Vous êtes sur la page 1sur 450

DATACOM SYSTEMS INC

VS-2024-F
CLI User Manual

Datacom Systems Inc


Revision Number: 2.2

DATACOM SYSTEMS INC


Copyright 2012 Datacom Systems Inc . All Rights Reserved. No part of this document may be
reproduced, stored in a retrieval system or transmitted, in any form, or by any means, electronic or
otherwise, including photocopying, reprinting, or recording, for any purpose, without the express
written permission of Datacom Systems Inc.
Printed in ________
TRADEMARKS Datacom Systems Inc LOGO are trademarks of Datacom Systems Inc . in
the U.S. and other countries. The use of any of these trademarks without Datacom Systems Inc. prior
written consent is strictly prohibited. Other trademarks and trade names may be used in this document
to refer to either the entities claiming the marks and names or their products. Datacom Systems Inc.
disclaims any proprietary interest in the trademarks and trade names other than its own.
DISCLAIMER The information in this book is provided as is, with no warranties whatsoever, including
any warranty of merchantability, fitness for any particular purpose or any warranty otherwise arising out
of any proposal, specification or sample. This document is provided for informational purposes only and
should not be construed as a commitment on the part of Datacom Systems Inc. Information in this
document is subject to change without notice.
REQUESTS For information or obtaining permission for use of material of this work, please submit a
written request to: Corporate Marketing and Legal, Datacom
datacomsystems.com
DOCUMENT No.: Datacom

Systems Inc v 2.2

Systems Inc

on www

DATACOM SYSTEMS INC

Contents
CHAPTER 1:

1. INTRODUCTION _____________________________________________ 11
1.1 PURPOSE ...................................................................................................11
1.2 SCOPE .......................................................................................................11
1.3 DOCUMENT CONVENTIONS ..........................................................................11
1.4 KEY CONVENTIONS .....................................................................................12
1.4.1 Keyboard shortcuts ................................................................................12
1.4.2 Others ....................................................................................................12

CHAPTER 2:

2. COMMAND LINE INTERFACE __________________________________ 13


2.1 CLI COMMAND MODES ...............................................................................14
2.2 USER EXEC MODE ....................................................................................15
2.3 PRIVILEGED EXEC MODE ...........................................................................15
2.4 GLOBAL CONFIGURATION MODE ..................................................................15
2.5 INTERFACE CONFIGURATION MODE .............................................................15
2.5.1 Physical Interface Mode ........................................................................15
2.5.2 Port Channel Interface Mode .................................................................16
2.5.3 VLAN Interface Mode ............................................................................16
2.5.4 Tunnel Interface Mode ...........................................................................16
2.5.5 Out of Band Interface Mode ..................................................................16
2.6 CONFIG-VLAN MODE .................................................................................16
2.7 LINE CONFIGURATION MODE .......................................................................16
2.8 BOOT CONFIGURATION ...............................................................................16
2.9 REDUNDANCY CONFIGURATION ...................................................................16
2.10 PROTOCOL SPECIFIC MODES ......................................................................16
2.10.1 DiffSrv ClassMap Configuration mode ..................................................16
2.10.2 DiffSrv Policy-Map Configuration Mode.................................................17
2.10.3 DiffSrv Policy-Map Class Configuration Mode.......................................17
2.10.4 DHCP Pool Configuration Mode ............................................................17
2.10.5 ACL Standard Access List Configuration Mode ....................................17
2.10.6 ACL Extended Access List Configuration Mode ....................................17
2.10.7 ACL MAC Configuration Mode ..............................................................18

CHAPTER 3:

3. DIFFSERV (DIFFERENTIATED SERVICES)________________________ 21


3.1 SET QOS .....................................................................................................23
3.2 CLASS-MAP.................................................................................................24
3.3 POLICY-MAP ...............................................................................................25
3.4 MATCH .......................................................................................................26
3.5 CLASS ........................................................................................................27
3.6 SET COS .....................................................................................................28
3.7 SHUTDOWN QOS .........................................................................................29
3.8 COSQ SCHEDULING ALGORITHM ...................................................................30
3.9 TRAFFIC CLASS ...........................................................................................31
3.10 SHOW POLICY-MAP ......................................................................................32
3.11 SHOW CLASS-MAP .......................................................................................34
3.12 SHOW COSQ ALGORITHM .............................................................................35
3.13 SHOW COSQ WEIGHTS-BW ...........................................................................36

CHAPTER 4:

4. ACL (ACCESS CONTROL LISTS) _______________________________ 37


4.1 IP ACCESS-LIST ...........................................................................................39
4.2 MAC ACCESS-LIST EXTENDED.......................................................................41
4.3 USER-DEFINED ACCESS-LIST........................................................................42
4.4 USERDEFINED-LIST .....................................................................................43

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

DATACOM SYSTEMS INC

VS-2024-F

4.5
4.6
4.7
4.8
4.9
4.10
4.11
4.12
4.13
4.14
4.15
4.16
4.17
4.18
4.19
4.20
4.21
4.22
4.23
4.24
CHAPTER 5:

PERMIT USR-DEFINED-PACKET-TYPE ...........................................................45


DENY USR-DEFINED-PACKET-TYPE ..............................................................48
PERMIT - STANDARD MODE ..........................................................................50
DENY - STANDARD MODE .............................................................................52
PERMIT- IP/OSPF/PIM/PROTOCOL TYPE .........................................................53
PERMIT IPV6 ...............................................................................................56
DENY IPV6 ..................................................................................................58
DENY - IP/OSPF/PIM/PROTOCOL TYPE ...........................................................59
PERMIT TCP ................................................................................................61
DENY TCP ...................................................................................................64
PERMIT UDP ................................................................................................66
DENY UDP ...................................................................................................69
PERMIT ICMP ...............................................................................................71
DENY ICMP .................................................................................................75
IP ACCESS-GROUP ......................................................................................78
MAC ACCESS-GROUP ...................................................................................79
USER-DEFINED ACCESS-GROUP ...................................................................80
PERMIT .......................................................................................................81
DENY..........................................................................................................85
SHOW ACCESS-LISTS...................................................................................88

5. QOS (QUALITY OF SERVICE) __________________________________ 93


5.1 SHUTDOWN QOS .........................................................................................95
5.2 QOS ...........................................................................................................96
5.3 PRIORITY-MAP ............................................................................................97
5.4 CLASS-MAP.................................................................................................98
5.5 METER .......................................................................................................99
5.6 POLICY-MAP .............................................................................................100
5.7 QUEUE-TYPE ............................................................................................101
5.8 SHAPE-TEMPLATE .....................................................................................102
5.9 SCHEDULER ..............................................................................................103
5.10 QUEUE .....................................................................................................105
5.11 QUEUE-MAP ..............................................................................................107
5.12 SCHED-HIERARCHY ...................................................................................108
5.13 QOS INTERFACE ........................................................................................109
5.14 MAP .........................................................................................................110
5.15 MATCH ACCESS-GROUP .............................................................................112
5.16 SET CLASS ................................................................................................113
5.17 METER-TYPE .............................................................................................114
5.18 SET POLICY...............................................................................................116
5.19 SET METER ...............................................................................................117
5.20 SET ALGO-TYPE ........................................................................................120
5.21 RANDOM-DETECT DP .................................................................................121
5.22 SHOW QOS GLOBAL INFO ...........................................................................122
5.23 SHOW PRIORITY-MAP.................................................................................123
5.24 SHOW CLASS-MAP .....................................................................................124
5.25 SHOW CLASS-TO-PRIORITY-MAP .................................................................125
5.26 SHOW METER ............................................................................................126
5.27 SHOW POLICY-MAP ....................................................................................127
5.28 SHOW QUEUE-TEMPLATE ...........................................................................128
5.29 SHOW SHAPE-TEMPLATE ...........................................................................129
5.30 SHOW SCHEDULER ....................................................................................130
5.31 SHOW QUEUE ...........................................................................................131
5.32 SHOW QUEUE-MAP ....................................................................................132
5.33 SHOW SCHED-HIERARCHY .........................................................................133
5.34 SHOW QOS DEF-USER-PRIORITY.................................................................134
5.35 SHOW QOS METER-STATS ..........................................................................136
CLI USER MANUAL
CONFIDENTIAL

DATACOM SYSTEMS INC


CONTENTS

5.36

SHOW QOS QUEUE-STATS ..........................................................................137

CHAPTER 6:

6. TACACS ___________________________________________________ 138


6.1 TACACS-SERVER HOST ..............................................................................139
6.2 TACACS USE-SERVER ADDRESS .................................................................141
6.3 TACACS-SERVER RETRANSMIT ...................................................................142
6.4 DEBUG TACACS .........................................................................................143
6.5 SHOW TACACS ..........................................................................................144

CHAPTER 7:

7. LA ________________________________________________________ 146
7.1 SET PORT-CHANNEL ..................................................................................148
7.2 CHANNEL-PROTOCOL ................................................................................149
7.3 LACP SYSTEM-PRIORITY ............................................................................150
7.4 LACP SYSTEM-IDENTIFIER ..........................................................................151
7.5 PORT-CHANNEL LOAD-BALANCE .................................................................152
7.6 LACP PORT-PRIORITY ................................................................................154
7.7 LACP PORT-IDENTIFIER ..............................................................................155
7.8 CHANNEL-GROUP ......................................................................................156
7.9 LACP WAIT-TIME ........................................................................................157
7.10 LACP TIMEOUT ..........................................................................................158
7.11 LACP RATE ...............................................................................................159
7.12 LACP ........................................................................................................160
7.13 DEFAULT PORT..........................................................................................161
7.14 PORT-CHANNEL MAX-PORTS ......................................................................162
7.15 SHUTDOWN PORT-CHANNEL .......................................................................163
7.16 DEBUG LACP .............................................................................................164
7.17 DEBUG ETHERCHANNEL .............................................................................165
7.18 SHOW ETHERCHANNEL ..............................................................................166
7.19 SHOW ETHERCHANNEL - REDUNDANCY ......................................................172
7.20 SHOW INTERFACES ...................................................................................174
7.21 SHOW LACP ..............................................................................................177

CHAPTER 8:

8. SYSLOG ___________________________________________________ 180


8.1 LOGGING ..................................................................................................182
8.2 LOGGING SYNCHRONOUS ..........................................................................184
8.3 MAILSERVER .............................................................................................186
8.4 SENDER MAIL-ID ........................................................................................187
8.5 RECEIVER MAIL-ID .....................................................................................188
8.6 CMDBUFFS ...............................................................................................189
8.7 SERVICE TIMESTAMPS ...............................................................................190
8.8 CLEAR LOGS .............................................................................................191
8.9 SYSLOG MAIL ............................................................................................192
8.10 SYSLOG LOCAL STORAGE ..........................................................................193
8.11 SYSLOG FILENAME-ONE .............................................................................194
8.12 SYSLOG FILENAME-TWO ............................................................................195
8.13 SYSLOG FILENAME-THREE .........................................................................196
8.14 SYSLOG RELAY - PORT ..............................................................................197
8.15 SYSLOG PROFILE ......................................................................................198
8.16 LOGGING-FILE ...........................................................................................199
8.17 LOGGING SERVER .....................................................................................200
8.18 MAIL SERVER TABLE ..................................................................................201
8.19 SYSLOG RELAY .........................................................................................202
8.20 SYSLOG RELAY TRANSPORT TYPE ..............................................................203
8.21 SHOW LOGGING ........................................................................................204
8.22 SHOW EMAIL ALERTS .................................................................................205
8.23 SHOW SYSLOG ROLE .................................................................................206
8.24 SHOW SYSLOG MAIL ..................................................................................208

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

DATACOM SYSTEMS INC

VS-2024-F

8.25
8.26
8.27
8.28
8.29
8.30
8.31
8.32
8.33
CHAPTER 9:

SHOW SYSLOG LOCAL STORAGE.................................................................209


SHOW LOGGING FILE .................................................................................210
SHOW LOGGING SERVER............................................................................211
SHOW MAIL SERVER ..................................................................................212
SHOW SYSLOG RELAY - PORT .....................................................................213
SHOW SYSLOG PROFILE .............................................................................214
SHOW SYSLOG RELAY TRANSPORT TYPE ....................................................215
SHOW SYSLOG FILE-NAME .........................................................................216
SHOW SYSLOG INFORMATION .....................................................................217

9. VLAN _____________________________________________________ 219


9.1 SET VLAN..................................................................................................223
9.2 VLAN ........................................................................................................224
9.3 SET MAC-LEARNING ...................................................................................225
9.4 SET UNICAST-MAC-LEARNING .....................................................................226
9.5 INTERFACE RANGE ....................................................................................227
9.6 BASE BRIDGE-MODE ..................................................................................228
9.7 MAC-VLAN ................................................................................................229
9.8 SUBNET-VLAN ...........................................................................................230
9.9 PROTOCOL-VLAN.......................................................................................231
9.10 MAP PROTOCOL ........................................................................................232
9.11 SET GVRP .................................................................................................233
9.12 SET PORT GVRP ........................................................................................234
9.13 SET PORT GVRP - ENABLE | DISABLE ...........................................................235
9.14 SET GMRP ................................................................................................236
9.15 SET PORT GMRP........................................................................................237
9.16 VLAN LEARNING MODE ...............................................................................238
9.17 FID - VLAN RANGE .....................................................................................239
9.18 SET VLAN TRAFFIC-CLASSES ......................................................................240
9.19 MAC-MAP ..................................................................................................241
9.20 MAP SUBNET .............................................................................................242
9.21 SWITCHPORT FILTERING-UTILITY-CRITERIA .................................................243
9.22 MAC-ADDRESS-TABLE STATIC UNICAST .......................................................244
9.23 MAC-ADDRESS-TABLE STATIC UNICAST TRANSPARENT BRIDGING MODE....247
9.24 MAC-ADDRESS-TABLE STATIC MULTICAST ...................................................249
9.25 MAC ADDRESS-TABLE STATIC MCAST ..........................................................251
9.26 MAC-ADDRESS-TABLE STATIC MULTICAST TRANSPARENT BRIDGING MODE 252
9.27 MAC-ADDRESS-TABLE AGING-TIME .............................................................254
9.28 BRIDGE-MODE- METRO .............................................................................255
9.29 L2PROTOCOL-TUNNEL COS ........................................................................257
9.30 CLEAR L2PROTOCOL-TUNNEL COUNTERS ...................................................258
9.31 CLEAR VLAN STATISTICS ............................................................................259
9.32 VLAN DEFAULT HYBRID TYPE ......................................................................260
9.33 WILDCARD ................................................................................................261
9.34 SET UNICAST-MAC LEARNING .....................................................................262
9.35 VLAN UNICAST-MAC LEARNING LIMIT ...........................................................263
9.36 UNICAST-MAC LEARNING LIMIT ...................................................................264
9.37 PORTS ......................................................................................................265
9.38 VLAN ACTIVE .............................................................................................267
9.39 FORWARD-ALL ..........................................................................................268
9.40 FORWARD-UNREGISTERED ........................................................................271
9.41 SWITCHPORT PVID.....................................................................................272
9.42 SWITCHPORT ACCESS VLAN .......................................................................273
9.43 SWITCHPORT ACCEPTABLE-FRAME-TYPE ....................................................274
9.44 SWITCHPORT INGRESS-FILTER ...................................................................275
9.45 PORT MAC-VLAN........................................................................................276
9.46 PORT SUBNET VLAN ................................................................................277
CLI USER MANUAL
CONFIDENTIAL

DATACOM SYSTEMS INC


CONTENTS

9.47
9.48
9.49
9.50
9.51
9.52
9.53
9.54
9.55
9.56
9.57
9.58
9.59
9.60
9.61
9.62
9.63
9.64
9.65
9.66
9.67
9.68
9.69
9.70
9.71
9.72
9.73
9.74
9.75
9.76
9.77
9.78
9.79
9.80
9.81
9.82
9.83
9.84
9.85
9.86
CHAPTER 10:

PORT PROTOCOL-VLAN ..............................................................................278


SWITCHPORT MAP PROTOCOLS-GROUP ......................................................279
SWITCHPORT PRIORITY DEFAULT ................................................................280
SWITCHPORT MODE ...................................................................................281
SWITCHPORT MODE DOT1Q-TUNNEL ...........................................................282
SET GARP TIMER .......................................................................................283
VLAN RESTRICTED .....................................................................................284
GROUP RESTRICTED ..................................................................................285
VLAN MAX-TRAFFIC-CLASS .........................................................................286
VLAN MAP-PRIORITY ..................................................................................287
SHUTDOWN GARP .....................................................................................288
SHUTDOWN VLAN ......................................................................................289
DEBUG VLAN .............................................................................................290
DEBUG GARP ............................................................................................292
SHOW VLAN ..............................................................................................295
SHOW VLAN DEVICE INFO ...........................................................................297
SHOW VLAN DEVICE CAPABILITIES ..............................................................300
SHOW FID - DETAIL ....................................................................................301
SHOW FORWARD-ALL ................................................................................303
SHOW FORWARD-UNREGISTERED...............................................................306
SHOW VLAN TRAFFIC-CLASSES...................................................................308
SHOW GARP TIMER ....................................................................................311
SHOW VLAN PORT CONFIG .........................................................................313
SHOW VLAN PROTOCOLS-GROUP ...............................................................317
SHOW PROTOCOL-VLAN .............................................................................318
SHOW MAC-VLAN.......................................................................................319
SHOW SUBNET VLAN MAPPING ...................................................................320
SHOW VLAN COUNTERS .............................................................................322
SHOW VLAN STATISTICS .............................................................................324
SHOW MAC-ADDRESS-TABLE ......................................................................325
SHOW DOT1D MAC-ADDRESS-TABLE ...........................................................327
SHOW DOT1D MAC-ADDRESS-TABLE STATIC UNICAST ..................................328
SHOW DOT1D MAC-ADDRESS-TABLE STATIC MULTICAST ..............................329
SHOW MAC-ADDRESS-TABLE COUNT ...........................................................330
SHOW MAC-ADDRESS-TABLE STATIC UNICAST .............................................332
SHOW MAC-ADDRESS-TABLE STATIC MULTICAST .........................................334
SHOW MAC-ADDRESS-TABLE DYNAMIC UNICAST ..........................................336
SHOW MAC-ADDRESS-TABLE DYNAMIC MULTICAST ......................................338
SHOW MAC-ADDRESS-TABLE AGING-TIME ...................................................340
SHOW WILDCARD ......................................................................................341

10. SNMPV3 __________________________________________________ 343


10.1 ENABLE SNMPSUBAGENT ...........................................................................346
10.2 DISABLE SNMPSUBAGENT ..........................................................................347
10.3 SHOW SNMP AGENTX INFORMATION............................................................348
10.4 SHOW SNMP AGENTX STATISTICS ...............................................................349
10.5 ENABLE SNMPAGENT .................................................................................350
10.6 DISABLE SNMPAGENT ................................................................................351
10.7 SNMP COMMUNITY INDEX ...........................................................................352
10.8 SNMP GROUP ............................................................................................354
10.9 SNMP ACCESS ..........................................................................................355
10.10 SNMP ENGINEID ........................................................................................357
10.11 SNMP PROXY NAME ...................................................................................358
10.12 SNMP MIBPROXY NAME ..............................................................................360
10.13 SNMP VIEW ...............................................................................................362
10.14 SNMP TARGETADDR ..................................................................................364
10.15 SNMP TARGETPARAMS ..............................................................................366

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

DATACOM SYSTEMS INC

VS-2024-F

10.16
10.17
10.18
10.19
10.20
10.21
10.22
10.23
10.24
10.25
10.26
10.27
10.28
10.29
10.30
10.31
10.32
10.33
10.34
10.35
10.36
10.37
10.38
10.39
10.40
10.41
10.42
10.43
10.44
CHAPTER 11:

SNMP USER ..............................................................................................368


SNMP NOTIFY ............................................................................................370
SNMP FILTERPROFILE ................................................................................372
SNMP-SERVER ENABLE TRAPS SNMP AUTHENTICATION ................................373
SNMP-SERVER TRAP UDP-PORT .................................................................374
SNMP-SERVER TRAP PROXY-UDP-PORT ......................................................375
SNMP AGENT PORT....................................................................................376
SNMP TCP ENABLE ....................................................................................377
SNMP TRAP TCP ENABLE ............................................................................378
SNMP-SERVER TCP-PORT ..........................................................................379
SNMP-SERVER TRAP TCP-PORT ..................................................................380
SNMP-SERVER ENABLE TRAPS ...................................................................381
SHOW SNMP .............................................................................................382
SHOW SNMP COMMUNITY ...........................................................................383
SHOW SNMP GROUP ..................................................................................384
SHOW SNMP GROUP ACCESS .....................................................................386
SHOW SNMP ENGINEID ..............................................................................387
SHOW SNMP PROXY ..................................................................................388
SHOW SNMP MIBPROXY .............................................................................389
SHOW SNMP VIEWTREE .............................................................................391
SHOW SNMP TARGETADDR .........................................................................392
SHOW SNMP TARGETPARAM.......................................................................393
SHOW SNMP USER.....................................................................................394
SHOW SNMP NOTIF ....................................................................................395
SHOW SNMP INFORM STATISTICS ................................................................397
SHOW SNMP-SERVER TRAPS ......................................................................398
SHOW SNMP-SERVER PROXY-UDP-PORT .....................................................399
SHOW SNMP TCP .......................................................................................400
SHOW SNMP FILTER TABLE .........................................................................401

11. SNTP ____________________________________________________ 402


11.1 SNTP ........................................................................................................404
11.2 SET SNTP CLIENT ......................................................................................405
11.3 SET SNTP CLIENT VERSION ........................................................................406
11.4 SET SNTP CLIENT ADDRESSING MODE .........................................................407
11.5 SET SNTP CLIENT PORT .............................................................................408
11.6 SET SNTP CLIENT CLOCK-FORMAT ..............................................................409
11.7 SET SNTP TIME ZONE .................................................................................410
11.8 SET SNTP CLIENT CLOCK-SUMMER-TIME .....................................................411
11.9 SET SNTP CLIENT AUTHENTICATION-KEY .....................................................412
11.10 SET SNTP UNICAST-SERVER AUTO-DISCOVERY............................................413
11.11 SET SNTP UNICAST-POLL-INTERVAL ............................................................414
11.12 SET SNTP UNICAST-MAX-POLL-TIMEOUT......................................................415
11.13 SET SNTP UNICAST-MAX-POLL-RETRY .........................................................416
11.14 SET SNTP UNICAST-SERVER .......................................................................417
11.15 SET SNTP BROADCAST-MODE SEND-REQUEST.............................................418
11.16 SET SNTP BROADCAST-POLL-TIMEOUT ........................................................419
11.17 SET SNTP BROADCAST-DELAY-TIME ............................................................420
11.18 SET SNTP MULTICAST-MODE SEND-REQUEST ..............................................421
11.19 SET SNTP MULTICAST-POLL-TIMEOUT .........................................................422
11.20 SET SNTP MULTICAST-DELAY-TIME .............................................................423
11.21 SET SNTP MULTICAST-GROUP-ADDRESS .....................................................424
11.22 SET SNTP ANYCAST-POLL-INTERVAL ...........................................................425
11.23 SET SNTP ANYCAST-POLL-TIMEOUT ............................................................426
11.24 SET SNTP ANYCAST-POLL-RETRY-COUNT ....................................................427
11.25 SET SNTP ANYCAST-SERVER ......................................................................428
11.26 SHOW SNTP CLOCK ...................................................................................429
CLI USER MANUAL
CONFIDENTIAL

DATACOM SYSTEMS INC


CONTENTS

11.27
11.28
11.29
11.30
11.31
11.32
CHAPTER 12:

SHOW SNTP STATUS ..................................................................................430


SHOW SNTP UNICASTMODE STATUS..........................................................431
SHOW SNTP BROADCASTMODE STATUS ....................................................432
SHOW SNTP MULTICASTMODE STATUS ......................................................433
SHOW SNTP ANYCASTMODE STATUS .........................................................434
DEBUG SNTP .............................................................................................435

12. RMON ____________________________________________________ 437


12.1 SET RMON ................................................................................................438
12.2 RMON COLLECTION HISTORY ......................................................................439
12.3 RMON COLLECTION STATS .........................................................................440
12.4 RMON EVENT ............................................................................................441
12.5 RMON ALARM ............................................................................................442
12.6 SHOW RMON .............................................................................................444

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

DATACOM SYSTEMS INC

Figures
Figure 2-1: Command Modes Access Path ................................................................................................. 19

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

Chapter

1
1.Introduction

1.1 Purpose
Datacom Systems Inc is a pre-integrated OEM ready software for managed Layer2/Layer 3 switches,
which performs switching between Ethernet ports at wire speed. Datacom Systems Inc provides the
basic bridging functionality and also offers advanced features such as link aggregation, GVRP/GMRP,
IGMP Snooping and Network Access Control.
This document describes in detail the CLI commands that are specific to xCAT target. It is intended to be
a reference manual for users and system administrators who will configure Datacom Systems Inc
through the CLI interface.

1.2 Scope
The scope of this document is limited to Datacom Systems Inc release 5.0.0.0. This document details all
the Marvell xCAT based CLI commands provided by the Datacom Systems Inc software.

1.3 Document Conventions

The syntax of the CLI command is given in Courier New 10 bold.

Elements in (< >) indicate the field required as input along with a CLI command, for example, <
integer (100-1000)>.

Elements in square brackets ([]) indicate optional fields for a command.

Text in {} refers to either-or group for the tokens given inside separated by a | symbol.

The CLI command usage is given in Courier New 10 regular.

Outputs and messages for CLI commands are given in Courier New 10 regular.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

11

DATACOM SYSTEMS INC

VS-2024-F

The no form of the command resets a particular configuration to its default value or revokes the effect.
This is explicitly explained in the description of the commands for which it is applicable.

Any action that can change the switch configuration, any conditionals and requirements for a
command and any information associated with significant details and functionality of command is
listed using the

symbol.

Datacom Systems Inc is available in three different packages, namely, Workgroup, Enterprise and
Metro1. The parameters specific for a particular package are indicated along with the description of
the parameter itself.

1.4 Key Conventions


1.4.1 Keyboard shortcuts
Up Arrow /

Displays the previously executed command

Down Arrow
Ctrl + C

Exits from the ISS prompt

Backspace

Removes a single character

/ Ctrl + H
TAB

Completes a command without typing the full word

Left Arrow /

Traverses the current line

Right Arrow

1.4.2 Others

'q' - exits the output display if display is more than one page and returns to the ISS prompt

"show history"

- helps to list the available commands

- displays the command history list

Refer ISS Product Specification Document for a detailed description of the package.

12

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

Chapter

2
2.Command Line Interface
This section describes the configuration of Datacom Systems Inc using the Command Line Interface.
The Command Line Interface (CLI) can be used to configure the Intelligent Switch Solution from a console
attached to the serial port of the switch or from a remote terminal using TELNET.
The Datacom Systems Inc CLI supports a simple login authentication mechanism. The authentication is
based on a user name and password provided by the user during login. The user "root" is created by
default with password "admin123".
When Datacom Systems Inc is started, the user name and password has to be given at the login prompt
to access the CLI shell:
Datacom Systems Inc. Intelligent Switch Solution
ISS Login: guest
Password: ********

iss#
The "user-exec" mode is now available to the user. CLI Command Modes provide a detailed description of
the various modes available for ISS.
When Datacom Systems Inc. ISS-Chassis is started, the user name and password has to be given
at the login prompt to access the CLI shell:
IDatacom Systems Inc. Intelligent Switch Solution
ISS Login: chassisuser
Password: ********

iss-boot>
CLI USER MANUAL
DATACOM SYSTEMS CONFIDENTIAL

13

DATACOM SYSTEMS INC

VS-2024-F

The Boot Configuration mode is now available to the user.


The command prompt always displays the current mode.

CLI commands need not be fully typed. The abbreviated forms of CLI commands are also
accepted by the Datacom Systems Inc CLI. For example, commands like " show ip global
config" can be typed as "sh ip gl co".

CLI commands are case insensitive.

CLI commands will be successful only if the dependencies are satisfied for a particular
command that is issued. Appropriate error messages will be displayed, if the dependencies are
not satisfied

Note: The ethernet type of an interface is determined during System Startup. While
configuring interface-specific parameters, its ethernet type needs to be specified
correctly. A fast ethernet interface cannot be configured as a gigabit-ethernet interface
and vice-versa.

2.1 CLI Command Modes

14

Command Mode

Access Method

Prompt
iss>

Exit method

User EXEC

This is the initial mode


to start a session.

Privileged EXEC

The User EXEC mode


command enable, is
used to enter the
Privileged EXEC
mode.

iss#

To return from the


Privileged EXEC
mode to User EXEC
mode the disable
command is used.

Global Configuration

The Privileged EXEC


mode command
configure
terminal, is used to
enter the Global
Configuration mode

iss(config)#

To exit to the Global


Configuration mode
the exit command is
used and to exit to the
Privileged EXEC
mode the end
command is used.

Interface Configuration

The Global
Configuration mode
command interface
<interfacetype><interfaceid> is used to enter
the Interface
configuration mode.

iss(configif)#

To exit to the Global


Configuration mode
the exit command is
used and to exit to the
Privileged EXEC
mode the end
command is used.

Config-VLAN

The global
configuration mode
command vlan
vlan-id, is used to
enter the Config-VLAN
mode.

iss(configvlan)#

To exit to the Global


Configuration mode
the exit command is
used and to exit to the
Privileged EXEC
mode the end

The logout method is


used.

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 2: COMMAND LINE INTERFACE

Command Mode

Access Method

Prompt

Exit method
command is used.

Line Configuration

The global
configuration mode
command line, is
used to enter the Line
Configuration mode.

iss(configline)#

To exit to the Global


Configuration mode
the exit command is
used and to exit to the
Privileged EXEC
mode the end
command is used.

Redundancy
Configuration

The global
configuration mode
command
redundancy, is used
to enter the
Redundancy
Configuration mode.

iss(configr)#

To exit to the Global


Configuration mode
the exit command is
used.

Boot Configuration

This is the initial mode


to start an ISS-Chassis
session.

iss-boot>

The reload
command is used to
restart the switch.

2.2 User EXEC Mode


After logging into the device, the user is automatically in the User EXEC mode. In general, the User EXEC
commands are used to temporarily change terminal settings, perform basic tests and list system
information.

2.3 Privileged EXEC Mode


Since many of the privileged commands set operating parameters, privileged access is password
protected to prevent unauthorized use. The password is not displayed on the screen and is case
sensitive. The Privileged EXEC mode prompt is the device name followed by the pound (#) sign.

2.4 Global Configuration Mode


Global Configuration commands apply to features that affect the system as a whole, to any specific
interface.

2.5 Interface Configuration Mode


The following are the different modes present under the Interface Configuration mode.

2.5.1 Physical Interface Mode


The Physical Interface mode is used to perform interface specific operations. To return to the global
configuration mode the exit command is used.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

15

DATACOM SYSTEMS INC

VS-2024-F

2.5.2 Port Channel Interface Mode


The Port Channel Interface mode is used to perform port-channel specific operations.
To return to the global configuration mode the exit command is used.

2.5.3 VLAN Interface Mode


The VLAN Interface mode is used to perform L3-IPVLAN specific operations. To return to the global
configuration mode the exit command is used.

2.5.4 Tunnel Interface Mode


The Tunnel Interface mode is used to perform Tunnel specific operations. To return to the global
configuration mode the exit command is used.

2.5.5 Out of Band Interface Mode


The Out of Band Interface mode is used to perform OOB interface specific operations. To return to the
global configuration mode the exit command is used.

2.6 Config-VLAN Mode


This mode is used to perform VLAN specific operations. To return to the global configuration mode the
exit command is used.

2.7 Line Configuration Mode


Line configuration commands modify the operations of a terminal line.

2.8 Boot Configuration


This mode is used to generate the Slot information (module type). The reload command is used to
restart the switch.

2.9 Redundancy Configuration


This mode is used to modify the redundancy parameters. To return to the global configuration mode the
exit command is used.

2.10 Protocol Specific Modes


The following are the different Protocol specific modes.

2.10.1

DiffSrv ClassMap Configuration mode

The class-map global configuration command creates a class map to be used for matching the packets to
the class whose index is specified and to enter the class-map configuration mode The Global
16

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 2: COMMAND LINE INTERFACE

configuration mode command class-map <short(1-65535)> is used to enter the DiffSrv ClassMap
Configuration mode and. the prompt seen at this mode is iss(config-cmap)#.
To return to the global configuration mode the exit command is used.

2.10.2

DiffSrv Policy-Map Configuration Mode

In the Policy-Map Configuration mode the user can create or modify a policy map.
The Global configuration mode command policy-map <short(1-65535)> is used to enter the DiffSrv
PolicyMap Configuration mode and the prompt seen at this mode is iss(config-pmap)#.
To return to the global configuration mode the exit command is used.

2.10.3

DiffSrv Policy-Map Class Configuration Mode

The Policy-Map Class Configuration command defines a traffic classification for the policy to act on. The
class-map-num that is specified in the policy map ties the characteristics for that class and its match
criteria as configured by using the class-map global configuration command to the class map. Once the
class command is entered, the switch enters policy-map class configuration mode.
The DiffSrv Policy mode command policy-map <short(1-65535)> is used to enter the DiffSrv
Policy-Map Class Configuration mode and. the prompt seen at this mode is iss(config-pmap-c)#.
To return to the global configuration mode the exit command is used.

2.10.4

DHCP Pool Configuration Mode

This mode is used to configure the network pool / host configurations of a subnet pool.
The Global configuration mode command ip dhcp pool <integer(1-2147483647)> creates a
DHCP server address pool and places the user in DHCP pool configuration mode. The prompt seen at
this mode is iss(dhcp-config)#.
To return to the global configuration mode the exit command is used.

2.10.5

ACL Standard Access List Configuration Mode

Standard access lists create filters based on IP address and network mask only (L3 filters only).
The Global configuration mode command ip access-list standard <(1-1000) creates IP ACLs
and is used to enter the ACL Standard Access List Configuration mode. The prompt seen at this mode is
iss(config-std-nacl)#.
To return to the global configuration mode the exit command is used.

2.10.6

ACL Extended Access List Configuration Mode

The Extended Access lists enables to specify filters based on the type of protocol, range of TCP/UDP
ports as well as IP address and network mask (Layer 4 filters).
The Global configuration mode command ip access-list extended <(1001-65535)> is used to
enter the ACL Extended Access List Configuration mode and the prompt seen at this mode is
iss(config-ext-nacl)#.
To return to the global configuration mode the exit command is used.
CLI USER MANUAL
DATACOM SYSTEMS CONFIDENTIAL

17

DATACOM SYSTEMS INC

VS-2024-F

2.10.7

ACL MAC Configuration Mode

The MAC access-list global configuration command creates Layer 2 MAC ACLs, and returns the MACAccess list configuration mode to the user.
The Global configuration mode command mac access-list extended <(1-65535)> is used to
enter the ACL MAC Configuration mode and the prompt seen at this mode is iss(config-extmacl)#.
To return to the global configuration mode the exit command is used.

18

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 2: COMMAND LINE INTERFACE

User EXEC Mode


Prompt: iss> enable
Password

Privileged Mode
Prompt: iss#

Global Configuration Mode


Prompt: iss(config)#

Protocol Specific Modes

General Configuration Modes

DHCP Pool Configuration

Line Configuration

Prompt: iss(dhcp-config)#

Prompt:: iss (config-line)#

DiffSrv ClassMap
Configuration

DiffSrv Policy-Map
Configuration
Prompt: iss(config-pmap)#

Prompt: iss(config-cmap)#

Interface Configuration
Mode
Prompt: iss (config-if)#
Config-VLAN

DiffSrv Policy-Map Class


Configuration Mode

ACL Standard Access List


Configuration

Prompt: iss(config-pmap-c)#

Prompt: iss(config-std-nacl)#

Prompt: iss(config-vlan)#
Redundancy Configuration

ACL Extended Access List


Configuration

ACL MAC Configuration


Prompt: iss(config-ext-macl)#

Prompt: iss(config-r)#

Prompt: iss(config-ext-nacl)#

Figure 2-1: Command Modes Access Path

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

19

Chapter

3
3.DiffServ (Differentiated Services)
DiffServ (Differentiated Services) is an architecture for providing different types or levels of service for
network traffic. One key characteristic of Diffserv is that flows are aggregated in the network, so that core
routers only need to distinguish a comparably small number of aggregated flows, even if those flows
contain thousands or millions of individual flows.
Differentiated services are intended to provide a framework and building blocks to enable deployment of
scalable service discrimination in the Internet. The differentiated services approach aims to speed
deployment by separating the architecture into two major components, one of which is fairly wellunderstood and the other of which is just beginning to be understood. In this, we are guided by the original
design of the Internet where the decision was made to separate the forwarding and routing components.
Packet forwarding is the relatively simple task that needs to be performed on a per-packet basis as
quickly as possible. Forwarding uses the packet header to find an entry in a routing table that determines
the packet's output interface. Routing sets the entries in that table and may need to reflect a range of
transit and other policies as well as to keep track of route failures. Routing tables are maintained as a
background process to the forwarding task.
The list of CLI commands for the configuration of DiffServ is as follows:

set qos

class-map

policy-map

match

class

set cos

shutdown qos

cosq scheduling algorithm

traffic class

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

21

VS-2024-F

show policy-map

show class-map

show cosq algorithm

show cosq weights-bw

22

DATACOM SYSTEMS INC

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 3: DIFFSERV (DIFFERENTIATED SERVICES)

3.1 set qos


This command enables differentiated services on the device. The disable option is used to disable the
QoS feature on the device.
set qos { enable | disable }

Syntax
Description

enable

Enables differentiated services

disable

Disables differentiated services

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

disable

Example

iss(config)# set qos enable

QoS must be globally enabled prior to the execution of the class-map


and policy-map mode commands.

When set as 'enabled', DiffServ Module programs the hardware and


starts Protocol Operation.

When set as 'disabled', it stops protocol operation by deleting the


hardware configuration.

Related Commands

show policy-map - Displays the quality of service (QoS) policy maps

show class-map - Displays quality of service (QoS) class maps

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

23

DATACOM SYSTEMS INC

VS-2024-F

3.2 class-map
This command creates a class map that is meant to be used for matching the packets to the class whose
index is specified. This command is also used to enter the class-map configuration mode. The no form of
this command is used to delete an existing class map and to return to global configuration mode.
class-map <class-map-number(1-65535)>
no class-map <class-map-number(1-65535)>

Syntax
Description

class-map-number

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# class-map 5

Differentiated services must have been enabled in the device.

The class-map command and its subcommands are used to define packet
classification, marking, and aggregate policing as part of a globally named
service policy applied on a per-interface basis.

The match command is available from the class-map configuration mode.

QoS class map number

Related Command

show class-map - Displays quality of service (QoS) class maps

24

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 3: DIFFSERV (DIFFERENTIATED SERVICES)

3.3 policy-map
This command is used to enter the policy-map configuration mode. In the policy-map configuration mode
the user can create or modify a policy map. The no form of this command deletes an existing policy map
and returns to the global configuration mode.
policy-map <policy-map-number(1-65535)>
no policy-map <policy-map-number(1-65535)>

Syntax
Description

policy-map-number

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# policy-map 6

Differentiated services must have been enabled in the device.

The following two commands are available from the policy-map configuration
mode:

QoS Policy map number

class

exit - Exits from the policy map configuration mode and returns to the
global configuration mode.

Related Command

show policy-map - Displays quality of service (QoS) policy maps

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

25

DATACOM SYSTEMS INC

VS-2024-F

3.4 match
This command specifies the fields in the incoming packets that are to be examined for the classification of
the packets. The IP access group / MAC access group can be used as match criteria.
match access-group { mac-access-list | ip-access-list } <acl-index-num (165535) >

Syntax
Description

mac-access-list

Access list created based on MAC addresses for non-IP


traffic

ip-access-list

Access list created based on IP addresses. The IP-access


list can either be defined as a standard IP-access list or
an extended IP-access list.

acl-index-num

Specifies the ACL index range. The ACL index range for
an IP standard ACL is 1 to 1000 and IP extended ACL is
1001 to 65535.
The ACL index range for a MAC extended ACL is 1 to
65535.

Mode

Class Map Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss (config-cmap)# match access-group mac-access-list 5

Differentiated services must have been enabled in the device.

MAC access list and IP access list must have been configured.

Related Commands

class-map - Creates a class map to be used for matching the packets with the class whose
name/index is specified

show class-map - Displays QoS Class maps

26

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 3: DIFFSERV (DIFFERENTIATED SERVICES)

3.5 class
This command defines a traffic classification for the policy to act. The class-map-number that is specified
in the policy map ties the characteristics for that class to the class map and its match criteria, as
configured by using the class-map global configuration command. On execution of the class command,
the switch enters the policy-map class configuration mode.
The no form of this command un-maps the class-map from the current policy-map configuration.
class <class-map-number(1-65535)>
no class <class-map-number(1-65535)>

Syntax
Description

class-map-number

Mode

Policy-Map Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss (config-pmap)# class 5

Differentiated services must have been enabled in the device.

The policy-map global configuration command must be executed prior to using the
class command. After a policy map is specified, the user can either configure a
policy for new classes or modify a policy for any existing classes in that policy map.

The following configuration commands are available from the policy map class
configuration mode:
-

Class Map Number

set cos

Related Commands

policy-map - Enters the policy map configuration mode

show policy-map - Displays the QoS policy maps

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

27

DATACOM SYSTEMS INC

VS-2024-F

3.6 set cos


This command defines the in-profile action by setting a class of service (CoS), Differentiated Services
Code Point (DSCP), or IP-precedence value in the packet.
The no form of the command deletes the configured values.
set {cos <new-cos(0-7)> | ip dscp <new-dscp(0-63)> | ip precedence <newprecedence(0-7)>}
no set {cos <new-cos(0-7)> | ip { dscp <new-dscp(0-63)> | precedence <newprecedence(0-7)>}}

Syntax
Description

cos

New COS value assigned to the classified traffic

ip dscp

New DSCP value assigned to the classified traffic

ip precedence

New IP-precedence value assigned to the classified


traffic

Mode

Policy-Map Class Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss (config-pmap-c)# set cos 5

To attach policy maps that contain the following elements to an ingress interface
-

set policy-map class configuration commands must be used. Moreover, the


police policy-map class configuration command can be used to mark down
(reduce) the DSCP value at the ingress interface.

Access control list (ACL) classification.

Per-port per-VLAN classification.

Related Commands

class- Defines a traffic classification for the policy set

policy-map - Used to enter the policy map configuration mode

class-map - Creates a class map

show policy-map - Displays the QoS policy map configuration

28

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 3: DIFFSERV (DIFFERENTIATED SERVICES)

3.7 shutdown qos


This command shuts down the Quality-of-Service operation. The no form of the command starts and
enables the Quality-of-Service operation.
shutdown qos
no shutdown qos

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

QoS is started and enabled by default

Example

iss(config)# shutdown qos

When shutdown, all the pools used by DiffServ module will be released to the
system.

When started, the resources required by DiffServ module are allocated and the
module starts running.

Related Commands

show policy-map - Displays the quality of service (QoS) policy maps

show class-map - Displays quality of service (QoS) class maps

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

29

DATACOM SYSTEMS INC

VS-2024-F

3.8 cosq scheduling algorithm


This command sets cosq scheduling algorithm.
cosq scheduling algorithm { strict | rr | wrr | wfq | strict-rr | strict-wrr |
strict-wfq | deficit }

Syntax
Description

strict

strict

rr

round robin

wrr

weighted round robin

wfq

weighted fair queing

strict-rr

strict - round robin

strict-wrr

strict - weighted round robin

strict-wfq

strict - weighted fair queing

deficit

deficit

Mode

Interface Configuration mode

Package

Workgroup, Enterprise and Metro

Example

iss(config-if)# cosq scheduling algorithm strict

Related Commands

show cosq algorithm - Displays the CoSq algorithm used for the interface.

show cosq weights-bw - Displays the CoSq weights and the bandwidth for the interface.

30

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 3: DIFFSERV (DIFFERENTIATED SERVICES)

3.9 traffic class


This command sets weight and bandwidth for traffic classes.
traffic-class <integer(0-7)> weight <integer(0-15)> [ minbandwidth <integer(1262143)>]

Syntax
Description

traffic-class

Configures cosq numbers

weight

Configures cosq weights

minbandwidth

Configures minimum bandwidth

Mode

Interface Configuration mode

Package

Workgroup, Enterprise and Metro

Defaults

weight

Example

iss(config-if)# traffic-class 1 weight 7 minbandwidth 1234

Related Commands

show cosq algorithm - Displays the CoSq algorithm used for the interface.

show cosq weights-bw - Ddisplays the CoSq weights and the bandwidth for the interface.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

31

DATACOM SYSTEMS INC

VS-2024-F

3.10 show policy-map


This command displays the quality of service (QoS) policy maps, which defines the classification criteria
for the incoming traffic. Policy maps can include policers that specify the bandwidth limitations and the
action to take if the limits are exceeded.
show policy-map [<policy-map-num(1-65535)> [class <class-map-num(1-65535)>]]

Syntax
Description

policy-map-num

Policy map number

class

Class map number

Mode

Privileged/User EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show policy-map 24


DiffServ Configurations:
-----------------------Quality of Service has been enabled
Policy Map 24 is not active
Class Map: 20
---------------Protocol

: 255

In Profile Entry
---------------In profile action

: policed-precedence 5

Out Profile Entry


----------------Metering on
burst bytes/token size

: 6

Refresh count

: 1000

Out profile action

: drop

No Match Entry
-------------No match action

: policed-precedence 5

Related Commands

32

policy-map - Used to enter the policy map configuration mode


ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.
CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 3: DIFFSERV (DIFFERENTIATED SERVICES)

class - Defines a traffic classification for the policy to act

set cos - Defines the in-profile action by setting a CoS, DSCP or IP-precedence value in the packet

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

33

DATACOM SYSTEMS INC

VS-2024-F

3.11 show class-map


This command displays quality of service (QoS) class maps, which defines the match criteria to classify
traffic.
show class-map [<class-map-num(1-65535)>]

Syntax
Description

class-map-num

Mode

Privileged/User EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show class-map

Displays the configured class map number

DiffServ Configurations:
------------------------

Class map 20
-------------Filter-ID

: 3

Filter-Type

: IP-Filter

Related Commands

class-map - Creates a class map that is meant to be used for matching the packets to the class
whose index is specified

match - Specifies the fields in the incoming packets that are to be examined for the classification of
the packets

34

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 3: DIFFSERV (DIFFERENTIATED SERVICES)

3.12 show cosq algorithm


This command displays the CoSq algorithm used for the interface.
show cosq algorithm [ interface <interface-type> <interface-id> ]

Syntax
Description

interface-type

Interface Type

interface-id

Interface ID

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# show cosq algorithm interface gigabitethernet


0/1
CoSq Algorithm
-----------------------Interface

Algorithm

-----------

---------------

Gi0/1

StrictPriority

.......

.......................

--------------------------

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

35

DATACOM SYSTEMS INC

VS-2024-F

3.13 show cosq weights-bw


This command displays the CoSq weights and the bandwidth for the interface.
show cosq weights-bw [ interface <interface-type> <interface-id> ]

Syntax
Description

interface-type

Interface Type

interface-id

Interface ID

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# show cosq weights-bw interface gigabitethernet


0/1
CoSq Weights and Bandwidths
---------------------------------------------Interface

CoSqId

CoSqWeight

MinBw

MaxBw

Flag

---------

------

---------

------

----

Gi0/1

Gi0/1

Gi0/1

Gi0/1

Gi0/1

Gi0/1

Gi0/1

Gi0/1

.....

...

..

...

...

...

-----

---------------------------------------------------

36

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

Chapter

4
4.ACL (Access Control Lists)
ACLs (Access Control Lists) filter network traffic by controlling whether routed packets are forwarded or
blocked at the router's interfaces. ACLs are used to block IP packets from being forwarded by a router.
The router examines each packet to determine whether to forward or drop the packet, based on the
criteria specified within the access lists.
Access list criteria can be the source address of the traffic, the destination address of the traffic, the
upper-layer protocol or other information.
There are many reasons to configure access lists - access lists can be used to restrict contents of routing
updates or to provide traffic flow control. But one of the most important reasons to configure access lists is
to provide security for the network.
Access lists must be used to provide a basic level of security for accessing the network. If access lists has
not been configured on the router, all packets passing through the router can be allowed onto all parts of
the network.
For example, access lists can allow one host to access a part of the network and prevent another host
from accessing the same area.
The list of CLI commands for the configuration of ACL is as follows:

ip access-list

mac access-list extended

user-defined access-list

userdefined-list

permit usr-defined-packet-type

deny usr-defined-packet-type

permit - standard mode

deny - standard mode

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

37

VS-2024-F

permit- ip/ospf/pim/protocol type

permit ipv6

deny ipv6

deny - ip/ospf/pim/protocol type

permit tcp

deny tcp

permit udp

deny udp

permit icmp

deny icmp

ip access-group

mac access-group

user-defined access-group

permit

deny

show access-lists

38

DATACOM SYSTEMS INC

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 4: ACL (ACCESS CONTROL LISTS)

4.1 ip access-list
This command creates IP ACLs and enters the IP Access-list configuration mode. Standard access lists
create filters based on IP address and network mask only (L3 filters only ). Extended access lists enables
specification of filters based on the type of protocol, range of TCP/UDP ports as well as the IP address
and network mask (Layer 4 filters).
Depending on the standard or extended option chosen by the user, this command returns a
corresponding IP Access list configuration mode.
The no form of the command deletes the IP access-list.
ip access-list {standard <access-list-number (1-1000)> | extended
list-number (1001-65535)> }
no ip access-list {standard
list-number (1001-65535)> }

Syntax
Description

<access-

<access-list-number (1-1000)> | extended <access-

standard

Standard access-list number

extended

Extended access-list number

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# ip access-list standard 1

ACLs on the system perform both access control and Layer 3 field classification. To
define Layer 3 fields access-lists the ip access-list command must be used.

Related Commands

permit - standard mode - Specifies the packets to be forwarded depending upon the associated
parameters

deny - standard mode - Denies traffic if the conditions defined in the deny statement are
matched

permit- ip/ospf/pim/protocol type - Allows traffic for a particular protocol packet if the
conditions defined in the permit statement are matched

deny - ip/ospf/pim/protocol type- Denies traffic for a particular protocol packet if the
conditions defined in the deny statement are matched

permit tcp - Specifies the TCP packets to be forwarded based on the associated parameters

deny tcp - Specifies the TCP packets to be rejected based on the associated parameters

permit udp - Specifies the UDP packets to be forwarded based on the associated parameters

deny udp - Specifies the UDP packets to be rejected based on the associated parameters

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

39

DATACOM SYSTEMS INC

VS-2024-F

permit icmp - Specifies the ICMP packets to be forwarded based on the IP address and the
associated parameters

deny icmp - Specifies the ICMP packets to be rejected based on the IP address and associated
parameters

ip access-group - Enables access control for the packets on the interface

show access-lists - Displays the access list configuration

40

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 4: ACL (ACCESS CONTROL LISTS)

4.2 mac access-list extended


This command creates Layer 2 MAC ACLs, that is, this command creates a MAC access-list and returns
the MAC-Access list configuration mode to the user. The no form of the command deletes the MAC
access-list.
mac access-list extended <access-list-number (1-65535)>
no mac access-list extended <short (1-65535)>

Syntax
Description

accesslist-number

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# mac access-list extended 5

ACLs on the system perform both access control and layer 2 field classification.
To define Layer 2 access lists, the mac access-list command must be used.

Access list number

Related Commands

show access-lists - Displays the access list configuration

permit - Specifies the packets to be forwarded based on the MAC address and the associated
parameters

deny - Specifies the packets to be rejected based on the MAC address and the associated
parameters

mac access-group - Applies a MAC access control list (ACL) to a Layer 2 interface.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

41

DATACOM SYSTEMS INC

VS-2024-F

4.3 user-defined access-list


This command creates a user defined access-list. The no form of the command deletes the user defined
access-list. The value ranges between 1 to 65535.
user-defined access-list

<access-list-number (1-65535)>

no user-defined access-list <short (1-65535)>

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# user-defined access-list 5

ACLs on the system perform both access control and layer 2 field classification based
on user defined bytes in the packets.

Related Commands

permit usr-defined-packet-type - Permits Packet Based on User Defined Packet type

permit - Specifies the packets to be forwarded based on the MAC address and the associated
parameters

deny - Specifies the packets to be rejected based on the MAC address and the associated
parameters

show access-lists - Displays the access list configuration

userdefined-list- Creates a user defined access list by applying AND, OR, NOT operation ( regular
expressions) on existing ACL rules or specifying match on user-defined packet offsets.

user-defined access-group - Applies a user defined access list (ACL) to an interface.

Usage of Regular Expressions AND, OR , NOT

AND - Apply AND operation on base filter rules identified uniquely as ACL1, ACL2. This operation
merges the match qualifiers of two ACL rules ACL1, ACL2 to derive a new ACL Rule ACL3

OR - Apply OR operation on base filter rules identified uniquely as ACL1 and ACL2. This operation
results in applying the filter action { permit/deny/redirect } corresponding to ACL Rule 1 on ACL Rule2.

NOT Apply NOT operation on base filter rule ( ACL 1) and derive new ACL Rule. If the action
corresponding to ACL 1 is permit, then after applying NOT operation, new rule will have filter action deny.
The filter actions on which NOT operation can be applied are permit, deny. This operation is not
applicable for other filter actions.

42

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 4: ACL (ACCESS CONTROL LISTS)

4.4 userdefined-list
This command creates a user defined access list after application of regular expressions AND, OR, NOT
on existing ACL rules

userdefined-list {{ ip-acl1-and-ip-acl2| ip-acl1-or-ip-acl2 | mac-acl1-andmac-acl2 | mac-acl1-and-ip-acl2 | mac-acl1-or-mac-acl2 | ip-acl1-or-mac-acl2


} <short(1-65535)> <short(1-65535)> | { not-ip-acl1 | not-mac-acl1 }
<short(1-65535)>}
Syntax
Description

ip-acl1-and-ip-acl2

Performs AND operation on two Layer 3 ACL


Rules ( acl1 , acl2). And create a new layer 3
ACL rule that is represented by this user defined
access-list..The filter action corresponding to the
new ACL rule is identical to the base rules.

ip-acl1-or-ip-acl2

Performs OR operation on two layer 3 ACL Rules.


This operation results in applying the action of
ACL Rule 1 on ACL Rule 2

mac-acl1-and-mac-acl2

Performs AND operation on two layer 2 ACL


Rules and create a new layer 2 ACL rule that is
represented by this user defined access-list. The
filter action corresponding to the new ACL rule is
identical to the base rules.

mac-acl1-and-ip-acl2

Performs AND operation on two ACL rules - acl1


( layer 2 ACL Rule) and acl2 ( Layer 3 ACL rule)
and create an new ACL Rule represented by this
user defined access-list. The filter action
corresponding to the new ACL rule is identical to
the base rules.

mac-acl1-or-mac-acl2

Performs OR operation on two Layer 2 ACL Rules


and results in application of filter-action of ACL1
on ACL2

ip-acl1-or-mac-acl2

Performs OR operation on Layer 3 ACL Rule


(ACL1) using Layer 2 ACL rule ( ACL2) and
results in application of filter-action of ACL1 on
ACL2.

not-ip-acl1

Performs NOT operation on ACL Rule 1 and


derive new Rule. The filter action for the derived
ACL Rule is deny if base Rule is configured for
filter action permit and vice-versa. Other actions
are not applicable for this operation

not-mac-acl1

Performs NOT operation on ACL Rule 1 and


derive new Rule. The filter action for the derived
ACL Rule is deny if base Rule is configured for
filter action permit and vice-versa. Other actions
are not applicable for this operation

Mode

User defined Configuration Mode

Package

Workgroup, Enterprise and Metro

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

43

DATACOM SYSTEMS INC

VS-2024-F

Example

iss(config-userdef-acl)#
15 123

userdefined-list

ip-acl1-and-ip-acl2

Related Commands

show access-lists - Displays the access list configuration

user-defined access-list - Creates user defined access-list.

44

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 4: ACL (ACCESS CONTROL LISTS)

4.5 permit usr-defined-packet-type


This command permits packets matching a particular User Defined Byte and by specifying the packet
type namely user-defined, tcp-ipv4, udp, mpls, ipv4, ipv6, frag-ip.

permit usr-defined-packet-type { user-def | tcp-ipv4 | udp-ipv4 | mpls | ipv4


|ipv6 | frag-ip }offset-base {l2 | l3 | l4 | ipv6-ext-hdr | ether-type |
<short(0-127)>} offset1 <short(0-127)> <short(0-255)>[offset2 <short(0-127)>
<short(0-255)>][offset3 <short(0-127)> <short(0-255)>][offset4 <short(0-127)>
<short(0-255)>][offset5 <short(0-127)> <short(0-255)>][offset6 <short(0-127)>
<short(0-255)>][redirect {interface <ifXtype> <ifnum> | <ifXtype><iface_list>
[<ifXtype><iface_list>]load-balance {src-ip | dst-ip | src-mac | dst-mac |
vlanid | src-tcpport| dst-tcpport | src-udpport | dst-udpport | udb <short(0127)>}}][vlan-action {none | modify-vlan<short (1-4094)> | nested-vlan <short
(1 -4094)>}]

Syntax
Description

user-def

Specifies the packet type as user defined.

tcp-ipv4

Specifies the packet type as tcp in the ipV4


packet.

udp-ipv4

Specifies the packet type as udp in the ipV4


packet.

mpls

Specifies the packet type as mpls.

ipv4

Specifies the packet type as ipv4.

ipv6

Specifies the packet type as ipv6.

frag-ip

Specifies the packet type as fragmented ip.

offset-base

Specifies the start of the packet from which the


user defined byte should be considered.
l2 Start of the packet is considered as layer 2
l3 Start of the packet is considered as layer 3
l4 Start of the packet is considered as layer 4
ipv6-ext-hdr - Start of the packet is considered as
ipv6 extended header.
ether-type Start of the packet is considered as
ether type.

offset1

Specifies the offset position and offset value that


needs to be considered as the match for offset1.
The two input value ranges 0 to 127 and 0 to 255.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

45

DATACOM SYSTEMS INC

VS-2024-F

offset2

Specifies the offset position and offset value


value that needs to be considered as the match
for offset 2. The two input value ranges 0 to 127
and 0 to 255.

Offset3

Specifies the offset position and offset value that


needs to be considered as the match for offset 3.
The two input value ranges 0 to 127 and 0 to 255.

Offset4

Specifies the offset position and offset value that


needs to be considered as the match for offset 4.
The two input value ranges 0 to 127 and 0 to 255.

Offset5

Specifies the offset position and offset value that


needs to be considered as the match for offset 5.
The two input value ranges 0 to 127 and 0 to 255.

Offset6

Specifies the offset position and value that needs


to be considered as the match for offset 6. The
two input value ranges 0 to 127 and 0 to 255.

Redirect

Redirects the packet to the destination interface


or set of interfaces.

load-balance

ifXtype Specifies the interfae type

ifnum Specifies the interface number

iface_list Specifies the list of interfaces

Specifies the parameters based on which the


traffic distribution needs to be done. Options are:

src-ip

dst-ip

src-mac

dst-mac

vlanid

src-tcpport

dst-tcpport

src-udpport

dst-udpport

udb

Options in the Layer 3 header are classified as


IPv4 or IPv6 based on packet type

46

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 4: ACL (ACCESS CONTROL LISTS)

vlan-action

Specifies the VLAN specific sub action to be


performed on the packet -

none Actions relating to the VLAN ID


will not be considered.

modify-vlan Modifies the VLAN ID to


which the packet gets classified. The
packet could be an untagged or VLAN
tagged packet.

nested-vlan Adds an outer VLAN tag to


the packet with the VLAN ID as
configured.

Mode

User defined Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config-userdef-acl)# permit
usr-defined-packet-type userdef offset-base l2 offset1 5 10 load-balance src-ip

Related Commands:

show access-lists - Displays the access list configuration

user-defined access-list Creates the user defined access-list.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

47

DATACOM SYSTEMS INC

VS-2024-F

4.6 deny usr-defined-packet-type


This command denies packets matching a particular User Defined Byte and by specifying the packet type
namely user-defined, tcp-ipv4, udp, mpls, ipv4, ipv6, frag-ip.

deny usr-defined-packet-type { user-def | tcp-ipv4 | udp-ipv4 | mpls | ipv4


|ipv6 | frag-ip }offset-base {l2 | l3 | l4 | ipv6-ext-hdr | ether-type |
<short(0-127)>} offset1 <short(0-127)> <short(0-255)> [offset2 <short(0-127)>
<short(0-255)>][offset3 <short(0-127)> <short(0-255)>] [offset4 <short(0-127)>
<short(0-255)>][offset5 <short(0-127)> <short(0-255)>] [offset6 <short(0-127)>
<short(0-255)>]
Syntax
Description

usr-defined-packet-type

offset-base

48

user-def Specifies the packet type as


user defined

tcp-ipv4 Specifies the packet type as tcp


in the ipV4 packet.

udp-ipv4 - Specifies the packet type as


udp in the ipV4 packet.

mpls - Specifies the packet type as mpls.

ipv4 - Specifies the packet type as ipv4.

ipv6 - Specifies the packet type as ipv6.

frag-ip - Specifies the packet type as


fragmented ip.

Specifies the start of the packet from which the


user defined byte should be comsidered
-

l2 Start of the packet is considered as


layer 2

l3 Start of the packet is considered as


layer 3

l4 Start of the packet is considered as


layer 4

ipv6-ext-hdr Start of the packet is


considered as ipv6 extended header.

ether-type
Start of the packet is
considered as ether type.

offset1

Specifies the offset position and offset value that


needs to be considered as the match for offset1.
The two input value ranges 0 to 127 and 0 to 255.

offset2

Specifies the offset position and offset value that


needs to be considered as the match for offset2.
The two input value ranges 0 to 127 and 0 to 255

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 4: ACL (ACCESS CONTROL LISTS)

Offset3

Offset4

Specifies the offset position and offset value that


needs to be considered as the match for offset3.
The two input value ranges 0 to 127 and 0 to 255
-

Specifies the offset position and offset value that


needs to be considered as the match for offset4.
The two input value ranges 0 to 127 and 0 to 255.

Offset5

Specifies the offset position and offset value that


needs to be considered as the match for offset5.
The two input value ranges 0 to 127 and 0 to 255

Offset6

Specifies the offset position and offset value that


needs to be considered as the match for offset6.
The two input value ranges 0 to 127 and 0 to 255

Mode

User defined Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config-userdef-acl)# deny
offset-base l2 offset1 112 25

usr-defined-packet-type user-def

Related Commands:

show access-lists - Displays the access list configuration

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

49

DATACOM SYSTEMS INC

VS-2024-F

4.7 permit - standard mode


This command specifies the packets to be forwarded depending upon the associated parameters.
Standard IP access lists use source addresses for matching operations.

permit { any | host <src-ip-address> | <network-src-ip> <mask> } [{ any | host


<dest-ip-address> | <network-dest-ip> <mask>}]redirect {interface <ifXtype>
<ifnum> | <ifXtype><iface_list> [<ifXtype><iface_list>] load-balance {src-ip
| dst-ip | src-mac | dst-mac | vlanid | src-tcpport | dst-tcpport | srcudpport | dst-udpport}}] [vlan-action {none | modify-vlan<short (1-4094)> |
nested-vlan <short (1 -4094)>}]

Syntax
Description

any|host
<src-ip-address>|
<network-src-ip><mask>

any|host
<dest-ip-address>|
< network-dest-ip>
<mask>

redirect

50

Source IP address can be


- 'any' or
-

the dotted decimal address

the IP address of the host that the packet is


from and the network mask to use with the
source IP address

Destination IP address can be


- 'any' or
-

the dotted decimal address or

the IP address of the host that the packet is


destined for and the network mask to use with
the destination IP address

Redirects the action to the destination interface or set of


interfaces.
- ifXtype Specifies the interfae type
-

ifnum Specifies the interface number

iface_list Specifies the list of interfaces

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 4: ACL (ACCESS CONTROL LISTS)

load-balance

Specifies the parameters based on which the traffic


distribution needs to be done. Options are:

src-ip

src-mac

dst-ip

dst-mac

vlanid

src-tcpport

dst-tcpport

src-udpport

dst-udpport

Options in the Layer 3 header are classified as IPv4 or


IPv6 based on packet type
vlan-action

Specifies the VLAN specific sub action to be performed


on the packet none Actions relating
considered.

to the VLAN ID will not be

modify-vlan Modifies the VLAN ID to which the packet


gets classified. The packet could be an untagged or
VLAN tagged packet.

Mode

nested-vlan Adds an outer VLAN tag to the packet


with the VLAN ID as configured.
IP ACL Configuration (standard)

Package

Workgroup, Enterprise and Metro

Example

iss(config-std-nacl)# permit host 100.0.0.10

Related Commands

ip access-list - Creates IP ACLs and enters the IP Access-list configuration mode

deny - standard mode - Denies traffic if the conditions defined in the deny statement are
matched

show access-lists- Displays the access list configuration

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

51

DATACOM SYSTEMS INC

VS-2024-F

4.8 deny - standard mode


This command denies traffic if the conditions defined in the deny statement are matched.
deny{ any | host <src-ip-address> | <src-ip-address> <mask> } [ { any | host
<dest-ip-address> | <dest-ip-address> <mask> } ]

Syntax
Description

any|host

src-ip-address|

Source IP address can be


- 'any' or

<src-ip-address>
<mask>

any|host
dest-ip-address|
<dest-ipaddress><mask>

the word 'host' and the dotted decimal address


or

number of the network or the host that the


packet is from and the network mask to use
with the source IP address

Destination IP address can be


- 'any' or
-

the word 'host' and the dotted decimal address


or

number of the network or the host that the


packet is destined for and the network mask to
use with the destination IP address

Mode

IP ACL Configuration (standard)

Package

Workgroup, Enterprise and Metro

Example

iss(config-std-nacl)# deny host 100.0.0.10 any

Related Commands

ip access-list - Creates IP ACLs and enters the IP Access-list configuration mode

permit - standard mode - Specifies the packets to be forwarded depending upon the associated
parameters

show access-lists-Displays the access list configuration

52

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 4: ACL (ACCESS CONTROL LISTS)

4.9 permit- ip/ospf/pim/protocol type


This command allows traffic for a particular protocol packet if the conditions defined in the permit
statement are matched.
permit { ip | ospf | pim | <protocol-type (1-255)>}{ any | host <src-ipaddress> | <src-ip-address> <mask> }{ any | host <dest-ip-addresq> | <dest-ipaddress> <mask> }[ {tos{max-reliability | max-throughput | min-delay | normal
|<value (0-7)>} | dscp <value (0-63)>} ][priority <value (1-255)>][redirect
{interface <ifXtype> <ifnum> | <ifXtype><iface_list> [<ifXtype><iface_list>]
load-balance {src-ip | dst-ip | src-mac | dst-mac | vlanid | src-tcpport |
dst-tcpport | src-udpport | dst-udpport}}][vlan-action {none | modifyvlan<short (1-4094)> | nested-vlan <short (1 -4094)>}]

Syntax
Description

ip| ospf|pim|
<protocol-type
255)>

Type of protocol for the packet. It can also be a protocol


number.

Source IP address can be


- any or

(1-

any| host
<src-ip-address>|
<src-ip-address>
<mask>

any|host

<dest-ip-address>|
<dest-ip-address>
<mask>

the dotted decimal address or

the IP Address of the network or the host that the


packet is from and the network mask to use with
the source address.

Destination IP address can be


- any or
-

the dotted decimal address or

the IP Address of the network or the host that the


packet is destined for and the network mask to
use with the destination address

tos

Type of service. Can be max-reliability, max throughput,


min-delay, normal or a range of values from 0 to 7,
Differentiated Services Code Point (DSCP) values to
match against incoming packets.

priority

The priority of the L3 filter is used to decide which filter


rule is applicable when the packet matches with more
than one filter rules. Lower value of filter priority implies a
higher priority.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

53

DATACOM SYSTEMS INC

VS-2024-F

redirect

Redirects the action to the destination interface or set of


interfaces.

load-balance

ifXtype Specifies the interfae type

ifnum Specifies the interface number

iface_list Specifies the list of interfaces

Specifies the parameters based on which the traffic


distribution needs to be done. Options are:

vlan-action

src-ip

dst-ip

src-mac

dst-mac

vlanid

src-tcpport

dst-tcpport

src-udpport

dst-udpport

Specifies the VLAN specific sub action to be performed on


the packet none Actions relating
considered.

to the VLAN ID will not be

modify-vlan Modifies the VLAN ID to which the packet


gets classified. The packet could be an untagged or VLAN
tagged packet.
nested-vlan Adds an outer VLAN tag to the packet with
the VLAN ID as configured.
Mode

ACL Extended Access List Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

protocol-type

255

priority

Example

54

iss(config-ext-nacl)# permit 200 host 100.0.0.10 any tos 6 load


balance src-ip

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 4: ACL (ACCESS CONTROL LISTS)

Protocol type with the value 255 indicates that protocol can be anything and it will not
be checked against the action to be performed.

Service VLAN, Service VLAN Priority, Customer VLAN and Customer VLAN Priority
options are applicable only for Metro Solution, when the bridge mode is Provider
Bridge.

Related Commands

ip access-list - Creates IP ACLs and enters the IP Access-list configuration mode

show access-lists - Displays the access list configuration

deny - ip/ospf/pim/protocol type- Denies traffic for a particular protocol packet if the
conditions defined in the deny statement are matched

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

55

DATACOM SYSTEMS INC

VS-2024-F

4.10 permit ipv6


This command specifies IP packets to be forwarded based on protocol and associated parameters.
permit
ipv6 { flow-label <integer(1-65535)> | {any | host <ip6_addr>
<integer(0-128)> } { any | host <ip6_addr> <integer(0-128)> }} [redirect
{interface
<ifXtype>
<ifnum>
|
<ifXtype><iface_list>
[<ifXtype><iface_list>]load-balance {src-ip | dst-ip | src-mac | dst-mac |
vlanid | src-tcpport| dst-tcpport | src-udpport | dst-udpport}}][vlan-action
{none | modify-vlan<short (1-4094)> | nested-vlan <short (1 -4094)>}]

Syntax
Description

flow-label

Flow identifier in IPv6 header.

any | host <ip6_addr>


<integer(0-128)>

Source address of the host / any host.

any | host <ip6_addr>


<integer(0-128)>

Destination address of the host / any host.

redirect

load-balance

vlan-action

56

Redirects the action to the destination interface or


set of interfaces.
- ifXtype Specifies the interfae type
-

ifnum Specifies the interface number

iface_list Specifies the list of interfaces

Specifies the parameters based on which the traffic


distribution needs to be done. Options are:

src-ip

dst-ip

src-mac

dst-mac

vlanid

src-tcpport

dst-tcpport

src-udpport

dst-udpport
Specifies the VLAN specific sub action to be
performed on the packet -

none Actions relating to the VLAN ID will


not be considered.

modify-vlan Modifies the VLAN ID to which


the packet gets classified. The packet could
be an untagged or VLAN tagged packet.

nested-vlan Adds an outer VLAN tag to the


packet with the VLAN ID as configured.

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 4: ACL (ACCESS CONTROL LISTS)
Mode

ACL Extended Access List Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config-ext-nacl)# permit ipv6 host c004::04 28 any loadbalance src-ip

Flow label cannot be configured along with either source/destination IP address.

Related Commands

show access-lists - Displays the access lists configuration.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

57

DATACOM SYSTEMS INC

VS-2024-F

4.11 deny ipv6


This command specifies IPv6 packets to be rejected based on protocol and associated parameters.

deny ipv6 { flow-label <integer(1-65535)> | {any | host <ip6_addr> <integer(0128)> } { any | host <ip6_addr> <integer(0-128)> }}

Syntax
Description

flow-label

Flow identifier in IPv6 header.

any | host <ip6_addr>


<integer(0-128)>

Source address of the host / any host.

any | host <ip6_addr>


<integer(0-128)>

Destination address of the host / any host.

Mode

ACL Extended Access List Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config-ext-nacl)# deny ipv6 host c004::04 28 any


iss(config-ext-nacl)# deny ipv6 flow-label 40

Flow label cannot be configured along with either source/destination IP address.

Related Commands

show access-lists - Displays the access lists configuration.

58

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 4: ACL (ACCESS CONTROL LISTS)

4.12 deny - ip/ospf/pim/protocol type


This command denies traffic for a particular protocol packet if the conditions defined in the deny statement
are matched.
deny { ip | ospf | pim | <protocol-type (1-255)>} { any | host <src-ipaddress> | <src-ip-address> <mask> } { any | host <dest-ip-address> | <destip-address> <mask> }[ {tos{max-reliability | max-throughput | min-delay |
normal |<value (0-7)>} | dscp <value (0-63)>} ] [ priority <value (1-255)>]

Syntax
Description

ip| ospf|pim|

Type of protocol for the packet. It can also be a


protocol number.

Source IP address can be

<protocol-type
(1-255)>
any| host
<src-ip-address>|

any or

<src-ip-address>
<mask>

the word host and the dotted decimal address


or

number of the network or the host that the


packet is from and the network mask to use
with the source address

any|host

Destination IP address can be

<dest-ip-address>|

any or

<dest-ip-address>
<mask>

the word host and the dotted decimal address


or

number of the network or the host that the


packet is destined for and the network mask to
use with the destination address

tos

Type of service. Can be max-reliability, max


throughput, min-delay, normal or a range of values
from 0 to 7, Differentiated Services Code Point (DSCP)
values to match against incoming packets.

priority

The priority of the L3 filter is used to decide which filter


rule is applicable when the packet matches with more
than one filter rules. Lower value of filter priority
implies a higher priority.

Mode

ACL Extended Access List Configuration Mode

Package

Workgroup, Enterprise and Metro

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

59

DATACOM SYSTEMS INC

VS-2024-F

Defaults

protocol type

255

priority

Example

iss(config-ext-nacl)# deny ospf any host 10.0.0.1 tos maxthroughput

Protocol type with the value 255 indicates that protocol can be anything and it will
not be checked against the action to be performed.

Service Vlan, Service Vlan Priority, Customer Vlan and Customer Vlan Priority
options are applicable only for Metro Solution, when the bridge mode is Provider
Bridge.

Related Commands

ip access-list - Creates IP ACLs and enters the IP Access-list configuration mode

permit- ip/ospf/pim/protocol type - Allows traffic for a particular protocol packet if the
conditions defined in the permit statement are matched

show access-lists -Displays the access list configuration

60

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 4: ACL (ACCESS CONTROL LISTS)

4.13 permit tcp


This command specifies the TCP packets to be forwarded based on the associated parameters.

permit tcp {any | host <src-ip-address> | <src-ip-address> <src-mask> }[{gt


<port-number (1-65535)> | lt <port-number (1-65535)>|eq <port-number (165535)> |range <port-number (1-65535)> <port-number (1-65535)>}]{ any | host
<dest-ip-address> | <dest-ip-address> <dest-mask> }[{gt <port-number (165535)> | lt <port-number (1-65535)> | eq <port-number (1-65535)> |range
<port-number (1-65535)> <port-number (1-65535)>}][{ ack | rst }][{tos{maxreliability|max-throughput|min-delay|normal|<tos-value(0-7)>}|dscp <value (063)>}][ priority <short(1-255)>][redirect {interface <ifXtype>
<ifnum> |
<ifXtype><iface_list> [<ifXtype><iface_list>]load-balance {src-ip | dst-ip |
src-mac | dst-mac | vlanid | src-tcpport| dst-tcpport | src-udpport | dstudpport}}] [vlan-action {none | modify-vlan<short (1-4094)>
| nested-vlan
<short (1 -4094)>}]

Syntax
Description

tcp

Transport Control Protocol

any| host

Source IP address can be

<src-ip-address>|
<src-ip-address>
src-mask >

port-number

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

<

any or

the dotted decimal address OR

the IP address of the network or the host that


the packet is from and the network mask to use
with the source address

Port Number. The input for the source and the


destination port-number is prefixed with one of the
following operators.
-

eq=equal

lt=less than

gt=greater than

range=a range of ports; two different port


numbers must be specified

61

DATACOM SYSTEMS INC

VS-2024-F

any|host

<dest-ip-address>
|<dest-ip-address>
< dest-mask >

any or

the dotted decimal address or

the IP Address of the network or the host that


the packet is destined for and the network mask
to use with the destination address

ack

TCP ACK bit to be checked against the packet. It can be


establish (1), non-establish (2) or any (3).

rst

TCP RST bit to be checked against the packet. It can be


set (1), notset (2) or any (3).

tos

Type of service. Can be max-reliability, max throughput,


min-delay, normal or a range of values from 0 to 7,
Differentiated Services Code Point (DSCP) values to
match against incoming packets.

priority

The priority of the filter is used to decide which filter rule


is applicable when the packet matches with more than
one filter rules. Lower value of filter priority implies a
higher priority.

redirect

62

Destination IP address can be

Redirects the action to the destination interface or set of


interfaces.
-

ifXtype Specifies the interfae type

ifnum Specifies the interface number

iface_list Specifies the list of interfaces

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 4: ACL (ACCESS CONTROL LISTS)

Load-balance

Specifies the parameters based on which the traffic


distribution needs to be done. Options are:

vlan-action

src-ip

dst-ip

src-mac

dst-mac

vlanid

src-tcpport

dst-tcpport

src-udpport

dst-udpport

Specifies the VLAN specific sub action to be performed


on the packet -

none Actions relating to the VLAN ID will not


be considered.

modify-vlan Modifies the VLAN ID to which


the packet gets classified. The packet could be
an untagged or VLAN tagged packet.

nested-vlan Adds an outer VLAN tag to the


packet with the VLAN ID as configured.

Mode

ACL Extended Access List Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

tos-value

ack

any (3) [indicates that the TCP ACK bit will not be
checked to decide the action]

rst

any (3) [indicates that the TCP RST bit will not be
checked to decide the action]

Example

iss(config-ext-nacl)# permit tcp any 10.0.0.1 load-balance scr-ip

Service Vlan, Service Vlan Priority, Customer Vlan and Customer Vlan Priority options
are applicable only for Metro Solution, when the bridge mode is Provider Bridge.

Related Commands

ip access-list - Creates IP ACLs and enters the IP Access-list configuration mode

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

63

DATACOM SYSTEMS INC

VS-2024-F

show access-lists - Displays the access list configuration

-deny tcp Specifies the TCP packets to be rejected based on the associated parameters

4.14 deny tcp


This command specifies the TCP packets to be rejected based on the associated parameters.
deny tcp {any | host <src-ip-address> | <src-ip-address> <src-mask> }[{gt
<port-number (1-65535)> | lt <port-number (1-65535)> |eq <port-number (165535)> | range <port-number (1-65535)> <port-number (1-65535)>}]{ any | host
<dest-ip-address> | <dest-ip-address> <dest-mask> }[{gt <port-number (165535)> | lt <port-number (1-65535)> | eq <port-number (1-65535)> |range
<port-number (1-65535)> <port-number (1-65535)>}][{ ack | rst }][{tos{maxreliability|max-throughput|min-delay|normal|<tos-value(0-7)>} | dscp <value
(0-63)>}] [ priority <short (1-255)>]

Syntax
Description

64

tcp

Transmission control protocol

any| host

Source IP address can be

<src-ip-address>|

any or

<src-ip-address>
<src-mask>

the word host and the dotted decimal


address or

number of the network or the host that the


packet is from and the network mask to use
with the source address

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 4: ACL (ACCESS CONTROL LISTS)

port-number

any|host

Port Number. The input for the source and the


destination port-number is prefixed with one of the
following operators.
-

eq=equal

lt=less than

gt=greater than

range=a range of ports; two different port


numbers must be specified

Destination IP address can be

<dest-ip-address>|

any or

<dest-ip-address>

the word host and the dotted decimal


address or

number of the network or the host that the


packet is destined for and the network mask
to use with the destination address

<dest-mask>

ack

TCP ACK bit to be checked against the packet. It can


be establish (1), non-establish (2) or any (3)

rst

TCP RST bit to be checked against the packet. It can


be set (1), notset (2) or any (3)

tos

Type of service. Can be max-reliability, max


throughput, min-delay, normal or a range of values
from 0 to 7, Differentiated Services Code Point
(DSCP) values to match against incoming packets.

priority

The priority of the filter is used to decide which filter


rule is applicable when the packet matches with more
than one filter rules. Lower value of filter priority
implies a higher priority.

Mode

ACL Extended Access List Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

tos-value

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

65

DATACOM SYSTEMS INC

VS-2024-F

ack

any (3) [indicates that TCP ACK bit will not be


checked to decide the action]

rst

any (3) [indicates that TCP RST bit will not be


checked to decide the action]

Example

iss(config-ext-nacl)# deny tcp 100.0.0.10 255.255.255.0


any

Service Vlan, Service Vlan Priority, Customer Vlan and Customer Vlan Priority
options are applicable only for Metro Solution, when the bridge mode is Provider
Bridge.

eq 20

Related Commands

ip access-list - Creates IP ACLs and enters the IP Access-list configuration mode

show access-lists - Displays the access list configuration

permit tcp - Specifies the TCP packets to be forwarded based on the associated parameters

4.15 permit udp


This command specifies the UDP packets to be forwarded based on the associated parameters.
permit udp { any | host <src-ip-address> | <src-ip-address> <src-mask>}[{gt
<port-number (1-65535)> | lt <port-number (1-65535)>| eq <port-number (165535)> | range <port-number (1-65535)> <port-number (1-65535)>}]{ any | host
<dest-ip-address> | <dest-ip-address> <dest-mask> }[{ gt <port-number (165535)> | lt <port-number (1-65535)>| eq <port-number (1-65535)>| range <portnumber
(1-65535)>
<port-number
(1-65535)>}][{tos{max-reliability|maxthroughput|min-delay|normal|<tos-value(0-7)>} | dscp <value (0-63)>}] [
priority
<(1-255)>][redirect
{interface
<ifXtype>
<ifnum>
|
<ifXtype><iface_list> [<ifXtype><iface_list>] load-balance {src-ip | dst-ip |
src-mac | dst-mac | vlanid | src-tcpport| dst-tcpport | src-udpport | dstudpport}}] [vlan-action {none | modify-vlan<short (1-4094)>
| nested-vlan
<short (1 -4094)>}]

Syntax
Description

66

udp

User Datagram Protocol

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 4: ACL (ACCESS CONTROL LISTS)

any| host

Source IP address can be

<src-ip-address>|

'any' or

<src-ip-address>

the word 'host' and the dotted decimal address


or

number of the network or the host that the


packet is from and the network mask to use with
the source address

<src-mask>

port-number

any|host

Port Number. The input for the source and the


destination port-number is prefixed with one of the
following operators.
-

eq=equal

lt=less than

gt=greater than

range=a range of ports; two different port


numbers must be specified

Destination IP address can be

<dest-ip-address>|

'any' or

<dest-ip-address>

the word 'host' and the dotted decimal address


or

number of the network or the host that the


packet is destined for and the network mask to
use with the destination address

<dest-mask>

tos

Type of service. Can be max-reliability, max throughput,


min-delay, normal or a range of values from 0 to 7,
Differentiated Services Code Point (DSCP) values to
match against incoming packets.

The priority of the filter is used to decide which filter rule


is applicable when the packet matches with more than
one filter rules. Lower value of 'filter priority' implies a
higher priority.

{max-reliability |
max-throughput
|
min-delay | normal
| <value (0-7)> |
dscp
<value(063)>}

priority

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

67

DATACOM SYSTEMS INC

VS-2024-F

redirect

load-balance

vlan-action

Redirects the action to the destination interface or set of


interfaces.
-

ifXtype Specifies the interfae type

ifnum Specifies the interface number

iface_list Specifies the list of interfaces

Specifies the parameters based on which the traffic


distribution needs to be done. Options are:

src-ip

dst-ip

src-mac

dst-mac

vlanid

src-tcpport

dst-tcpport

src-udpport

dst-udpport

Specifies the VLAN specific sub action to be performed


on the packet none Actions relating
considered.

to the VLAN ID will not be

modify-vlan Modifies the VLAN ID to which the packet


gets classified. The packet could be an untagged or
VLAN tagged packet.
nested-vlan Adds an outer VLAN tag to the packet with
the VLAN ID as configured.
Mode

ACL Extended Access List Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config-ext-nacl)# permit udp any 100.0.0.10 load-balance


src-ip

Service Vlan, Service Vlan Priority, Customer Vlan and Customer Vlan Priority options
are applicable only for Metro Solution, when the bridge mode is Provider Bridge.

Related Commands

68

ip access-list - Creates IP ACLs and enters the IP Access-list configuration mode

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 4: ACL (ACCESS CONTROL LISTS)

show access-lists - Displays the access list configuration

deny udp - Specifies the UDP packets to be rejected based on the associated parameters

4.16 deny udp


This command specifies the UDP packets to be rejected based on the associated parameters.
deny udp { any | host <src-ip-address> | <src-ip-address> <src-mask>}[{gt
<port-number (1-65535)> | lt <port-number (1-65535)>| eq <port-number (165535)> | range <port-number (1-65535)> <port-number (1-65535)>}]{ any | host
<dest-ip-address> | <dest-ip-address> <dest-mask> }[{ gt <port-number (165535)> | lt <port-number (1-65535)>| eq <port-number (1-65535)>| range <portnumber
(1-65535)>
<port-number
(1-65535)>}][{tos{max-reliability|maxthroughput|min-delay|normal|<tos-value(0-7)>} | dscp <value (0-63)>}] [
priority <(1-255)>]

Syntax
Description

udp

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

User Datagram Protocol

69

DATACOM SYSTEMS INC

VS-2024-F

any| host

Source IP address can be

<src-ip-address>|

'any' or

<src-ip-address>

the word 'host' and the dotted decimal address


or

number of the network or the host that the


packet is from and the network mask to use with
the source address

<src-mask>

port-number

any|host

Port Number. The input for the source and the


destination port-number is prefixed with one of the
following operators.
-

eq=equal

lt=less than

gt=greater than

range=a range of ports; two different port


numbers must be specified

Destination IP address can be

<dest-ip-address>

'any' or

|<dest-ip-address>

the word 'host' and the dotted decimal address


or

number of the network or the host that the


packet is destined for and the network mask to
use with the destination address

<dest-mask>

tos

Type of service. Can be max-reliability, max throughput,


min-delay, normal or a range of values from 0 to 7,
Differentiated Services Code Point (DSCP) values to
match against incoming packets.

priority

The priority of the filter used to decide which filter rule is


applicable when the packet matches with more than one
filter rules. Lower value of 'filter priority' implies a higher
priority.

Mode

ACL Extended Access List Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config-ext-nacl)# deny udp host 10.0.0.1 any eq 20

70

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 4: ACL (ACCESS CONTROL LISTS)

Service Vlan, Service Vlan Priority, Customer Vlan and Customer Vlan Priority options
are applicable only for Metro Solution, when the bridge mode is Provider Bridge.

Related Commands

ip access-list - Creates IP ACLs and enters the IP Access-list configuration mode

show access-lists - Displays the access list configuration

permit udp - Specifies the UDP packets to be forwarded based on the associated parameters

4.17 permit icmp


This command specifies the ICMP packets to be forwarded based on the IP address and the associated
parameters.
permit icmp {any |host <src-ip-address>|<src-ip-address> <mask>}{any | host
<dest-ip-address>
|
<dest-ip-address>
<mask>
}[<message-type
(0-255)>]
[<message-code (0-255)>] [ priority <(1-255)>] [redirect {interface <ifXtype>
<ifnum> | <ifXtype><iface_list>[<ifXtype><iface_list>] Load-balance {src-ip |
dst-ip | src-mac | dst-mac | vlanid | src-tcpport | dst-tcpport | src-udpport
| dst-udpport}}] [vlan-action {none | modify-vlan<short (1-4094)> | nestedvlan <short (1 -4094)>}]

Syntax
Description

icmp

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

Internet Control Message Protocol

71

DATACOM SYSTEMS INC

VS-2024-F

any| host

Source IP address can be

<src-ip-address>

'any' or

|<src-ip-address>
<mask>

the word 'host' and the dotted decimal address


or

number of the network or the host that the


packet is from and the network mask to use
with the source address

any|host

Destination IP address can be

<dest-ip-address>|

'any' or

<dest-ip-address>

the word 'host' and the dotted decimal address


or

number of the network or the host that the


packet is destined for and the network mask to
use with the destination address

<mask>

message-type

Message type

message-code

ICMP Message code

priority

The priority of the filter used to decide which filter rule


is applicable when the packet matches with more than
one filter rules. Lower value of 'filter priority' implies a
higher priority.

Redirect

72

Redirects the action to the destination interface or set


of interfaces.
-

ifXtype Specifies the interfae type

ifnum Specifies the interface number

iface_list Specifies the list of interfaces

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 4: ACL (ACCESS CONTROL LISTS)

Load-balance

Specifies the parameters based on which the traffic


distribution needs to be done. Options are:

Vlan-action

src-ip

dst-ip

src-mac

dst-mac

vlanid

src-tcpport

dst-tcpport

src-udpport

dst-udpport

Specifies the VLAN specific sub action to be performed


on the packet -

none Actions relating to the VLAN ID will not


be considered.

modify-vlan Modifies the VLAN ID to which


the packet gets classified. The packet could be
an untagged or VLAN tagged packet.

nested-vlan Adds an outer VLAN tag to the


packet with the VLAN ID as configured.

Mode

ACL Extended Access List Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

message-type/message
code

Example

iss(config-ext-nacl)# permit icmp any 10.0.0.1 load balance


src-ip

255

The ICMP message type can be one of the following:

Value

ICMP type

Echo reply

Destination unreachable

Source quench

Redirect

Echo request

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

73

DATACOM SYSTEMS INC

VS-2024-F

11

Time exceeded

12

Parameter problem

13

Timestamp request

14

Timestamp reply

15

Information request

16

Information reply

17

Address mask request

18

Address mask reply

155

No ICMP type

The ICMP code can be any of the following:

Value

ICMP code

Network unreachable

Host unreachable

Protocol unreachable

Port unreachable

Fragment need

Source route fail

Destination network unknown

Destination host unknown

Source host isolated

Destination network administratively prohibited

10

Destination host administratively prohibited

11

Network unreachable TOS

12

Host unreachable TOS

255

No ICMP code

Service Vlan, Service Vlan Priority, Customer Vlan and Customer Vlan Priority
options are applicable only for Metro Solution, when the bridge mode is Provider
Bridge.

Related Commands

ip access-list - Created IP ACLs and enters the IP Access-list configuration mode

show access-lists - Displays the access list configuration

74

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 4: ACL (ACCESS CONTROL LISTS)

deny icmp - Specifies the ICMP packets to be rejected based on the IP address and associated
parameters

4.18 deny icmp


This command specifies the ICMP packets to be rejected based on the IP address and associated
parameters.
deny icmp {any |host <src-ip-address>|<src-ip-address> <mask>}{any | host
<dest-ip-address>
|
<dest-ip-address>
<mask>
}[<message-type
(0-255)>]
[<message-code (0-255)>] [ priority <(1-255)>]

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

75

DATACOM SYSTEMS INC

VS-2024-F

Syntax
Description

icmp

Internet Control Message Protocol

any| host

Source IP address can be

<src-ip-address>|

'any' or

<src-ip-address>

the word 'host' and the dotted decimal address


or

number of the network or the host that the


packet is from and the network mask to use
with the source address

<mask>

any|host

Destination IP address can be

<dest-ip-address>|

'any' or

<dest-ip-address>

the word 'host' and the dotted decimal address


or

number of the network or the host that the


packet is destined for and the network mask to
use with the destination address

<mask>

message-type

Message type

message-code

ICMP Message code

priority

The priority of the filter used to decide which filter rule is


applicable when the packet matches with more than
one filter rules. Lower value of 'filter priority' implies a
higher priority.

Mode

ACL Extended Access List Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

message-type/
message code

Example

iss(config-ext-nacl)# deny icmp host 100.0.0.10 10.0.0.1


255.255.255.255

255

The ICMP message type can be one of the following:

Value

76

ICMP type

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 4: ACL (ACCESS CONTROL LISTS)

Echo reply

Destination unreachable

Source quench

Redirect

Echo request

11

Time exceeded

12

Parameter problem

13

Timestamp request

14

Timestamp reply

15

Information request

16

Information reply

17

Address mask request

18

Address mask reply

155

No ICMP type

The ICMP code can be any of the following:

Value

ICMP code

Network unreachable

Host unreachable

Protocol unreachable

Port unreachable

Fragment need

Source route fail

Destination network unknown

Destination host unknown

Source host isolated

Destination network administratively prohibited

10

Destination host administratively prohibited

11

Network unreachable TOS

12

Host unreachable TOS

255

No ICMP code

Service Vlan, Service Vlan Priority, Customer Vlan and Customer Vlan Priority
options are applicable only for Metro Solution, when the bridge mode is Provider
Bridge.

Related Commands

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

77

DATACOM SYSTEMS INC

VS-2024-F

ip access-list - Creates IP ACLs and enters the IP Access-list configuration mode

show access-lists - Displays the access list configuration

permit icmp - Specifies the ICMP packets to be forwarded based on the IP address and the
associated parameters

4.19 ip access-group
This command enables access control for the packets on the interface. It controls access to a Layer 2 or
Layer 3 interface. The no form of this command removes all access groups or the specified access group
from the interface. The direction of filtering is specified using the token in or out.
78

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 4: ACL (ACCESS CONTROL LISTS)

ip access-group <access-list-number (1-65535)> {in | out}


no ip access-group [<access-list-number (1-65535)>] {in | out}

Syntax
Description

access-list-number

IP access control list number

in

Inbound packets

out

Outbound packets

Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config-if)# ip access-group 1 in

IP access list must have been created.

Following are the limitations for this command to be applicable to Layer 2


interfaces.
-

The out keyword is not supported by Layer 2 interfaces.

An IP ACL applied to a Layer 2 interface filters only the IP packets. MAC


access-group interface configuration command with MAC extended ACLs
must be used to filter non-IP packets.

Related Commands

ip access-list - Creates IP ACLs and enters the IP Access-list configuration mode

show access-lists - Displays the access list configuration

4.20 mac access-group


This command applies a MAC access control list (ACL) to a Layer 2 interface. The no form of this
command can be used to remove the MAC ACLs from the interface.
mac access-group <access-list-number (1-65535)> {in | out}
no mac access-group [<access-list-number (1-65535)>] {in | out}

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

79

DATACOM SYSTEMS INC

VS-2024-F

Syntax
Description

access-list-number

Access List Number

in

Inbound packets

out

Outbound packets

Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config-if)# mac access-group 5 in

MAC access list must have been created.

Related Commands

mac access-list extended - Creates Layer 2 MAC ACLs, and returns the MAC-Access list
configuration mode to the user

show access-lists - Displays the access list statistics

permit - Specifies the packets to be forwarded based on the MAC address and the associated
parameters

deny - Specifies the packets to be rejected based on the MAC address and the associated
parameters.

4.21 user-defined access-group


This command applies a user defined access list (ACL) to an interface. The no form of this command
removes the User defined ACLs from the interface.

80

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 4: ACL (ACCESS CONTROL LISTS)

user-defined access-group <access-list-number (1-65535)> {in| out}


no user-defined access-group [<access-list-number (1-65535)>] {in| out}

Syntax
Description

access-list-number

IP access control list number

in

Inbound packets

out

Outbound packets

Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config-if)# user-defined access-group 5 in

User defined access list should be created already, before executing this command.

Related Commands

show access-lists - Displays the access list statistics

user-defined access-list Creates the user defined access-list.

4.22 permit
This command specifies the packets to be forwarded based on the MAC address and the associated
parameters, that is, this command allows non-IP traffic to be forwarded if the conditions are matched.
CLI USER MANUAL
DATACOM SYSTEMS CONFIDENTIAL

81

DATACOM SYSTEMS INC

VS-2024-F

permit { any | host <src-mac-address>}{ any | host <dest-mac-address> }[aarp |


amber | dec-spanning | decnet-iv | diagnostic | dsm | etype-6000|etype-8042 |
lat | lavc-sca | mop-console | mop-dump | msdos | mumps | netbios | vines-echo
| vines-ip | xns-id | <protocol (0-65535)>][ encaptype <value (1-65535)>][
Vlan <vlan-id (1-4094)>][priority <value (1-255)>][redirect
{interface
<ifXtype>
<ifnum> | <ifXtype><iface_list> [<ifXtype><iface_list>] loadbalance {src-ip | dst-ip | src-mac | dst-mac | vlanid | src-tcpport | dsttcpport | src-udpport | dst-udpport}}][vlan-action {none | modify-vlan<short
(1-4094)> | nested-vlan <short (1 -4094)>}]

Syntax
Description

82

any | host
address >

<src-mac-

Source MAC address to be matched with the packet

any | host <dest-macaddress >

Destination MAC address to be matched with the


packet

aarp

Ethertype AppleTalk Address Resolution Protocol


that maps a data-link address to a network address

amber

EtherType DEC-Amber

dec-spanning

EtherType Digital Equipment Corporation (DEC)


spanning tree

decnet-iv

EtherType DECnet Phase IV protocol

diagnostic

EtherType DEC-Diagnostic

dsm

EtherType DEC-DSM/DDP

etype-6000

EtherType 0x6000

etype-8042

EtherType 0x8042

lat

EtherType DEC-LAT

lavc-sca

EtherType DEC-LAVC-SCA

mop-console

EtherType DEC-MOP Remote Console

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 4: ACL (ACCESS CONTROL LISTS)

mop-dump

EtherType DEC-MOP Dump

msdos

EtherType DEC-MSDOS

mumps

EtherType DEC-MUMPS

netbios

EtherType DEC- Network Basic Input/Output System


(NETBIOS)

vines-echo

EtherType Virtual Integrated Network


(VINES) Echo from Banyan Systems

vines-ip

EtherType VINES IP

xns-id

EtherType Xerox Network Systems (XNS) protocol


suite

encaptype

Encapsulation Type

redirect

Redirects the action to the destination interface or


set of interfaces.

load-balance

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

Service

ifXtype Specifies the interfae type

ifnum Specifies the interface number

iface_list Specifies the list of interfaces

Specifies the parameters based on which the traffic


distribution needs to be done. Options are:

src-ip

dst-ip

src-mac

dst-mac

vlanid

src-tcpport

dst-tcpport

src-udpport dst-udpport

83

DATACOM SYSTEMS INC

VS-2024-F

vlan-action

Specifies the VLAN specific sub action to be


performed on the packet -

Mode

ACL MAC Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

vlan-id

priority

none Actions relating to the VLAN ID will


not be considered.

modify-vlan Modifies the VLAN ID to which


the packet gets classified. The packet could
be an untagged or VLAN tagged packet.

nested-vlan Adds an outer VLAN tag to the


packet with the VLAN ID as configured.

Example

iss(config-ext-macl)# permit host 00:11:22:33:44:55 any loadbalance src-ip vlan-action modify lan 526

MAC access list must have been created.

OuterEtherType, Service Vlan, Service Vlan Priority and Customer Vlan Priority
options are applicable only for Metro Solution, when the bridge mode is Provider
Bridge.

Related Commands

mac access-list extended - Creates Layer 2 MAC ACLs, and returns the MAC-Access list
configuration mode to the user

mac access-group - Applies a MAC access control list (ACL) to a Layer 2 interface

deny - Specifies the packets to be rejected based on the MAC address and the associated
parameters

show access-lists - Displays the access list statistics

user-defined access-list - Creates user defined access-list

84

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 4: ACL (ACCESS CONTROL LISTS)

4.23 deny
This command specifies the packets to be rejected based on the MAC address and the associated
parameters.
deny { any | host <src-mac-address>}{ any | host <dest-mac-address> } [aarp |
amber | dec-spanning | decnet-iv | diagnostic | dsm | etype-6000 |etype-8042 |
lat | lavc-sca | mop-console | mop-dump | msdos | mumps | netbios | vines-echo
| vines-ip | xns-id | <protocol (0-65535)>] [ encaptype <value (1-65535)>][
Vlan <vlan-id (1-4094)>] [priority <value (1-255)>]

Syntax
Description

any | host <srcmac-address >

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

Source MAC address to be matched with the packet

85

DATACOM SYSTEMS INC

VS-2024-F

86

any | host <destmac-address >

Destination MAC address to be matched with the packet

aarp

Ethertype AppleTalk Address Resolution Protocol that


maps a data-link address to a network address

amber

EtherType DEC-Amber

dec-spanning

EtherType Digital
spanning tree

decent-iv

EtherType DECnet Phase IV protocol

diagnostic

EtherType DEC-Diagnostic

dsm

EtherType DEC-DSM/DDP

etype-6000

EtherType 0x6000

etype-8042

EtherType 0x8042

lat

EtherType DEC-LAT

lavc-sca

EtherType DEC-LAVC-SCA

mop-console

EtherType DEC-MOP Remote Console

mop-dump

EtherType DEC-MOP Dump

msdos

EtherType DEC-MSDOS

mumps

EtherType DEC-MUMPS

netbios

EtherType DEC- Network Basic Input/Output System


(NETBIOS)

Equipment

Corporation

(DEC)

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 4: ACL (ACCESS CONTROL LISTS)

vines-echo

EtherType Virtual Integrated Network Service (VINES)


Echo from Banyan Systems

vines-ip

EtherType VINES IP

xns-id

EtherType Xerox Network Systems (XNS) protocol suite

encaptype

Encapsulation Type

vlan

VLAN ID to be filtered

priority

The priority of the L2 filter is used to decide which filter


rule is applicable when the packet matches with more
than one filter rules. Lower value of 'filter priority' implies
a higher priority.

Mode

ACL MAC Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

vlan-id

priority

Example

iss(config-ext-macl)# deny any host 00:11:22:33:44:55 priority


200

MAC access list must have been created.

OuterEtherType, Service Vlan, Service Vlan Priority and Customer Vlan Priority
options are applicable only for Metro Solution, when the bridge mode is Provider
Bridge.

Related Commands

mac access-list extended - Creates Layer 2 MAC ACLs, and returns the MAC-Access list
configuration mode to the user

mac access-group - Applies a MAC access control list (ACL) to a Layer 2 interface

permit - Specifies the packets to be forwarded based on the MAC address and the associated
parameters

show access-lists - Displays the access list statistics

user-defined access-list - Creates user defined access-list.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

87

DATACOM SYSTEMS INC

VS-2024-F

4.24 show access-lists


This command displays the access lists configuration.
show access-lists [[{ip | mac | user-defined }] < access-list-number (165535)> ]

Syntax
Description

88

ip

IP Access List

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 4: ACL (ACCESS CONTROL LISTS)

mac

MAC Access List

user-defined

user defined access list

Mode

Privileged/User EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show access-lists


EIP ACCESS LISTS
-----------------

Standard IP Access List 34


---------------------------IP address Type

: IPV4

Source IP address

: 172.30.3.134

Source IP address mask

: 255.255.255.255

Source IP Prefix Length

: 32

Destination IP address

: 0.0.0.0

Destination IP address mask

: 0.0.0.0

Destination IP Prefix Length

: 0

Flow Identifier

: 0

In Port List

: NIL

Out Port List

: NIL

Filter Action

: Deny

Status

: InActive

Extended IP Access List 1002


----------------------------Filter Priority

: 1

Filter Protocol Type

: ANY

IP address Type

: IPV4

Source IP address

: 0.0.0.0

Source IP address mask

: 0.0.0.0

Source IP Prefix Length

: 0

Destination IP address

: 0.0.0.0

Destination IP address mask

: 0.0.0.0

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

89

DATACOM SYSTEMS INC

VS-2024-F

Destination IP Prefix Length

: 0

Flow Identifier

: 0

In Port List

: NIL

Out Port List

: NIL

Filter TOS

: Invalid combination

Filter DSCP

: NIL

Filter Action

: Permit

Status

: InActive

Extended IP Access List 10022


----------------------------Filter Priority

: 1

Filter Protocol Type

: ANY

IP address Type

: IPV4

Source IP address

: 0.0.0.0

Source IP address mask

: 0.0.0.0

Source IP Prefix Length

: 0

Destination IP address

: 0.0.0.0

Destination IP address mask

: 0.0.0.0

Destination IP Prefix Length

: 0

Flow Identifier

: 0

In Port List

: NIL

Out Port List

: NIL

Filter TOS

: Invalid combination

Filter DSCP

: NIL

Filter Action

: Permit

Status

: InActive

MAC ACCESS LISTS


-----------------

No MAC Access Lists have been configured

90

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 4: ACL (ACCESS CONTROL LISTS)

OuterEtherType, Service Vlan, Service Vlan Priority, innerEtherType, Customer


Vlan and Customer Vlan Priority options are applicable only with Metro Ethernet
Feature and bridge mode is provider.

Related Commands

ip access-list - Creates IP ACLs and enters the IP Access-list configuration mode

mac access-list extended - Creates Layer 2 MAC ACLs, and returns the MAC-Access list
configuration mode to the user

permit usr-defined-packet-type - Permits Packet Based on User Defined Packet Byte

deny usr-defined-packet-type - This command denies packet based on user defined byte.

permit - standard mode - Specifies the packets to be forwarded depending upon the associated
parameters

deny - standard mode - Denies traffic if the conditions defined in the deny statement are
matched

permit- ip/ospf/pim/protocol type - Allows traffic for a particular protocol packet if the
conditions defined in the permit statement are matched

deny - ip/ospf/pim/protocol type Denies traffic for a particular protocol packet if the
conditions defined in the deny statement are matched

permit tcp- Specifies the TCP packets to be forwarded based on the associated parameters

deny tcp- Specifies the TCP packets to be rejected based on the associated parameters

permit udp- Specifies the UDP packets to be forwarded based on the associated parameters

deny udp- Specifies the UDP packets to be rejected based on the associated parameters

permit icmp- Specifies the ICMP packets to be forwarded based on the IP address and the
associated parameters

deny icmp - Specifies the ICMP packets to be rejected based on the IP address and associated
parameters

ip access-group- Enables access control for the packets on the interface

mac access-group - Applies a MAC access control list (ACL) to a Layer 2 interface

permit - Specifies the packets to be forwarded based on the MAC address and the associated
parameters

deny- specifies the packets to be rejected based on the MAC address and the associated parameters

user-defined access-list - Creates user defined access-list.

userdefined-list - Creates a user defined access list by applying AND, OR, NOT operation on existing
ACL rules

permit ipv6 - Specifies IP packets to be forwarded based on protocol and associated parameters.

deny ipv6 - Specifies IPv6 packets to be rejected based on protocol and associated parameters.

user-defined access-group - Applies a user defined access list (ACL) to an interface

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

91

Chapter

5
5.QoS (Quality of Service)
QoS defines the ability to provide different priority to different applications, users or data flows or the
ability to guarantee a certain level of performance to a data flow. QoS refers to resource reservation
control mechanisms rather than the achieved service quality and specifies a guaranteed throughput level.
Datacom Systems Inc. QoS provides a complete Quality of Service solution and helps in
implementing service provisioning policies for application or customers, who desire to have an
enhanced performance for their traffic on the Internet.
The list of CLI commands for the configuration of QoS is as follows:

shutdown qos

qos

priority-map

class-map

meter

policy-map

queue-type

shape-template

scheduler

queue

queue-map

sched-hierarchy

qos interface

map

match access-group

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

93

VS-2024-F

set class

meter-type

set policy

set meter

set

random-detect dp

show priority-map

show class-map

show class-to-priority-map

show meter

show policy-map

show queue-template

show shape-template

show scheduler

show queue

show queue-map

show sched-hierarchy

show qos def-user-priority

show qos meter-stats

show qos queue-stats

94

DATACOM SYSTEMS INC

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 5: QOS (QUALITY OF SERVICE)

5.1 shutdown qos


This command shuts down the QoS subsystem. The no form of the command starts the QoS subsystem.
shutdown qos
no shutdown qos

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

QoS subsystem is started and enabled by default.

Example

iss(config)# shutdown qos

Resources required by QoS subsystem are allocated and QoS subsystem starts
running, when started.

All the MemPools used by the QoS subsystem will be released, when shutdown.

Related Commands

show qos global info - Displays QoS related global configurations.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

95

DATACOM SYSTEMS INC

VS-2024-F

5.2 qos
This command enables or disables the QoS subsystem.
qos {enable | disable}

Syntax
Description

enable

Enables QoS subsystem

disable

Disables Qos subsystem

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

Enabled

Example

iss(config)# qos enable

QoS module programs the hardware and starts protocol operation, when set as
enable.

QoS module stops protocol operation by deleting the hardware configuration,


when set as disable.

Related Commands

show qos global info - Displays QoS related global configurations.

96

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 5: QOS (QUALITY OF SERVICE)

5.3 priority-map
This command adds a Priority Map entry. The no form of the command deletes a Priority Map entry.
priority-map <priority-map-Id(1-65535)>
no priority-map <priority-map-Id(1-65535)>

Syntax
Description

Priority-map-Id

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# priority-map 1

QoS subsystem should have been started.

Priority map index for the incoming packet received


over ingress Port/VLAN with specified incoming priority.
This value ranges between 1 and 65535.

Related Commands

show priority-map Displays the Priority Map entry.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

97

DATACOM SYSTEMS INC

VS-2024-F

5.4 class-map
This command adds a Class Map entry. The no form of the command deletes a Class Map entry.
class-map <class-map-id(1-65535)>
no class-map <class-map-id(1-65535)>

Syntax
Description

class-map-id

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# class-map 1

QoS subsystem should have been started.

Index that enumerates the MultiField Classifier table


entries. This value ranges between 1 and 65535.

Related Commands

show class-map Displays the Class Map entry.

98

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 5: QOS (QUALITY OF SERVICE)

5.5 meter
This command creates a Meter. The no form of the command deletes a Meter.
meter <meter-id(1-65535)>
no meter <meter-id(1-65535)>

Syntax
Description

meter-id

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# meter 1

QoS subsystem should have been started.

Index that enumerates the Meter entries. This value


ranges between 1 and 65535.

Related Commands

show meter Displays the Meter entry.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

99

DATACOM SYSTEMS INC

VS-2024-F

5.6 policy-map
This command creates a policy map. The no form of the command deletes a policy map.
policy-map <policy-map-id(1-65535)>
no policy-map <policy-map-id(1-65535)>

Syntax
Description

policy-map-id

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# policy-map 1

QoS subsystem should have been started.

Index that enumerates the policy-map table entries.


This value ranges between 1 and 65535.

Related Commands

show policy-map Displays the Policy Map entry.

100

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 5: QOS (QUALITY OF SERVICE)

5.7 queue-type
This command creates a Queue Template Type. The no form of the command deletes a Queue Template
Type.
queue-type <Q-Template-Id(1-65535)>
no queue-type <Q-Template-Id(1-65535)>

Syntax
Description

Q-Template-Id

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# queue-type 1

Queue Template Table index. This value ranges


between 1 and 65535.

Related Commands

show queue-template Displays the Q Template and Random Detect configurations.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

101

DATACOM SYSTEMS INC

VS-2024-F

5.8 shape-template
This command creates a Shape Template. The no form of the command deletes a Shape Template.
shape-template <integer(1-65535)> [cir <integer(1-65535)>] [cbs <integer(065535)>] [eir <integer(0-65535)>] [ebs <integer(0-65535)>]
no shape-template <Shape-Template-Id(1-65535)>

Syntax
Description

Shape-Template-Id

Shape Template Table index.

cir

Committed information rate for packets through the


queue.

cbs

Committed burst size for packets through the queue.

eir

Excess information rate for packets through the


hierarchy.

ebs

Excess burst size for packets through the hierarchy.

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# shape-template 1 cir 20 cbs 40 eir 50 ebs 40

Related Commands

show shape-template Displays the Shape Template configurations.

102

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 5: QOS (QUALITY OF SERVICE)

5.9 scheduler
This command creates a Scheduler and configures the Scheduler parameters. The no form of the
command deletes a scheduler.
scheduler <integer(1-65535)> interface <iftype> <ifnum> [sched-algo {strictpriority | rr | wrr | wfq | strict-rr | strict-wrr | strict-wfq | deficit-rr}]
[shaper <integer(0-65535)>] [hierarchy-level <integer(0-10)>]
no scheduler <Scheduler-Id(1-65535)> interface <iftype> <ifnum>

Syntax
Description

Scheduler-Id

Scheduler identifier that uniquely identifies


scheduler in the system/egress interface.

iftype

Interface type.

ifnum

Interface number.

sched-algo

Packet scheduling algorithm for the port. The algorithms


are:

strict-priority strictPriority.

rr roundRobin.

wrr weightedRoundRobin.

wfg weightedFairQueing.

strict-rr strictRoundRobin.

strict-wrr strictWeightedRoundRobin.

strict-wfg strictWeightedFairQueing.

deficit-rr deficitRoundRobin.

shaper

Shaper identifier that specifies


requirements for the scheduler.

hierarchy-level

Depth of the queue/scheduler hierarchy.

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

sched-algo

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

the

the

bandwidth

strict-priority

103

DATACOM SYSTEMS INC

VS-2024-F

hierarchy-level

Example

iss(config)# scheduler 1 interface giga 0/1 sched-algo rr


shaper 1 hierarchy-level 1

Shaper identifier is not mandatory for the creation of the conceptual row.

Related Commands

show scheduler Displays the configured Scheduler.

sched-hierarchy Creates a Scheduler Hierarchy.

show sched-hierarchy Displays the configured hierarchy scheduler.

104

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 5: QOS (QUALITY OF SERVICE)

5.10 queue
This command creates a Queue and configures the Queue parameters. The no form of the command
deletes a Queue.
queue <integer(1-65535)> interface <iftype> <ifnum> [qtype <integer(1-65535)>]
[scheduler
<integer(1-65535)>]
[weight
<integer(0-1000)>]
[priority
<integer(0-15)>] [shaper <integer(0-65535)>]
no queue <integer(1-65535)> interface <iftype> <ifnum>

Syntax
Description

queue

Queue identifier that uniquely identifies the queue in the


system/port.

iftype

Interface type.

ifnum

Interface number.

qtype

Queue Type identifier.

scheduler

Scheduler identifier that manages the specified queue.

weight

User assigned weight to the CoS queue.

priority

User assigned priority for the CoS queue.

shaper

Shaper identifier that specifies


requirements for the queue.

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

weight

priority

Example

the

bandwidth

iss(config)# queue 1 interface giga 0/1 qtype 2 scheduler 1


weight 20 priority 10 shaper 1.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

105

DATACOM SYSTEMS INC

VS-2024-F

Scheduler identifier is unique relative to an egress interface.

User assigned weights are used only when scheduling algorithm is a weighted
scheduling algorithm.

User assigned priority is used only when the scheduler uses a priority based
scheduling algorithm.

Shaper identifier is not mandatory for the creation of the row.

Related Commands

queue-type Creates a Queue Template Type.

scheduler Creates a Scheduler and configures the Scheduler parameters.

shape-template Creates a Shape Template.

show queue Displays the configured Queues.

106

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 5: QOS (QUALITY OF SERVICE)

5.11 queue-map
This command creates a Map for a Queue with Class or regenerated priority. The no form of the
command deletes a Queue map entry.
queue-map { CLASS <integer(1-65535)> | regn-priority { vlanPri | ipTos |
ipDscp | mplsExp | vlanDEI } <integer(0-63)> } [interface <iftype> <ifnum>]
queue-id <integer(1-65535)>
no queue-map { CLASS <integer(1-65535)> | regn-priority { vlanPri | ipTos |
ipDscp | mplsExp | vlanDEI } <integer(0-63)> } [interface <iftype> <ifnum>]

Syntax
Description

CLASS

Input CLASS that needs to be mapped to an outbound


queue.

regn-priority

Regenerated-priority type and regenerated-priority that


needs to be mapped to an outbound queue. The types are

vlanPri VLAN Priority.

ipTos IP Type of Service.

ipDscp IP Differentiated Services Code Point.

mplsExp MPLS Experimental

iftype

vlanDEI VLAN Drop Eligibility Indicator.


Interface type.

ifnum

Interface number.

queue-id

Queue identifier that uniquely identifies a queue relative to


an interface.

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# queue-map CLASS 1 interface giga 0/1 queue-id 1

CLASS should be zero while configuring RegenPriority specific Q.

Regenerated-priority should be zero while configuring CLASS specific Queue.

Related Commands

show queue-map Displays the configured Queue map.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

107

DATACOM SYSTEMS INC

VS-2024-F

5.12 sched-hierarchy
This command creates a Scheduler Hierarchy. The no form of the command deletes a Scheduler
Hierarchy.
sched-hierarchy interface <iftype> <ifnum> hierarchy-level <integer(1-10)>
sched-id <integer(1-65535)> {next-level-queue <integer(0-65535)> | next-levelscheduler <integer(0-65535)>} [priority <integer(0-15)>] [weight <integer(01000)>]
no sched-hierarchy interface <iftype> <ifnum> hierarchy-level <integer(1-10)>
sched-id <integer(1-65535)>

Syntax
Description

iftype

Interface type.

ifnum

Interface number.

hierarchy-level

Depth of the queue/scheduler hierarchy.

sched-id

Scheduler identifier.

next-level-queue Next-level queue to which the


scheduler output needs to be sent.

priority

next-level-scheduler Next-level scheduler to which


the scheduler output needs to be sent.
Scheduler priority.

weight

Scheduler weight.

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

priority

Example

iss(config)# sched-hierarchy interface giga 0/1 hierarchy-level


3 sched-id 1 next-level-queue 2 priority 5 weight 50
The priority is specified when the scheduler is connecting to any of the priorities (
EF, AF, BE) of the next level strict-priority scheduler.

The weight is specified if the scheduler is connecting to a WeightedFairQueing of


another scheduler.

Related Commands

show sched-hierarchy Displays the configured hierarchy scheduler.

108

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 5: QOS (QUALITY OF SERVICE)

5.13 qos interface


This command sets the default ingress user priority for the port.
qos interface <iftype> <ifnum> def-user-priority <integer(0-7)>

Syntax
Description

iftype

Interface type

ifnum

Interface number

def-user-priority

Default ingress user priority for the port

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# qos interface giga 0/1 def-user-priority 3

The default ingress user priority will be used to set priority for untagged packets.

Related Commands

show qos def-user-priority Displays the configured default ingress user priority for a port.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

109

DATACOM SYSTEMS INC

VS-2024-F

5.14 map
This command adds a Priority Map Entry for mapping an incoming priority to a regenerated priority. The
no form of the command sets default value to the Interface, VLAN, regenerated inner priority.
map [interface <iftype> <ifnum>] [vlan <integer(1-4094)>] in-priority-type {
vlanPri | ipTos | ipDscp | mplsExp | vlanDEI } [in-priority <integer(0-63)>]
regen-priority <integer(0-63)> [regen-inner-priority <integer(0-7)>]
no map { interface | vlan | regen-inner-priority }

Syntax
Description

iftype

Interface type

ifnum

Interface number

vlan

VLAN identifier. This value ranges between 1 and 4094.

in-priority-type

Type of the incoming priority. The types are:

vlanPri VLAN Priority.

ipTos IP Type of Service.

ipDscp IP Differentiated Services Code Point.

mplsExp MPLS Experimental

vlanDEI VLAN Drop Eligibility Indicator.

in-priority

Incoming priority value determined for the received


frame. This value ranges between 0 and 63.

regen-priority

Regenerated priority value determined for the received


frame. This value ranges between 0 and 63.

regen-innerpriority

Regenerated inner-VLAN (CVLAN) priority value


determined for the received frame. This value ranges
between zero and seven.

Mode

Priority Map Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

vlan

in-priority-type

vlanPri

110

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 5: QOS (QUALITY OF SERVICE)

in-priority

-1

regen-priority

Example

iss(config-pri-map)# map interface gig 0/1 vlan 4094 inpriority-type vlanPri in-priority 0 regen-priority 7 regeninner-priority 1

Priority Map entry should have been created.

Related Commands

priority-map Adds a Priority Map entry

show priority-map Displays the Priority Map entry.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

111

DATACOM SYSTEMS INC

VS-2024-F

5.15 match access-group


This command sets Class Map parameters using L2and/or L3 ACL or Priority Map ID.
match access-group { [mac-access-list <integer(0-65535)>]
<integer(0-65535)>] | priority-map <integer(0-65535)> }

Syntax
Description

ip-access-list

mac-access-list

Identifier of the MAC filter. This value ranges between 0


and 65535.

ip-access-list

Identifier of the IP filter. This value ranges between 0


and 65535.

priority-map

Priority Map identifier for mapping incoming priority


against received packet. This value ranges between 0
and 65535.

Mode

Class Map Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

mac-access-list

ip-access-list

priority-map

Example

iss(config-cls-map)# match access-group

Priority map ID should have been created.

L2 and/or L3 ACL should have been created.

priority-map 1

Related Commands

priority-map Adds a Priority Map entry.

show class-map Displays the Class Map entry.

112

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 5: QOS (QUALITY OF SERVICE)

5.16 set class


This command sets CLASS for L2and/or L3 filters or Priority Map ID and adds a CLASS to Priority Map
entry with regenerated priority. The no form of the command deletes a CLASS to Priority Map Table entry.
set class <class integer(1-65535)> [pre-color { green | yellow | red | none }]
[ regen-priority <integer(0-7)> group-name <string(31)> ]
no set class <class integer(1-65535)>

Syntax
Description

class

Traffic CLASS to which an incoming frame pattern is


classified.

pre-color

Color of the packet prior to metering. This can be any


one of the following:

regen-priority

group-name

None Traffic is not pre-colored.

green Traffic conforms to SLAs (Service Level


Agreements.

yellow Traffic exceeds the SLAs.

red Traffic violates the SLAs.


Regenerated priority value determined for the input
CLASS. This value ranges between zero and seven.

Unique identification of the group to which an input


CLASS belongs.

Mode

Class Map Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

class

Example

iss(config-cls-map)# set class 1000 pre-color none


priority 1 group-name CLASS

Class map should have created.

The default value zero provided for the class is not configurable.

regen-

Related Commands

show class-to-priority-map Displays the class group Entry.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

113

DATACOM SYSTEMS INC

VS-2024-F

5.17 meter-type
This command sets Meter parameters CIR, CBS, EIR, EBS, Interval, meter type and color awareness.
meter-type { simpleTokenBucket | avgRate| srTCM | trTCM | tswTCM | mefCoupled
| mefDeCoupled } [ color-mode { aware | blind } ] [interval <short(1-10000)>]
[cir <integer(0-65535)>] [cbs <integer(0-65535)>] [eir <integer(0-65535)>]
[ebs <integer(0-65535)>] [next-meter <integer(0-65535)>]

Syntax
Description

114

simpleTokenBucket

Two Parameter Token Bucket Meter.

avgRate

Average Rate Meter.

srTCM

Single Rate Three Color Marker Metering as defined by


RFC 2697.

trTCM

Two Rate Three Color Marker Metering as defined by


RFC 2698

tswTCM

Time Sliding Window Three Color Marker Metering as


defined by RFC 2859.

mefCoupled

Dual bucket meter as defined by RFC 4115.

mefDeCoupled

Dual bucket meter as defined by RFC 2697 and MEF


coupling Flag.

color-mode

Indicates the color mode of the Meter. The color modes


are:

aware The Meter considers the pre-color of the


packet.

blind The Meter ignores the pre-color of the


packet.

interval

Time interval used with the token bucket. This value


ranges between 1 and 10000.

cir

Committed information rate. This value ranges between


0 and 65535.

cbs

Committed burst size. This value ranges between 0 and


65535.

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 5: QOS (QUALITY OF SERVICE)

eir

Excess information rate. This value ranges between 0


and 65535.

ebs

Excess burst size. This value ranges between 0 and


65535.

next-meter

Meter entry identifier used for applying the second/next


level of conformance on the incoming packet. This
value ranges between 0 and 65535.

Mode

Meter Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

color-mode

blind

interval

next-meter

Example

iss(config-meter)# meter-type simpleTokenBucket color-mode


aware interval 10 cir 1000

Meter should have been created.

Related Commands

meter Creates a Meter.

show meter Displays the Meter entry.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

115

DATACOM SYSTEMS INC

VS-2024-F

5.18 set policy


This command sets CLASS for policy. The no form of the command sets the default value for interface in
this policy.
set policy [class <number(0-65535)>] [interface <iftype> <ifnum>] defaultpriority-type { none | { vlanPri | ipTos | ipDscp | mplsExp } <integer(0-63)>
}
no set policy interface

Syntax
Description

class

Traffic CLASS for which the policy-map needs to be


applied.

iftype

Interface type

ifnum

Interface number

default-prioritytype

Per-Hop Behvior (PHB) type to be used for filling the


default PHB for the policy-map entry. The types are:

none No specific PHB type is set.

vlanPri VLAN priority.

ipTos IP Type of Service.

ipDscp IP Differentiated Services Code Point.

Mode

mplsExp MPLS Experimental


Policy Map Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

class

Example

iss(config-ply-map)# set policy class 1 interface giga 0/1


default-priority-type none

CLASS should have been created.

Related Commands

class-map Adds a Class Map Entry.

policy-map Creates a policy map.

show policy-map Displays the Policy Map Entry.

116

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 5: QOS (QUALITY OF SERVICE)

5.19 set meter


This command sets Policy parameters such as Meter and Meter Actions. The no form of the command
removes the Meter from the Policy and the Meter Actions.
set meter <integer(1-65535)> [ conform-action { none | set-cos-transmit
<short(0-7)> set-de-transmit <short(0-1)> | set-port <iftype> <ifnum> | setinner-vlan-pri <short(0-7)> |set-mpls-exp-transmit <short(0-7)> | set-ip-prectransmit <short(0-7)> | set-ip-dscp-transmit <short(0-63)> }] [ exceed-action
{drop | set-cos-transmit <short(0-7)> set-de-transmit <short(0-1)> | setinner-vlan-pri <short(0-7)> | set-mpls-exp-transmit <short(0-7)> | set-ipprec-transmit <short(0-7)> | set-ip-dscp-transmit <short(0-63)> }] [ violateaction {drop | set-cos-transmit <short(0-7)> set-de-transmit <short(0-1)> |
set-inner-vlan-pri <short(0-7)> | set-mpls-exp-transmit <short(0-7)> | set-ipprec-transmit <short(0-7)> | set-ip-dscp-transmit <short(0-63)> }] [ setconform-newclass <integer(0-65535)> ] [ set-exceed-newclass <integer(0-65535)>
] [ set-violate-newclass <integer(0-65535)> ]
no set meter

Syntax
Description

meter

Meter table identifier which is the index for the Meter


table.

conform-action

Action to be performed on the packet, when the packets


are found to be In profile (conform). Options are:

exceed-action

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

none No action is configured.

set-cos-transmit Sets the VLAN priority of the


outgoing packet.

set-de-transmit Sets the VLAN Drop Eligible


indicator of the outgoing packet.

set-port Sets the new port value.

set-inner-vlan-pri Sets the inner VLAN priority of


the outgoing packet.

set-mpls-exp-transmit Sets the MPLS


Experimental bits of the outgoing packet.

set-ip-prec-transmit Sets the new IP TOS value.

set-ip-dscp-transmit Sets the new DSCP value.

Action to be performed on the packet, when the packets


are found to be In profile (exceed). Options are:

drop Drops the packet.

set-cos-transmit Sets the VLAN priority of the


outgoing packet.

set-de-transmit Sets the VLAN Drop Eligible


indicator of the outgoing packet.

set-inner-vlan-pri Sets the inner VLAN priority of


the outgoing packet.

set-mpls-exp-transmit Sets the MPLS


Experimental bits of the outgoing packet.
117

DATACOM SYSTEMS INC

VS-2024-F

violate-action

set-ip-prec-transmit Sets the new IP TOS value.

set-ip-dscp-transmit Sets the new DSCP value.

Action to be performed on the packet, when the packets


are found to be out of profile. Options are:

drop Drops the packet.

set-cos-transmit Sets the VLAN priority of the


outgoing packet.

set-de-transmit Sets the VLAN Drop Eligible


indicator of the outgoing packet.

set-inner-vlan-pri Sets the inner VLAN priority of


the outgoing packet.

set-mpls-exp-transmit Sets the MPLS


Experimental bits of the outgoing packet.

set-ip-prec-transmit Sets the new IP TOS value.

set-ip-dscp-transmit Sets the new DSCP value.

set-conformnewclass

Represents the Traffic CLASS to which an incoming


frame pattern is classified after metering.

set-exceednewclass

Represents the Traffic CLASS to which an incoming


frame pattern is classified after metering.

set-violatenewclass

Represents the Traffic CLASS to which an incoming


frame pattern is classified after metering.

Mode

Policy Map Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

set-cos-transmit

set-de-transmit

set-mpls-exp-transmit

set-inner-vlan-pri

Example

118

iss(config-ply-map)# set meter 1 exceed-action drop violateaction drop

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 5: QOS (QUALITY OF SERVICE)

VLAN priority can be set to a non-zero value only when MPLS Experimental bits is
set to zero.

Related Commands

show meter Displays the Meter entry.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

119

DATACOM SYSTEMS INC

VS-2024-F

5.20 set algo-type


This command sets Q Template entry parameters.
set algo-type { tailDrop | headDrop | red | wred } [queue-limit <integer(165535)>] [queue-drop-algo {enable | disable }]

Syntax
Description

algo-type

Type of drop algorithm used by the queue template.


Options are:

tailDrop Beyond the maximum depth of the


queue, all newly arriving packets will be dropped.

headDrop Packets currently at the head of the


queue are dropped to make room for the new
packet to be enqueued at the tail of the queue,
when the current depth of the queue is at the
maximum depth of the queue.

red On packet arrival, an Active Queue


Management algorithm is executed which may
randomly drop a packet.

queue-limit

queue-drop-algo

wred On packet arrival, an Active Queue


Management algorithm is executed which may
randomly drop a packet.
Queue size. This value ranges between 1 and 65535.

Enable/disable Drop Algorithm


Management. Options are:

for

Congestion

enable Enables Drop Algorithm.

Mode

disable Disables Drop Algorithm.


Queue Template Configuration mode

Package

Workgroup, Enterprise and Metro

Defaults

queue-drop-algo

Example

iss(config-qtype)# set algo-type red queue-limit 18 queue-dropalgo enable


Queue size must be greater than or equal to the minimum average threshold and
less than or equal to the maximum average threshold.

enable

Drop algorithm for Congestion Management can be enabled only when the
Random Detect Table entry is created for the Queue.

Related Commands

random-detect dp Sets Random Detect Table entry parameters.

show queue-template Displays the Q Template and Random Detect configurations.

120

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 5: QOS (QUALITY OF SERVICE)

5.21 random-detect dp
This command sets Random Detect Table entry parameters. The no form of the command deletes
Random Detect Table entry.
random-detect dp <short(0-2)> [min-threshold <short(1-65535)>] [max-threshold
<short(1-65535)>]
[max-pkt-size
<short(1-65535)>]
[mark-probabilitydenominator <short(1-100)>] [exponential-weight <integer(0-31)>]
no random-detect dp <short(0-2)>

Syntax
Description

dp

Drop Precedence. Options are:

0 low drop precedence.

1 medium drop precedence.

2 high drop precedence.


Minimum average threshold for the random detect
algorithm. This value ranges between 1 and 65535.

min-threshold

max-threshold

Maximum average threshold for the random detect


algorithm. This value ranges between 1 and 65535.

max-pkt-size

Maximum allowed packet size. This value ranges


between 1 and 65535.

mark-probabilitydenominator

Maximum probability of discarding a packet in units of


percentage. This value ranges between 1 and 100.

exponentialweight

Exponential weight for determining the average queue


size. This value ranges between 0 and 31.

Mode

Queue Template Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

mark-probabilitydenominator

100

exponential-weight

Example

iss(config-qtype)# random-detect dp 1 min-threshold 1200 maxthreshold 13000 max-pkt-size 100 mark-probability-denominator


50 exponential-weight 30

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

121

DATACOM SYSTEMS INC

VS-2024-F

5.22 show qos global info


This command displays QoS related global configurations.
show qos global info

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show qos global info


QoS Global Information
---------------------System Control

: Start

System Control

: Enable

Rate Unit

: kbps

Rate Granularity

: 64

Trace Flag

: 0

Related Commands

shutdown qos Shutsdown the QoS subsystem.

qos Enables or disables the QoS subsystem.

122

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 5: QOS (QUALITY OF SERVICE)

5.23 show priority-map


This command displays the Priority Map entry.
show priority-map [<priority-map-id(1-65535)>]

Syntax
Description

priority-map-id

Mode

Privileged EXEC Mode.

Package

Workgroup, Enterprise and Metro

Example

iss# show priority-map

Output priority map index for the incoming packet


received over ingress Port/VLAN with specified
incoming priority.

QoS Priority Map Entries


========================
PriorityMapId

: 1

IfIndex

: 1

VlanId

: 4094

InPriorityType

: VlanPriority

InPriority

: 0

RegenPriority

: 7

InnerRegenPriority

: 1

iss# show

priority-map 9

QoS Priority Map Entries


------------------------

PriorityMapId

: 9

IfIndex

: gi 0/5

VlanId

: 2

InPriorityType

: IP Protocol

InPriority

: -1

RegenPriority

: 5

InnerRegenPriority

: 7

If executed without the optional parameters, this command displays all the available
Priority Map information.

Related Commands

priority-map Adds a Priority Map entry

map - Adds a Priority Map entry for mapping an incoming priority to a regenerated priority

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

123

DATACOM SYSTEMS INC

VS-2024-F

5.24 show class-map


This command displays the Class Map entry.
show class-map [<class-map-id(1-65535)>]

Syntax
Description

class-map-id

Mode

Privileged EXEC Mode.

Package

Workgroup, Enterprise and Metro

Example

iss# show class-map

Index that enumerates the MultiField Classifier table


entries.

QoS Class Map Entries


=====================

ClassMapId

: 1

L2FilterId

: None

L3FilterId

: None

PriorityMapId

: 1

CLASS

: 1000

PolicyMapId

: 1

PreColor

: None

Status

: Active

If executed without the optional parameters, this command displays all the available
Class Map information

Related Commands

class-map Adds a Class Map entry.

priority-map Adds a Priority Map entry

124

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 5: QOS (QUALITY OF SERVICE)

5.25 show class-to-priority-map


This command displays the class group entry.
show class-to-priority-map <group-name(31)>

Syntax
Description

Group-name

Mode

Privileged EXEC Mode.

Package

Workgroup, Enterprise and Metro

Example

iss# show class-to-priority-map CLASS1

Unique identification of the group to which an input


CLASS belongs.

QoS Class To Priority Map Entries


--------------------------------GroupName

: CLASS1

Class

LocalPriority

---------------------------------2

Related Commands

show class-map Displays the Class Map entry.

set class Sets CLASS for L2and/or L3 filters or Priority Map ID and adds a CLASS to Priority
Map Entry with regenerated priority.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

125

DATACOM SYSTEMS INC

VS-2024-F

5.26 show meter


This command displays the Meter entry.
show meter [<meter-id(1-65535)>]

Syntax
Description

meter-id

Mode

Privileged EXEC Mode.

Package

Workgroup, Enterprise and Metro

Example

iss# show meter

Index that enumerates the Meter entries.

QoS Meter Entries


=================

MeterId

: 1

Type

: Simple Token Bucket

Color Mode

: Color Aware

Interval

: 10

CIR

: 1000

CBS

: None

EIR

: None

EBS

: None

NextMeter

: None

Status

: Active

If executed without the optional parameters, this command displays all the available
Meter information.

Related Commands

set meter Sets Policy parameters such as Meter and Meter Actions.

126

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 5: QOS (QUALITY OF SERVICE)

5.27 show policy-map


This command displays the Policy Map entry.
show policy-map [<meter-id(1-65535)>]

Syntax
Description

meter-id

Mode

Privileged EXEC Mode.

Package

Workgroup, Enterprise and Metro

Example

iss# show policy-map

Index that enumerates the Meter entries.

QoS Policy Map Entries


======================

PolicyMapId

: 1

IfIndex

: 0

Class

: 0

DefaultPHB

: None.

MeterId

: 1

ConNClass

: 0

ExcNClass

: 0

VioNClass

: 0

ConfAct

: Port 1

ExcAct

: Drop.

VioAct

: Drop.

If executed without the optional parameter, this command displays all the available
Policy Map. information

Related Commands

set policy Sets CLASS for policy.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

127

DATACOM SYSTEMS INC

VS-2024-F

5.28 show queue-template


This command displays the Q Template and Random Detect configurations.
show queue-template [<queue-template-Id(1-65535)>]

Syntax
Description

queue-template-Id

Mode

Privileged EXEC Mode.

Package

Workgroup, Enterprise and Metro

Example

iss# show queue-template

Queue Template Table index.

Queue Template Entries


----------------------

Q Template Id

: 1

Q Limit

: 10000

Drop Type

: Tail Drop

Drop Algo Status

: Disable

If executed without the optional parameter, this command displays all the available
Queue Template information.

Related Commands

queue-type Creates a Queue Template Type.

128

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 5: QOS (QUALITY OF SERVICE)

5.29 show shape-template


This command displays the Shape Template configurations.
show shape-template [<shape-template-Id(1-65535)>]

Syntax
Description

shape-template-Id

Mode

Privileged EXEC Mode.

Package

Workgroup, Enterprise and Metro

Example

iss# show shape-template

Shape Template Table index.

QoS Shape Template Entries


--------------------------

ShapeTemplate Id

CIR

CBS

EIR

EBS

----------------

---

---

---

---

If executed without the optional parameter, this command displays all the available
Shape Template information

Related Commands

shape-template Creates a Shape Template.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

129

DATACOM SYSTEMS INC

VS-2024-F

5.30 show scheduler


This command displays the configured Scheduler.
show scheduler [interface <iftype> <ifnum>]

Syntax
Description

iftype

Interface type.

ifnum

Interface number.

Mode

Privileged EXEC Mode.

Package

Workgroup, Enterprise and Metro

Example

iss# show scheduler


QoS Scheduler Entries
--------------------IfIndex Scheduler Index Scheduler Algo Shape Index Scheduler HL
GlobalId
------- --------------- -------------- ----------- ---------------Gi0/1
1

strictPriority

--0

If executed without the optional parameter, this command displays all the available
scheduler entries.

Related Commands

scheduler Creates a Scheduler and configures the Scheduler parameters.

130

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 5: QOS (QUALITY OF SERVICE)

5.31 show queue


This command displays the configured Queues.
show queue [interface <iftype> <ifnum>]

Syntax
Description

iftype

Interface type.

ifnum

Interface number.

Mode

Privileged EXEC Mode.

Package

Workgroup, Enterprise and Metro

Example

iss# show queue


QoS Queue Entries
----------------IfIndex Queue Idx Queue Type Scheduler Idx Weight Priority Shape Idx
Global Id
------- --------- ---------- ------------- ------ -------- ----------------Gi0/1
1

If executed without the optional parameter, this command displays all the available queue
entries

Related Commands

queue Creates a Queue and configures the Queue parameters.

queue-type Creates a Queue Template Type.

show queue-template Displays the Q Template and Random Detect configurations.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

131

DATACOM SYSTEMS INC

VS-2024-F

5.32 show queue-map


This command displays the configured Queue map.
show queue-map [interface <iftype> <ifnum>]

Syntax
Description

iftype

Interface type.

ifnum

Interface number.

Mode

Privileged EXEC Mode.

Package

Workgroup, Enterprise and Metro

Example

iss# show queue-map


QoS Queue Map Entries
--------------------IfIndex

CLASS

PriorityType

Priority Value

Mapped Queue

-------

-----

------------

--------------

------------

Gi0/1

none

If executed without the optional parameter, this command displays all the available
queue map entries.

Related Commands

queue-map Creates a Map for a Queue with Class or regenerated priority.

132

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 5: QOS (QUALITY OF SERVICE)

5.33 show sched-hierarchy


This command displays the configured hierarchy scheduler.
show sched-hierarchy [interface <iftype> <ifnum>]

Syntax
Description

iftype

Interface type.

ifnum

Interface number.

Mode

Privileged EXEC Mode.

Package

Workgroup, Enterprise and Metro

Example

iss# show sched-hierarchy


QoS Hierarchy Scheduler Entries
------------------------------IfIndex Hierarchy Level Sched Index NextQueue Id NextSched Id Weight
Priority
------- --------------- ----------- ------------ ------------ ------------Gi0/1
1

If executed without the optional parameter, this command displays all the available hierarchy
scheduler entries

Related Commands

scheduler Creates a Scheduler and configures the Scheduler parameters.

sched-hierarchy Creates a Scheduler Hierarchy.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

133

DATACOM SYSTEMS INC

VS-2024-F

5.34 show qos def-user-priority


This command displays the configured default ingress user priority for a port.
show qos def-user-priority [interface <iftype> <ifnum>]

Syntax
Description

iftype

Interface type.

ifnum

Interface number.

Mode

Privileged EXEC Mode.

Package

Workgroup, Enterprise and Metro

Example

iss# show qos def-user-priority


QoS Default User Priority Entries
--------------------------------IfIndex

Default User Priority

-------- ---------------------

134

Gi0/1

Gi0/2

Gi0/3

Gi0/4

Gi0/5

Gi0/6

Gi0/7

Gi0/8

Gi0/9

Gi0/10

Gi0/11

Gi0/12

Gi0/13

Gi0/14

Gi0/15

Gi0/16

Gi0/17

Gi0/18

Gi0/19

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 5: QOS (QUALITY OF SERVICE)

Gi0/20

Gi0/21

Gi0/22

Gi0/23

Gi0/24

If executed without the optional parameter, this command displays the available
default ingress user priority entries for all the interface.

Related Commands

qos interface Sets the default ingress user priority for the port.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

135

DATACOM SYSTEMS INC

VS-2024-F

5.35 show qos meter-stats


This command displays the Meters statistics for conform, exceed, violate packets and octets count.
show qos meter-stats [<Meter-Id(1-65535)>]

Syntax
Description

Meter-Id

Mode

Privileged EXEC Mode.

Package

Workgroup, Enterprise and Metro

Example

iss# show qos meter-stats

Index that enumerates the Meter entries.

QoS Meter (Policer) Stats


-------------------------

Meter Index

: 1

Conform Packets

: 00

Conform Octects

: 00

Exceed Packets

: 00

Exceed Octects

: 00

Violate Packets

: 00

Violate Octects

: 0

If executed without the optional parameter, this command displays the Meter
statistics for all the available Meters.

Related Commands

show meter Displays the Meter entry.

set meter Sets Policy parameters such as Meter and Meter Actions.

136

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 5: QOS (QUALITY OF SERVICE)

5.36 show qos queue-stats


This command displays Queue statistics for EnQ, DeQ, discarded packets and octets Count,
Management Algo Drop and Q occupancy.
show qos queue-stats [interface <iftype> <ifnum>]

Syntax
Description

iftype

Interface Type.

ifnum

Interface Number.

Mode

Privileged EXEC Mode.

Package

Workgroup, Enterprise and Metro

Example

iss# show qos queue-stats


QoS Queue Stats
-------------------

Interface Index

: Gi 0/1

Queue Index

: 2

EnQ Packets

: 00

EnQ Octects

: 00

DeQ Packets

: 00

DeQ Octects

: 00

Discard Packets

: 00

Discard Octects

: 00

Occupancy Octects

: 00

CongMgntAlgoDrop Octects

: 00

If executed without the optional parameter, this command displays the Queue
statistics for all the available Interfaces.

Related Commands

show queue Displays the configured Queues.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

137

DATACOM SYSTEMS INC

VS-2024-F

Chapter

6
6.TACACS
TACACS (Terminal Access Controller Access Control System), widely used in network environments, is a
client/server protocol that enables remote access servers to communicate with a central server to
authenticate dial-in users and authorize their access to the requested system or service. It is commonly
used for providing NAS (Network Access Security). NAS ensures secure access from remotely connected
users. TACACS implements the TACACS Client and provides the AAA (Authentication, Authorization and
Accounting) functionalities.
TACACS is used for several reasons:

Facilitates centralized user administration.

Uses TCP for transport to ensure reliable delivery.

Supports inbound authentication, outbound authentication and change password request for the
Authentication service.

Provides some level of protection against an active attacker.

The list of CLI commands for the configuration of TACACS is as follows:

tacacs-server host

tacacs use-server address

tacacs-server retransmit

debug tacacs

show tacacs

138

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 6: TACACS

6.1 tacacs-server host


This command configures the TACACS server with the parameters (host, timeout, key). The no form of
the command deletes server entry from the TACACS server table.
tacacs-server host {<ipv4-address> | <ipv6-address> | <host-name>}
[single-connection] [port <tcp port (1-65535 )>] [timeout <time out in
seconds(1-255)>] {key <secret key>}
no tacacs-server host { <ipv4-address> | <ipv6-address>}

Syntax
Description

ipv4address

IPv4 address of the host

ipv6address

IPv6 address of the host

host-name

Name of the host

singleconnection

Establishes Single TCP connection to communicate with


TACACS Server

port

TCP Port number. This value ranges between 1 and


65535.

timeout

The time period in seconds for which a client will wait for a
response from the server before closing the connection.
This value ranges between 1 and 255 seconds.

key

Per-server encryption key. Specifies the authentication


and encryption key for all TACACS communications
between the authenticator and the TACACS server. The
string length is 64.

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

port

40

timeout

5 seconds

Example

iss(config)# tacacs-server host 12.0.0.100


TACACS+ server configured with default secret key !

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

139

DATACOM SYSTEMS INC

VS-2024-F

iss(config)# tacacs-server host 2005::33


TACACS+ server configured with default secret key !

Related Commands

show tacacs - Displays the statistical log information and server for TACACS client

140

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 6: TACACS

6.2 tacacs use-server address


This command selects a server from the list of servers maintained in the TACACS client and makes the
TACACS client to use the specified server. The no form of the command disables the configured TACACS
active server.

tacacs use-server address { <ipv4-address> | <ipv6-address>}


no tacacs use-server

Syntax
Description

ipv4address

IPv4 address of the host

ipv6address

IPv6 address of the host

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# tacacs use-server address 10.0.0.100

Related Commands

show tacacs - Displays the statistical log information and server for TACACS client

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

141

DATACOM SYSTEMS INC

VS-2024-F

6.3 tacacs-server retransmit


This command specifies the number of times the client searches the active server from the list of servers
maintained in the TACACS client, when active server is not configured. The no form of the command sets
the default retries.

tacacs-server retransmit <retries>


no tacacs-server retransmit

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# tacacs-server retransmit 3

142

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 6: TACACS

6.4 debug tacacs


This command sets the debug trace level for TACACS client module. The no form of the command
disables the debug trace level for TACACS client module.
debug tacacs { all | info | errors | dumptx | dumprx }
no debug tacacs

Syntax
Description

all

All TACACS debug messages

info

TACACS Server information messages

errors

Error code debug messages

dumptx

Transmitted packet dump messages

dumprx

Received packet dump messages

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Defaults

Debugging is Disabled

Example

iss# debug tacacs all

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

143

DATACOM SYSTEMS INC

VS-2024-F

6.5 show tacacs


This command displays the statistical log information and server for TACACS+ client.

show tacacs

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# sh tacacs
Server : 1
Server address

: 12.0.0.100

Address Type

: IPV4

Single Connection : no
TCP port

: 49

Timeout

: 5

Secret Key

: Datacom Systems

Server : 2
Server address

: 2005::33

Address Type

: IPV6

Single Connection : no
TCP port

: 4949

Timeout

: 5

Secret Key

: Datacom Systems

Authen. Starts sent

: 0

Authen. Continues sent : 0


Authen. Enables sent

: 0

Authen. Aborts sent

: 0

Authen. Pass rvcd.

: 0

Authen. Fails rcvd.

: 0

Authen. Get User rcvd. : 0


Authen. Get Pass rcvd. : 0

144

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 6: TACACS

Authen. Get Data rcvd. : 0


Authen. Errors rcvd.

: 0

Authen. Follows rcvd.

: 0

Authen. Restart rcvd.

: 0

Authen. Sess. timeouts : 0


Author. Requests sent

: 0

Author. Pass Add rcvd. : 0


Author. Pass Repl rcvd : 0
Author. Fails rcvd.

: 0

Author. Errors rcvd.

: 0

Author Follows rcvd.

: 0

Author. Sess. timeouts : 0


Acct. start reqs. sent : 0
Acct. WD reqs. sent

: 0

Acct. Stop reqs. sent

: 0

Acct. Success rcvd.

: 0

Acct. Errors rcvd.

: 0

Acct. Follows rcvd.

: 0

Acct. Sess. timeouts

: 0

Malformed Pkts. rcvd.

: 0

Socket failures

: 0

Connection failures

: 0

Related Commands

tacacs-server host - Configures the TACACS server with the parameters

tacacs use-server address - Selects a server from the list of servers maintained in the
TACACS client and makes the TACACS client to use the specified server

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

145

DATACOM SYSTEMS INC

VS-2024-F

Chapter

7
7.LA
LA (Link Aggregation) is a method of combining physical network links into a single logical link for
increased bandwidth. LA increases the capacity and availability of the communications channel between
devices (both switches and end stations) using existing Fast Ethernet and Gigabit Ethernet technology.
LA also provides load balancing where the processing and communication activity is distributed across
several links in a trunk, so that no single link is overwhelmed. By taking multiple LAN connections and
treating them as a unified, aggregated link, practical benefits in many applications can be achieved. LA
provides the following important benefits:

Higher link availability

Increased link capacity

Improvements are obtained using existing hardware (no upgrading to higher-capacity link technology
is necessary)

The list of CLI commands for the configuration of LA is as follows:

set port-channel/channel-protocol

lacp system-priority

lacp system-identifier

port-channel load-balance

lacp port-priority

lacp port-identifier

channel-group

lacp wait-time

lacp timeout/lacp rate

146

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 7: LA

lacp

default port

port-channel max-ports

shutdown port-channel

debug lacp/debug etherchannel

show etherchannel

show etherchannel - Redundancy

show interfaces

show lacp

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

147

DATACOM SYSTEMS INC

VS-2024-F

7.1 set port-channel


This command enables/disables link aggregation in the switch.

set port-channel { enable | disable }

Syntax
Description

enable

Enables link aggregation in the switch

disable

Disables link aggregation in the switch

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

disable

Example

iss(config)# set port-channel enable

Related Command

show etherchannel - Displays Etherchannel information

148

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 7: LA

7.2 channel-protocol
This command enables link aggregation in the switch and the no form of the command disables link
aggregation in the switch.
This command operates similar to that of the command set port-channel.

channel-protocol { lacp | pagp }

no channel-protocol

Syntax
Description

lacp

Specifies LACP (Link Aggregation Control Protocol)


to manage channeling.

pagp

Specifies PAgP (Port aggregation protocol) to


manage channeling.

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

Link aggregation is disabled

Example

iss(config)# channel-protocol lacp

Related Command

show etherchannel - Displays Etherchannel information

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

149

DATACOM SYSTEMS INC

VS-2024-F

7.3 lacp system-priority


This command sets the LACP priority for the system and the no form of the command sets the LACP
priority for the system to the default value. System Priority represents a 2-octet value indicating the priority
value associated with the system involved in link aggregation.

lacp system-priority <0-65535>

no lacp system-priority

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

0x8000 or 32768

Example

iss(config)# lacp system-priority 5

The switch with the lowest system priority value decides the standby and active links
in the aggregation.

Although this is a global configuration command, the priority only takes effect on
EtherChannels that have physical interfaces with LACP enabled.

Related Command

show etherchannel - Displays lacp system-priority value

150

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 7: LA

7.4 lacp system-identifier


This command sets the global LACP System ID. The no form of the command sets the global LACP
System ID to the default value.

lacp system-identifier <aa:aa:aa:aa:aa:aa>

no lacp system-identifier

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)#lacp system-identifier 00:01:02:03:04:05

The MAC address configured must not be a Null MAC address or a Multicast MAC
address.

Related Commands

show etherchannel - Displays lacp system-priority value

Error! Reference source not found. - Displays the current operating configuration in the
system

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

151

DATACOM SYSTEMS INC

VS-2024-F

7.5 port-channel load-balance


This command sets the load balancing policy for aggregated ports on each of the previously created port
channels. The no form of the command sets the load balancing policy to the default value.

port-channel load-balance {src-mac | dest-mac | src-dest-mac| src-ip |


dest-ip | src-dest-ip | vlan-id | service-instance | mac-src-vid | macdest-vid | mac-src-dest-vid | mpls-vc-label | mpls-tunnel-label | mplsvc-tunnel-label} [ <port-channel-index(1-65535)>]

no port-channel load-balance [ <port-channel-index(1-65535)> ]

Syntax
Description

src-mac

Load distribution is based on the source MAC address.


Packets from different hosts use different ports in the
channel, but packets from the same host use the same
port

dest-mac

Load distribution is based on the destination host MAC


address. Packets to the same destination are sent on the
same port, but packets to different destinations are sent
on different ports in the channel

src-destmac

Load distribution is based on the source and destination


MAC address

src-ip

Load distribution is based on the source IP address

dest-ip

Load distribution is based on the destination IP address

src-dest-ip

Load distribution is based on the source and destination


IP address

mac-srcvid2

Link selection policy is based on the combination of


source MAC address and VLAN identifier.

mac-destvid2

Link selection policy is based on the combination of


destination MAC address and VLAN identifier.

This option is available only when MPLS is enabled.

152

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 7: LA

mac-srcdest-vid2

Link selection policy is based on the combination of


source, destination MAC address and VLAN identifier.

mpls-vclabel2

Link selection policy is based on MPLS VC label.

mplstunnellabel2

Link selection policy is based on MPLS tunnel label.

mpls-vctunnellabel2

Link selection policy is based on the combination of MPLS


VC and tunnel label.

vlan-id

Load distribution is based on VLAN Identifier

serviceinstance

Load distribution is based on service-instance. Packets


with the same service-instance use the same port.
Packets with different service-instance use different ports
such that the load is balanced among ports. Same port
can have packets with different service-instances also.

portchannelindex

Port channel number

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

source and destination MAC address based

Example

iss(config)# port-channel load-balance service-instance 20


iss(config)# port-channel load balance dest-mac 28

If the port-channel index is not mentioned in this command, the load-balancing must
apply for all port-channels configured in the system.

Initially, the port channel interface must have been configured for this command.

Related Command

show etherchannel - Displays Etherchannel load balance information

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

153

DATACOM SYSTEMS INC

VS-2024-F

7.6 lacp port-priority


This command sets the LACP port priority and the no form of the command sets the LACP port priority to
the default value. Port priority determines whether the link is an active link or a standby link, when the
number of ports in the aggregation exceeds the maximum number supported by the hardware

lacp port-priority <0-65535>

no lacp port-priority

Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

port-priority

Example

iss(config-if)# lacp port-priority 1

128

This command takes effect only on EtherChannel interfaces that are already
configured for LACP.

If the number of links in an aggregation exceeds the maximum supported by the


hardware, then the links with lower priority become active links.

Related Commands

lacp system-priority - Globally sets the LACP priority

show etherchannel - Displays Etherchannel detailed / port information

154

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 7: LA

7.7 lacp port-identifier


This command sets the LACP actor admin port to be filled in the LACP PDUs.

lacp port-identifier <1-65535>

Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config-if)# lacp port-identifier 2

Related Commands

show etherchannel - Displays Etherchannel detailed / port information

show interfaces Displays interface specific port-channel information

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

155

DATACOM SYSTEMS INC

VS-2024-F

7.8 channel-group
This command configures an Etherchannel and the no form of the command removes an interface from
the Etherchannel.

channel-group <channel-group-number(1-65535)> mode {auto [non-silent] |


desirable [non-silent] | on | active | passive}
no channel-group

Syntax
Description

mode

Mode represents any one of the following:


active
conditionally

- LACP negotiation is started un-

passive
- LACP negotiation is started only
when LACP packet is received from peer
on
- Force the interface to channel
without LACP. This is equivalent to manual aggregation
- Places a port into a passive
auto
negotiating state in which the port responds to received
PAgP packets, but does not initiate PAgP packet
negotiation.
- Places a port into an active
desirable
negotiating state in which the port initiates negotiations
with other ports by sending PAgP packets.
- Used with the auto or
[non-silent]
desirable keyword when traffic is expected
from the other device.
Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config-if)# channel-group 1 mode active

156

If the port-channel is not present, then the port channel must be created.

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 7: LA

Related Command

show etherchannel - Displays Etherchannel detailed / port information

7.9 lacp wait-time


This command sets the LACP wait-time and the no form of the command sets the LACP wait-time to the
default value.

lacp wait-time <0-10>


no lacp wait-time

Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

Example

iss(config-if)# lacp wait-time 1

Configuring the wait-time value as 0 ensures that links get aggregated immediately.

Related Command

show etherchannel - Displays Etherchannel detailed / port information

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

157

DATACOM SYSTEMS INC

VS-2024-F

7.10 lacp timeout


This command sets the LACP timeout period and the no form of the command sets the LACP timeout
period to the default value.

lacp timeout {long | short }

no lacp timeout

Syntax
Description

long

Long timeout value

short

Short timeout value

Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

long

Example

iss(config-if)# lacp timeout short

The long timeout value means that LACP PDU will be sent every 30 seconds
and LACP timeout value (no packet is received from peer ) is 90 seconds.

The short timeout value means that LACP PDU will be sent every 1 second and
timeout value is 3 seconds.

Related Command

158

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 7: LA

show etherchannel - Displays Etherchannel detailed / port information

7.11 lacp rate


This command sets the LACP timeout period and the no form of the command sets the LACP timeout
period to the default value
This command operates similar to that of the command lacp timeout.

lacp rate {normal | fast }

no lacp rate

Syntax
Description

normal

LACP control packets are ingressed at the normal rate.

That is, LACP PDU will be sent every 30 seconds and


the timeout value will be set as 90 seconds.
fast

LACP control packets are ingressed at the fast rate.

That is, LACP PDU will be sent every 1 second and


the timeout value will be set as 3 seconds.
Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

normal

Example

iss(config-if)# lacp rate fast

The normal timeout value means that LACP PDU will be sent every 30 seconds
and LACP timeout value (no packet is received from peer) is 90 seconds.

The fast timeout value means that LACP PDU will be sent every 1 second and
timeout value is 3 seconds.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

159

DATACOM SYSTEMS INC

VS-2024-F

Related Command

show etherchannel - Displays Etherchannel detailed / port information

7.12 lacp
This command sets the LACP Actor Admin key and/or LACP mode for the port.

lacp [admin-key <(Admin Key)1-65535>] [mode {active | passive}]

Syntax
Description

adminkey

LACP Actor Admin key

mode

LACP mode

Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

mode

Example

iss(config-if)# lacp admin-key 1 mode active

active

This command can be configured only after configuring the default port.

Related Command

default port - Configures the default physical interface for the port channel.

160

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 7: LA

7.13 default port


This command configures the default physical interface for the port channel and the no form of the
command removes default port for a port channel.

default port <interface-type> <interface-id>

no default port

Syntax
Description

interfacetype

Interface Type

interfaceid

Interface Identifier

Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config-if)# default port gigabitethernet 0/1

Related Commands

lacp - Sets the LACP Actor Admin key and/or LACP mode for the port.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

161

DATACOM SYSTEMS INC

VS-2024-F

7.14 port-channel max-ports


This command configures the maximum number of ports for a port channel.

port-channel max-ports <integer (2-8)>

Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

Example

iss(config-if)# port-channel max-ports 5

162

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 7: LA

7.15 shutdown port-channel


This command shuts down Link Aggregation in the switch and the no form of the command starts and
enables Link Aggregation in the switch.

shutdown port-channel
no shutdown port-channel

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# shutdown port-channel

When shutdown, all resources used by the Link Aggregation Module are released to
the system.

Related Commands

show etherchannel - Displays Etherchannel information

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

163

DATACOM SYSTEMS INC

VS-2024-F

show interfaces - Displays interface specific port-channel information

7.16 debug lacp


This command enables trace messages for link aggregation and the no form of the command disables
trace messages for link aggregation.

debug lacp [ { init-shutdown | mgmt | data | events | packet | os |


failall | buffer | all } ]

no debug lacp [ { init-shutdown | mgmt | data | events | packet | os |


failall | buffer | all } ]

Syntax
Description

164

initshutdown

Initialization and shutdown traces

mgmt

Management traces

data

Data path traces

events

Event traces

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 7: LA

packet

Packet dump traces

os

Traces related to all resources except buffers

failall

All failure traces

buffer

Buffer traces

all

All traces

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Defaults

init-shutdown

Example

iss# debug lacp data

7.17 debug etherchannel


This command enables trace messages for link aggregation and the no form of the command disables
trace messages for link aggregation.
This command operates similar to that of the command debug lacp.

debug etherchannel {[all] [detail] [error] [event] [idb]}

no debug etherchannel {[all] [detail] [error] [event] [idb]}

Syntax
Description

all

All traces

detail

Detailed debug traces

error

All failure traces

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

165

DATACOM SYSTEMS INC

VS-2024-F

event

Event traces

idb

Interface descriptor block messages

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# debug etherchannel detail

7.18 show etherchannel


This command displays Etherchannel information.

show etherchannel [[channel-group-number] { detail | load-balance | port


| port-channel | summary | protocol}]

Syntax
Description

166

channelgroupnumber

Number of the channel group. Valid numbers range from


maximum number of ports in the system to maximum
number of aggregations supported

detail

Detailed EtherChannel information

loadbalance

Load-balance or frame-distribution scheme among ports


in the port channel

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 7: LA

port

EtherChannel port information

portchannel

Port-channel information

summary

Protocol that is being used in the EtherChannel

protocol

One-line summary per channel-group

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show etherchannel


Port-channel Module Admin Status is enabled
Port-channel Module Oper Status is enabled
Port-channel System Identifier is 00:01:02:03:04:01

Channel Group Listing


--------------------Group : 1
---------Protocol : LACP

iss# show etherchannel 1 detail


Port-channel Module Admin Status is enabled
Port-channel Module Oper Status is enabled
Port-channel System Identifier is 00:01:02:03:04:01
LACP System Priority: 32768

Channel Group Listing


--------------------Group: 1
---------Protocol :LACP

Ports in the Group

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

167

DATACOM SYSTEMS INC

VS-2024-F

------------------

Port : Gi0/1
-------------

Port State = Up in Bundle


Channel Group : 1
Mode : Active
Pseudo port-channel = Po1
LACP port-priority
LACP Wait-time

= 128

= 2 secs

LACP Activity : Active


LACP Timeout : Long

Aggregation State : Aggregation, Sync, Collecting, Distributing,


Defaulted

LACP Port
Port

State

Priority

Admin Oper
Key

Port

Key Number

Port
State

-----------------------------------------------Gi0/1

Bundle

128

0x1

0xbe

Port-channel : Po1
------------------

Number of Ports = 1
HotStandBy port = null
Port state = Port-channel Ag-Inuse
Protocol = LACP
Aggregator-MAC 00:01:02:03:04:19
Default Port = None

iss# show etherchannel 1

port

Channel Group Listing


--------------------Group: 1
---------168

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 7: LA

Protocol :LACP

Ports in the Group


------------------

Port : Gi0/1
-------------

Port State = Up in Bundle


Channel Group : 1
Mode : Active
port-channel = Po1
Pseudo port-channel = Po1
LACP port-priority
LACP Wait-time

= 128

= 2 secs

LACP Port Identifier = 2


LACP Activity : Active
LACP Timeout : Long

Aggregation State : Aggregation, Sync, Collecting, Distributing,

Port : Gi0/2
-------------

Port State = Up in Bundle


Channel Group : 1
Mode : Active
port-channel = Po1
Pseudo port-channel = Po1
LACP port-priority
LACP Wait-time

= 128

= 2 secs

LACP Activity : Active


LACP Timeout : Long

Aggregation State : Aggregation, Sync, Collecting, Distributing,

LACP Port

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

Admin Oper

Port

Port

169

DATACOM SYSTEMS INC

VS-2024-F

Port

State

Priority

Key

Key Number

State

-----------------------------------------------Gi0/1

Bundle

128

0x1

0xbc

Gi0/2

Bundle

128

0x2

0xbc

iss# show etherchannel 1

port-channel

Port-channel Module Admin Status is enabled


Port-channel Module Oper Status is enabled
Port-channel System Identifier is 00:01:02:03:04:01

Channel Group Listing


--------------------Group : 1
----------

Port-channels in the group:


---------------------------

Port-channel : Po1
-------------------

Number of Ports = 1
HotStandBy port = null
Port state = Port-channel Ag-Inuse
Protocol = LACP
Aggregator-MAC 00:01:02:03:04:19
Default Port = None

iss# show etherchannel summary


Port-channel Module Admin Status is enabled
Port-channel Module Oper Status is enabled
Port-channel System Identifier is

00:01:02:03:04:01

Flags:
170

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 7: LA

D - down

P - in port-channel

I - stand-alone

H - Hot-standby (LACP only)

U - in-use

Number of channel-groups in use: 1


Number of aggregators: 1

Group

Port-channel

Protocol

Ports

---------------------------------------------------------1

Po1(U)

LACP

iss# show etherchannel 1

Gi0/1(P),Gi0/2(D)

protocol

Channel Group Listing


--------------------Group : 1
---------Protocol : LACP

iss# show etherchannel load-balance


Channel Group Listing
--------------------Group : 1
---------Source & Destination MAC Address

If the channel group number is not specified details on all channels are displayed.

Related Commands

channel-group - Assigns an Ethernet interface to an EtherChannel group

set port-channel / channel-protocol - Enables/disables link aggregation in the switch

lacp system-priority - Sets the LACP priority for the system

port-channel load-balance - Sets the load balancing policy

lacp port-priority - Sets the LACP port priority

lacp wait-time - Sets the LACP wait-time

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

171

DATACOM SYSTEMS INC

VS-2024-F

lacp timeout / lacp rate - Sets the LACP timeout period

show interfaces - Displays interface specific port-channel information

7.19 show etherchannel - Redundancy


This command displays Etherchannel information.

show etherchannel [[channel-group-number] { detail | load-balance | port


| port-channel | summary | protocol | redundancy}]

Syntax
Description

channelgroupnumber

Number of the channel group. Valid numbers range from


maximum number of ports in the system to maximum
number of aggregations supported

detail

Detailed EtherChannel information

loadbalance

Load-balance or frame-distribution scheme among ports


in the port channel

port

EtherChannel port information

portchannel

Port-channel information

summary

Protocol that is being used in the EtherChannel

protocol

One-line summary per channel-group

redundancy3

Synced messages

Mode

Privileged EXEC Mode

Package

Metro

Example

iss# show etherchannel redundancy


Actor Information for Port : Gi0/1

This feature is not supported.

172

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 7: LA

---------------------------------Channel Group : 1
Pseudo port-channel = Po1
CurrentWhile Split Interval Tmr Count = 1
Synced Partner Information for Port : Gi0/1
-----------------------------------

Partner System ID

: 00:11:22:33:44:55

Flags

: A

LACP Partner Port Priority

: 128

LACP Partner Oper Key

: 1

Port State Flags Decode


-----------------------Activity : Active
LACP Timeout : Long

Aggregation State : Aggregation, Sync, Collecting, Distributing,

Actor Information for Port : Gi0/2


-------------

Channel Group : 1
Pseudo port-channel = Po1
CurrentWhile Split Interval Tmr Count = 1

Synced Partner Information for Port : Gi0/2


------------Partner System ID

: 00:11:22:33:44:55

Flags

: A

LACP Partner Port Priority

: 128

LACP Partner Oper Key

: 1

Port State Flags Decode


-----------------------Activity : Active
LACP Timeout : Long

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

173

DATACOM SYSTEMS INC

VS-2024-F

Aggregation State : Aggregation, Sync, Collecting, Distributing,


----------------------------------------------------------------

If the channel group number is not specified details on all channels are displayed.

Related Commands

channel-group - Assigns an Ethernet interface to an EtherChannel group

set port-channel / channel-protocol - Enables/disables link aggregation in the switch

lacp system-priority - Sets the LACP priority for the system

port-channel load-balance - Sets the load balancing policy

lacp port-priority - Sets the LACP port priority

lacp wait-time - Sets the LACP wait-time

lacp timeout / lacp rate - Sets the LACP timeout period

show interfaces - Displays interface specific port-channel information

7.20 show interfaces


This command displays interface specific port-channel information.

show interfaces [<interface-type> <interface-id> ] etherchannel

Syntax
Description

etherchannel

Interface EtherChannel information

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show interfaces gigabitethernet 0/1 etherchannel


Port : Gi0/1
-------------

174

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 7: LA

Port State = Up in Bundle


Channel Group :

Mode : Active
Pseudo port-channel = Po2
LACP port-priority

= 128

LACP Port Identifier = 2


LACP Wait-time

= 2 secs

LACP Activity : Passive


LACP Timeout : Long

Aggregation State : Aggregation, Sync, Collecting, Distributing,

Port

State

LACP Port

Admin

Oper

Port

Port

Priority

Key

Key

Number

State

------------------------------------------------------------Gi0/1

Bundle

128

0x1

0x3c

iss# show interfaces etherchannel


Port : Gi0/1
-------------

Port State = Up in Bundle


Channel Group : 2
Mode : Active
Pseudo port-channel = Po2
LACP port-priority
LACP Wait-time

= 128

= 2 secs

LACP Activity : Passive


LACP Timeout : Long

Aggregation State : Aggregation, Sync, Collecting, Distributing,

Port : Gi0/2

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

175

DATACOM SYSTEMS INC

VS-2024-F

-------------

Port State = Up in Bundle


Channel Group : 2
Mode : Active
Pseudo port-channel = Po2
LACP port-priority
LACP Wait-time

= 128

= 2 secs

LACP Activity : Passive


LACP Timeout : Long

Aggregation State : Aggregation, Sync, Collecting, Distributing,

Port

State

LACP Port

Admin

Oper

Port

Port

Priority

Key

Key

Number

State

------------------------------------------------------------Gi0/1

Bundle

128

0x1

0x3c

Gi0/2

Bundle

128

0x2

0x3c

Port-channel : Po2
-------------------

Number of Ports = 2
HotStandBy port = null
Port state = Port-channel Ag-Inuse
Protocol = LACP
Aggregator-MAC

00:01:02:03:04:23

Default Port = None

Expressions are case sensitive.

The port-channel range is 1 to 64.

Related Commands

set port-channel - Enables/disables link aggregation in the switch

channel-group - Assigns an Ethernet interface to an EtherChannel group

176

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 7: LA

port-channel load-balance - Sets the load balancing policy

lacp port-priority - Sets the LACP port priority

lacp wait-time - Sets the LACP wait-time

lacp timeout - Sets the LACP timeout period

show etherchannel - Displays Etherchannel information

7.21 show lacp


This command displays port-channel traffic/neighbor information.

show lacp [<port-channel(1-65535)>] { counters | neighbor [detail] }

Syntax
Description

portchannel

Number of the channel group

counters

Traffic information

neighbor

Neighbor information

detail

Neighbor detail information

Mode

Privileged EXEC Mode

Example

iss# show lacp 1 counters


LACPDUs

Marker

Port Sent Recv Sent

Recv

Marker Response
Sent

Recv

LACPDUs
Pkts Err

-----------------------------------------Channel group: 1
-----------------Gi0/1

394

352

Gi0/2

318

297

iss# show lacp neighbor detail

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

177

DATACOM SYSTEMS INC

VS-2024-F

Flags:
A - Device is in Active mode
P - Device is in Passive mode

Channel group 1 neighbors

Port Gi0/1
---------Partner System ID

: 00:01:02:03:04:21

Flags

: P

LACP Partner Port Priority

: 128

LACP Partner Oper Key

: 2

LACP Partner Port State

: 0x3c

Port State Flags Decode


-----------------------Activity : Passive
LACP Timeout : Long

Aggregation
Distributing

State

Aggregation,

Sync,

Collecting,

Port Gi0/2
---------Partner System ID

: 00:01:02:03:04:21

Flags

: P

LACP Partner Port Priority

: 128

LACP Partner Oper Key

: 2

LACP Partner Port State

: 0x3c

Port State Flags Decode


-----------------------Activity : Passive
LACP Timeout : Long

Aggregation
Distributing

178

State

Aggregation,

Sync,

Collecting,

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 7: LA

Expressions are case sensitive

Related Commands

lacp wait-time - Sets the LACP wait-time

lacp timeout - Sets the LACP timeout period

channel-group - Assigns an Ethernet interface to an EtherChannel group

show interfaces - Displays interface specific port-channel information

show etherchannel - Displays Etherchannel detailed information

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

179

VS-2024-F

DATACOM SYSTEMS INC

Chapter

8
8.Syslog
Syslog is a protocol used for capturing log information for devices on a network. The syslog protocol
provides a transport to allow a machine to send event notification messages across IP networks to event
message collectors, also known as syslog servers. The protocol is simply designed to transport the event
messages.
One of the fundamental tenets of the syslog protocol and process is its simplicity. The transmission of
syslog messages may be started on a device without a receiver being configured, or even actually
physically present. This simplicity has greatly aided the acceptance and deployment of syslog.

The list of CLI commands for the configuration of Syslog is as follows:

logging

logging synchronous

mailserver

sender mail-id

receiver mail-id

cmdbuffs

service timestamps

clear logs

syslog mail

syslog local storage

syslog filename-one

syslog filename-two

180

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 8: SYSLOG

syslog filename-three

syslog relay - port

syslog profile

logging-file

logging server

mail server

syslog relay

syslog relay transport type

show logging

show email alerts

show syslog role

show syslog mail

show syslog local storage

show logging file

show logging server

show mail server

show syslog relay - port

show syslog profile

show syslog relay transport type

show syslog file-name

show syslog information

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

181

DATACOM SYSTEMS INC

VS-2024-F

8.1 logging
This command enables Syslog server and configures the Syslog Server IP address, the log-level and
other Syslog related parameters. The no form of the command disables Syslog server and resets the
configured Syslog server IP address, the log-level and other Syslog related parameters.

logging { <ip-address> | buffered [<size (1-200)>] | console | facility


{local0 | local1 | local2 | local3 | local4 | local5 | local6 |
local7|}| severity [{ <level (0-7)> | alerts | critical | debugging |
emergencies | errors | informational | notification | warnings }] | on }
no logging { <ip-address> | buffered | console | facility | severity |
on }

Syntax
Description

182

ip-address

Host IP address used as a Syslog server.

buffered

Limits Syslog messages displayed from an internal buffer.


This size ranges between 1 and 200 entries.
The size feature is optional only in the code using
the industrial standard command, otherwise this
feature is mandatory.
Limits messages logged to the console.

console

facility

The facility that is indicated in the message. Can be one of


the following values: local0, local1, local2, local3, local4,
local5, local 6, local7.

severity

Message severity level. Messages with severity level


equal to or high than the specified value are printed
asynchronously. This can be configured using numerical
value or using the available option. The options are:
0 | emergencies - System is unusable.

1 | alerts - Immediate action needed.

2 | critical - Critical conditions.

3 | errors - Error conditions.

4 | warnings - Warning conditions.

5 | notification - Normal but significant conditions.

6 | informational - Informational messages.

7 | debugging Debugging messages.

alerts

Immediate action needed

critical

Critical conditions

debugging

Debugging messages

emergencies

System is unusable

errors

Error conditions

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 8: SYSLOG

informational

Information messages

notification

Normal but significant messages

warnings

Warning conditions

on

Syslog enabled

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

console

enabled

severity

informational,
configuration.

when

no

option

is

selected

while

debugging, at system start-up.

Example

buffered

50

facility

local0

iss(config)# logging 12.0.0.2

The log file is stored in ASCII text format. The Privileged EXEC command is used to
display its contents

The logging process controls the distribution of logging messages to the various
destinations, such as the logging buffer, logging file, or Syslog server

The existing syslog buffers will not be cleared and none of the configured options will
be changed, when the Syslog feature is disabled

Related Command

show logging - Displays Logging status and configuration information

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

183

DATACOM SYSTEMS INC

VS-2024-F

8.2 logging synchronous


This command enables synchronous logging of messages.
This command operates similar to that of the command logging.

logging synchronous {severity [{<short (0-7)> | alerts | critical |


debugging | emergencies | errors | informational | notification |
warnings|all}] | limit <number-of-buffers(size(1-200))}

Syntax
Description

severity

limit

Message severity level. Messages with severity level equal


to or high than the specified value are printed
asynchronously. This can be configured using numerical
value or using the available option. The options are:

0 | emergencies - System is unusable.

1 | alerts - Immediate action needed.

2 | critical - Critical conditions.

3 | errors - Error conditions.

4 | warnings - Warning conditions.

5 | notification - Normal but significant conditions.

6 | informational - Informational messages.

7 | debugging Debugging messages.

all - All messages are printed asynchronously


regardless of the severity level.

Number of buffers to be queued for the terminal after which


new messages are dropped. This value ranges between 1
and 200 entries.

Mode

Line Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

severity

informational,
configuration.

when

no

option

is

selected

while

debugging, at system start-up.


limit
Example

184

50

iss(config-line)# logging synchronous severity 4

The log file is stored in ASCII text format. The Privileged EXEC command is used to

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 8: SYSLOG

display its contents.

The logging process controls the distribution of logging messages to the various
destinations, such as the logging buffer, logging file, or Syslog server.

The existing syslog buffers will not be cleared and none of the configured options will
be changed, when the Syslog feature is disabled.

Related Command

show logging - Displays Logging status and configuration information

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

185

DATACOM SYSTEMS INC

VS-2024-F

8.3 mailserver
This command sets the mail server IP address to be used for sending email alert messages and the no
form of the command re-sets the mail server IP address used for sending email alert messages.

mailserver <ip-address>

no mailserver

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# mailserver 23.78.67.89

Initially, the mailserver has to be configured, for the show email alerts command.

Related Commands

logging - Enables Syslog Server and configures the Syslog Server IP address, the log-level and
other Syslog related parameter

show email alerts - Displays email alerts related configuration

186

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 8: SYSLOG

8.4 sender mail-id


This command sets the sender mail id and the no form of the command deletes the configured sender
mail id.

sender mail-id <mail-id (100)>

no sender mail-id

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

syslog@Datacom Systems.com

Example

iss(config)# sender mail-id plabinik@DatacomSystems.com

Primarily, the mailserver must have been configured for this command

The sender and receiver email-ids are mandatory for email alert messages to be
sent.

Related Commands

mailserver - Sets the mail server IP address to be used for sending email alert messages

logging - Enables Syslog Server and configures the Syslog Server IP address, the log-level and
other Syslog related parameter

show logging - Displays Logging status and configuration information

show email alerts - Displays email alerts related configuration

receiver mail-id - Sets the receiver mail id

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

187

DATACOM SYSTEMS INC

VS-2024-F

8.5 receiver mail-id


This command sets the receiver mail id and the no form of the command deletes the configured receiver
mail id.

receiver mail-id <mail-id (100)>


no receiver mail-id

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

admin@DatacomSystems.com

Example

iss(config)#receiver mail-id plabinik@IDatacom Systems.com

Primarily, the mailserver must have been configured for this command

The sender and receiver email-ids are mandatory for email alert messages to be
sent

Related Commands

mailserver - Sets the mail server IP address to be used for sending email alert messages

logging - Enables Syslog Server and configures the Syslog Server IP address, the log-level and
other Syslog related parameter

show logging - Displays Logging status and configuration information

show email alerts - Displays email alerts related configuration

sender mail-id - Sets the sender mail id

188

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 8: SYSLOG

8.6 cmdbuffs
This command configures the number of syslog buffers for a particular user.

cmdbuffs <user name> <no.of buffers (1-200)>

Syntax
Description

user name

User Name

no.of
buffers

Number of log buffers to be allocated in the system

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

50

Example

iss(config)#cmdbuffs Datacom Systems Inc. 50

CLI related events like commands given by the user, login/logout etc can be logged on
to the Syslog Server.

Related Commands

logging - Enables Syslog Server and configures the Syslog Server IP address, the log-level and
other Syslog related parameter

show logging - Displays Logging status and configuration information

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

189

DATACOM SYSTEMS INC

VS-2024-F

8.7 service timestamps


This command enables timestamp option for logged messages and the no form of the command disables
timestamp option for logged messages.

service timestamps

no service timestamps

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

Enabled

Example

iss(config)#service timestamps

When enabled, the messages (log and email alert messages) will hold the time
stamp information

When disabled, the time stamp information will not be carried with the messages
sent to the log and mail servers

Related Commands

logging - Enables Syslog Server and configures the Syslog Server IP address, the log-level and
other Syslog related parameter

show logging - Displays Logging status and configuration information

190

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 8: SYSLOG

8.8 clear logs


This command clears the system syslog buffers.

clear logs

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# clear logs

Related Commands

cmdbuffs - Configures the number of Syslog buffers for a particular user

logging - Enables Syslog Server and configures the Syslog Server IP address, the log-level and
other Syslog related parameter

show logging - Displays Logging status and configuration information

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

191

DATACOM SYSTEMS INC

VS-2024-F

8.9 syslog mail


This command enables the mail option in syslog. The no form of command disables the mail option in
syslog.

syslog mail

no syslog mail

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# syslog mail

Related Commands

show syslog mail - Displays the mail option in syslog

mail server table - Adds an entry to mail-server table

192

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 8: SYSLOG

8.10 syslog local storage


This command enables the syslog local storage. The no form of command disables the syslog local
storage.

syslog localstorage

no syslog localstorage

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss (config)# syslog localstorage

Related Commands

show syslog local storage - Displays the syslog local storage.

syslog filename-one - Configures the file name to store the syslog messages.

syslog filename-two - Configures the file name to store the syslog messages.

syslog filename-three - Configures the file name to store the syslog messages

logging-file - Adds an entry in to file table

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

193

DATACOM SYSTEMS INC

VS-2024-F

8.11 syslog filename-one


This command configures the file name to store the syslog messages. The maximum size of the file name
is 32.

syslog filename-one <string(32)>

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss (config)# syslog filename-one iss1

Syslog local storage must be enabled.

Related Commands

syslog local storage - Enables the syslog local storage

show syslog file-name - Displays the Syslog local storage file name

logging-file - Adds an entry in to file table

show syslog local storage - Displays the syslog local storage.

194

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 8: SYSLOG

8.12 syslog filename-two


This command configures the file name to store the syslog messages. The maximum size of the file name
is 32.

syslog filename-two <string(32)>

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# syslog filename-two iss2

Syslog local storage must be enabled.

Related Commands

syslog local storage - Enables the syslog local storage

show syslog file-name - Displays the Syslog local storage file name

logging-file - Adds an entry in to file table

show syslog local storage - Displays the syslog local storage.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

195

DATACOM SYSTEMS INC

VS-2024-F

8.13 syslog filename-three


This command configures the file name to store the syslog messages. The maximum size of the file name
is 32.

syslog filename-three <string(32)>

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# syslog filename-three iss3

Syslog local storage must be enabled.

Related Commands

syslog local storage - Enables the syslog local storage

show syslog file-name - Displays the Syslog local storage file name

logging-file - Adds an entry in to file table

show syslog local storage - Displays the syslog local storage.

196

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 8: SYSLOG

8.14 syslog relay - port


This command sets the syslog port through which it receives the syslog messages. The no form of
command sets the syslog port to default port 514.

syslog relay-port <integer(0-65535)>

no syslog relay-port

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# syslog relay-port 500

Syslog relay must be enabled

Related Commands

syslog relay - Changes the syslog role from device to relay

syslog relay transport type - Sets the Syslog relay transport type either as udp or tcp

show syslog relay - port - Displays the Syslog relay port

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

197

DATACOM SYSTEMS INC

VS-2024-F

8.15 syslog profile


This command sets the profile for reliable syslog. The no form of command sets the profile to default (raw
) for Reliable Syslog.
syslog profile {raw | cooked4}

no syslog profile

Syntax
Description

raw

Profile with minimum parameters in the BEEP

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# syslog profile raw

Related Commands

show syslog profile - Displays the Syslog profile.

This feature is not supported. It may be implemented in the future.

198

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 8: SYSLOG

8.16 logging-file
This command adds an entry in to file table. The no form of command deletes an entry from the file table.

logging-file <short(0-191)> <string(32)>

no logging-file <short(0-191)> <string(32)>

Syntax
Description

short

string

Priority of syslog messages. 0-lowest priority, 191-highest


priority
File-name

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss (config)# logging-file 134 iss1

Syslog local storage must be enabled

Related Commands

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

199

DATACOM SYSTEMS INC

VS-2024-F

show logging file - Displays the Syslog file table

syslog local storage - Enables the syslog local storage

8.17 logging server


This command adds an entry in to logging-server table. The no form of command deletes an entry from
forward table.

logging-server <short(0-191)> {ipv4 <ucast_addr> | ipv6 <ip6_addr>} [


port <integer(0-65535)>] [{udp | tcp | beep}]

no logging-server <short(0-191)> {ipv4 <ucast_addr> |ipv6 <ip6_addr>}

Syntax
Description

short

ipv4,ipv6

Priority of syslog messages. 0-lowest priority, 191highest priority


Version 4 and Version 6 IP address

port

Port number

udp,
tcp,beep

Sets the transport type as either udp, tcp, beep

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

200

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 8: SYSLOG
Example

iss (config)# logging-server 134 ipv4 12.0.0.3

Related Commands

show logging server - Displays the Syslog logging server table

8.18 mail server table


This command adds an entry to mail-server table. The no form of command deletes an entry from mail
table.

mail-server
<string(50)>

<short(0-191)>

{ipv4

<ucast_addr>

|ipv6

<ip6_addr>}

no mail-server <short(0-191)> {ipv4 <ucast_addr> |ipv6 <ip6_addr>}

Syntax
Description

short

ipv4,
ipv6

Priority of syslog messages. 0-lowest priority, 191highest priority


Version 4 and Version 6 IP address

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

201

DATACOM SYSTEMS INC

VS-2024-F
Example

iss (config)# mail-server 134 ipv4 12.0.0.100 root@localhost

Related Commands

show mail server - Displays the Syslog mail server table

syslog mail - Enables the mail option in syslog

8.19 syslog relay


This command changes the syslog role from device to relay. The no form of command changes the syslog
role from relay to device.

syslog relay

no syslog relay

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# syslog relay

202

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 8: SYSLOG

Related Commands

show syslog role - Displays the syslog role.

syslog relay transport type - Sets the Syslog relay transport type either as udp or tcp

syslog relay - port - Sets the syslog port through which it receives the syslog messages

8.20 syslog relay transport type


This command sets the Syslog relay transport type either as udp or tcp.

syslog relay transport type {udp | tcp}

Syntax
Description

udp

Sets the relay transport type as udp

tcp

Sets the relay transport type as tcp

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# syslog relay transport type udp

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

203

DATACOM SYSTEMS INC

VS-2024-F

Syslog relay must be enabled

Related Commands

syslog relay - Changes the syslog role from device to relay

show syslog role - Displays the syslog role.

show syslog relay transport type - Displays the Syslog relay transport type

show syslog relay - port - Displays the Syslog relay port.

8.21 show logging


This command displays logging status and configuration information.

show logging

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

204

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 8: SYSLOG
Example

iss# show logging


System Log Information
---------------------Syslog logging

: enabled(Number of messages 0)

Console logging

: enabled(Number of messages 0)

TimeStamp option : enabled


Severity logging

: Debugging

Log server IP

: 10.0.0.1

Facility

: Default (local0)

Buffered size

: 100

LogBuffer(0 Entries, 0 bytes)

Related Commands

logging - Enables Syslog Server and configures the Syslog Server IP address, the log-level and
other Syslog related parameter

service timestamps - Enables timestamp option for logged messages

8.22 show email alerts


This command displays configurations related to email alerts.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

205

DATACOM SYSTEMS INC

VS-2024-F

show email alerts

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show email alerts


Sender email-id: syslog@DatacomSystems.com
Receiver email-id : admin@DatacomSystems.com
Mail server IP

: 12.0.0.3

Related Commands

mailserver - Sets the mail server IP address to be used for sending email alert messages

receiver mail-id - Sets the receiver mail id

sender mail-id - Sets the sender mail id

8.23 show syslog role


206

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 8: SYSLOG

This command displays the syslog role.

show syslog role

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show syslog role


Syslog Role

: Relay

Related Commands

syslog relay - Changes the syslog role from device to relay

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

207

DATACOM SYSTEMS INC

VS-2024-F

8.24 show syslog mail


This command displays the mail option in syslog.

show syslog mail

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show syslog mail


Syslog Mail Option

: Enabled

Related Commands

208

syslog mail Enables the mail option in syslog

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 8: SYSLOG

8.25 show syslog local storage


This command displays the syslog local storage.

show syslog localstorage

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show syslog localstorage


Syslog Localstorage

: Enabled

Related Commands

syslog local storage - Enables the syslog local storage

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

209

DATACOM SYSTEMS INC

VS-2024-F

8.26 show logging file


This command displays the Syslog file table.

show logging-file

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show logging-file


Syslog File Table Information
---------------------------Priority

File-Name

--------

----------

134

iss1

134

iss2

134

iss3

Related Commands

syslog filename-one/syslog filename-two/syslog filename-three - Gets the users


desired file name to store syslog message

logging-file - Adds an entry in to file table

210

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 8: SYSLOG

8.27 show logging server


This command displays the Syslog logging server table.

show logging-server

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show logging-server


Syslog Forward Table Information
-------------------------------Priority

Address-Type

IpAddress

Port

Trans-Type

--------

------------

---------

----

----------

129

ipv4

12.0.0.2

514

udp

134

ipv4

12.0.0.1

514

udp

Related Commands

logging server - Adds an entry in to logging-server table

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

211

DATACOM SYSTEMS INC

VS-2024-F

8.28 show mail server


This command displays the Syslog mail server table.

show mail-server

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show mail-server


Syslog Mail Table Information
----------------------------

Priority

Address-Type

IpAddress

Receiver Mail-Id

--------

------------

---------

----------------

134

ipv4

12.0.0.100

root@localhost

Related Commands

212

mail server - Adds an entry to mail-server table

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 8: SYSLOG

8.29 show syslog relay - port


This command displays the Syslog relay port.

show syslog relay-port

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show syslog relay-port


Syslog Port

: 251

Related Commands

syslog relay - port - Sets the syslog port through which it receives the syslog messages

syslog relay - Changes the syslog role from device to relay

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

213

DATACOM SYSTEMS INC

VS-2024-F

8.30 show syslog profile


This command displays the Syslog profile.

show syslog profile

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show syslog profile


Syslog Profile

: raw

Related Commands

214

syslog profile - Sets the profile for reliable syslog

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 8: SYSLOG

8.31 show syslog relay transport type


This command displays the Syslog relay transport type.

show syslog relay transport type

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show syslog relay transport type


Syslog Relay Transport type udp

Related Commands

syslog relay transport type - Sets the Syslog relay transport type either as udp or tcp

syslog relay - port - Sets the syslog port through which it receives the syslog messages

syslog relay - Changes the syslog role from device to relay

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

215

DATACOM SYSTEMS INC

VS-2024-F

8.32 show syslog file-name


This command displays the Syslog local storage file name.

show syslog file-name

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

216

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 8: SYSLOG
Example

iss# show syslog file-name


Syslog File Name
---------------------Syslog File-One :iss1

Syslog File-Two :iss2

Syslog File-Three :iss3

Related Commands

syslog local storage - Enables the syslog local storage

show syslog local storage - Displays the syslog local storage.

syslog filename-one - Configures the file name to store the syslog messages.

syslog filename-two - Configures the file name to store the syslog messages.

syslog filename-three - Configures the file name to store the syslog messages

8.33 show syslog information


This command displays the Syslog information.

show syslog information

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

217

DATACOM SYSTEMS INC

VS-2024-F
Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show syslog information


System Log Information
---------------------Syslog Localstorage

Syslog Mail Option

: Enabled

: Enabled

Syslog Port

: 251

Syslog Role

: Relay

Related Commands

syslog local storage - Enables the syslog local storage

syslog mail Enables the mail option in syslog

syslog relay - Changes the syslog role from device to relay

218

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

Chapter

9
9.VLAN
VLANs (Virtual LANs) can be viewed as a group of devices on different physical LAN segments which can
communicate with each other as if they were all on the same physical LAN segment, that is, a network of
computers that behave as if they are connected to the same wire even though they may actually be
physically located on different segments of a LAN. VLANs are configured through software rather than
hardware, which makes them extremely flexible.
VLAN provides the following benefits for switched LANs:

Improved administration efficiency

Optimized Broadcast/Multicast Activity

Enhanced network security

The list of CLI commands for the configuration of VLAN are common to both Single Instance and
Multiple Instance except for a difference in the prompt that appears for the Switch with Multiple
Instance support.

The prompt for the Global Configuration Mode is,


iss(config)# set vlan enable
The prompt for the VLAN Configuration Mode is,
iss(config-vlan)# ports gigabitethernet 0/1 untagged gigabitethernet 0/1
forbidden gigabitethernet 0/2 name vl1

The parameters specific to Multiple Instance are stated so, against the respective parameter
descriptions in this document.
The output of the Show commands differ for Single Instance and Multiple Instance. Hence
both the output are documented while depicting the show command examples.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

219

DATACOM SYSTEMS INC

VS-2024-F

The list of commands for the configuration of VLAN is as follows::

set vlan

vlan

interface range

base bridge-mode

mac-vlan

subnet-vlan

protocol-vlan

map protocol

set gvrp

set port gvrp/set port gvrp - enable | disable

set gmrp

set port gmrp

vlan learning mode

fid - vlan range

set vlan traffic-classes

mac-map

map subnet

switchport filtering-utility-criteria

mac-address-table static unicast

mac-address-table static unicast Transparent Bridging Mode

mac-address-table static multicast/mac address-table static mcast

mac-address-table static multicast Transparent Bridging mode

mac-address-table aging-time

bridge-mode- Metro

l2protocol-tunnel cos

clear l2protocol-tunnel counters

clear vlan statistics

vlan default hybrid type

wildcard

set unicast-mac learning

vlan unicast-mac learning limit

unicast-mac learning limit

ports

vlan active

220

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

forward-all

forward-unregistered

switchport pvid/switchport access vlan

switchport acceptable-frame-type

switchport ingress-filter

port mac-vlan

port subnet vlan

port protocol-vlan

switchport map protocols-group

switchport priority default

switchport mode

switchport mode dot1q-tunnel

set garp timer

vlan restricted

group restricted

vlan max-traffic-class

vlan map-priority

shutdown garp

shutdown vlan

debug vlan

show vlan

show vlan device info

show vlan device capabilities

show fid - detail

show forward-all

show forward-unregistered

show vlan traffic-classes

show garp timer

show vlan port config

show vlan protocols-group

show protocol-vlan

show mac-vlan

show subnet vlan mapping

show vlan statistics

show mac-address-table

show dot1d mac-address-table

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

221

DATACOM SYSTEMS INC

VS-2024-F

show dot1d mac-address-table static unicast

show dot1d mac-address-table static multicast

show mac-address-table count

show mac-address-table static unicast

show mac-address-table static multicast

show mac-address-table dynamic unicast

show mac-address-table dynamic multicast

show mac-address-table aging-time

show wildcard

The following commands can be executed only in a Linux environment and cannot be executed on the
target.

shutdown vlan

set vlan

show vlan counters

222

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

9.1 set vlan


This command enables/disables VLAN in the switch. The value enable indicates that VLAN will be
enabled in the device on all ports. The value disable indicates that VLAN will be disabled in the device on
all ports.

set vlan { enable | disable }

Syntax
Description

enable

Enables VLAN in the switch

disable

Disables VLAN in the switch

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

enable

Example

iss(config)# set vlan enable

The configuration can be set to disabled if and only if, GVRP and GMRP are
disabled.

Related Commands

show vlan - Displays VLAN information in the database

show vlan device info - Displays the VLAN global status variables

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

223

DATACOM SYSTEMS INC

VS-2024-F

9.2 vlan
This command configures a VLAN in the switch and is also used to enter into the config-VLAN mode. The
no form of the command deletes a VLAN from the switch.

vlan <vlan-id(1-4094)>

no vlan <vlan-id(1-4094)>

Mode

Global Configuration Mode


In Metro package, this command will be executed only in Switch
configuration mode.

Package

Workgroup, Enterprise and Metro

Defaults

vlan-id

Example

iss(config)# vlan 4

Leading zeros must not be entered for VLAN ID.

The VLAN 1 interface cannot be deleted.

This command is used in PBB bridge mode to create customer, service and
backbone VLANs.

Related Command

show vlan - Displays VLAN information in the database

224

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

9.3 set mac-learning


This command configures the global mac learning status.

set mac-learning { enable | disable }

Syntax
Description

enable

Enables the global mac learning status

disable

Disables the global mac learning status

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

enable

Example

iss(config)# set mac-learning enable

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

225

DATACOM SYSTEMS INC

VS-2024-F

9.4 set unicast-mac-learning


This command configures unicast-mac learning for the vlan

set unicast-mac learning { enable | disable | default}

Syntax
Description

enable

Enables the unicast-mac learning for the vlan

disable

Disables the unicast-mac learning for the vlan

default

Sets the unicast-mac learning for the vlan as default

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Default

Enable

Example

iss(config)# set unicast mac-learning enable

226

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

9.5 interface range


This command selects the range of physical interfaces and VLAN interfaces to be configured and the no
form of the command selects the range of VLAN interfaces to be removed.

interface range ( { <interface-type>


id(1-4094)> - <vlan-id(2-4094)>})

<slot/port-port>}

{vlan <vlan-

no interface range vlan <vlan-id(1-4094)> - <vlan-id(2-4094)>

Syntax
Description

interfacetype

Interface type.

slot/portport

Member Ports ID.

vlan

VLAN identifier.

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# interface range gigabitethernet 0/1-23 vlan 1 - 2


iss(config-if-range)#

iss(config)# interface range vlan 1 gigabitethernet 0/1


iss(config-if-range)#

iss(config)# interface range vlan 1 - 4 gigabitethernet 0/1-3


iss(config-if-range)#

iss(config)# interface range vlan 1 - 4 gigabitethernet 0/1


iss(config-if-range)#

iss(config)# interface range gigabitethernet 0/1-23 vlan 1 128


iss(config-if-range)#
For specifying the interface VLAN range, space should be provided before and
after the dash. That is, the command interface range vlan 1 4 is valid,
whereas the command interface range vlan 1 4 is not valid.

For port channel range, the specified range must be configured using the
interface command.

Related Commands

Error! Reference source not found. Enters into the interface mode

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

227

DATACOM SYSTEMS INC

VS-2024-F

Error! Reference source not found. description - Displays the interface status and
configuration

9.6 base bridge-mode


This command specifies whether the bridge mode is Transparent or VLAN aware bridge.

base bridge-mode { dot1d-bridge | dot1q-vlan }

Syntax
Description

dot1dbridge

Specifies that the bridge mode is transparent

dot1q-vlan

Specifies that the bridge mode is VLAN aware bridge

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

dot1q-vlan

Example

iss(config)# base bridge-mode dot1d-bridge

To configure as dot1d-bridge:
PNAC/ LA/ GARP/Snooping/LLDP needs to be shutdown.

Spanning Tree mode should be RSTP

All non-physical interfaces (ivr, loopback and so on) should be deleted

Related Commands

228

show vlan device info: Displays the VLAN related global status variables.

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

9.7 mac-vlan
This command enables MAC-based VLAN for all the available interfaces of the VLAN. The no form of the
command disables MAC-based VLAN on the device.

mac-vlan

no mac-vlan

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

Disabled

Example

iss(config)# mac-vlan

Related Commands

show vlan device info - Displays the VLAN global status variables

show mac-vlan - Displays the entries in the MAC-VLAN database

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

229

DATACOM SYSTEMS INC

VS-2024-F

9.8 subnet-vlan
This command enables the Subnet-VLAN based classification on all ports. The no form of the command
disables Subnet-VLAN based classification on all the ports.

subnet-vlan

no subnet-vlan

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

disabled

Example

iss(config)# subnet-vlan

Related Commands

230

show vlan device info - Displays the VLAN related global status variables

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

9.9 protocol-vlan
This command enables Protocol-VLAN based classification on all the ports. The no form of the command
disables Protocol-VLAN based classification on all ports.

protocol-vlan

no protocol-vlan

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

Enabled

Example

iss(config)# protocol-vlan

Related Commands

show vlan device info - Displays the VLAN related global status variables

show protocol-vlan - Displays the entries in the protocol-VLAN database

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

231

DATACOM SYSTEMS INC

VS-2024-F

9.10 map protocol


This command configures the group ID for a specific encapsulation and protocol value combination. This
command adds a protocol to a protocol group for protocol based VLAN learning. The no form of the
command removes the protocol from the entire group.

map protocol {ip | novell | netbios | appletalk | other <aa:aa or


aa:aa:aa:aa:aa>} {enet-v2 | snap | llcOther | snap8021H | snapOther}
protocols-group <Group id integer(0-2147483647)>
no map protocol {ip | novell | netbios | appletalk | other <aa:aa or
aa:aa:aa:aa:aa>} {enet-v2 | snap | llcOther | snap8021H | snapOther}

Syntax
Description

ip | novell
| netbios |
appletalk |

Protocol types

other

MAC address of any other protocol type not included in


the list

Encapsulation Frame Types

Group ID.

enet-v2
snap
llcOther
snap8021H
snapOther

protocolsgroup

|
|
|
|

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# map protocol ip enet-v2 protocols-group 1

232

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

Related Command

show vlan protocols-group - Displays the protocol group database

9.11 set gvrp


This command enables or disables GVRP on a global basis.

set gvrp { enable | disable }

Syntax
Description

enable

Enables GVRP in the switch

disable

Disables GVRP in the switch

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

enable

Example

iss(config)# set gvrp disable

GVRP needs to be explicitly enabled even after GARP is enabled.

Related Commands

show vlan - Displays VLAN information in the database

show vlan device info - Displays the VLAN related global status variables

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

233

DATACOM SYSTEMS INC

VS-2024-F

9.12 set port gvrp


This command enables or disables GVRP on the interface.

set port gvrp <interface-type> <interface-id> { enable | disable }

Syntax
Description

interfacetype

Interface type

interfaceid

Interface Id

enable

Enables GVRP on the interface

disable

Disables GVRP on the interface

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

enable

Example

iss(config)# set port gvrp gigabitethernet 0/1

234

disable

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

The value enable indicates that GVRP is enabled on the current port, as long as
global GVRP status is also enabled for the device

If port GVRP state is disabled, but global GVRP status is still enabled, then
GVRP is disabled on current port. Any GVRP packet received will be discarded
and no GVRP registrations will be propagated from other ports

Related Command

show vlan port config - Displays the vlan related parameters specific for ports

9.13 set port gvrp - enable | disable


This command enables or disables GVRP (GARP VLAN Registration Protocol) on the interface.
This command operates similar to that of the command set port gvrp.

set port gvrp { enable | disable } <interface-id>

Syntax
Description

enable

Enables GVRP on the interface

disable

Disables GVRP on the interface

interfaceid

Interface identifier

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

enable

Example

iss(config)# set port gvrp disable 0/1

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

235

DATACOM SYSTEMS INC

VS-2024-F

The value enable indicates that GVRP is enabled on the current port, as long as
global GVRP status is also enabled for the device

If port GVRP state is disabled, but global GVRP status is still enabled, then
GVRP is disabled on current port. Any received GVRP packets will be discarded
and no GVRP registrations will be propagated from other ports

Related Command

show vlan port config - Displays the vlan related parameters specific for ports

9.14 set gmrp


This command enables or disables GMRP globally on the device.

set gmrp { enable | disable }

Syntax
Description

enable

Enables GMRP on the device

disable

Disables GMRP on the device

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

enable

Example

iss(config)# set gmrp disable

236

GMRP needs to be explicitly enabled even after GARP is enabled.

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN
Related Commands

show vlan - Displays VLAN information in the database

show vlan device info - Displays the VLAN related global status variables

9.15 set port gmrp


This command enables or disables GMRP on the port.

set port gmrp <interface-type> <interface-id> { enable | disable }

Syntax
Description

interfacetype

Interface type

interfaceid

Interface ID

enable

Enables GMRP on the interface

disable

Disables GMRP on the interface

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

237

DATACOM SYSTEMS INC

VS-2024-F
Defaults

enable

Example

iss(config)# set port gmrp gigabitethernet 0/1

disable

The value enable indicates that GMRP is enabled on this port in all VLANs as
long as GMRP Status is also enabled globally

The value disable indicates that GMRP is disabled on this port in all VLANs; any
GMRP packet received will be silently discarded and no GMRP registrations will
be propagated from other ports

Related Command

show vlan port config - Displays the vlan related parameters specific for ports

9.16 vlan learning mode


This command configures the VLAN learning mode for the switch.

vlan learning mode {ivl | svl | hybrid}

Syntax
Description

ivl

Independent VLAN learning

svl

Shared VLAN learning

hybrid

Hybrid VLAN learning

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

238

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN
Defaults

ivl

Example

iss(config)# vlan learning mode ivl

A change in the configuration of the VLAN learning mode will be effective only after
the next reboot of the system.

Related Commands

show vlan device info - Displays the VLAN related global status variables

Error! Reference source not found. - Displays the current information stored in the NVRAM

9.17 fid - vlan range


This command configures a VLAN or a list of VLANs to use a Filtering database identified by a filtering
database identifier and the no form of the command configures the FIDs of all VLANs in the list to their
default value.

fid <integer(1-4094)> vlan <vlan-range>

no fid vlan <vlan-range>

Syntax
Description

Mode

vlan

List of VLANs. The vlan-range can have any valid


range between 1 and 4094.

Global Configuration Mode

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

239

DATACOM SYSTEMS INC

VS-2024-F
Package

Workgroup, Enterprise and Metro

Defaults

By default, the FID of all VLANs is their VLAN ID.

Example

iss(config)# fid 2 vlan 2-20

The MST instance of all VLANs in the list must be the same.

Any other VLAN with the same FID must have MST instance same as that of the
VLANs in the list for this command to succeed.

This command is successful when the VLAN learning mode is hybrid.

Related Commands

vlan learning mode - Configures the VLAN learning mode for the switch

vlan default hybrid type - Configures the default learning type for VLANs when the
operational learning mode of the switch is hybrid

show fid - detail - Displays forwarding database identifier used by VLANs in the switch

9.18 set vlan traffic-classes


This command enables / disables traffic classes.

set vlan traffic-classes {enable | disable}

Syntax
Description

Mode

240

enable

Enables traffic classes

disable

Disables traffic classes

Global Configuration Mode

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN
Package

Workgroup, Enterprise and Metro

Defaults

enable

Example

iss(config)# set vlan traffic-classes enable

This command has to be executed prior to executing the vlan max traffic
class command.

Related Commands

show vlan device info - Displays the VLAN related global status variables

vlan max-traffic-class - Assigns traffic class value to a port

show vlan traffic-classes - Displays the traffic class information of all the available interfaces

9.19 mac-map
This command configures the VLAN-MAC address mapping. The no form of this command is used to
delete the specific mac map entry.

mac-map <aa:aa:aa:aa:aa:aa> vlan <vlan-id(1-4094)> [mcast-bcast {discard


| allow}]

no mac-map <aa:aa:aa:aa:aa:aa>

Syntax
Description

aa:aa:aa:aa:aa:aa

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

MAC address

241

DATACOM SYSTEMS INC

VS-2024-F

vlan

VLAN Identifier

mcast-bcast

Specifies the way broadcast and multicast traffic will


be handled for the packets received from the source
address of this MAC classification entry

Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config-if)# mac-map 00:11:22:33:44:55 vlan 2 mcast-bcast


discard

This command is valid only if VLAN is configured as 'Mac-based'.

Related Commands

mac-vlan - Enables MAC-based VLAN for all the available interfaces of the VLAN

show mac-vlan - Displays the entries in the MAC-VLAN database

9.20 map subnet


This command configures a VLAN subnet mapping entry. The no form of command deletes the vlan
subnet mapping entry.
map subnet <ip-subnet-address> vlan <vlan-id(1-4094)> [arp {suppress |
allow}]

no map subnet <ip-subnet-address>

Syntax
Description
242

ip-subnetaddress

Subnet address

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

vlan-id
arp

VLAN identifier
-

Configurable option for discarding/allowing ARP Untagged


frames on the vlan.

Mode

Interface Mode

Package

This command can be executed in the Global configuration mode, in BCMX


switches
Workgroup, Enterprise and Metro

Default

allow

Example

iss(config-if)# map subnet 14.0.0.0 vlan 1 arp allow

VLAN should be present.

Related Commands :

show subnet vlan mapping - Displays the entries in Subnet-VLAN database

9.21 switchport filtering-utility-criteria


This command changes filtering utility criteria to default or enhanced filtering criteria.

switchport filtering-utility-criteria {default | enhanced}

Mode

Interface Configuration Mode

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

243

DATACOM SYSTEMS INC

VS-2024-F
Package

Workgroup, Enterprise and Metro

Default

default

Example

iss(config-if)# switchport filtering-utility-criteria


enhanced

9.22 mac-address-table static unicast


This command configures a static unicast MAC address in the forwarding database. The no form of the
command deletes a configured static Unicast MAC address from the forwarding database.

mac-address-table static unicast <aa:aa:aa:aa:aa:aa> vlan <vlan-id(14094)> [{recv-port <ifXtype> <ifnum> }] interface ([<interface-type>
<0/a-b, 0/c, ...>] [<interface-type> <0/a-b, 0/c, ...>] [port-channel

244

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

<a,b,c-d>]) [connection-identifier <ucast_mac>] [status { permanent |


deleteOnReset | deleteOnTimeout }]
no mac-address-table static unicast <aa:aa:aa:aa:aa:aa> vlan <vlan-id(14094)> [{recv-port <ifXtype> <ifnum>}]

PBB feature enabled in the switch

mac-address-table static unicast <aa:aa:aa:aa:aa:aa> vlan <vlan-id(14094)> [{recv-port <ifXtype> <ifnum> | service-instance <integer(25616777214)>}] interface ([<interface-type> <0/a-b,0/c,...>] [<interfacetype> <0/a-b,0/c,...>] [port-channel <a,b,c-d>]) [connection-identifier
<ucast_mac>][status { permanent | deleteOnReset | deleteOnTimeout }]

no mac-address-table static unicast <aa:aa:aa:aa:aa:aa> vlan <vlan-id(14094)> [{recv-port <ifXtype> <ifnum> | service-instance <integer(25616777214)>}]

Syntax
Description

aa:aa:aa:aa:aa:aa

Destination MAC address

vlan

VLAN Identifier

recv-port

Received port's Interface type and ID

service-instance

Service instance identifier.


between 256 and 16777214.

interface

Member Ports Interface type and ID.

<interface-type>
<0/a-b, 0/c, ...>

Member Ports Interface type and ID.

port-channel

Port-channel ID

connectionidentifier

Associates backbone MAC address of peer


backbone edge bridge with customer MAC address
that can be reached through the bridge.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

This

value

ranges

245

DATACOM SYSTEMS INC

VS-2024-F

status

Status of the Static unicast entry. The options are:


permanent - Entry remains even after the next reset
of the bridge
deleteOnReset - Entry remains until the next reset of
the bridge
deleteOnTimeout - Entry remains until it is aged out

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

status

Example

iss(config)# mac-address-table static unicast 00:11:22:33:44:55


vlan 3 recv-port gigabitethernet 0/2 interface gigabitethernet 0/1
status deleteOnTimeout

permanent

iss(config)# mac-address-table static unicast 00:11:22:33:44:55


vlan 3 service-instance 1005 interface gigabitethernet 0/1 status
deleteOnTimeout

VLAN/Service-instance must have been configured and member ports must have been
configured for the specified VLAN/Service-instance.

Related Commands

show mac-address-table static unicast - Displays the statically configured unicast address
from the MAC address table.

mac-address-table static multicast - Configures a static multicast MAC address in the


forwarding database.

vlan - Configures a VLAN in the switch and is also used to enter in to the config-VLAN mode.

service instance - Used to enter the service instance mode for performing ISID specific
operations.

246

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

9.23 mac-address-table static unicast Transparent Bridging


Mode
This command configures a static unicast MAC Address in the forwarding database in transparent
bridging mode. The no form of the command deletes the configured Static Unicast address from the
forwarding database.
mac-address-table
static
unicast
<aa:aa:aa:aa:aa:aa>
[recv-port
<interface-type> <interface-id>] interface ([<interface-type> <0/ab,0/c,...>] [<interface-type> <0/a-b,0/c,...>] [port-channel <a,b,c-d>])
[status { permanent | deleteOnReset | deleteOnTimeout }]

no mac-address-table static unicast


<interface-type> <interface-id>]

Syntax
Description

<aa:aa:aa:aa:aa:aa>

[recv-port

aa:aa:aa:aa:aa:aa

Destination MAC address

recv-port

Received port's Interface type and ID

interface

Member Ports Interface type and ID.

<interface-type>
<0/a-b, 0/c, ...>

Member Ports Interface type and ID.

port-channel

Port-channel ID

status

Status of the Static unicast entry. The options are:


permanent - Entry remains even after the next reset
of the bridge
deleteOnReset - Entry remains until the next reset of
the bridge
deleteOnTimeout - Entry remains until it is aged out

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

status

Example

iss(config)# mac-address-table static unicast 00:11:22:33:44:55


recv-port gigabitethernet 0/2 interface gigabitethernet 0/2 status
deleteOnTimeout

permanent

Base bridge mode should be transparent bridging.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

247

VS-2024-F

DATACOM SYSTEMS INC

Related Commands

show dot1d mac-address-table static unicast - Displays Static Unicast MAC Address
table

mac-address-table static multicast - Configures a static multicast MAC address in the


forwarding database.

248

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

9.24 mac-address-table static multicast


This command configures a static multicast MAC address in the forwarding database.

mac-address-table static multicast <aa:aa:aa:aa:aa:aa> vlan <vlan-id(14094)> [{recv-port <ifXtype> <ifnum>>}] interface ([<interface-type>
<0/a-b, 0/c, ...>] [<interface-type> <0/a-b, 0/c, ...>] [port-channel
<a,b,c-d>]]) [forbidden-ports ([<interface-type> <0/a-b, 0/c, ...>]
[<interface-type> <0/a-b, 0/c, ...>] [port-channel <a,b,c-d>]]) [status
{ permanent | deleteOnReset | deleteOnTimeout }]

no mac-address-table static multicast <aa:aa:aa:aa:aa:aa> vlan <vlanid(1-4094)> [recv-port <ifXtype> <ifnum>}]

PBB feature enabled in the switch

mac-address-table static multicast <aa:aa:aa:aa:aa:aa> vlan <vlan-id(14094)> [{recv-port <ifXtype> <ifnum> | service-instance <integer(25616777214)>}] interface ([<interface-type> <0/a-b,0/c,...>] [<interfacetype> <0/a-b,0/c,...>] [port-channel <a,b,c-d>]])
[forbidden-ports
([<interface-type> <0/a-b,0/c,...>] [<interface-type> <0/a-b,0/c,...>]
[port-channel <a,b,c-d>]]) [status { permanent | deleteOnReset |
deleteOnTimeout }]

no mac-address-table static multicast <aa:aa:aa:aa:aa:aa> vlan <vlanid(1-4094)>


[{recv-port
<ifXtype>
<ifnum>
|
service-instance
<integer(256-16777214)>}]

Syntax
Description

aa:aa:aa:aa:aa:aa

Multicast MAC address

vlan

VLAN Identifier

recv-port

Received port's Interface type and ID

service-instance

Service instance identifier.


between 256 and 16777214.

interface

Member Ports Interface type and ID.

<interface-type>
<0/a-b, 0/c, ...>

Member Ports Interface type and ID.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

This

value

ranges

249

DATACOM SYSTEMS INC

VS-2024-F

port-channel

Port channel ID

forbidden-ports

Forbidden ports interface type and ID.

<interface-type>
<0/a-b, 0/c, ...>

Forbidden ports interface type and ID.

port-channel

Port-channel ID

status

Status of the static multicast entry. The options are:


permanent - Entry remains even after the next reset
of the bridge
deleteOnReset - Entry remains until the next reset of
the bridge
deleteOnTimeout - Entry remains until it is aged out

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

status

Example

iss(config)# mac-address-table static multicast 01:02:03:04:05:06


vlan 2 interface gigabitethernet 0/1

permanent

VLAN/Service-instance must have been configured and member ports must have been
configured for the specified VLAN/Service-instance.

Related Command

show mac-address-table static multicast - Displays the statically configured multicast


entries.

vlan - Configures a VLAN in the switch and is also used to enter in to the config-VLAN mode.

service instance Used to enter the service instance mode for performing ISID specific
operations.

250

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

9.25 mac address-table static mcast


This command configures a static multicast MAC (Media Access Control) address in the forwarding
database and the no form of the command deletes a configured static multicast MAC address from the
forwarding database.
This command operates similar to that of the command mac-address-table static multicast.

mac address-table static <mcast_mac> vlan <integer(1-4094)> ([interface


<interface-type>
<0/a-b,0/c,...>]
[<interface-type>
<0/ab,0/c,...>][port-channel <a,b,c-d>])

no
mac
address-table
static
[interface <ifXtype> <ifnum>]

Syntax
Description

<mcast_mac>

vlan

<vlan-id(1-4094)>

mcast_mac

Multicast MAC address.

vlan

VLAN identifier. This value ranges between 1 and 4094.

interface

Member Ports Interface type and ID.

<interfacetype> <0/ab,
0/c,
...>

Specifies interface type and ID of the member and


forbidden ports.

portchannel

Port-channel ID

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# mac address-table static 01:02:03:04:05:06 vlan 2


interface gigabitethernet 0/1

VLAN/Service-instance must have been configured and member ports must have been
configured for the specified VLAN/Service-instance.

Related Command

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

251

DATACOM SYSTEMS INC

VS-2024-F

show mac-address-table static multicast - Displays the statically configured multicast


entries.

vlan - Configures a VLAN in the switch and is also used to enter in to the config-VLAN mode.

service instance Used to enter the service instance mode for performing ISID specific
operations.

9.26 mac-address-table static multicast Transparent


Bridging mode
This command configures a static multicast MAC address in the forwarding database in transparent
bridging. The no form of command deletes the configured Static Multicast address from the forwarding
database.

mac-address-table
static
multicast
<aa:aa:aa:aa:aa:aa>
[recv-port
<interface-type> <interface-id>] interface ([<interface-type> <0/ab,0/c,...>] [<interface-type> <0/a-b,0/c,...>] [port-channel <a,b,cd>]]) [status { permanent | deleteOnReset | deleteOnTimeout }]

no mac-address-table static multicast


<interface-type> <interface-id>]

Syntax
Description

<aa:aa:aa:aa:aa:aa>

[recv-port

aa:aa:aa:aa:aa:aa

Multicast MAC address

recv-port

Received port's Interface type and ID

interface

Member Ports Interface type and ID.

<interface-type>
<0/a-b, 0/c, ...>

Member Ports Interface type and ID.

port-channel

Port channel ID

port-channel

Port-channel ID

status

Status of the static multicast entry. The options are:


permanent - Entry remains even after the next reset
of the bridge
deleteOnReset - Entry remains until the next reset of
the bridge
deleteOnTimeout - Entry remains until it is aged out

252

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN
Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

status

Example

iss(config)# mac-address-table static multicast


01:00:5E:01:02:03interface gigabitethernet 0/2

permanent

Base bridge mode should be transparent bridging

Related Command

show dot1d mac-address-table static multicast - Displays Static Multicast MAC Address
table.

mac-address-table static unicast - Configures a static unicast MAC address in the


forwarding database.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

253

DATACOM SYSTEMS INC

VS-2024-F

9.27 mac-address-table aging-time


This command sets the maximum age of a dynamically learnt entry in the MAC address table. The no
form of the command sets the maximum age of an entry in the MAC address table to its default value.

mac-address-table aging-time <10-1000000 seconds>

no mac-address-table aging-time

For DX260 target

mac-address-table aging-time <10-630 seconds>

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

300

Example

iss(config)# mac-address-table aging-time 200

If traffic on an interface is not very frequent, then the aging time must be
increased to record the dynamic entries for a longer time. Increasing the time
can reduce the possibility of flooding.

Related Command

show mac-address-table aging-time - Displays the MAC address-table with ageing time

254

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

9.28 bridge-mode- Metro


This command configures the bridge mode of the Switch.

bridge-mode {customer | provider | provider-core


provider-backbone-icomp |provider-backbone-bcomp}

Syntax
Description

Mode

Package

provider-edge

customer

Customer Bridge Mode

provider

Provider Bridge Mode

providercore

Provider core Bridge Mode

provideredge

Provider edge Bridge Mode

providerbackboneicomp

Provider Backbone Bridge I component Mode

providerbackbonebcomp

Provider Backbone Bridge B component Mode

Global Configuration Mode in SI mode/Switch Configuration Mode in MI mode


Workgroup, Enterprise and Metro
In the Workgroup and the Enterprise package, only the customer and
provider are the valid parameters.

Defaults

Based on the bridge mode value in issnvram.txt

Example

iss(config)#

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

bridge-mode provider-backbone-icomp

255

DATACOM SYSTEMS INC

VS-2024-F

Only one bridge mode can be set at a time. If multiple bridge modes are required,
multiple instances of the bridge should be run.

To configure the bridge mode of the switch.


-

Spanning tree must be shut down.

GARP must be shut down.

ECFM must be shutdown

Related Command

no Error! Reference source not found. - Starts MRP module in the switch

show vlan device info - Displays the VLAN related global status variables

256

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

9.29 l2protocol-tunnel cos


This command configures the priority for the tunneled STP BPDUs. The no form of the command
configures the default priority for the tunneled STP BPDUs.

l2protocol-tunnel cos <cos-value(0-7)>

no l2protocol-tunnel cos

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

cos - value

Example

iss(config)# l2protocol-tunnel cos 5

The configured priority value will be effective only when the L2 Protocol tunnel STP is
enabled on an interface

Related Command

show l2protocol-tunnel - Displays the entries in VLAN tunnel protocol table containing the number
of ingress or egress STP BPDUs tunneled

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

257

DATACOM SYSTEMS INC

VS-2024-F

9.30 clear l2protocol-tunnel counters


This command clears the L2 protocol tunnel counters.

clear l2protocol-tunnel counters [<interface-type> <interface-id>]

Syntax
Description

interfacetype

Type of interface

interfaceid

Interface ID

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# clear l2protocol-tunnel counters

If executed without the optional parameters this command clears the STP tunnel
counters of all the available interfaces.

Related Command

show l2protocol-tunnel - Displays the entries in VLAN tunnel protocol table containing the number
of ingress or egress STP BPDUs tunneled

258

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

9.31 clear vlan statistics


This command clears the VLAN counters.

clear vlan statistics [vlan < vlan-id (1-4094)>]

Syntax
Description

vlan

VLAN Identifier

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# clear vlan statistics vlan 1

If executed without the optional parameters this command clears all the VLAN counters.

Related Command

show vlan statistics - Displays the VLAN statistics

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

259

DATACOM SYSTEMS INC

VS-2024-F

9.32 vlan default hybrid type


This command configures the default learning type for VLANs when the operational learning mode of the
switch is hybrid.

vlan default hybrid type {ivl | svl}

Syntax
Description

ivl

Independent VLAN learning

svl

Shared VLAN learning

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# vlan default hybrid type ivl

This command is successful when the VLAN learning mode is not hybrid.

This configuration is useful when the switch is restarted with VLAN learning
mode changed to Hybrid.

A config save restore must be done for this configuration

Related Commands

260

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

vlan learning mode - Configures the VLAN learning mode for the switch

show fid - detail - Displays forwarding database identifier used by VLANs in the switch

9.33 wildcard
This command configures the wildcard vlan entry for a given mac address and the no form of the
command deletes the wildcard entry for the same.

wildcard {mac-adddress <mac_addr> | broadcast} interface ([<interfacetype> <0/a-b, 0/c, ...>] [<interface-type> <0/a-b, 0/c, ...>] [portchannel <a,b,c-d>])

no wildcard {mac-adddress <mac_addr> | broadcast}

Syntax
Description

macadddress /
broadcast

Unicast/Multicast/BroadCast Mac Address of Wildcard


entry

Interface

Interface type and ID

portchannel

Port-channel ID

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

261

DATACOM SYSTEMS INC

VS-2024-F
Example

iss(config)# wildcard mac-address 01:02:03:04:05:06 interface


gigabitethernet 0/1

9.34 set unicast-mac learning


This command enables / disables unicast-mac learning for the VLAN.

set unicast-mac learning { enable | disable }

Syntax
Description

enable

Enables unicast-mac learning for the VLAN

disable

Disables unicast-mac learning for the VLAN

Mode

Config-VLAN Mode

Package

Workgroup, Enterprise and Metro

Defaults

enable

262

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN
Example

iss(config-vlan)# set unicast-mac learning enable

This configuration will not take effect on VLANs with the number of member ports greater
than or equal to 3.

Related Command

show vlan learning params - Displays unicast-MAC learning status and learning limit configured for
the specified VLAN

9.35 vlan unicast-mac learning limit


This command sets the unicast-mac learning limit for the VLAN. The no form of the command resets the
unicast-mac learning limit for the vlan to the default value.

vlan unicast-mac learning limit <size(0-4294967295)>

no vlan unicast-mac learning limit

Syntax
Description

learning
limit

Mode

Config-VLAN Mode

Package

Workgroup, Enterprise and Metro

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

Specifies the MAC learning limit configured for the


VLAN

263

VS-2024-F

DATACOM SYSTEMS INC

Defaults

A value calculated depending on the dynamic unicast size and the maximum number of
VLANs supported in the system.

Example

iss(config-vlan)# vlan unicast-mac learning limit 100

The maximum limit that can be configured for a VLAN is dependent on the total size
available for dynamic unicast entries in the forwarding table and on the maximum number
of VLANs that can be supported.
This configuration is allowed only in case of independent VLAN learning mode.

Related Command

show vlan learning params - Displays unicast-MAC learning status and learning limit configured for
the specified VLAN

9.36 unicast-mac learning limit


This command sets unicast MAC learning limit for the switch. The no form of the command resets unicast
MAC learning limit for the switch to the default value.

unicast-mac learning limit <limit value(0-4294967295)>

no unicast-mac learning limit

Syntax
Description

264

limit value

Limiting value on the number of distinct unicast MAC


addresses that can be learnt in the device. This value
ranges between 0 and 4294967295

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN
Mode

Global Configuration mode.

Package

Workgroup, Enterprise and Metro

Example

iss(config)# unicast-mac learning limit 5

The limiting value must not be less than any of the unicast MAC learning limits set
for the VLANs.

The upper limiting value that can be set is determined by the underlying hardware.

Related Command

show vlan device info - Displays the VLAN related global status variables.

9.37 ports
This command configures a static VLAN entry with the required member ports, untagged ports and
forbidden ports. The tagged and untagged member ports defined by this command are used for egress
tagging for a VLAN at a port.

For ports in PBB bridge mode, this command is used to define member ports for a
VLAN in a component.
For BVLAN in a B component, these member ports can be only PNP.

For SVLAN in an I component, these member ports can be only CNP-Stagged.

For CVLAN in an I component, these member ports can be only CNP-Ctagged.


The no form of the command resets port list for the VLAN.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

265

DATACOM SYSTEMS INC

VS-2024-F

ports
([<interface-type>
<0/a-b,0/c,...>]
[<interface-type>
<0/ab,0/c,...>] [port-channel <a,b,c-d>]) [untagged <interface-type> <0/ab,0/c,...> [<interface-type> <0/a-b,0/c,...>] [port-channel <a,b,cd>][all])] [forbidden <interface-type> <0/a-b,0/c,...> [<interface-type>
<0/a-b,0/c,...>] [port-channel <a,b,c-d>]] [name <vlan-name>]

no ports [<interface-type> <0/a-b,0/c,...>] [<interface-type> <0/ab,0/c,...>] [port-channel <a,b,c-d>] [all] [untagged ([<interface-type>
<0/a-b,0/c,...>]
[<interface-type>
<0/a-b,0/c,...>]
[port-channel
<a,b,c-d>]
[all])]
[forbidden
([<interface-type>
<0/a-b,0/c,...>]
[<interface-type> <0/a-b,0/c,...>] [port-channel <a,b,c-d>] [all])]
[name <vlan-name>]

Syntax
Description

266

ports

Member Ports Interface type and ID.

<interfacetype> <0/ab,
0/c,
...>

Member Ports Interface type and Id.

portchannel
<a,b,c-d>

Port-channel ID

untagged

Untagged Ports Interface type and Id

<interfacetype> <0/ab,
0/c,
...>

Untagged Ports Interface type and Id

forbidden

Forbidden Ports Interface type and Id

<interfacetype> <0/ab,
0/c,
...>

Forbidden Ports Interface type and Id

portchannel

Port-channel ID

all

All Member Ports

name

Administratively assigned string used to identify the VLAN

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN
Mode

VLAN Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config-switch-vlan)# ports gigabitethernet 0/1 untagged


gigabitethernet 0/1 forbidden gigabitethernet 0/2 name vl1

Member-ports represent the set of ports permanently assigned to the egress list

Forbidden-ports represent the set of ports forbidden for the VLAN

Untagged ports represent the set of ports which transmits untagged frames

CBP should always be set as untagged member port of a BVLAN.

All the existing commands in VLAN configuration mode are also used for the
configuration of a B-VLAN of a PBB.

Related Command

show vlan - Displays VLAN information in the database

9.38 vlan active


This command makes the particular VLAN active in the switch.

vlan active

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

267

DATACOM SYSTEMS INC

VS-2024-F
Mode

Config-VLAN Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config-vlan)# vlan active

9.39 forward-all
This command configures the forward-all information for a VLAN specifying the set of ports to which all
multicasts must be forwarded.
The no form of the command sets the forward-all to default.
268

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

forward-all
([static-ports
([<interface-type>
<0/a-b,
0/c,
...>]
[<interface-type> <0/a-b, 0/c, ...>] [port-channel <a,b,c-d>] [none])]
[forbidden-ports <interface-type> <0/a-b, 0/c, ...> [<interface-type>
<0/a-b, 0/c, ...>] [port-channel <a,b,c-d>]])

no forward-all

Syntax
Description

staticports

Static Ports Interface type and ID.

<interfacetype> <0/ab,
0/c,
...>

Static Ports Interface type and ID.

portchannel

Port-channel ID

none

None

forbiddenports

Forbidden Ports Interface type and ID.

<interfacetype> <0/ab,
0/c,
...>

Forbidden Ports Interface type and ID.

portchannel

Port-channel ID

Mode

Config-VLAN Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config-vlan)# forward-all static-ports gigabitethernet 0/1


forbidden-ports gigabitethernet 0/2

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

269

DATACOM SYSTEMS INC

VS-2024-F

static-ports are the set of ports configured by the user in this VLAN to which the
multicast group-addressed frames are to be forwarded

forbidden-ports are the set of ports configured by the user in this VLAN to which the
multicast group-addressed frames are NOT to be forwarded

Related Command

show forward-all - Displays the GMRP forward-all table entries

270

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

9.40 forward-unregistered
This command configures the forward unregistered information for a VLAN for which there is no specific
forwarding information. The no form of the command sets the forward-unregistered information to default.

forward-unregistered ([static-ports ([<interface-type> <0/a-b, 0/c,


...>] [<interface-type> <0/a-b, 0/c, ...>] [port-channel <a,b,c-d>]
[none])]
[forbidden-ports
<interface-type>
<0/a-b,
0/c,
...>
[<interface-type> <0/a-b, 0/c, ...>] [port-channel <a,b,c-d>]])

no forward-unregistered

Syntax
Description

staticports

Static Ports Interface type and ID.

<interfacetype> <0/ab,
0/c,
...>

Static Ports Interface type and ID.

portchannel

Port-channel ID

none

None

forbiddenports

Forbidden Ports Interface type and ID.

<interfacetype> <0/ab,
0/c,
...>

Forbidden Ports Interface type and ID.

portchannel

Port-channel ID

Mode

Config-VLAN Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config-vlan)# forward-unregistered static-ports


gigabitethernet 0/2 forbidden-ports gigabitethernet 0/1

static-ports are the set of ports configured by the user in this VLAN to which the
multicast group-addressed frames are to be forwarded

forbidden-ports are the set of ports configured by the user in this VLAN to which the
multicast group-addressed frames are NOT to be forwarded

Related Command

show forward-unregistered - Displays the GMRP forward-unregistered table


CLI USER MANUAL
DATACOM SYSTEMS CONFIDENTIAL

271

DATACOM SYSTEMS INC

VS-2024-F

9.41 switchport pvid


This command configures the PVID (VLAN Identifier) on a port. The no form of this command sets the
PVID to the default value on the port.

switchport pvid <vlan-id(1-4094)>

no switchport pvid

Syntax
Description

vlan-id

PVID value to be configured on the port.

Mode

Interface Configuration Mode

Example

iss(config-if)# switchport pvid 3

If the frame (untagged/priority tagged/customer VLAN tagged) is received on a


"tunnel" port, then the default Port VLAN Id (PVID) associated with the port is
used.

If the received frame cannot be classified as MAC-based or port-and-protocolbased, then the PVID associated with the port is used.

For ports in PBB bridge mode, PVID can be configured on CNP and CBP.

Usage is based on acceptable frame type of the port. Packets will be either
dropped or accepted at ingress. Once a packet is accepted, if packet is having
a tag, it will be processed against that tag. Otherwise, the packet will be
processed against PVID.

Related Command

show vlan port config - Displays the VLAN related parameters specific for ports

272

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

9.42 switchport access vlan


This command configures the PVID (Port VLAN Identifier) on a port. The no form of this command sets
the PVID to the default value on the port.
This command operates similar to that of the command switchport pvid.

switchport access vlan <vlanid (1-4094)>

no switchport access vlan

Syntax
Description

vlan-id

PVID value to be configured on the port.

Mode

Interface Configuration Mode

Example

iss(config-if)# switchport access vlan 3

If the frame (untagged/priority tagged/customer VLAN tagged) is received on a


"tunnel" port, then the default PVID associated with the port is used.

If the received frame cannot be classified as MAC-based or port-and-protocolbased, then the PVID associated with the port is used.

For ports in PBB bridge mode, PVID can be configured on CNP (Customer
Network Port) and CBP (Customer Backbone Port).

Usage is based on acceptable frame type of the port. Packets will be either
dropped or accepted at ingress. Once a packet is accepted, if the packet is
having a tag, it will be processed against that tag. Otherwise, the packet will
be processed against PVID.

Related Command

show vlan port config - Displays the VLAN related parameters specific for ports

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

273

DATACOM SYSTEMS INC

VS-2024-F

9.43 switchport acceptable-frame-type


This command configures the acceptable frame type for the port. The no form of this command sets the
default value of acceptable frame type - all where all frames will be accepted.

switchport
acceptable-frame-type
untaggedAndPrioritytagged }

{all

tagged

no switchport acceptable-frame-type

Syntax
Description

all

All frames. Both tagged and untagged frames are allowed.

tagged

Tagged frames. For ports in PBB bridge mode, the


description of tagged frames is given in the below table:

untaggedAndP
rioritytagge
d

Port Type

What will be considered as


TAG

CNP STagged

S-Tag

CNP CTagged

C-Tag

CNP Port Based

S-Tag

PIP

I-Tag

CBP

I-Tag

PNP

B-Tag or S Tag

Untagged and priority tagged frames. For ports in PBB


bridge mode, the description of untagged frames is given
in the below table:

Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

all

Example

iss(config-if)# switchport acceptable-frame-type tagged

274

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

When set to "tagged" the device will discard untagged and priority tagged frames
received on the port and will process only the VLAN tagged frames

When set to "all" untagged frames or priority-tagged frames received on the port are
also accepted

When set to untaggedAndPrioritytagged, untagged and priority tagged frames alone


are accepted and tagged frames are dropped.

Related Command

show vlan port config - Displays the VLAN related parameters specific for ports.

9.44 switchport ingress-filter


This command enables ingress filtering on the port. The no form of this command disables ingress filtering
on the port.

switchport ingress-filter

no switchport ingress-filter

Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

Disabled

Example

iss(config-if)# switchport ingress-filter

When ingress-filtering is enabled, the device discards those incoming


frames for VLANs which do not include this port in its member set

When the ingress filtering is disabled using the no form of the command,
the device accepts all incoming frames

Related Command

show vlan port config - Displays the VLAN related parameters specific for ports

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

275

DATACOM SYSTEMS INC

VS-2024-F

9.45 port mac-vlan


This command enables MAC-based VLAN learning on the port. The no form of the command disables
MAC-based VLAN learning on the port.

port mac-vlan

no port mac-vlan

Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

Disabled

Example

iss(config-if)# port mac-vlan

VLAN classification on the port will be MAC-based as long as MAC-based VLAN


classification is enabled globally for the device.

Related Command

show vlan port config - Displays the VLAN related parameters specific for ports

276

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

9.46 port subnet vlan


This command enables subnet based VLAN classification on the port. The no form of command disables
the subnet based VLAN learning on the port.
port subnet-vlan

no port subnet-vlan

Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

Disabled

Example

iss(config-if)# port subnet-vlan

Related Command

show subnet vlan mapping: Displays the entries in Subnet-VLAN database

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

277

DATACOM SYSTEMS INC

VS-2024-F

9.47 port protocol-vlan


This command enables port protocol based VLANs. The no form of the command disables port Protocol
based VLANs.

port protocol-vlan

no port protocol-vlan

Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

Enabled

Example

iss(config-if)# port protocol-vlan

The value enable indicates that the VLAN classification on this port is port and
protocol based as long as the port and protocol based classification is enabled
globally for the device.

Related Command

show vlan port config - Displays the VLAN related parameters specific for ports

278

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

9.48 switchport map protocols-group


This command maps the protocol group configured to a particular VLAN identifier for the specified
interface. The no form of the command unmaps the VLAN identifier to group Id mapping.

switchport map protocols-group


<vlan-id(1-4094)>

<Group

id

integer(0-2147483647)>vlan

no switchport map protocols-group <Group id integer(0-2147483647)>>

Syntax
Description

Group id

Group ID

vlan

VLAN ID

Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config-if)# switchport map protocols-group 1 vlan 2

Protocol group must have been configured

Related Commands

map protocol - Adds a protocol to a protocol group for protocol based VLAN learning

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

279

DATACOM SYSTEMS INC

VS-2024-F

show protocol-vlan - Displays the entries in protocol-VLAN database

show vlan protocols-group - Displays the protocol group database

9.49 switchport priority default


This command sets the default user priority for the port. The no form of the command sets the default user
priority for the port to the default value.

switchport priority default <priority value(0-7)>

no switchport priority default

Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

Example

iss(config-if)# switchport priority default 5

Related Command

show vlan port config - Displays the VLAN related parameters specific for ports

280

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

9.50 switchport mode


This command configures the VLAN port mode. The no form of the command configures the default VLAN
port mode.

switchport mode { access | trunk | hybrid | {dynamic {auto | desirable}}


}

no switchport mode

Syntax
Description

access

Access port Mode

trunk

Trunk port Mode

hybrid

Hybrid VLAN port Mode

dynamic

Dynamic Mode. This can be:

auto Interface converts the link to a trunk link.

desirable Interface actively attempts to convert


the link to a trunk link.

Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

281

DATACOM SYSTEMS INC

VS-2024-F
Defaults

Hybrid Mode

Example

iss(config-if)# switchport mode access

It is not possible to set the switchport mode status to Trunk/Hybrid if the tunnel is
enabled.

It is not possible to configure the switchport mode status to trunk if the port is an
untagged member of a VLAN.

It is not possible to configure the switchport mode status to access if the ports
acceptable frame type is All/Tagged.

Related Commands

switchport mode dot1q-tunnel - Enables dot1q-tunneling on the specified interface

show vlan port config - Displays the VLAN related parameters specific for ports

9.51 switchport mode dot1q-tunnel


This command enables dot1q-tunneling on the specified interface. The no form of the command disables
dot1q-tunneling on the specified interface.

switchport mode dot1q-tunnel

no switchport mode dot1q-tunnel

Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

Disabled

Example

iss(config-if)# switchport mode dot1q-tunnel

282

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

Bridge Mode must be set to 'provider' for the dot1q-tunneling status to be enabled

It is not possible to set the dot1q-tunnel status on the port if the port mode is not
'access' type

PNAC port control must be force-authorized

If dot1q tunneling is enabled on the specified interface, then GMRP is disabled


internally

Related Commands

bridge-mode- Metro - Configures the bridge mode of the Switch

switchport mode - Configures the VLAN port mode

show dot1q-tunnel - Displays the entries in the dot1q-tunnel table

show vlan device info - Displays the VLAN related global status variables

show vlan port config - Displays the VLAN port information

9.52 set garp timer


This command configures the GARP join time, leave time, and leaveall time in milli-seconds.

set garp timer {join | leave | leaveall} <time in milli seconds>

Syntax
Description

join

Join Time

leave

Leave Time

leaveall

Leaveall Time

Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

283

DATACOM SYSTEMS INC

VS-2024-F
Defaults

Example

join

20

leave

60

leaveall

1000

iss(config-if)# set garp timer join 500

Leave Timer must be greater than 2 times Join Timer and Leaveall Timer must
be greater than Leave Timer

Timer values cannot be set to zero

The GARP timer configuration will be applied to the GARP applications (GMRP
and GVRP) on the specified interface.

Related Command

show garp timer - Displays the GARP timer information of the available interfaces

9.53 vlan restricted


This command enables/disables restricted VLAN registration on the port.

vlan restricted {enable | disable}

Syntax
Description

enable

Enables restricted VLAN registration

disable

Disables restricted VLAN registration

Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

284

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN
Defaults

disable

Example

iss(config-if)# vlan restricted enable

If restricted VLAN registration rules are enabled, then a VLAN is learnt dynamically
from the GVRP frame only if the specific VLAN is statically configured in the switch. If
restricted VLAN registration rules are disabled, then GVRP packets are processed
normally and the VLANs are learnt dynamically even if they are not statically configured
in the switch.

Related Command

show vlan port config - Displays the VLAN related parameters specific for ports

9.54 group restricted


This command enables or disables restricted group registration on a port.

group restricted {enable | disable }

Syntax
Description

enable

Enables restricted group registration

disable

Disables restricted group registration

Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

285

DATACOM SYSTEMS INC

VS-2024-F
Defaults

disable

Example

iss(config-if)# group restricted enable

If restricted group registration rules are enabled, then a multicast group


attribute/service requirement attribute is learnt dynamically from the GMRP frame
only if the specific multicast group attribute/service requirement attribute is statically
configured in the switch. If restricted group registration rules are disabled, then
GMRP packets are processed normally and the multicast group attribute/service
requirement attribute are learnt dynamically even if they are not statically configured
in the switch.

Related Command

show vlan port config - Displays the VLAN related parameters specific for ports

9.55 vlan max-traffic-class


This command configures the maximum number of traffic classes supported on a port. The no form of the
command assigns the default maximum traffic class value to a port.

vlan max-traffic-class <MAX Traffic class(1-8)>

no vlan max-traffic-class

Syntax
Description

286

MAX Traffic
class

The number of traffic classes supported on the port

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN
Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

Example

iss(config-if)# vlan max-traffic-class 7

Related Command

show vlan traffic-classes - Displays the traffic classes information of all the available interfaces

9.56 vlan map-priority


This command maps a priority to a traffic class on the specified port. The frame received on the interface
with the configured priority will be processed in the configured traffic class.
The no form of the command maps the default priority to traffic class value on the port.

vlan map-priority
value(0-7)>

<priority

value(0-7)>

traffic-class

<Traffic

class

no vlan map-priority <priority value (0-7)>

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

287

DATACOM SYSTEMS INC

VS-2024-F

Syntax
Description

trafficclass

Traffic class value

Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config-if)# vlan map-priority 2 traffic-class 2

The default traffic class value depends upon the configured priority value

Following is the list of default traffic class values for different priority values
Priority
0
1
2
3
4
5
6
7

Default traffic class


2
0
1
3
4
5
6
7

Related Command

show vlan traffic-classes - Displays the traffic classes information of all the available interfaces

9.57 shutdown garp


This command shuts down the GARP Module. The no form of the command starts and enables the GARP
Module.

shutdown garp

no shutdown garp

288

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

GARP Module is Started and enabled by default

Example

iss(config)# shutdown garp

GARP cannot be started, if VLAN is shutdown and MRP is not shutdown

GARP cannot be shutdown, if GVRP and/or GMRP are enabled

Related Command

set gvrp disable - Globally disables GVRP

set gmrp disable - Globally disables GMRP

Error! Reference source not found. - Shuts down MRP module in the switch

shutdown vlan Shuts down VLAN switching

9.58 shutdown vlan


This command shuts down VLAN switching. The no form of the command starts and enables VLAN
switching.

shutdown vlan

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

289

DATACOM SYSTEMS INC

VS-2024-F

no shutdown vlan

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

VLAN Module is Started and enabled by default

Example

iss(config)# shutdown vlan

VLAN module cannot be shutdown when the GARP Module is started

shutdown command releases the resources acquired by the VLAN Module,


disabling VLAN on all the ports in the device

start acquires the resources required by the VLAN Module to function in the
device

Related Commands

set vlan - Enables/disables VLAN in the switch

shutdown garp Shuts down the GARP Module

show vlan - Displays the VLAN information in the database

9.59 debug vlan


This command sets the debug level. The no form of the command sets the debug level to default value.

debug vlan { global | [{fwd | priority | | redundancy} [initshut] [mgmt]


[data]
[ctpl]
[dump]
[os]
[failall]
[buffer]
[all]]
switch
<context_name> }
290

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

no debug vlan { global | [{fwd | priority | | redundancy} [initshut]


[mgmt] [data] [ctpl] [dump] [os] [failall] [buffer] [all]] switch
<context_name> }

Syntax
Description

global

Global related debug messages

fwd

Forwarding Module

priority

VLAN Priority Module

redundancy

Mode

Redundancy related debug messages

initshut

Init and Shutdown

mgmt

Management

data

Data path

ctpl

Control Plane

dump

Packet dump

os

Traces related to all Resources except Buffer

failall

All Failures

buffer

Buffer

all

All Traces

switch

Context/Switch Name. If the switch supports


multiple instances, the name of the instance can
be specified. Otherwise this parameter need not
be given or the context name can be given as
default.

Privileged Exec Mode

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

291

DATACOM SYSTEMS INC

VS-2024-F
Package

Workgroup, Enterprise and Metro

Defaults

Disabled

Example

iss # debug vlan fwd all

Related Command

Error! Reference source not found. - Displays state of each debugging option

9.60 debug garp


This command sets debug level. The no form of the command sets the debug level to default value.

292

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

debug garp { global | [{protocol | gmrp | gvrp | redundancy} [initshut]


[mgmt] [data] [ctpl] [dump] [os] [failall] [buffer] [all]] [switch
<context_name>] }

no debug garp { global | [{protocol | gmrp | garp | redundancy}


[initshut] [mgmt] [data] [ctpl] [dump] [os] [failall] [buffer] [all]]
[switch <context_name>] }

Syntax
Description

global

Global related debug messages

protocol

Protocol related traces

gmrp

GMRP related traces

gvrp

GVRP related traces

redundancy

Redundancy related debug messages

initshut

Init and Shutdown

mgmt

Management

data

Data path

ctpl

Control Plane

dump

Packet dump

os

Traces related to all Resources except Buffer

failall

All Failures

buffer

Buffer

all

All Traces

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

293

DATACOM SYSTEMS INC

VS-2024-F

switch

Context/Switch Name. If the switch supports


multiple instances, the name of the instance can
be specified. Otherwise this parameter need not be
given or the context name can be given as default

Mode

Privileged Exec Mode

Package

Workgroup, Enterprise and Metro

Defaults

Disabled

Example

iss # debug garp fwd all

Related Command

Error! Reference source not found. - Displays state of each debugging option

294

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

9.61 show vlan


This command displays the VLAN information in the database.

show vlan [brief | id <vlan-range> | summary] [ switch <context_name>]

Syntax
Description

brief

Information about all the VLANs in brief

id

Information specific to the VLAN Id

summary

Summary of the VLAN

switch

Context/Switch Name. This parameter is specific to


Multiple Instance.

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

Single Instance:
iss# show vlan brief
Vlan database
------------Vlan ID

: 1

Member Ports

: Gi0/1, Gi0/2, Gi0/3, Gi0/4, Gi0/5, Gi0/6


Gi0/7, Gi0/8, Gi0/9, Gi0/10, Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16, Gi0/17, Gi0/18
Gi0/19, Gi0/20, Gi0/21, Gi0/22, Gi0/23, Gi0/24

Untagged Ports

: Gi0/1, Gi0/2, Gi0/3, Gi0/4, Gi0/5, Gi0/6


Gi0/7, Gi0/8, Gi0/9, Gi0/10, Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16, Gi0/17, Gi0/18
Gi0/19, Gi0/20, Gi0/21, Gi0/22, Gi0/23, Gi0/24

Forbidden Ports

: None

Name

Status

: Permanent

---------------------------------------------------iss# show vlan summary


Number of vlans : 1
Multiple Instance:
CLI USER MANUAL
DATACOM SYSTEMS CONFIDENTIAL

295

DATACOM SYSTEMS INC

VS-2024-F

iss# show vlan


Switch - default

Vlan database
------------Vlan ID

: 1

Member Ports

: Gi0/49

Untagged Ports

: Gi0/49

Forbidden Ports

: None

Name

Status

: Permanent

----------------------------------------------------

Switch - cust1

Vlan database
------------Vlan ID

: 1

Member Ports

: Gi0/1, Gi0/2, Gi0/3, Gi0/4, Gi0/5, Gi0/6

Untagged Ports

: Gi0/1, Gi0/2, Gi0/3, Gi0/4, Gi0/5, Gi0/6

Forbidden Ports

: None

Name

Status

: Permanent

---------------------------------------------------Vlan ID

: 20

Member Ports

: Gi0/1

Untagged Ports

: Gi0/1

Forbidden Ports

: None

Name

Status

: Permanent

----------------------------------------------------

296

Vlan ID

: 30

Member Ports

: Gi0/2

Untagged Ports

: None

Forbidden Ports

: None

Name

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

Status

: Dynamic Gvrp

----------------------------------------------------

If the optional parameter is not specified then this command displays the VLAN
information of all the available interfaces.

Related Commands

shutdown vlan Shuts down VLAN switching. The no form of the command starts and enables
VLAN switching

set vlan - Enables/disables VLAN in the switch

vlan - Configures a VLAN in the switch and is also used to enter in to the config-VLAN mode

ports - Configures a static VLAN entry with the required member ports, untagged ports and
forbidden ports

9.62 show vlan device info


This command displays the VLAN related global status variables.

show vlan device info [ switch <context_name>]

Syntax
Description

switch

Context/Switch Name. This parameter is


specific to Multiple Instance.

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

Single Instance:
iss# show vlan device info
Vlan device configurations
--------------------------

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

297

DATACOM SYSTEMS INC

VS-2024-F

Vlan Status

: Enabled

Vlan Oper status

: Enabled

Gvrp status

: Enabled

Gmrp status

: Disabled

Gvrp Oper status

: Enabled

Gmrp Oper status

: Disabled

Mac-Vlan Status

: Disabled

Subnet-Vlan Status

: Enabled

Protocol-Vlan Status

: Enabled

Bridge Mode

: Customer Bridge

Base-Bridge Mode

: Vlan Aware Bridge

Traffic Classes

: Enabled

Vlan Operational Learning Mode

: IVL

Version number

: 1

Max Vlan id

: 4094

Max supported vlans

: 1024

Unicast mac learning limit

: 150

Multiple Instance:
iss# show vlan device info

Switch default

Vlan device configurations


--------------------------

298

Vlan Status

: Enabled

Vlan Oper status

: Enabled

Gvrp status

: Enabled

Gmrp status

: Enabled

Gvrp Oper status

: Enabled

Gmrp Oper status

: Enabled

Mac-Vlan Status

: Disabled

Protocol-Vlan Status

: Enabled

Bridge Mode

: Customer Bridge

Traffic Classes

: Enabled

Vlan Operational Learning Mode

: IVL

Version number

: 1

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

Max Vlan id

: 4094

Max supported vlans

: 1024

Unicast mac learning limit

: 150

Related Commands

shutdown vlan Shuts down VLAN switching. The no form of the command starts and enables
VLAN switching

set vlan - Enables/disables VLAN in the switch

vlan - Configures a VLAN in the switch and is also used to enter in to the config-VLAN mode

- Enables MAC-based VLAN for all the available interfaces of the VLAN

ports - Configures a static VLAN entry with the required member ports, untagged ports and
forbidden ports

set gvrp - Enables or disables GVRP on a global basis

set port gvrp - Enables or disables GVRP on the interface

set gmrp - Enables or disables GMRP on a global basis

set port gmrp - Enables or disables GMRP on the interface

set vlan traffic-classes - Enables or disables traffic classes

vlan max-traffic-class - Assigns traffic class value to a port

port protocol-vlan - Enables port protocol based VLANs

vlan learning mode - Configures the VLAN learning mode

show vlan traffic-classes - Displays the traffic classes information of all the available
interfaces.

show protocol-vlan - Displays the entries in the protocol-VLAN database.

unicast-mac learning limit - Sets unicast MAC learning limit for the switch

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

299

DATACOM SYSTEMS INC

VS-2024-F

9.63 show vlan device capabilities


This command displays VLAN capabilities of the device.

show vlan device capabilities [ switch <context_name>]

Syntax
Description

switch

Context/Switch Name. This


specific to Multiple Instance.

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

Single Instance:
iss# show vlan device capabilities

parameter

is

Vlan device capabilities


--------------------------

Extended filtering services


Traffic classes
Static Entry Individual port
IVL capable
SVL capable
Hybrid capable
Configurable Pvid Tagging

Multiple Instance:
iss# show vlan device capabilities
Switch - default
Vlan device capabilities
--------------------------

Extended filtering services


Traffic classes
Static Entry Individual port
IVL capable
SVL capable
Hybrid capable
Configurable Pvid Tagging

300

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

Switch - cust1
Vlan device capabilities
--------------------------

Extended filtering services


Traffic classes
Static Entry Individual port
IVL capable
SVL capable
Hybrid capable
Configurable Pvid Tagging

9.64 show fid - detail


This command displays forwarding database identifier used by VLANs in the switch.

show fid [<integer(1-4094)> | detail] [ switch <context_name>]

Syntax
Description

switch

Context/Switch Name. This parameter is specific to


Multiple Instance.

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

Single Instance:
iss# show fid 2
Default Learning Type

: IVL

Fid Vlan mapping information


---------------------------Fid

: 2

Vlan's

: 2,

---------------------------iss# show fid detail


Default Learning Type

: IVL

Fid Vlan mapping information

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

301

DATACOM SYSTEMS INC

VS-2024-F

---------------------------Fid

: 1

Vlan's

: 1,

---------------------------Fid

: 2

Vlan's

: 2,

---------------------------Fid

: 3

Vlan's

: 3,

---------------------------Fid

: 4

Vlan's

: 4,

---------------------------Fid

: 5

Vlan's

: 5,

---------------------------Fid

: 6

Vlan's

: 6,

Multiple Instance:
iss# show fid 2
Switch - default
Default Learning Type

: IVL

Fid Vlan mapping information


---------------------------Fid

: 2

Vlan's

: 2,

---------------------------Switch - cust1
Default Learning Type

: IVL

Fid Vlan mapping information


---------------------------Fid

: 2

Vlan's

: 2,

---------------------------302

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

Related Commands

fid - vlan range - Configures a VLAN or a list of VLANs to use a Filtering database identified by
a filtering database identifier

vlan default hybrid type - Configures the default learning type for VLANs

9.65 show forward-all


This command displays the GMRP forward-all table entries.

show forward-all [ switch <context_name>]

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

303

DATACOM SYSTEMS INC

VS-2024-F
Syntax
Description

switch

Context/Switch Name. This parameter is specific to


Multiple Instance.

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

Single Instance:
iss# show forward-all
Vlan Forward All Table
------------------------

Vlan ID : 1
ForwardAll Ports

: Gi0/2

ForwardAll Static Ports

: Gi0/2

ForwardAll ForbiddenPorts : Gi0/1


---------------------------------------------------------Vlan ID : 2
ForwardAll Ports

: Gi0/1

ForwardAll Static Ports

: Gi0/1

ForwardAll ForbiddenPorts : Gi0/2


---------------------------------------------------------Multiple Instance:
iss# show forward-all
Switch default
Vlan Forward All Table
------------------------

Vlan ID : 1
ForwardAll Ports

: Gi0/2

ForwardAll Static Ports

: Gi0/2

ForwardAll ForbiddenPorts : Gi0/1


---------------------------------------------------------Vlan ID : 2

304

ForwardAll Ports

: Gi0/1

ForwardAll Static Ports

: Gi0/1

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

ForwardAll ForbiddenPorts : Gi0/2


----------------------------------------------------------

Related Commands

vlan - Configures a VLAN in the switch and is used to enter into the VLAN mode

ports - Configures a static VLAN entry with the required member ports, untagged ports and
forbidden ports

forward-all - Configures the forward-all information for a VLAN

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

305

DATACOM SYSTEMS INC

VS-2024-F

9.66 show forward-unregistered


This command displays the GMRP forward-unregistered table.

show forward-unregistered [ switch <context_name>]

Syntax
Description

switch

Context/Switch Name. This parameter is specific to


Multiple Instance.

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

Single Instance:
iss# show forward-unregistered
Vlan Forward Unregistered Table
---------------------------------

Vlan ID : 1
Unreg ports

: Gi0/1

Unreg Static Ports

: Gi0/1

Unreg Forbidden Ports : Gi0/2


-----------------------------------------------------Vlan ID : 2
Unreg ports

: Gi0/2

Unreg Static Ports

: Gi0/2

Unreg Forbidden Ports : Gi0/1


-----------------------------------------------------Multiple Instance:
iss# show forward-unregistered
Switch - default

306

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

Vlan Forward Unregistered Table


---------------------------------

Vlan ID : 1
Unreg ports

: Gi0/49

Unreg Static Ports

: Gi0/49

Unreg Forbidden Ports : None


------------------------------------------------------

Switch - cust1

Vlan Forward Unregistered Table


---------------------------------

Vlan ID : 1
Unreg ports
Gi0/6

: Gi0/1, Gi0/2, Gi0/3, Gi0/4, Gi0/5,

Unreg Static Ports


Gi0/6

: Gi0/1, Gi0/2, Gi0/3, Gi0/4, Gi0/5,

Unreg Forbidden Ports : None


-----------------------------------------------------Vlan ID : 20
Unreg ports

: Gi0/1

Unreg Static Ports

: Gi0/1

Unreg Forbidden Ports : None


-----------------------------------------------------Vlan ID : 30
Unreg ports

: Gi0/2

Unreg Static Ports

: Gi0/2

Unreg Forbidden Ports : None


------------------------------------------------------

Related Commands

vlan - Configures a VLAN in the switch and is used to enter into the VLAN mode

ports - Configures a static VLAN entry with the required member ports, untagged ports and
forbidden ports

forward-unregistered - Configures the forward unregistered information for a VLAN

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

307

DATACOM SYSTEMS INC

VS-2024-F

9.67 show vlan traffic-classes


This command displays the traffic classes information of all the available interfaces.

show vlan traffic-classes


switch <context_name>}]

Syntax
Description

[{port

<interface-type>

<interface-id>

port

Interface Type and ID of the port

switch

Context/Switch Name. This parameter is specific


to Multiple Instance.

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

Single Instance:
308

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

iss# show vlan traffic-classes


Traffic Class table
--------------------Port

Priority

Traffic Class

-----

---------

-------------

Gi0/1

Gi0/1

Gi0/1

Gi0/1

Gi0/1

Gi0/1

Gi0/1

Gi0/1

Gi0/2

Gi0/2

Gi0/2

Gi0/2

Gi0/2

Gi0/2

Gi0/2

Gi0/2

Multiple Instance:
iss# show vlan traffic-classes
Switch - default

Traffic Class table


--------------------Port

Priority

Traffic Class

-----

---------

-------------

Gi0/49

Gi0/49

Gi0/49

Gi0/49

Gi0/49

Gi0/49

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

309

DATACOM SYSTEMS INC

VS-2024-F

Gi0/49

Gi0/49

Switch - cust1

Traffic Class table


---------------------

Port

Priority

Traffic Class

-----

---------

-------------

Gi0/1

Gi0/1

Gi0/1

Gi0/1

Gi0/1

Gi0/1

Gi0/1

Gi0/1

Gi0/2

Gi0/2

Gi0/2

Gi0/2

Gi0/2

Gi0/2

Gi0/2

Gi0/2

If executed without the ports option, this command displays the priority mapped
to all the available traffic classes on the port.

Related Commands

vlan - Configures a VLAN in the switch and is used to enter into the VLAN mode

ports - Configures a static VLAN entry with the required member ports, untagged ports and
forbidden ports

set vlan traffic-classes - Enables / disables traffic classes

vlan max-traffic-class - Assigns traffic class value to a port

310

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

9.68 show garp timer


This command displays the GARP timer information of the available interfaces.

show garp timer


<context_name>}]

Syntax
Description

[{

port

<interface-type>

<interface-id>

port

Interface type and ID of the port

switch

Context/Switch Name. This


specific to Multiple Instance.

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

Single Instance:
iss# show garp timer port gigabitethernet 0/1

parameter

switch

is

Garp Port Timer Info (in milli seconds)


---------------------------------------

Port

Join-time

Leave-time

Leave-all-time

-----

---------

----------

--------------

Gi0/1

200

600

10000

Multiple Instance:
iss# show garp timer
Switch - default

Garp Port Timer Info (in milli seconds)


---------------------------------------

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

311

DATACOM SYSTEMS INC

VS-2024-F

Port

Join-time

Leave-time

Leave-all-time

-----

---------

----------

--------------

Gi0/49

200

600

10000

Switch - cust1

Garp Port Timer Info (in milli seconds)


---------------------------------------

Port

Join-time

Leave-time

Leave-all-time

-----

---------

----------

--------------

Gi0/1

200

600

10000

Gi0/2

200

600

10000

Gi0/3

200

600

10000

Gi0/4

200

600

10000

Gi0/5

200

600

10000

Gi0/6

200

600

10000

The timer information is the same for GVRP and GMRP.

Related Commands

ports - Configures a static VLAN entry with the required member ports, untagged ports and
forbidden ports

show vlan device info - Displays the VLAN related global status variables

set garp timer - Configures the GARP join time, leave time, and leaveall time in milli-seconds

312

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

9.69 show vlan port config


This command displays the VLAN related parameters specific for ports.

show vlan port config [{port <interface-type> <interface-id> | switch


<context_name>}]

Syntax
Description

port

Interface type and ID of the port

switch

Context/Switch Name. This parameter is specific to


Multiple Instance.

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

Single Instance:
iss# show vlan port config
Vlan Port configuration table
-------------------------------

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

313

DATACOM SYSTEMS INC

VS-2024-F

Port Gi0/1
Port Vlan ID

: 1

Port Acceptable Frame Type

: Admit All

Port Ingress Filtering

: Disabled

Port Mode

: Hybrid

Port Gvrp Status

: Enabled

Port Gmrp Status

: Enabled

Port Gvrp Failed Registrations

: 0

Gvrp last pdu origin

: 00:00:00:00:00:00

Port Restricted Vlan Registration

: Disabled

Port Restricted Group Registration

: Disabled

Mac Based Support

: Disabled

Subnet Based Support

: Disabled

Port-and-Protocol Based Support

: Enabled

Default Priority

: 0

Filtering Utility Criteria

: Default

Port Protected Status

: Disabled

------------------------------------------------------Port Gi0/2
Port Vlan ID

: 1

Port Acceptable Frame Type

: Admit All

Port Ingress Filtering

: Disabled

Port Mode

: Hybrid

Port Gvrp Status

: Enabled

Port Gmrp Status

: Enabled

Port Gvrp Failed Registrations

: 0

Gvrp last pdu origin

: 00:00:00:00:00:00

Port Restricted Vlan Registration

: Disabled

Port Restricted Group Registration

: Disabled

Mac Based Support

: Disabled

Subnet Based Support

: Disabled

Port-and-Protocol Based Support

: Enabled

Default Priority

: 0

Filtering Utility Criteria

: Default

Port Protected Status

: Disabled

------------------------------------------------------Multiple Instance:
iss# show vlan port config
314

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

Switch - default

Vlan Port configuration table


------------------------------Port Gi0/49
Port Vlan ID

: 1

Port Acceptable Frame Type

: Admit All

Port Ingress Filtering

: Disabled

Port Mode

: Hybrid

Port Gvrp Status

: Enabled

Port Gmrp Status

: Enabled

Port Gvrp Failed Registrations

: 0

Gvrp last pdu origin

: 00:00:00:00:00:00

Port Restricted Vlan Registration

: Disabled

Port Restricted Group Registration

: Disabled

Mac Based Support

: Disabled

Port-and-Protocol Based Support

: Enabled

Default Priority

: 0

Dot1x Protocol Tunnel Status

: Peer

LACP Protocol Tunnel Status

: Peer

Spanning Tree Tunnel Status

: Peer

GVRP Protocol Tunnel Status

: Peer

GMRP Protocol Tunnel Status

: Peer

IGMP Protocol Tunnel Status

: Peer

Filtering Utility Criteria

: Enhanced

-------------------------------------------------------

Switch - cust1

Vlan Port configuration table


------------------------------Port Gi0/1
Port Vlan ID

: 20

Port Acceptable Frame Type

: Admit All

Port Ingress Filtering

: Disabled

Port Mode

: Hybrid

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

315

DATACOM SYSTEMS INC

VS-2024-F

Port Gvrp Status

: Enabled

Port Gmrp Status

: Enabled

Port Gvrp Failed Registrations

: 0

Gvrp last pdu origin

: 00:00:00:00:00:00

Port Restricted Vlan Registration

: Disabled

Port Restricted Group Registration

: Disabled

Mac Based Support

: Disabled

Port-and-Protocol Based Support

: Enabled

Default Priority

: 0

------------------------------------------------------Port Gi0/2
Port Vlan ID

: 1

Port Acceptable Frame Type

: Admit All

Port Ingress Filtering

: Disabled

Port Mode

: Hybrid

Port Gvrp Status

: Enabled

Port Gmrp Status

: Enabled

Port Gvrp Failed Registrations

: 0

Gvrp last pdu origin

: 00:01:02:03:04:0e

Port Restricted Vlan Registration

: Disabled

Port Restricted Group Registration

: Disabled

Mac Based Support

: Disabled

Port-and-Protocol Based Support

: Enabled

Default Priority

: 0

-------------------------------------------------------

If executed with out the optional parameter this command displays the port
information of all the available ports.

Related Commands

set port gvrp / set port gvrp - enable | disable - Enables or disables GVRP on the
interface

set port gmrp - Enables or disables GMRP on the interface

switchport pvid / switchport access vlan - Configures the PVID (VLAN ID) that would be
assigned to untagged/priority-tagged frames/VLAN tagged frames

switchport acceptable-frame-type - Configures the acceptable frame type for the port

switchport ingress-filter - Enables ingress filtering on the port

316

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

port mac-vlan - Enables MAC-based VLAN on the port

port protocol-vlan - Enables port protocol based VLANs

vlan restricted - Enables/disables restricted VLAN registration on the port

9.70 show vlan protocols-group


This command displays the protocol group database.

show vlan protocols-group [ switch <context_name>]

Syntax
Description

switch

Context/Switch Name. This


specific to Multiple Instance.

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

Single Instance:
iss# show vlan protocols-group

parameter

is

Protocol Group Table


------------------------------------------------------------Frame Type

Protocol

Group

-----------------------------------------Enet-v2
CLI USER MANUAL
DATACOM SYSTEMS CONFIDENTIAL

IP

1
317

DATACOM SYSTEMS INC

VS-2024-F

Snap

Novell

-----------------------------------------Multiple Instance:
iss# show vlan protocols-group
Switch - default
Protocol Group Table
------------------------------------------------------------Frame Type

Protocol

Group

-----------------------------------------Enet-v2

IP

Snap

Novell

-----------------------------------------Related Commands

map protocol - Configures the group ID for a specific encapsulation and protocol value
combination

show protocol-vlan - Displays the entries in the protocol-VLAN database

switchport map protocols-group - Maps the protocol group configured to a particular VLAN
identifier for the specified interface

9.71 show protocol-vlan


This command displays the entries in protocol-VLAN database.

show protocol-vlan [ switch <context_name>]

Syntax
Description

switch

Context/Switch Name. This parameter is specific to


Multiple Instance.

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

Single Instance:
iss# show protocol-vlan

318

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

Port Protocol Table


-------------------------------------Port

Group

Vlan ID

-------------------------------------Gi0/2

Gi0/1

--------------------------------------

Multiple Instance:
iss# show protocol-vlan
Switch - default
Port Protocol Table
-------------------------------------Port

Group

Vlan ID

-------------------------------------Gi0/2

Gi0/1

--------------------------------------

Related Command

switchport map protocols-group - Maps the protocol group configured to a particular VLAN
identifier for the specified interface

9.72 show mac-vlan


This command displays the entries in the MAC-VLAN database.

show mac-vlan [{interface


<context_name>]

Syntax

interface

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

<interface-type>

<interface-id>]

switch

Interface Type and Identifier

319

DATACOM SYSTEMS INC

VS-2024-F
Description

switch

Context/Switch Name. This parameter is specific to


Multiple Instance.

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

Single Instance:
iss# show mac-vlan interface gigabitethernet 0/1
Mac Map Table For Port 1--Mac Vlan Disabled
--------------------------

Mac Address

Vlan ID

MCast/Bcast

-----------

-------

-----------

00:11:11:11:11:11

discard

00:22:22:22:22:22

allow

Multiple Instance:
iss# show mac-vlan switch cust1
Switch - cust1

Mac Map Table


-------------Mac Address

Vlan ID

-----------

-------

00:11:22:33:44:55

Related Commands

mac-vlan - Enables MAC-based VLAN for all the available interfaces of the VLAN

mac-map - Configures the VLAN-MAC address mapping

show vlan device info - Displays the VLAN global status variables

9.73 show subnet vlan mapping


320

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

This command displays the entries in Subnet-VLAN database.


show subnet-vlan mapping [{interface <interface-type> <interface-id> |
switch <string(32)>}]

Syntax
Description

interface

Interface Type and Identifier

switch

Context/Switch Name. This parameter is specific to


Multiple Instance.

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show subnet -vlan mapping interface gigabitethernet 0/1


Subnet Map Table For Port 1--Subnet Vlan Enabled
------------------------------------------------Subnet Address

Vlan ID

ARP Traffic

------------------------------------------------14.0.0.0

allow

192.168.1.0

discard

Related Commands

map subnet: Configures a VLAN subnet mapping entry

show vlan device info - Displays the VLAN global status variables

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

321

DATACOM SYSTEMS INC

VS-2024-F

9.74 show vlan counters


This command displays the VLAN counters database.

show vlan counters [vlan <vlan-range>] [ switch <context_name>]

Syntax
Description

vlan

VLAN range.

switch

Context/Switch Name. This parameter is specific to


Multiple Instance.

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

Single Instance:
iss# show vlan counters
Port Vlan statistics
-------------------------Port Gi0/1
Vlan ID

: 1

In frames

: 342

Out frames : 345


Discards

: 0

Port Gi0/1
Vlan ID

: 2

In frames

: 446

Out frames : 248


Discards

: 0

Port Gi0/2
Vlan ID

: 2

In frames

: 115

Out frames : 517


Discards

: 7

Port Gi0/2

322

Vlan ID

: 2

In frames

: 0

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

Out frames : 0
Discards

: 0

Multiple Instance:
iss# show vlan counters
Switch - default

Port Vlan statistics


-------------------------Port Gi0/49
Vlan ID

: 1

In frames

: 75

Out frames : 0
Discards

: 0

--------------------------

Switch - cust1

Port Vlan statistics


-------------------------Port Gi0/1
Vlan ID

: 1

In frames

: 0

Out frames : 0
Discards

: 0

-------------------------Port Gi0/1
Vlan ID

: 20

In frames

: 0

Out frames : 0
Discards

: 0

-------------------------Port Gi0/2
Vlan ID

: 1

In frames

: 70

Out frames : 0
Discards

: 0

--------------------------

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

323

DATACOM SYSTEMS INC

VS-2024-F

Port Gi0/2
Vlan ID

: 30

In frames

: 0

Out frames : 0
Discards

: 2

--------------------------

Related Commands

vlan - Configures a VLAN in the switch and is also used to enter into the config-VLAN mode

ports - Configures a static VLAN entry with the required member ports, untagged ports and
forbidden ports

9.75 show vlan statistics


This command displays VLAN statistics such as the number of unicast frames forwarded broadcast
packets and unknown unicast packets flooded in that VLAN.

show vlan statistics [vlan <vlan-range>] [ switch <context_name>]

Syntax
Description

Mode

324

vlan

VLAN range.

switch

Context/Switch Name. This parameter is specific to


Multiple Instance.

Privileged EXEC Mode

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN
Package

Workgroup, Enterprise and Metro

Example

Single Instance
iss# show vlan statistics vlan 1
Unicast/broadcast Vlan statistics
------------------------------------Vlan Id

: 1

Unicast frames received

: 0

Mcast/Bcast frames received

: 0

Unknown Unicast frames flooded

: 0

Unicast frames transmitted

: 0

Broadcast frames transmitted

: 0

------------------------------------Multiple Instance
iss# show vlan statistics vlan 1 switch sw1
Switch sw1

Unicast/broadcast Vlan statistics


-------------------------------------Vlan Id

: 1

Unicast frames

: 16

Broadcast frames

: 10

Unicast frames flooded

: 25

--------------------------------------

If VLAN ID is not specified in the command, statistics of all the VLAN existing in the
system will be displayed.

Related Command

clear vlan statistics - Clears the VLAN counters

9.76 show mac-address-table


This command displays the static and dynamic unicast and multicast MAC address table.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

325

DATACOM SYSTEMS INC

VS-2024-F

show mac-address-table [vlan <vlan-range>] [address <aa:aa:aa:aa:aa:aa>]


[interface <interface-type> <interface-id> ]

Syntax
Description

vlan

VLAN range

address

MAC address

interface

Interface type and ID

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show mac-address-table vlan 2


Vlan

Mac Address

Type

ConnectionId

Ports

----

-----------

----

-----------

-----

00:01:02:03:04:21

Learnt

Gi0/1

Total Mac Addresses displayed: 1

iss# show mac-address-table interface gigabitethernet 0/1


Vlan

Mac Address

Type

ConnectionId

Ports

----

-----------

----

-----------

-----

00:01:02:03:04:21

Learnt

Gi0/1

01:02:03:04:05:06

Static

Gi0/1

Total Mac Addresses displayed: 2

If executed without the optional parameters this command displays all the static and
dynamic MAC entries

Related Commands

vlan - Configures a VLAN in the switch and is also used to enter in to the config-VLAN mode

ports - Configures a static VLAN entry with the required member ports, untagged ports and
forbidden ports

mac-address-table static unicast - Configures a static unicast MAC address in the


forwarding database

mac-address-table static multicast - Configures a static multicast MAC address in the


forwarding database

326

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

9.77 show dot1d mac-address-table


This command displays the static/dynamic unicast and dynamic multicast FDB table entries, when the
base bridge mode is transparent bridging.

show dot1d mac-address-table [address <aa:aa:aa:aa:aa:aa>] [{interface


<interface-type> <interface-id> | switch <context_name>}]

Syntax
Description

address

MAC address

interfacetype,
interface-id

Interface type and ID

switch

Context/Switch Name

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show dot1d mac-address-table address 00:01:02:03:04:21


Mac Address

Type

Ports

-----------

----

-----

00:01:02:03:04:21

Learnt

Gi0/2

Total Mac Addresses displayed: 1

iss# show dot1d mac-address-table interface gigabitethernet


0/2
Mac Address
-----------

Type
----

Ports
-----

00:01:02:03:04:21

Learnt

Gi0/2

01:02:03:04:05:06

Static

Gi0/2

Total Mac Addresses displayed: 2

If executed without the optional parameters this command displays all the
static/dynamic unicast and dynamic multicast entries

Related Commands

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

327

DATACOM SYSTEMS INC

VS-2024-F

mac-address-table static unicast Transparent Bridging Mode - Configures a


static unicast MAC address in the forwarding database when base bridge mode is transparent
bridging.

mac-address-table static multicast Transparent Bridging mode- Configures a


static multicast MAC address in the forwarding database when base bridge mode is transparent
bridging

9.78 show dot1d mac-address-table static unicast


This command displays static unicast MAC address table when the base bridge mode is transparent
bridging.

show
dot1d
mac-address-table
static
unicast
[address
<aa:aa:aa:aa:aa:aa>] [interface <interface-type> <interface-id>]
Syntax
Description

address

MAC address

interfacetype,
interface-id

Interface type and ID

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show dot1d mac-address-table static unicast address


00:01:02:03:04:21
Mac Address

RecvPort

Status

Ports

-----------

--------

------

-----

00:11:22:33:44:55

Permanent

Gi0/2

Total Mac Addresses displayed: 1

iss# show dot1d mac-address-table static unicast address


00:11:22:33:44:55
Mac Address

RecvPort

Status

Ports

-----------

--------

------

-----

00:11:22:33:44:55

Permanent

Gi0/2

Total Mac Addresses displayed: 1

328

If executed without the optional parameters this command displays all the static
unicast MAC entries

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

Related commands
mac-address-table static unicast Transparent Bridging Mode - Configures a static
unicast MAC address in the forwarding database when base bridge mode is transparent bridging.

9.79 show dot1d mac-address-table static multicast


This command displays static multicast MAC address table when the base bridge mode is transparent
bridging.

show
dot1d
mac-address-table
static
multicast
[address
<aa:aa:aa:aa:aa:aa>] [interface <interface-type> <interface-id>]

Syntax
Description

address

MAC address

interfacetype,
interface-id

Interface type and ID

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show dot1d mac-address-table static multicast address


01:00:5E:01:02:03
Mac Address

RecvPort

Type

Ports

-----------

----

-----

-----

static

Gi0/2-3

01:00:5E:01:02:03

Total Mac Addresses displayed: 1

iss# show dot1d mac-address-table static multicast interface


gigabitethernet 0/2
Mac Address

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

RecvPort

Type

Ports

329

DATACOM SYSTEMS INC

VS-2024-F

-----------

------

----

-----

01:00:5E:01:02:03

static

Gi0/2

01:00:5E:01:02:04

static

Gi0/2

Total Mac Addresses displayed: 2

If executed without the optional parameters this command displays all the static
multicast MAC entries

Related commands
mac-address-table static multicast Transparent Bridging mode- Configures a static
multicast MAC address in the forwarding database when base bridge mode is transparent bridging

9.80 show mac-address-table count


This command displays the number of MAC addresses present on all the VLANs or on the specified
VLAN.

show
mac-address-table
<context_name>]

Syntax
Description

count

[vlan

<vlan-id(1-4094)>]

vlan

VLAN ID

switch

Context/Switch Name. This parameter is specific to


Multiple Instance.

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

Single Instance
iss# show mac-address-table count

switch

Mac Entries for Vlan 1:

330

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

-------------------------Dynamic Unicast Address Count

: 1

Dynamic Multicast Address Count

: 0

Static Unicast Address Count

: 1

Static Multicast Address Count

: 1

----------------------------------------

Mac Entries for Vlan 2:


-------------------------Dynamic Unicast Address Count

: 1

Dynamic Multicast Address Count

: 0

Static Unicast Address Count

: 1

Static Multicast Address Count

: 0

---------------------------------------Multiple Instance:
iss# show mac-address-table count switch cust1
Switch - cust1

Mac Entries for Vlan 1:


-------------------------Dynamic Unicast Address Count

: 1

Dynamic Multicast Address Count

: 0

Static Unicast Address Count

: 0

Static Multicast Address Count

: 0

----------------------------------------

Mac Entries for Vlan 20:


-------------------------Dynamic Unicast Address Count

: 0

Dynamic Multicast Address Count

: 0

Static Unicast Address Count

: 0

Static Multicast Address Count

: 0

----------------------------------------

Mac Entries for Vlan 30:


--------------------------

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

331

DATACOM SYSTEMS INC

VS-2024-F

Dynamic Unicast Address Count

: 0

Dynamic Multicast Address Count

: 0

Static Unicast Address Count

: 0

Static Multicast Address Count

: 0

----------------------------------------

If executed without the optional parameter this command displays the MAC
addresses present on all the VLANs.

Related Commands

vlan - Configures a VLAN in the switch and is also used to enter in to the config-VLAN mode

ports - Configures a static VLAN entry with the required member ports, untagged ports and
forbidden ports

mac-address-table static unicast - Configures a static unicast MAC address in the


forwarding database

mac-address-table static multicast - Configures a static multicast MAC address in the


forwarding database

9.81 show mac-address-table static unicast


332

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

This command displays the statically configured unicast addresses from the MAC address table.

show mac-address-table static unicast [vlan <vlan-range>] [address


<aa:aa:aa:aa:aa:aa>]
[{interface
<interface-type>
<interface-id>
|
switch <context_name>}]

Syntax
Description

vlan

VLAN Id

address

MAC address

interface

Interface type and ID

switch

Context/Switch Name. This parameter is specific to


Multiple Instance.

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

Single Instance:
iss# show mac-address-table static unicast
Vlan Mac Address
RecvPort Status

----

-----------

00:11:22:33:44:55

-------- -----Gi0/2

ConnectionId

-----

Del-OnTimeout

Ports

------Gi0/3

Multiple Instance:
iss# sh mac-address-table static unicast switch cust1
Switch - cust1

Vlan

Mac Address

SrvInst/ Status

Ports

----

-----------

-------- ------

-----

00:11:22:33:44:55

Gi0/2

Permanent

Gi0/3

Total Mac Addresses displayed: 1

If executed without the optional parameters this command displays the MAC address
table for all the available interfaces.

Related Commands

vlan - Configures a VLAN in the switch and is also used to enter in to the config-VLAN mode

ports - Configures a static VLAN entry with the required member ports, untagged ports and
forbidden ports

mac-address-table static unicast - Configures a static unicast MAC address in the


forwarding database

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

333

DATACOM SYSTEMS INC

VS-2024-F

show mac-address-table dynamic unicast - Displays the dynamic MAC address table for the
specified address or for all the addresses

9.82 show mac-address-table static multicast


This command displays the statically configured multicast entries.

show mac-address-table static multicast [vlan <vlan-range>] [address


<aa:aa:aa:aa:aa:aa>]
[{interface
<interface-type>
<interface-id>
|
switch <context_name>}]

Syntax
Description

vlan

VLAN Id

address

MAC address

interface

Interface type and ID

switch

Context/Switch Name. This parameter is specific to


Multiple Instance.

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

Single Instance:
iss# show mac-address-table static multicast
Static Multicast Table
---------------------Vlan

: 1

Mac Address

: 01:02:03:04:05:06

Receive Port

: Gi0/1

Member Ports

: Gi0/1

Forbidden Ports : Gi0/2


Status

: Permanent

------------------------------------------------

Total Mac Addresses displayed: 1

334

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

Multiple Instance:
iss# sh mac-address-table static multicast switch cust1
Switch - cust1
Static Multicast Table
---------------------Vlan

: 1

Mac Address

: 01:02:03:04:05:06

Receive Port

: Gi0/2

Member Ports

: Gi0/3

Status

: Permanent

------------------------------------------------

Total Mac Addresses displayed: 1

Related Commands

vlan - Configures a VLAN in the switch and is also used to enter in to the config-VLAN mode

ports - Configures a static VLAN entry with the required member ports, untagged ports and
forbidden ports

mac-address-table static multicast / mac address-table


Configures a static multicast MAC address in the forwarding database

show mac-address-table dynamic multicast - Displays the dynamic MAC address table for
the specified address or for all the addresses

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

static

mcast -

335

DATACOM SYSTEMS INC

VS-2024-F

9.83 show mac-address-table dynamic unicast


This command displays the dynamically learnt unicast entries from the MAC address table.

show mac-address-table dynamic unicast [vlan <vlan-range>] [address


<aa:aa:aa:aa:aa:aa>]
[{interface
<interface-type>
<interface-id>
|
switch <context_name>}]

Syntax
Description

vlan

VLAN Id

address

MAC address

interface

Interface type and ID

switch

Context/Switch Name. This parameter is specific to


Multiple Instance.

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

Single Instance:
iss# show mac-address-table dynamic unicast vlan 2

336

Vlan

Mac Address

Type

ConnectionId

Ports

----

-----------

----

------------

-----

00:01:02:03:04:21

Learnt

Gi0/1

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN

Total Mac Addresses displayed: 1


Multiple Instance:
iss# show mac-address-table dynamic unicast
Switch - default

Vlan

Mac Address

Type

Ports

----

-----------

----

-----

00:02:02:03:04:04

Learnt

Gi0/2

00:03:02:03:04:04

Learnt

Gi0/3

00:02:02:03:04:04

Learnt

Gi0/2

00:03:02:03:04:04

Learnt

Gi0/3

00:02:02:03:04:04

Learnt

Gi0/2

00:03:02:03:04:04

Learnt

Gi0/3

Total Mac Addresses displayed: 6

If executed without the optional parameters this command displays the MAC address
table of all the available interfaces

Related Commands

vlan - Configures a VLAN in the switch and is also used to enter in to the config-VLAN mode

ports - Configures a static VLAN entry with the required member ports, untagged ports and
forbidden ports

mac-address-table static unicast - Configures a static unicast MAC address in the


forwarding database

show mac-address-table static unicast - Displays the statically configured unicast address
from the MAC address table

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

337

DATACOM SYSTEMS INC

VS-2024-F

9.84 show mac-address-table dynamic multicast


This command displays the dynamically learnt multicast MAC address.

show mac-address-table dynamic multicast [vlan <vlan-range>] [address


<aa:aa:aa:aa:aa:aa>]
[{interface
<interface-type>
<interface-id>
|
switch <context_name>}]

Syntax
Description

Mode

338

vlan

VLAN Id

address

MAC address

interface

Interface type and ID

switch

Context/Switch Name. This parameter is specific


to Multiple Instance.

Privileged EXEC Mode

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN
Package

Workgroup, Enterprise and Metro

Example

Single Instance:
iss# show mac-address-table dynamic multicast
Vlan

Mac Address

Type

ConnectionId Ports

----

-----------

----

------------ -----

01:03:05:07:09:04

Learnt

Gi0/1

Total Mac Addresses displayed: 1

Multiple Instance:
iss# show mac-address-table dynamic multicast
Switch - default

Vlan

Mac Address

Type

Ports

----

-----------

----

-----

01:02:02:02:02:02

Learnt

Gi0/2, Gi0/3

01:02:02:02:02:02

Learnt

Gi0/2

01:03:03:03:03:03

Learnt

Gi0/3

Total Mac Addresses displayed: 3

If executed without the optional parameters this command displays the MAC
address table of all the available interfaces.

Related Commands

vlan - Configures a VLAN in the switch and is also used to enter into the config-VLAN mode

ports - Configures a static VLAN entry with the required member ports, untagged ports and
forbidden ports

mac-address-table static multicast - Configures a static multicast MAC address in the


forwarding database

show mac-address-table static multicast - Displays the statically configured multicast


entries

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

339

DATACOM SYSTEMS INC

VS-2024-F

9.85 show mac-address-table aging-time


This command displays the MAC address-table ageing time.

show mac-address-table aging-time [ switch <context_name>]

Syntax
Description

switch

Context/Switch Name. This parameter is specific to


Multiple Instance.

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

340

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 9: VLAN
Example

Single Instance:
iss# show mac-address-table aging-time
Mac Address Aging Time: 300

Multiple Instance:
iss# show mac-address-table aging-time
Context default: Mac Address Aging Time: 300

Related Commands

show mac-address-table - Displays the static and dynamic MAC entries

mac-address-table aging-time - Configures the MAC address table entry maximum age

9.86 show wildcard


This command displays wildcard Mac Address Table entries
show
wildcard
<context_name>]

Syntax
Description

{mac-address

mac-address
/ broadcast

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

<mac_addr>

broadcast}

[switch

Unicast/Multicast/BroadCast Mac Address of Wildcard


entry

341

DATACOM SYSTEMS INC

VS-2024-F

switch

Context/Switch Name. This parameter is specific to


Multiple Instance.

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show wildcard mac-address 01:02:03:04:05:06


Switch default

Wild Card Entries:


-----------------Mac Address
---------------01:02:03:04:05:06

342

Ports
, ------------------Gi0/1

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3

Chapter

11
10.SNMPv3
SNMP (Simple Network Management Protocol) is the most widely-used network management protocol on
TCP/IP-based networks. SNMPv3 is designed mainly to overcome the security shortcomings of
SNMPv1/v2. USM (User based Security Model) and VACM (View based Access Control Model) are the
main features added as part of the SNMPv3 specification. USM provides for both encryption and
authentication of the SNMP PDUs, while VACM specifies a mechanism for defining access policies for
different users with different MIB trees. Also, SNMPv3 specifies a generic management framework, which
is expandable for adding new Management Engines, Security Models, Access Control Models and so on.
With SNMPv3, the SNMP communication is completely safe and secure.
SNMPv3 is a multi-lingual Agent supporting all three versions of SNMP (SNMPv1, SNMPv2c and
SNMPv3) while conforming to the latest specifications. It is available as a portable source code product,
which can be easily integrated to any platform (any OS and any Processor). MIB integration is made
simple with the aid of a tool called Middle Level Code Generator (MIDGEN), which is available along
with DatacomSystems SNMP. MIDGEN generates the interface stubs required for every object in the
MIB for the SET, GET and GETNEXT operations.
These stubs can be implemented by the respective modules supporting the MIB. DatacomSystems
SNMP is provided as source code available for licensing to OEMs and VARs who wish to incorporate
the multi-lingual SNMP functionality into their products.
The list of CLI commands for the configuration of SNMPv3 is as follows:

enable snmpsubagent

disable snmpsubagent

show snmp agentx information

show snmp agentx statistics

enable snmpagent

disable snmpagent

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

343

DATACOM SYSTEMS INC

VS-2024-F

snmp community index

snmp group

snmp access

snmp engineid

snmp proxy name

snmp mibproxy name

snmp view

snmp targetaddr

snmp targetparams

snmp user

snmp notify

snmp filterprofile

snmp-server enable traps snmp authentication

snmp-server trap udp-port

snmp-server trap proxy-udp-port

snmp agent port

snmp tcp enable

snmp trap tcp enable

snmp-server tcp-port

snmp-server trap tcp-port

snmp-server enable traps

show snmp

show snmp community

show snmp group

show snmp group access

show snmp engineID

show snmp proxy

show snmp mibproxy

show snmp viewtree

show snmp targetaddr

show snmp targetparam

show snmp user

show snmp notif

show snmp inform statistics

show snmp-server traps

show snmp-server proxy-udp-port

344

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3

show snmp tcp

show snmp filter table

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

345

DATACOM SYSTEMS INC

VS-2024-F

10.1 enable snmpsubagent


This command enables either snmp agent or agentx-subagent capabilities.

enable snmpsubagent { master { ip4 <ipv4_address> | ip6 <ipv6_address> }


[port <number>] }

Syntax
Description

snmpsubagent

Enables SNMP Subagent

master

The master agent address. It can be either ip4 or


ip6.

port

Port number on which master agent listens


subagent.

705

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

port

Example

iss(config)# enable snmpsubagent master ip4 10.0.0.5 port 897

Related Commands

show snmp agentx information - Displays global information of SNMP Agentx communications.

show snmp agentx statistics - Displays all the information regarding SNMP Agentx statistics.

346

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3

10.2 disable snmpsubagent


This command disables agentx-subagent.
disable snmpsubagent

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# disable snmpsubagent

Related Commands

show snmp agentx information - Displays global information of SNMP Agentx communications.

show snmp agentx statistics - Displays all the information regarding SNMP Agentx statistics.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

347

DATACOM SYSTEMS INC

VS-2024-F

10.3 show snmp agentx information


This command displays global information of SNMP Agentx communications.

show snmp agentx information

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show snmp agentx information


Agentx Subagent is enabled
TransportDomain

:TCP

Master IP Address :10.0.0.2


Master PortNo

348

:705

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3

10.4 show snmp agentx statistics


This command displays all the information regarding SNMP Agentx statistics.

show snmp agentx statistics

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show snmp agentx statistics


Tx Statistics
Transmitted Packets

:860

Open PDU

:1

Index Allocate PDU

:0

Index DeAllocate PDU

:0

Register PDU

:2

Add Agent Capabilities PDU

:0

Notify PDU

:0

Ping PDU

:20

Remove Agent Capabilities PDU

:0

UnRegister PDU

:0

Close PDU

:0

Response PDU

:837

Rx Statistics
Rx Packets

:859

Get PDU

:1

GetNext PDU

:836

GetBulk PDU

:0

TestSet PDU

:0

Commit PDU

:0

Cleanup PDU

:0

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

349

DATACOM SYSTEMS INC

VS-2024-F

Undo PDU

:0

Dropped Packets

:0

Parse Drop Errors

:1

Open Fail Errors

:0

Close PDU

:0

Response PDU

:21

10.5 enable snmpagent


This command enables SNMP agent.

enable snmpagent

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

SNMP agent is enabled.

Example

iss(config)# enable snmpagent

Related Commands

disable snmpagent - Disables SNMP agent.

enable snmpsubagent - Enables either snmp agent or agentx-subagent capabilities.

350

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3

10.6 disable snmpagent


This command disables SNMP agent.

disable snmpagent

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# disable snmpagent

Related Commands

enable snmpagent - Enables SNMP agent.

enable snmpsubagent - Enables either snmp agent or agentx-subagent capabilities.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

351

DATACOM SYSTEMS INC

VS-2024-F

10.7 snmp community index


This command configures the SNMP community details. The no form of this command removes the
SNMP community details.

snmp community index <CommunityIndex>


<SecurityName>
[context
<Name
>]
[transporttag
<TransportTagIdentifier
<ContextEngineID>]

name <CommunityName> security


[{volatile
|
nonvolatile}]
|
none>]
[contextengineid

no snmp community index <CommunityIndex>

Syntax
Description

352

CommunityIndex

Community index identifier

name

Community name

security

User Name

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3

context

volatile
nonvolatile

transporttag

Context name through which the management


information is accessed when using the
community string specified by the corresponding
instance of SNMP community name

Storage type

Transport tag identifier

contextengineid

Context engine identifier.

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

Community Index

NETMAN/PUBLIC

CommunityName

NETMAN/PUBLIC

Security Name

None

ContextName

Null

Transport Tag

Null

Storage type

Volatile

Example

iss(config)# snmp community index myv3com name myv3com security


xyz context myinst nonvolatile transporttag myv3tag

The community index identifier must be unique for every community name entry.

Related Commands

show snmp - Displays the status information of SNMP communications

show snmp community - Displays the configured SNMP community details

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

353

DATACOM SYSTEMS INC

VS-2024-F

10.8 snmp group


This command configures SNMP group details. The no form of the command removes the SNMP group
details.

snmp group <GroupName> user <UserName> security-model {v1 | v2c | v3 }


[{volatile | nonvolatile}]

no snmp group <GroupName> user <UserName> security-model {v1 | v2c | v3


}

Syntax
Description

354

GroupName

Name of the SNMP group

user

User Name

securitymodel

Security Model

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3

volatile |
nonvolatile

Storage Type

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

Group Name

Example

iss(config)# snmp group myv3group user myv3user securitymodel v1 volatile

iso/initial

Related Commands

show snmp group - Displays the configured SNMP groups

show snmp user - Displays the configured SNMP users

10.9 snmp access


This command configures the SNMP group access details. The no form of the command removes the
SNMP group access details.

snmp access <GroupName> {v1 | v2c | v3 {auth | noauth | priv}} [read


<ReadView | none>] [write <WriteView | none>] [notify <NotifyView |
none>] [{volatile | nonvolatile}] [context <name>]

no snmp access <GroupName> {v1 | v2c | v3 {auth | noauth | priv}}


[context <name>]

Syntax
Description

GroupName

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

Name of the group

355

DATACOM SYSTEMS INC

VS-2024-F

v1 | v2c | v3

Version of the SNMP

auth

Authentication - Enables Message digest (MD5) or


Secure Hash Algorithm (SHA) packet authentication

noauth

no-authentication

priv

Specifies both authentication and privacy

read

A read view identifier

write

A write view identifier

notify

A notification view identifier

Storage type

Name of the SNMP context

volatile
nonvolatile

context

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

Group Name

iso

iso

Storage Type

volatile

Group Name

initial

restricted

Storage Type

non-volatile

Group Name

initial

Read/Write/Notify

Read/Write/Notify

356

view

View

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3

Read/Write/Notify

View

Storage Type
Example

iso

non-volatile

iss(config)# snmp access myv2group v2 read v2readview write


v2writeview notify v2notifyview nonvolatile

To configure an SNMP access along with the group, a group must have already been
created using the snmp group command

Version 3 is the most secure model as it allows packet encryption with the priv key
word

Related Commands

snmp group - Configures SNMP group details

snmp view - Configures the SNMP view

show snmp group - Displays the configured SNMP groups

show snmp group access - Displays the configured SNMP group access details

show snmp viewtree - Displays the configured SNMP Tree views

10.10

snmp engineid

This command configures the engine identifier. The no form of the command removes the configured
engine identifier.

snmp engineid <EngineIdentifier>

no snmp engineid

Syntax
Description
Mode

EngineIdentifier

Engine ID

Global Configuration Mode

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

357

DATACOM SYSTEMS INC

VS-2024-F
Package

Workgroup, Enterprise and Metro

Defaults

80.00.08.1c.04.46.53

Example

iss(config)# snmp engineid 80.0.08.1c.04.5f.a9

The Engine ID must be given as octets in hexadecimal separated by dots and the
allowed length is 5 to 32 octets.

SNMP engine ID is an administratively unique identifier.

Changing the value of the SNMP engine ID has significant effects.

All the user information will be updated automatically to reflect the change

Related Commands

show snmp engineID - Displays the Engine Identifier

show snmp user - Displays the configured SNMP users

10.11

snmp proxy name

This command configures the proxy. The no form of the command removes the proxy.

snmp proxy name <ProxyName> ProxyType {Read | Write | inform | Trap}


ContextEngineID
<EngineId>
TargetParamsIn
<TargetParam>
TargetOut
<TargetOut> [ContextName <ProxyContextName>] [StorageType {volatile |
nonvolatile}]

no snmp proxy name <ProxyName>

358

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3
Syntax
Description

ProxyName

The locally arbitrary, but unique identifier


associated with the tProxyEntry.
This will be the INDEX used for the Proxy
Table.

ProxyType

Type of message that are forwarded using the


translation parameters. Options are:

Read

Write

Inform

Trap

ContextEngineID

Context engine identifier contained in messages


that are forwarded using the translation
parameters.

TargetParamsIn

This object selects an entry in the


snmpTargetParamsTable. The selected entry is
used to determine which row of the
snmpProxyTable is to be used for forwarding the
received messages.

TargetOut

This object selects a management target defined


in the snmpTargetAddrTable (in the SNMPTARGET-MIB). The selected target is defined by
an entry in the snmpTargetAddrTable whose
index value (snmpTargetAddrName) is equal to
this object.
This object is only used when selection of a
single target is required (that is, when
forwarding an incoming read or write
request).

ContextName

Context name contained in messages that are


forwarded using the translation parameters.

Storage Type

Storage type. Options are:

volatile

nonvolatile

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

Storage Type

Example

iss(config)# snmp proxy name proxy1 ProxyType write


ContextEngineID 80.00.08.1c.04.46.53 TargetParamsIn param2
TargetOut target2 ContextName pxyctxtname StorageType
nonvolatile

nonvolatile

Related Commands
CLI USER MANUAL
DATACOM SYSTEMS CONFIDENTIAL

359

DATACOM SYSTEMS INC

VS-2024-F

show snmp proxy - Displays proxy details.

10.12

snmp mibproxy name

This command configures the proxy. The no form of the command removes the proxy.

snmp mibproxy name <ProxyName> ProxyType {Read | Write | inform | Trap}


mibid
<MibId>
TargetParamsIn
<TargetParam>
TargetOut
<TargetOut>
[StorageType {volatile | nonvolatile}]

no snmp mibproxy name <ProxyMibName>

360

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3
Syntax
Description

ProxyName

The locally arbitrary, but unique identifier


associated with the tProxyEntry.
This will be the INDEX used for the Proxy
Table.

ProxyType

Type of message that are forwarded using the


translation parameters. Options are:

Read

Write

Inform

Trap
MIB identifier.

mibid

TargetParamsIn

This
object
selects
an
entry
in
the
snmpTargetParamsTable. The selected entry is
used to determine which row of the
snmpProxyTable to use for forwarding the received
messages.

TargetOut

This object selects a management target defined


in the snmpTargetAddrTable (in the SNMPTARGET-MIB). The selected target is defined by
an entry in the snmpTargetAddrTable whose
index value (snmpTargetAddrName) is equal to
this object.

ContextName

Storage Type

This object is only used when selection of a


single target is required (that is, when
forwarding an incoming read or write
request).
Context name contained in messages that are
forwarded using the translation parameters
Storage type. Options are:

volatile

nonvolatile

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

Storage Type

Example

iss(config)# snmp mibproxy name mibproxy1 ProxyType read


mibid 1 TargetParamsIn param1 TargetOut target1 StorageType
nonvolatile

nonvolatile

Related Commands

show snmp mibproxy - Displays proxy details.


CLI USER MANUAL
DATACOM SYSTEMS CONFIDENTIAL

361

DATACOM SYSTEMS INC

VS-2024-F

10.13

snmp view

This command configures the SNMP view. The no form of the command removes the SNMP view.

snmp view <ViewName> <OIDTree> [mask <OIDMask>] {included | excluded}


[{volatile | nonvolatile}]

no snmp view <ViewName> <OIDTree>

362

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3
Syntax
Description

ViewName

View Name

OIDTree

Object Identifier

OIDMask
none

Defines views' subtrees

included
excluded

Type of view

volatile |
nonvolatile

Type of storage

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

View Name

iso/restricted

OIDTree

OIDMask

None

View type

included

Storage type

non-volatile

Example

iss(config)# snmp view v2readview 1.3.6.1 mask 1.1.1.1 included


nonvolatile

To configure an SNMP view (read/write/notify), a group must have already been created
using the snmp group command and SNMP group access must be configured using the
snmp access command.

Related Commands

snmp access - Configures the SNMP group access details

show snmp viewtree - Displays the configured SNMP Tree views

show snmp group access - Displays the configured SNMP group access details

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

363

DATACOM SYSTEMS INC

VS-2024-F

10.14

snmp targetaddr

This command configures the SNMP target address. The no form of the command removes the
configured SNMP target address.

snmp targetaddr <TargetAddressName> param <ParamName> {<IPAddress> |


<IP6Address>} [timeout <Seconds(1-1500)] [retries <RetryCount(1-3)]
[taglist <TagIdentifier | none>] [{volatile | nonvolatile}] [port
<integer (1-65535)>]

364

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3

no snmp targetaddr <TargetAddressName>

Syntax
Description

TargetAddressName

Name of the Target address (host)

param

SNMP parameter Name

IPAddress/
IP6Address

IP/IP6 Address of the host

timeout

The time the SNMP agent waits for a response from


the SNMP Manager before retransmitting the Inform
Request Message

retries

The Maximum number of times the agent can


retransmit the Inform Request Message

taglist

Tag Identifier

Storage type

SNMP Manager port number for sending the


TRAP/INFORM messages to SNMP Manager. This
value ranges between 1 and 65535.

volatile
nonvolatile

port

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

ParamName

Internet

IPAddress

10.0.0.10

taglist

snmp

volatile | nonvolatile

volatile

port

162

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

365

DATACOM SYSTEMS INC

VS-2024-F
Example

iss(config)# snmp targetaddr issmgr param issd 10.0.0.10 taglist


mytag nonvolatile

Target param must have been configured.

Related Commands

show snmp targetaddr - Displays the configured SNMP target Addresses

snmp targetparams - Configures the SNMP target parameters

show snmp targetparam - Displays the configured SNMP Target Address Params

10.15

snmp targetparams

This command configures the SNMP target parameters. The no form of the command removes the SNMP
target parameters.

snmp targetparams <ParamName> user <UserName> security-model {v1 | v2c |


v3 {auth | noauth | priv}} message-processing {v1 | v2c | v3} [{volatile
366

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3

| nonvolatile}] [filterprofile-name <profilename> ] [filter-storagetype


{volatile | nonvolatile}]

no snmp targetparams <ParamName>

Syntax
Description

ParamName

SNMP Parameter Name

user

User Name

security-model

Security Model

auth

Authentication - Enables Message digest (MD5) or


Secure Hash Algorithm (SHA) packet authentication

noauth

no-authentication

priv

Specifies both authentication and privacy

messageprocessing

Message processing model

Storage type

filterprofilename

Name of the filter profile to be used for the specified


target address.

filterstoragetype

Storage type for the filter. This can be:

volatile
nonvolatile

volatile - Temporary storage. Details are lost once


restarted.

nonvolatile - Permanent storage. Details are


present even after restart.

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

ParamName

User/Security

Name

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

internet

None

367

DATACOM SYSTEMS INC

VS-2024-F

Security Model

v2c

Security Level

NoauthNoPriv

v2c

Storage Type

Non-volatile

ParamName

test1

User/Security Name

None

Security Model

v1

Security Level

NoauthNoPriv

v1

Non-volatile

Message
Model

Message
Model

Processing

Processing

Storage Type

Example

iss(config)# snmp targetparams param1 user user1 security-model


v3 noauth message-processing v3

User information must have been configured prior to the configuration of SNMP target
parameters

Related Commands

snmp user - Configures the SNMP user details

snmp filterprofile - Creates Notify filter Table

show snmp targetparam - Displays the configured SNMP Target Address Params

show snmp user - Displays the configured SNMP users.

10.16

snmp user

This command configures the SNMP user details. The no form of the command removes the SNMP user
details.

368

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3

snmp user <UserName> [auth {md5 | sha} <passwd> [priv DES <passwd>]]
[{volatile | nonvolatile}] [EngineId <EngineID>]

no snmp user <UserName> [EnginId <EngineID>]

Syntax
Description

UserName

Name of the User

auth

Authentication Algorithm - can be Message Digest 5


or Secure Hash Algorithm

passwd

Password associated with the Authentication type

priv DES

Private encryption password

volatile |
nonvolatile

Storage type - can be either volatile or non-volatile

EngineId

SNMP engine identifier

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

UserName

Initial

Authentication Protocol

None

Privacy Protocol

None

Storage type

Non-volatile

Storage type

Non-volatile

Example

iss(config)# snmp user user1

SNMP passwords are localized using the local SNMP engine ID

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

369

DATACOM SYSTEMS INC

VS-2024-F

Related Commands

show snmp engineID - Displays the Engine Identifier

show snmp user - Displays the configured SNMP users

10.17

370

snmp notify

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3

This command configures the SNMP notification details. The no form of this command removes the
SNMP notification details.

snmp notify <NotifyName> tag <TagName> type {Trap | Inform} [{volatile |


nonvolatile}]

no snmp notify <NotifyName>

Syntax
Description

NotifyName

Notification Name

tag

Tag Name

type

Type of Notification

volatile |
nonvolatile

Storage type of the notification details

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

Notify Name

iss/iss1

Notify Tag

iss/iss1

Storage type

volatile

Example

iss(config)# snmp notify note1 tag tag1 type Inform

Related Commands

show snmp notif - Displays the configured SNMP Notifications

show snmp targetaddr - Displays the configured SNMP target Addresses

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

371

DATACOM SYSTEMS INC

VS-2024-F

10.18

snmp filterprofile

This command creates Notify filter Table. The no form of the command removes the filter entry from the
table.

snmp filterprofile <profile-name> <OIDTree> [mask <OIDMask>] {included |


excluded} [{volatile | nonvolatile}]

no snmp filterprofile <profilename> <OIDTree>

Syntax
Description

profilename

Name of the filter profile.

OIDTree

Object Identifier

mask
<OIDMask>

Defines a family of subtrees, in combination with the


object identifier.

Type of filter. This indicates whether the OID and mask


should be included in or excluded from the fileter
profile.

volatile |
nonvolatile

Storage type.

included
excluded

volatile - Temporary storage. Details are lost once


restarted.

nonvolatile - Permanent storage. Details are


present even after restart.

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# snmp filterprofile filter1 1.5 mask 1.1 included


nonvolatile

Related Commands

show snmp filter table - Displays the configured SNMP filters

snmp targetparams - Configures the SNMP target parameters

372

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3

10.19

snmp-server enable traps snmp authentication

This command enables generation of authentication traps for SNMPv1 and SNMPv2c. The no form of the
command disables generation of authentication traps for SNMPv1 and SNMPv2c.

snmp-server enable traps snmp authentication

no snmp-server enable traps snmp authentication

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

Generation of authentication traps is disabled by default.

Example

iss(config)# snmp-server enable traps snmp authentication

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

373

DATACOM SYSTEMS INC

VS-2024-F

10.20

snmp-server trap udp-port

This command configures the udp port over which agent sends the trap. The no form of the command
configures the snmp agent to sent trap on default udp port.

snmp-server trap udp-port <port>

no snmp-server trap udp-port

Syntax
Description

port

Port number

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# snmp-server trap udp-port 1234

Related Commands
show snmp notif - Displays the configured SNMP Notification types.

374

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3

10.21

snmp-server trap proxy-udp-port

This command configures the udp port over which agent sends the trap. The no form of the command
configures the snmp agent to sent trap on default udp port.

snmp-server trap proxy-udp-port <port>

no snmp-server trap proxy-udp-port

Syntax
Description

port

Port number

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

162

Example

iss(config)# snmp-server trap proxy-udp-port 162

Related Commands
show snmp-server proxy-udp-port - Displays the proxy udp port.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

375

DATACOM SYSTEMS INC

VS-2024-F

10.22

snmp agent port

This command configures the agent port on which agent listens.

snmp agent port <port>

Syntax
Description

port

Port number. This value ranges between 1 and 65535.

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

161

Example

iss(config)# snmp agent port 100

Related Commands
show snmp - Displays the status information of SNMP communications

376

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3

10.23

snmp tcp enable

This command enables sending snmp messages over tcp. The no form of the command disables sending
snmp messages over tcp.

snmp tcp enable

no snmp tcp enable

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

Disabled

Example

iss(config)# snmp tcp enable

Related Commands
show snmp tcp - Displays the configuration for snmp over tcp.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

377

DATACOM SYSTEMS INC

VS-2024-F

10.24

snmp trap tcp enable

This command enables sending snmp trap messages over tcp. The no form of the command disables
sending snmp trap messages over tcp.

snmp trap tcp enable

no snmp trap tcp enable

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

Disabled

Example

iss(config)# snmp trap tcp enable

Related Commands
show snmp tcp - Displays the configuration for snmp over tcp.

378

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3

10.25

snmp-server tcp-port

This command configures the tcp port over which agent sends the snmp message. The no form of the
command configures the snmp agent to sent snmp message on default tcp port.

snmp-server tcp-port <port>

no snmp-server tcp-port

Syntax
Description

port

Port number

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

161

Example

iss(config)# snmp-server tcp-port 161

Related Commands
show snmp tcp - Displays the configuration for snmp over tcp.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

379

DATACOM SYSTEMS INC

VS-2024-F

10.26

snmp-server trap tcp-port

This command configures the tcp port over which agent sends the trap. The no form of the command
configures the snmp agent to sent trap on default tcp port.

snmp-server trap tcp-port <port>

no snmp-server trap tcp-port

Syntax
Description

port

Port number

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

162

Example

iss(config)# snmp-server trap tcp-port 162

Related Commands
show snmp tcp - Displays the configuration for snmp over tcp.

380

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3

10.27

snmp-server enable traps

This command enables generation of a particular trap. The no form of the command disables generation
of a particular trap.

snmp-server enable traps {[firewall-limit] [linkup] [linkdown] [sipstates]


[sip-cfg-change]
[coldstart]
[poe-power]
[dhcp-pool-limit]
[dsx1-line]}

no snmp-server enable traps {[firewall-limit] [linkup] [linkdown] [sipstates]


[sip-cfg-change]
[coldstart]
[poe-power]
[dhcp-pool-limit]
[dsx1-line]}

Syntax
Description

firewalllimit

Firewall attack summary trap

linkup

Linkup trap

linkdown

Linkdown trap

sip-states

SIP states trap

sip-cfgchange

SIP configuration change trap

coldstart

Coldstart trap

poe-power

Power on Ethernet trap

dhcp-poollimit

DHCP Server pool limit trap

dsx1-line

DSX1 line trap

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# snmp-server enable traps firewall-limit

Related Commands

show snmp-server traps - Displays the set of traps that are currently enabled.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

381

DATACOM SYSTEMS INC

VS-2024-F

10.28

show snmp

This command displays the status information of SNMP communications.

show snmp

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show snmp


0 SNMP Packets Input
0 Bad SNMP Version errors
0 Unknown community name
0 Get request PDUs
0 Get Next PDUs
0 Set request PDUs

0 SNMP Packets Output


0 Too big errors
0 No such name errors
0 Bad value errors
0 General errors
0 Trap PDUs

0 SNMP Rollback failures

SNMP Manager-role output packets


0 Drops

SNMP Informs:
0 Inform Requests generated

382

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3

0 Inform Responses received


0 Inform messages Dropped
0 Inform Requests awaiting Acknowledgement

SNMP Trap Listen Port is 162

snmp agent port : 170

Related Command

snmp agent port - Configures the agent port on which agent listens

10.29

show snmp community

This command displays the configured SNMP community details.

show snmp community

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

383

DATACOM SYSTEMS INC

VS-2024-F
Example

iss# show snmp community


Community Index: NETMAN
Community Name: NETMAN
Security Name: none
Context Name:
Transport Tag:
Storage Type: volatile
Row Status: active
-----------------------------Community Index: PUBLIC
Community Name: PUBLIC
Security Name: none
Context Name:
Transport Tag:
Storage Type: volatile
Row Status: active

Related Command

snmp community index - Configures the SNMP community details

10.30

show snmp group

This command displays the configured SNMP groups.

384

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3

show snmp group

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show snmp group


Security Model: v1
Security Name: none
Group Name: iso
Storage Type: volatile
Row Status: active
-----------------------------Security Model: v2c
Security Name: none
Group Name: iso
Storage Type: volatile
Row Status: active
-----------------------------Security Model: v3
Security Name: initial
Group Name: initial
Storage Type: nonVolatile
Row Status: active
-----------------------------Security Model: v3
Security Name: templateMD5
Group Name: initial
Storage Type: nonVolatile
Row Status: active
-----------------------------Security Model: v3
Security Name: templateSHA
Group Name: initial
Storage Type: nonVolatile
Row Status: active

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

385

DATACOM SYSTEMS INC

VS-2024-F

Related Commands

snmp group - Configures the SNMP group details

snmp user - Configures the SNMP user details

10.31

show snmp group access

This command displays the configured SNMP group access details.

show snmp group access

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show snmp group access


Group Name: iso
Read View: iso
Write View: iso
Notify View: iso
Storage Type: volatile
Row Status: active
-----------------------------Group Name: iso
Read View: iso
Write View: iso
Notify View: iso
Storage Type: volatile
Row Status: active
-----------------------------Group Name: initial
Read View: restricted
Write View: restricted
Notify View: restricted
Storage Type: nonVolatile

386

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3

Row Status: active


-----------------------------Group Name: initial
Read View: iso
Write View: iso
Notify View: iso
Storage Type: nonVolatile
Row Status: active

Related Commands

snmp access - Configures the SNMP group access details

snmp view - Configures the SNMP view

10.32

show snmp engineID

This command displays the Engine Identifier.

show snmp engineID

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show snmp engineID


EngineId: 80.00.08.1c.04.46.53

Related Command

snmp engineid - Configures the engine identifier

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

387

DATACOM SYSTEMS INC

VS-2024-F

10.33

show snmp proxy

This command displays proxy details.

show snmp proxy

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

388

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3
Example

iss# show snmp proxy


Proxy Name

: PROXY1

Proxy ContextEngineID

: 80.00.08.1c.04.46.54

Proxy ContextName

Proxy TargetParamIn

: param1

Proxy SingleTargetOut

: Tgt1

Proxy MultipleTargetOut

Proxy Type

: Read

Storage Type

: Non-volatile

Row Status

: Active

---------------------------------------------------Proxy Name

: PROXY2

Proxy ContextEngineID

: 80.00.08.1c.04.46.54

Proxy ContextName

Proxy TargetParamIn

: param1

Proxy SingleTargetOut

: Tgt1

Proxy MultipleTargetOut

Proxy Type

: Write

Storage Type

: Non-volatile

Row Status

: Active

----------------------------------------------------

Related Command

snmp proxy name - Configures the proxy.

10.34

show snmp mibproxy

This command displays proxy details.


CLI USER MANUAL
DATACOM SYSTEMS CONFIDENTIAL

389

DATACOM SYSTEMS INC

VS-2024-F

show snmp mibproxy

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show snmp mibproxy


Prop Proxy Name

: proxy1

Prop MibID

: 2

Prop Proxy TargetParamIn

: param1

Prop Proxy SingleTargetOut

: target1

Prop Proxy MultipleTargetOut

Prop Proxy Type

: Read

Prop Storage Type

: Non-volatile

Prop Row Status

: Active

----------------------------------------------------

Related Command

snmp mibproxy name - Configures the proxy.

390

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3

10.35

show snmp viewtree

This command displays the configured SNMP Tree views.

show snmp viewtree

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show snmp viewtree


View Name: iso
Subtree OID: 1
Subtree Mask:
View Type: included
Storage Type: nonVolatile
Row Status: active
-----------------------------View Name: restricted
Subtree OID: 1
Subtree Mask:
View Type: included
Storage Type: nonVolatile
Row Status: active
------------------------------

Related Command

snmp view - Configures the SNMP view

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

391

DATACOM SYSTEMS INC

VS-2024-F

10.36

show snmp targetaddr

This command displays the configured SNMP target Addresses.

show snmp targetaddr

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# sh snmp targetaddr


Target Address Name : ht231
IP Address

: 12.0.0.100

Port

: 150

Tag List

: tg231

Parameters

: pa231

Storage Type

: Non-volatile

Row Status

: Active

-----------------------------Related Commands

snmp targetaddr - Configures the SNMP target address

snmp targetparams - Configures the SNMP target parameters

snmp notify - Configures the SNMP notification details

392

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3

10.37

show snmp targetparam

This command displays the configured SNMP Target Address Params.

show snmp targetparam

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# sh snmp targetparam


Target Parameter Name

: internet

Message Processing Model : v2c


Security Model

: v2c

Security Name

: none

Security Level

: No Authenitcation, No Privacy

Storage Type

: Non-volatile

Row Status

: Active

Filter Profile Name

: None

Row Status

: Active

-----------------------------Target Parameter Name

: pa231

Message Processing Model : v3


Security Model

: v3

Security Name

: u231

Security Level

: No Authenitcation, No Privacy

Storage Type

: Volatile

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

393

DATACOM SYSTEMS INC

VS-2024-F

Row Status

: Active

Filter Profile Name

: filter1

Row Status

: Active

-----------------------------Target Parameter Name

: test1

Message Processing Model : v2c


Security Model

: v1

Security Name

: none

Security Level

: No Authenitcation, No Privacy

Storage Type

: Non-volatile

Row Status

: Active

Filter Profile Name

: None

Row Status

: Active

------------------------------

Related Commands

snmp targetparams - Configures the SNMP target parameters

snmp user - Configures the SNMP user details

10.38

show snmp user

This command displays the configured SNMP users.

show snmp user

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show snmp user


Engine ID: 80.00.08.1c.04.46.53
User: initial
Authentication Protocol: none
Privacy Protocol: none
Storage Type: nonVolatile

394

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3

Row Status: active


-----------------------------Engine ID: 80.00.08.1c.04.46.53
User: templateMD5
Authentication Protocol: MD5
Privacy Protocol: none
Storage Type: nonVolatile
Row Status: active
-----------------------------Engine ID: 80.00.08.1c.04.46.53
User: templateSHA
Authentication Protocol: SHA
Privacy Protocol: DES_CBC
Storage Type: nonVolatile
Row Status: active
------------------------------

Related Commands

snmp user - Configures the SNMP user details

show snmp community - Displays the configured SNMP community details

10.39

show snmp notif

This command displays the configured SNMP Notification types.

show snmp notif

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

395

DATACOM SYSTEMS INC

VS-2024-F
Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show snmp notif


Notify Name: iss
Notify Tag: iss
Notify Type: trap
Storage Type: volatile
Row Status: active
-----------------------------Notify Name: iss1
Notify Tag: iss1
Notify Type: trap
Storage Type: volatile
Row Status: active

Related Commands

snmp notify - Configures the SNMP notification details

snmp targetparams - Configures the SNMP target parameters

396

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3

10.40

show snmp inform statistics

This command displays the inform message statistics.

show snmp inform statistics

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show snmp inform statistics


Target Address Name

: issmanager

IP Address

: 10.0.0.10

Inform messages sent : 20


Acknowledgement awaited for : 2 Inform messages
Inform messages dropped : 0
Acknowledgement failed for : 0 Inform messages
Informs retransmitted: 0
Inform responses received: 18

SNMP Manager must have been configured and Inform type notifications
must have been generated.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

397

DATACOM SYSTEMS INC

VS-2024-F

10.41

show snmp-server traps

This command displays the set of traps that are currently enabled.

show snmp-server traps

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show snmp-server traps


Currently enabled traps:
-----------------------linkup,linkdown,

Related Command

snmp-server enable traps - Enables generation of a particular trap.

398

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3

10.42

show snmp-server proxy-udp-port

This command displays the proxy udp port.

show snmp-server proxy-udp-port

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show snmp-server proxy-udp-port


snmp-server proxy-udp-port : 162

Related Command

snmp-server trap proxy-udp-port - Configures the udp port over which agent sends the trap.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

399

DATACOM SYSTEMS INC

VS-2024-F

10.43

show snmp tcp

This command displays the configuration for snmp over tcp.

show snmp tcp

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show snmp tcp


snmp over tcp disabled

snmp trap over tcp disabled

snmp listen tcp port 161

Snmp listen tcp trap port 162

Related Command

snmp tcp enable Enables sending snmp messages over tcp.

snmp trap tcp enable - Enables sending snmp trap messages over tcp.

snmp-server tcp-port Configures the tcp port over which agent sends the snmp message.

snmp-server trap tcp-port - Configures the tcp port over which agent sends the trap.

400

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 10: SNMPV3

10.44

show snmp filter table

This command displays the configured SNMP filters.

show snmp filter table

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show snmp filter table


Filter Name

: filter1

Subtree OID

: 1.5

Subtree Mask : 1.1


Filter Type

: Included

Storage Type : Non-volatile


Row Status

: Active

------------------------------

Related Command

snmp filterprofile - Creates Notify filter Table

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

401

VS-2024-F

DATACOM SYSTEMS INC

Chapter

12
11.SNTP
The SNTP (Simple Network Time Protocol) module is used to synchronize the time and date in ISS by
contacting the SNTP Server. It supports different time zones, where the user can set the required time
zone.
The following are the list of SNTP commands:

sntp

set sntp client

set sntp client version

set sntp client addressing mode

set sntp client port

set sntp client clock-format

set sntp time zone

set sntp client clock-summer-time

set sntp client authentication-key

set sntp unicast-server auto-discovery

set sntp unicast-poll-interval

set sntp unicast-max-poll-timeout

set sntp unicast-max-poll-retry

set sntp unicast-server

set sntp broadcast-mode send-request

set sntp broadcast-poll-timeout

set sntp broadcast-delay-time

402

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 11: SNTP

set sntp multicast-mode send-request

set sntp multicast-poll-timeout

set sntp multicast-delay-time

set sntp multicast-group-address

set sntp anycast-poll-interval

set sntp anycast-poll-timeout

set sntp anycast-poll-retry-count

set sntp anycast-server

set sntp client clock-format

show sntp status

show sntp unicastmode status

show sntp broadcastmode status

show sntp multicastmode status

show sntp anycastmode status

debug sntp

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

403

DATACOM SYSTEMS INC

VS-2024-F

11.1 sntp
This command enters SNTP configuration mode.

sntp

Mode

Profile configuration mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# sntp
iss(config-sntp)#

404

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 11: SNTP

11.2 set sntp client


This command enables or disables SNTP client module.

set sntp client {enabled | disabled}

Syntax
Description

enabled

Enables the SNTP client module

disabled

Disables the SNTP client module

Mode

SNTP Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

disabled

Example

iss(config-sntp)# set sntp client enabled

SNTP client should be enabled

Related Command

show sntp status: Displays SNTP status

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

405

DATACOM SYSTEMS INC

VS-2024-F

11.3 set sntp client version


This command sets the operating version of the SNTP for the client.

set sntp client version { v1 | v2 | v3 | v4 }

Syntax
Description

v1

SNTP Version 1

v2

SNTP Version 2

v3

SNTP Version 3

v4

SNTP Version 4

Mode

SNTP Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

v4

Example

iss(config-sntp)# set sntp client version v3

SNTP client should be enabled

Related Command

406

show sntp status: Displays SNTP status

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 11: SNTP

11.4 set sntp client addressing mode


This command sets the addressing mode of SNTP client as either unicast, multicast, broadcast, anycast.

set sntp client addressing-mode { unicast | broadcast | multicast |


anycast }

Syntax
Description

unicast

Sets the addressing mode of SNTP client


as unicast.

broadcast

Sets the addressing mode of SNTP client


as broadcast.

multicast

anycast

Sets the addressing mode of SNTP client


as multicast

Sets the addressing mode of SNTP client


as anycast.

Mode

SNTP Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

unicast

Example

iss(config-sntp)# set sntp client addressing-mode


unicast

SNTP client should be enabled

Related Command

show sntp anycastmode status Displays the SNTP anycast mode status

show sntp broadcastmode status Displays the SNTP broadcast mode status

show sntp multicastmode status Displays the SNTP multicast mode status

show sntp status: Displays SNTP status

show sntp unicastmode status - Displays the SNTP Unicast Mode status

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

407

DATACOM SYSTEMS INC

VS-2024-F

11.5 set sntp client port


This command sets the listening port for SNTP client greater than 1024 as below 1024 are reserved.
Therefore the configurable listening port for SNTP client starts at 1025.The no form of command deletes
the listening port for SNTP client and sets the default value.

set sntp client port <portno(1025-65535)>

no sntp client port

Syntax
Description

port no

Listening port for SNTP client

Mode

SNTP Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

123

Example

iss (config-sntp)# set sntp client port 1026

SNTP client should be enabled

Related commands

408

show sntp status: Displays SNTP status

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 11: SNTP

11.6 set sntp client clock-format


This command sets the system clock format as AM PM format or HOURS format.

set sntp client clock-format {ampm | hours}

Syntax
Description

am-pm

Sets the system clock in am/ pm format

hours

Sets the system clock in 24 hours format

Mode

SNTP Configuration Mode

Package

Workgroup, Enterprise and Metro

Default

hours

Example

iss (config-sntp)# set sntp client clock-format ampm

SNTP clock format configuration in the Switch:

Date Hours, Minutes, Seconds, Date Month and Year

Month Jan, Feb, Mar..

Year - yyyy

Related Command

show sntp clock - Displays the current time.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

409

DATACOM SYSTEMS INC

VS-2024-F

11.7 set sntp time zone


This command sets the system time zone with respect to UTC. The no form of command resets the
system time zone to GMT.

set sntp client time-zone <+/- UTC TimeDiff in Hrs:UTC TimeDiff in Min>
Eg: +05:30

no sntp client time-zone

Syntax
Description

+/-

After or before UTC

UTCTimeDiff
in Hrs

UTC Time difference in hours

UTC TimeDiff
in Min

UTC Time difference in minutes

Mode

SNTP Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config-sntp)# set sntp client time-zone +05:30

SNTP server must be enabled prior to the execution of this command.

Related Command

410

show sntp status: Displays SNTP status

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 11: SNTP

11.8 set sntp client clock-summer-time


This command enables the Daylight Saving Time. The no form of the command disables the Daylight
Saving Time.

set sntp client clock-summer-time <week-day-month,hh:mm> <week-daymonth,hh:mm> Eg: set sntp client clock-summer-time First-Sun-Mar,05:10
Second-Sun-Nov,06:1
0

no sntp client clock summer-time

Syntax
Description

week-daymonth

hh:mm

Week First, Second, Third, Fourth or Last week of month.


Day Sunday, Monday, Tuesday, Wednesday, Thursday,
Friday or Saturday.
Month: January, February, March, April, May, June, July,
August, September, October, November or December.
Time in hours and minutes

Mode

SNTP Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config-sntp)# set sntp client clock-summer-time First-SunJan,12:12 Second-Sun-Mar,12:12

Related Commands:

show sntp status: Displays SNTP status

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

411

DATACOM SYSTEMS INC

VS-2024-F

11.9 set sntp client authentication-key


This command sets the authentication parameters. The no form of the command disables authentication.

set sntp client authentication-key <key-id> md5 <key>

no sntp client authentication

Syntax
Description

key-id

Key Identifier (integer value). Range is 1 65535.

md5

Message Digest Algorithm

key

Key value (string value)

Mode

SNTP Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config-sntp)# set sntp client authentication-key 123


md5 DatacomSystems
SNTP client should be enabled

Related Command

412

show sntp status: Displays SNTP status

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 11: SNTP

11.10

set sntp unicast-server auto-discovery

This command configures SNTP client status of auto-discovery of server.

set sntp unicast-server auto-discovery {enabled | disabled}

Syntax
Description

enabled

Enables the auto discovery of server

disabled

Disables the auto discovery of server

Mode

SNTP Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

disabled

Example

iss(config-sntp)# set sntp unicast-server auto-discovery


enabled

SNTP client addressing mode should be unicast

Related Command

show sntp unicastmode status - Displays the SNTP Unicast Mode status

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

413

DATACOM SYSTEMS INC

VS-2024-F

11.11

set sntp unicast-poll-interval

This command configures SNTP client poll interval.

set sntp unicast-poll-interval <value (16-16284) seconds>

Syntax
Description

value

Poll interval value in seconds.

Mode

SNTP Configuration Mode

Package

Workgroup, Enterprise and Metro

Default

64

Example

iss(config-sntp)# set sntp unicast-poll-interval 50

SNTP client addressing mode should be unicast

Related Command

414

show sntp unicastmode status - Displays the SNTP Unicast Mode status

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 11: SNTP

11.12

set sntp unicast-max-poll-timeout

This command configures SNTP client maximum poll interval timeout.

set sntp unicast-max-poll-timeout <value (1-30) seconds>

Syntax
Description

value

Maximum poll interval time out value in seconds.

Mode

SNTP Configuration Mode

Package

Workgroup, Enterprise and Metro

Default

Example

iss(config-sntp)# set sntp unicast-max-poll-timeout 25

SNTP client addressing mode should be unicast

Related Command

show sntp unicastmode status - Displays the SNTP Unicast Mode status

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

415

DATACOM SYSTEMS INC

VS-2024-F

11.13

set sntp unicast-max-poll-retry

This command configures SNTP client maximum retry poll count.

set sntp unicast-max-poll-retry <value (1-10) times>

Syntax
Description

value

Maximum retry poll count value

Mode

SNTP Configuration Mode

Package

Workgroup, Enterprise and Metro

Default

Example

iss(config-sntp)# set sntp unicast-max-poll-retry 10

SNTP client addressing mode should be unicast

Related Command

416

show sntp unicastmode status - Displays the SNTP Unicast Mode status

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 11: SNTP

11.14

set sntp unicast-server

This command configures SNTP unicast server attributes. The no form of command deletes the sntp
unicast server attributes and sets to default.

set sntp unicast-server {ipv4 <ucast_addr> | ipv6 <ip6_addr>} [{primary


| Secondary}] [{version3 | version 4}] [<portid(1025-36564)>]

no sntp unicast-server {ipv4 <ucast_addr> | ipv6 <ip6_addr>}

Syntax
Description

ipv4, ipv6

Version 4 and Version 6 IP address

Primary/
secondary

Primary/ Secondary NTP servers

Port-id

Port identifier

Mode

SNTP Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config-sntp)# set sntp unicast-server ipv4 12.0.0.100 Primary


3 1234

SNTP client addressing mode should be unicast

Related Command

show sntp unicastmode status - Displays the SNTP Unicast Mode status

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

417

DATACOM SYSTEMS INC

VS-2024-F

11.15

set sntp broadcast-mode send-request

This command sets the status of sending the request for knowing the delay.

set sntp broadcast-mode send-request {enabled | disabled}

Syntax
Description

enabled

When enabled the SNTP request packet is sent to


broadcast server to calculate the actual delay.

disabled

When disabled no SNTP request packet is sent out to


broadcast server instead default value for the delay is
taken.

Mode

SNTP Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

disabled

Example

iss(config-sntp)# set sntp broadcast-mode send-request enabled

SNTP client addressing mode should be broadcast

Related Command

418

show sntp broadcastmode status Displays the SNTP broadcast mode status

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 11: SNTP

11.16

set sntp broadcast-poll-timeout

This command configures SNTP client poll interval in broadcast mode.

set sntp broadcast-poll-timeout [<value (1-30) seconds>]

Syntax
Description

value

Poll interval time out value in seconds for broadcast mode

Mode

SNTP Configuration Mode

Package

Workgroup, Enterprise and Metro

Default

Example

iss(config-sntp)# set sntp broadcast-poll-timeout 30

SNTP client addressing mode should be broadcast

Related Command

show sntp broadcastmode status Displays the SNTP broadcast mode status

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

419

DATACOM SYSTEMS INC

VS-2024-F

11.17

set sntp broadcast-delay-time

This command configures SNTP delay time in broadcast mode.

set sntp broadcast-delay-time [<value (1000-15000) microseconds>]

Syntax
Description

value

Delay time value in micro seconds in broadcast mode

Mode

SNTP Configuration Mode

Package

Workgroup, Enterprise and Metro

Default

8000

Example

iss(config-sntp)# set sntp broadcast-delay-time 2000

SNTP client addressing mode should be broadcast

Related Command

420

show sntp broadcastmode status Displays the SNTP broadcast mode status

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 11: SNTP

11.18

set sntp multicast-mode send-request

This command sets the status of sending the request for knowing the delay.

set sntp multicast-mode send-request {enabled | disabled}

Syntax
Description

enabled

When enabled the SNTP request packet is sent to


broadcast server to calculate the actual delay.

disabled

When disabled no SNTP request packet is sent out to


broadcast server instead default value for the delay is
taken.

Mode

SNTP Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

disabled

Example

iss(config-sntp)# set sntp multicast-mode send-request enabled

SNTP client addressing mode should be multicast

Related Command

show sntp multicastmode status Displays the SNTP multicast mode status

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

421

DATACOM SYSTEMS INC

VS-2024-F

11.19

set sntp multicast-poll-timeout

This command configures SNTP client poll interval in multicast mode.

set sntp multicast-poll-timeout [<value (1-30) seconds>]

Syntax
Description

value

Poll interval time out value in seconds in multicast mode

Mode

SNTP Configuration Mode

Package

Workgroup, Enterprise and Metro

Default

Example

iss(config-sntp# set sntp multicast-poll-timeout 10

SNTP client addressing mode should be multicast

Related Command

422

show sntp multicastmode status Displays the SNTP multicast mode status

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 11: SNTP

11.20

set sntp multicast-delay-time

This command configures SNTP delay time in multicast mode.

set sntp multicast-delay-time [<value (1000-15000) microseconds>]

Syntax
Description

value

Delay time value in micros seconds in multicast mode

Mode

SNTP Configuration Mode

Package

Workgroup, Enterprise and Metro

Default

8000

Example

iss(config-sntp)# set sntp multicast-delay-time 2000

SNTP client addressing mode should be multicast

Related Command

show sntp multicastmode status Displays the SNTP multicast mode status

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

423

DATACOM SYSTEMS INC

VS-2024-F

11.21

set sntp multicast-group-address

This command configures SNTP multicast group address.

set sntp multicast-group-address {ipv4 {<mcast_addr> | default} | ipv6


{<ipv6_addr> | default}}

Syntax
Description

ipv4, ipv6

Version4, Version 6 multicast group address

Mode

SNTP Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config-sntp)# set sntp multicast-group-address ipv4


224.1.1.10.

SNTP client addressing mode should be multicast

Related Command

424

show sntp multicastmode status Displays the SNTP multicast mode status

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 11: SNTP

11.22

set sntp anycast-poll-interval

This command configures SNTP client poll interval in anycast mode.

set sntp anycast-poll-interval [<value (16-16284) seconds>]

Syntax
Description

value

Poll interval value in seconds in anycast mode.

Mode

SNTP Configuration Mode

Package

Workgroup, Enterprise and Metro

Default

64

Example

iss(config-sntp)# set sntp anycast-poll-interval 20

SNTP client addressing mode should be anycast

Related Command

show sntp anycastmode status Displays the SNTP anycast mode status

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

425

DATACOM SYSTEMS INC

VS-2024-F

11.23

set sntp anycast-poll-timeout

This command configures SNTP client poll timeout in anycast mode.

set sntp anycast-poll-timeout [<value (1-30) seconds>]

Syntax
Description

value

Poll interval time out value in seconds in anycast mode

Mode

SNTP Configuration Mode

Package

Workgroup, Enterprise and Metro

Default

Example

iss(config-sntp)# set sntp anycast-poll-timeout 10

SNTP client addressing mode should be anycast

Related Command

426

show sntp anycastmode status Displays the SNTP anycast mode status

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 11: SNTP

11.24

set sntp anycast-poll-retry-count

This command configures SNTP poll retries in anycast mode.

set sntp anycast-poll-retry-count [<value (1-10)>]

Syntax
Description

value

Maximum retry poll count value in anycast mode

Mode

SNTP Configuration Mode

Package

Workgroup, Enterprise and Metro

Default

Example

iss(config-sntp)# set sntp anycast-poll-retry-count 5

SNTP client addressing mode should be anycast

Related Command

show sntp anycastmode status Displays the SNTP anycast mode status

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

427

DATACOM SYSTEMS INC

VS-2024-F

11.25

set sntp anycast-server

This command configures SNTP multicast or broadcast server address in anycast mode.

set sntp anycast-server { broadcast | multicast {ipv4 [<ipv4_addr>]


|ipv6 [<ip6_addr>]} }

Syntax
Description

broadcast

Configures SNTP broadcast server address in anycast


mode

multicast

Configures SNTP multicast server address in anycast


mode.

ipv4,ipv6

Version 4, Version 6

ipv4 addr, ip6


addr

Version 4/ Version 6 any cast address

Mode

SNTP Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config-sntp)# set sntp anycast-server ipv4 12.0.0.100

SNTP client addressing mode should be anycast

Related Command

428

show sntp anycastmode status Displays the SNTP anycast mode status

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 11: SNTP

11.26

show sntp clock

This command displays the current time.

show sntp clock

Mode

User EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show sntp clock


current time : Sat Jan

01 2000 00:07:04

(UTC +

0: 0 )

Related Command

Error! Reference source not found.: Displays the system date and time.

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

429

DATACOM SYSTEMS INC

VS-2024-F

11.27

show sntp status

This command displays SNTP status.

show sntp status

Mode

User EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show sntp status


sntp client is enabled
current sntp client version is v4
current sntp client addressing mode is unicast
sntp client port is 123
sntp client clock format is 24 hours
sntp client authenticatin key id is 5
sntp client authentication algorithm is md5
sntp client auth Key is DatacomSystems
sntp client time zone is

+ 05:30

sntp client dst start time is not set


sntp client dst end time is not set

Related Command

430

show sntp unicastmode status Displays the SNTP Unicast Mode status
ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.
CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 11: SNTP

show sntp broadcastmode status Displays the SNTP broadcast mode status

show sntp multicastmode status - Displays the SNTP multicast mode status

show sntp anycastmode status - Displays the SNTP anycast mode status

11.28

show sntp unicastmode status

This command displays the SNTP Unicast Mode status.

show sntp unicast-mode status

Mode

User EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show sntp unicast-mode status


auto discovery of sntp/ntp servers is disabled
unicast poll interval value is 50
unicast max poll time out value is 25
unicast max retry time value is 10
unicast primary server address is 12.0.0.100
unicast primary server version is 3
unicast primary server port is 1234

Related Command

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

431

DATACOM SYSTEMS INC

VS-2024-F

set sntp unicast-server auto-discovery - Configures SNTP client status of auto-discovery


of server

set sntp unicast-poll-interval - Configures SNTP client poll interval

set sntp unicast-max-poll-timeout - Configures SNTP client maximum poll interval timeout

set sntp unicast-max-poll-retry - Configures SNTP client maximum retry poll count

11.29

show sntp broadcastmode status

This command displays the SNTP broadcast mode status.

show sntp broadcast-mode status

Mode

User EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show sntp broadcast-mode status


send sntp request to server in broadcast mode is disabled
broadcast poll time out value is 5
broadcast delay time value is 8000
broadcast sntp server is 12.0.0.100

Related Command
432

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 11: SNTP

set sntp broadcast-mode send-request - Sets the status of sending the request for knowing
the delay

set sntp broadcast-poll-timeout - Configures SNTP client poll interval in broadcast mode

set sntp broadcast-delay-time - Configures SNTP delay time in broadcast mode

11.30

show sntp multicastmode status

This command displays the SNTP multicast mode status.

show sntp multicast-mode status

Mode

User EXEC Mode

Package

Workgroup, Enterprise and Metro

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

433

DATACOM SYSTEMS INC

VS-2024-F
Example

iss# show sntp multicast-mode status


send sntp request to server in multicast mode is disabled
multicast poll time out value is 5
multicast delay time value is 8000
multicast group address is 12.0.0.100

Related Command

set sntp multicast-mode send-request - Sets the status of sending the request for knowing
the delay

set sntp multicast-poll-timeout - Configures SNTP client poll interval in multicast mode

set sntp multicast-delay-time - Configures SNTP delay time in multicast mode

set sntp multicast-group-address - Configures SNTP multicast server address

11.31

show sntp anycastmode status

This command displays the SNTP anycast mode status.

show sntp anycast-mode status

434

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 11: SNTP
Mode

User EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show sntp anycast-mode status


anycast poll interval value is 64
anycast max poll time out value is 5
anycast max retry time value is 3
anycast server type is

broadcast

primary server address is 12.0.0.100

Related Command

set sntp anycast-poll-interval - Configures SNTP client poll interval in anycast mode

set sntp anycast-poll-timeout - Configures SNTP client poll timeout in anycast mode

set sntp anycast-poll-retry-count - Configures SNTP poll retries in anycast mode

11.32

debug sntp

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

435

DATACOM SYSTEMS INC

VS-2024-F

This command enables SNTP trace. The no form of the command disables the SNTP trace.

debug sntp {all | [init-shut] [mgmt] [data-path] [control] [pkt-dump]


[resource] [all-fail] [buff]}

no debug sntp {all | [init-shut] [mgmt] [data-path] [control] [pkt-dump]


[resource] [all-fail] [buff]}

Syntax
Description

init/shut

Initialization/ Shutdown messages

mgmt

Management Messages

data-path

Data Path Messages

control

Control Messages

pkt-dump

Packet Dump Messages

resource

Resource Messages

all-fail

All failure Messages

buff

Buffer Message

Mode

User EXEC Mode

Package

Workgroup, Enterprise and Metro

Defaults

Debugging is Disabled

Example

debug sntp all

436

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 12: RMON

Chapter

13
12.RMON
RMON (Remote Monitoring) is a standard monitoring specification5 that enables various network monitors
and console systems to exchange network-monitoring data.
The RMON specification defines a set of statistics and functions that can be exchanged between RMONcompliant console managers and network probes. As such, RMON provides network administrators with
comprehensive network-fault diagnosis, planning, and performance-tuning information.
The list of CLI commands for the configuration of RMON is as follows:

set rmon

rmon collection history

rmon collection stats

rmon event

rmon alarm

show rmon

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

437

DATACOM SYSTEMS INC

VS-2024-F

12.1 set rmon


This command is used to enable or disable the RMON feature.

set rmon {enable | disable}

Syntax
Description

enable

Enables the RMON feature in the system

disable

Disables the RMON feature in the system

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

The RMON Module is disabled by default

Example

iss(config)# set rmon enable

All the other RMON Module commands can be executed only when the RMON
Module is enabled. Fatal error messages are displayed when commands are
executed without enabling the RMON feature.

Related Command

show rmon - Successful execution of this command without any messages indicates that RMON feature
is enabled in the system

438

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 12: RMON

12.2 rmon collection history


This command enables history collection of interface statistics in the buckets for the specified time
interval. The no form of the command disables the history collection on the interface.

rmon collection history <index (1-65535)> [buckets <bucket-number (165535)>] [interval <seconds (1-3600)>] [owner <ownername (127)>]

no rmon collection history <index (1-65535)>

Syntax
Description

index

History table index

buckets

The maximum number of buckets desired for the RMON


collection history group of statistics

interval

The number of seconds in each polling cycle

owner

Optional field - allows the user to enter the name of the


owner of the RMON group of statistics

Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

bucket number

50

interval

1800 seconds

owner

monitor

Example

iss(config-if)# rmon collection history 1 buckets 2 interval 20

The RMON feature must be enabled for the successful execution of this
command.

The polling cycle is the bucket interval where the interface statistics details are
stored.

Related Command

show rmon - Displays the history collection for the configured bucket (show rmon history [history-index
(1-65535)>])

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

439

DATACOM SYSTEMS INC

VS-2024-F

12.3 rmon collection stats


This command enables RMON statistic collection on the interface. The no form of the command disables
RMON statistic collection on the interface.

rmon collection stats <index (1-65535)> [owner <ownername (127)>]

no rmon collection stats <index (1-65535)>

Syntax
Description

index

Statistics table index

owner

Optional field - allows the user to enter the name of the


owner of the RMON group of statistics with a string
length of 127

Mode

Interface Configuration Mode

Package

Workgroup, Enterprise and Metro

Defaults

owner

Example

iss(config-if)#

monitor

rmon collection stats 1

The RMON feature must be enabled for the successful execution of this command.

Related Command

show rmon - Displays the RMON collection statistics (show rmon statistics [<stats-index (1-65535)>])

440

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 12: RMON

12.4 rmon event


This command adds an event to the RMON event table. The added event is associated with an RMON
event number. The no form of the command deletes an event from the RMON event table.

rmon event <number (1-65535)> [description <event-description (127)>]


[log] [owner <ownername (127)>] [trap <community (127)>]

no rmon event <number (1-65535)>

Syntax
Description

number

Event number

description

Description of the event

log

Used to generate a log entry

owner

Owner of the event

trap

Used to generate a trap. The SNMP community string


is to be passed for the specified trap.

Mode

Global Configuration Mode

Package

Workgroup, Enterprise and Metro

Example

iss(config)# rmon event 1 log owner DatacomSystems trap


NETMAN

The RMON feature must be enabled for the successful execution of this command.

Related Commands

rmon alarm - Sets an alarm on a MIB object

show rmon events - Displays the RMON events

show rmon alarms - Displays the RMON alarms

show snmp community - Configures the SNMP community details

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

441

DATACOM SYSTEMS INC

VS-2024-F

12.5 rmon alarm


This command sets an alarm on a MIB object. The Alarm group periodically takes statistical samples from
variables in the probe and compares them to thresholds that have been configured. The no form of the
command deletes the alarm configured on the MIB object.

rmon alarm <alarm-number> <mib-object-id (255)> <sample-interval-time


(1-65535)> {absolute | delta} rising-threshold <value (0-2147483647)>
[rising-event-number (1-65535)] falling-threshold <value (0-2147483647)>
[falling-event-number (1-65535)] [owner <ownername (127)>]

no rmon alarm <number (1-65535)>

Syntax
Description

alarmnumber

Alarm Number. This value ranges between 1 and 65535.

mib-objectid

The mib object identifier

sampleintervaltime

Time in seconds during which the alarm monitors the MIB


variable. This value ranges between 1 and 65535
seconds.

absolute

Used to test each mib variable directly

delta
risingthreshold

A number at which the alarm is triggered. This value


ranges between 0 and 2147483647.

fallingthreshold
value

A number at which the alarm is reset. This value ranges


between 0 and 2147483647.

risingeventnumber

The event number to trigger when the rising threshold


exceeds its limit. This value ranges between 1 and 65535.

fallingeventnumber

owner
Mode

442

Used to test the change between samples of a variable

This feature is optional only in the code using the


industrial standard command, otherwise this feature
is mandatory.
The event number to trigger when the falling threshold
exceeds its limit. This value ranges between 1 and 65535.
This feature is optional only in the code using the
industrial standard command, otherwise this feature
is mandatory.
Owner of the alarm

Global Configuration Mode

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 12: RMON
Package

Workgroup, Enterprise and Metro

Defaults

By default, the least event number in the event table is assigned for the rising and
falling threshold as its event number.

Example

iss(config)# rmon alarm 4


1.3.6.1.6.3.16.1.2.1.4.1.4.110.111.110.101 2 absolute risingthreshold 2 2 falling-threshold 1 2 owner DatacomSystems

The RMON Feature must be enabled for the successful execution of this command

RMON events must have been configured

In DatacomSystems ISS, we cannot monitor all the mib objects through RMON.
This will be applicable only to the Ethernet interfaces

Falling threshold should be less than rising threshold.

Related Commands

rmon collection stats - Enables RMON statistic collection on the interface

rmon event - Adds an event to the RMON event table

show rmon alarms - Displays the RMON alarms

show rmon events - Displays the RMON events

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

443

DATACOM SYSTEMS INC

VS-2024-F

12.6 show rmon


This command displays the RMON statistics, alarms, events, and history configured on the interface.

show rmon [statistics [<stats-index (1-65535)>]]


[history [history-index (1-65535)] [overview]]

Syntax
Description

[alarms]

statistics

The configured stats index value

alarms

The configured alarm

events

The configured event

history

The configured history index

overview

Displays only the overview of rmon history entries

Mode

Privileged EXEC Mode

Package

Workgroup, Enterprise and Metro

Example

iss# show rmon

[events]

statistics 2

RMON is enabled
Collection 2 on Gi0/2 is active, and owned by fsoft,
Monitors ifEntry.1.2 which has
Received 1240 octets, 10 packets,
2 broadcast and 10 multicast packets,
0 undersized and 1 oversized packets,
0 fragments and 0 jabbers,
0 CRC alignment errors and 0 collisions.
# of packets received of length (in octets):
444

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 12: RMON

64: 0, 65-127: 10, 128-255: 0,


256-511: 0, 512-1023: 0, 1024-1518: 0

iss# show rmon


RMON is enabled

iss# show rmon history


RMON is enabled
Entry 1 is active,

and owned by fsoft

Monitors ifEntry.1.1 every 3000 second(s)


Requested # of time intervals, ie buckets, is 3,
Granted # of time intervals, ie buckets, is 3,
Sample 1 began measuring at 0
Received 0 octets, 0 packets,
0 broadcast and 0 multicast packets,
0 undersized and 0 oversized packets,
0 fragments and 0 jabbers,
0 CRC alignment errors and 0 collisions,
# of dropped packet events is 0
Network utilization is estimated at 0
Sample 2 began measuring at 0
Received 0 octets, 0 packets,
0 broadcast and 0 multicast packets,
0 undersized and 0 oversized packets,
0 fragments and 0 jabbers,
0 CRC alignment errors and 0 collisions,
# of dropped packet events is 0
Network utilization is estimated at 0

iss# show rmon events


RMON is enabled

Event 1 is active, owned by

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

445

DATACOM SYSTEMS INC

VS-2024-F

Description is
Event firing causes nothing,
Time last sent is Aug 27 18:30:01 2009

Event 2 is active, owned by


Description is
Event firing causes nothing,
Time last sent is Aug 27 18:31:36 2009

iss# show rmon alarms


RMON is enabled
Alarm 4 is active,

owned by DatacomSystems

Monitors 1.3.6.1.6.3.16.1.2.1.4.1.4.110.111.110.101 every 2


second(s)
Taking absolute samples, last value was 3
Rising threshold is 2, assigned to event 2
Falling threshold is 1, assigned to event 2
On startup enable rising or falling alarm

iss# show rmon statistics 2 alarms events

history 1

RMON is enabled
Collection 2 on Ex0/1 is active, and owned by monitor,
Monitors ifEntry.1.1 which has
Received 5194 octets, 53 packets,
0 broadcast and 0 multicast packets,
0 undersized and 0 oversized packets,
0 fragments and 0 jabbers,
53 CRC alignment errors and 0 collisions.
# of packets received of length (in octets):
64: 0, 65-127: 53, 128-255: 0,
256-511: 0, 512-1023: 0, 1024-1518: 0
Alarm 4 is active,

owned by DatacomSystems

Monitors 1.3.6.1.6.3.16.1.2.1.4.1.4.110.111.110.101 every 2


second(s)

446

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.


CONFIDENTIAL

DATACOM SYSTEMS INC


CHAPTER 12: RMON

Taking absolute samples, last value was 3


Rising threshold is 2, assigned to event 2
Falling threshold is 1, assigned to event 2
On startup enable rising or falling alarm

Event 1 is active, owned by


Description is
Event firing causes nothing,
Time last sent is Aug 27 18:30:01 2009

Event 2 is active, owned by


Description is
Event firing causes nothing,
Time last sent is Aug 27 18:31:36 2009

iss# show rmon history overview


RMON is enabled
Entry 1 is active,

and owned by fsoft

Monitors ifEntry.1.1 every 3000 second(s)


Requested # of time intervals, ie buckets, is 3,
Granted # of time intervals, ie buckets, is 3

If the show rmon command is executed with out enabling the RMON feature,
then the following output is displayed
iss# show rmon
RMON feature is disabled

Related Commands

set rmon - Enables or disables the RMON feature

rmon collection history - Enables history collection of interface statistics in the buckets for the
specified time interval

rmon collection stats - Enables RMON statistic collection on the interface

rmon event - Adds an event to the RMON event table

rmon alarm - Sets an alarm on a MIB object

CLI USER MANUAL


DATACOM SYSTEMS CONFIDENTIAL

447