls ldp max-path-vector — 487

mpls ldp targeted-hello-accept — 488

mpls ldp targeted-peer — 489

mpls qos policy — 490

DGS-6604 m

CLI Reference Guide 16

mpls static ftn — 491

mpls static ilm — 493

neighbor password — 507

ping lsp — 546

show lsp trigger — 840

show mpls — 852

show mpls forwarding-table — 853

show mpls interface — 858

show mpls ldp bindings — 860

show mpls ldp discovery — 861

show mpls ldp interface — 863

show mpls ldp neighbor — 865

show mpls ldp neighbor password — 866

show mpls ldp parameter — 867

show mpls ldp session — 869

show mpls ldp statistic — 871

show mpls ldp targeted-peer — 872

show mpls qos — 873

targeted-hello — 1007

traceroute lsp — 1025

transport-address — 1028

trust-exp — 1030

MSTP instance — 242

name — 500

revision — 594

show spanning-tree mst — 906

spanning-tree mst (cost | port-priority) — 975

DGS-6604 m

CLI Reference Guide 17

spanning-tree mst (forward-time | max-age | max-hops) — 976

spanning-tree mst configuration — 977

spanning-tree mst hello-time — 978

spanning-tree mst priority — 979

Network Load

Balancing

arp — 56

mac address-table static — 456

OSPFv2 area default-cost — 42

area nssa — 44

area range — 46

area stub — 48

area virtual-link — 50

auto-cost reference-bandwidth — 58

clear ip ospf — 113

default-information originate — 165

default-information originate (BGP) — 166

default-metric (OSPF) — 170

host area — 239

ip ospf authentication — 311

ip ospf authentication-key — 312

ip ospf cost — 313

ip ospf dead-interval — 314

ip ospf hello-interval — 315

ip ospf message-digest-key — 316

ip ospf retransmit-interval — 319

ip ospf shutdown — 320

ip ospf transmit-delay — 321

DGS-6604 m

CLI Reference Guide 18

ip ospf mtu-ignore — 317

network area — 521

passive-interface — 525

redistribute (OSPF) — 583

router ipv6 ospf — 600

router ospf — 602

show ip ospf — 738

show ip ospf border-routers — 740

show ip ospf database — 741

show ip ospf database asbr-summary — 743

show ip ospf database external — 745

show ip ospf database network — 746

show ip ospf database nssa-external — 748

show ip ospf database router — 750

show ip ospf database summary — 753

show ip ospf host-route — 755

show ip ospf interface — 756

show ip ospf neighbor — 758

show ip ospf virtual-links — 759

OSPFv3 area default-cost (IPv6) — 43

area range (IPv6) — 47

area stub (IPv6) — 49

area virtual-link (IPv6) — 54

auto-cost reference-bandwidth (IPv6) — 59

clear ipv6 ospf process — 116

default-information originate (IPv6 OSPF) — 167

default-metric (IPv6 OSPF) — 171

DGS-6604 m

CLI Reference Guide 19

ipv6 ospf cost — 383

ipv6 ospf dead-interval — 384

ipv6 ospf hello-interval — 385

ipv6 ospf mtu-ignore — 386

ipv6 ospf retransmit-interval — 388

ipv6 ospf shutdown — 389

ipv6 ospf transmit delay — 390

ipv6 route — 394

ipv6 router ospf area — 400

passive-interface (IPv6 OSPF) — 526

redistribute (IPv6 OSPF) — 585

router-id (IPv6) — 605

router ospf — 602

show ipv6 ospf — 799

show ipv6 ospf border-routers — 801

show ipv6 ospf database — 802

show ipv6 ospf interface — 803

show ipv6 ospf neighbor — 804

show ipv6 ospf route — 805

show ipv6 ospf virtual-links — 806

show ipv6 protocols — 807

Password

Recovery

password recovery — 531

PIM ip pim — 322

ip pim accept-register — 323

ip pim bsr-candidate — 324

ip pim dr-priority — 326

Preface

CLI Reference Guide - Preliminary Draft 20

ip pim join-prune-interval — 327

ip pim prune-limit-interval — 328

ip pim query-interval — 329

ip pim register-checksum-include-data — 330

ip pim register-suppresion — 331

ip pim rp-address — 332

ip pim rp-candidate — 333

ip pim state-refresh origination-interval — 335

show ip pim — 761

show ip pim bsr — 762

show ip pim interface — 763

show ip pim mroute — 765

show ip pim neighbor — 767

show ip pim rp mapping — 769

show ip pim rp-hash — 770

POE poe port priority — 548

poe port description — 547

poe service-policy — 551

police — 552

show poe power system — 877

show poe power-inline — 879

Policy-based

Route

ip policy route-map — 336

show ip policy — 771

Port Security clear port-security — 124

show port-security — 883

switchport port-security — 1000

Power Saving power-saving — 565

Preface

CLI Reference Guide - Preliminary Draft 21

show power-saving — 885

Protocol

Independent

distance — 180

ip route — 345

ip route multi-path — 349

ip route ecmp load-balance — 347

maximum-paths — 468

show ip protocols — 772

show ip route — 778

show ip route summary — 783

show ip route ecmp load-balance — 782

Proxy ARP ip local-proxy-arp — 304

ip proxy-arp — 338

show ip proxy-arp — 775

QoS class — 94

class-map — 96

color-aware — 132

match — 458

police — 552

police aggregate — 557

police cir — 558

policy-map — 562

qos aggregate-policer — 567

qos bandwidth — 570

qos cos — 571

qos deficit-round-robin — 572

qos dscp-mutation — 575

qos map cos-color — 576

qos map dscp-color — 577

DGS-6604 m

CLI Reference Guide 22

qos map dscp-cos — 578

qos map dscp-mutation — 579

qos trust — 580

service-policy — 611

set — 614

show class-map — 651

show policy-map — 881

show qos aggregate-policer — 886

show qos interface — 887

show qos map — 891

QinQ (VLAN

Tunnel)

clear vlan-tunnel ctag-mapping dynamic — 127

cos remarking — 141

show vlan-tunnel — 933

show vlan-tunnel ctag-mapping — 936

vlan encapsulation — 1038

vlan remarking — 1040

vlan-tunnel — 1042

vlan-tunnel ctag-mapping dynamic — 1043

vlan-tunnel ctag-mapping static — 1044

vlan-tunnel ingress checking — 1045

vlan-tunnel interface-type — 1046

vlan-tunnel remove-inner-tag — 1047

vlan-tunnel tpid — 1048

RIP accept-lifetime — 37

default-information originate (RIP) — 169

default-metric (RIP) — 172

DGS-6604 m

CLI Reference Guide 23

ip rip authentication key-chain — 339

ip rip authentication mode — 341

ip rip receive version — 342

ip rip send version — 343

ip rip v2-broadcast — 344

key — 406

key chain — 408

key-string — 410

neighbor — 501

network — 519

passive interface (RIP) — 527

redistribute (RIP) — 587

router rip — 603

send-lifetime — 606

show ip key-chain — 733

show ip rip database — 776

show ip rip interface — 777

timers — 1017

version — 1036

RIPng clear ipv6 rip — 117

default-information originate (RIP IPv6) — 168

default-metric (OSPF) — 170

default-metric (RIP IPv6) — 173

ipv6 rip metric-offset — 391

ipv6 rip split-horizon — 392

ipv6 rip split-horizon poisoned — 393

ipv6 router rip — 401

DGS-6604 m

CLI Reference Guide 24

neighbor (RIP IPv6) — 502

passive-interface (RIP IPv6) — 528

redistribute (RIP IPv6) — 589

router ipv6 rip — 601

show ipv6 protocols — 807

show ipv6 rip database — 809

show ipv6 rip interface — 810

timers basic — 1018

RMON rmon statistics — 596

Route Map match ip address — 465

match ipv6 address — 466

route-map — 597

set default interface — 619

set ip precedence — 625

set interface — 620

set ipv6 default next-hop — 626

set ipv6 next-hop — 628

set origin — 630

set ip next-hop — 623

show route-map — 893

Safeguard clear cpu-protect counters — 102

cpu-protect type — 146

cpu-protect safeguard — 143

cpu-protect sub-interface — 145

show cpu-protect safeguard — 653

show cpu-protect sub-interface — 654

DGS-6604 m

CLI Reference Guide 25

show ddm — 657

sFlow sflow — 632

sflow poller — 633

sflow receiver — 634

sflow sampler — 636

show sflow — 895

SNMP

Management

show snmp-server — 902

snmp-server — 949

snmp-server contact — 952

snmp-server enable traps — 953

snmp-server enable traps snmp — 954

snmp-server location — 961

system-name — 1006

SNMP v3 show snmp — 897

show snmp user — 900

snmp-server community — 950

snmp-server engineID local — 956

snmp-server group — 957

snmp-server host — 959

snmp-server user — 962

snmp-server view — 964

SSH crypto key — 149

ip ssh — 352

show ip ssh — 786

show ssh — 909

ssh — 986

DGS-6604 m

CLI Reference Guide 26

Storm Control show storm-control — 911

storm-control (Interface) — 988

storm-control action (Interface) — 989

storm-control level (Interface) — 991

storm-control timer (Global) — 993

STP clear spanning-tree detected-protocols — 126

show spanning-tree — 904

spanning-tree (Global configuration) — 967

spanning-tree (Interface configuration) — 968

spanning-tree (timers) — 969

spanning-tree cost — 970

spanning-tree fast-forwarding — 971

spanning-tree guard root — 972

spanning-tree link-type — 973

spanning-tree mode — 974

spanning-tree port-priority — 980

spanning-tree priority — 981

spanning-tree tcnfilter — 982

spanning-tree transmit hold-count — 983

Super VLAN supervlan — 997

subvlan — 998

subvlan-address-range — 999

show supervlan — 913

Switch Port duplex — 205

flowcontrol — 229

media-type — 471

DGS-6604 m

CLI Reference Guide 27

shutdown (interface) — 945

speed — 984

Syslog clear logging — 120

logging file — 436

logging host — 437

logging level — 439

logging on — 441

show logging — 835

System File

Management

boot config — 85

bootfile — 91

clear running-config — 125

copy — 136

show boot — 646

show running-config — 894

show startup-config — 910

Time and SNTP clock set — 128

clock summer-time — 129

clock timezone — 131

show clock — 652

show sntp — 903

sntp server — 966

Traffic

Segmentation

show traffic-segmentation — 920

traffic-segmentation forward — 1026

VLAN acceptable-frame — 36

access vlan — 39

dot1v binding protocol-group — 187

DGS-6604 m

CLI Reference Guide 28

dot1v protocol-group — 188

hybrid vlan VLAN-ID — 240

ingress-checking — 241

mac-base (vlan) — 457

pvid VLAN-ID — 566

show dot1v — 662

show vlan — 926

subnet-base (vlan) — 995

trunk allowed-vlan — 1029

vlan — 1037

vlan name — 1039

VPLS clear mac address-table vpls — 122

encapsulation (VPLS) — 209

mtu (VPLS) — 498

peer — 530

peer backup — 535

show mac address-table vpls — 845

show vpls — 937

vpls — 1053

vpls-id — 1054

xconnect vpls — 1067

VRRP show vrrp — 941

show vrrp brief — 944

vrrp critical-ip — 1055

vrrp ip — 1057

vrrp preempt — 1058

vrrp priority — 1060

DGS-6604 m

CLI Reference Guide 29

vrrp shutdown — 1062

vrrp timers advertise — 1063

VPWS mpls static ilm (VPWS) — 495

mpls static l2vc-ftn — 496

show mpls forwarding-table (VPWS) — 856

show mpls qos (VPWS) — 874

xconnect — 1064

xconnect vpls — 1067

Voice Vlan show vlan voice-vlan — 930

switchport voice-vlan state — 1003

voice-vlan — 1049

voice-vlan cos — 1050

voice-vlan oui — 1051

DGS-6600 Series Switch maaa authentication

CLI Reference Guide 30

aaa authentication

Use this command to enable the AAA authentication function (console, telnet,

ssh or http) for authentication of user interface applications. Use the no

command to disable the authentication function.

Note: Use aaa group server to first define authentication servers before aaa

authentication can be configured.

aaa authentication [login | enable] [console | telnet | http | ssh] METHOD1 [METHOD2...]

no aaa authentication [login | enable] [console | telnet | http | ssh] METHOD1 [METHOD2...]

Default No aaa authentication is specified for console, telnet, http and ssh applications.

Command Mode Global configuration.

Usage Guideline Use aaa authentication to configure login, or to enable a listing for a specified

application or all applications (such as console, telnet, http and ssh etc.) should

no application option be specified.

You can specify multiple methods for the login and enable authentications per

application. The new setting will overwrite the old association.

Syntax Description

telnet, or http keyword. If neither login nor enable are specified, both login and

enable are implied.

enable (Optional) Enable authentication for normal enable mode. Enter the console,

telnet, or http keyword. If neither login nor enable are specified, both login and

enable are implied.

console (Optional) Specifies that the type of application used for system access

authentication is console.

telnet (Optional) Specifies that the type of application used for system access

authentication is telnet.

http (Optional) Specifies that the type of application used for system access

authentication is http.

ssh (Optional) Specifies that the type of application used for system access

authentication is SSH.

METHOD1

[METHOD2...]

Identifies the list of methods that the authentication algorithm tries in the given

sequence. At least one method must be entered; up to two methods can be

identified by keyword. The keywords for AAA authentication login and enable

configuration methods are described as follows:

•local Uses the local username database for authentication.

•group GROUP-NAME Uses a subset of authentication servers for

authentication as defined by the aaa group server command.

DGS-6600 Series Switch maaa authentication

CLI Reference Guide 31

Use the no aaa authentication to disable the login or the enable list for the

specified application or all applications (such as console, telnet, http and ssh

etc.) if no application option is specified. This command should be executed

when the specified application is configured by any group, otherwise it would be

useless, because the aaa authentication default configuration is local.

To configure AAA authentication, you must first define a group of authentication

servers (by aaa group server command). If a non-existed group server is

referred, an error is displayed for that. The group server defines the types of

authentication to be performed and the sequence in which they will be

performed.

A method list is a sequential list describing the authentication methods to be

queried in order to authenticate a user. Method lists enable you to designate one

or more security protocols to be used for authentication, thus ensuring a backup

system for authentication in case the initial method fails. Switch system uses the

first listed method to authenticate users. If that method fails to respond, the

switch system selects the next authentication method listed in the method list.

This process continues until there is successful communication with a listed

authentication method, or all methods defined in the method list are exhausted.

It is important to note that the switch system attempts authentication with the next

listed authentication method only when there is no response from the previous

method. If authentication fails at any point in this cycle-meaning that the security

server or local usernames database responds by denying the user access-the

authentication process stops and no other authentication methods are

attempted.

Local authentication uses locally configured login and enable passwords to

authenticate login attempts. The login and enable passwords are local to each

switch and are not mapped to the individual usernames. By default, local

authentication is used. Once you specify the authentication method list for the

even the specified authentication methods fail.

If the method list is empty, then local authentication will be used.

In order to make AAA authentication take effect, you have to create at least one

local user account for login and set up the enable password.

Example The following example sets a login method list for an authenticate login attempt

from all of the applications (including console, telnet, ssh, http). The methods

start from group2.

Verify the settings by entering the show aaa command.

Switch(config)# aaa authentication login group group2 local

Switch(config)#

DGS-6600 Series Switch maaa authorization

CLI Reference Guide 32

aaa authorization

Use this command to enable the authorization function. Use the no form of the

command to disable AAA authorization.

aaa authorization

no aaa authorization

Syntax None.

Default Disabled.

Command Mode Global configuration at privilege level 15.

Usage Guideline When the AAA authorization function is enabled, the system will use

configuration settings authorized by the RADIUS server in addition to the

RADIUS server authentication function. Settings can include VLAN assignment,

user priority assignment and bandwidth assignment.

If AAA authorization is disabled, the system only accepts the authentication

function from the RADIUS server and ignore any additional configuration settings

supplied by the RADIUS server.

Example This example shows how to enable the authorization:

Verify the settings by entering the show system protocol-state command.

Switch# configure terminal

Switch(config)# aaa authorization

DGS-6600 Series Switch maaa group server

CLI Reference Guide 33

aaa group server

Use the aaa group server command to enter AAA group server mode and identify

AAA server groups used for AAA authentication. In AAA group server mode

server hosts are grouped into distinct lists and distinct methods.

To remove a group server from the configuration list, use the no aaa group server

form of this command.

aaa group server GROUP-NAME

no aaa group server GROUP-NAME

Default There is no aaa group server.

Command Mode Global configuration at privilege level 15.

Usage Guideline The AAA group server method is defined for AAA authentication for user login or

configuration. The aaa authentication command is used to define the group

server method and specify the AAA server group.

Use aaa group server command to enter AAA group server mode. If the group

name specified does not exist, the switch creates the new group. Once in AAA

group server mode, use the server command to define and configure servers

added to the group.

Example The following example shows the network access server configured to recognize

several RADIUS host entries. The second host entry configured acts as fail-over

backup to the first one. (The RADIUS host entries are tried in the order in which

they are configured).

Verify the settings by entering the show aaa group server command.

Syntax Description

GROUP-NAME Character string used to name the group of servers used for group server

method AAA authentication. The group name can be up to 32 characters in

length.

Switch(config)#aaa group server group1

Switch(config-aaa-groug-server)# server radius 172.19.10.100 key 12345678

Switch(config-aaa-group-server)# server radius 172.19.10.101 key 12345678

Switch(config-aaa-group-server)# end

Switch#

DGS-6600 Series Switch maccept dhcp client-identifier

CLI Reference Guide 34

accept dhcp client-identifier

Use this command to turn on validation checking of the Client Identifier. Use the

no form of the command to turn off validation checking of the Client Identifier.

accept dhcp client-identifier

no accept dhcp client-identifier

Syntax None.

Default client identifier: not evaluated.

Command Mode DHCP pool configuration.

Usage Guideline To validate the DHCP Client Identifier value sent by the client. If a DHCP client

sends a DHCP Client Identifier option, the DHCP server validates the value to

ensure it matches the hardware type and client hardware address. If the values

match, the DHCP server provides service to the client. If the values do not

match, the DHCP server does not respond to the client's request.

If the command is used to set the validation to not check the DHCP Client

Identifier value sent by the client, then the DHCP server only checks the

matching of the client's hardware type and hardware address as a host ID.

Example The following example sets the DHCP pool1 to check the validation of the client

identifier option as DHCP pool1 offers IP addresses.

switch > enable

switch# configure terminal

switch(config)# ip dhcp pool pool1

switch(config-dhcp)# accept dhcp client-identifier

switch(config-dhcp)#

DGS-6600 Series Switch maccept dhcp relay-agent

CLI Reference Guide 35

accept dhcp relay-agent

To accept relay agent information use the accept dhcp relay-agent command,

use the no form of the command to reject DHCP relay agent information.

accept dhcp relay-agent [circuit-id|remote-id]

no accept dhcp relay-agent [circuit-id|remote-id]

Default DHCP relay-agent is not accepted.

Command Mode DHCP pool configuration.

Usage Guideline If either of circuit-id and remote-id is not specified, it implies that both the circuit-

id and remote-id options are applied with the command. If only the circuit-id or

remote-id is specified, it implies that it only accepts DHCP packets containing

either only a circuit-id or a remote-id.

Examples The following example sets DHCP pool1 to accept circuit id and remote id relay

agent information.

The following example sets DHCP pool1 to not accept remote id relay agent

information.

Syntax Description

circuit-id (Optional) Agent Circuit ID Sub-option.

remote-id (Optional) Agent Remote ID Sub-option

switch > enable

switch# configure terminal

switch(config)# ip dhcp pool pool1

switch(config-dhcp)# accept dhcp relay-agent

switch(config-dhcp)#

switch > enable

switch# configure terminal

switch(config)# ip dhcp pool pool1

switch(config-dhcp)# no accept dhcp relay-agent remote-id

switch(config-dhcp)#

DGS-6600 Series Switch macceptable-frame

CLI Reference Guide 36

acceptable-frame

Use the acceptable-frame interface command to set the acceptable frame type

of a port for IEEE 802.1Q VLANs. The default acceptable frame type is admit-all.

acceptable-frame {tagged-only | untagged-only | admit-all}

Default admit-all

Command Mode interface configuration mode.

Usage Guideline The valid interfaces for this command are physical ports.

The acceptable-frame interface command can be used to set the acceptable

frame types for physical port interfaces. If an acceptable frame type is tagged-

only, only tagged packets of incoming packets will be received by the interface

and untagged packets will be dropped. If untagged-only, only untagged packets

will be received and tagged packets will be dropped. If admit-all, all packets will

be received.

Example This example shows how to set the acceptable frame type to tagged-only of

eth1.1.

Verify the settings by entering the show vlan interface command.

Syntax Description

tagged-only Set acceptable frame type for tagged only of the interface.

untagged-only Set acceptable frame type for untagged only of the interface.

admin-all Set acceptable frame type for all packets of the interface.

Switch(config)# interface eth1.1

Switch(config-if)# acceptable-frame tagged-only

DGS-6600 Series Switch maccept-lifetime

CLI Reference Guide 37

accept-lifetime

The accept-lifetime command is used to set a time period when an authentication

key on a key chain is accepted as the valid key.

accept-lifetime START-TIME {infinite | END-TIME | duration SECONDS}

Default Infinite.

Command Mode Key-chain key configuration.

Usage Guideline Only Routing Information Protocol (RIP) Version 2 uses key chains.

Specify a start time value and one of the following values: infinite, end-time, or

duration seconds.

Syntax Description

START-TIME The beginning time that the key specified, by the key command, is valid to be

received. The syntax can be either of the following:

HH:MM:SS MONTH DATE YEAR

HH:MM:SS DATE MONTH YEAR

HH-hours

MM-minutes

SS-seconds

MONTH-first three letters of the month

DATE-date (1-31)

YEAR-year (four digits)

The default start time and the earliest acceptable date is January 1, 1993.

infinite Key is valid to be received from the start-time value on.

END-TIME Key is valid to be received from the start-time value until the end-time value.The

syntax is the same as that for the START-TIME. The end-time value must be

after the start-time value. The default end time is an infinite time period.

duration SECONDS Length of time (in seconds) that the key is valid to be received. The range is from

1 to 2147483647 (signed long).

DGS-6600 Series Switch maccept-lifetime

CLI Reference Guide 38

Example The following example configures a key chain named chain1. Key 1 named

"forkey1string" will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from

2:00 p.m. to 3:00 p.m. Key 3 named "forkey3string" will be accepted from 2:30

p.m. to 4:30 p.m. and be sent from 3:00 p.m. to 4:00 p.m.

Verify the settings by entering the show ip key-chain command.

Switch(config)# interface vlan1

Switch(config-if)# ip rip authentication key-chain chain1

Switch(config-if)# ip rip authentication mode text

Switch(config-if)# exit

Switch(config)# router rip

Switch(config-router)# network 172.19.0.0/8

Switch(config-router)# version 2

Switch(config-router)# exit

Switch(config)# key chain chain1

Switch(config-keychain)# key 1

Switch(config-keychain-key)# key-string forkey1string

Switch(config-keychain-key)# accept-lifetime 13:30:00 Jan 25 2009 duration 7200

Switch(config-keychain-key)# send-lifetime 14:00:00 Jan 25 2009 duration 3600

Switch(config-keychain-key)# exit

Switch(config-keychain)# key 3

Switch(config-keychain-key)# key-string forkey3string

Switch(config-keychain-key)# accept-lifetime 14:30:00 Jan 25 2009 duration 7200

Switch(config-keychain-key)# send-lifetime 15:00:00 Jan 25 2009 duration 3600

Switch(config-keychain-key)# exit

Switch(config-keychain)# exit

DGS-6600 Series Switch maccess vlan

CLI Reference Guide 39

access vlan

Use the access vlan interface configuration command to specify the access

VLAN for the interface. Use default interface command to reset to default setting.

access vlan VLAN-ID

default access vlan

Default VLAN 1.

Command Mode Interface configuration mode.

Usage Guideline Physical ports or port-channels are the only valid interfaces for this command.

If a VLAN does not exist, the VLAN will be automatically created and prompt a

message displayed. By default the port has access VLAN 1.

An interface can be specified with only one access VLAN; the succeeding

command overwrites the previous command.

When this command is applied, the port will change to Access mode; the setting

for other modes will disappear and the port's PVID will be changed to the

specified VLAN.

As an access port the port will classify the untagged packet with the access

VLAN which are classified by the protocol-based VLAN, MAC-based VLAN etc.

Examples This example shows how to set an interface port 1.1 to an untagged member of

VLAN 1000.

Verify the settings by entering the show vlan interface command.

Syntax Description

access vlan VLAN-ID Specifies the VLAN for the interface.

Switch(config)# interface eth1.1

Switch(config-if)# access vlan 1000

DGS-6600 Series Switch maddress-family ipv4

CLI Reference Guide 40

address-family ipv4

Use this command to enter address family configuration mode to configure a

routing session using standard IP Version 4 address prefixes. Use the no form of

this command to remove the IPv4 address family configuration from the running

configuration.

address-family ipv4 [unicast]

no address-family ipv4 [unicast]

Default Unicast prefix support is enabled by default when this command is entered

without any optional keywords.

Command Mode Router configuration.

Usage Guideline Routing information for address family IPv4 unicast is advertised by default for

each BGP routing session configured with the neighbor remote-as command

unless the no bgp default ipv4-unicast command is used before configuring the

neighbor remote-as command.

For all settings configured for IPv4 unicast, the settings also appear in BGP

router configuration mode. That is, for address-family associated settings, the

settings defined in IPv4 unicast address family mode is equivalent to the settings

defined in the router configuration mode.

To leav e address family configuration mode and return to router configuration

mode without removing the existing configuration, enter the exit command.

Example This example shows how to enter address family configuration mode for the IP

Version 4 address family:

Syntax Description

unicast (Optional) Specifies IP Version 4 unicast address prefixes.

Switch(config)# router bgp 65100

Switch(config-router)# address-family ipv4

Switch(config-router-af)# exit

Switch(config-router)#

DGS-6600 Series Switch maggregate-address

CLI Reference Guide 41

aggregate-address

Use this command to configure BGP aggregate entries. Use the no form of the

command to disable this function.

aggregate-address NETWORK-NUMBER/SUBNET-LENGTH [summary-only] [as-set]

no aggregate-address NETWORK-NUMBER/SUBNET-LENGTH [summary-only] [as-set]

Default Disabled.

Command Mode Router configuration.

Usage Guideline Aggregates are used to minimize the size of routing tables. Aggregation

combines the characteristics of several different routes and advertises a single

route. The aggregate-address command creates an aggregate entry in the BGP

routing table if any more-specific BGP routes are available in the specified range.

Using the summary-only parameter advertises the prefix only, suppressing the

more-specific routes to all neighbors.

The as-set parameter creates an aggregate entry advertising the path for this

route, consisting of all elements contained in all paths being summarized. Use

the as-set parameter to reduce the size of the path information by listing the AS

number only once, even if it was included in multiple paths that were aggregated.

The as-set parameter is useful when aggregation of information results in

incomplete path information.

Example This example shows how to propagate network 172.0.0.0 and suppresses the

more specific route 172.10.0.0:

Syntax Description

NETWORK-NUMBER/

SUBNET-LENGTH

Specifies the number of network and the length of network that BGP will

aggregate.

The format of NETWORK-NUMBER/SUBNET-LENGTH can be 10.9.18.2/8.

summary-only (Optional) Filters all more-specific routes from updates.

as-set (Optional) Generates autonomous system set path information.

Switch(config)# router bgp 65534

Switch(config-router)# aggregate-address 172.0.0.0/8 summary-only

DGS-6600 Series Switch marea default-cost

CLI Reference Guide 42

area default-cost

The cost of the default summary route sent into a not-so-stubby area (NSSA) or

a stub area is defined with the area default-cost command in router

configuration mode. The no area default-cost command is used to remove an

assigned default route cost.

area AREA-ID default-cost COST

no area AREA-ID default-cost

Default COST: 1.

Command Mode Router configuration.

Usage Guideline Use this command only on an Area Border Router (ABR) attached to a stub area

or NSSA.

The two stub area router configuration commands are area stub and area

default-cost are configured as follows: for all routers and access servers

attached to the stub area, the area should be configured as a stub area using the

area stub option; the area default-cost command is used only on an ABR

attached to the stub area. The default-cost provides the metric for the summary

default route generated by the ABR into the stub area.

Example The following example assigns a default cost of 20 to stub network 10.0.0.0

Verify the settings by entering the show ip ospf interface command.

Syntax Description

AREA-ID Identifier for the NSSA or stub area. The identifier is specified as either a decimal

value or as an IPv4 prefix. COST is not Optional.

COST COST for the default summary route used for a stub or NSSA. The acceptable

value is a 24-bit number (0~16777215).

Switch# configure terminal

Switch (config)# router ospf

Switch (config-router)# area 10.0.0.0 default-cost 20

DGS-6600 Series Switch marea default-cost (IPv6)

CLI Reference Guide 43

area default-cost (IPv6)

To set the summary-default cost of a stub area, use the area default-cost

command. To disable this function, use the no form of this command.

area AREA-ID default-cost COST

no area AREA-ID default-cost

Default Disabled.

Command Mode Router configuration.

Usage Guideline This command is used only on an Area Border Router (ABR) attached to a stub

area. In all routers and access servers attached to the stub area, the area should

be configured as a stub area using the stub option of the area command. Use the

area default-cost command only on an ABR attached to the stub area. The

default-cost option provides the metric for the summary default route generated

by the ABR into the stub area.

Examples The following example assigns a default cost of 10 to stub area 1.

Syntax Description

AREA-ID Identifier of the area about which routes are to be summarized. It can be

specified as either a decimal value or as an IPv4 prefix.

COST (Optional) Metric or cost for this summary route, which is used during the OSPF

SPF calculation to determine the shortest paths to the destination. The value can

be 0 to 16777215.

Switch > enable

Switch # configure terminal

Switch (config) # router ipv6 ospf

Switch (config-router) # area 1 stub

Switch (config-router) # area 1 default-cost 10

DGS-6600 Series Switch marea nssa

CLI Reference Guide 44

area nssa

Use this command to define an area as an NSSA (not-so-stubby) area. Use the

no nssa command to remove the NSSA designation.

Note: For OSPFv3 this command is not supported.

area AREA-ID nssa [no-redistribution] [default-information-originate [metric METRIC-VALUE]

[metric-type TYPE-VALUE] ] [no-summary]

no area AREA-ID nssa [no-redistribution] [default-information-originate] [no-summary]

Default • No NSSA area is configured.

• External routes will be redistributed to the NSSA area in type 7 unless

no-redistribute is specified.

• Type 7 default route will only be advertised by default when default-

information-originate is specified.

• If no-summary is specified, the summary route will not be advertised to

the NSSA area.

Command Mode Router configuration.

Usage Guideline There are no external routes in an OSPF stub area, so it is not possible to

redistribute from another protocol into a stub area.

Syntax Description

AREA-ID Specifies the identifier of the area distinguished as the NSSA. The identifier can

be specified as either a decimal value or an IP address.

no-redistribution (Optional) Type 7 external routes will not be re-distributed to the NSSA. When

the user specifies to redistribute routes to the OSPF process, external routes will

always be redistributed to the normal area. This function only takes effect when

the router is an autonomous system boundary router (ASBR).

default-information-

originate

(Optional) For ASBR, a Type 7 default route will be generated into the NSSA

area when it exists in the redistributed routes. For ABR, when this option is

specified, the type-7 default route will always be generated into the NSSA area.

metric METRIC-

VALUE

(Optional) Specifies the metric for the default route. If not specified, the value will

be 1. The range for METRIC-VALUE is 0-16777214.

metric-type TYPE-

VALUE

(Optional) For OSPF, the external link type associated with the default route

advertised into the OSPF routing domain. It can be one of two values: Type 1

external route or Type 2 external route. If a metric-type is not specified, the

switch adopts a Type 2 external route.

no-summary (Optional) This function only take effect when the router is an ABR. Summary

routes are not advertised into the NSSA.

DGS-6600 Series Switch marea nssa

CLI Reference Guide 45

An NSSA allows external routes to be advertised to the area in type 7 link state

advertisement (LSA). These routes are then leaked into other areas. Although,

the external routes from other areas still do not enter the NSSA.

Use the area nssa command to simplify the administration of connecting a

central site using OSPF to a remote site that is using a different routing protocol.

Use this command to extend OSPF to cover the remote connection by defining

the area between the central router and the remote router as an NSSA.

For ASBR NSSA re-distribution, external routes will only be redistributed to the

NSSA when redistribution is configured for the associated OSPF process.

The external routes from other areas within the same AS will not be injected to

the NSSA.

For an ASBR, a Type 7 default route will be generated into the NSSA when it

exists in the redistributed routes.

For an ABR, when this option is specified, the type-7 default route will always be

generated into the NSSA.

If there are multiple default routes generated into the NSSA, the following priority

will be followed: Type 3 priority > Type 7 priority.

Example This command show how to set the nssa area:

Verify the settings by entering the show ip ospf command.

Switch# configure terminal

Switch(config)# router ospf

Switch(config-router)# area 1 nssa

DGS-6600 Series Switch marea range

CLI Reference Guide 46

area range

Use this command to summarize and consolidate routes at an area boundary.

Use the no area range command to disable this function.

area AREA-ID range PREFIX/PREFIX-LENGTH [advertise | not-advertise] [cost COST]

no area AREA-ID range [PREFIX/PREFIX-LENGTH ]

Default Disabled.

The default is advertise.

If cost is not specified, the cost of this route is found from the cost sets of

component subnets and the maximum cost of those is chosen. (based on

RFC2328).

Command Mode Router configuration.

Usage Guideline Use this command with ABRs to summarize the intra-area routes. This command

is used to specify the summarized route for area 0 or for a non-zero area.

Multiple area router configuration commands specifying the range option can be

configured. Thus, OSPF can summarize addresses for many different sets of

address ranges.

For the same area, this command can also be specified multiple times.

Example This example shows how to set one summary route to be advertised by the ABR

to other areas for all subnets on network 192.168.0.0:

Verify the settings by entering the show ip ospf command.

Syntax Description

AREA-ID Specifies the identifier of the area for which routes are summarized. The

identifier can be specified as either an IP address or a decimal value.

PREFIX/PREFIX-

LENGTH

The prefix and length of prefix for the area range.

advertise (Optional) Sets the status to advertise and generate a Type 3 summary link-state

advertisement (LSA) for the specified address range.

not-advertise (Optional) Sets the status to DoNotAdvertise for the specified address range.

Type 3 summary LSA is suppressed, the component networks remain hidden.

COST Cost for speicified summary route. The valid setting is 0 to 16777215.

Switch# configure terminal

Switch(config)# router ospf

Switch(config-router)# area 1 range 192.168.0.0/16

DGS-6600 Series Switch marea range (IPv6)

CLI Reference Guide 47

area range (IPv6)

To consolidate and summarize routes at an area boundary, use the area range

command. To disable this function, use the no form of this command.

area AREA-ID range IPv6-PREFIX/PREFIX-LENGTH [advertise | not-advertise]

no area AREA-ID range IPv6-PREFIX / PREFIX-LENGTH

Default Disabled.

Command Mode Router configuration.

Usage Guideline The area range command is used only with Area Border Routers. It is used to

consolidate or summarize routes for an area. The result is that a single summary

route is advertised to other areas by the ABR. Routing information is condensed

at area boundaries. External to the area, a single route is advertised for each

address range.

Examples The following example specifies one summary route to be advertised by the Area

Border Routers to other areas for IPv6 prefix 2001:0DB8:0:1::/64 and for the

Router ID 20.0.1.10.

Syntax Description

AREA-ID Identifier of the area for which routes are to be summarized. It can be specified

as either a decimal value or as an IPv4 prefix.

IPv6-PREFIX IPv6 prefix

PREFIX-LENGTH IPv6 prefix length

advertise (Optional) Advertise and generate a Type 3 Inter-Area Prefix link-state

advertisement (LSA) for the specified address range.

not- advertise (Optional) Sets the status to DoNotAdvertise for the specified address range.

The Type 3 Inter-Area Prefix LSA is suppressed, and the component networks

remain hidden from other networks.

Switch> enable

Switch# configure terminal

Switch(config)# router ipv6 ospf

Switch(config-router)# router-id 20.0.1.10

Switch(config-router)# area 1 range 2001:0DB8:0:1::/64

DGS-6600 Series Switch marea stub

CLI Reference Guide 48

area stub

Use this command to configure an area as a stub area. Use the no area stub

command to disable this function.

area AREA-ID stub [no-summary]

no area AREA-ID stub [no-summary]

Default Stub areas are not configured.

Summary link advertisements are sent into the stub area.

Command Mode Router configuration.

Usage Guideline When employed, this command must be configured on all routers and access

servers in the stub area. Use area default-cost to specify the cost of the default

internal route sent into a stub area by an Area Border Router (ABR).

Two router configuration commands, area stub and area default-cost are used

for stub area router configuration. In all routers attached to the stub area,

configure the area using the area stub command. Use the area default-cost

command only for ABRs attached to the stub area.

To prevent advertising LSA summaries into a stub area use the no-summary

option on ABRs attached to the stub area. The area is defined as a “totally

stubby” area using the area stub no-summary command on the ABR.

The default summary route (Type 3) will be generated to the stub area (or NSSA

area) when no-summary is specified in the command.

Example This command show how to set stub area:

Verify the settings by entering the show ip ospf command.

Syntax Description

AREA-ID Specifies the identifier of the stub area. The identifier can be specified as either

an IP address or a decimal value.

no-summary (Optional) When this option is specified, an ABR will not send summary link

advertisements into the stub area.

Switch# configure terminal

Switch(config)# router ospf

Switch(config-router)# area 1 stub

DGS-6600 Series Switch marea stub (IPv6)

CLI Reference Guide 49

area stub (IPv6)

To set the summary-default cost of a stub area, use the area default-cost

command. To disable this function, use the no form of this command.

area AREA-ID stub [no-summary]

no area AREA-ID stub [no-summary]

Default Disabled.

Command Mode Router configuration.

Usage Guideline This command is used only on an ABR attached to a stub area. In all routers and

access servers attached to the stub area, the area should be configured as a

stub area using the area stub command. Use the area default-cost (IPv6)

command on page 43 only on an ABR attached to the stub area. The area

default-cost command provides the metric for the summary default route

generated by the ABR into the stub area.

Use the no-summary argument with this command to define a totally stubby

area. When routers in the area do not require to learn about summary LSAs from

other areas, then a totally stubby area should be defined. To define a totally

stubby area configure the ABR of that area using the area stub no-summary

command.

Examples In the following example, the area stub command is used to configure the router

as a stub that advertises connected and summary routes.

Syntax Description

AREA-ID Identifier of the area about which routes are to be summarized. It can be

specified as either a decimal value or as an IPv4 address.

no-summary (Optional) Prevent an ABR from sending summary link advertisements into the

stub area.

Switch > enable

Switch # configure terminal

Switch (config) # router ipv6 ospf

Switch (config-router)# router-id 20.0.1.10

Switch (config-router)# area 1 stub

DGS-6600 Series Switch marea virtual-link

CLI Reference Guide 50

area virtual-link

Use this command to configure a link between two backbone areas that are

physically separated through other non-backbone area. Use the no area virtual-

link command to remove a virtual link.

area AREA-ID virtual-link ROUTER-ID [authentication [message-digest] ] [hello-interval SECONDS]

[dead-interval SECONDS] [transmit-delay SECONDS] [retransmit-interval SECONDS]

[[authentication-key PASSWORD] | [message-digest-key KEY-ID md5 KEY]]

no area AREA-ID virtual-link ROUTER-ID [dead-interval | hello-interval|tansmit-interval |

retransmitinterval | authentication | authentication-key | message-digest-key KEY-ID]

Syntax Description

AREA-ID Specifies the identifier of the transit area for the virtual link. The identifier can be

specified as either an IP address or a decimal value.

ROUTER-ID The Router ID of the virtual link neighbor.

authentication (Optional) Specifies authentication type. If no authentication type is specified for

the virtual-link, the authentication type for the area will be used.

message-digest (Optional) Specifies that message-digest authentication be used.

hello-interval

SECONDS

Specifies the interval in seconds, between the hello packets that the router sends

on an interface. The valid setting is 1-65535.

dead-interval

SECONDS

Specifies the interval in seconds, during which no packets are received and after

which a neighbor is regarded as off-line. The valid setting is 1-65535.

transmit-delay

SECONDS

The interval the router waits before it transmits a packet. The valid setting is 1-

65535.

retransmit-interval

SECONDS

The interval the router waits before it retransmits a packet. The valid setting is 1-

65535.

authentication-key

PASSWORD

(Optional) Password to be used by neighboring routers. The password is a

continuous string of keyboard characters up to 8 bytes long. This password is a

key to allow the authentication procedure to generate or verify the authentication

field contained in the OSPF header. The authentication key is inserted directly

into the OSPF header when originating routing protocol packets. Each network

can be assigned a separate password on a per-interface basis. All neighboring

routers on the same network must use the same password to be able to route

OSPF traffic.

message-digest-key

KEY-ID md5 KEY

(Optional) Key identifier and password to be used for Message Digest 5 (MD5)

authentication by neighboring routers and this router. The KEY-ID argument is a

number in the range from 1 to 255. The KEY consists of an alphanumeric string

of up to 16 characters in length. All neighboring routers on the same network

must have the identical key identifier and key, to be allowed to route OSPF

traffic. There is no default value.

DGS-6600 Series Switch marea virtual-link

CLI Reference Guide 51

Default •AREA-ID: None

•ROUTER-ID: None

•authentication: null

•hello-interval:10 seconds

•dead-interval: 40 seconds

•transmit-delay: 1 second

•retransmit-interval: 5 seconds

•authentication-key: None

•message-digest-key: None

Command Mode Router configuration.

Usage Guideline In OSPF, all non-backbone areas must be connected to a backbone area. If the

connection to the backbone is broken, the virtual link is used to re-establish the

connection. Virtual links between any two backbone-routers that have an

interface to a common non-backbone area can be configured. The protocol treats

these two routers joined by a virtual link as if they were connected by an un-

numbered point-to-point network. To configure a virtual link, include both the

transit AREA ID and the corresponding virtual link neighbor's ROUTER-ID in the

virtual link neighbor.

Configure the hello-interval to be the same for all routers attached to a common

network. A short hello interval results in the router detecting topological changes

faster but also an increase in the routing traffic.

As with the hello interval, the value of dead-interval must be the same for all

routers and access servers attached to a common network.

The retransmit-interval is the expected round-trip delay between any two

routers in a network. Set the value to be greater than the expected round-trip

delay to avoid needless retransmissions.

The transmit-delay is the time taken to transmit a link state update packet on the

interface. Before transmission, the link state advertisements in the update

packet, are incremental by this amount. Set the transmit-delay to be greater

than zero. Also, take into account the transmission and propagation delays for

the interface.

Before using the area virtual-link authentication command, configure a

password for virtual link using the area virtual-link authentication-key

command. If the area virtual-link authentication message-digest command is

used, configure the message-digest key for the virtual link using area virtual-link

message-digest-key command.

DGS-6600 Series Switch marea virtual-link

CLI Reference Guide 52

The password created by the area virtual-link authentication-key command is

used as a "key" that is inserted directly into the OSPF header when the switch

system software originates routing protocol packets over this virtual link.

Usually, one key per interface (or virtual link) is used to generate authentication

information when sending packets and to authenticate incoming packets. The

same key identifier on the neighbor router must have the same KEY value.

The process of changing keys is as follows. Suppose the current configuration is

as follows:

area 1 virtual-link 192.168.255.1 message-digest-key 100 md5 OLD

The configuration can be changed to the following:

area 1 virtual-link 192.168.255.1 message-digest-key 101 md5 NEW

The system assumes its neighbors do not have the new key yet, so it begins a

rollover process. It sends multiple copies of the same packet, each authenticated

by different keys. In this example, the system sends out two copies of the same

packet; the first one authenticated by key 100 and the second one authenticated

by key 101

Rollover allows neighboring routers to continue communication while the network

administrator is updating them with the new key. Rollover stops once the local

system finds that all its neighbors know the new key. The system detects that a

neighbor has the new key when it receives packets from the neighbor

authenticated by the new key.

After all neighbors have been updated with the new key, the old key should be

removed. In this example, the following entry is used:

no area 1 virtual-link 192.168.255.1 message-digest-key 100

Examples This following example shows how to establish a virtual link with hello-interval

and dead-interval to 5 and 10 seconds respectively.

Verify the settings by entering the show ip ospf virtual-links command.

This following example (on the next page) shows how to configure the following

parameters for a virtual link at area 1 with the remote id as 192.168.255.1.

1. Specify "yourpass" as the key for simple password authentication.

2. Set authentication type to simple password.

Switch# configure terminal

Switch(config)# router ospf

Switch(config-router)# area 1 virtual-link 10.10.11.50 hello-interval 5

dead-interval 10

DGS-6600 Series Switch marea virtual-link

CLI Reference Guide 53

Verify the settings by entering the show ip ospf virtual-links command.

Switch# configure terminal

Switch(config)# router ospf

Switch(config-router)# area virtual-link 192.168.255.1 authentication-key

yourpass

Switch(config-router)# area 1 virtual-link 192.168.255.1 authentication

DGS-6600 Series Switch marea virtual-link (IPv6)

CLI Reference Guide 54

area virtual-link (IPv6)

To define an OSPF virtual link, use the area virtual-link command with the

optional parameters. To remove a virtual link, use the no form of this command.

area AREA-ID virtual-link ROUTER-ID [instance-id INSTANCE-ID] [hello-interval SECONDS]

[dead-interval SECONDS] [transmit-delay SECONDS] [retransmit-interval SECONDS]

no area AREA-ID virtual-link ROUTER-ID

Default No OSPF virtual link is configured.

hello-interval SECONDS: 10 seconds

dead-interval SECONDS: 40 seconds

transmit-delay SECONDS: 1 second

retransmit-interval SECONDS: 5 seconds

Command Mode Router configuration.

Usage Guideline All areas in an OSPF autonomous system must be physically connected to the

backbone area (area 0). In some cases where this physical connection is not

possible, use a virtual link to connect to the backbone through a non-backbone

area. As mentioned, use virtual links to connect two parts of a partitioned

backbone through a non-backbone area. The area through which the virtual link

is configured, is known as a transit area, and it must have the full routing

information. The transit area cannot be a stub area.

Syntax Description

AREA-ID Specifies the area ID assigned to the virtual link. This can be either a decimal

value or a valid IPv4 address. There is no default.

ROUTER-ID Specifies the router ID associated with the virtual link neighbor. This can be

either a decimal value or a valid IPv4 address. There is no default.

INSTANCE-ID (Optional) Specifies an Instance identifier. To change this ID from an existing

entry, configure the no area command first. The valid setting is from 0 to 255.

hello-interval

SECONDS

(Optional) Specifies the interval in seconds, between the hello packets that the

router sends on an interface. The valid setting is 1-65535.

dead-interval

SECONDS

(Optional) Specifies the interval in seconds, during which no packets are

received and after which a neighbor is regarded as off-line. The valid setting is 1-

65535.

transmit-delay

SECONDS

(Optional) The interval the router waits before it transmits a packet. The valid

setting is 1-65535.

retransmit-interval

SECONDS

(Optional) The interval the router waits before it retransmits a packet. The valid

setting is 1-65535.

DGS-6600 Series Switch marea virtual-link (IPv6)

CLI Reference Guide 55

In OSPF, all non-backbone areas must be connected to a backbone area. If the

connection to the backbone is lost, the virtual link repairs the connection. Virtual

links can be configured between any two backbone-routers that have an

interface to a common non-backbone area. The protocol treats these two routers

joined by a virtual link as if they were connected by an un-numbered point-to-

point network. To configure a virtual link, include both the transit area ID and the

corresponding virtual link neighbor's router ID in the virtual link neighbor.

Configure the hello-interval to be the same for all routers attached to a common

network. A short hello interval results in the router detecting topological changes

faster but also an increase in the routing traffic.

As with the hello interval, the value of dead-interval must be the same for all

routers and access servers attached to a common network.

The retransmit-interval is the expected round-trip delay between any two

routers in a network. Set the value to be greater than the expected round-trip

delay to avoid needless retransmissions.

The transmit-delay is the time taken to transmit a link state update packet on the

interface. Before transmission, the link state advertisements in the update

packet, are incremental by this amount. Set the transmit-delay to be greater

than zero. Also, take into account the transmission and propagation delays for

the interface.

To configure a virtual link in OSPF for IPv6, a router ID must be used instead of

an address. In the IPv6 version of OSPF, the virtual link takes the router ID rather

than the IPv6 prefix of the remote router.

Examples The following example establishes a virtual link with default values for all optional

parameters.

Switch > enable

Switch # configure terminal

Switch (config) # router ipv6 ospf

Switch (config-router)# area 1 virtual-link 192.168.255.1

DGS-6600 Series Switch marp

CLI Reference Guide 56

arp

Use this command to add a static entry in the Address Resolution Protocol (ARP)

cache. Use the no arp command to remove a static entry in the ARP cache.

arp IP-ADDRESS HARDWARE-ADDRESS

no arp IP-ADDRESS HARDWARE-ADDRESS

Default No entries are entered in the ARP cache.

Command Mode Global configuration.

Usage Guideline Use the arp command to assign static and permanent entries to the ARP cache

entries. The cache is used to store the IP addresses and the corresponding MAC

address so that the addresses will not have to be repeatedly resolved. Static and

permanent entries are used for devices that exchange data on a regular basis.

To remove all non-static entries from the ARP cache, use the clear arp-cache

command.

Example This example shows how to add static ARP entry for a typical Ethernet host:

Verify the settings by entering the show arp command.

Syntax Description

IP-ADDRESS IP address in four-part dotted decimal format corresponding to the local data-link

address.

HARDWARE-

ADDRESS

Local data-link Media Access (MAC) address (a 48-bit address).

Switch(config)# arp 10.31.7.19 0800.0900.1834

DGS-6600 Series Switch marp timeout

CLI Reference Guide 57

arp timeout

Use the arp timeout command to set the ARP aging time for the ARP table.

arp timeout SECONDS

Default 14400 seconds (4 hours).

Command Mode VLAN interface configuration.

Usage Guideline Only VLAN interfaces are valid for this command.

Example This example shows how to set the ARP timeout to 12000 seconds to allow

entries to time out faster than the default setting:

Verify the settings by using show ip interface command

Syntax Description

SECONDS Number of seconds that dynamic entries will remain in the ARP table before

being deleted; valid values are from 0 to 65535.

Switch(config)# interface vlan1

Switch(config-if)# arp timeout 12000

DGS-6600 Series Switch mauto-cost reference-bandwidth

CLI Reference Guide 58

auto-cost reference-bandwidth

Use this command to control how OSPF calculates the default metric for the

interface.The no form of this command will reset the reference bandwidth to the

default value.

auto-cost reference-bandwidth MBPS

no auto-cost reference-bandwidth

Default Enabled.

MBPS: 100

Command Mode Router configuration.

Usage Guideline By default OSPF calculates the OSPF metric for an interface by dividing the

reference bandwidth by the bandwidth of interface. The default value for the

reference bandwidth is 100Mbps. For example, a 100Mbps will have a metric of 1

and a 64K link will have a metric of 1562,

The auto-cost command is used to differentiate high bandwidth links. For

multiple links with high bandwidth, specify a larger reference bandwidth value to

differentiate costs on those links.

Before the cost is changed to the manual configuration mode, the cost must be

configured in advance.

Example This following example shows how to set reference bandwidth to 50 Mbps.

Verify the settings by entering the show ip protocol ospf command.

Syntax Description

MBPS The reference bandwidth in Mbps. The default reference bandwidth is 100 Mbps.

The valid setting is 1 to 4294967.

Switch# configure terminal

Switch(config)# router ospf

Switch(config-router)# auto-cost reference-bandwidth 50

DGS-6600 Series Switch mauto-cost reference-bandwidth (IPv6)

CLI Reference Guide 59

auto-cost reference-bandwidth (IPv6)

To control the reference value IPv6 OSPF uses when calculating the metric for

the interfaces, use the auto-cost reference-bandwidth command. To return the

reference value to its default, use the no form of this command.

auto-cost reference-bandwidth MBPS

no auto-cost reference-bandwidth

Default MBPS: 100.

Command Mode Router configuration.

Usage Guideline The IPv6 OSPF metric is calculated as the Mbps value divided by the bandwidth,

with Mbps equal to 100 by default, and bandwidth determined by the bandwidth

command. The calculation gives Fast Ethernet a metric of 1.

Examples The following example sets the auto-cost reference bandwidth to 1000 Mbps.

Syntax Description

MBPS MBPS Rate in Mbps bandwidth. The range is from 1 to 4294967. The default is

100.

Switch > enable

Switch # configure terminal

Switch (config) # router ipv6 ospf

Switch (config-router)# auto-cost reference-bandwidth 1000

DGS-6600 Series Switch backoff maximum

CLI Reference Guide 60

backoff maximum

Use the backoff maximum command to configure the maximum back-off delay

time. Use no form of this command to restore the default value.

backoff maximum SECONDS

no backoff maximum

Default 600 seconds.

Command Mode MPLS router configuration mode.

Usage Guideline The LDP back-off mechanism prevents two incompatibly configured LSRs from

engaging in an endless sequence of session setup failures. If a session setup

attempt fails due to an incompatibility, the active LSR delays its next attempt (that

is, backs off), and then retries the session establishment.

The delay begins at 15 seconds, and it is increased exponentially with each

successive failure until the maximum back off delay is reached. The maximum

[back off] delay is configurable, with the minimum amount being 120 seconds.

The default value is 600 seconds.

Example This example shows how to configure the maximum back-off delay time to 1000

seconds.

The user can verify their settings by entering show mpls ldp parameter

command.

Syntax Description

SECONDS The maximum back-off delay time. The range is 120-65535 seconds.

Switch(config-mpls-router)# backoff maximum 1000

DGS-6600 Series Switch banner login

CLI Reference Guide 61

banner login

Use banner login command to configure the banner login message. Use the

default form of the command to set the login banner to factory default.

banner login STRING

default banner login

Default Project dependent.

Sample Banner Login Message:

Where 2012 represents the year for release of the new firmware. It should be

updated if needed by the subsequent release of the firmware. Where DGS-6608

represents the product name, it will change within the different products.

Command Mode Global configuration.

Usage Guideline Use this command to define a customized banner to be displayed after the user

is prompted for their username and password. Enter the banner login command

followed by a desired display string and then execute the command by pressing

ENTER to complete the modification.

When a multiple lines banner is needed, use special character sequences such

as '/n' which represents a new line and '/r ' which represents a carriage return.

However if '/n' or '/r' is required to be displayed as part of the string in the line,

then both '/n' and 'r' must be prefixed with another '/' as an escape sequence to

override the special character sequence functionality, for example '//n', or '//r'.

At the end of each line is either a '/n' or '/r'. If more than 80 characters are

entered without an '/n' or '/r' ending the line, up to 80 characters will automatically

get a new line and continue to display the remaining characters.

Syntax Description

STRING A displaced string and spaces are allowed. The maximum length is 320

characters. In addition, two special character sequences are used; '/n' is used as

new line and '/r ' is used as a carriage return. Please refer to the usage guideline

for more detail.

DGS-6608 Chassis-based High-Speed Switch

Command Line Interface

Firmware: 3.00.001

DGS-6600 Series Switch banner login

CLI Reference Guide 62

Examples This example shows how to modify the banner login message:

The following example shows how to use ‘/n’ to modify the banner login

message.

The following example shows how to use ‘/r’ to modify the banner login message.

the following example shoes how to use ‘//r’ and ‘//n’.

Switch(config)# banner login Device Fast Ethernet Switch Command Line

Interface, Access for authorized users only. Please enter your username and

password.

Switch(config)# banner login Device Fast Ethernet Switch Command Line

Interface,Access for authorized users /nonly. Please enter your username and

password.

Switch(config)#end

switch#end

Device Fast Ethernet Switch Command Line Interface, Access for authorized

users

only.

Please enter your username and password.

Switch(config)# banner login Device Fast Ethernet Switch Command Line

Interface,Access for authorized users only. /rPlease enter your username and

password.

Switch(config)#end

switch#end

Device Fast Ethernet Switch Command Line Interface, Access for authorized

users o

Please enter your username and password.

Switch(config)# banner login Device Fast Ethernet Switch Command Line

Interface,Access for authorized users only//n//r.

Switch(config)#end

switch#end

Device Fast Ethernet Switch Command Line Interface, Access for authorized

users o

nly/n/r.

DGS-6600 Series Switch based-on client-id

CLI Reference Guide 63

based-on client-id

This command is used to specify the client identifier as a rule for IP address

assignment from the DHCP address pool. Use the no form to remove the rule

from DHCP address pool.

based-on client -id {hex|string} CLIENT-ID

no based-on client -id {hex|string} CLIENT-ID

Default None.

Command Mode DHCP pool configuration.

Usage Guideline All rules take effect on the corresponding DHCP address pool and will have a

logical AND operation conditions combined with other rules set by other based-

on commands.

If a DHCP client sends the no DHCP Client Identifier option, the service

continues to operate as it bases it on the hardware type and a client hardware

address. If a DHCP client sends a DHCP Client Identifier option, the DHCP

server validates the value to ensure the client identifier optional field matches the

configured Client Identifier. If the values match, the DHCP server provides

service to the client. If the values do not match, the DHCP server does not

respond to the client's request.

Multiple based-on client-id commands create a list of client-ids for the DHCP

address pool. When any request has a match in the list, the server will provide an

IP address to the server based on DHCP Client Identifier option, but not the

received client Hardware address.

Examples The following sets a rule used for the IP address assignment based

0x0152415320 for a Microsoft "Remote Access Server" (RAS).

Syntax Description

CLIENT-ID A sequence of bytes or a string defined on the client that is an unique

identification of client.

HEXADECIMAL: The maximum length is 128 bytes.

STRING: The maximum length is up to 64 bytes.

switch(config)#ip dhcp pool pool1

switch(config-dhcp)#based-on client-id hex 0x0152415320

DGS-6600 Series Switch based-on c-vid

CLI Reference Guide 64

based-on c-vid

This command is used to specify the customer vlan ID (C-VID) as a rule for IP

address assignment from the DHCP address pool. Use the no form of the

command to remove the C-VID rule from DHCP address pool.

based-on c-vid V-ID [,|-]

no based-on c-vid V-ID [,|-]

Default None.

Command Mode DHCP pool configuration.

Usage Guideline This command is used to create the address binding rule for the DHCP address

pool. The based-on c-vid command creates the address binding rules in an

incremental way. That is, all of the C-VIDs created by based-on c-vid

commands take effect on the corresponding DHCP address pool. However this

command will be combined with logical AND operations with the other rules set

by other based-on commands. For example if the first rule is based-on c-vid

100 and there is another based-on s-vid 200 command, then the address pool

will only assign an IP address to the client with C-VID=100 and S-VID=200.

Examples The following sets a rule used for IP address assignment based on C-VID 100 or

200 from the DHCP address pool1.

Then the rule is added to and now based on C-VID 100/ 200 and S-VID 1000.

Syntax Description

V-ID [,|-] Specifies the V-ID list.

switch(config)#ip dhcp pool pool1

switch(config-dhcp)#based-on c-vid 100,200

switch(config-dhcp)#based-on s-vid 1000

DGS-6600 Series Switch based-on interface-ip-address

CLI Reference Guide 65

based-on interface-ip-address

This command is used to specify a rule for a DHCP address pool to respond to a

request from the specified IP interface. Use the no form of the command to

remove the rule from the DHCP address pool.

based-on interface-ip-address IP-ADDRESS

no based-on interface-ip-address IP-ADDRESS

Default None.

Command Mode DHCP pool configuration.

Usage Guideline An additional rule can be set for a DHCP address pool based on interface IP

address.

All of the DHCP IP address assignment rules take effect on the corresponding

DHCP address pool. A based-on command will be combined using logical AND

operations with the other rules set by all other based-on commands.

Examples The following example sets a rule used for the IP address assignment (DHCP IP

address pool1) based on interface 172.19.10.100.

Syntax Description

IP-ADDRESS Specifies the IP address of the interface.

switch(config)#ip dhcp pool pool1

switch(config-dhcp)#based-on interface-ip-address 172.19.10.100

DGS-6600 Series Switch based-on mac-address

CLI Reference Guide 66

based-on mac-address

This command is used to specify the host MAC address as a rule for IP address

assignment from the DHCP address pool. Use the no form to remove the MAC

address rule from the DHCP address pool.

based-on mac-address MAC-ADDRESS [,|-]

no based-on mac-address MAC-ADDRESS [,|-]

Default None.

Command Mode DHCP pool configuration.

Usage Guideline This command is used to create the address binding rule for the DHCP address

pool. based-on mac-address command creates the address binding rules in an

incremental way. That is, all of the mac-addresses created by the based-on mac-

address commands take effect on the corresponding DHCP address pool.

However this command will be combined using logical AND operations with the

other rules is set by all other based-on commands. For example if the first rule is

based-on mac-address 00:80:00:11:22:00- 00:80:00:11:22:FF and there is

another based-on c-vid 200 command, the address pool will only assign an IP

address to the client with a MAC address in range of 00:80:11:22:xx and with its

C-VID=200. Other than that, no IP address is offered from the corresponding

DHCP address pool.

Examples The following sets a rule used for IP address assignment based on MAC address

00:80:C8:11:22:xx from the DHCP address pool1.

The following sets an additional rule used for IP address assignment based on

MAC address 00:80:C8:11:33:00 and 00:80:C8:11:33:FF from the DHCP

address pool1.

Syntax Description

MAC-ADDRESS [,|-] Specifies the MAC address list.

switch(config)#ip dhcp pool pool1

switch(config-dhcp)#based-on mac-address 00:80:C8:11:22:00-00:80:C8:11:22:FF

switch(config-dhcp)#based-on mac-address 00:80:C8:11:33:00,00:80:C8:11:33:FF

DGS-6600 Series Switch based-on relay-ip-address

CLI Reference Guide 67

based-on relay-ip-address

This command is used to specify a rule for the DHCP address pool’s only

response for BOOTP forwarder or relay. Use the no form of the command to

remove the rule from a DHCP address pool.

based-on relay-ip-address IP-ADDRESS

no based-on relay-ip-address IP-ADDRESS

Default None.

Command Mode DHCP pool configuration.

Usage Guideline An additional rule can be set for DHCP address pool for each relay IP address.

All of the DHCP IP address assignment rules take effect to the corresponding

DHCP address pool. All of the based-on commands will be combined using

logical AND operations with other rules set by all the other based-on commands.

Examples The following example sets a rule used for IP address assignment (DHCP IP

address pool1) based on the Relay IP address.

Syntax Description

IP-ADDRESS Specifies the IP address of BOOTP forwarder for relay.

switch(config)#ip dhcp pool pool1

switch(config-dhcp)#based-on relay-ip-address 10.1.1.254

DGS-6600 Series Switch based-on s-vid

CLI Reference Guide 68

based-on s-vid

This command is used to specify the service provider vlan ID (S-VID) as a rule

for IP address assignment from the DHCP address pool. Use the no form of the

command to remove the S-VID rule from the DHCP address pool.

based-on s-vid V-ID [,|-]

no based-on s-vid V-ID [,|-]

Default None.

Command Mode DHCP pool configuration.

Usage Guideline This command is used to create the address binding rule for the DHCP address

pool. The based-on s-vid command creates the address binding rules in an

incremental way. That is, all of S-VID created by based-on s-vid commands take

effect on the corresponding DHCP address pools. However this command will be

combined using logical AND operations with the other rules set by other based-

on commands. For example if the first rule is based-on s-vid 100 and there is

another based-on c-vid 200 command, then the address pool will only assign an

IP address to the client with C-VID=200 and S-VID=100.

Examples The following sets a rule used for IP address assignment based on S-VID 100 or

200 from the DHCP address pool1.

Below the rule becomes based on S-VID 100/ 200 and C-VID 1000.

Syntax Description

V-ID [,|-] Specifies the V-ID list.

switch(config)#ip dhcp pool pool1

switch(config-dhcp)#based-on s-vid 100,200

switch(config-dhcp)#based-on c-vid 1000

DGS-6600 Series Switch based-on user-class

CLI Reference Guide 69

based-on user-class

This command is used so that DHCP administrators can define specific user

class identifiers to convey information about a client's software configuration or

about its user's preferences. Use the no form of the command to remove the

related setting rule.

based-on user-class {hex HEXADECIMAL |string STRING}

no based-on user-class {hex HEXADECIMAL |string STRING}

Default None.

Command Mode DHCP pool configuration.

Usage Guideline This command is used to create the address binding rule for the DHCP address

pool. One user class is allowed in one DHCP address pool. Use the no form of

the command to remove user-class rule.

This command will be combined using logical AND operations with the other

rules set by all the other based-on commands. For example, if the first rule is

based-on user-class alpha and there is another based-on c-vid 200 command,

the address pool will only assign an IP address to the client which has C-

VID=200 and user class as alpha.

Examples The following sets a rule used for IP address assignment based on the user class

alpha from DHCP address pool1.

The following sets a rule used for IP address assignment based on the user class

0x8080 from DHCP address pool1.

Syntax Description

HEXADECIMAL A leading string, 0x has to indicated and then a following hexadecimal sequence

must be entered. The maximum length is 128 bytes.

STRING The String can be displayed, but no spaces are allowed. The maximum length is

up to 64 bytes.

switch(config)#ip dhcp pool pool1

switch(config-dhcp)#based-on user-class string alpha

switch(config)#ip dhcp pool pool1

switch(config-dhcp)#based-on user-class hex 0x8080

DGS-6600 Series Switch based-on vendor-class

CLI Reference Guide 70

based-on vendor-class

This command is used to create an address binding rule for the DHCP address

pool based on the vendor class. Use the no form of the command to delete the

related rule setting.

based-on vendor-class {hex HEXADECIMAL |string STRING}

no based-on vendor-class {hex HEXADECIMAL |string STRING}

Default None.

Command Mode DHCP pool configuration.

Usage Guideline This command is used to create the address binding rule for the DHCP address

pool. One vendor class is allowed in one DHCP address pool. Use the no form of

the command to remove the user-class rule.

For vendor classes, e.g. DHCP-requests from Windows 98SE/ME are sent with a

vendor class of MSFT 98 and from Windows 2000/XP with a vendor class of

MSFT 5.0. The received VendorClass-ID string is compared with the specified

string. If the received string is longer than the specified string, then the excess

characters are ignored. For example, specifying MSFT will match both Win98SE/

ME and 2000/XP.

This command will be combined using logical AND operations with the other

rules set by all the other based-on commands. For example if the first rule is

based-on vendor-class string MSFT 5.0 and there is another based-on c-vid

200 command, the address pool only assigns an IP address to the client which

has C-VID=200 and its vendor class set to MSFT 5.0.

Examples The following example sets the vendor class to match both Win98SE/ME and

2000/XP.

Syntax Description

HEXADECIMAL A leading string, 0x has to be entered and then a following hexadecimal

sequence must be entered. The maximum length is 128 bytes.

STRING The String can be displayed, but with no spaces allowed. The maximum length is

up to 64 bytes.

switch(config)#ip dhcp pool pool1

switch(config-dhcp)#based-on vendor-class string MSFT

DGS-6600 Series Switch bgp always-compare-med

CLI Reference Guide 71

bgp always-compare-med

Use this command to compare the Multi-Exit Discriminator (MED) for paths from

neighbors in different autonomous systems. Use the no bgp always-compare-

med command to disallow the comparison.

bgp always-compare-med

no bgp always-compare-med

Syntax None.

Default Disabled.

Command Mode Router configuration.

Usage Guideline The MED, as stated in RFC 1771, is an optional non-transitive attribute that is a

four octet non-negative integer. The value of this attribute may be used by the

BGP best path selection process to discriminate among multiple exit points to a

neighboring autonomous system.

The MED is one of the parameters that is considered when selecting the best

path among many alternative paths. The path with a lower MED is preferred over

a path with a higher MED. During the best-path selection process, MED

comparison is done only among paths from the same autonomous system. The

bgp always-compare-med command is used to change this behavior by

enforcing MED comparisons between all paths, regardless of the autonomous

system from which the paths are received.

The bgp deterministic-med command on page 79 can be configured to

enforce a deterministic comparison of the MED value between all paths received

from within the same autonomous system.

Example This example shows how to configure the comparison of the MED from

alternative paths, regardless of the autonomous system from which the paths are

received:

Switch(config)# router bgp 65534

Switch(config-router)# bgp always-compare-med

DGS-6600 Series Switch bgp asnotation dot

CLI Reference Guide 72

bgp asnotation dot

Use this command to change the default display and regular expression match

format of BGP 4-byte AS numbers from asplain (decimal values) to dot notation.

Use the no form of the command to reset the default 4-byte autonomous system

number display and regular expression match format to asplain.

bgp asnotation dot

no bgp asnotation dot

Syntax None.

Default BGP AS numbers are displayed using asplain (decimal value) format in screen

output, and the default format for matching 4-byte autonomous system numbers

in regular expressions is asplain.

Command Mode Router configuration.

Usage Guideline BGP AS numbers that were allocated to companies were 2-byte numbers in the

range from 1 to 65535 as described in RFC 4271. Due to increased demand for

AS numbers, the IANA will start, in January 2009, to allocate four-byte AS

numbers in the range from 65536 to 4294967295. RFC 5396 documents three

methods of representing autonomous system numbers. BGP has implemented

the following two methods:

•Asplain-Decimal value notation where both 2-byte and 4-byte AS num-

bers are represented by their decimal value. For example, 65525 is a 2-

byte AS number and 65545 is a 4-byte autonomous system number.

•Asdot-Autonomous system dot notation where 2-byte AS numbers are

represented by their decimal value and 4-byte AS numbers are repre-

sented by a dot notation. For example, 65525 is a 2-byte autonomous

system number and 1.10 is a 4-byte AS number (this is dot notation for

the 65545 decimal number).

After the command is performed, the output is converted in order to format it. For

some of the information which is learned prior, for example: routes, the AS

notation format follows the previous format. Therefore, the clear IP BGP

command must be used to convert to the current format.

Example This example (on the next page) shows how to configure as noted and shows the

difference using the command show ip bgp:

DGS-6600 Series Switch bgp asnotation dot

CLI Reference Guide 73

Switch # show ip bgp

BGP table version is 30, local router ID is 10.10.11.50

Status codes: s suppressed, d damped, h history, * valid, > best, i -

internal,

S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 192.0.1.0/24 10.10.71.100 0 0 65636 i

*> 192.0.2.0/24 10.10.71.100 0 0 65636 {80} i

Total Entries: 2 entries, 2 routes

Switch #config terminal

Switch(config)# router bgp 1.6553465636

Switch(config-router)# bgp asnotation dot

Switch(config-router)# end

Switch # clear ip bgp *

Switch # show ip bgp

BGP table version is 30, local router ID is 10.10.11.50

Status codes: s suppressed, d damped, h history, * valid, > best, i -

internal,

S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 192.0.1.0/24 10.10.71.100 0 0 1.101 100 i

*> 192.0.2.0/24 10.10.71.100 0 0 1.101 100 {80} i

Total Entries: 2 entries, 2 routes

Switch #

DGS-6600 Series Switch bgp bestpath as-path ignore

CLI Reference Guide 74

bgp bestpath as-path ignore

Use this command to ignore AS path as a factor in the selection of the best path.

Use the no form of the command to restore the default behavior and configure

BGP to consider the AS path during route selection.

bgp bestpath as-path ignore

no bgp bestpath as-path ignore

Syntax None.

Default AS path is considered in the best path selection.

Command Mode Router configuration.

Usage Guideline The following are the rules used for the best path selection process.

1. If the next hop associated with the route is unreachable, then the route is 1. If

the next hop associated with the route is unreachable, then the route is

dropped.

2. The next choice is the route with the largest weight is selected.

3. If weight cannot make the determination, then the largest LOCAL_PREF is

used to determine the preferred route.

4. If the preferred route can still not be determined, then the route with the short-

est AS_PATH list is preferred.

5. If the preferred route can still not be determined, then lowest origin type is

preferred.

6. If the preferred route can still not be determined, then the lowest MED is pre-

ferred.

7. If the preferred route can still not be determined, then eBGP is preferred over

iBGP paths.

8. Always prefer the path with the lowest IGP metric to the BGP next hop.

9. Check to determine if multiple paths require installation in the routing table for

BGP Multipath.

10. When both paths are external, always prefer the path that was received first

(the oldest one).

11. Always prefer the route that comes from the BGP router with the lowest

router ID.

12. If the originator or router ID is the same for multiple paths, prefer the path with

the minimum cluster list length.

13. Always prefer the path that comes from the lowest neighbor address.

DGS-6600 Series Switch bgp bestpath as-path ignore

CLI Reference Guide 75

Use the commands, bgp bestpath as-path ignore, bgp bestpath compare-

router-id or bgp default local-preference to customize the path selection

process.

Example This example shows how to configure to ignore the AS path as the best path for

autonomous system 65534:

Switch(config)# router bgp 65534

Switch(config-router)# bgp bestpath as-path ignore

DGS-6600 Series Switch bgp bestpath compare-routerid

CLI Reference Guide 76

bgp bestpath compare-routerid

Use this command to compare router IDs for the best-path selection process

when external BGP (eBGP) paths are identical. Use the no form of the command

to disable this function.

bgp bestpath compare-routerid

no bgp bestpath compare-routerid

Syntax None.

Default BGP receives routes with identical eBGP paths from eBGP peers and selects the

first route received as the best path.

Command Mode Router configuration.

Usage Guideline When comparing similar routes from peers the BGP router does not consider the

router ID of the routes. By default, it selects the first received route. Use this

command to include the router ID in the selection process. When enabled,

similar routes are compared and the route with the lowest router ID is selected.

Unless manually defined, the router ID is the highest IP address on the router,

with preference given to loopback addresses. Router ID can be manually set by

using the bgp router-id command on page 84.

Example This example shows how to configure to compare the router-ids of identical

eBGP paths for autonomous system 65534:

It is possible to verify the settings by entering show ip protocols bgp command.

Switch(config)# router bgp 65534

Switch(config-router)# bgp bestpath compare-routerid

DGS-6600 Series Switch bgp default ipv4-unicast

CLI Reference Guide 77

bgp default ipv4-unicast

Use this command to enable the IP version 4 (IPv4) unicast address family for all

neighbors. This affects the BGP global configuration. Use the no form of the

command to disable this function.

bgp default ipv4-unicast

no bgp default ipv4-unicast

Syntax None.

Default bgp default ipv4-unicast .

Command Mode Router configuration.

Usage Guideline The bgp default ipv4-unicast command is used to enable the automatic

exchange of IPv4 address family prefixes. The neighbor activate address family

configuration command must be entered in each IPv4 address family session

before a prefix exchange will occur.

The no bgp default ipv4-unicast command is used to disable the default

behavior of the BGP routing process of exchanging IPv4 unicast addressing

information with BGP neighbor routers.

With the no bgp default ipv4-unicast command, no IPv4 unicast route

information will be advertised to neighboring devices. The correspondent

information for address family ipv4-unicast will be lost.

Example This example shows how to configure BGP defaults and activate ipv4-unicast of

a peer by default for autonomous system 65534:

You can verify your settings by entering show ip protocols bgp command.

Switch(config)# router bgp 65534

Switch(config-router)# bgp default ipv4-unicast

DGS-6600 Series Switch bgp default local-preference

CLI Reference Guide 78

bgp default local-preference

Use this command to change the default local preference value. To return the

local preference value to the default setting, use the no form of this command.

bgp default local-preference NUMBER

no bgp default local-preference

Default NUMBER: 100

Command Mode Router configuration.

Usage Guideline The local preference attribute is a discretionary attribute that is used to apply a

degree of preference to a route during the BGP best path selection process.

This attribute is exchanged only between iBGP peers and used to determine

local policy. The route with the highest local preference becomes the preferred

route.

Example This example shows how to configure default value of the local preference to 200

for autonomous system 65534:

Verify the settings by entering show ip protocols bgp command.

Syntax Description

NUMBER Range of local preference is 0 to 4294967295. A higher number is preferred to a

lower number in the comparison.

Switch(config)# router bgp 65534

Switch(config-router)# bgp default local-preference 200

DGS-6600 Series Switch bgp deterministic-med

CLI Reference Guide 79

bgp deterministic-med

Use this command to include the Multi Exit Discriminator (MED) value for

comparison of the best path selection between all paths received from the same

autonomous system. Use the no form of the command to prevent BGP from

considering the MED attribute in path comparison.

bgp deterministic-med

no bgp deterministic-med

Syntax None.

Default The default value is disabled.

Command Mode Router configuration.

Usage Guideline The bgp always-compare-med command on page 71 is used to enable the

comparison of the MED value for paths from neighbors in different autonomous

systems. After the bgp always-compare-med is enabled, all paths for the same

prefix that are received from different neighbors in the same autonomous

system, will be grouped together and sorted by the ascending MED value

(received-only paths are ignored and not grouped or sorted).

The best path selection algorithm then picks the best paths using the existing

rules; the comparison is first made on a per neighbor autonomous system basis

and then on a global basis. The grouping and sorting of paths occurs

immediately after this command is entered. For correct results, all routers in the

local autonomous system must have this command enabled (or disabled).

The bgp deterministic-med command is used to enforce deterministic

comparison of the MED value between all paths received from within the same

autonomous system. When enabled, the result of the selection algorithm is the

same regardless of the order in which the paths are received on the local router.

Example This example shows how to configure to enable comparison of MED values for

autonomous system 65534:

Switch(config)# router bgp 65534

Switch(config-router)# bgp deterministic-med

DGS-6600 Series Switch bgp enforce-first-as

CLI Reference Guide 80

bgp enforce-first-as

Use this command to enforce the first AS for the eBGP routes. To disable this

feature, use the no form of this command.

bgp enforce-first-as

no bgp enforce-first-as

Syntax None.

Default Disabled.

Command Mode Router configuration.

Usage Guideline This command specifies that any updates received from an external neighbor

that do not have the neighbor’s configured Autonomous System (AS), at the

beginning of the AS path, in the received update must be denied. Enabling this

feature adds to the security of the BGP network by not allowing traffic from

unauthorized systems.

Example This example shows how to enable the security of the BGP network for

autonomous system 65534. All incoming updates from eBGP peers are

examined to ensure that the first AS number in the AS path is the local AS

number of the transmitting peer:

Switch(config)# router bgp 65534

Switch(config-router)# bgp enforce-first-as

DGS-6600 Series Switch bgp graceful-restart

CLI Reference Guide 81

bgp graceful-restart

To enable the BGP graceful restart capability, use the bgp graceful-restart

command in router configuration mode. To disable the BGP graceful restart

capability, use the no form of this command.

bgp graceful-restart [restart-time SECONDS | stalepath-time SECONDS]

no bgp graceful-restart

Default restart-time:120 seconds

stalepath-time: 360 seconds

Command Mode Router configuration.

Usage Guideline The bgp graceful-restart command is used to configure or disable the graceful

restart capability on a router in a BGP network. The graceful restart capability is

negotiated between nonstop forwarding (NSF)-capable and NSF-aware peers in

OPEN messages during session establishment. If the graceful restart capability

is enabled after a BGP session has been established, the session will need to be

restarted with a soft or hard reset.

The graceful restart capability is supported by NSF-capable and NSF-aware

routers. A router that is NSF-capable can perform graceful restart and can assist

restarting peers by holding routing table information during the switch over

operation.

The BGP graceful restart capability is enabled by default. The default timer

values for this feature are optimal for most network deployments. When adjusting

the timer values, the restart timer should not be set to a value greater than the

hold time that is carried in the OPEN message. If consecutive restart operations

occur, routes (from a restarting router) that were previously marked as stale will

be deleted.

Syntax Description

restart-time

SECONDS

(Optional) Sets the maximum time period that the local router will wait for a

graceful-restart-capable neighbor to return to normal operation after a restart

event occurs. The default value for this argument is 120 seconds. The

configuration range of values is from 1 to 3600 seconds.

stalepath-time

SECONDS

(Optional) Sets the maximum time period that the local router will hold stale

paths for a restarting peer. All stale paths are deleted after this timer expires. The

default value for this argument is 360 seconds. The configurable range of values

is from 1 to 3600 seconds.

DGS-6600 Series Switch bgp graceful-restart

CLI Reference Guide 82

Example The BGP graceful restart capability is enabled and the restart timer is set to 240

seconds in the following example:

Switch#configure terminal

Switch(config)#router bgp 101

Switch(config-router)#bgp graceful-restart restart-time 130

Switch(config-router)#

DGS-6600 Series Switch bgp log-neighbor-changes

CLI Reference Guide 83

bgp log-neighbor-changes

Use the bgp log-neighbor-changes command to enable logging of BGP

neighbor resets. Use no bgp log-neighbor-changes to disable the logging.

bgp log-neighbor-changes

no bgp log-neighbor-changes

Syntax None.

Default Disabled.

Command Mode Router configuration.

Usage Guideline This command enables logging of both BGP resets and alternating status

changes to use for troubleshooting purposes.

Unexpected neighbor resets might indicate high error rates or high packet loss in

the network and should be investigated.

This command enables logging of both BGP resets and alternating status

changes to use for troubleshooting purposes.

Unexpected neighbor resets might indicate high error rates or high packet loss in

the network and should be investigated.

The neighbor status change messages are not tracked if the bgp log-neighbor-

changes command is not enabled. The exception to this is for a reset reason,

which is always available as output of the show ip bgp neighbors commands.

The logs for BGP neighbor changes will display on the console.

Example This example shows how to enable logging of BGP neighbor changes for

autonomous system 65534:

Use the show logging buffer command to display the log for the BGP neighbor

changes.

Switch(config)# router bgp 65534

Switch(config-router)# bgp log-neighbor-changes

DGS-6600 Series Switch bgp router-id

CLI Reference Guide 84

bgp router-id

Use this command to configure a fixed router ID for the Border Gateway Protocol

(BGP) routing process. Use the no form of this command to remove the fixed

router ID from the running configuration file.

bgp router-id IP-ADDRESS

no bgp router-id [IP-ADDRESS]

Default THe local router ID is selected by the following rules:

If a loopback interface is configured, the router ID is set to the IP address of the

loopback. If multiple loopback interfaces are configured, the loopback with the

highest IP address is used.

If no loopback interface is configured, the router ID is set to the highest IP

address on a physical interface.

Command Mode Router configuration.

Address family configuration.

Usage Guideline The bgp router-id command is used to configure a fixed router ID for a BGP

routing.

The address of a loopback interface is preferred to an IP address on a physical

interface because the loopback interface is more effective than a fixed interface

as an identifier because there is no physical link to go down.

A unique router ID must be specified within the network.

This command will reset all active BGP peering sessions.

It is recommended to configure a loopback interface, since the physical interface

link may be up/down/removed for some reason.

Example This example shows how to change the router ID with 192.168.1.1

Syntax Description

IP-ADDRESS Configures the router ID in IPv4 address format as the identifier of the local

router running BGP.

Switch(config)# router bgp 65100

Switch(config-router)# bgp router-id 192.168.1.1

DGS-6600 Series Switch boot config

CLI Reference Guide 85

boot config

Use this command to specify the file that will be used as the configuration file for

the next boot up.

boot config [check] MEDIUM: URL

no boot config

Default Default configuration file is def_usr.conf .

Command Mode Global configuration.

Usage Guideline The boot config command specifies the file system and file name of the

configuration file to use for initialization (startup). The configuration file must be

an ASCII file located in the specified file system.

The command takes affect immediately and will be kept in NVRAM.

In the following situations the boot configuration does not update and an error

message is displayed:

• A configuration file is specified where the filename argument does not

exist or is not valid causing the boot configuration to not update and an

error message to be displayed.

• During initialization, the factory default configuration is used when the

boot config setting does not exist or when it is null (such as at a first-time

start-up). If the software detects a problem with the boot config file, the

device uses the factory default configuration for system boot up.

• When using the no form of this command, the boot configuration resets to

the default configuration

Use the show boot command to view the contents of the boot config

configuration file.

Syntax Description

MEDIUM:URL Specifies the media where the file system is located.

The valid values are flash:\, cf1:\., etc. flash:\ represents system internal on-

board FLASH memory. cf1:\ represents the first (left) open slot compact FLASH

memory.

URL - Specifies the file to be assigned.

The MEDIUM and URL consists of from 1 to 95 characters. The syntax can use

alphanumeric and special characters, but that does not allow space and (_/

:*?"<>|_) characters.

check (Optional) This option is used for show the configuration file information for the

specified file. The information includes the file and model names.

DGS-6600 Series Switch boot config

CLI Reference Guide 86

Initially, a system file is used as the factory default configuration.

The specified URL must be represented by an absolute path. It cannot be

represented by a relative path.

Examples The following example shows how to specify the file switch-config as the startup

configuration file:

Verify the settings by entering the show boot command.

The following example shows the result of specifying the incorrectly formed file

yyy-config as the startup configuration file.

The following example shows how to check a file yyy-config to see file

information before associate it with boot config command:

The following example shows how to check a file xxx-file.exe which, when comes

out it is not a recognizable system configuration file:

For dual management control module.

Switch# configure terminal

Switch(config)# boot config flash:\switch-config

Switch(config)# end

Switch# configure terminal

Switch(config)# boot config flash:\yyy-config.exe

Illegal configuration file

Switch(config)# end

Switch# configure terminal

Switch(config)# boot config check flash:\yyy-config

#DGS-6608 Chassis-based High-Speed Switch

#File name: flash:\yyy-config (size:file bytes)

#Firmware Version: file version

Switch(config)# end

Switch# configure terminal

Switch(config)# boot config check flash:\xxx-file.exe

Illegal configuration file

Switch(config)# end

DGS-6600 Series Switch boot config

CLI Reference Guide 87

The following example shows as boot_config command can not be

synchronized between active and standby control unit because the standby did

not install the medium.

The following example shows as boot config command cannot be synchronized

between active and standby control unit because boot config file does not exist at

standby control unit.

The following example shows as boot config command cannot be synchronized

between active and standby control unit because boot config files content are

different.

The following example shows as boot config command cannot be synchronized

between active and standby control unit because the standby medium does not

have enough space.

Switch# configure terminal

Switch(config)# boot config cf1:\xxx-file.exe

cf1 media is not present at Standby control management unit!

Switch(config)# end

Switch# configure terminal

Switch(config)# boot config cf1:\xxx-file.exe

config file is not exist at standby control management unit!

Switch(config)# end

Switch# configure terminal

Switch(config)# boot config cf1:\xxx-file.exe

config file is exist at standby, but config file's contents are different!

Switch(config)# end

Switch# configure terminal

Switch(config)# boot config flash:\xxx-file.exe

Do not have enough space at Standby control management unit to create boot

config!

Switch(config)# end

DGS-6600 Series Switch boot image

CLI Reference Guide 88

boot image

Use this command to specify the file used as the image file for the next boot.

boot image [check] MEDIUM: URL

Default There can be up to three boot image files in the boot image list. The file name

and medium are project dependent.

Command Mode Global configuration.

Usage Guideline This command is only available at privilege level 15.

The boot image command specifies the boot image file to be used for the next

start up. Upon start up, the previous boot image becomes the secondary boot up

image file.

There can be up to three boot image files in the list with the secondary position

and tertiary position used as backup boot image files in sequence.

When this command is used to assign a file as the next-boot image file, the

system will check the checksum and model to determine whether the file is a

correct image file.

The specified URL must be represented by the absolute path. It cannot be

represented by the relative path. Spaces are not allowed in either directory or file

names of the absolute path as they will cause load failure of the boot image.

The check keyword option allows the user to check a new image file format to

verify whether it is suitable to be a boot image or not. The option verfies and

displays information such as the file name/content, version number, time stamp

(it any), checksum, file size, etc. The check option compares the information with

that in the current boot image file.

If the storage media for the specified URL (filename) does not exist, an error

message is displayed with the notification of the URL error.

Syntax Description

MEDIUM Specifies the media where the file system is located.

The valid values are flash:\ and cf1:\. Flash:\ represents the on-board FLASH

storage of the active control module. cf1:\ represents the first opened slot

compact FLASH storage.

URL: Specifies the file to be assigned. The MEDIUM and URL consists of from 1

to 95 characters. The syntax can use alphanumeric and special characters, but

that does not allow space and (_/:*?”<>|_) characters.

check (Optional) This option is used to show the firmware information for the specified

file. The information includes file name, model name, version number,

checksum, time stamp (if any).

DGS-6600 Series Switch boot image

CLI Reference Guide 89

As this command apply to active control management unit and high-availability

the boot image and boot image list will be also applied to the standby control

management. In order to make high-availability function successfully, you have

to make sure all available media are same at both active and standby control

management units. If the available mediums are not present at the same

interface at both active and standby control units, an error message should return

for boot image command and the command will be failed.

Examples The following example shows how to specify the switch to use the image file

named switch-image1.bin as the boot image file for the next startup and the

previous boot image, flash:\switch-image0.bin becomes the secondary boot

image file in the list and changes the status to the backup boot image.

Verify the settings by entering the show boot command.

The following example shows how to check a file yyy-image to see file

information before associate it with boot image command:

the following example shows the error message for reference as the active

control unit has CF card installed at cf1, but standby control unit did not have CF

card installed.

Switch# configure terminal

Switch(config)#boot image flash:\images\switch_image1.had

Checking image at local flash:\images\switch_image1.had ... Done.

Update bootlist ....... Done.

Success

Switch# configure terminal

Switch(config)# boot image check flash:\yyy-image

Image information

Version : images version

Description:image file for DGS-XXXX

Model :DGS-XXXX images version

Build time :week month day hour:minutes:second year

Switch# configure terminal

Switch(config)# boot image cf1:\switch-image1.bin

Checking image at local cf1:\switch-image1.bin ...done

Verify image in standby control management unit ... .Fail

[error: cf1 media is not present at Standby control management unit!]

Switch(config)#

DGS-6600 Series Switch boot image

CLI Reference Guide 90

The following example shows the boot image command cannot be synchronized

between active and standby control unit because image file does not exist at

standby control unit.

The following example shows as boot image command cannot be synchronized

between active and standby control unit because boot image file’s version are

different.

The following example shows how to check a file xxx-file.exe which comes out it

is not a recognizable system image file.

Switch# configure terminal

Switch(config)# boot image cf1:\switch-image1.bin

Checking image at local cf1:\switch-image1.bin ...done

Verify image in standby control management unit ... .Fail

[error: image file is not exist at standby control management unit! ]

Switch(config)#

Switch# configure terminal

Switch(config)# boot image cf1:\switch-image1.bin

Checking image at local cf1:\switch-image1.bin ...done

Verify image in standby control management unit ... .Fail

[error: Version is different ]

Switch(config)#

Switch# configure terminal

Switch(config)# boot image cf1:\xxx-file.exe

Image file has bad magic number.

Switch(config)#

DGS-6600 Series Switch bootfile

CLI Reference Guide 91

bootfile

This command is used to specify the name of the default boot image for a

Dynamic Host Configuration Protocol (DHCP) client. To delete the boot image

name, use the no form of the command.

boofile URL

no bootfile

Default None.

Command Mode DHCP pool configuration.

Usage Guideline Use this command to specify the name of the default boot image for a Dynamic

Host Configuration Protocol (DHCP) client. The boot image can be located in the

same DHCP server or other network servers.

Examples The following example specifies mdubootfile as the name of the boot file for

DHCP pool1.

Syntax Description

URL Specifies the path name and file name of the file that is used as a boot image.

The maximum allowed string length is 127 characters

switch > enable

switch# configure terminal

switch(config)# ip dhcp pool pool1

switch(config-dhcp)# bootfile \dgs-6600\bootimage\mdubootfile.bin

switch(config-dhcp)#

DGS-6600 Series Switch mchannel-group

CLI Reference Guide 92

channel-group

Use the channel-group command to assign an interface to a channel group.

Use no channel-group to remove an interface from a channel-group.

channel-group CHANNEL-NO mode {on| active| passive}

no channel-group

Default None.

Command Mode Interface configuration.

Usage Guideline The system automatically creates the port-channel when the channel group gets

its first physical port.

An interface can be in one mode only and in one channel-group only.

If the mode on is specified in the command, the channel group is of a static type.

If the mode active or passive is specified in the command, the channel group is

LACP type. A channel group can only have either static member or dynamic

members. That is, once the type of a channel group is determined, interfaces in

other types cannot join the channel group.

Only a physical port interface is allowed to specify the channel-group. The no

command removes the interface from the channel group. If the channel group

has no member port left after removal, it is deleted automatically.

Configuration of a channel group has the following limitations:

• If dot1x, port security, IP-MAC-Port binding, MAC AC or WAC are

enabled for a port, the port cannot be specified as a channel group mem-

ber.

• In order to be a member of the LACP channel-group, the port must be set

to full duplex. LACP will not prevent the user configuration of the port

whether it is set to full duplex or not and if these ports have various

duplex setting in the same channel group. LACP protocol behavior will

choose the members that are set to full duplex for the link aggregation.

Syntax Description

CHANNEL-NO Specifies the Channel group ID.

mode {on | active |

passive}

Specifies the mode of channel group as follows:

• on - The interface is the static member of the channel-group.

• active - The interface is to operate in LACP active mode.

• passive - The interface is to operate in LACP passive mode.

DGS-6600 Series Switch mchannel-group

CLI Reference Guide 93

• In order to be a member of the LACP channel-group, the member ports

must have the same speed setting. LACP will not prevent the user config-

uration if these ports have difference speed setting in the same channel

group. LACP protocol behavior will choose the members that have the

same speed to for the link aggregation.

Example This example shows how to configure a channel group. It assigns the eth3.4 to

3.5 to port-channel 3 with the LACP mode active.

Verify the settings by entering the show channel-group command.

Switch(config)# interface range eth3.4-3.5

Switch(config-if)# channel-group 3 mode active

DGS-6600 Series Switch mclass

CLI Reference Guide 94

class

Use this command to specify the name of the class map in order to define its

traffic policy and enter into policy-map class configuration mode. Use the no form

of the command to remove the policy definition for the specified class. All the

traffic that does not match any defined class will be classified to default class,

class-default.

class NAME

no class NAME

class class-default

Default None.

Command Mode Policy-map configuration.

Usage Guideline The class map needs to be created before the policy can be configured for it. A

class-map without any match commands cannot be configured as a class policy.

This command enters the policy-map class configuration mode. The user can

use the set command and police command to define the QoS policy for the

class.

class-default is the reserved name for the default class.It is created by default

and users cannot create it by the class-map command. Using class-default will

occupy one of the number of class maps; of one policy map. All traffic that does

not match any defined class will be classified to class-default.

Examples This example shows how to define a policy map, policy1 which defines policies

for class, class-dscp-red. The packet that matches DSCP 10, 12, or 14 will be set

to new DSCP 10 and policed by a single rate policer.

Syntax Description

NAME Specifies the name of the class map that you want to specify the class policy. Up

to 32 characters are allowed.

Switch(config)#class-map class-dscp-red

Switch(config-cmap)#match ip dscp 10 12 14

Switch(config-cmap)#exit

Switch(config)#policy-map policy1

Switch(config-pmap)#class class-dscp-red

Switch(config-pmap-c)#set ip dscp 10

Switch(config-pmap-c)#police 1000000 20000 exceed-action set-dscp-transmit

Switch(config-pmap-c)# exit

Switch(config-pmap)# exit

DGS-6600 Series Switch mclass

CLI Reference Guide 95

Verify the settings by entering the show policy-map command.

DGS-6600 Series Switch mclass-map

CLI Reference Guide 96

class-map

To create a class map to be used for matching packets to a specified class, use

the class-map command. To remove an existing class map from the switch, use

the no form of this command. The class-map command enters the class-map

configuration mode in which multiple issues of the match command on

page 458 can be entered to configure the match criteria for this class.

class-map [match-any] NAME

no class-map NAME

Default Only the class-default exists by default.

All traffic that does not match any defined class will be classified to class-default.

Command Mode Global configuration.

Usage Guideline Use the class-map command to specify the class that will create or modify the

match criteria. This command enters class-map configuration mode where

match commands are entered to configure the match criteria for this class.

Packets that arrive at the ingress port are checked against the match criteria for

a class map to determine if the packets belong to that class.

When configuring a class map, use one or more match commands to specify

multiple match criteria. For example, use the match access-list command, the

match protocol command, the match vlan command, the match dscp

command, the match precedence command or the match cos command.

When configuring multiple match commands for a class, use the match-any

keyword to specify whether to evaluate the multiple match criteria based on

using logical OR.

A maximum of 256 class maps are allowed.

The name class-default is reserved.

Example The following example (on the next page) specifies class_home_user as the

name of a class map. In this class map, a match statement specifies that the

Syntax Description

NAME Name of the class for the class map. The name can be a maximum of 32

alphanumeric characters. The class name will be referenced in policy map to

configure the policy for the class.

match-any (Optional) Determines how to evaluate the multiple match criteria. Match

statements in this class map will be evaluated based on the logical “OR”

function.

DGS-6600 Series Switch mclass-map

CLI Reference Guide 97

traffic that matches the access control list acl_home_user or match ipv6 protocol

will be included in class_home_user.

Verify the settings by entering the show class-map command.

Switch(config)# class-map match-any class_home_user

Switch(config-cmap)# match access-list acl_home_user

Switch(config-cmap)# match protocol ipv6

Switch(config-cmap)# exit

Switch(config)#

DGS-6600 Series Switch mclass-map (mpls)

CLI Reference Guide 98

class-map (mpls)

Use the class-map command in MPLS QoS configuration mode to set the class

mapping of the policy. Use no class-map to remove the setting.

class-map {inbound exp <VALUELIST 0-7> priority <VALUE 0-7> | outbound [priority

<VALUELIST 0-7>] exp <VALUE 0-7>}

no class-map {inbound | outbound} exp <VALUELIST 0-7>

Default None.

Command Mode MPLS QoS configuration mode.

Usage Guideline Use class-map inbound command to set the mapping from EXP to priority for

incoming packets. If the inbound mapping exists, it will be replaced by the last

setting. Use class-map outbound command to set the mapping from priority to

EXP for outgoing packets. If the outbound mapping exists, it will be replaced by

the last setting.

Example This example shows how to set class-map for MPLS QoS policy1 .

The user can verify their settings by entering the show mpls qos command.

Syntax Description

exp <VALUELIST 0-

Specify the EXP or EXP range for the inbound/outbound mapping

priority <VALUE 0-7> Specify the priority of the inbound EXP mapped

priority <VALUELIST

0-7>

(Optional) specify the priorities will be mapped to the outbound EXP. If no

specify, means all priorities.

exp <VALUE 0-7> Specify the outbound EXP

Switch(config)#mpls qos policy policy1

Switch(config-mpls-router)#class-map inbound exp 0 priority 0

Switch(config-mpls-router)#class-map inbound exp 1 priority 1

Switch(config-mpls-router)#class-map inbound exp 2 priority 2

Switch(config-mpls-router)#class-map inbound exp 3 priority 3

Switch(config-mpls-router)#class-map inbound exp 4 priority 4

Switch(config-mpls-router)#class-map inbound exp 5 priority 5

Switch(config-mpls-router)#class-map inbound exp 6-7 priority 6

Switch(config-mpls-router)#class-map outbound priority 1 exp 6

Swtich(config-mpls-router)#class-map outbound exp 3

Switch(config-mpls-router)#end

Switch#

DGS-6600 Series Switch mclear arp-cache

CLI Reference Guide 99

clear arp-cache

To remove dynamically created entries from the Address Resolution Protocol

(ARP) cache, use the clear arp-cachecommand in Privileged EXEC mode.

clear arp-cache [interface INTERFACE-ID | IP-ADDRESS]

Default None.

Command Mode Privileged EXEC.

Usage Guideline This command is used to delete dynamic entries from the ARP cache. The user

can select to delete all dynamic entries, specific dynamic entries, or dynamic

entries that are associated with a specific IP interface.

Example This example shows how to removes all dynamic entries from the ARP cache.

Syntax Description

INTERFACE-ID (Optional) Removes only the ARP table entries associated with this interface

such as for example, vlan100 for the VLAN interface.

IP-ADDRESS (Optional) IP address to clear from the ARP table.

Switch#clear arp-cache

DGS-6600 Series Switch mclear counters

CLI Reference Guide 100

clear counters

Use the command to clear counters for a specific port interface or all port

interfaces.

clear counters [INTERFACE-ID [ , | - ] ]

Default None.

Command Mode Privileged EXEC.

Usage Guideline For now, only physical port counters are provided.

Examples This example shows how to clear counters of interface eth3.1.

The following example will clear all of physical ports' statistic counters.

The following example will clear eth 3.1-3.24 physical port s' statistic counters.

Syntax Description

INTERFACE-ID (Optional) Specifies the interface ID. If no interface is specified, all counters on

applicable interfaces (physical ports) will be cleared.

Switch# clear counters eth3.1

Switch#

Switch# clear counters

Switch#

Switch# clear counters eth3.1-3.24

Switch#

DGS-6600 Series Switch mclear dos_prevention counter

CLI Reference Guide 101

clear dos_prevention counter

Use this command to clear the counter of all attack types.

clear dos_prevention counter

Syntax None

Default None

Command Mode Global configuration.

Usage Guideline Use to reset counters of DoS prevention to zero.

Examples This example shows how to clear counters.

Switch(config)# clear dos_prevention counter

DGS-6600 Series Switch mclear cpu-protect counters

CLI Reference Guide 102

clear cpu-protect counters

Use this command to clear the cpu-protect related counters.

clear cpu-protect counters [sub-interface [manage | protocol | route] | type [PROTOCOL-

NAME]]

Default None.

Command Mode Privileged EXEC mode.

Usage Guideline If the command clear cpu-protect counters is issued without option, all cpu-

protect related counters will be cleared.

Example The following example shows how to clear all cpu-protect related statistics.

Syntax Description

sub-interface

[manage | protocol |

route]

(Option) Clear the cpu-protect related counters of all sub-interfaces if no sub-

interface name is specified. Specify the sub-interface name to clear the counter

of the specific sub-interface.

type [PROTOCOL-

NAME]

(Optional) Clear the cpu-protect related counters of all protocols if no protocol

name (for example, bgp) is specified. Specify the protocol name to clear specific

counter. See the “Usage Guideline” of the command cpu-protect type for the

valid protocol string.

Switch# clear cpu-protect counters

DGS-6600 Series Switch mclear gvrp statistics interface

CLI Reference Guide 103

clear gvrp statistics interface

Use the clear gvrp statistics command to clear the statistics of a single port, a

range of ports or all gvrp ports.

clear gvrp statistics [ interface INTERFACE-ID [ , | -] ]

Default None.

Command Mode Privileged EXEC mode.

Usage Guideline This command clears the GVRP counters. If the interface-ID is not specified all

GVRP counters for all interfaces will be cleared.

Example This example shows how to clear the GVRP statistics on all interfaces.

Syntax Description

INTERFACE-ID (Optional) Specifies the interface to be cleared. If no interface is specified the

statistics on all interfaces will be cleared.

,(Optional) Specifies a series of interfaces, or separates a range of interfaces

from a previous range.

-(Optional) Specifies a range of interfaces.

Switch# clear gvrp statistics

Switch#

DGS-6600 Series Switch mclear ip bgp

CLI Reference Guide 104

clear ip bgp

To reset BGP connections using hard or soft reconfiguring, use the clearipbgp

command.

clear ip bgp {* | all | AS-NUMBER | NEIGHBOR-ADDRESS} [soft] [in | out]

Default No BGP TCP connections are cleared.

Command Mode Privileged EXEC.

Usage Guideline Use of the clear ip bgp command allows a reset of the neighbor sessions with

varying degrees of severity, depending on the specified keywords and

arguments.

Use the * keyword to reset all neighbor sessions. The software will clear and then

reset the neighbor connections. Use this form of the command in the following

situations:

• Modifying the BGP timer specification

• Modifying the BGP administrative distances

Use the soft and out keywords to clear and reset only the outbound neighbor

connections. Inbound neighbor sessions will not be reset. Use this form of the

command in the following situations:

• Additions or modifications are made to the BGP-related access lists

• Modifying the BGP-related weights

• Modifying the BGP-related distribution lists

• Modifying the BGP-related route maps

Syntax Description

*Specifies that all current BGP sessions will be reset.

AS-NUMBER Specifies that sessions with BGP peers in the specified autonomous system will

be reset. Range for 2-byte numbers are 1 to 65536. Range for 4-byte numbers

are 65536 to 4294967295 or 1.0 to 65535.65535.

NEIGHBOR-

ADDRESS

Specifies that the session of the identified BGP neighbor will be reset. The value

for this argument can be an IPv4 or IPv6 address.

in (Optional) Initiates inbound reconfiguring. If neither the in nor out keywords are

specified, both inbound and outbound sessions are reset.

out (Optional) Initiates inbound or outbound reconfiguring. If neither the in nor out

keywords are specified, both inbound and outbound sessions are reset.

soft (Optional) Initiates a soft reset. Does not reset the session.

DGS-6600 Series Switch mclear ip bgp

CLI Reference Guide 105

Use the in keyword to clear only the inbound neighbor connections. Outbound

neighbor sessions will not be reset. Use this form of the command in the

following situations:

• Additions or modifications to BGP-related access lists.

• Modifying the BGP-related weights

• Modifying the BGP-related distribution lists

• Modifying the BGP-related route maps

Example In the following example, a soft reconfiguration is initiated for the inbound

session with the neighbor 10.100.0.1, and the outbound session is unaffected.

In the following example, the route refresh capability is enabled on the BGP

neighbors routers and a soft reconfiguration is initiated for the inbound session

with the neighbor 172.16.10.2, and the outbound session is unaffected:

In the following example, a hard reset is initiated for sessions with all routers in

the autonomous system numbered 35700:

Switch(config)#clear ip bgp 10.100.0.1 soft in

Switch(config)#

Switch(config)#clear ip bgp 10.100.0.1 soft in

Switch(config)#

Switch(config)#clear ip bgp 35700

Switch(config)#

DGS-6600 Series Switch mclear ip bgp peer-group

CLI Reference Guide 106

clear ip bgp peer-group

To reset BGP connections using hard or soft reconfiguring for all the members of

a BGP peer group, use the clear ip bgp peer-group command.

Without Address Family Syntax.

clear ip bgp peer-group PEER-GROUP-NAME [soft] [in | out]

Default None.

Command Mode Privileged EXEC.

Usage Guideline The clear ip bgp peer-group command is used to initiate a hard reset or soft

reconfiguration for neighbor sessions of BGP peer groups. A hard reset tears

down and rebuilds the specified peering sessions and rebuilds the BGP routing

tables. A soft reconfiguration uses stored prefix information to reconfigure and

activate BGP routing tables without tearing down existing peering sessions.

Soft reconfiguration uses stored update information, at the cost of additional

memory for storing the updates, to allow application of a new BGP policy without

disrupting the network. Soft reconfiguration can be configured for inbound or

outbound sessions.

Use this command whenever any of the following changes occur:

• Additions or modifications to the BGP-related access lists

• Modifications to BGP-related weights

• Modifications to BGP-related distribution lists

• Modifications to BGP-related route maps

The route refresh capability, as defined in RFC 2918, allows the local router to

reset inbound routing tables dynamically by exchanging route refresh requests to

supporting peers. The route refresh capability does not store update information

locally for non-disruptive policy changes. It instead relies on dynamic exchange

with supporting peers. Route refresh is advertised through BGP capability

negotiation. All BGP routers must support the route refresh capability.

Syntax Description

PEER-GROUP-NAME Peer group name.

in (Optional) Initiates inbound reconfiguring. If neither the in nor out keywords are

specified, both inbound and outbound sessions are reset.

out (Optional) Initiates inbound or outbound reconfiguring. If neither the in nor out

keywords are specified, both inbound and outbound sessions are reset.

soft (Optional) Initiates a soft reset. Does not tear down the session.

DGS-6600 Series Switch mclear ip bgp peer-group

CLI Reference Guide 107

To determine if a BGP router supports this capability, use the show ip bgp

neighbors command on page 694 command. The following message is

displayed in the output when the router supports the route refresh capability:

Received route refresh capability from peer

If all BGP routers support the route refresh capability, use the clear ip bgp peer-

group command with the in keyword. It is not necessary to use the soft

keyword, because soft reset is automatically assumed when the route refresh

capability is supported.

Examples In the following example, all members of the BGP peer group named INTERNAL

are reset: In the following example, a soft reconfiguration is initiated for the

inbound session with members of the peer group INTERNAL, and the outbound

session is unaffected:

Switch# clear ip bgp peer-group INTERNAL

Switch#

Switch# clear ip bgp peer-group INTERNAL soft in

Switch#

DGS-6600 Series Switch mclear ip dhcp binding

CLI Reference Guide 108

clear ip dhcp binding

Use this command to delete an address binding from the DHCP Server

database.

clear ip dhcp binding [pool NAME] [ADDRESS]

Default None.

Command Mode Privileged EXEC.

Usage Guideline Use this command to delete the address of the binding. The address denotes the

assigned client's IP address. If no IP address is specified, DHCP server clears all

bindings.

Note the following behavior for the clear ip dhcp binding command:

• If the pool NAME option is not specified and an IP ADDRESS is speci-

fied, it is assumed that the IP address is an address in the global address

space and the command will parse all the DHCP pools for the specified

binding.

• If both the pool NAME option and the ADDRESS option are not specified,

it is assumed that all bindings in all pools are to be deleted.

• If the pool NAME option is specified without the ADDRESS option being

specified, then all the bindings in the specified pool will only be cleared.

• If the pool NAME option and an IP ADDRESS is specified, the specified

binding will be deleted from the specified pool.

Examples The following example deletes the address binding 10.12.1.99 from DHCP

server database:

The following example deletes all bindings from all pools:

Syntax Description

pool NAME (Optional) Name of the DHCP pool. If the pool name option is not specified the

command will parse all the DHCP pools for the specified binding.

ADDRESS (Optional) The IP address of binding to be deleted. If no address is specified, all

of bound addresses are cleared.

swtich# clear ip dhcp binding 10.12.1.99

swtich#

switch# clear ip dhcp binding

DGS-6600 Series Switch mclear ip dhcp binding

CLI Reference Guide 109

The following example deletes address binding 10.13.2.99 from the address pool

named pool2:

Verify the settings by entering the show ip dhcp binding command.

switch# clear ip dhcp pool pool2 binding 10.13.2.99

switch#

DGS-6600 Series Switch mclear ip dhcp conflict

CLI Reference Guide 110

clear ip dhcp conflict

Use this command to clear an address conflict from the DHCP server database.

clear ip dhcp conflict [pool NAME] [ADDRESS]

Default None.

Command Mode Privileged EXEC.

Usage Guideline Use this command to delete the address in conflict. The DHCP server detects the

conflict of an IP address by using a ping session. If no IP address is specified,

DHCP server clears all known IP addresses that are in conflict.

The server detects conflicts using a ping session. The client detects conflicts

using gratuitous Address Resolution Protocol (ARP).

Note the following behavior for the clear ip dhcp conflict command:

• If the pool NAME option is not specified and an IP ADDRESS is speci-

fied, the system parses all the DHCP pools for the address of the speci-

fied conflict.

• If the pool NAME option is not specified and no IP ADDRESS is speci-

fied, then the system deletes all address conflicts from all DHCP pools.

• If the pool NAME option is specified but no IP ADDRESS is specified,

then all conflicts in the specified pool will only be cleared.

• If both the pool NAME option and an IP ADDRESS are specified, the

specified address conflict will be deleted from the specified pool.

Examples The following example shows an address conflict of 10.12.1.99 being deleted

from the DHCP server database.

The following example deletes all the address conflicts from the entire DHCP

server database.

Syntax Description

pool NAME (Optional) Name of the DHCP pool.

ADDRESS (Optional) The IP address, that is in conflict, to be deleted

switch# clear ip dhcp conflict 10.12.1.99

switch#

switch#clear ip dhcp conflict

switch#

DGS-6600 Series Switch mclear ip dhcp conflict

CLI Reference Guide 111

The following example deletes all the address conflicts from the address pool

named pool1:

switch#clear ip dhcp conflict pool pool1

switch#

DGS-6600 Series Switch mclear ip dhcp server statistics

CLI Reference Guide 112

clear ip dhcp server statistics

Use this command to reset all Dynamic Host Configuration Protocol (DHCP)

server counters.

clear ip dhcp server statistics

Syntax None.

Default None.

Command Mode Privileged EXEC.

Usage Guideline This command clears all of the DHCP statistic counters. That is all of counters

will be initialized, or set to zero.

Example The following example resets all DHCP counters to zero.

switch# clear ip dhcp server statistics

switch#

DGS-6600 Series Switch mclear ip ospf

CLI Reference Guide 113

clear ip ospf

Use this command to restart the OSPF process.

clear ip ospf

Syntax None.

Default None.

Command Mode Privileged EXEC.

Usage Guideline This command is used to restart the OSPF routing process. The following is a

situation where this command can be used:

• When a new route-ID is configured, it will not take effect until next time

the switch is booted. When the OSPF process is restarted by this com-

mand, the new router-ID will take effect immediately without having to

reboot the switch.

Example This example shows how to restart all of OSPF processes.

Switch>enable

Switch# clear ip ospf

DGS-6600 Series Switch mclear ipv6 dhcp client

CLI Reference Guide 114

clear ipv6 dhcp client

This command is used to restart the DHCPv6 client on an interface.

clear ipv6 dhcp client INTERFACE-NAME

Default None.

Command Mode Privileged EXEC.

Usage Guideline The clear ipv6 dhcp client command restarts DHCP for an IPv6 client on a

specified interface after first releasing and un-configuring the previously acquired

prefixes and other configuration options (for example, Domain Name System

[DNS] servers).

Example The following example restarts the DHCPv6 client for interface vlan1:

Syntax Description

INTERFACE-NAME Specifies the identifier of the switch interface on which to restart the DHCPv6

client.

Switch > enable

Switch # clear ipv6 dhcp client vlan1

Success.

Switch #

DGS-6600 Series Switch mclear ipv6 neighbors

CLI Reference Guide 115

clear ipv6 neighbors

This command is used to clear the IPv6 neighbor information.

clear ipv6 neighbors [IFNAME]

Syntax None.

Default None.

Command Mode Privileged EXEC.

Usage Guideline The command clear ipv6 neighbors will only clear dynamic entries.

Example This example shows how to clear instances of IPv6 neighbors:

Switch > enable

Switch # clear ipv6 neighbors vlan1

Switch #

DGS-6600 Series Switch mclear ipv6 ospf process

CLI Reference Guide 116

clear ipv6 ospf process

To restart the state of IPv6 OSPF, use the clear ipv6 ospf process command.

clear ipv6 ospf [PROCESS-ID] process

Default None

Command Mode User EXEC

Usage Guideline When the clear ipv6 ospf process command is used, the IPv6 OSPF database

is cleared and repopulated. Once the database is cleared and repopulated the

SPF algorithm will be performed.

Use the PROCESS-ID option to clear only one IPv6 OSPF process. If the

PROCESS-ID option is not specified, all IPv6 OSPF processes are cleared.

Example The following example restarts the SPF algorithm by clearing the IPv6 OSPF

processes from the database.

Syntax Description

PROCESS-ID (Optional) Internally used identification parameter for an IPv6 OSPF routing

process. It is locally assigned and can be any positive integer. A unique value is

assigned for each IPv6 OSPF routing process.

Switch > enable

Switch # clear ipv6 ospf process

DGS-6600 Series Switch mclear ipv6 rip

CLI Reference Guide 117

clear ipv6 rip

To delete routes from the IPv6 RIP routing table, use the clear ipv6 rip

command.

clear ipv6 rip

Syntax None.

Default None.

Command Mode Privileged EXEC.

Usage Guideline All IPv6 RIP routes are deleted.

Examples The following example deletes all the IPv6 routes for the RIP process.

Switch > enable

Switch # clear ipv6 rip

DGS-6600 Series Switch mclear lldp neighbors

CLI Reference Guide 118

clear lldp neighbors

Use this command to delete all LLDP information learned from neighboring

devices.

clear lldp neighbors [interface INTERFACE-ID [, | -] ]

Default None.

Command Mode EXEC mode.

Usage Guideline If the command clear lldp neighbors is issued without interface keyword, all

neighboring information on all interfaces will be deleted.

Example This example shows how to delete all neighboring information on all interfaces:

Syntax Description

INTERFACE-ID (Optional) Delete LLDP neighboring information for a specific interface. Valid

interfaces must be physical interfaces.

, (Optional) Specifies a series of physical interfaces. No space before or after the

comma.

- (Optional) Specifies a range of physical interfaces. no space before or after the

hyphen.

Switch# clear lldp neighbors

DGS-6600 Series Switch mclear lldp statistics

CLI Reference Guide 119

clear lldp statistics

Use this command to delete LLDP statistics.

clear lldp statistics [interface INTERFACE-ID [, | -] ]

Default Not applicable.

Command Mode EXEC mode.

Usage Guideline You can use this command with interface keyword to reset LLDP statistics of the

specified interface(s). If the command clear lldp statistics is issued without

interface keyword, only global LLDP statistics will be cleared.

Example This example shows how to reset all LLDP statistics:

Syntax Description

interface

INTERFACE-ID

(Optional) Specifies the interface to clear LLDP neighboring information. Valid

interfaces are physical interfaces.

, (optional) Specifies a series of physical interfaces. No space before and after the

comma.

- (optional) Specifies a range of physical interfaces. No space before and after the

hyphen.

Switch# clear lldp statistics

DGS-6600 Series Switch mclear logging

CLI Reference Guide 120

clear logging

Use this command to clear log messages from the system logging buffer.

clear logging

Syntax None.

Default None.

Command Mode EXEC Mode.

Usage Guideline Use this command to clear log messages from the logging buffer.

Example The following example to show how to clear log messages in buffer.

Switch> enable

Switch# clear logging

Switch#

DGS-6600 Series Switch mclear mac address-table

CLI Reference Guide 121

clear mac address-table

Use the clear mac address-table command to delete from the MAC address

table:

• specific dynamic address,

• all dynamic addresses on a particular interface,

• all dynamic addresses,

• or all dynamic addresses on a particular VLAN.

clear mac address-table {dynamic [address MAC-ADDR | interface INTERFACE-ID | vlan

VLAN-ID]}

Default None.

Command Mode Privileged EXEC.

Usage Guideline When using the address MAC-ADDR argument, only the dynamic entries will be

cleared.

Example This example shows how to remove a specific MAC address from the dynamic

address table:

Verify the information was deleted by entering the show mac address-table

command.

Syntax Description

address MAC-ADDR Delete the specified dynamic MAC address.

interface

INTERFACE-ID

The specified interface can be a physical port or port-channel.

vlan VLAN-ID (Optional) Specifies the VLAN ID; valid values are from 1 to 4094.

Switch# clear mac address-table dynamic address 00:08:00:70:00:07

DGS-6600 Series Switch mclear mac address-table vpls

CLI Reference Guide 122

clear mac address-table vpls

Use clear mac address-table vpls command in EXEC mode to clear VPLS

MAC address.

clear mac address-table vpls dynamic [VPLS-NAME [{peer IP-ADDRESS | ac interface

INTERFACE-ID [vlan VLAN-ID] | address MAC-ADDR}]]

Default N/A.

Command Mode EXEC mode or any configuration mode.

Usage Guideline This command is used to clear VPLS MAC address. A user can select to clear a

specified VPLS MAC address, or the VPLS MAC addresses on a specified VPLS

peer, or the VPLS MAC addresses on a specified VPLS AC, or the VPLS MAC

addresses on a specified VPLS, or all VPLS MAC addresses.

Example The following example show how to clear all VPLS MAC addresses.

The following example shows how to clear VPLS MAC addresses for a VPLS.

The following example shows how to clear VPLS MAC address for a peer of a

VPLS.

Syntax Description

dynamic Specifies dynamic VPLS MAC address will be cleared.

VPLS-NAME (Optional) Specifies VPLS name. The name range is 1 - 32 characters.

peer (Optional) Specifies a peer in a VPLS.

IP-ADDRESS (Optional) Specifies the LSR ID that is used to identify the PE which the peer

belongs to.

ac (Optional) Specifies a local AC in a VPLS.

interface

INTERFACE-ID

(Optional) Specifies Ethernet interface of a local AC.

vlan VLAN-ID (Optional) Specifies a local AC is Ethernet VLAN based AC and related VLAN

ID. If none are specified a local AC is Ethernet based AC.

address MAC-ADDR (Optional) Specifies the MAC address needs to be cleared.

switch#clear mac address-table vpls dynamic

switch#

switch#clear mac address-table vpls dynamic vpls100

switch#

switch#clear mac address-table vpls dynamic vpls100 peer 1.1.1.1

switch#

DGS-6600 Series Switch mclear mac address-table vpls

CLI Reference Guide 123

The following example shows how to clear VPLS MAC addresses for a local AC

of a VPLS.

The following example shows how to clear one VPLS MAC address.

switch#clear mac address-table vpls dynamic vpls100 ac interfaceeth1.1 vlan

100

switch#

switch#clear mac address-table vpls dynamic vpls100 address

00:11:22:33:44:55

switch#

DGS-6600 Series Switch mclear port-security

CLI Reference Guide 124

clear port-security

To delete all of the secured MAC addresses, except for manually configured

secured MAC addresses, from the MAC address table, use the clear port-

security command.

clear port-security [{address MAC-ADDR} | {interface INTEFACE-ID}] [vlan VLAN-ID]

Default None.

Command Mode EXEC Mode.

Usage Guideline This command clears secure MAC address that are auto-learned only and not

manually configured MAC addresses.

If the clear port-security command is entered without adding any keywords or

arguments, the switch removes all the secure MAC addresses from the MAC

address table.

If the clear port-security interface INTERFACE-ID command is entered, all the

secure MAC addresses auto-learned on the specified interface are removed from

the MAC address table.

Example This example shows how to remove a specific secure address from the MAC

address table.

This example shows how to remove all the secure MAC addresses auto-learned

on a specific interface.

Syntax Description

address MAC-ADDR (Optional) Deletes the specified secure MAC address auto-learned.

Interface INTEFACE-

(Optional) Deletes all secure MAC addresses auto-learned on the specified

physical.

vlan VLAN-ID (Optional) Deletes the specified secure MAC address from the specified VLAN.

Switch# clear port-security address 0080.0070.0007

Switch#

Switch# clear port-security interface eth3.1

DGS-6600 Series Switch mclear running-config

CLI Reference Guide 125

clear running-config

Use this command to clear the system’s running configuration.

clear running-config

Syntax None.

Command Mode Privileged EXEC at level 15.

Usage Guideline The user can enter the clear running-config factory-defaults command to

clear the system configuration retained in Dynamic RAM.

Before using the clear running-config command, save a backup of the

configuration using the copy command or upload a configuration profile into the

system. When the clear running-config command is entered, the system resets

the running configuration with the factory default settings.

Since the command clears all of system configuration settings including IP

parameters, any remote management applications will loose their connections.

Therefore, before proceeding, a confirmation should be applied. In addition, it is

suggested to reload a configuration file immediately after clearing the

configuration.

The clear running-config command clears all system configuration settings

including the MGMT-IP address which is set back to the factory default of

10.90.90.90/8.

Example The following example demonstrates how to clear system running configuration.

Switch# clear running-config

This command will clear all of system configuration as factory default

setting including IP parameters.

Do you want to continue (y/n) [n]? y

..............................

Switch#

DGS-6600 Series Switch mclear spanning-tree detected-protocols

CLI Reference Guide 126

clear spanning-tree detected-protocols

To restart the protocol migration, use the clear spanning-tree detected-

protocol command.

clear spanning-tree detected-protocols [interface INTERFACE-ID]

Default None.

Command Mode EXEC Mode.

Usage Guideline This configuration is only effective for RSTP version or MSTP mode. By issuing

the command the port protocol migrating state machine will be forced to

SEND_RSTP state. This action can be used to test whether all legacy bridges on

a given LAN have been removed. If there is no STP Bridge on the LAN, the port

will operate in the configured mode, either in RSTP or MSTP mode. Otherwise,

the port will operate in STP mode.

RSTP and MST have built-in compatibility mechanisms that allow them to

interact properly with other versions of IEEE spanning tree or other regions. For

example, a bridge running RSTP can send 802.1D BPDUs on one of its ports

when it is connected to a legacy bridge. An MST bridge can detect that a port is

at the boundary of a region when it receives a legacy BPDU or an MST BPDU

that is associated with a different region. These mechanisms are not always able

to revert to the most efficient mode. For example, an RSTP bridge that is

designated for a legacy 802.1D stays in 802.1D mode even after the legacy

bridge has been removed from the link. Similarly, an MST port assumes that it is

a boundary port when the bridges which it is connected to have joined the same

region. To force the MST port to renegotiate with the neighbors, enter the clear

spanning-tree detected-protocol command.

Entering the clear spanning-tree detected-protocol command with no

arguments, applies the command to every port of the switch.

Example This example shows how to trigger the protocol migration event for all ports.

Syntax Description

interface

INTERFACE-ID

(Optional) Specifies the port interface that will trigger the detecting action. If no

option is specified, every port is effected by this command.

Switch# clear spanning-tree detected-protocols

DGS-6600 Series Switch mclear vlan-tunnel ctag-mapping dynamic

CLI Reference Guide 127

clear vlan-tunnel ctag-mapping dynamic

Use this command to clear all dynamically learned mappings between customer

VLAN tags and source IPs.

clear vlan-tunnel ctag-mapping dynamic

Syntax None.

Default None.

Command Mode User EXEC.

Usage Guideline This command is used to clear all dynamically learned mappings between a

customer VLAN tag and source IP in the switch software. When the setting of a

VLAN tunnel is changed, as for example its interface-type or TPID, then the new

setting could for example cause the system to send out control packets with the

wrong customer VLAN tag. In this situation, use this command to clear the

incorrect dynamically learned mapping entries to re-learn the correct customer

VLAN tag mapping with the source IP.

Examples This example shows how to clear all dynamically learned customer VLAN tag

mappings.

Switch# clear vlan-tunnel ctag-mapping dynamic

Switch#

DGS-6600 Series Switch mclock set

CLI Reference Guide 128

clock set

Use this command to manually set the system clock.

clock set HH:MM:SS DAY MONTH YEAR

Default Hardware Generated - 00:00:00 01 January 1993.

Command Mode Privileged EXEC at Privilege level 15.

Usage Guideline Generally, if the system is synchronized by a valid outside timing mechanism,

such as SNTP, it is not necessary to set the clock manually. Use this command if

no other time sources are available. Use the clock timezone command on

page 131 to configure the time zone applied to the clock settings. The clock

configured by this command will be applied to RTC if it is available. The

configured clock will not be stored in the configuration file.

If the clock is manually set and the SNTP server is configured, the system will still

try to sync the clock with the server. If time sync is successful, the SNTP server

set time replaces the manually set time.

If the SNTP state changes from enabled to disabled, the system clock continues

operations but no longer attempts to sync time with the server.

Example The following example shows how to manually set the software clock to 6:00

p.m. on Aug 22, 2010:

Verify the settings by entering the show clock command.

Syntax Description

HH:MM:SS Current time in hours (24-hour format), minutes and seconds.

DAY Current day (by date) in the month.

MONTH Current month (by name, January, Jan, February, Feb, and so on).

YEAR Current year (no abbreviation).

Switch# clock set 18:00:00 22 Aug 2010

Switch#

DGS-6600 Series Switch mclock summer-time

CLI Reference Guide 129

clock summer-time

Use one of the optional keyword formats of the clock summer-time command to

configure the system time to automatically set the seasonal time adjustment

(daylight saving time). To disable automatic seasonal time adjustment, use the

no form of this command.

clock summer-time recurring WEEK DAY MONTH HH:MM WEEK DAY MONTH HH:MM

[ OFFSET ]

clock summer-time date DATE MONTH HH:MM DATE MONTH HH:MM [ OFFSET ]

no clock summer-time

Default Disabled.

OFFSET: 60

Command Mode Global configuration.

Usage Guideline Use this command to automatically make seasonal time changes for the system

clock.

The recurring mode is used to make time adjustment to begin and end on a

specified week day, week and month. Use the date mode to make the time

change begin and end on specified calendar dates. The syntax for both modes

uses the first portion of the parameter to express the beginning of the time

adjustment period while the ending of the period is expressed in the second

portion.

Syntax Description

recurring Indicates that a summer seasonal time change should start and end on the

specified day and week of the specified month. For example: summer time

adjustment begins Sunday in the first week of April.

date Indicates that summer time should start and end on the specified date of the

specified month.

WEEK Week of the month (1 to 4 or last).

DAY Day of the week (sun, mon, and so on).

DATE Date of the month (1 to 31).

MONTH Month (by name , January, February, and so on).

HH:MM Time (24 hours format ) in hours and minutes.

OFFSET (Optional) Number of minutes to add during summer time (default is 60)The

range of offset is 30, 60, 90 and 120.

DGS-6600 Series Switch mclock summer-time

CLI Reference Guide 130

Example The following example shows how to specify that summer time starts on the first

Sunday in April at 2 a.m. and ends on the last Sunday in October at 2 a.m:

Verify the settings by entering the show clock command.

Switch# configure terminal

Switch(config)# clock summer-time recurring 1 sun April 2:00 last sun October 2:00

Switch(config)# end

DGS-6600 Series Switch mclock timezone

CLI Reference Guide 131

clock timezone

Use the command to set the time zone for display purpose. To set the time to

Coordinated Universal Time (UTC), use the no form of this command.

clock timezone {+|-} HOURS-OFFSET [MINUTES-OFFSET]

no clock timezone

Default UTC.

Command Mode Global configuration.

Usage Guideline The time obtained by SNTP server refers to the UTC time. The local time will be

calculated based on UTC time, time zone, and the daylight saving configuration.

Example The following example shows how to set the time zone to Pacific Standard Time

(PST), which is 8 hours behind UTC:

Verify the settings by entering the show clock command.

Syntax Description

+|- ‘+’ means time to be added to the UTC; ‘-’ means time to be subtracted from the

UTC.

HOURS-OFFSET Hours difference from UTC.

MINUTES-OFFSET (Optional) Minutes difference from UTC.

Switch# configure terminal

Switch(config)# clock timezone - 8

Switch(config)# end

DGS-6600 Series Switch mcolor-aware

CLI Reference Guide 132

color-aware

Use the color-aware command to specify the color aware mode for a class. Use

the no form of the command to set the class to color blind mode.

color-aware

no color-aware

Syntax None.

Default color-blind mode.

Command Mode Policy-map class configuration.

Usage Guideline The color-aware command specifies that the configured policer for the traffic

class will operate in color aware mode. In color aware mode, the initial color of

the packet and the policer metering result determines the final color. The initial

color of the packet is mapped from the incoming DSCP based on the DSCP to

color map if the receiving port trusts DSCP. If the receiving port trusts CoS, then

the initial color is mapped from the incoming CoS based on the CoS to color

map.

If the configured policer operates in color blind mode, then the policer metering

result determines the final color.

The color aware mode only works for three-color policer.

Examples The following example creates the policy map pcolor-map1 and configures the

policy of running color aware mode and two rate policing for the class1 class in

the policy map.

The following example attach the pcolor-map1 policy map to eth3.1 and sets the

port to trust CoS and defines the CoS to color map.

Verify the settings by entering the show policy-map command.

Switch(config)# policy-map pcolor-map1

Switch(config-pmap)# class class1

Switch(config-pmap-c)# color-aware

Switch(config-pmap-c)# police cir 500000 bc 10000 pir 1000000 be 10000

exceed-action set-dscp-transmit 2 violate-action drop

Switch(config-pmap-c)# exit

Switch(config-pmap)# exit

Switch(config)# interface eth3.1

Swtich (config-if)# service-policy pcolor-map1

Swtich (config-if)# qos trust cos

Swtich (config-if)# qos map cos-color 1-7 to green

Swtich (config-if)# exit

DGS-6600 Series Switch mcommand prompt

CLI Reference Guide 133

command prompt

Use this command to change to use the product name, system name, or user-

defined string as the prompt and specify whether to display the privilege level in

the prompt.

command prompt [level | no-level] [string STRING | product-name | system-name]

Default product-name with privilege level.

Command Mode Privileged EXEC or Global Configuration.

Usage Guideline The prompt refers to the string that appears indicating to a user to input a

command. It consists of two parts. The first part is the prompt name. The second

part is the privileged level.

Using this command, the user can change the prompt to use either the product

name or system name and specify whether or not to display the privilege level in

the prompt.

Either one or both settings can be changed. If the user selects to use the product

name or the system name as the prompt, only the first 8 characters are taken.

The prompt will be changed immediately after the command is executed.

Examples This example shows how to change the prompt to use the system name.

The following example shows how to set the command prompt back to default

setting: (product name and privilege level).

The following example shows how to hide the privilege information from the

console prompt.

Syntax Description

level (Optional) The privilege level information is appended to prompt name.

no-level (Optional) No privilege level information is appended to prompt name.

string STRING (Optional) Specifies the user-defined prompt. The valid length is 1-8 characters.

The syntax is a user-defined string.

product-name (Optional) Use the product name as the prompt name

system-name (Optional) Use the system name (as defined in SNMP System group MIB) as the

prompt name.

switch:15# command prompt system-name

switch:15# command prompt

switch:15# command prompt no-level

DGS-6600 Series Switch mcommand prompt

CLI Reference Guide 134

This example shows define alpha as the console prompt.

DGS-6600:15# command prompt level string alpha

DGS-6600 Series Switch mconfigure terminal

CLI Reference Guide 135

configure terminal

Use this command to enter the global configuration mode.

configure terminal

Syntax None.

Default None.

Command Mode Privileged EXEC.

Usage Guideline Entering into the configuration mode allows configuration settings of the switch to

be entered or modified i.e. performing switch configuration.

Example This example shows how to enter into the configuration mode:

Switch#configure terminal

Switch(config)#

DGS-6600 Series Switch mcopy

CLI Reference Guide 136

copy

Use the copy command to copy a image, log or configuration file from a remote

or local source to a local or remote destination file.

copy SOURCE-URL DESTINATION-URL

copy SOURCE-URL tftp:\\ {IP-ADDRESS | IPv6-ADDRESS}\[DIRECTORY\]FILENAME [IFNAME]

copy tftp:\\ {IP-ADDRESS | IPv6-ADDRESS}\[DIRECTORY\] FILENAME DESTINATION-

URL [IFNAME]

Syntax Description

SOURCE-URL Specifies the source URL for the source file to be copied. The URL consists of

from 1 to 95 characters. The syntax can use alphanumeric and special

characters, but that does not allow space and (_/:*?”<>|_) characters.

The URL has two forms. One of them is represented by keyword. For the second

form, it is prefixed by the media. The acceptable media are flash:\ and cf1:\.

Flash:\ refers to system internal on-board FLASH memory

cf1:\ represents the first opened slot compact FLASH memory.

The source can be either local or remote. For download purpose, the source is in

remote server. For upload purpose, the source is located locally.

If the running-config is specified as the SOURCE-URL, the purpose is to upload

the running configuration or save the running-configuration as the startup

configuration.

If the system-log is specified as the SOURCE-URL, the system log can be

retrieved to TFTP server.

If the startup-config is specified as the SOURCE-URL, the purpose is to upload

the startup configuration and save it as: a file in the file system or as the running-

configuration.

DGS-6600 Series Switch mcopy

CLI Reference Guide 137

Default For copy system_log command, if no file name or tftp server is specified as

destination, then a the default destination will be flash:\system.log.

Command Mode Privileged EXEC and MDMT-IF .

Level 15 for configuration copy.

Usage Guideline The copy command (when the source/destination URL is running-config, startup

config is only available at privilege level 15.

Use this command to download or upload the image file or the configuration file

between remote TFTP server and the local file system. Also use this command to

upload system log to TFTP server.

The copy SOURCE-URL DESTINATION-URL command is used to copy file

from system flash to compact flash or vice versa.

DESTINATION-URL Specifies the destination URL as the target for the copied file. The URL consists

of from 1 to 95 characters. The syntax can use alphanumeric and special

characters, but that does not allow space and (_/:*?”<>|_) characters.

The URL has two forms. One of them is represented by keyword. For the second

form, it is prefixed by media. The acceptable media are flash:\, cf1:\.

Flash:\ refers to system internal on-board FLASH memory

cf1:\ represents the first opened slot compact FLASH memory.

The destination can be either local or remote. When downloading the destination

is target is the local file system. When uploading the destination is on a remote

server.

When running-config is specified as the DESTINATION-URL, it will write the

source file contents as the running configuration.

When startup-config is specified as DESTINATION-URL, the source file contents

will be saved as the next-boot configuration. It will saved into the current

configuration file in NVRAM and the file name will be maintained as the file name

specified with boot config command.

DIRECTORY\ The directory name of the source or destination file in TFTP server.

FILENAME The source or destination file in TFTP server. The FILENAME consists of from 1

to 95 characters (shared with directory name). The syntax can use alphanumeric

and special characters, but that does not allow space and (_/:*?”<>|_)

characters.

IFNAME User need to specify the IFNAME if the IPv6 address of TFTP server is link-local

address.

IPv6-ADDRESS\ The IPv6 address of TFTP server.

IP-ADDRESS\ The IP address of TFTP server.

DGS-6600 Series Switch mcopy

CLI Reference Guide 138

To upload the running configuration or save the running-configuration to startup

configuration, specify running-config as the SOURCE-URL. To save it to the

startup config, specifies startup-config as the DESTINATION-URL.

Notice: If the destination is the startup-config file, the source file is directly

copied to the file specified in boot config command. This means the original

startup-config file is overwritten by the running configuration.

To apply a configuration file to the running configuration, specify running-config

as the DESTINATION-URL.

Notice: If the source is a system-log and the destination is a file, the current

system log information is saved to NVRAM with the specified name. Be aware

that any copy running-config action does not imply any system log copy or

saving action.

To represent a file in the remote TFTP server, the URL must be prefixed with

tftp:\\.

If the SOURCE-URL or DESTINATION-URL is a tftp server, it uses switch port to

connect the network under execution mode. Under management mode It uses

the management port to connect the network.

In this chassis based switch, the runtime image also contains the operational

code for the line cards. The operational code is automatically synced to the line

card during the boot-up procedure.

Any file to be downloaded (or copied) to the directory to be an image file in the

system's flash or downloaded (or copied) to be the startup-image will be checked

and verified whether it is an image file with a correct checksum and model ID.

Any file to be downloaded (or copied) as the startup-config or the running-config

will be checked and verified whether it is a configuration file or not (the boot

config command will also check whether it is a configuration file or not first).

DGS-6600 Series Switch mcopy

CLI Reference Guide 139

Examples This example shows how to configure the switch (running configuration) to use a

configuration (switch-config.txt) that is download from a TFTP

server(10.1.1.254).

This example shows how to upload (retrieve) the running configuration to a TFTP

server for storage.

This example shows how to configure the switch (running configuration) using a

configuration (switch-config.txt) that is download from a TFTP

server(10:1:1::254).

This example shows how to upload (retrieve) the running configuration to a TFTP

server for storage.

Switch# copy tftp:\\10.1.1.254\config\switch-config.txt running-config

Configure using 10.1.1.254\config\switch-config.txt (y/n) [n]? y

Finished network download. (134 bytes)

Apply to system configuration…. Completed.

Switch#

Switch# copy running-config tftp:\\10.1.1.254\config\switch-config.txt

Upload configuration to tftp:10.1.1.254 \config\switch-config.txt, (y/

n)[n]? y

Configuration has been copied successfully.

Switch#

Switch# copy tftp:\\10:1:1::254\config\switch-config.txt running-config

Configure using tftp:\\10:1:1::254\config\switch-config.txt (y/n) [n]? y

Finished network download. (134 bytes)

Apply to system configuration….

Completed.

Switch#

Switch# copy running-config tftp:\\10:1:1::254\config\switch-config.txt

Upload configuration to tftp:\\10:1:1::254\config\switch-config.txt, (y/n)

[n]? y

Configuration has been copied successfully.

Switch#

DGS-6600 Series Switch mcopy

CLI Reference Guide 140

This example shows how to upload (retrieve) the running configuration to a TFTP

server with link-local address for storage.

This example shows how to save system running configuration into FLASH

memory and used for next boot configuration.

Switch# copy running-config tftp:\\fe80::21b:fcff:fe0e:35de\switch-

config.txt vlan52

Upload configuration to tftp:\\fe80::21b:fcff:fe0e:35de\switch-config.txt,

(y/n) [n]?y

Configuration has been copied successfully.

Switch#

Switch(config)# copy running-config startup-config

Save system configuration (y/n) [n], y

Configuration has been copied successfully.

Switch(config)#

DGS-6600 Series Switch mcos remarking

CLI Reference Guide 141

cos remarking

Use this command to remark the receiving CoS priority for a VLAN tunnel

application. Use the no form of this command to set as customer CoS trusted.

cos remarking NEW-COS [C-VID [, | -]]

no cos remarking [C-VID[, | -]]

Default No COS remarking is set. The user/inner cost is trusted at the interface.

Command Mode Interface configuration.

Usage Guideline This command is used for UNI port for VLAN tunnel application.

Use the cos remarking command to remark the outer tag priority. As CoS

remarking is applied for VLAN encapsulation, the new CoS value is added into

the outer priority tag. As CoS remarking is applied to VLAN remarking, the new

CoS value is used to remark (replace) the priority tag.

To retain the priority from the receiving packet, use no cos remarking to make

the system replicate or retain the original priority tag value to/as the out-going

priority tag. This is also referred as user/inner COS trusted. The COS tag

replication is only applied to outer priority tag in VLAN encapsulation and the

COS remarking (replacement) is applied for the VLAN remarking.

Syntax Description

NEW-COS Specifies the new COS value to be added into the outer priority tag for VLAN

encapsulation. Alternatively it is used to replace the priority tag for VLAN

remarking. The available value is 0~7.

C-VID [, | -] (Optional) Specifies the receiving packet with the inner VLAN (customer VLAN

ID, CVID) in this list it will use the new COS value and it will be added into the

outer priority tag (in VLAN encapsulation) or is used to replace the priority tag (in

VLAN remarking).

If C-VID[,|] is not specified for the no cos remarking command, then the ingress

port will trust the user's priority tag and replicate/retain the priority tag except

those customers' VLANs that have been set by cos remarking NEW-COS C-

VID [, | -] command.

If C-VID[,|] is not specified for the cos remarking NEW-COS command, then

the ingress port will remark the user's priority tag and remark/replace the priority

tag except those customers' VLANs that have been set by cos remarking NEW-

COS C-VID [, | -] (cos remarking NEW-COS command is not set at the

interface).

The available values are 1~4094 and only the C-VID has been defined in VLAN

encapsulation or VLAN remarking pair that can be accepted by this command.

That is, the VLAN encapsulation or VLAN remarking pair must be defined, before

the CoS remarking policy is changed.

DGS-6600 Series Switch mcos remarking

CLI Reference Guide 142

Use the no cos remarking C-VID command (with optional parameters) to set

the related C-VID as customer CoS trusted at the interface (cos remarking

NEW-COS command is not set at the interface).

Example Please follow the below example for a detailed step by step explanation

1. Go to interface Ethernet 4.1.

2. Configure a VLAN encapsulation for C-VID 101-104 to S-VID 1001 and cus-

tomer CoS trusted.

3. Configure COS remarking for all incoming packets at Ethernet 4.1 as priority

of 7.

4. Remark C-VID 101 packet priority as 3, and others use priority 7 remarking.

5. Change the interface as CoS trusted. That is C-VID 101 will be priority

remarking, C-VID 102-104 still remained in customer CoS trusted state, and

interface has been set as Customer CoS trusted.

6. The system will trust all of incoming packets CoS, because C-VID is set as

Customer CoS trusted now.

Verify the settings by entering show vlan-tunnel command.

Siwthc(config)#interface eth4.1

Switch(config-if)#vlan encapsulation 1001 101-104

Switch(config-if)#cos remarking 7

Switch(config-if)#cos remarking 3 101

Switch(config-if)#no cos remarking

Switch(config-if)#no cos remarking 101

DGS-6600 Series Switch mcpu-protect safeguard

CLI Reference Guide 143

cpu-protect safeguard

Use this command to enable and configure the threshold for Safeguard Engine.

Use the no form of this command to disable Safeguard Engine.

cpu-protect safeguard threshold RISING-THRESHOLD FALLING-THRESHOLD

no cpu-protect safeguard

Default By default Safeguard_Engine is disabled.

By default rising threshold of CPU utilization is 50.

By default falling threshold of CPU utilization is 20.

Command Mode Global configuration.

Usage Guideline The Safeguard Engine can help the overall operability of the device by

minimizing the workload of the switch while the attack is ongoing, thus making it

capable to forward essential packets over its network in a limited bandwidth.

When the CPU utilization of the switch rises over configured rising threshold, it

will enter exhausted mode. In exhausted mode, the switch limits the bandwidth of

receiving ARP request and drop all broadcast IP packets. Regarding the way to

limit the bandwidth is project dependent.

You can use the command cpu-protect safeguard to configure the threshold

and enable the Safeguard Engine. The command no cpu-protect safeguard is

used to disable Safeguard Engine. The command no cpu-protect safeguard

will reset both the rising and falling thresholds and disable the state of Safeguard

Engine.

Example The following example shows how to configure the thresholds and enable

Safeguard Engine. The rising and falling threshold are 60 and 40 respectively.

Syntax Description

threshold Configure the utilization for the Safeguard Engine.

RISING-THRESHOLD Set a percentage value of the rising CPU utilization which will trigger the

Safeguard Engine function. Once the CPU utilization rises over the specified

percentage, the Safeguard Engine mechanism will initiate. The valid range is 20

to 100.

FALLING-

THRESHOLD

The user can set a percentage value of the falling CPU utilization which will

trigger the Safeguard Engine function to cease. Once the CPU utilization falls to

the specified percentage, the Safeguard Engine mechanism will shut down. The

valid range is 20 to 100.

Switch(config)# cpu-protect safeguard threshold 60 40

DGS-6600 Series Switch mcpu-protect safeguard

CLI Reference Guide 144

The following example shows how to disable Safeguard Engine and reset

threshold to default value.

You can verify your settings by entering show cpu-protect safeguard

command.

Switch(config)# no cpu-protect safeguard

DGS-6600 Series Switch mcpu-protect sub-interface

CLI Reference Guide 145

cpu-protect sub-interface

Use this command to configure the rate-limit for traffic destined to CPU by sub-

interface type.

cpu-protect sub-interface {manage | protocol | route} pps RATE

no cpu-protect sub-interface {manage | protocol | route}

Default none.

Command Mode Global Configuration.

Usage Guideline The reasons of packets are destined to CPU can be classified into three groups:

manage, protocol and route. The sub-interface is a logical interface, which

handles the CPU received packets by different groups. Generally speaking, the

protocol packets should have higher priority to make sure the functions work

normally. CPU usually does not involve in the routing packets. In few cases, such

as leaning new IP address or default route is not specified, some packets will be

sent to CPU for software routing. The user can use this command to limit the rate

of routed packets to avoid CPU spending too much time for routing packets. The

classification of each protocol type lists at Table 1. When the no-form of this

command is configured, the related counter will reset to zero.

Example The following example shows how to set rate limit of manage packet group, and

set threshold to 1000 packets per seconds.

The following example shows how to remove rate-limit of management traffic.

Verifying the settings by show cpu-protect sub-interface command.

Syntax Description

RATE Specify the threshold. the unit is packets per second. The valid range is project

dependent. When set to 0, all packets of the specified sub-interface type will be

dropped. The max RATE is 2000

Switch(config)# cpu-protect sub-interface manage pps 1000

Switch(config)# no cpu-protect sub-interface manage

DGS-6600 Series Switch mcpu-protect type

CLI Reference Guide 146

cpu-protect type

Use this command to configure the rate-limit of traffic destined to CPU by

protocol type.

cpu-protect type PROTOCOL-NAME pps RATE

no cpu-protect type PROTOCOL-NAME

Default None.

Command Mode Global configuration.

Usage Guideline CPU must handle certain packets, such as routing protocols, Layer 2 protocols,

and packets for management. If the traffic destined to CPU overloads, the CPU

will spend much time processing unnecessary traffic, and the routing processes

are impacted. To mitigate the impact, the user can use this command to control

the threshold of individual protocol packets. When the no-form of this command

is configured, the related counter will reset to zero.

Supported Protocols that can be configured rate-limit:

The following table lists the reference for the supported protocols for the cpu-

protect type command. According to the purpose of packets destined to CPU, the

router creates three virtual sub-interfaces to process the packets:

• manage: The packets are destined to one of the router interfaces via the

interactive access protocol, such as Telnet and SSH.

• protocol: The packets are protocol control packets which can be identi-

fied by the router.

• route: Others, packets traversing the router for routing that must be pro-

cessed by the router CPU (e.g. software routing) before it can be routed

without CPU's involvement.

The classification of each protocol lists at the column of “Classification (sub-

interface)”.

Syntax Description

PROTOCOL-NAME Specifies the protocol name (for example, bgp) to be configured. See the

“Usage Guideline” for a list of protocols supported by most routers.

RATE Specify the threshold. The unit is packets per second. The valid range is project

dependent. When set to 0, all packets of the specified protocol are dropped. The

max RATE is 2000.

DGS-6600 Series Switch mcpu-protect type

CLI Reference Guide 147

Example The following example shows how to set threshold of OSPF protocol packet as

100 packets per second.

Table 1 Supported protocol name for the command cpu-protect type

Protocol Name Description

Classification

(sub-interface)

arp IP Address Resolution Protocol (ARP) protocol

bgp Border Gateway Protocol (IPv4) protocol

dhcp Dynamic Host Configuration (IPv4) protocol

dhcpv6 Dynamic Host Configuration (IPv6) protocol

dot1x Port Based Network Access Control protocol

dvmrp Distance Vector Multicast Routing Protocol

(IPv4)

protocol

gvrp GARP VLAN Registration Protocol protocol

icm

Internet Control Message Protocol (IPv4) protocol

icmpv6-ndp ICMP Neighbor Discover Protocol

(NS/NA/RS/RA/Redirect, IPv6)

protocol

icmpv6-other

ICMP except NDP NS

NA/RS

Redirect

(IPv6)

protocol

Internet Grou

Mana

ement Protocol

(

IPv4

)

rotocol

lac

Link A

ation Control Protocol

rotocol

f O

en Shortest Path First

(

IPv4

)

rotocol

fv3 O

en Shortest Path First

(

IPv6

)

rotocol

im Protocol Inde

endent Multicas

(

IPv4

)

rotocol

Routin

Information Protocol

(

IPv4

)

rotocol

Routin

Information Protocol

(

IPv6

)

rotocol

snmp Simple Network Management Protocol

(

IPv4/IPv6

)

manage

ssh Secured shell

(

IPv4/IPv6

)

mana

annin

Tree Protocol

(

802.1D

)

rotocol

telnet Telnet (IPv4/IPv6) manage

vrr

Virtual Router Redundanc

Protocol

(

IPv4

)

rotocol

web HTTP (IPv4) manage

Switch(config)# cpu-protect type ospf pps 100

DGS-6600 Series Switch mcpu-protect type

CLI Reference Guide 148

The following example shows how to remove threshold of OSPF protocol packet.

Verifying the settings by show cpu-protect type command.

Switch(config)# no cpu-protect type ospf

DGS-6600 Series Switch mcrypto key

CLI Reference Guide 149

crypto key

To generate and configure an RSA or DSA key pair, use the crypto key

command.

crypto key {rsa|dsa} NBITS [force]

Default None.

Command Mode EXEC Mode.

Usage Guideline To support SSH login, an RSA or DSA key pair must first be generated. This

command can generate either an RSA or DSA key to provide greater security

when logging into the server using SSH. The NBITS value is required to specify

the size of the key pair.

Example This example shows how to create an RSA key, 1024 bits.

Syntax Description

rsa Configure an RSA key pair.

dsa Configure a DSA key pair.

NBITS Specifies the size of the key pair(s): For RSA the valid values are 512, 768,

1024, and 2048. For DSA the valid values are 512, 768, and 1024. For SSH

version 2, the minimum recommended key size is 768 bits. A key size with a

larger number provides higher security but takes longer to generate.

force (Optional) Regenerates the keys and suppresses the warning prompt for

overwriting existing keys.

Switch# crypto key rsa 1024

Generating RSA keys.... [OK]

Switch#

DGS-6600 Series Switch mm ddm bias-current

CLI Reference Guide 150

ddm bias-current

This command is used to configure the thresholds of bias current of the specified

ports.

ddm bias-current {high | low} {alarm | warning} VALUE

no ddm bias-current {high | low} {alarm | warning}

Default The default value is read from the A2h EEPROM in SFP/SFP+.

Command Mode Interface configuration.

Usage Guideline Only SFP/SFP+ port interfaces are valid for this configuration.

This command configures the bias-current thresholds on the specified ports, the

value will be converted to a 16-bit format and then written into the SFP module.

It is possible to verify settings by the show ddm configuration command.

Thresholds are written to the EEPROM in the SFP/SFP+ transceivers, so

threshold configurations will be stored in the SFP/SFP+ transceivers, if the A2h

EEPROM threshold fields are writable in the SFP vendor’s design. If the

EEPROM’s threshold fields are read-only, the abnormal status detection will be

performed by software instead of the SFP’s alarm/warning flag fields.

Be careful to configure threshold values, please reference the SFP module

vendor’s data sheet for default values and recommended values.

The no ddm bias-current command will clear configuration and reload the value

in SFP module.

Example The following example shows how to configure bias current high warning

threshold as 10.237 on interface eth3.1.

Syntax Description

high High threshold command. When the operating parameter rises above this value,

the action associated with the alarm or the warning is taken.

low Low threshold command. When the operating parameter falls below this value,

the action associated with the alarm or the warning is taken.

alarm An alarm event will be generated when the operating parameter is not in the

normal range between the high and low thresholds.

warning A warning event will be generated when the operating parameter is not in the

normal range between high and low thresholds.

VALUE The valid value for the threshold is between 0 ~ 131 mA

DGS-6600 Series Switch mm ddm bias-current

CLI Reference Guide 151

switch#configure terminal

switch(config)# interface eth3.1

Switch(config-if)# ddm bias-current high warning 10.237

% According to the DDM precession definition, closest value 10.238 is

chosen.

DGS-6600 Series Switch mm ddm log

CLI Reference Guide 152

ddm log

This command configures the system log behavior when the system detects the

SFP’s abnormal status.

ddm log

no ddm log

Syntax

Description

none.

Default disable.

Command Mode Global configuration.

Usage Guideline Users can enable this configuration than a log message will be generated when

the system detects the SFP’s abnormal status or recovery from an abnormal

status.

Example The following example shows how to disable logging for ddm.

switch# configure terminal

switch(config)# no ddm log

DGS-6600 Series Switch mm ddm rx-power

CLI Reference Guide 153

ddm rx-power

This command is used to configure the thresholds of input power on specified

ports.

ddm rx-power {high | low} {alarm | warning} VALUE

no ddm rx-power {high | low} {alarm | warning}

Default The default value is read from the A2h EEPROM in SFP/SFP+.

Command Mode Interface configuration.

Usage Guideline Only SFP/SFP+ port interfaces are valid for this configuration.

This command configures the rx-power thresholds on the specified ports, the